This article is more than 1 year old
Ah, I see you found my PowerShell script called 'SiteReview' – that does not mean what you think it means
It's certainly not for that
Who, Me? Updated
Hi there, Reddit. The following tale appeared on Reddit some months ago, and the original poster then submitted it to us with some extra detail. Usually, while we're verifying submitted stories, we check that the yarns haven't been published elsewhere, and in this case we simply forgot to. The OP confirmed here that they posted it to Reddit and then submitted it to El Reg. Stolen content, this ain't – ed.
Monday is upon us, the weekend is receding, and the rest of the week is stretching out into an unbroken chain of managerial mayhem. Take a moment to watch a newly minted member of management come unstuck in today's Who, Me?
"Your stupid PowerShell script is broken" was the subject of an email that marked the beginning of the brief relationship between our hero, "Vincenzo" (not his name), and a newly hired manager. The newbie had already gained a reputation as being "difficult", but Vincenzo had yet to make a judgement. Right up until the shouty email arrived, cc'ed to pretty much every bigwig in the company.
A top priority ticket was swiftly opened to deal with the shoutiness.
Vincenzo couldn't understand what his innocuous bit of PowerShell script had done to cause such an outburst. PowerShell is, after all, a handy tool for admins seeking to automate tasks. This script, called "SiteReview
", was an example of the breed: "You type in your email address and the internal AD [Active Directory] OU [Organisation Unit] site you wanted queried," he told us, "and it sends you the group member list of the AD Groups in that site via email."
Pretty simple stuff, and used by the company's security auditors to ensure the right accounts were in the right OUs. Vincenzo hadn't bothered with a readme – those who needed to use it were trained on its use; it was just a handy bit of script.
It was also lurking in a folder available to the company's management, which was our hero's downfall.
He shared the prompts as they appeared in the PowerShell window:
**** Site Review v1.02 ****
**** In case of issues contact [Vincenzo's name and email] ****
Email:
Site:
Again, pretty simple stuff. However, the email was of the very angry type. We imagine an awful lot of capitalisation was involved:
"The email," recalled Vincenzo, "said that this manager could not get 'any usable output' from my script then went on to berate me for 'wasting their time' with 'such unproductive software'."
- One good deed leads to a storm in an Exchange Server
- Hmmmmm, how to cool that overheating CPU, if only there was a solution...
- Updating in production, like a boss
- Do you come from a land Down Under? Where diesel's low and techies blunder
Vincenzo was taken aback. The script had been used without complaint once a quarter for the past three years. Dutifully, he began looking into the problem, starting with the log files. Yes, a readme might have been too much effort but, like all good IT pros, he had ensured logging existed to dump the results into a folder accessible by IT.
He opened up the .log file to see what had enraged the manager so.
"The first part of the SiteReview.log file was typical," he told us, "my early tests and past security output; so I slid down to the more recent time/date stamps…"
This is what he found:
Email: [Manager's email]
Site: [hardcore pr0n]
Error message: "Get-ADSite : Directory Object not found..."
Email: [Manager's email]
Site: [hardcore pr0n]
Error message: "Get-ADSite : Directory Object not found..."
Email: [Manager's email]
Site: [hardcore pr0n]
Error message: "Get-ADSite : Directory Object not found..."
Email: [Manager's email]
Site: [hardcore pr0n]
Error message: "Get-ADSite : Directory Object not found..."
And so it went on. There were another 22 entries and four distinct sites of the most distressing smut listed.
Vincenzo's boss swung by his desk for an update on the investigation. Our hero merely arched an eyebrow and forwarded on the log. Shortly thereafter he was told to close the ticket and "not to worry about it."
So what happened? Vincenzo's best guess was that manager was seeking the best-reviewed sites of salaciousness, but why Captain Terse should think there was a handy script on company servers to do just that thing is anyone's guess.
The sender of the shouty email never did complete his probation. Trying to access a grumble flick on company time (and company hardware) was likely a career-limiting move. As, we hope, was yelling at the support staff when one's desires were dashed.
We're almost afraid to ask, but have you ever come across a manager's secret stash? Or been the one to look at the logs and seen things you can't unsee? Tell all with an email to Who, Me? ®