I am creating dashboard with Powershell Universal (https://docs.powershelluniversal.com/userinterfaces/dashboards) and I am trying to get an access token in order to connect to MS Graph. I am using the command Get-MsalToken (part of the MSAL.PS module) to get an access token. The code I am running is below:
$Params = #{
ClientId = $Credential.UserName
ClientSecret = $Credential.Password
TenantId = 'xxxxxxxxxxxxxxxxxxxx'
ForceRefresh = $true
ErrorAction = 'Stop'
}
$AccessToken = (Get-MsalToken #Params).AccessToken
When running the above code on the command line using Powershell 7, it works fine. However when the dashboard runs the same command on Powershell 7, it returns this error message:
Get-MsalToken: The property 'Authority' cannot be found on this object. Verify that the property exists.
The module MSAL.PS is on version 4.37.00 on both my local instance and on the server where the dashboard is running from. For the most part I am unable to replicate the error on the command line on either my machine or on the server, and the command works perfectly. I was able to reproduce the error locally on my machine's command line after connecting to other services and then running Get-MsalToken, but trying this a second time is getting the access token correctly, so I am unable to accurately reproduce the error on the command line. The dashboard however is consistent with this error. Running an automated script from the server also does not produce the error.
I did see a forum on github about this same issue, but there is no clear resolution. I did see people recommending commenting out some lines from the source code, but given that they recommend commenting out a line for TenantID, which I am using for the connection, I am not in favor of doing that. The forum can be found here: https://github.com/AzureAD/MSAL.PS/issues/45
I was just wondering if anybody else has run into this issue or knows of a solution or alternative. Thanks!
As NiMux stated above, the solution is to simply import the MSAL.PS module before importing anything else. At the top of the main page of my code I simply added Import-Module -Name MSAL.PS -Force and I got it to work properly. Even though the module was already installed and imported, it needs to be imported before anything else.
Hopefully this helps somebody else with this issue in the future.
Related
I'm looking to for way to get an entire Power Plateform list of solutions. The aim is to export all the solutions with their properties (i.e. Name, id, date of creation, etc).
As you know, solutions can contains, Power Apps application, Power Automate flows, environment variables and so on.
I already know that Power Apps applications (canvas apps) can be retreived by using this command line:
Get-AdminPowerApp
And Flows can be retreived by using this one:
Get-AdminFlow -EnvironmentName "env"
We can found command line to get environements, connections, connectors, etc.
Is there a command line that look like the following one ?
Get-AdminPowerAppsSolution -Environment "env"
Thank you all.
To be able to get solutions with PowerShell an additional PowerShell module is required and can be install by typing the following command-line:
Install-Module Microsoft.Xrm.Data.Powershell
Once the module is installed, a connection to crm online is required :
Connect-CrmOnlineDiscovery -InteractiveMode
The InteractiveMode option prompt a modal to allow the user to enter his credentals. Connection can also be acheived by creating credental manually and then pass it as a parameter:
$creds = Get-Credential
Connect-CrmOnlineDiscovery -Credential $creds
Which prompt a login window as well, but once the credental is set, it can be reused for further calls.
And finally, a lasts commands as follow :
$records = Get-CrmRecords -EntityLogicalName solution
$records.crmRecords
The crmRecords attributes contains all the solution for the selected environment with the following properties :
ReturnProperty_EntityName
solutionid
solutionid_Property
ReturnProperty_Id
EntityReference
original
logicalname
Finding all apps across all environments to which you have admin access can be done with the following command:
Get-AdminPowerApp
More information about this command can be found on Microsoft docs here: https://learn.microsoft.com/en-us/powershell/module/microsoft.powerapps.administration.powershell/get-adminpowerapp?view=pa-ps-latest
You can get PowerApps Solutions by installing the PowerApps CLI.
Look at the Solution export command.
Example:
pac solution export --path c:\Users\Documents\Solution.zip --name SampleComponentSolution --managed true --targetversion 10.0.03 --include general
I'm fairly new to the world of Powershell and currently I'm trying to push a Powershell script via Intune to the company devices (all Windows 10 21H2 machines) that will show the file extensions in File Explorer.
So far, I've found this:
Set-Itemproperty -path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'HideFileExt' -value 0
The PS script is pushed via Intune to a test device and the monitor tells me the policy is applied successfuly but the file extensions are still not visible.
Is there something wrong with the line of code?
My original comment which helped:
The script works fine. I am positive that it is not applied successfully, despite Intune telling you it did. While it is not part of that question, I suppose you should check the user context in which the script is applied and if the eventvwr or any other possible source tells you why the script did not apply correctly. Also, after trying the script locally for myself, you need to refresh the explorer tab via f5 for the change to apply.
Solution was to set it as system/device rights, since it was indeed run as user context, hence solving the problem.
This was the solution:
"The script works fine. I am positive that it is not applied successfully, despite Intune telling you it did. While it is not part of that question, I suppose you should check the user context in which the script is applied and if the eventvwr or any other possible source tells you why the script did not apply correctly. Also, after trying the script locally for myself, you need to refresh the explorer tab via f5 for the change to apply" –
Bowshock
I am working with Configuration Baselines. I would like to start from "Get-CMBaseline -Name MyBaselineName" and work my way to the name of the machines. I am try to figure out how to get the machines names that are "Compliant", "Error", and "Non-Compliant". I see the names of the machines in "Deployment Status" but I need them via PowerShell.
There are many things that are possible via the built in cmdlets but some just are not (yet?). However it is almost always possible to get the same behavior the console has with wmi (because the console uses wmi itself)
To find out how it is good to know that there is a log file "SMSProv.log" that tells you what the console does for every dialog you open. It is located on the site server wherever you installed the ConfigMgr in a sub-folder Logs (so default would be %Program Files%\Microsoft Configuration Manager\Logs).
So if you use that when checking the deployment status of a baseline you will notice that it basically translates to 3 commands (All in the namespace
Root\SMS\site_<SiteCode>
on your siteserver):
SELECT * FROM SMS_DCMDeploymentCompliantAssetDetails WHERE AssignmentID=<AssignmentID>
SELECT * FROM SMS_DCMDeploymentNonCompliantAssetDetails WHERE AssignmentID=<AssignmentID>
SELECT * FROM SMS_DCMDeploymentErrorAssetDetails WHERE AssignmentID=<AssignmentID>
where AssignemtID is the ID you would get e.g. from
(Get-CMBaselineDeployment -Name "<Your Baslines Name>").AssignmentID
A little exception would be that the console filters the error further by error type but to me it seems like this is maybe not even what you want and you could easily do it in Powershell later if you need to.
The SQL command is also available in most cases in the SMSProv.log, and in some cases it leads to a faster execution. However in this one probably not really and it is a lot more complex most of the time.
I am working with Installshield 2014 and 2011. I'm using major upgrades and automated build scripts to handle the build. InstallShield is the stand alone build ver. for both.
Now everything worked fine with Installshield 2011 on windows 2003 servers. I could use the automation interface to open a project, change the product code (for the major upgrade) then save it right before building the installer.
The code for such is in a vbs file as such:
Dim oISM, oGUID
Set oGUID = CreateObject("InstallShield.GUID")
Set oISM = CreateObject("IswiAuto17.ISWiProject")
oISM.OpenProject strInstallShieldProjectFile
oISM.ProductCode = "{" & oGUID.CreateGUID( ) & "}"
oISM.SaveProject : oISM.CloseProject : set oISM = Nothing
Now we've upgraded to windows 2012 servers and InstallShield 2014. I've double checked and according to InstallShield the only change needed is the ver number (17 changes to 21).
But now nothing works. If I take the code out and put it in it's own vbs file for testing and run it, I get this:
ActiveX component can't create object: 'InstallShield.GUID'
Looking on google I see that's from running in 64 bit mode.... but I'm not. I'm running a cmd prompt in 32 bit mode.
http://helpnet.flexerasoftware.com/installshield18helplib/AutomationInterface64Bit.htm
I tried calling the script with:
%WINDIR%\SYSWOW64\cmd.exe /c cscript
as suggested here:
How do I run a VBScript in 32-bit mode on a 64-bit machine?
and other places. This did not work as I got the same error.
I tried removing that line as I'm sure I can create a guid another way, and reran it.
Then I got this when it tries to create the project:
Unknown runtime error: 'CreateObject'
Once again google came up and I checked:
https://community.flexerasoftware.com/showthread.php?189788-Automation-error
and couple others. I tried ensuring the dll was registered using the regsvr32 and it said it was successful. But after rerunning, it gave the same error.
I tried directly coping the command from the InstallShield documentation to ensure no spelling mistakes but again same error.
I even tried switching the case of the "sw" as mentioned here:
Installshield Automation is failing while running vbscript with error unable to create object
Again though, same error.
I also tried switching to powershell as powershell is much easier to debug and read.
The powershell code is simple and is as follows:
$oIsm = new-object -comobject IswiAuto21.ISWiProject
$oISM.OpenProject("$file")
$oISM.ProductCode = "{" + [guid]::NewGuid() + "}"
$oISM.SaveProject(); $oISM.CloseProject(); $oISM = $null
But this also does not work despite these saying it should:
https://community.flexerasoftware.com/showthread.php?190769-Automation-using-Powershell
http://blogs.flexerasoftware.com/installtalk/2011/01/getting-started-with-installshield-automation-and-powershell.html
When I use the 32 bit powershell I get this error:
new-object : Creating an instance of the COM component with CLSID {78D393F9-76E3-438C-9CAB-6664EF5FE1F2} from the IClassFactory failed due to the following error:
800a801d Exception from HRESULT: 0x800A801D.
If I run solely the vbs without a cmd prompt I also see the error of 800A801D in a pop up box.
How can I fix this? I'd like to use powershell but a vbs fix would help as well at this point. I have tried everything I can think of and google says I'm doing it correctly (32 bit powershell/cmd, registering the dll, creating the object, etc).
Did you install the automation interface? Typically it's an optional feature that's set to absent when you install InstallShield.
Typically the HRESULT should tell you what's wrong, or be so generic that it doesn't help. In this case, it's a bit of an enigma as I haven't found its definition anywhere. The leading 0x800A... indicates FACILITY_CONTROL and the trailing ...801d happens to match the tail of TYPE_E_LIBNOTREGISTERED (0x8002801D), but I don't know whether that's meaningful. Unfortunately FACILITY_CONTROL is defined by the control that issues the error, and that's not clear here.
Let's try to figure out what's wrong. My bet is on COM registration. If you want, you can skip to a likely fix by running regsvr32 C:\...\System\ISWiAutomation21.dll.
So let's follow what CreateObject("IswiAuto21.ISWiProject") will do. First it has to look up the ProgID:
C:\>reg query HKCR\ISWiAuto21.ISWiProject\Clsid
HKEY_CLASSES_ROOT\ISWiAuto21.ISWiProject\Clsid
(Default) REG_SZ {78D393F9-76E3-438C-9CAB-6664EF5FE1F2}
Then it has to look up the CLSID, and in this case, its InprocServer32 key:
C:\>reg query HKCR\Clsid\{78D393F9-76E3-438C-9CAB-6664EF5FE1F2}\InprocServer32
HKEY_CLASSES_ROOT\Clsid\{78D393F9-76E3-438C-9CAB-6664EF5FE1F2}\InprocServer32
(Default) REG_SZ C:\...\ISWiAutomation21.dll
ThreadingModel REG_SZ Apartment
If either of these are missing, it will be unable to find the COM server. In addition, the TypeLib subkey and the Type Library it references are both important:
C:\>reg query HKCR\Clsid\{78D393F9-76E3-438C-9CAB-6664EF5FE1F2}\Typelib
HKEY_CLASSES_ROOT\Clsid\{78D393F9-76E3-438C-9CAB-6664EF5FE1F2}\Typelib
(Default) REG_SZ {92278CC1-987E-4A01-940C-47DCADF27496}
C:\>reg query HKCR\Typelib\{92278CC1-987E-4A01-940C-47DCADF27496}\1.1\0\win32
HKEY_CLASSES_ROOT\Typelib\{92278CC1-987E-4A01-940C-47DCADF27496}\1.1\0\win32
(Default) REG_SZ C:\...\ISWiAutomation21.dll
If any of this information is missing, it will have to be repaired. The COM Server itself may need to probe several additional IDs at this point, so there's a chance that even if this subset is okay, there are others that are missing or corrupted. Self-registering the COM server should fix this. So should running the installation's repair.
Note that all of these queries were done using the 32-bit command C:\Windows\SysWow64\reg.exe, or you can peruse the registry visually with C:\Windows\SysWow64\regedit.exe.
I am trying to install a msi from a network share remotely.
$app = [WMICLASS]"\\$pcname\ROOT\CIMV2:Win32_Product"
$app.Install($AppPath)
I am getting an err 1619. From some sources say that WMI cannot install remotely with first coping it to the local computer and running it. Some sources use this command to exactly.
That way works great, but I want to install via share so when the developer updates this msi, it will update the installed instances automagiclly. If I install them locally, the update would not be detected (not sure of this).
So I have tried using methods along these lines:
Invoke-Command -ComputerName $pcname{ msiexec /quiet /i "\\appsvr\apps\theapp.msi" }
Those commands seem to go off into the blackhole, those that command works when run locally.
Anyone have a method for doing this that works?
In your last scenario, you're credentials are likely getting lost. This is known as the "double-hop authentication" (or maybe it's "second-hop") problem. You're using creds from ServerA, to run something on ServerB, but it in the end has to connect to ServerC.
There's a fix if you have PowerShell v2 installed everywhere and are willing to accept the implications:
http://blogs.msdn.com/powershell/archive/2008/06/05/credssp-for-second-hop-remoting-part-i-domain-account.aspx