We Keep Coding

Powershell and TPM how to manage bitlocker?

I am trying to script a powershell function manage-bde.exe (bitlocker) to add a key protector to systems without TPM. For some reason GPO is not working. I have not had any luck getting powershell to add the protector remotely. I can log on to the endpoint and use the built in wizard to encrypt and save the key to our repository but for some reason remote automated scripting eludes me. My question is really more of guidance. Can powershell only be used, to remotely manage systems with TPM? I have bitlocker enabled and encrypted on systems without but I have had to do it manually.
Start-Transcript -Path ".\bitlockertranscript.txt" -Force
foreach ($Computer in $List) {
if (test-Connection -ComputerName $Computer -Count 1 -Quiet ) {
Get-ADComputer -Identity $Computer -Property * | Select Name,OperatingSystem
Get-WmiObject -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm -computername $Computer | fl IsActivated_InitialValue, IsEnabled_InitialValue, IsOwned_InitialValue
$BitLocker = Get-WmiObject -ComputerName $Computer -Namespace Root\cimv2\Security\MicrosoftVolumeEncryption -Class Win32_EncryptableVolume
$id = $BitLocker.GetKeyProtectors(3).volumekeyprotectorid | Select -First 1
manage-bde.exe -cn $Computer -protectors -adbackup c:
manage-bde.exe -on C: -cn $Computer
Invoke-GPUpdate -Target $computer
} else
{"No Connection to $Computer"
}
}
Stop-Transcript

Unable to fetch IIS status from Remote server using Powershell

I am trying to fetch IIS status from remote server using powershell.
I have used command Get-Service but i don't recieve any output from this command.
Below is my code block.
$pass='pass'|ConvertTo-SecureString -AsPlainText -Force;
$Credentials = New-Object
System.Management.Automation.PsCredential("user",$pass);
$Service=invoke-command -computername "server" -credential $Credentials -
scriptblock {Get-Service|Where-Object Name -eq 'IISADMIN'}
if($Service.Status -eq 'Running')
{
write-host "IIS Running"
}
else
{
throw "IIS not running or Not installed"
}

I Checked your code and did not see any problem with it, Did you checked the service exists locally using Get-Service or Service Manager?
Anyway you don't have to use Invoke-Command for this, you can use the built in -ComputerName parameter of the Get-Service cmdlet,
And if you need to provide credentials, you can use WMI:
$Credential = New-Object System.Management.Automation.PsCredential($username, $encrypted)
$Service = Get-WmiObject -Class win32_service -ComputerName Server -Filter 'Name = "W3SVC"' -Credential $Credentials

Try using a WMI call instead, I have found it far more reliable when working with remote servers.
$Service = Get-WmiObject -Computername $computer -Credential $credentials Win32_service -ErrorAction Continue | Where {$_.Name -eq 'IISADMIN'}

How can I list the Startup Type of a serive running on a remote machine?

I'm trying to find out the startup type of a service running on a remote machine.
I've tried the below but it gives me the Start Mode rather than the Startup Type.
[cmdletbinding()]
param(
[string[]]$Service,
[switch]$Disabled,
[switch]$Automatic,
[switch]$Manual,
[string]$ComputerName = $env:ComputerName
)
foreach($Ser in $Service) {
try {
$Obj = Get-WmiObject -Class Win32_Service -Filter "Name='$Ser'"-ComputerName $ComputerName -ErrorAction Stop
$Obj | select Name, DisplayName, StartMode
} catch {
Write-Error " Failed to get the information. More details: $_"
}
}
.\Get-ServiceStartupType.ps1 –Service wscsvc –ComputerName Computername
The Service is "wscsvc" Security Center

If you use
Get-Service -name $ser -computername $computername | select-object Name,StartType
Instead of get-wmiobject. I've also used the pipeline instead of a variable to make the code a little cleaner.

You'll need to use Get-Service instead of Get-WmiObject:
$svc = Get-Service wscsvc
$svc.StartType
Used in your code like this:
$Obj = Get-Service $Ser -ComputerName $ComputerName -ErrorAction Stop
$Obj | select Name, DisplayName, StartType

PowerShell Script to Stop a service on multiple remote machines

I am trying to disable a service running on 250+ PCs. I would like to have a PowerShell script I can execute on a random PC in the network and let it disable a service on every PC I specify in an txt file. It's always the same service. The script should also ask for the credential of the PC that it is trying to connect to.
This is a Script to set DNS on every PC in computer.txt. It asks me for the "administrator" password for every PC.
function Set-DNSWINS {
#Get NICS via WMI
$remoteuser = get-credential $_\administrator
$NICs = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Credential $remoteuser -ComputerName $_ -Filter "IPEnabled=TRUE"
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Credential $remoteuser -ComputerName $_ -Filter "IPEnabled=TRUE"
foreach($NIC in $NICs) {
$DNSServers = "192.168.3.12","192.168.0.77"
$NIC.SetDNSServerSearchOrder($DNSServers)
$NIC.SetDynamicDNSRegistration("TRUE")
#$NIC.SetWINSServer("12.345.67.890", "12.345.67.891")
}
}
function Get-FileName {
$computer = Read-Host "Dateiname mit Computernamen"
return $computer
}
Get-Content computer.txt | ForEach-Object {Set-DNSWINS}

You can stop a service from the commandline using
net stop "servicename"
or in PowerShell
Stop-Service "serviceName"
There are probably better ways to automate this across multiple machines than your script.

Can use Set-Service to disable a service and Invoke-Command to run it remotely. Note you need to run Enable-PSRemoting on the remote computer and configure WSMAN to allow connecting to the remote PC:
function MyFunction{
$remoteuser = get-credential $_\administrator
$service = "MyService"
Invoke-Command -computer $_ -credential $remoteuser -scriptblock {
Stop-Service $service
Set-Service $service -startuptype Disabled
}
}
function Get-FileName {
$computer = Read-Host "Dateiname mit Computernamen"
return $computer
}
Get-Content computer.txt | ForEach-Object {MyFunction}

Combining Powershell Commands in a Foreach Loop

I'm pretty new to powershell, and am wondering why this isn't working. Basically, I have a foreach loop that checks if IIS is running and reports the OS version if so and writes this out to a file. However, it's not reporting correctly. It seems like it gets the values for the first item (IIS state and OS) and then populates it through the other items in my loop.
#Get List of Servers to Scan
$servers = (Get-Content e:\servers.txt)
#Determine if IIS is Running
foreach($server in $servers){
$iis = get-wmiobject Win32_Service -ComputerName $server -Filter "name='IISADMIN'";
if($iis.State -eq "Running")
{$OSVer= [environment]::OSVersion.Version}
Write-Host "$server,$IISRun,$OSVer" | Out-File -FilePath "E:\results.txt"
}
The Results:
Server1,true,5.2.3790.131072 <---- Correct
Server2,true,5.2.3790.131072 <---- Correct
Server3,true,5.2.3790.131072 <---- Wrong OS reported (windows 2008)
Server4,true,5.2.3790.131072 <---- Wrong OS reported (windows 2008)
Server5,true,5.2.3790.131072 <---- IIS isn't installed here at all
Server6,true,5.2.3790.131072 <---- IIS isn't installed here at all
Thanks for any advice...

[environment]::OSVersion.Version gets you your local OS version. Use Get-WmiObject Win32_OperatingSystem -ComputerName $server instead to get target computer's OS information, e.g.:
foreach ($server in $servers)
{
$iis = Get-WmiObject Win32_Service -ComputerName $server -Filter "name='IISADMIN'"
$os = Get-WmiObject Win32_OperatingSystem -ComputerName $server
$iisRunning = $iis.State -eq "Running"
$osVersion = $os.Version
Write-Host "$server, $iisRunning, $osVersion"
}