Getting IIS7.5 details through Powershell - powershell

$iis=Get-WmiObject -namespace root/MicrosoftIISv2 -query "select * from iiswebservicesetting whe
re name='W3SVC'"
OR
$iis = Get-WmiObject -namespace root/MicrosoftIISv2 -class IIsWebServiceSetting
The above as worked very well for me in case of IIS6.0.
But in case of IIS7.5 the namespace is root\WebAdministration.
I am not sure what query i need to run to get the data that i used to obtain when i ran the WMI command for IIS6.0.You can also tell me the class that i need to use.
2) i need to get some information for IIS ASP.Net configuration.
The .NET Framework defines a set of
elements that implement configuration settings, and the ASP.NET configuration schemacontains elements that control how ASP.NET Web applications behave.
I need to get Details like SessionState,Authorisation,authentication mode,compilation etc
I need to know which NAMESPACE i should use and WHICH CLASS within this namespace i need to use.
Please anyone help me with above 2 problems as its very much needed for me to move ahead with my work.
Thanks in advance

You should have a look at the PowerShell Module for Web Administration for IIS 7.5. On a 2008R2 box running IIS, run the following commands and see what you can find.
PS> Import-Module WebAdministration
PS> Get-Command -module WebAdministration
There is also an IIS provider. You can cd into IIS:\ and use get-item/set-item cmdlets.

Related

Create and configuring Application Pool on IIS w10 and powershell 7.2

I'm trying to create a pool of applications with specific parameters using this code:
$currentAppPool = New-WebAppPool -Name myNeyAppPool
# Set pool specifications
$currentAppPool.AutoStart = "true"
$currentAppPool.ManagedRuntimeVersion = "No Managed Code"
$currentAppPool | Set-Item
I have several errors because setitem asks me for a path variable that it doesn't recognize. Set-Item: The input object cannot be bound because it did not contain the information required to bind all mandatory parameters: Path
I tried to give it the parameter -path IIS:\AppPools\myNeyAppPool but I get the message
Set-Item: Cannot find drive. A drive with the name 'IIS' does not exist
There are quite a few changes concerning the management of IIS in w10 via powershell 7, but little documentation seems to exist on the subject.
Is there anything help ?
Thks,
The provider "IIS:" is loaded when importing the webadministration module.
Providers before and after to load webadministration module
Do you have IIS role enabled in windows 10?
You can check the following link:
https://community.lansweeper.com/t5/installation/how-to-install-iis-internet-information-services/ta-p/64422
Which providers appear if you run the "Get-PSProvider" command?
First try running PowerShell as an administrator, and then the drive is provided by the WebAdministration module, so you need make sure install that module, you can install the module with the following PowerShell commands:
Import-Module ServerManager
Add-WindowsFeature Web-Scripting-Tools

PowerShell - ActiveDirectory Module

I need the ability to have users run a script that requires the ActiveDirectory module. I copied over the following:
"C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory", "Microsoft.ActiveDirectory.Management.resources.dll", "Microsoft.ActiveDirectory.Management.dll".
The script runs two Get-ADUser commands, 1 without the -Server parameter and the other with. The issue is that the former is working but the latter is not.
Is there another module that I need to copy over?
I don't like the idea of installing administrative tools for non-admins. Even if you could get away with copying files and not doing the full-blown RSAT installation. Not the least of reasons is you are dramatically increasing the attack surface for malicious actors. The better solution is (Just Enough Administration) JEA, or a philosophically similar approach.
JEA / Contrained endpoints can get complicated, but a summary of what you can do looks something like this:
New-PSSessionConfigurationFile -Path 'C:\PSSessionConfigs\DemoPSEndpointConfig.pssc' -ModulesToImport ActiveDirectory -VisibleCmdlets "Get-ADUser"
Register-PSSessionConfiguration -Path 'C:\PSSessionConfigs\DemoPSEndpointConfig.pssc' -ShowSecurityDescriptorUI -Name DemoPSEndPoint
Run these commands on a system that has the ActiveDirectory module (likely the whole RSAT component) installed, it doesn't need to be a Domain Controller. It will create a new PowerShell remoting endpoint configuration that exposes only the commands you wish. The Register-PSSessionConfiguration command will display a security dialog where you can permission which users you want to allow to connect, you want to grant them read & execute permission. Once that's done, you can get the results with an Invoke-Command command like this:
Invoke-Command -ComputerName <ServerName> -ConfigurationName DemoPSEndPoint -ScriptBlock { Get-ADUser <UserName> }
You can add the -Server parameter in the command without issue. You can expand the cmdlets you are allowing in the New-PSSessionConfiguration command.
Again this is very much a summary of a more complex topic but should be enough to get what you want.
Personally, I don't use configuration files as much as I use startup scripts. I think the latter is more flexible. You can get some information about that here. If you really want to dig into this there are references at the end of the article including a link to the PowerShell JEA documentation. There's also a link to some of the MVP articles I used to develop my own endpoints.
The ActiveDirectory module is dependent on the RSAT (remote server administration tool). This is avalible to install/activate through powershell: https://mikefrobbins.com/2018/10/03/use-powershell-to-install-the-remote-server-administration-tools-rsat-on-windows-10-version-1809/
With this installed you automatically also get the Activedirectory module installed.

Early filtering within the root\ccm\cliensdk namespace

I recently wrote a script that updates registry values on remote desktops after checking, for instance, that a certain application, MyApp, is properly installed.
The aforementioned application is installed/deployed by SCCM (2012, not R2 for the moment).
In the process of optimizing the script, I wanted to change the test of the install state of MyApp (from late to early filtering).
So far, no luck and so far, no explanation either.
I can't properly understand why it seems not possible to do some early filtering with the following command :
gwmi -ComputerName myserver -Namespace root\ccm\clientsdk -query "select * from ccm_application where Fullname='MyApp'"
Of course, nor can we use :
gwmi -ComputerName myserver -Namespace root\ccm\clientsdk -class ccm_application -filter "Fullname='MyApp'"
Late filtering, of course, works but I wanted (and expected) early filtering to work, especially since I am checking the Install state of an app for quite a lot of remote desktops.
Of course, I do know that I could (can) use SCCM for that purpose (executing a script only if ...) but that still does not explain why I can't do early filtering.
Whenever I try to query that class with my installation while specifying either properties or a filter, I get the error "Provider is not capable of the attempted operation". It doesn't matter if I use Get-WmiObject or Get-CimInstance.
I get the same error when I run this:
PS C:\> WMIC.EXE /NAMESPACE:\\root\ccm\clientsdk PATH ccm_application GET FullName
Node - <SERVERNAME>
ERROR:
Description = Provider is not capable of the attempted operation
PS C:\> wmic /NAMESPACE:\\root\ccm\clientsdk PATH ccm_application WHERE "FullName='Java 32-bit'"
Node - <SERVERNAME>
ERROR:
Description = Provider is not capable of the attempted operation
Although this works just fine:
WMIC.EXE /NAMESPACE:\\root\ccm\clientsdk PATH ccm_application
Seems like a limitation of the provider then, not a problem with your code. -Filter and -Property don't work by design.
Note that I am using 2012 R2 SP1 (5.00.8239.1000), so this may not perfectly apply. However, it seems unlikely that they would remove the functionality from the provider moving from 2012 to 2012 R2.

Deploying WSP remotely from PowerShell 3.0

I have this large application that I am using Windows RM 3.0 to deploy Databases, SSIS packages, and other things to multiple different servers and it is working just fine. It was requested that branding changes to a Business Intelligence SharePoint site be added to this process as well. So I create a custom build script to do so, and set Win RM to run this command from PowerShell on Sharepoint server
Install-SPSolution –Identity Payload\SharepointDeploy.wsp –WebApplication http://localhost/ -GACDeployment
when I run that, I get the following error
Install-SPSolution : Microsoft SharePoint is not supported with version 4.0.30319.18444 of the Microsoft .Net Runtime.
Reading around, it seems its a PowerShell 3.0 issue and when running in 2.0 it works fine. However, my existing process requires PowerShell 3.0 to work properly. Is there anyway to get this working with 3.0? Or can I spin up a 2.0 instance using an Invoke-Command or something? I can provide more details if needed.
You can build a custom endpoint which will run the required version of PowerShell. That way you won't have to mess with the default endpoint which you probably want to keep with its defaults
This would require you to connect to the new endpoint with something like
new-pssession -computername "SharePoint01" -configurationName "psv2".
You build and endpoint with the following cmdlet:
New-PSSessionConfigurationFile -Path "psv2session.pssc"
And then register an endpoint using that config with this cmdlet:
Register-PSSessionConfiguration -Name psv2 -Path psv2session.pssc –ShowSecurityDescriptorUI
It's fairly easy to do, and this link provides a good introduction to the setup:
http://blogs.technet.com/b/heyscriptingguy/archive/2014/04/02/build-constrained-powershell-endpoint-using-configuration-file.aspx (although the blog deals with constrained endpoints, the teqnique is essentially the same for what you need to do)
I was facing the same issue with console application, I decreased the framework version from 4.5 to 3.5 from the project properties page and I works perfect!

Get user's last logon from sccm with powershell

I'm trying to create wmi query to sccm to get PC, where was user's last logon.
Something like:
Get-WmiObject -namespace $SCCMNameSpace -computer $SCCMServer -query "select lastlogon, PCname from sms_? where LastLogonUserName='$SamAccountName'" | select lastlogon, PCname.
I can see this information in sccm report, but I don't know what class I have to use for a query. I'm using sms_r_system for getting IP and computer name.
Is anyone knew sccm class with this information or sql queries will be better for me?
Which report are you viewing the data with? You might want to open up the report's SQL code, figure out which ConfigMgr SQL views it's referencing, and then translate that to the SCCM WMI class names. The WMI class names closely correlate to the SQL view names.
Use a WMI browser like SAPIEN's free WMI Explorer GUI tool to help explore the root\sms\site_xyz WMI namespace and discover which class you are looking for. You can also use Windows PowerShell to help discover which class contains this property:
gwmi -name root\cimv2 -list | ? { ($_.Properties.Name -join ',') -match 'lastlogon' }
Note: Make sure you're using PowerShell version 3.0 Release Preview for the above command, otherwise it won't work right.