What could be the reason for the NT AUTHORITY\NETWORK SERVICE doesn't appear to me in english ?
I was having some issues while running some powershell scripts that was searching by the english name. I was only able to find out by the sid. I'm having some problems installing some certificates and I believe that is the reason.
$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-20")
$objSID
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value
this returns to me NT AUTHORITY\Serviço de rede (network service in Portuguese)
How can I change that to English ?
Thanks in advance,
Manuel
The NETWORK_SERVICE account name is localized using OS settings. You can change it by changing Windows to use English localization settings.
This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function.
Your solution, lookup by SID, is the way to go.
Related
Been able to do it against Microsoft.PowerShell (5.1), but today I hit a known issue on 5.1 with remote Copy-Item so I installed PowerShell 7 on the remote server (checking "Enable Remoting" in the installer) and am trying to get it working.
$securePassword = ConvertTo-SecureString -AsPlainText -Force -String $Password
$credential = New-Object -TypeName system.management.automation.pscredential -ArgumentList $Username, $securePassword
$session = New-PSSession $targetMachineHostName -Credential $credential -ConfigurationName "Microsoft.PowerShell"
Enter-PSSession $session
Above works. But if I change ConfigurationName to "PowerShell.7.1.0" I get:
[myserver.com.au] Connecting to remote server myserver.com.au failed with
| the following error message : <f:WSManFault
| xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2689860592"
| Machine="myserver.com.au"><f:Message><f:ProviderFault provider="PowerShell.7.1.0"
| path="C:\Windows\system32\PowerShell\7.1.0\pwrshplugin.dll"></f:ProviderFault></f:Message></f:WSManFault> For more information, see the about_Remote_Troubleshooting Help topic.
On the remote server I've run enable ps remoting in a 7.1 powershell so if I run Get-PSSessionConfiguration it returns a bunch of configurations, including the following:
Name : PowerShell.7.1.0
PSVersion : 7.1
StartupScript :
RunAsUser :
Permission : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote
Management Users AccessAllowed
The dll the error refers to exists on the machine.
The user credentials I'm using are for a Local User on the remote machine that isn't an Administrator, but belongs to the Remote Management Users group.
Also worth noting from the remote machine itself (as a different Adminstrator local account, I can start a session to localhost).
After making the user an Administrator I was able to connect, but I'd gone to great lengths earlier to make non-Adminstrator possible on 5.1.
Out of interest, I tried giving the user Full Control to C:\Windows\system32\PowerShell\7.1.0 and then I could connect...
Still would love to know what's going on though and whether I'm doing the right thing or minimum permissions required.
It seems like the minimum security permissions to the folder are:
Read & Execute
List folder contents
Read
Write
Write is bizarre, but without it I get that error. I've assigned those permissions to the "Remote Management Users" group.
Docs here touch a little bit on v5.1 vs v7, and then link to here mentioning an install script so maybe something has fallen through the cracks.
I was getting the same error. I installed PowerShell 7 from Microsoft Store and then ran Enable-PSRemoting. I got this error so I uninstalled it and reinstalled it from WinGet which uses the MSI. That didn't work either. I tried running Enable-PSRemoting again, but nothing changed.
I ran Install-PowerShellRemoting.ps1 and it gave me two errors about things already existing and did not fix the problem. However, I was able to resolve the problem by doing the following:
Delete the PowerShell 7 plugins: Remove-Item 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\PowerShell.7','HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\PowerShell.7.1.1'.
Run Install-PowerShellRemoting.ps1 again.
I'm not sure what the difference was, but deleting and allowing the script to generate it again fixed it for me.
I am working on a Powershell script to create new SharePoint sites using the Pattern and Practices libraries. I need to change the locale and add an alternative language to "Classic Team" sites.
Is this possible with the PnP library?
Thanks.
You can use the get-pnpcontext cmdlet. So to add e.g. German (LCID 1031) to your sharepoint site you can use:
$Context = Get-PnPContext
$Web = $Context.Web
$Context.Load($Web)
Invoke-PnPQuery
$Web.IsMultilingual = $true
$Web.AddSupportedUILanguage(1031)
$Web.Update()
Invoke-PnPQuery
Windows 7, PowerShell 4.0. Computer is in the Windows domain.
I need to get SMTP server name (for using of the send-mailmessage cmdlet). The $PSEmailServer is empty.
I read this TechNet page about the Get-AcceptedDomain cmdlet. But I see this (on the TechNet page):
This cmdlet is available in on-premises Exchange Server 2016 and in
the cloud-based service.
How can I get SMTP server name or its IP-address?
If properly defined, the SMTP server address, either host name or IP, can be set through the SCP record in AD or Autodiscover DNS record of Exchange Server. There is a Powershell solution for querying SCP but Autodiscover solution is shorter, so I'll go on with it.
This works on Exchange Server 2010 and later. It should work with Exchange Server 2007 also but personally I have never used it.
You can get the host name;
$MailServer = [Net.DNS]::GetHostByAddress([Net.DNS]::GetHostEntry("Autodiscover").AddressList[0]).Hostname
or IP address (as string);
$MailServer = [Net.DNS]::GetHostByAddress([Net.DNS]::GetHostEntry("Autodiscover").AddressList[0]).AddressList[0].IPAddressToString
Since the GetHostByAddress(string) returns an instance of class System.Net.IPHostEntry, you can have some properties to make use of. For details, please read Microsoft Docs.
PS: I know, that's not the best practice to use the index of integers for values, but AddressList is an array of strings. So it does not define a method such as FirstOrDefault() or a property like DefaultAddress. So far, that is the most optimal and practical solution AFAIK.
Assuming the computer is member of a domain with Exchange deployed, and you want to use Exchange as STMP relay for send-mailmessage, you could ask the exchange configuration in the AD Configuration Context:
import-module activedirectory
$ag = "Exchange Administrative Group (ABCDEFGHIJKLM)" #enter your EAD
$c = "Acme" # Enter your company name (get this form ADSIEdit if unknown)
$sb = ("CN=Servers,CN=" + $ag + ",CN=Administrative Groups,CN=" + $c + ",CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=staff,DC=hsrw")
$server = Get-ADObject -Properties cn, msExchSMTPReceiveConnectorFQDN, msExchSmtpReceiveBindings, msExchSMTPReceiveInboundSecurityFlag -SearchBase $sb -filter { objectClass -eq "msExchSmtpReceiveConnector"}
$server | ft cn, msExchSMTPReceiveConnectorFQDN, msExchSmtpReceiveBindings, msExchSMTPReceiveInboundSecurityFlag
This will spit out the hostnames and port bindings of every receive connector in your organisation. You then have to choose which one to use.
As I don't know how much Exchange knowledge you have, I will stop here. If something's unclear, just ask.
in my company we still have Exchange 2003 with a MS domain 2003. I also have some member servers 2008 and I would like to run some powershell scripts from this last server.
I need to create a user which have 3 different email addreses SMTP.
I run this code to create the user
New-ADUser -SamAccountName $adpsID -Name $fmbName -Description
$fmbName -DisplayName $fmbName -UserPrincipalName $adpsID
-EmailAddress $fmbNameEmail -AccountPassword (ConvertTo-SecureString -AsPlainText "!$%&DF45DFG_" -Force) -Enabled $true -PasswordNeverExpires $false -Path $pathFMB
and I tried this to add an extra email...
Set-Mailbox -identity $fmbName -EmailAddresses -Description
"SMTP:$($fmbNameEmail)#$($domainFQDN)"
I get the following error:
Set-Mailbox : The term 'Set-Mailbox' is not recognized as the name of
a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path
is correct and try again.
searching in google I found how to query the exchange 2003 usin WMI object but I couldnt find how to add mailboxes with WMI.
is it possible? is there any way to do so?
thanks a lot in advance.
Jose
The Exchange Management Shell was first introduced in Exchange 2007 so all the scripts you have for 2007,2010,2013 will not work on 2013 you will need to start from scratch.
On Exchange 2003 the Exchange API to use for Management is CDOEXM (important if you want to Mail-Enable objects) this is Com library you get when you install the exchange 2003 system management tools .Or you can modify the Directory objects directly using LDAP via ADSI. WMI on 2003 is useful if you want to access management information like Mailbox sizes or MessageTracking logs or you need to reconnect a disconnected Mailbox.
Cheers
Glen
I've installed PowerShell recently and one of the first things I started looking for was how to create a new user. After looking for some time I still haven't found this.
I have a little experience in bash on linux and find it very effective. Creating users there is trivial.
Is there an easy\built-in way to create a local user with PowerShell?
Thank you.
You can use the localhost's ADSI:
function create-account ([string]$accountName = "testuser") {
$hostname = hostname
$comp = [adsi] "WinNT://$hostname"
$user = $comp.Create("User", $accountName)
$user.SetPassword("Password1")
$user.SetInfo()
}
you can also use
net user /add
this command isn't limited to powershell.