|
Size: 18262
Comment:
|
Size: 18995
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 109: | Line 109: |
| == Getting Rid of Pesky Service Not Running Errors == Did you ever look at your server dashboard and see a big fat red mark next to services only to find out that it is a service that will just quit again if you run it. You look into it and, no you don't need it!!! Two such services are: * OneSyncSvc * WpnUserService Here is how to turn them off: {{{#!highlight powershell Set-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneSyncSvc*" -Name "Start" -Value 4 Set-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpnUserService*" -Name "Start" -Value 4 }}} If you just want these to be "Manual" instead of "Disabled" use a value of 3 instead of 4. |
|
| Line 123: | Line 139: |
| == Install !ServerCore.!AppCompatibility on Server Core == | == Install App Compatibility on Server Core == |
Here is a list of Power Shell Scripts that are too cool to ignore
Contents
- Here is a list of Power Shell Scripts that are too cool to ignore
-
Windows
- Basic filtering of services
- Expand all zip files into directories with zip name
- List of Listening Ports with their owning programs
- List Memory Installed
- List object from Registry - namely version of .NET installed
- Remote Session / Shell
- Remote commands
- Replace a string in a file using a regular expression
- Windows Backup Setup
- Getting Rid of Pesky Service Not Running Errors
-
AD Scripts
- Add RSAT tools to Windows 10
- Install App Compatibility on Server Core
- Add User to the Active Directory as a batch
- List of AD accounts and the last time they logged in
- Delete AD User accounts that have not been used in X days
- Delete AD Computer accounts that have not been used in X days
- List AD Computer accounts and the last time they have been logged in
- Adding DNS records to Windows DNS - For CPTR 446 class
- Setting up a Group Managed Service Account
- Setting up a Storage Pool & Virtual Disk
-
SCVMM Powershell scripts
- Get a list of Virtual Machines that have a DVD attached
- List VMs at the end of the semester to be deleted
- Get a list of VM Mac Addresses for CPTR 427
- Add DHCP Reservations to Ruth
- Get a list of IP address for SCVMM
- List SCVMM VMs/Templates and their Ownership - Change Ownership
- List SCVMM VMs/Templates LimitCPUForMigration and Set to allow migration
- List SCVMM VMs that are not associated with the cloud and associate them
- Setting up a Windows 2019 Server for the first time
- Power shell to list of VM hard drives sizes
- List the amount of memory used by virtual machines
- Power Shell Scripts to create a NAT network (without DHCP) on Windows 10
- Power Shell Script to List Network Adapters on a VM
- List VLANs for all CPTR 427 Virtual Machines in System Center
- List All disconnected Adapters
- Revoke all MAC addresses Back to the Pool
- Change all VMs to use Dynamic Memory and reduce memory usage
For the uninitiated:
Symbol |
Meaning |
% |
shortcut for foreach object |
$_ |
current object in the pipeline |
Get-Member |
Will list the fields of the object you send it |
Sort-Object -Property [property name] |
Will sort the objects you send in by the property name(s) which can be a comma separated list |
Where-Object {$_.property -like '*string*'} |
Will filter the objects. Also short cut notation: ? {$_.property -like '*string*'} |
Get-Command -Module PSWindowsUpdate |
Lists all the commands in the PSWindowsUpdate module |
Windows
Basic filtering of services
Toggle line numbers
1 Get-Service | ? { ($_.Status -eq "Running") -and ($_.StartType -eq "Manual") }
Expand all zip files into directories with zip name
List of Listening Ports with their owning programs
Toggle line numbers
1 $listening = (Get-NetTCPConnection | ? {($_.State -eq "Listen") -and ($_.RemoteAddress -eq "0.0.0.0")})
2 foreach ($l in $listening) {
3 $procid = $l.OwningProcess
4 $proc = Get-Process -PID $procid | SELECT ID,ProcessName
5 Write-Host $($l.LocalPort) "||" $($procid) "||" $proc.ProcessName
6 }
7
8 $udp = Get-NetUDPEndpoint
9 foreach ($u in $udp) {
10 $procid = $u.OwningProcess
11 $proc = Get-Process -PID $procid | SELECT ID,ProcessName
12 Write-Host "||" $($u.LocalAddress) "||" $($u.LocalPort) "||" $($procid) "||" $proc.ProcessName "||"
13 }
List Memory Installed
Toggle line numbers
1 Get-WmiObject win32_physicalmemory | Format-Table Manufacturer,Banklabel,Configuredclockspeed,Devicelocator,Capacity,Serialnumber -autosize
List object from Registry - namely version of .NET installed
Toggle line numbers
1 gci 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' | sort pschildname -des | foreach-object {$_.name; $_.GetValue("Version");}
Remote Session / Shell
Toggle line numbers
1 Enter-PSSession -Computer [ComputerName]
Remote commands
Toggle line numbers
1 Invoke-Command -ComputerName eve -ScriptBlock { date }
Replace a string in a file using a regular expression
So I downloaded a bunch of files from "the way back machine" site and I needed to update the hard-coded links to be relative site links. The following little script did it for me.
Toggle line numbers
1 $files = ls Level*.html
2 foreach ($item in $files) {
3 (Get-Content -path $item) | % { $_ -Replace '(https://web.archive.org/nebula/level)([0123456789]{2})/', 'Level$2.html' } | Set-Content $item
4 }
Windows Backup Setup
Suppose that we have added a new disk for local backup purposes and that it is Disk 1.
Toggle line numbers
1 Add-WindowsFeature -Name Windows-Server-Backup
2 $policy = New-WBPolicy #Note that this is the backup policy, its like a job, but you can only have one of these daily backups weird huh? Yeah, I'll show you a different way later!
3 Add-WBSystemState -Policy $policy
4 $volumes = Get-WBVolume -CriticalVolumes
5 Add-WBVolume -Policy $policy -Volume $volumes
6 $disks = GEt-WBDisk
7 $target = New-WBBackupTarget -Disk $disks[1]
8 Add-WBBackupTarget -Policy $policy -Target $target
9 Set-WBSchedule -Policy $policy -Schedule "01:30" #Daily at 1:30 AM
10 Set-WBPolicy -Policy $policy #save this as the default policy, and answer Y to the format backup storage disk.
Getting Rid of Pesky Service Not Running Errors
Did you ever look at your server dashboard and see a big fat red mark next to services only to find out that it is a service that will just quit again if you run it. You look into it and, no you don't need it!!! Two such services are:
Here is how to turn them off:
Toggle line numbers
1 Set-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneSyncSvc*" -Name "Start" -Value 4
2 Set-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpnUserService*" -Name "Start" -Value 4
If you just want these to be "Manual" instead of "Disabled" use a value of 3 instead of 4.
AD Scripts
Add RSAT tools to Windows 10
Toggle line numbers
1 Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online
OR Use Choco: https://chocolatey.org
Toggle line numbers
1 c:\> choco install -y rsat
Install App Compatibility on Server Core
- Download the ISO (or if you are using my VM infrastructure, its already available, just load it into your DVD drive)
Toggle line numbers
1 Add-WindowsCapability -Online -Name ServerCore.AppCompatibility -Source D:\LanguagesAndOptionalFeatures -LimitAccess
Don't forget to eject the DVD.
Add User to the Active Directory as a batch
Toggle line numbers
1 New-ADUser -Name "A a" -GivenName "A" -Surname "a" -SamAccountName "ab" -Path "OU=OU_Students,DC=cs,DC=southern,DC=edu" -AccountPassword (ConvertTo-SecureString "z36Hynyghg" -AsPlainText -Force) -Enabled $true
See: Excel Example
List of AD accounts and the last time they logged in
Toggle line numbers
1 # This method looks like it should work, but LastLogon is stored at each domain controller, and the domain controller you are
2 # using, may not have ever been logged into by the user
3 #Get-ADUser -Filter * -SearchBase "dc=home,dc=scotnpatti,dc=com" -ResultPageSize 0 -Prop CN,samaccountname,lastLogonTimestamp |
4 # select CN, samaccountname,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.LastLogonTimestamp)}}
5
6 # INSTEAD USE THIS METHOD
7 Import-Module ActiveDirectory
8 function Get-LastLogonEvents
9 {
10 $UserList = New-Object System.Collections.ArrayList
11 $dcs = Get-ADDomainController -Filter {Name -like "*"}
12 $users = Get-ADUser -Filter *
13 $time = 0
14 foreach($user in $users)
15 {
16 foreach($dc in $dcs)
17 {
18 $hostname = $dc.HostName
19 $currentUser = Get-ADUser $user.SamAccountName | Get-ADObject -Server $hostname -Properties lastLogon
20 if($currentUser.LastLogon -gt $time)
21 {
22 $time = $currentUser.LastLogon
23 }
24 }
25
26 $dt = [DateTime]::FromFileTime($time)
27 $temp = New-Object System.Object
28 $temp | Add-Member -MemberType NoteProperty -Name "SamAccountName" -Value $user.SamAccountName
29 $temp | Add-Member -MemberType NoteProperty -Name "LastLogon" -Value $dt
30 $UserList.Add($temp) | Out-Null
31 $time = 0
32 }
33 return $UserList
34 }
35 $myList = Get-LastLogonEvents | Sort-Object LastLogon | FT SamAccountName, LastLogon
36 Write-Output $myList
Delete AD User accounts that have not been used in X days
Toggle line numbers
1 $DaysAgo = (Get-Date).AddDays(-180)
2 #Get-ADUser -Filter {Enabled -eq $True} -Properties LastLogonDate | ? {($_.LastLogonDate -le $DaysAgo) } | FT Name, SamAccountName, DistinguishedName, LastLogonDate
3 Get-ADUser -Filter {Enabled -eq $True} -Properties LastLogonDate | ? {($_.LastLogonDate -le $DaysAgo) } | Remove-ADUser -Confirm
Delete AD Computer accounts that have not been used in X days
Toggle line numbers
1 $YearAgo = (Get-Date).AddDays(-370)
2 Get-ADComputer -Filter * -Properties * | ? {$_.LastLogonDate -le $YearAgo } | Remove-ADObject -Recursive -Confirm
3 #Get-ADComputer -Filter * -Properties * | ? {$_.LastLogonDate -le $YearAgo } | FT Name, LastLogonDate -AutoSize
List AD Computer accounts and the last time they have been logged in
Toggle line numbers
1 # This method looks like it should work, but LastLogon is stored at each domain controller, and the domain controller you are
2 # using, may not have ever been logged into by the user
3 #Get-ADUser -Filter * -SearchBase "dc=home,dc=scotnpatti,dc=com" -ResultPageSize 0 -Prop CN,samaccountname,lastLogonTimestamp |
4 # select CN, samaccountname,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.LastLogonTimestamp)}}
5
6 # INSTEAD USE THIS METHOD
7 Import-Module ActiveDirectory
8 function Get-LastComputerLogonEvents
9 {
10 $ComputerList = New-Object System.Collections.ArrayList
11 $dcs = Get-ADDomainController -Filter {Name -like "*"}
12 Write-Output $dcs
13 $computers = Get-AdComputer -Filter *
14 $time = 0
15 foreach($computer in $computers)
16 {
17 foreach($dc in $dcs)
18 {
19 $hostname = $dc.HostName
20 $currentComputer = Get-ADComputer $computer.SamAccountName | Get-ADObject -Server $hostname -Properties lastLogon
21 if($currentComputer.LastLogon -gt $time)
22 {
23 $time = $currentComputer.LastLogon
24 }
25 }
26
27 $dt = [DateTime]::FromFileTime($time)
28 $temp = New-Object System.Object
29 $temp | Add-Member -MemberType NoteProperty -Name "SamAccountName" -Value $computer.SamAccountName
30 $temp | Add-Member -MemberType NoteProperty -Name "LastLogon" -Value $dt
31 $ComputerList.Add($temp) | Out-Null
32 $time = 0
33 }
34 return $ComputerList
35 }
36 $myList = Get-LastComputerLogonEvents | Sort-Object LastLogon | FT SamAccountName, LastLogon
37 Write-Output $myList
Adding DNS records to Windows DNS - For CPTR 446 class
Toggle line numbers
1 Import-Csv googleips.csv | ForEach-Object {
2 Add-DnsServerResourceRecordA -Name $_.DNSName -ComputerName dc1.cs.southern.edu -ZoneName cs.southern.edu $_.IP
3 }
Setting up a Group Managed Service Account
An account that is automatically managed (e.g. password updates) by the domain. See get-help New-AdServiceAccount
Toggle line numbers
1 # Adds the required root key to the key distribution service
2 Add-KdsRootKey -EffectiveTime ((get-date).AddHours(-10))
3 #Create an account:
4 New-ADServiceAccount Sql-Srv-Acct -DNSHostName Sql-Srv-Acct.home.scotpatti.com -PrincipalsAllowedToRetrieveManagedPassword "Domain Controllers"
5 #Install account on rita.home.scotnpatti.com
6 Install-ADServiceAccount -Identity 'Sql-Srv-Acct'
Setting up a Storage Pool & Virtual Disk
Toggle line numbers
1 $PhysicalDisk=(Get-PhysicalDisk -CanPool $True
2 New-StoragePool -FriendlyName Carribean -StorageSubSystemFriendlyName "Windows Storage*" -ResiliencySettingNameDefault Parity -ProvisioningTypeDefault Thin -PhysicalDisks $PhysicalDisks -Verbose
3 New-VirtualDisk -StoragePoolFriendlyName Carribean -FriendlyName StarFish -ResiliencySettingName Parity -Size 2GB
4 Get-VirtualDisk -FriendlyName StarFish | Initialize-Disk -PartitionStyle GPT -PassThru
5 #Get-Disk #will list the number of the StarFish disk if you don't see it from the command above
6 New-Partition -DiskNumber [X] -DriveLetter '[Y]' -UseMaximumSize
7 Format-Volume -DriveLetter '[Y]' -FileSystem NTFS
SCVMM Powershell scripts
I needed this once when I was trying to refresh the Library share. It failed on refresh with an error saying that a DVD was in use and wouldn't refresh until it was no longer in use. The following commands allowed me to identify the machines.
In general all of these need:
Toggle line numbers
1 Import-Module VirtualMachineManager
Get a list of Virtual Machines that have a DVD attached
Toggle line numbers
1 Get-SCVMMServer -ComputerName Samuel
2 Get-SCVirtualMachine | Get-SCVirtualDVDDrive | Where-Object {$_.Connection -eq "ISOImage"} | Select Name, Connection, ISO
List VMs at the end of the semester to be deleted
Toggle line numbers
1 Get-SCVirtualMachine | Select Name, MarkedAsTemplate, Owner | Sort-Object -Property Owner, Name | Export-Csv -Path .\vms2019w.csv
Get a list of VM Mac Addresses for CPTR 427
Toggle line numbers
1 Get-SCVirtualMachine | Where-Object { $_.Name -like "*427*" } | select -ExpandProperty VirtualNetworkAdapters | select MacAddress
Add DHCP Reservations to Ruth
Toggle line numbers
1 Add-DhcpServerv4Reservation -ScopeId 10.10.4.0 -IPAddress 10.10.4.10 -ClientId "00-1D-D8-C0-00-01" -ComputerName "ruth" -Description "00-1D-D8-C0-00-01"
Get a list of IP address for SCVMM
Toggle line numbers
1 Get-SCMACAddress -Assigned | Format-Table -Property `
2 @{label="MAC address"; expression={$_.Name}; width=18},
3 @{label="Name"; expression={$_.Description}; width=30},
4 @{label="IP address"; expression={$a = $_.Address -replace ":", "";
5 $l = Get-DhcpServerv4Lease -ScopeId 10.10.4.0 -ComputerName "ruth" -ClientId $a;
6 $l.IPAddress}; width=16}
7
8 #Get-DhcpServerv4Lease -ScopeId 216.249.119.0 -ComputerName 'csdc01' -ClientId '001DD8B71C28'
List SCVMM VMs/Templates and their Ownership - Change Ownership
Toggle line numbers
1 Get-SCVMTemplate | ? { $_.Owner -eq "DOMAIN\X" } | Set-SCVMTemplate -Owner "DOMAIN\Y"
2 Get-SCVirtualMachine | ? { $_.Owner -eq "DOMAIN\X" } | Set-SCVirtualMachine -Owner "X\Y"
List SCVMM VMs/Templates LimitCPUForMigration and Set to allow migration
Note: Setting LimitCPUForMigration = $true means that we are limiting the CPU so that it can migrate to different versions of the same CPU.
Toggle line numbers
1 Get-SCVMTemplate | ? { $_.LimitCPUForMigration -eq $false } | Set-SCVMTemplate -LimitCPUForMigration $true
2 Get-SCVirtualMachine | ? { $_.LimitCPUForMigration -eq $false } | Set-SCVirtualMachine -LimitCPUForMigration $true
List SCVMM VMs that are not associated with the cloud and associate them
Toggle line numbers
1 $Cloud = $Cloud = Get-SCCloud -VMMServer samuel | ? {$_.Name -eq "Nimbus"}
2 Get-SCVirtualMachine -VMMServer samuel | ? { $_.Cloud -ne $Cloud } | Set-SCVirtualMachine -Cloud $Cloud
Setting up a Windows 2019 Server for the first time
- Install the server - follow prompts.
- Setup the AVMA key as shown below OR use sconfig in the next step.
Toggle line numbers
1 # Install the AVMA key.
2 slmgr /ipk TNK62-RXVTB-4P47B-2D623-4GF74
3
4 1.
5
6 #First run sconfig and setup the name, timezone and network, remote management and remote desktop. You can also setup windows update from here.
7
8 # Next we need to install Windows update and get it started.
9 # This will install nuget package too.
10 Install-Module PSWindowsUpdate
11
12 # Now start the update process
13 # First we'll look at what updates are there
14 Get-WUInstall
15 # Now install them
16 Install-WindowsUpdate
See the NAT setup near the bottom! That appears to have negated the need to change firewall rules. Also, I was not able to connect to the system via Server Manager right away. But a few minutes later, I could. No changes were made. But for posterity, they are here:
Toggle line numbers
1 # To turn on or off the firewall
2 Get-NetFirewallProfile
3 # to set firewall on or off
4 Set-NetFirewallProfile -Name Domain,Public,Private -Enabled True
5
6 #Te get/set the firewall rule for private networks to allow any machine on a private network.
7 Get-NetFirewallRule | ? {$_.DisplayGroup -like "Windows Remote Management*" -and $_.Profile -like "*Private*"} | Get-NetFirewallAddressFilter #Shows the address filter
8 Get-NetFirewallRule | ? {$_.DisplayGroup -like "Windows Remote Management*" -and $_.Profile -like "*Private*"} | Set-NetFirewallRule -RemoteAddress 192.168.1.0/24
Using Server Manager, install AD DS
Power shell to list of VM hard drives sizes
List the amount of memory used by virtual machines
Toggle line numbers
1 Get-SCVirtualMachine | ForEach-Object { $size += $_.Memory }
Resources:
Power Shell Scripts to create a NAT network (without DHCP) on Windows 10
Toggle line numbers
1 New-VMSwitch -SwitchName "CPTE230" -SwitchType Internal
2 Get-VMSwitch #just for show
3 Get-NetAdapter #get the ifIndex of your vEthernet adapter e.g. 67
4 New-NetIPAddress -IPAddress 192.168.1.1 -PrefixLength 24 -InterfaceIndex 67 #Using the network ifIndex found above, e.g. 67
5 New-NetNat -Name CPTE230NAT -InternalIPInterfaceAddressPrefix 192.168.1.0/24 #create the NAT
Power Shell Script to List Network Adapters on a VM
Note: When looking at the VirtualNetworkAdapterType value, "Emulated" means that it is "legacy" network adapter and "Synthetic" means its a non-legacy adapter.
Toggle line numbers
1 Get-SCVirtualMachine | ? { $_.Name -like "*pfsense*" } | Get-SCVirtualNetworkAdapter
List VLANs for all CPTR 427 Virtual Machines in System Center
Toggle line numbers
1 Get-SCVirtualMachine |
2 ? { $_.Name -like "*427*" } |
3 SELECT Name,@{label="VlanID";expression={($_.VirtualNetworkAdapters).VlanID}} |
4 Sort-Object Name | Export-Csv -Path .\VlanData.csv
List All disconnected Adapters
Toggle line numbers
1 $vms = Get-SCVirtualMachine
2 foreach ($vm in $vms) {
3 $adapters = Get-SCVirtualNetworkAdapter -VM $vm
4 foreach ($adapter in $adapters) {
5 if ($adapter.VMNetwork -eq $null -or $adapter.VMNetwork -eq "" ) {
6 Write-Host $vm.Name "missing connection on'" $adapter.MACAddress "'"
7 }
8 }
9 }
Revoke all MAC addresses Back to the Pool
This came up as a maintenance issue when we lost some VMs, but not the configurations
Change all VMs to use Dynamic Memory and reduce memory usage
Toggle line numbers
1 $list = Get-SCVirtualMachine | ? { ($_.Name -like "*427*") -and ($_.DynamicMemoryEnabled -eq $False) }
2 foreach ($vm in $list) {
3 if ($vm.Status -ne "PowerOff") {Stop-SCVirtualMachine -VM $vm}
4 Set-SCVirtualMachine -VM $vm -DynamicMemoryEnabled $True -MemoryMB 1024 -DynamicMemoryMinimumMB 1024 -DynamicMemoryMaximumMB 6144
5 }