i'm absolutely beginner in power-shell scripting and windows automation.so any help would be appreciated.
i have access to a Azure-VM in my local pc at office. There are some tasks that i need to do daily on my local and VM machine. i am trying to automate these tasks with powershell.
At one step i need to copy some CSV files from my VM to local and this is where i'm stuck.
How do i connect to provided AzureVM from my local machine?(i'm not an admin for azure portal)
I have User-Name , Password & my VM name(****.cloudapp.net) to connect in Remote Desktop Connection. i want to know if i can connect to provided VM and copy some files if yes then how!
i have been searching for ways to connect but cant find any solution.
i have installed azure module for powershell, tried Get-AzureVM but this does not work. As i said earlier any help would be really appreciated. thanks
First, please check port 5985 is listening on Azure VM using
netstat -ano
Then you need to add an inbound rule to allow the port 5985 on the NSG associated with the Azure VM in the azure portal. For the error message
The WinRM client cannot process the request
you need to add the remote Azure VM to the local machine's TrustedHosts list by executing the following command in the commands prompt as an administrator:
winrm set winrm/config/client #{TrustedHosts="Azure VM public IP address"}
I can copy a file folder named test from Azure VM to a local folder named tesp with powershell commands as below:
$c = Get-Credential
$sess =New-PSSession -ComputerName ip address -Port 5985 -Credential $c
Copy-Item -FromSession $sess -Path d:\test -Destination c:\tesp -Recurse
More information about Powershell Remoting.
Related
Disclaimer: I am not a DevOps guy so please forgive any ignorance. I'm learning this stuff to expand my understanding.
I've enabled remote Powershell on a Windows Server 2019 instance in order to stop/start scheduled tasks during deployment of files from my build server (also Windows Server 2019).
I followed the below steps in an Administrator Powershell as the Adminstrator user on the remote server:
1. Enable RSRemoting.
2. Remove existing listener.
3. Create self-signed certificate and export to crt file.
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "<subdomain.domain.com>"
Create listener.
Create firewall rules to allow secure PSRemoting and disable unsecure connections.
Copy certificate to build server.
Import certificate on build server.
From the build server, I've tested the configuration using the following commands in Powershell:
$username = 'Administrator'
$pass = ConvertTo-SecureString -string '<password here>' -AsPlainText -Force
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
Invoke-Command -ComputerName <subdomain.domain.com> -UseSSL -ScriptBlock {whoami} -Credential $cred
Which responds nicely with win-<some stuff>\administrator. However, when I execute a remote Powersehll command from within a TeamCity build step, I get a big ugly Connecting to remote server <subdomain.domain.com> failed with the following error message : Access is denied..
The weird part is, this worked two days ago and I have several builds that were able to complete all remote operations. From this morning, it's just stopped working - poof!
If I fudge the credentials, I do get an incorrect username/password error so it is definitely reaching the server.
Another interesting find is that if I run
[bool](Test-WSMan)
on the remote server, I get True returned, but if I run the same command with -ComputerName <subdomain.domain.com> on the build server, I get
WinRM cannot complete the operation. Verify that the specified computer name is
valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits
access to remote computers within the same local subnet. returned.
Both the remote host and build server are logged on as the default Administrator.
Any ideas?
After more research and calling in a few favours, I was advised to tweak the TeamCity Build Agent and TeamCity Server services. These need to Log On As a User and not Local System. I can't explain how my previous settings worked. The Access is denied error I experienced has nothing to do with the Remote Powershell configuration mentioned above.
I want to build a script to change and/or set up BIOS password to HP workstations.
Script i run as follows:
C:\> $computers=Get-Content -Path c:\computers.txt
C:\> foreach ($computer in $computers) {
$passChange=Get-WmiObject -computername $computer -Namespace root/hp/instrumentedBIOS -Class HP_BIOSSettingInterface
$passChange.SetBIOSSetting('Setup Password','<utf-16/>MYNEWPASSWORD','<utf-16/>')
}
Now, the following happen:
If my BIOS has no password, the script works just fine!
If my BIOS has password already, script has Return: 6. I suppose there is
a different option for changing the BIOS password?If yes, any help
is appreciated!
If i run the script for my computer, it works.
If i run the script for another computer i get the following error:
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA).
Is there a way to enable an option to enable the RPC for this feature and then disable it again?
Thank you in advance
According to HP's documentation HP Client Management Interface the WMI interface supports remote interfacing.
You need to ensure all remote computers you're attempting to connect to have the HP custom WMI Namespace.
You also need to ensure the account you're running under has administrative permissions on all of the remote computers.
You may also need to explicitly set the impersonation to 3 which is impersonate.
For more information: Connecting to WMI Remotely with PowerShell
Also ensure the firewall on the remote computers is either off or has exclusions for WMI
I'm pretty new to Powershell and wanted to create a script that install the Remote Desktop Service which is a prerequisite of my application. (I'm on R2012 btw)
I already found that it's possible to do so with a domain account on a remote server (due to the restart needed during installation). I used:
New-RDSessionDeployment [-ConnectionBroker] <String> [-SessionHost] <String[]> [[-WebAccessServer] <String> ]
Now, I want to install RDS on my local server when I launch my Powershell script (as I can do with the Server Manager GUI). The goal is to install RDS and my application in the same Powershell script without the need to do it using a remote server.
Is it possible to do so ? Should I use the role-based RDS installation or is there any tricks I can use to bypass the local server restart (like maybe a workflow) ?
You just need to add the RDS Feature
Add-WindowsFeature –Name RDS-RD-Server –IncludeAllSubFeature -Restart
If you don't include -Restart the restart is not performed - but will be needed before the feature can be used.
Yes , on the context that you need to use New-SessionDeployment but having being said you still need the remotedesktop module to be imported first using
Import-Module RemoteDesktop
Now you need have RD Connection Broker, RD Web Access, and RD Session Host by using:
New-SessionDeployment –ConnectionBroker server.domain.com
–WebAccessServer server.domain.com –SessionHost server.domain.com
Now you need a Licensing Role, use:
Add-RDServer -Server server2.domain.com -Role RDS-LICENSING
-ConnectionBroker server1.domain.com
NOw we have use the deployment for the licensing , use :
Set-RDLicenseConfiguration -LicenseServer server2.domain.com -Mode PerUser
-ConnectionBroker server1.domain.com
Now you can use ,
New-RDSessionCollection and can publish New-RDRemoteapp
This should help you in proceeding further.
I have created a W10 VM (guest) running docker, pulled microsoft/nanoserver image and hosted a container of the image.
(tutorial here: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start_windows_10)
Everything runs great, even host can ping the container running under guest W10. But what i cannot do, is to connect a remote powershell to container.
Enter-PSSession -ComputerName "<container ip>" -Credential ~\Administrator
This pops up a dialog asking for user and password. I cannot leave it blank or etc - the result is access denied. Any ideas how to connect or set a password for nanoserver container ?
I've been struggling with this for a few days now. However, think my problem is slightly different though, as I'm trying to do an Enter-PSSession to a windows docker container, but from another machine, not the container host.
In this tutorial (http://dinventive.com/blog/2016/01/30/windows-server-core-hello-container/), the guy makes a nested container PSSession inside a host PSSession.
He uses this command, which is only available in the latest versions of Powershell. (not in v3)
Enter-PSSession -ContainerId "<container ID>"
Get the ID by doing :
Get-Container | fl
You also have to check your Powershell version and make an upgrade if needed.
To check PS version :
$PSVersionTable
And to download Powershell latest version : https://www.microsoft.com/en-us/download/details.aspx?id=50395
When connecting to a PS-Session using a IP address it adds some requirements, You must either have the remote device configured to use ssl or have the IP address listed in your trusted hosts.
The solution is to either try use the host name for the device, I have had great success with this. Or play with the trusted hosts list. In my experience it works consistently if you add trusted list entries on your machine and the remote machine as well. You can also specify:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*"
This will basically set all machines to be in the trusted hosts list, It has its cons like all machines being trusted but in certain restricted networks its acceptable. Doing this on the host and client machine seems to yield best results.
When specifying -Credentials it expects a credential object, You can craft one before the cmdlet to avoid entering it every time like so:
$secpass = convertto-securestring "Password Here" -asplaintext -force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "Username Here", $secpass
Enter-PSSession -ComputerName "<container ip>" -Credential $cred
Coding credentials like this in a script is bad practice, You should look in to storing credentials in scripts properly, there are plenty of good resources on it.
I need to set the share permissions of a remote share from a Powershell 4 script. I've looked at this page, specifically the command Grant-SmbShareAccess but that cmdlet sets permissions on local shares, I would love to have seen a -ComputerName parameter but, alas, there isn't one.
I want to do something like: Grant-SmbShareAccess -ComputerName MYREMOTESERVER -Name <share_name> -AccountName <domain_account> -AccessRight Full
Any ideas on how to do this? My remote server could be a Windows Server or a NetApp vFiler.
EDIT
I tried Matt's suggestion of Invoke-Command in the comments against a NetApp vFiler and got this error:
Connecting to remote server MYREMOTESERVER failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
Changing the security of the share in Windows Explorer works fine.
Grant-SmbShareAccess is a CDXML command, which means that it uses CIM. As you've already noticed, it should only work on a Windows system running at least PSv3 (in this case the WMI class used only exists on Windows 8 and Server 2012 or higher).
There may be other ways to do this against a non-Windows server, but I would try the PowerShell Access Control Module:
$SharePath = "\\ServerName\ShareName"
$Principal = <account name here>
# Add permission to $Principal (-Force will suppress the prompt)
Get-SecurityDescriptor -Path $SharePath -ObjectType LMShare |
Add-AccessControlEntry -Principal $Principal -LogicalShareRights FullControl -Apply #-Force
# Verify:
Get-SecurityDescriptor -Path $SharePath -ObjectType LMShare |
Get-AccessControlEntry
I honestly don't know if this will work since I've only tested it against Windows servers and I don't deal with share permissions very often. Try it out, and if it works, I'll take this part out of the answer.
For Windows Server SMB shares, use the -CimSession parameter.
For non-Windows SMB shares, I would not expect the Windows SMB administration cmdlets to work with them.
The Netapp Powershell toolkit will help with this. Once installed you can import the module into your script, and manage your shares. Here is a rough example that connects to a filer, prompts for a sharename, then configures that share with some default permissions:
# Import the Netapp Powershell Module
import-module dataontap
# Connect to the filer
connect-nacontroller *filername*
# Get the sharename
$sharename = Read-Host -Prompt 'Enter the share you want to configure'
# Configure the CIFS Permissions
Set-NaCifsShareAcl $sharename "Authenticated users" -AccessRights "Change"
Set-NaCifsShareAcl $sharename filername\administrators -AccessRights "Full Control"
Set-NaCifsShareAcl $sharename domain\somegroup -AccessRights "Full Control"
Remove-NaCifsShareAcl $sharename everyone