Learning PowerShell with Kiran …… day two

Getting help

Powershell is an excellent tool in that, all the required documentation is built into the shell itself. You do not have reference and developer documentation etc., as you do a lot with vbscript.

help <cmdlet or alias>

will give you the needed help required with the syntax. If you need a more detailed help explaining all the options or examples, then just use the switch –detailed or –full

help <cmdlet or alias> –full

help <cmdlet or alias> –detailed

eg: help <Get-ChildItem> –full

Help feature also supports wildcards. ie., if you are looking for a cmdlet to stop a process, then you could simply “help *process* ” as shown below:

from the above, it is relatively easy to figure out that, “Stop-Process” is the cmdlet, you can use to stop a process. Quite powerful isn’t it.

Working with Aliases

Using Aliases instead of cmdlets is convenient. ‘causing typing long cmdlet names is not only cumbersome, its also prone to mistakes, and you easily get frustrated if you use them regularly. So, to keep your sanity, PowerShell provides the alias feature. If you are from the *nix world, then you already know what alias is. Aliases can be used to call the cmdlets with shorter names for convenience instead of using their full cmdlet names.

dir, ls, copy, cd are system assigned aliases for Get-ChildItem, Copy-Item, and Set-Location. PS has many more aliases and to list them, you can use the command…..wait, how can we find out what command do we use…let’s try using help here.

Looking at the output, I am tempted to try “Get-Alias”

That’s it. That how we explore the power of PS.

If I want to know the available aliases for Get-ChildItem, then I have to look at help to see all the option and switches provided by the cmdlet.

PS> help Get-Alias –full

shows this interesting example

 

Exactly what we need. Now let’s try that.

Understanding the above command in its simplest form(don’t get hung up on the functions, neither will I), its piping the output of the get-alias command and filtering out only the data where “Get-ChildItem” exists in Column “Definition”. Awesome…. Now this means, that PS also supports piping.

You can create your own aliases using the “New-Alias” command option. We have seen this in the second screenshot (help *alias*). The command syntax can be obtained by looking up help on New-Alias.

In its simplest form, you can use the command as below:

PS> New-Alias –name d –value GetChildItem

or

You could also specify it as below:

PS> New-Alias d GetChildItem

‘cause PS does not require you to specify the positional parameter name, if its specified in the right order. ie., in this case the first parameter that New-Alias takes is “-name” and the second parameter that it takes is “-value”. As long as we have the right values in the right order, PS will interpret them properly.

To check if the command worked, lets retry the get-alias command using where_object filtering:

Yes, “d” does show up as an alias. Lets run the command:

Delete an Alias

I’m not sure if you remember the screenshot from Day One, which reveals that Alias is also loaded as a PSDrive. which means I can also get a list of aliases by issuing a “Get-ChildItem” or “dir” against it as shown below:

which also will probably allow me to use “Remove-Item” to remove any alias that I do not need. Let’s try it.

Yup. That worked.

Finding the required cmdlet

In the beginning of this post, we used “help” command to search for required cmdlets. This is only looking at the documented help topics to get you the required information. If there are cmdlets that are not documented, then you would not find them. To find any cmdlet, you should ideally use the “Get-Command”.

Just issuing “Get-Command” by itself will list all the available cmdlets in the shell.

To understand the syntax of Get-Command let’s run “help Get-Command”

Notice the “-verb” and “-noun” parameters. This is what makes Get-Command powerful and useful in searching cmdlets. Remember on Day One we talked about how PS uses verb-singularnoun convention to name all its cmdlets. The power of doing so is revealed now.

eg: you want to look for a process on your machine and kill it, and we obviously do not know the cmdlet to do that. So lets use Get-Command to achieve this. Since we want to look at process let’s ask for all command lets that match the noun process.

So, we have two choices with processes. “Get-Process” and “Stop-Process”. See how powerful and easy it makes finding cmdlets. In addition to this the parameters support wildcards too as shown below

PS Snap-ins

Cmdlets themselves are packaged in snap-ins. Each snap-in adds additional functionality and cmdlets to the shell. Very much like mmc snap-ins. The cmdlets used to manage snap-ins can be found by using the Get-Command described above.

 

We can make an educated guess, that Add-PSSnapin is to add new Snap-ins and Remove-PSSnapin is to remove Snap-ins from the shell. Get-PSSnapin is probably used to get details about a Snap-in. Let’s check.

As evident, running Get-PSSnapin, when run by itself, lists all the available snap-ins on this computer. We also notice that it can used to search for a particular snap-in using the –name parameter, which also accepts wildcards. In this case, we tried to look for any snap-in that has the word “Utility” in it.

To see available cmdlets in a snap-in, we may have to look at Get-Command cmdlet’s syntax more closely.

oh, wait, yes, Get-Command takes –pSSnapIn as an argument. Wonderful. Let’s try that:

Free Anti-SPAM Gateway (MailCleaner)

 

There are one too many options when it comes to using a Unix Email Gateway. Some complicated to install and manage, and some do not provide all the needed features. Hands-down MailScanner is one of the best Anti-SPAM engines out there. But it does not have a built-in web GUI. There is one web GUI available for people who want to check out MailScanner in its true form, MailWatch. But even Mailwatch leaves a lot to be desired out of a SPAM interface and end-user interface. Before you Mailwatch fans flame me out, I will admit that Mailwatch has been the leading UI to work MailScanner, and I personally used it for a long time, i.e., before I laid my hands on MAILCLEANER.

MAILCLEANER is simply one of the best open-source SPAM gateways available out there. It is offered as a complete solution. Its an out-of-the-box solution, that can be used as a virtual image or installed on to a server. The author of MailCleaner does a good job of answering questions on the forums, though the updates are not as often as you would like them to be.

You can download the install set from the product’s main open-source site MailCleaner. If you can afford it, the author also has a commercial offering here.

As known universally, its never a good idea to expose your organization’s primary email server to the Internet directly. Yes, even if its just port 25. ‘cause if you ever become the victim of a comprise which results in a Denial-Of-Service of the server or the server crashes, then:

a) incoming email capability is lost (no incoming emails/communication, from clients, vendors, customers and prospects)

b) outgoing email capability is lost (no outgoing emails/communication to clients, vendors, customers and prospects)

c) all internal email communication is also lost.

A typical deployment scenario for this would be like below:

 

 

 

OR

 

 

Yes, MailCleaner can only be used as an incoming email/SPAM gateway, which is adequate and suffices most of the small/medium size business requirements.

Installation is pretty straight forward, pop the CD in and boot.

Selecting the highlighted option will erase all disks on your system and install Mailcleaner. The installation itself is completely automated, and requires no user interaction. Once the distribution is installed, you can login using the default credentials below:

user: root

passwd: def

As always it is highly advisable to change the default password immediately on login. You can change that using the command below:

# passwd

After you change the password, the first thing you want to do is change the keymap, ‘cause the default keymap for MailCleaner is French. This could get tricky ‘cause the “/” key is located above “7”. So if you wanted to type in a forward slash “/”, then you would type in “Shift +7”. Also the keys for “y” and “z” are interchanged, in the french layout.

To change the keymap you have to issue the command below (for US keymap):

# loadkeys /usr/share/keymaps/i386/qwerty/us.kmap.gz

remember to use “Shift+7” for “/” and “z” for “y” and “y” for “z”

To make this change permanent, you have to copy the file /etc/console/boottime.kmap.gz as below:

# cp /usr/shar/keymaps/i386/qwerty/us.kmap.gz /etc/console/boottime.kmap.gz

The default IP address of MailCleaner is as below:

to change the default IP and assign your own static IP (Yes, you should assign it a static address, assigning a DHCP is a bad bad idea), you have two options

i) run the ip_configurator script in the system as below:

# /root/bin/ip_configurator

 

 

ii)you have to edit /etc/network/interfaces file and change the entries. To do that type in the below command:

# nano /etc/network/interfaces

 

Now you are ready to run the MailCleaner install set. To start the installation type in the below command, and follow through the various prompts. Defaults will suffice for the most part. You may customize it if you choose:

# /root/mailcleaner_install.sh

Host ID has to be “1” if this is the first mailcleaner server in the network. And the final option

“process with an interactive installation (y/N): N

The answer should be “N” for first time installers, otherwise you will get errors and the installation will fail. After answering “N”, mailcleaner install script will go ahead and build a bunch of modules and dependencies. This will take a while depending on your system. One done. go ahead and visit the webpage of mailcleaner

/admin">/admin">http://<hostname>/admin

or

/admin">/admin">http://<IPaddressOfYourMailcleanerServer>/admin and login using the admin account and the password you configured in the previous install step

 

 

Configuration aspects of MailCleaner coming up soon…….

 

LiveJournal Tags: opensource spam gateway,free antispam,free spambuster,free anti-spam,exchange,exchange email gateway,free email gateway,spam gateway,mailcleaner,front-end for MailScanner,Mailscanner GUI,web gui for mailscanner,unix email gateway,email gateway for exchange 2003 or 2007,mailcleaner how to,mailcleaner howto,install

Running Windows XP as non-admin

 

Running Windows XP as the non-admin is one of the primary safeguards you can take to protect yourself. Remove your active user account from administrator group and the Power User group, or create a normal user account and start using that account instead. Always make the regular user account member of Network Operators group. This will enable them to change their network setting like IP address and gateway etc.,

It is relatively easy to upgrade your privileges to an admin account in order to install software or run any other administrative tasks if required.  The simplest form of this is to run a command prompt as administrator and run all your administrative tasks from that command window.

c:\> runas /user:administrator cmd.exe

This will open up a command prompt and ask you for the password of the local user account “administrator”. Provide that and if successful, it will launch a plain old command prompt console. From here you can launch or perform most of the administrative tasks including install new softwares, IE plugin’s etc., The command to launch most common applications are listed below:

Task

TASK	Command
Add/Remove programs	appwiz.cpl
Administrative Tools	control admintools
Computer Management	compmtmt.msc
Date & Time	timedate.cpl
Device Manager	devmgmt.msc
Display properties	desk.cpl
Event Viewer	eventvwr.msc
Internet Properties	inetcpl.cpl
Local Users and Groups	lusrmgr.msc
Mouse properties	main.cpl
Network Connections	ncpa.cpl
Power configuration	powercfg.cpl
Printers And Faxes	control printers
Registry editor	regedit
Scheduled Tasks	control schedtasks
Services	services.msc
Sound and Audio settings	mmsys.cpl
System Properties	sysdm.cpl
Windows Task Manager	taskmgr
Windows Firewall Settings	firewall.cpl

Some commands useful in XP professional or windows domain env. are as below

TASK	Command
Group Policy Editor	gpedit.msc
Computer Managment	compmgmt.msc
Security Center	wscui.cpl
Group policy update	gpupdate
Disk Management	diskmgmt.msc

 

But before you launch any applications, you should make a registry edit, to change the value of HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Separate Process value to “1”. To do so, launch the command prompt as the administrator using the command below:

Now in the command prompt, type in regedit. This will openup registry editor for you. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, and change the registry key “SeparateProcess” value to “1” as shown below":

Without the registry entry, more than half the commands listed will fail, or will produce no output.

 

You can right-click on any executable and select “Run as” option as shown below, to launch an installation or any executable:

You will not be able to do the same with MSI install packages. You will have to launch a command prompt as administrator, navigate to the location of the MSI installer package and execute it from there.

And, yes your observation is correct. I customized my administrator command window to look different. It is fairly easy to do so with cmd.exe extensions. I have a shortcut made on my desktop to launch the command prompt as administrator. The shortcut is as below:

%windir%\system32\runas.exe /user:administrator "cmd.exe /k  cd c:\ && color f5 && title *****Local Admin console *****"

I also have a shortcut key assigned, enabling me to launch the administrator command window, from my keyboard. In my case, I have it as Ctrl + Alt + L.

There are couple of limitations as to what you can and what you cannot do with this administrator command prompt window. One major drawback is that you cannot launch Windows Update from this window. But this draw back is easily overcome by adjusting your windows update parameters in control panel to update automatically.

You can Launch Windows Explorer as administrator by typing in “Explorer” in the command window

You can launch IE as an administrator (useful, when you have to update adobe flash plugin etc.,) by typing the complete path to IE as shown below:

There are a lot of tasks you can perform using the windows command prompt launched as the administrator. Running as a limited user will help you stay safe, and the “Run as” options listed above will ensure that you do not miss the functionality either.

Using Windows XP safely – Defend against spyware and virus

Keeping Windows Safe and Protect against Spyware and Malware

 

How can I stay virus-free or malware/spyware free, without disconnecting myself from the world. This is a question I get a lot from friends and family a lot. Windows XP puts a lot of power in the hands of the user and we quite often forget the capabilities and the powerful credentials which we use, until we get infected by a spyware or virus. My personal experience has been that, most of the anti-viruses or anti-spyware tools fall short to some extent, some greater than the other. The most commerical anti-virus programs are the ones that are the worst protectors in most of the cases. Also, as users we often find that we do not update the signatures as often as required, and we do not even update the operating system and the tens and hundreds of softwares and drivers we use on our systems.

An average computer uses atleast 30-40 different drivers on his machine. Almost all of these drivers run as the system user, the highest possible privilege that an any process can run as. The system account has unchallenged power/privilege on the system. An unpatched machine may have known vulnerabilities viz., buffer overflows, which can be targeted for an attack, and exploited.  A process that has been compromised using these exploits can alter user experience dramatically, without the active user's knowledge. In most cases, a spyware process running as the system user account can spawn new threads, or even new processes, can attach itself to any other process it needs to and can most definitely hide itself from the process list thereby totally evading detection from the trained eye. Most importantly it can disable any anti-virus or anti-spyware programs from either starting or alter their behavior such that they do not update themselves or report any problems ever.

There are umpteen number of attack vectors that an average computer user or a casual Internet user may not know of or even understand or comprehend. Technology has advanced so much and it has made computing and computer interaction totally seamless for the end-user, be it for business applications, social networking or casual browsing. The complexity of the software architecture and networking technologies behind keeping everything running has to be seamless for the advent and adoption of computers, Internet and its related technologies.

But luckily, its relatively easy to stay safe in this big bad world of Internet. And best of all, it doesn't have to cost you anything.

I'll list down the safe measures that I recommend and follow. Based, on my experience, this has helped a lot of computers stay safe and relatively unaffected by most epidemics.

a) Never use your computer/system as an administrator or any user with administrative privileges. This includes Power User privileges. The default account most people use on their windows XP home computers is an administrator. This leaves the user open to spyware/malware and virus attacks. I have a whole blog about running as a non-admin user here.

b) Inspite of the weaknesses I mentioned above, you should always use an anti-virus and anti-malware. For Anti virus, I recommend Avira. Its not memory intensive or processor intensive, and has one of the best protections around for the price (free). I recommend it over anti-virus programs such as symantec, mcafee or AVG. Spyware Doctor, which also comes as part of Google Pack, offers the best free protection from spyware available in the market today. The basic version/free version does not protect you in real-time, but if you follow all the steps in this blog, then you can still be safe without real-time protection.

c) Ditch IE as your browser. I agree that IE is one of the most easiest, and most user-friendly browser to use. But its also one of the most targeted browser for attacks. Try firefox. Firefox has some nifty add-ons that make it one of the best versatile browser in the market today. Using firefox with Adblock, and NoScript addons protects you from dangerous popups and scripts that can get you infected. NoScript publishers update thier software very often to protect against new spyware and malware infection techniques. A how to on adding these addons and using them in real world is detailed here.

d) Update Often. Configure your windows to update as soon as possible. Windows Update system is one of the best update tools available out there. Configure it to automatically download updates in the background and install security updates immediately. Since this will run as a service and do all the work for you in the background, you don't have to login as an admin to update your system.

e) Check for latest updates on any 3rd party softwares and update them too.

f) Due diligence is also one of the most important factor in keeping your system safe. The weakest link in system security is the end-user.

  1. Always use a complex, non-dictionary based password to protect your computer.
  2. Don't create or use any user account without a password assigned to it.
  3. Keep changing your passwords often, atleast once every 90 days.
  4. Don't visit sites you have no business going to, and these include clicking on funny video links in your emails, or any celebrity naked pictures links   sent by unknown people or even friends and family. Internet Porn and online videos are the leading sources of spreading spyware/malware or viruses.
  5. Don't fall for fraudulent emails a.k.a phishing attacks. Never click on any link received in an email. There is hardly any easy way for the end user to know that he is being directed to the correct website. If you need to go to Paypal or bank sites or any other site, type in the website URL in the browser yourself. Your financial or social institutions will never email you asking you to check back into the site using a link, to verify your username or anything.
  6. Be vigilant. I has known one too many users who just clicked on some pop-up windows or message popups, thereby allowing themselves to be willing infected. Its one of the easiest mistakes to do, and the most fatal too. So be vigilant and careful about what you are clicking on. A moment of patience, will save you hours of frustration and couple of hundred dollars in trying to get your computer fixed.

Learning PowerShell With Me ..

Day one

What is Powershell ?

Install Powershell

You have to download and install Powershell for windows XP and Vista, but its included in Windows 2008 and windows 7 by default. You just have to enable the feature in Windows 2008.

Lets Begin

start the powershell prompt.

A powershell prompt looks very much like a windows command prompt and almost all of the windows commands work well in the powershell command window with a few exceptions. For all of you unix lovers and that includes me, most of the unix commands work well inside powershell too.

Lets start with Dir

Dir command without any switches works exactly the same way it would in a command prompt.

Dir c:

but wait Dir c:\program files will not work without the quotes surrounding it, 'cause powershell treats “space” as the delimiter between command and its parameters. So, you should surrounding your path with quotes, to enable powershell to see the whole path properly

dir “c:\program files”

Powershell comes with a ton of help, that is readily accessible by using help <commandname>. The help context also supports wildcards.

Help <commandname> -full

will give you a very detailed explanation of the command with examples too.

Type in help dir

did you notice that the actual command is called Get-ChildItem. And it provides a bunch of parameter options like -recurse etc., This leads me to believe that “dir” or “ls” are probably aliases for the command Get-ChildItem. I'll probably find out as i go. Personally, i would think its better to stick with the actual cmdlets (yes, these commands are implemented as scripts called cmdlets), than with the aliases, 'cause it will help you get acquainted with the cmdlets and understand the code better as we move on, atleast for the duration of learning powershell. Once you get into actual implementation in real life, its up to. As for me, I'm going to stick with the cmdlets.

So to list a directory:

Get-ChildItem c:\perflogs

or

Get-ChildItem “c:\program files”

to recursively display a folder content

Get-ChildItem -recurse “c:\program files”

gives a long listing, use Ctrl +C, looks like that works in powershell as “Break” too.

PowerShell has the unique ability to navigate an hierarchical structure just like a file system viz., registry or active directory or storage systems. This is awesome, so you could navigate registry like below:

Get-ChildItem HKCU:

will list out the contents of HKEY_CURRENT_USER

Guess what the below command does:

Get-ChildItem HKCU: -recurse

you could also change your current location into the registry viz., below:

cd HKLM:\Software

or Set-Location HKLM:\Software
(yes, “cd” is the alias for cmdlet “Set-Location”, as i said, I'm going to stick with cmdlet names instead of aliases)

Same thing can be applied to Environment Variables also. Eg:

Set-Location ENV:

Get-ChildItem ENV:

Get-ChildItem ENV:\systemroot

Copy Items

“Copy” is another most used dos command. And the it works the same in powershell too. “Copy” is an alias for cmdlet “Copy-Item”.

Help Copy

or

Help Copy-Item

will reveal all the switches available for the cmdlet. Most commonly use switch would probably be “-recurse”

Delete Items

RD, Del or rm will work exactly as expected, but the underlying cmdlet for all this is “Remove-Item”

you could use rd or del or rm to achieve the same result eg:

rd c:\temp\test.txt

or

del c:\temp\test.txt

or

Remove-Item c:\temp\test.txt

you could also use the same “-recurse” switch to recursively delete folders.

Read contents of a file

Most of us are used to “TYPE” or “CAT” commands to achieve this. The same works in PowerShell too. Eg:

type c:\temp\test.txt

cat c:\temp\test.txt

or use the cmdlet directly

Get-Content c:\temp\test.txt

PowerShell Drives (PSDrives)

As we have seen, powershell lets you navigate registry, storage systems, environment variables etc., using simple navigation commands that we are used to. It can do that, 'cause it loads them as Psdrives or PowerShell Drives.

To see a list of all these PowerShell drives, which you can navigate, type in the below:

Get-PSdrive

This will show you all the drives that PowerShell has loaded. The power of navigating through certificate stores, Environment Variables and functions is amazing.

Did you notice that PS (PowerShell) has loaded “alias” as a drive. So lets see all the aliases that PS has built-in by listing the contents of the drive.

Get-ChildItem alias:

WOW!, that's a nice list of aliases that can be used. It would be handy to have a printed list (cheatsheet)
of these aliases that you can pinup at your desk. I'll make one up.

Cmdlet Naming syntax

The beauty of the long names is that, they have a consistent naming syntax. Each command has a verb-Singularnoun, syntax. ie., the cmdlet starts with a verb viz., get, remove etc., and ends with the singularnoun, ie., ChildItem, content, Psdrive etc., Stress on the word Singular, 'cause none of the commands actually end in plural, there is no Get-ChildItems or Get-Contents. Cmdlets nouns always are Singular.

Eg: issue the command below to see a list of all cmdlets available to powershell

Get-Command

Notice how all the cmdlets start with a verb, and end with a singular noun. None of them have a plural form.

The reason, this is done, is that, it is easier to search of a particular cmdlet, when needed.

Hope you have already started to ride with me and will continue .......

Finding files in Linux / Unix

I have a lot of friends and colleagues who ask me about searching files in unix. Most of them are web-developers and graphic designers, who are typically not from the Unix world and are intimidated by the console world. This blog is mainly for them.

find is a very powerful command, the only problem is figuring out how to use it to get the result you want. In its simplest form, the syntax of find command looks like this:

$ find path parameters/operators

path is the path where you want to search for the files, and parameters/operators are usually the criteria on which you want to find the files eg: name, date etc.,

most common form of find command would be as below:

# find / –name Downloads

The above command will search the complete filesystem for a file/folder named “Downloads”

The other options that are available are

find –name filename	find the file filename
find –perm mode	finds the files based on the permission/access mode. Access mode here has to be specified in octal viz., 640 etc.,
find –type c	finds files based on the filetype, viz., b for block special files c for character special files d for folders or directories f for plain files l for symbolic links p for Named pipe files s for socket files
find –name username	find files owned by the user <username>. username can be specified as UID
find –group groupname	find files owned by the group <groupname>. groupname can be specified as GID
find –size n	find files by their size. n  denotes blocks. each block is 512 bytes. +n can be used to look for files larger than n blocks.
find –atime n -mtime n -ctime n	find files last accessed n days ago. to make this command even more powerful, you could use –n to say files accessed less than n days ago. same as –atime, except that it looks for content modified time same as –atime except that it looks for access mode changed time
find –newer file	finds files that have a modified time stamp that is more recent than the file specified
find operator1 –a  operator2	find files that match operator1 and operator2. this is the default behaviour when two operators are specified, so –a is optional
find operator1 –o operator2	find files that match operator1 or  operator2
find !operator	find files that do not match operator
find \{expression \}	find using regular expressions…very complex and powerful
-print	prints the output to standard output ie., console
-exec command	executes the command. command must end with \; as shown in the example below: # find –name “*.mp3” –exec rm –rf {} \; the above command will search for files with extension “.mp3” in the current folder and delete them. {} in the above command will ensure that the complete path of the file is passed onto the command.
-ok command	works exactly like –exec command, except that in this case, it prompts the user before executing the command

Some examples:

$ ls –l `find . –type l -print`

find . –type l –print in the above command will print all the symbolic links in the current directory. –print will print it to standard output, in this case, it is being redirected to ls –ld, which in turn will print them in a long listing format.

$ find . –atime 4 –print

will find files that were last accessed 4 days ago

$ find . –mtime 7 –print

will find files that were modified 7 days ago. You also specify a range of time.

$ find . –mtime 7 –mtime –9 –print

will find files that were modified between 7 to 9 days ago.

If you wanted to delete all the files in the current directory and sub-directory that have not been accessed in 90 days, then you would use the command below:

$ find . –atime +90 –exec rm –rf {} \;

pretty powerful isn’t it. you could also tweak this command to delete only the log files like *.log or *.tmp easily.

$ find . –atime +90 \(–name “*.log” –o –name “*.tmp”\) –exec rm –rf {} \;

Combining GREP and FIND

If you wanted to search for a particular word in all the files of a particular directory, then you could do a command substitution with grep as below:

$ egrep ‘findme’ `find . –type f -print`

 

There is a lot more we could do by combining the power of find with other commands. We barely scratched the surface here.

Rose Garden at Hartford,CT

We recently had the pleasure of visiting the Elizabeth Rose Garden in Hartford,CT. Established in 1908, it is the first municipal Rose Garden in the United States. Tucked away in Hartford suburbs, is this beautiful sprawling garden located at the corner of Prospect street and Asylum street. Rose Garden being the main attraction, with lovely arches made up of climbing roses, leading to a gazebo in the center, I bet in its prime bloom, would be the perfect spot for a picturesque wedding. There are other flower gardens too along with some green houses. We reached the garden late evening and with not much daylight left, the photos do not do much justice to the actual location. One has to be there to enjoy the beauty of nature combined with great landscaping.

 

View Full Album