Pages

8/16/2013

Powershell - prompt for option



$title = "Install Time"
$message = "Select Time For WSUS Install on SATURDAY"

$One = New-Object System.Management.Automation.Host.ChoiceDescription "&1 = 8pm", `
    "8 PM"

$two = New-Object System.Management.Automation.Host.ChoiceDescription "&2 = 9pm", `
    "9 PM"

$three = New-Object System.Management.Automation.Host.ChoiceDescription "&3 = 10pm", `
    "10 PM"

$four = New-Object System.Management.Automation.Host.ChoiceDescription "&4 = 11pm", `
    "11 PM"

$options = [System.Management.Automation.Host.ChoiceDescription[]]($one, $two, $three, $four)

$result = $host.ui.PromptForChoice($title, $message, $options, 0) 

switch ($result)
    {
        0 {$tod=20}
        1 {$tod=21}
 2 {$tod=22}
 3 {$tod=23}
    }
#"Time of Day for Install = $tod"

Cisco FAQ: How do I reverse telnet out my aux port?

Cisco FAQ: How do I reverse telnet out my aux port?: How do I reverse telnet out my aux port?

8/12/2013

Lock Windows Workstation

Sometimes I'd like to lock a VDI machine but "Windows+L" key combo executes locally -- not on the VDI session. Create the following shortcut:
rundll32.exe user32.dll, LockWorkStation

8/07/2013

Powershell: Remotely run a script

Run Powershell Script Remotely...


#############################################################################################################
#
#   report.ps1
#
#   run a powershell script on a remote computer and copy a result file for viewing locally
#

$computer = "GPM"
"Run GPO Report"
"Executing remotely from $computer"
$username = read-host "Username"
$pw = read-host -AsSecureString "Password"
$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
            [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pw))
$cmd = "c:\util\psexec.exe /acceptEula \\$computer -u $username -p $pass -w c:\dev c:\dev\run-report.bat"

invoke-expression $cmd

$file = "\\" + $computer + "\c$\dev\gpostatus.html"
copy $file c:\util
c:\util\gpostatus.html

8/02/2013

Powershell - Report on Group Policy Objects


#########################################################################################################################
#
#   GPO-REPORT.PS1
#
#   Create a report of the status of all WSUS GPO's
#

import-module grouppolicy

$today = get-date
$outfile = "gpostatus.html"
$key = "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au"

$days = @{"0" = "Every Day"; "1" = "Every Sunday"; "2" = "Every Monday"; "3" = "Every Tuesday"; "4" = "Every Wednesday"; "5" = "Every Thursday"; "6" = "Every Friday"; "7" = "Every Saturday"}

$gpobjs = get-gpo -all -domain usa.DOMAIN.com | where {$_.DisplayName -like "Software Update*"}

"<HTML>" | out-file $outfile
"<HEAD>" | out-file $outfile -append
"<TITLE></TITLE>" | out-file $outfile -append
"</HEAD>" | out-file $outfile -append
'<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#FF0000" VLINK="#800000" ALINK="#FF00FF" BACKGROUND="?">' | out-file $outfile -append
'<H2>WSUS Group Policy Status</H2>' | out-file $outfile -append
'<H4>' + $today + '</H4><table bordercolor=#000000;  border=2px; cellspacing=0;>' | out-file $outfile -append
'<tr><td ><b><font face="monospace" size="3"> Policy </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Modified </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Enabled/Disabled </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Configuration </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Install Day </font></td>' | out-file $outfile -append
'<td ><b><font face="monospace" size="3"> Install Hour </font></td>' | out-file $outfile -append
'</tr>' | out-file $outfile -append

$gpobjs | foreach-object {
    $name = $_.DisplayName
 
write-host $name
 
    $modified = $_.ModificationTime
    $enabledvalue = get-gpregistryvalue -name $name -key $key -valuename noautoupdate
    if ($enabledvalue.value -eq "0") {
        $enabled = "enabled"
        }
    else {
        $enabled = "disabled"
        }
    $optionvalue = get-gpregistryvalue -name $name -key $key -valuename auoptions

    if ($optionvalue.value -eq "2") {
        $option = "2-Notify Only"
        }
    elseif ($optionvalue.value -eq "3") {
        $option = "3-Download & Notify"
        }
    elseif ($optionvalue.value -eq "4") {
        $option = "4-Download & Install"
        }
    else {
        $option = $optionvalue.value
        }

    $dayvalue = (get-gpregistryvalue -name $name -key $key -valuename scheduledinstallday).value | out-string
    $dayvalue = $dayvalue -replace "\s+", ""
    $day = $days[$dayvalue]
    $hour = (get-gpregistryvalue -name $name -key $key -valuename scheduledinstalltime).value
    
    if ($enabled -eq "disabled") {
    $option = " "
    $day = " "
    $hour = " "
    }
    '<tr><td ><font face="monospace" size="2">' + $name + '</font></td>' | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $modified + '</font></td>'  | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $enabled + '</font></td>'  | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $option + '</font></td>'  | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $day + '</font></td>'  | out-file $outfile -append
    '<td ><font face="monospace" size="2">' + $hour + '</font></td></tr>'  | out-file $outfile -append

}#foreach object

"</TABLE></BODY></HTML>" | out-file $outfile -append

Auditing Group Policy changes - Canberra Premier Field Engineering: Team Blog - Site Home - MSDN Blogs

Auditing Group Policy changes - Canberra Premier Field Engineering: Team Blog - Site Home - MSDN Blogs: Auditing Group Policy changes

Powershell Group Policy Management

Powershell Group Policy Management

WSUS Policies


#requires Windows 2008 R2 with Group Policy Management Console installed
#install GPM on a Windows 2008 R2
    import-module -name servermanager
    add-windowsfeature -name GPMC

import-module grouppolicy

#list interesting gpo's
get-gpo -all -domain usa.DOMAIN.com | where {$_.DisplayName -like "Software Update*"} | select displayname

$gpname = "Software Update Services WSUS Asia"

#retrieve an individual object
$gpobj = get-gpo -name $gpo

#When was an object modified?
$modified = $gpobj.ModificationTime

$key = "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"

#get specific value assigned by GPO
get-gpregistryvalue -name $gpname -key $key\au -valuename noautoupdate

#get all values beneath a key
get-gpregistryvalue -name $gpname -key $key

####################################################################################################################################
#    
#    NOTES for WSUS
#
#    - Is WSUS enabled?
#      Key:  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
#      Value:  noautoupdate = 0 (enabled) or 1 (disabled)
#
#    - IF ENABLED, what update option is selected?
#      Key:  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
#      Value:  auoptions = 2 (notify before download), 3 (Download & notify), 4 (autodownload and install on scheduled day)
#
#    - IF ENABLED, IF OPTION 4, what scheduled day?
#      Key:  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
#      Value:  ScheduledInstallDay = 0 (every day), 1 (Sundays), 2 (Mondays), 3 (Tuesdays), 4 (Wednesdays), etc
#
#    - IF ENABLED, IF OPTION 4, what schedule time?
#      Key:  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au
#      Value:  ScheduledInstallTime = number specifying the hour in a 24 hour day = 14 (2pm)

#
#Set a value
#  For example - set day of week for scheduled install to Saturday:
#    set-gpregistryvalue -name $gpname -key $key\au -valuename scheduledinstallday -type DWORD -value 7

Managing Windows Servers with Powershell

Powershell:  install a windows feature

This is so much simpler than clicking around and waiting for screens to refresh:

import-module -name servermanager
add-windowsfeature -name GPMC

VMware KB: Repointing and reregistering VMware vCenter Server 5.1.x and components

VMware KB: Repointing and reregistering VMware vCenter Server 5.1.x and components: Repointing and reregistering VMware vCenter Server 5.1.x

VMware KB: vCenter Inventory Service fails to start and cannot back up the Inventory Service database

VMware KB: vCenter Inventory Service fails to start and cannot back up the Inventory Service database: vCenter Inventory Service fails to start

8/01/2013

Cisco - more VRF stuff

Making stuff work with VRF's.... More

Get to my NTP Server, Get Telnet access working

line vty 0 4
 access-class 50 in vrf-also
 exec-timeout 60 0
 privilege level 15
 transport input telnet ssh
!
ntp server vrf [vrf-name] 10.10.10.10

Cisco TACACS+ with VRF

Cisco TACACS+ with VRF

aaa group server tacacs+ [grp-name]
 server-private 10.10.10.10 key 7 [key]
 ip vrf forwarding [vrf-name]
 ip tacacs source-interface [interface-name]
!
aaa authentication login default local group [grp-name]tacacs+
aaa authorization exec default local group [grp-name]tacacs+

Cisco Virtual Routing and Forwarding (VRF) - Misc

Copy to TFTP using VRF

Trying to get into practice of using a separate vrf for management on network stuff.
A lot of stuff needs cleaned up.  Today's discovery - to make backup scripts work:
ip tftp source-interface vlan109
 Where VLAN109 is the vrf interface