I have a Powershell script that puts a Windows 2012R2 IIS(v8.5) Web server in "maintenance mode" by stopping a site and its associated app pool. (Stop-WebAppPool and Stop-Website cmdlets). However, if I run iisreset or reboot the server, that site and app pool are put back in a started state automatically.
The Start Mode on the app pool is set to "OnDemand".
"Preload Enabled" is set to False on the site.
Here's the interesting part. If I manually stop the site/pool using the IIS Mgmt Console, the stopped state "survives" an iisreset or server reboot. So, there seems to be something fundamentally different between what the console does and what powershell/code does.
I also tried using appcmd.exe commands instead of the PS cmdlets, same thing: Site and pool were automatically started after reset or reboot.
Has anyone experienced this? Any suggestions. I need this site to remain stopped after an iisreset or reboot so that it doesn't become live while performing maintenance.
Its a pretty basic site, so I've thought about just deleting and re-creating, but that seems a pretty extreme measure. Hoping somebody has a less intrusive method.
Related
I have a Windows 10 LTSB 2016 machine set up in kiosk mode to run a single application. I followed the Powershell instructions at https://learn.microsoft.com/en-us/windows/configuration/kiosk-shelllauncher#configure-a-custom-shell-using-powershell to build the install script, it works well. In that script, I can set the behavior of the shell if the application crashes. I can restart the application, restart the PC, or shut down the PC.
In general, this is all good, but occasionally someone does something like edit a file that causes the application to instantly crash on starting. Because I have the script set to restart the application, this causes the shell to get stuck in a loop where the application is rapidly crashing and restarting. This fills my logs and is generally a poor UX for the end user.
I'd like to condition the behavior so the application only attempts to restart a limited number of times, then shuts down (or some other behavior). Is there any way to achieve this? Can the custom shell access a counter, or accept a return statement from the application (e.g. to differentiate between an intended application shutdown/restart vs an application crash)?
At the company I work for, we use Bit9 as part of our security stack. We are in the process of upgrade the version to 8.0 (and eventually 8.2) on all of our devices. Between the automatic upgrades and a different script I wrote, I was able to upgrade about 1000. But there are still about 700 left where the CLI password from Bit9 is not working, and the devices are not checking in to allow auto upgrade.
Bit9 has come back and suggested the following:
Boot the endpoint into Safe Mode w/ Networking
Run a script that executes the following Administrative commands from a CMD prompt (please note the proper spacing between start= disabled):
sc config parity start= disabled
sc config paritydriver start= disabled
Boot into Normal Mode
I've written a script that is supposed to do all of this, except I cannot for the life of me get the script to run once the device starts in safe mode. I've tried everything that I can think of:
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Placing a batch file in the Startup folder
Scheduled task
Nothing I do is working.
And one other caveat, the user that is logging in (safe mode & normal mode) is not an administrator. It is a regular user. I am kicking off the initial script with BigFix, which does run as an administrator.
Thanks in advance.
I was finally able to get it to work. The service idea was the starting point, though instead of creating a "fake" service, I actually wrote a service in C# that calls the PS script. I was then able to edit the registry, where I made that service able to start in safe mode. That seemed to do the trick. Now the only issue is that I can't seem to disable safe mode programmatically, but I will ask that as a separate question.
I'm automating windows updates for a set of SQL servers, mostly running on Windows Server 2016. Typically after you install updates you have to reboot, and there is a period of time after rebooting where the server is applying updates and users can't remote into the server. In my automation, I would like to wait until that period of time is over before reporting a successful update. Is there an indicator that I can check remotely through powershell that will determine whether a user can remote in?
I've checked the main RDP services (termservice, SessionEnv and UmRdpService) during this period and they are all running, so if there's some sort of indicator, it isn't them. Maybe there is a field somewhere that states that windows is applying updates? All of the servers are virtualized through VMWare if it matters.
Thanks for reading!
How about testing the port that the remote desktop service listens on?
test-netconnection server -port 3389
I didn't have any luck on ServerFault either, but I did eventually find a solution myself, posting here in case anyone finds this thread looking for help.
The isn't actually a service that changes states when you can RDP back into a server; that's probably determined somewhere in the windows code and there's no way you could find the flag. However, the TIWorker program runs after a reboot to install windows, and in my experience recently, when that exe completes, you can RDP 100% of the time, which is good enough for my automation.
I loop over this piece of code in 5 second intervals until it returns 0 rows, then finish.
Get-Process -ComputerName $server | ? {$_.ProcessName -match 'TiWorker'}
What I have: I have Windows 7 on my home PC.
What I'm trying to do: I'm trying to keep TeamViewer running at home so I can always get to my home computer. The other day it got completely messed up and would not let me connect but everything else on the PC was just fine.
Items I've looked at:
I looked at this thread and it does not seem to apply to what I need:
Is it possible to start Teamviewer, to accept connections, from commandline?
... but it does not appear to be what I'm looking for.
I have looked at this:
https://serverfault.com/questions/48600/how-can-i-automatically-restart-a-windows-service-if-it-crashes
... and to test the script at the above URL, I stopped a service on my computer and pointed the above vbs script to that service and the vbs script will not restart that service, so that's not working.
What's happening:
From time to time on my home computer, TeamViewer hangs or gets messed up in some way and I cannot connect to my home computer. The last time this happened, the TeamViewer UI was still running but there was a little red dot next to the tray icon and the id numbers and password were blank in the UI so I had to right click and kill it and restart the computer and all was OK.
What I'd like to do:
Is there a way I can run some kind of script or something that will completely kill all TeamViewer processes and services and restart it completely? I'd like to schedule this type of activity once an hour so I can be assured of pretty much always being able to get into my home computer or else just wait an hour and it should be back up and available?
I have 20 years in IT with networking background, databases, GUI development, website development, hardware and software installation but no experience in brain surgery. I've given it a good try but am now asking for some help.
Thanks.
I think that task scheduler, taskkill and batch script is your friend here.
create a batch file to stop any current team viewer process and then restart it.
crate a batch file something like:
taskkill /IM TeamViewer.exe
start "" "C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
(substitute the path to TeamViewer.exe on your own machine).
Then create an hourly scheduled task to run the script using the highest privileges (using Windows Task Scheduler).
Lookup taskkill for more info on killing tasks from the command line.
Just to add that you'll have to have the PC in a associated in your teamviewer account in a group (e.g. My Computers) and use the same account to connect - otherwise the password change on restart will prevent you connecting (you won't know the new password).
What is the best way to stop/start Fiddler as a daily task?
I am usin Fiddler to monitor/logs https trafficon machine which runs fully automated and runs software which is not controlled by me, but uses https.
My machine stopped yesterday because Fiddler went out of memory after running over 3 days and now I want to have a clean way to start/stop it.
I guess I could just specify a process duration in the task manager, but I would prefer something cleaner, especially to avoid issues when things are started manually.
Just use Scheduled Tasks, they have been part of windows since forever. You should be able to stop fiddler with it too (by calling TaskKill).