Update definition of SCEP on windows servers using powershell - powershell

i am trying to update the definition of SCEP on remote Windows Servers using MpCmdRun.exe which exists under "C:\ProgramData\Microsoft\Windows Defender\platform\*\MpCmdRun.exe. Unfortunately it is not accepting -filepath. says its null or empty. below is my code
$comp = "SRV1234"
$MpCmdRun = invoke-Command -ComputerName $comp -ScriptBlock {get-item -Path "C:\ProgramData\Microsoft\Windows Defender\platform\\*\MpCmdRun.exe" | Sort-Object -Property LastWriteTime -Descending |Select-Object -ExpandProperty fullname -First 1}
invoke-Command -ComputerName $comp -ScriptBlock {Start-Process -FilePath $MpCmdRun -ArgumentList "-signatureUpdate" -Wait}
Below is the error:
Cannot validate argument on parameter 'FilePath'. The argument is null
or empty. Provide an argument that is not null or empty, and then try
the command again.
+ CategoryInfo : InvalidData: (:) [Start-Process], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.StartProcessCommand

Related

PowerShell script to get logged in user

I am looking to run a script on a remote machine using an automation tool that runs the scripts in the system context.
What I have so far:
$userId = Get-Process -IncludeUserName explorer | % username | sort Username -Unique
Write-Host $userid.ToLower()
Results:
Get-Process : A parameter cannot be found that matches parameter name
'IncludeUserName'.
At line:1 char:39
+ $userId = Get-Process -IncludeUserName <<<< explorer | % username | sort Username -Unique
+ CategoryInfo : InvalidArgument: (:) [Get-Process], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.GetProcessCommand
ToLower : You cannot call a method on a null-valued expression.
At line:2 char:27
+ Write-Host $userid.ToLower <<<< ()
+ CategoryInfo : InvalidOperation: (ToLower:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Any ideas how to help this script? Or the cause of the errors?
The error says it all; the switch -IncludeUserName is not available on your computer. That's because it requires PowerShell 4.0 or above like Ansgar mentioned.
One solution is to install the latest Windows Mangement Framework (WMF) which includes the latest version of PowerShell.
You can also use the WMI-class Win32_Process to get the user and/or domain by calling the object's GetOwner()-method. Ex:
Get-WmiObject -Class Win32_Process -Filter "Name = 'explorer.exe'" |
ForEach-Object { $_.GetOwner() | % { "$($_.Domain)\$($_.User)" } } |
Sort-Object -Unique
the following script might help you. I'm not completely certain if the invoked command will get the remote logged in user, because I'm not on a work computer right now but it came from the internet so it must be true.
$Computers = (Get-Content "\\<sharedrive\<directory>\Computers.txt)
Foreach ($Computer in $Computers){ `
Invoke-Command -ComputerName $Computer -ScriptBlock `
{Get-WMIObject -Class Win32_ComputerSystem).Username} `
}

Connect remote server and execute script

I'm trying to connect a remote server and stop a process on it using this PowerShell command
Invoke-Command -ComputerName \\srvwebui3 -ScriptBlock {
Get-Process | Where-Object {
$_.Path -like "\\abd\net$\abd\versions\Bin\HttpServer.exe"
} | Stop-Process
}
but I got this error message after executing it:
Invoke-Command : One or more computer names is not valid. If you are trying to
pass a Uri, use the -ConnectionUri parameter or pass Uri objects instead of
strings.
At C:\powerShell\stop-process.ps1:4 char:15
+ Invoke-Command <<<< -ComputerName \\srvwebui3 -ScriptBlock { Get-Process | Where-Object {$_.Path -like "\\gaia\netlims$\Autolims\MainRls\Bin\HttpServer.exe"} | Stop-Process }
+ CategoryInfo : InvalidArgument: (System.String[]:String[]) [Invoke-Command], ArgumentException
+ FullyQualifiedErrorId : PSSessionInvalidComputerName,Microsoft.PowerShell.Commands.InvokeCommandCommand
Here a PowerShell code that worked:
Invoke-Command -ComputerName <computerName> -ScriptBlock {
Get-Process | Where-Object {
$_.Path -like \\bbb\abab$\bs\MainRls\Bin\HttpServer.exe"
} |
Stop-Process -Force
}

PowerShell - Error in path while Set-FsrmQuota

I'm trying to make a script that changes the quota of a specific directory on a remote server. For that I'm using the following code ($Quota and $chosen_username enter as parameters):
$prefix_path = "C:\Shares\Users\";
$path = $prefix_path + $chosen_username;
if($Quota){
invoke-command -computername $servername {Set-FsrmQuota -path $path -Size $Quota+"GB"}
}
if((invoke-command -computername $servername {Get-FsrmQuota -path $path} | select #{n='QuotaSize'; e={$_.Size / 1gb -as [int]}}).QuotaSize -eq $Quota){
return "Success."
} else {
return "Failed."
}
And it is giving me this error:
Cannot bind argument to parameter 'Path' because it is an empty string.
+ CategoryInfo : InvalidData: (:) [Set-FsrmQuota], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Set-FsrmQuota
+ PSComputerName : ServerName
I've done debug and the value of $path is correct.
When using invoke-command on a remote computer, the local variables are unknown for the remote host, so you have to use either:
the using prefix for PS >= 3
invoke-command -computername $servername {Set-FsrmQuota -path $using:path -Size $using:Quota+"GB"}
the argumentlist parameter for PS < 3
invoke-command -computername $servername {Set-FsrmQuota -path $args[0] -Size $args[1]+"GB"} -argumentlist $path,$quota

Unable to delete certain files and folders using Powershell

I need to create a script that clears the Lync cache on remote machines. To do so I need to close Outlook and Lync if they are open, and then clear out two folders whilst deleting another. Here is what I have so far:
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
$computer = [Microsoft.VisualBasic.Interaction]::InputBox("Which computer do you wish to clear the Lync cache for?", "Computer", "$env:computername")
$username = Get-WMIObject -class Win32_ComputerSystem -ComputerName $computer | select username
$RSA = "C$\Users\$username\AppData\Roaming\Microsoft\Crypto\RSA"
$Tracing = "C$\Users\$username\AppData\Local\Microsoft\Office\15.0\Lync\Tracing"
$SIP = "C$\Users\$username\AppData\Local\Microsoft\Office\15.0\Lync"
(Get-WmiObject Win32_Process -ComputerName $computer | ?{ $_.ProcessName -match "Outlook" }).Terminate()
(Get-WmiObject Win32_Process -ComputerName $computer | ?{ $_.ProcessName -match "Lync" }).Terminate()
(Get-WmiObject Win32_Process -ComputerName $computer | ?{ $_.ProcessName -match "Communicator" }).Terminate()
start-sleep -s 3
Get-ChildItem -path \\$computer\$RSA -include * | Remove-Item -recurse -force
Get-ChildItem -path \\$computer\$Tracing -include * | Remove-Item -recurse
Remove-Item -path \\$computer\$SIP\*sip* -recurse -force
The script closes the programs as required, but it doesn't appear to do anything with the folders. The only errors I get are below:
You cannot call a method on a null-valued expression.
At C:\Users\*myusername*\Desktop\Personal Powershell scripts\Clear Lync cache.ps1:10 char:1
+ (Get-WmiObject Win32_Process -ComputerName $computer | ?{ $_.ProcessName -match ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At C:\Users\*myusername*\Desktop\Personal Powershell scripts\Clear Lync cache.ps1:11 char:1
+ (Get-WmiObject Win32_Process -ComputerName $computer | ?{ $_.ProcessName -match ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At C:\Users\*myusername*\Desktop\Personal Powershell scripts\Clear Lync cache.ps1:12 char:1
+ (Get-WmiObject Win32_Process -ComputerName $computer | ?{ $_.ProcessName -match ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
ISE is open as admin. I have admin rights to the domain as well as the folders in question. Can anyone see where I'm going wrong?

PowerShell Path Parameter Invoke-Command (UnauthorizedAccessException)

When running this simple script I am receiving the error message:
+ CategoryInfo : OpenError: (:) [Import-Csv], UnauthorizedAccessException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.ImportCsvCommand
Param(
[string]$Path,
[string]$Credential
)
Invoke-Command –cn DC –Credential $Credential -ArgumentList $Path –ScriptBlock `
{import-csv -Path $args[0] | select-object –property `
#{name='Identity';expression={$_.username}},#{name='Fax';expression={$_.'fax number'}} `
| foreach{Set-ADUser -Identity $_.identity -Fax $_.fax -Confirm:$false}}
Any idea why this may be happening? I have correct permissions the the path that I am using.
I found the issue and it was because I was not including the CSV file in my path. I was pointing to C:\Files\CSV instead of C:\Files\CSV\fax-users.csv.