Powershell to change RDWEB certificates remotely - powershell

About to give up on this and connect locally to each system and run the commands but thought it wise to ask the smart people first.
With my credentials locally this works:
Set-Variable -Name "CBROKE" -Value "vmname01.amgsvcs.net"
Set-Variable -Name "CERTPASS" -Value "wHQTD3w6s"
Set-Variable -Name "CERTPATH" -Value "N:\CERTS\vmname01.domain.com.pfx"
Import-Module RemoteDesktop
$Password = ConvertTo-SecureString -String $CERTPASS -AsPlainText -Force
Set-RDCertificate -Role RDWebAccess -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDPublishing -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDRedirector -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDGateway -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
If I try to do this remotely with my same domain admin account using
Enter-PSSession -ComputerName vmname01
I get this in response to each Set-RDCertificate:
Get-RDServer : The RD Connection Broker server is not available. Verify that you can connect to the RD Connection
Broker server.
At C:\windows\system32\WindowsPowerShell\v1.0\Modules\RemoteDesktop\Certificate.psm1:309 char:22
+ ... webaccess = Get-RDServer -ConnectionBroker $ConnectionBroker -Role #( ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RDServer
Set-RDCertificate : Deployment does not contain an RD Web Access server.
At line:1 char:1
+ Set-RDCertificate -Role RDWebAccess -ImportPath $CERTPATH -Password $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-RDCertificate
I have used the checks from this page https://stackoverflow.com/questions/65022178/run-invoke-command-in-remote-computer-as-administrator and they all return true that the remote console is elevated.

I realized that these commands don't have to be run locally, they are in effect domain/network type commands and can be run from any machine.

Related

I want to store encrypted credentials and use them to open a powershell instance and run a script that makes a change to a field in AD

Below is my code, I've used the same process for connecting to sftp securely. I'm getting the error at the bottom of my post. Not sure if I'm missing a step in the creation of the key and password. Thanks.
#Set the credentials
$Password = Get-Content "c:\password.txt" |
ConvertTo-SecureString -Key (Get-Content "c:\aes.key")
$Credential = New-Object System.Management.Automation.PSCredential ('serviceaccount', $Password)
# Start a new instance of Windows PowerShell using the credentials
# stored in $Credential and run the script in $scriptblock
$powershellPath = "$env:windir\system32\windowspowershell\v1.0\powershell.exe"
$process = Start-Process $powershellPath -Credential $Credential -NoNewWindow `
-ArgumentList ("-ExecutionPolicy Bypass -noninteractive -noprofile " + $scriptBlock) -PassThru
# Script to execute in the new PowerShell instance
$scriptBlock = {
Import-Module ActiveDirectory
Get-ADUser ecarlsson | Set-ADUser -Manager bbob
Read-Host
}
I tried the code above and go the password error below.
Start-Process : This command cannot be run due to the error: The user name or password is incorrect.
At\filepath \\fV3.ps1:7 char:12
+ $process = Start-Process $powershellPath -Credential $Credential -NoN ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Excute Shell Script remotely to Azure Linux VM

i'am trying to excute a shell script to an azure linux virtual machine using powershell
Why I'm i using powershell? :
The virtual machine has a Copied VHD from storage account which means it doesn't have Azure VM agent
so i can't use :
azure vm extentions
azure vm Runs
i tried also using an automation runbook with the ssh module and got those errors :
Exception calling "Connect" with "0" argument(s): "Server HMAC algorithm not found" At C:\Modules\User\SSH\SSH.psm1:68 char:5 + $SSHConnection.Connect() + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SshConnectionException
and
Exception calling "RunCommand" with "1" argument(s): "Client not connected." At C:\Modules\User\SSH\SSH.psm1:69 char:5 + $ResultObject = $SSHConnection.RunCommand($ScriptBlock.ToString() ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SshConnectionException
which is based on my understanding caused by the vm that is missing KexAlgorithms to describe which methods are supported by the SSH daemon
What i'm trying to do now is to ssh into the vm and excute the command using powershell
here is what i got now (a Powershell scripot to ssh into the vm and excute a command):
$Password = "pwd"
$User = "pwd"
$ComputerName = "ip adress"
$Command = "touch tst.txt"
$secpasswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential($User, $secpasswd)
echo 'logging...'
$SessionID = New-SSHSession -ComputerName $ComputerName -Credential $Credentials #Connect Over SSH
echo 'Executing...'
$output = (Invoke-SSHCommand -Index $SessionID -Command $Command).Output
Remove-SSHSession -Name $SessionID | Out-Null
im getting this error :
Invoke-SshCommand : A parameter cannot be found that matches parameter name 'Index'.
At C:\Users\octoadmin\Desktop\sign in.ps1:11 char:30
+ $output = (Invoke-SSHCommand -Index $SessionID -Command $Command).Out ...
+ ~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Invoke-SshCommand], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Invoke-SshCommand
i looked in the internet but couldn't find anything.
apparently the ssh invoke command can't find a session with the index $SessionID
but i don't know where exactly is the problem
hope someone can guide me to the right direction.
Updating Posh-SSH worked for me with this code :
to install Posh-SSH :
Install-Module -Name Posh-SSH -RequiredVersion 2.1
The Script:
$Command = "fetch $scripturl; sh script.sh"
$secpasswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential($User, $secpasswd)
$ComputerName = Get-AzPublicIpAddress -ResourceGroupName $RG -Name $IPName | Select-Object -ExpandProperty ipAddress
echo 'ip is : '
echo $ComputerName
echo 'logging...'
$SessionID = New-SSHSession -ComputerName $ComputerName -AcceptKey -Credential $Credentials
echo 'Exucuting...'
$Query = (Invoke-SshCommand -SSHSession $SessionID -Command $Command).Output
echo $Query
Remove-SSHSession -Name $SessionID | Out-Null

How can I make the password work with DellBiosProvider?

I have a problem on powershell with the DELLBiosProvider The password does not work?
But when I put a numeric password, it passes without problem.
$PSDefaultParameterValues['*:Encoding'] = 'utf8'
[string]$pass2= 'K4P9R1'
$id = $pass2.ToUpper()
Set-Item –Path DellSmbios:\SystemConfiguration\IntegratedAudio "Disbled" -Verose -Password $id
Set-Item –Path DellSmbios:\SystemConfiguration\Microphone "Disabled" -Verbose -Password $id
Set-Item –Path DellSmbios:\SystemConfiguration\InternalSpeaker "Disabled" -Verbose -Password $id
exit 0
RESULT:
Set-Item : Incorrect password provided!
Au caractère Ligne:6 : 1
+ Set-Item –Path DellSmbios:\SystemConfiguration\InternalSpeaker "Disab ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (DellSmbios:\Sys...InternalSpeaker:String) [Set-Item], InvalidOperationException
+ FullyQualifiedErrorId : SMBIOSWriteFailed,Microsoft.PowerShell.Commands.SetItemCommand
But with capital letters, it does not work.
Can you tell me more.
By simplifying the code always the same error.
PS C:\Users\Administrateur\Documents> $PSDefaultParameterValues['*:Encoding'] = 'utf8'
[string]$pass2= 'K4P9R1'
Set-Item –Path DellSmbios:\SystemConfiguration\IntegratedAudio "Disabled" -Verbose -Password $pass2
Set-Item –Path DellSmbios:\SystemConfiguration\Microphone "Disabled" -Verbose -Password $pass2
Set-Item –Path DellSmbios:\SystemConfiguration\InternalSpeaker "Disabled" -Verbose -Password $pass2
COMMENTAIRES : Performing the operation Set-Item on target "Name: DellSmbios:\SystemConfiguration\IntegratedAudio Value: Disabled".
COMMENTAIRES : Value being set using PLDM Interface
COMMENTAIRES : Password type 'Admin' (Setup) is set.
Set-Item : Incorrect password provided!
Au caractère Ligne:3 : 1
+ Set-Item –Path DellSmbios:\SystemConfiguration\IntegratedAudio "Disab ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (DellSmbios:\Sys...IntegratedAudio:String) [Set-Item], InvalidOperationException
+ FullyQualifiedErrorId : SMBIOSWriteFailed,Microsoft.PowerShell.Commands.SetItemCommand
Thanks
I found the answer to my password problem. It was that the BIOS is in QWERTY all simply.
Thanks

getting "[Connect-MsolService], HttpRequestException" with a service account

I have an issue when connecting to MSonline using a service account to run scheduled tasks
When running the following lines under my admin account, it connects fine but if I run it under a service account (srv_scheduler), it fails
#Load MSOL Module
Import-Module -Name MSOnline
# Define variables.
$usr = "srv_m365_read#xxxxxx.com"
$pwd = ConvertTo-SecureString 'xxxxxx' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PsCredential $usr,$pwd
#Load MSOL Module
Connect-MsolService -cred $cred
Connect-MsolService : An error occurred while sending the request.
At line:1 char:1
+ Connect-MsolService -cred $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], HttpRequestException
+ FullyQualifiedErrorId : System.Net.Http.HttpRequestException,Microsoft.Online.Administration.Automation.ConnectMsolService
The service account has MFA disabled. What am I missing ?
Thanks.
Gaetan

How to create registry on multiple remote machine

I'm creating a registry key on remote machine with below code:
$basePath="C:\Users\<User>\Desktop\Script\"
$remoteMachineName = $basePath + "server.txt"
$arrServer=(Get-Content $remoteMachineName)
$remoteUserPassword = Get-Content "C:\Users\<UserName>\Desktop\Script\pass.txt"
ConvertTo-SecureString -AsPlainText -Force -String $password
$credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "UserName"
Enter-PSSession -ComputerName $server -Credential $credentials
New-ItemProperty -Name "myReg" -Value "ABC" -PropertyType "String" -Path "HKLM:\SOFTWARE\Usertest"
But it creates registry key on my local machine however I want it on remote machine giving below error :
New-ItemProperty : The property already exists.
At C:\Users\<User>\Desktop\Script\Untitled4.ps1:14 char:1
+ New-ItemProperty -Name "myReg" -Value "ABC" -PropertyType " ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceExists: (HKLM:\SOFTWARE\Usertest\:String) [New-ItemProperty], IOException
+ FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.NewItemPropertyCommand
But when I run command Enter-PSSession and New-ItemProperty separately it works but I want to run both the commands simultaneously.
Please Help me to create registry Key on remote machine.
Just use the Invoke-Command cmdlet:
# ...
Invoke-Command -cn $server -cred $credentials {
New-ItemProperty -Name "myReg" -Value "ABC" -PropertyType "String" -Path "HKLM:\SOFTWARE\Usertest" -Force
}