I am new to Powershell Scripting. I what I am trying to accomplish is to write a script that will query WMI for KMS Licence status on just the KMS channel and the CMID of the machine I would like the output to be put into excel. Also The script I am writing pops up with a access denied error on a few machines that I am unable to suppress. any help would be appreciated.
$AllADComputers = Get-ADComputer -searchbase "OU=CC3DELLS,DC=Sample,DC=com"
ForEach ($Computers in $AllADComputers)
{
$ComputerName = $Computers.Name
if ((Test-Connection -computername $ComputerName -Quiet -ErrorAction SilentlyContinue) -eq $true) {
$ComputerCMID = Get-WmiObject –computer $ComputerName -class SoftwareLicensingService -ErrorVariable err -ErrorAction SilentlyContinue -WarningAction SilentlyContinue -Credential $Cred | Select-object ClientMachineID -ErrorAction SilentlyContinue
Write-host "$ComputerName has the $ComputerCMID "
} else {
Write-Host "$ComputerName is Down" -ForegroundColor Red
}}
The following worked for me:
$ErrorActionPreference = "SilentlyContinue"
$ComputerCMID = Get-WmiObject –computer $ComputerName -class SoftwareLicensingService
$ErrorActionPreference = "Continue"
Related
I am trying to script a powershell function manage-bde.exe (bitlocker) to add a key protector to systems without TPM. For some reason GPO is not working. I have not had any luck getting powershell to add the protector remotely. I can log on to the endpoint and use the built in wizard to encrypt and save the key to our repository but for some reason remote automated scripting eludes me. My question is really more of guidance. Can powershell only be used, to remotely manage systems with TPM? I have bitlocker enabled and encrypted on systems without but I have had to do it manually.
Start-Transcript -Path ".\bitlockertranscript.txt" -Force
foreach ($Computer in $List) {
if (test-Connection -ComputerName $Computer -Count 1 -Quiet ) {
Get-ADComputer -Identity $Computer -Property * | Select Name,OperatingSystem
Get-WmiObject -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm -computername $Computer | fl IsActivated_InitialValue, IsEnabled_InitialValue, IsOwned_InitialValue
$BitLocker = Get-WmiObject -ComputerName $Computer -Namespace Root\cimv2\Security\MicrosoftVolumeEncryption -Class Win32_EncryptableVolume
$id = $BitLocker.GetKeyProtectors(3).volumekeyprotectorid | Select -First 1
manage-bde.exe -cn $Computer -protectors -adbackup c:
manage-bde.exe -on C: -cn $Computer
Invoke-GPUpdate -Target $computer
} else
{"No Connection to $Computer"
}
}
Stop-Transcript
It seems to be strange but I can't assign a value to variable inside of Invoke-Command. Here is the code below but when print out $targetComputerPath it's simply empty. What's wrong?
foreach ($item in $computersPath){
$computername = $item.Name
$username = $item.UserID
Write-Host computer $computername and user $username
if (Test-Connection -ComputerName $computername -Count 1 -ErrorAction SilentlyContinue)
{
if ($((Get-Service WinRM -ComputerName $computername).Status) -eq "stopped")
{
(Get-Service WinRM -ComputerName $computername).Start()
}
Invoke-Command -ComputerName $computername -ScriptBlock {
if ($((Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId) -eq "1903" )
{
$targetComputerPath = "\\"+$computername+"\c$\Users\"+$username+"\Desktop\"
write-host "1903"
}
else
{
$targetComputerPath = "\\"+$computername+"\c$\Users\"+$username+"\Desktop\"
write-host "something else"
}
}
}
write-host $targetComputerPath
}
The point of WinRM is that you take a script block, and execute it on a different machine.
None of the variables you define in the host script will be available on the remote machine.
This becomes more apparent when you separate the "task", a.k.a the script block, from the Invoke-Command, like this:
$task = {
$version = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
if ($version.ReleaseId -eq "1903") {
# note that `$username` cannot be available here, it's never been defined!
return "\\$env:COMPUTERNAME\c$\Users\$username\Desktop"
} else {
return "\\$env:COMPUTERNAME\c$\Users\$username\Desktop"
}
}
foreach ($item in $computersPath) {
$computername = $item.Name
$username = $item.UserID
Write-Host computer $computername and user $username
if (Test-Connection -ComputerName $computername -Count 1 -ErrorAction SilentlyContinue) {
$winrm = Get-Service WinRM -ComputerName $computername
if ($winrm.Status -eq "stopped") { $winrm.Start() }
$targetComputerPath = Invoke-Command -ComputerName $computername -ScriptBlock $task
Write-Host "The machine returned: $targetComputerPath"
}
}
As you can see, you can return values from the script block and they will be available as the return value of Invoke-Command.
If you want to pass arguments to your script block, this thread talks about that: How do I pass named parameters with Invoke-Command?
I want to execute a few lines of code on every Server (160+).
For this I decided to get my Serverlist via Powercli and pass this list to Enter-PSSession.
...
Connect-VIServer -Server $VIServer -Credential $creds
$servers = Get-VM |select Name |where Name -Like "SV*"
...
foreach($server in $servers)
{
try{
Enter-PSSession -ComputerName $server -Credential $cred -ErrorAction Stop
Get-NetIPAddress |where AddressFamily -EQ 2 |where InterfaceAlias -Like "Ethernet" |select IPAddress
Exit-PSSession
}catch{
Write-Host "Error on $server"
}
}
the problem seems to be, that it takes an array as the ouput error is following
Error on #{Name=<$server>}
But I dont know how to handle this correctly
Use New-Pssession or Invoke-command for remoting. Enter-Pssession is interactive and the way you are doing it, the get-netipaddress is running on your local machine and not on your remote machine.
Use $servers.Name instead of $servers in your foreach loop.
foreach($server in $servers.Name) #This .name should fix your problem
{
try{
New-PSSession -ComputerName $server -Credential $cred -ErrorAction Stop -Name MySession
Invoke-Command -Session $MySession -ScriptBlock {Get-NetIPAddress |where AddressFamily -EQ 2 |where InterfaceAlias -Like "Ethernet" |select IPAddress}
Remove-PSSession
}catch{
Write-Host "Error on $server"
}
}
The code below turns off firewall on each remote computers and return any computers that was turned off. I am also trying to retrieve software that has been authorized to pass through firewall for each computer.
I understand that I am using try, catch so is there any way to print the output of $Appfilter to offComp&programsALLO.txt ? The text file just prints the value of $Appfilter.
The output should ideally look like:
Computers:
"name of computer" followed by "programs allowed"
Here is the code:
Get-ADComputer -Filter * | Select-Object -ExpandProperty Name | Out-File .\ADcomputers.txt
$LaunchLine = 'powershell.exe -Version 4.0 -Command "& {netsh advfirewall set allprofiles state off}"'
$Appfilter = 'powershell.exe -Version 4.0 -Command "& {Get-NetFirewallApplicationFilter -program * | fl program}"'
$ComputerList = Get-Content .\adcomputers.txt
foreach($Computer in $ComputerList) {
[String]$wmiPath = "\\{0}\root\cimv2:win32_process" -f $computer
try {
[wmiclass]$Executor = $wmiPath
$executor.Create($LaunchLine, $Appfilter)
} catch {
Add-Content offComp&programsALLO.txt "computers:$Computer, $Appfilter "
}
}
I would use Invoke-Command with the -ComputerName parameter if possible:
#store AD Computer names in an array
$computerList = (Get-ADComputer -Filter *).Name
#declare results arrays
$results = #()
$offline = #()
#for each computer
foreach($computer in $computerList) {
#if computer responds to ping
if(Test-Connection $computer -Count 2 -Quiet -ErrorAction SilentlyContinue) {
#disable firewall
Invoke-Command -ComputerName $computer -ScriptBlock {
netsh advfirewall set allprofiles state off
} | Out-Null
#store retrieved authorized programs list in an array
$programs = Invoke-Command -ComputerName $computer -ScriptBlock {
(Get-NetFirewallApplicationFilter).Program
}
#build results object and add it to results array
$results += [PSCustomObject]#{
ComputerName = $computer
Programs = $programs -join ";"
}
} else {
#build results object and add it to offline array
$offline += [PSCustomObject]#{
ComputerName = $computer
Status = "OFFLINE"
}
}
}
#export results to files
$results | Out-File "report.txt"
$offline | Out-File "offline.txt"
Is there a way of getting the below to run in parallel (multi-threading)? I have about 200 servers that need to run and was wondering if there is a way of checking say 10 servers at once rather then one at a time...WMI is very slow in checking this one at a time.
clear
Write-Host "Script to Check if Server is Alive and Simple WMI Check"
$servers = Get-Content -Path c:\Temp\Servers.txt
foreach($server in $servers)
{
if (Test-Connection -ComputerName $server -Quiet)
{
$wmi = (Get-WmiObject -Class Win32_ComputerSystem -ComputerName $server).Name
Write-Host "$server responds: WMI reports the name is: $wmi"
}
else
{
Write-Host "***$server ERROR - Not responding***"
}
}
Use powershell jobs:
$scriptblock = {
Param($server)
IF (Test-Connection $server -Quiet){
$wmi = (gwmi win32_computersystem -ComputerName $server).Name
Write-Host "***$server responds: WMI reports the name is: $wmi"
} ELSE { Write-Host "***$server ERROR -Not responding***" }
}
$servers | % {Start-Job -Scriptblock $scriptblock -ArgumentList $_ | Out-Null}
Get-Job | Wait-Job | Receive-Job