Output membership of certain Window local groups - powershell

Working on a simple script to loop through a bunch of machines through a 3rd party system and output the machine, group, and the user to a PS object.
Have the script outputting the correct groups/users. However when a group has more than one user, then it renders it on the same line, instead of a new line. Just looking for insight on how to properly format the output so each result is on it's own line.
$params = $args
$Target = $args[0]
$PrivUser = "$($params[1])\$($params[2])"
$PrivPwd = ConvertTo-SecureString -String $params[3] -AsPlainText -Force
$cred = [pscredential]::new($PrivUser,$PrivPwd)
$Groups = #('Administrators','Power Users')
$results = #()
try {
Invoke-Command -ComputerName $Target -Credential $cred -HideComputerName -ScriptBlock {
$lgs = Get-LocalGroup -Name $Groups
Foreach ($lg in $lgs) {
$ms = Get-LocalGroupMember -Name $lg
#write-host $ms.Name
$output = New-Object PSObject -Property #{
Machine = $env:COMPUTERNAME
Group = "$lg"
Username=$ms
}
$results += $output
}
return $results
}
} catch {
throw "Unable to connect to target: $($args[0]) `n$_"
}
results:
Username Group Machine
-------- ----- -------
{BLT\clepley, BLT\clepley_admin, BLT\Domain Admins, BLT\svr.blt.div.ss...} Administrators BLT-SS-WEB
BLT\clepley_admin Power Users BLT-SS-WEB

Seems like you're missing an inner loop in case the membership is greater than one:
Invoke-Command -ComputerName $Target -Credential $cred -HideComputerName -ScriptBlock {
foreach($group in $using:Groups) {
foreach($member in Get-LocalGroupMember -Name $group) {
[pscustomobject]#{
Machine = $env:COMPUTERNAME
Group = $group
Member = $member.Name
ObjectClass = $member.ObjectClass
}
}
}
}
However note, there is no error handling here, hence, this assumes the Power Users Group exists in the remote computers.
It's also worth noting the use of the $using: scope modifier, which allows you to access the local variable $Groups in the remote scope.

Related

Adding a success or fail message to a script

I have the below very simple script that changes hostname and workgroup to multiple pcs. I want to add to that script a success or fail message but I can't find a way to do that. Can someone help?
$cred = Get-Credential domain\user
$computers = Import-Csv "C:\12.txt" -Header Oldname,Newname
foreach ($name in $computers) {
Add-computer -computername $name.Oldname -workgroupname workgroup -newname $name.Newname -credential $cred -restart -force
}
Append switch -PassThru to the Add-Computer cmdlet.
Normally, this cmdlet does not output anything, but with the PassThru switch, it will return a
ComputerChangeInfo
object from which you can check the .HasSucceeded property.
$cred = Get-Credential domain\user
$computers = Import-Csv -Path "C:\12.txt" -Header Oldname,Newname
foreach ($name in $computers) {
# use splatting on cmdlets that take a lot of parameters
$params = #{
Computername = $name.Oldname
WorkgroupName = $workgroup
NewName = $name.Newname
Credential = $cred
Restart = $true
Force = $true
PassThru = $true
}
try {
$machine = Add-Computer #params -ErrorAction Stop
if ($machine.HasSucceeded) {
Write-Host "Successfully added computer '$($machine.ComputerName)'" -ForegroundColor Green
}
else {
Write-Host "Adding computer '$($machine.ComputerName)' failed!" -ForegroundColor red
}
}
catch {
Write-Warning "Error adding computer $($name.Oldname):`r`n$($_.Exception.Message)"
}
}
You can also experiment with adding switch -Verbose to get more detailed information returned from Add-Computer

Remotely registry path controlling via powershell

My conditions are :
if NeedReboot key is exist then result will be Pending reboot
if NeedReboot key is not exist then result will be NO Pending reboot
My desired output :
Computername,Rebootrequired
Host01,Pending reboot
Host02,NO Pending reboot
Script :
$allComputers = Get-Content '.\path\to\computers.txt'
$domainCred = Get-Credential -UserName "domain01\admin01" -Message "Please enter the DOMAIN password"
$Results = foreach($computer in $allComputers) {
$cred = $domainCred
try {
$VmTools = Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock {
Test-Path -Path "HKLM:\SOFTWARE\VMware, Inc.\NeedReboot\"
} -ErrorAction Stop
[PsCustomObject]#{ ComputerName = $computer; RebootRequired = ([int]$VmTools -eq "True") }
}
}
$Results | Format-Table -AutoSize
$Results | Export-Csv -Path 'c:\temp\vmtools.csv' -NoTypeInformation -UseCulture
Try removing the final backslash after the registry path.
Then, Test-Path just returns $true or $false, so converting that to [int] and comparing to the string "True" makes no sense..
Try
[PsCustomObject]#{
ComputerName = $computer
RebootRequired = if($VmTools) {"Pending Reboot") } else {"NO Pending Reboot"}
}
The code is also missing a catch{..} block that should accompany the try {..} block. Something like:
catch {
[PsCustomObject]#{
ComputerName = $computer
RebootRequired = "Error reading registry"
}
}

Local Admins report not showing domain groups

I'm trying to get the following script to export into a csv all of the local admins members and domain groups on a group of servers. It works fine to export the local admins, but I noticed that it doesn't export domain groups (ie: I have a Domain Admins group that's in the local administrators group and it doesn't show in the csv).
This is the code I have, any help would be appreciated:
param(
[parameter(Position=0,ValueFromPipeline=$true)]
$ComputerName=[Net.Dns]::GetHostName(),
[System.Management.Automation.PSCredential] $Credential,
[UInt32] $BlockSize=50
)
begin {
$WMIEnumOpts = new-object System.Management.EnumerationOptions
$WMIEnumOpts.BlockSize = $BlockSize
function Get-LocalAdminGroupMember {
param(
[String] $computerName,
[System.Management.Automation.PSCredential] $credential
)
$params = #{
"Class" = "Win32_Group"
"ComputerName" = $computerName
"Filter" = "LocalAccount=TRUE and SID='S-1-5-32-544'"
}
if ( $credential ) {
if ( $computerName -eq [Net.Dns]::GetHostName() ) {
Write-Warning "The -Credential parameter is ignored for the current computer."
}
else {
$params.Add("Credential", $credential)
}
}
Get-WmiObject #params | ForEach-Object {
$groupName = $_.Name
$_.GetRelated("Win32_Account","Win32_GroupUser","","",
"PartComponent","GroupComponent",$false,$WMIEnumOpts) | Select-Object `
#{Name="ComputerName"; Expression={$_.__SERVER}},
#{Name="Name"; Expression={$groupName}},
#{Name="Member"; Expression={$_.Caption -replace "^$($_.__SERVER)\\", ""}},
#{Name="Type"; Expression={$_.__CLASS}}
}
}
}
process {
$Filename = PATH HERE
$OutFileName = "C:\temp\admins.csv"
Get-Content $Filename | Foreach-Object {Get-LocalAdminGroupMember -computerName $_ | Select-Object * | Export-csv -NoType $OutFileName -Append}
Ah, the joys of trying to access network resources from a remote computer. You're going to lose anything that's a domain account doing what you're doing. It's jut how it works. The good news is that there's still a way to get the info you want, and you can even use Get-WmiObject to do it if you want. If you have not renamed the Administrators group (because really, who does that?), you can do this easily, but if you did and you have to look for the group by SID like you are above then you'll have to query the remote server like you are, and make adjustments with the query below with the modified name that you get back. Here's what I'd recommend doing, using the Win32_GroupUser class instead:
Get-WmiObject -ComputerName $Server -Query "SELECT * FROM win32_GroupUser WHERE GroupComponent = ""Win32_Group.Domain='$computerName',Name='Administrators'"""
To put it in place of what you have for your function, it could look something like this:
function Get-LocalAdminGroupMember {
param(
[String] $computerName,
[System.Management.Automation.PSCredential] $credential
)
$params = #{
"ComputerName" = $computerName
"Query" = "SELECT * FROM win32_GroupUser WHERE GroupComponent = ""Win32_Group.Domain='$computerName',Name='Administrators'"""
}
if ( $credential ) {
if ( $computerName -eq [Net.Dns]::GetHostName() ) {
Write-Warning "The -Credential parameter is ignored for the current computer."
}
else {
$params.Add("Credential", $credential)
}
}
Get-WmiObject #params |
Where{$_.PartComponent -match ':(.+?)\.Domain="(.+?)",Name="(.+?)"'}|
ForEach{
[PSCustomObject]#{
"ComputerName"=$computerName
"Name"='Administrators'
"Member"=$Matches[2..3] -join '\' -replace "^$computerName\\"
"Type"=$Matches[1]
}
}
}

Powershell - Passing multiple arraylists to Invoke-Command block

I am trying to write a powershell script that will tell me if a computer in my network is on or off, and if it is on, if there is anyone logged in. Currently I have:
# Create some empty arraylists
$availablecomputers = New-Object System.Collections.ArrayList
$unavailablecomputers = New-Object System.Collections.ArrayList
$usersloggedon = New-Object System.Collections.ArrayList
#Check connectivity for each machine via Test-WSMan
foreach ($computer in $restartcomputerlist)
{
try
{
Test-WSMan -ComputerName $computer -ErrorAction Stop |out-null
Invoke-Command `
-ComputerName $computer `
-ScriptBlock `
{
if
((Get-WmiObject win32_computersystem).username -like "AD\*")
{
$args[0] += $computer
}
else
{
$args[1] += $computer
}
} `
-ArgumentList (,$usersloggedon), (,$availablecomputers)
}
catch
{
$unavailablecomputers += $computer
}
}
So far, if the computer is not on, it works correctly. However, if it is on, $computer won't be added to $usersloggedon or $availablecomputers. Any help would be appreciated.
#Mathias is correct; variables you pass into the scriptblock are passed by value (serialized), not by reference, so you can't update them and change the original object.
To return values from the scriptblock, use Write-Object or just simply "use" the value (Write-Object $env:COMPUTERNAME is the same as just doing $env:COMPUTERNAME).
For your specific situation, consider returning an object that contains the information you want:
$computers = #()
#Check connectivity for each machine via Test-WSMan
foreach ($computer in $restartcomputerlist)
{
try
{
Test-WSMan -ComputerName $computer -ErrorAction Stop |out-null
$computers += Invoke-Command -ComputerName $computer -ScriptBlock {
$props = #{
Name = $env:COMPUTERNAME
Available = $true
UsersLoggedOn = ((Get-WmiObject win32_computersystem).username -like "AD\*")
}
New-Object PSObject -Property $props
}
}
catch
{
$props = #{
Name = $computer
Available = $false
UsersLoggedOn = $false
}
$computers += New-Object PSObject -Property $props
}
}
$computers # You can now use this with Select-Object, Sort-Object, Format-* etc.

Check with powershell if service is installed on multiple computers

I'm looking for help with my script again :)
I have a script that will query list of servers to find if specific service is installed. This works fine. However, I know that there are some servers in my list that I don't have access to, or there are different credentials. How do I make this visible in output? Because I only get output that service is not installed, which is not true, I just don't have correct credentials.
$name = "BESClient"
$servers = Get-content C:\list.txt
function Confirm-WindowsServiceExists($name)
{
if (Get-Service -Name $name -Computername $server -ErrorAction Continue)
{
Write-Host "$name Exists on $server"
return $true
}
Write-Host "$name does not exist on $server"
return $false
}
ForEach ($server in $servers) {Confirm-WindowsServiceExists($name)}
Also, I'd like to have output formatted into the one line, e.g.:
Server1 Service running
Server2 Service not installed
Server3 no access
etc...
Thanks a lot for any help.
Here's an option which just displays the content of the error on failure:
function Confirm-WindowsServiceExists($name)
{
if (Get-Service -Name $name -Computername $server -ErrorAction SilentlyContinue -ErrorVariable WindowsServiceExistsError)
{
Write-Host "$name Exists on $server"
return $true
}
if ($WindowsServiceExistsError)
{
Write-Host "$server" $WindowsServiceExistsError[0].exception.message
}
return $false
}
As for the second part of the question #arco444 has described the correct approach.
Here's a WMI solution. Any errors you get from attempting to connect to remote computers will be caught with the try/catch blocks. The result of each operation will be stored to a custom object and added to the array that holds the results of all the operations.
$result = #()
$name = "BESClient"
$servers = Get-Content C:\list.txt
$cred = Get-Credential
foreach($server in $servers) {
Try {
$s = gwmi win32_service -computername $server -credential $cred -ErrorAction Stop | ? { $_.name -eq $name }
$o = New-Object PSObject -Property #{ server=$server; status=$s.state }
$result += ,$o
}
Catch {
$o = New-Object PSObject -Property #{ server=$server; status=$_.Exception.message }
$result += ,$o
}
}
$result | Format-Table -AutoSize
You should end up with something like this:
server state
------ -----
s1 running
s4 stopped
s2 The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)