Mikrotik: RouterOS v6.11 rilasciato

Il 20 marzo 2014 Mikrotik ha rilasciato la versione 6.11 del suo sistema operativo per router (RouterOS), le nuove funzionalità aggiunge/rimosse sono:

  • ipsec – fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
  • wireless – add auto frequency feature;
  • ovpn – fixed TLS renegotiation;
  • ovpn – make bridge mode work with big packets (do not leave extraneous padding);
  • ovpn – fixed require-client-certifcate;
  • ppp – revert RADIUS NAS-Port behaviour, report tunnel interface id;
  • ppp – mppe encryption together with mrru locked the router;
  • dhcp – added support for DHCP option 138 – list of CAPWAP IPv4 servers;
  • quickset – added Guest Network setup to Home AP mode;
  • console – no longer required to supply value of ‘/routing bgp instance vrf’ property ‘instance’ for ‘add’ command;
  • ethernet – added option to enable rx/tx flow control (will be disabled by default);
  • ethernet – added ability to specify advertised modes for copper ports;
  • fixed 100% cpu usage on CCRs;
  • ssl – not finding CRL in local store for any certificate in trust chain will cause connection to fail;
  • lte – support for Huawei ME609 and ME909u-521;

L’aggiornamento è scaricabile gratuitamente, se la licenza in possesso lo consente, dal seguente link (http://www.mikrotik.com/download).

Windows Powershell: Execution Policies

Eseguendo uno script PowerShell in un computer che esegue Windows 8/8.1 o Windows Server 2012 si riceve l’errore seguente e lo script non viene eseguito.

.\WSUS_CleanUp.ps1 : File C:\Temp\WSUS_CleanUp.ps1 cannot be loaded because running scripts is disabled on this
system. For more information, see about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\WSUS_CleanUp.ps1
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

Questo perchè di default le Execution Policies sono impostate su Restricted.

Le possibili opzioni per la policy sono:

  • Restricted
    • Default execution policy in Windows 8, Windows Server 2012, and Windows 8.1.
    • Permits individual commands, but will not run scripts.
    • Prevents running of all script files, including formatting and configuration files (.ps1xml), module script files (.psm1), and Windows PowerShell profiles (.ps1).
  • AllSigned
    • Scripts can run.
    • Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.
    • Prompts you before running scripts from publishers that you have not yet classified as trusted or untrusted.
    • Risks running signed, but malicious, scripts.
  • RemoteSigned
    • Scripts can run. This is the default execution policy in Windows Server 2012 R2.
    • Requires a digital signature from a trusted publisher on scripts and configuration files that are downloaded from the Internet (including e-mail and instant messaging programs).
    • Does not require digital signatures on scripts that  you have written on the local computer (not downloaded from the Internet).
    • Runs scripts that are downloaded from the Internet and not signed, if the scripts are unblocked, such as by using the Unblock-File cmdlet.
    • Risks running unsigned scripts from sources other than the Internet and signed, but malicious, scripts.
  • Unrestricted
    • Unsigned scripts can run. (This risks running malicious scripts.)
    • Warns the user before running srcipts and configuration files that are downloaded from the Internet. 
  • Bypass
    • Nothing is blocked and there are no warnings or prompts.
    • This execution policy is designed for configurations in which a Windows PowerShell script is built in to a larger application or for configurations in which Windows PowerShell is the foundation for a program that has its own security model.
  • Undefined
    • There is no execution policy set in the current scope.
    • If the execution policy in all scopes is Undefined, the effective execution policy is Restricted, which is the default execution policy.

Per visualizzare la policy attualmente impostata si può usare il comando Get-ExecutionPolicy:

PS C:\Temp> Get-ExecutionPolicy
Restricted

Per modificare il valore della policy si possono percorrere due strade: direttamente da PowerShell o tramite Group Policy Object (GPO).

PowerShell

Per modificare l’impostazione della policy è necessario usare il comando Set-ExecutionPolicy, indicando semplicemente come parametro una delle policy disponibili e rispondendo Yes alla richiesta di conferma.

Ad esempio per impostare la policy ad Unrestricted il comando è:
Set-ExecutionPolicy Unrestricted:

image

Group Policy Object (GPO)

Come prima cosa è necessario scaricate l’Administrative Templates for Windows PowerShell da questo indirizzo ed installarlo, oppure scaricare il file PowerShellExecutionPolicy.7z direttamente da qui.

Una volta estratto il file ed importato nel Group Policy Management Editor, sarà visibile la Policy necessaria all’interno dell’alberatura:

image

Per permettere l’esecuzione di tutti gli script PowerShell impostare la policy ad Enabled ed Allow all scripts.

image

Una volta applicata la policy, o forzata tramite il comando gpudate, testando di nuovo l’impostazione si otterrà:

PS C:\Temp> Get-ExecutionPolicy
Unrestricted

Allora stesso modo si possono impostare gli altri valori possibili.