Configure Web.Config for use with PowerShell DSC v5 Configuration Names and RegistrationKey

One of the new features of PowerShell v5 DSC, is that you now can use ConfigurationNames in “clear-text” not GUID, meaning that you can now have human readable names for your configurations. Since they are easier to guess, then there is an added layer of security, now the Pull clients have to register themselves with the Pull server, with a preshared key. When this happens the client LCM will generate a unique AgentID that is used to discern the different clients.

In order to add the RegistrationKey settings you need to add a line to the web.config file of the DSC Pull server, that entry points to a location in the file system where it can find a file called RegistrationKeys.txt. (You can read more about it here: Link

Instead of manually editing the web.config file, I wrote a little script to add the configuration, to help automate the building of pull servers for my demo lab

This assumes you have installed to the Pull server to the “default” location.

Another annoyance that I have come a across is that I usually have a Danish keyboard layout, and when I use the xPSDesiredStateConfiguration Module, and try to setup a pull server it will complain that I cannot find a file in C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PullServer\en. In order to fix this, you can create two localized folders containing the same files as in the en and en-US folders.. I wrote a little script to do this, based on the locale of the machine.

Since both scripts are altering files in protected areas of the file system both has to be run as Administrator

Read More

New in WMF 5 April release

I have been playing a lot with DSC, and I have therefore had to use [System.Guid]::NewGuid() a lot, to create GUIDs for the DSC configuration clients.
PS C:\> [System.Guid]::NewGuid()

Guid
—-
8a0db54d-7f46-479e-a449-cbe302e4297b

But in this latest revision, there is a new CMDLET that lets you create GUIDs: New-Guid

PS C:\> New-Guid

Guid
—-
2889dbbb-0389-4b50-a741-eb4ab7e20210

If you need to copy and paste the GUID into a configuration, you can do something like this:

or

Read More

Domain requirement for ORK

I was playing around with Microsoft ORK (Operational Readiness Kit), which is a frontend for the PowerShell deployment toolkit, aimed at hosters.

I wanted to try to do a greenfield install, using a clean Server 2012R2 machine, which had not been joined to any domain, and run everything off that machine. I had downloaded all the pre reqs, and started the install, but it kept failing.

2015-05-02_22-18-41
It entered an infinite loop, trying to access the PowerShell AD provider, so my first thought is that I will just turn off the autoload of the AD provider, by setting an environment variable

But the script still failed, so I looked at the code, and found this snippet.

This is what is creating the infinite loop, it tests to see if the AD:\ provider is loaded, if not remove the module and install it again and try to find the drive again.

I have not had time to dig through the entire script, to see if the “installing” machine actually needs the PowerShell AD module or not.. So for now, the machine on which you run the installer on, need to be in a domain.

Read More

Been a little slow lately ;)

It has been a little slow here for a while, between being very busy at work, and then starting a new job, I haven’t had enough time to blog that much. But hopefully that will change… I have started working more with Azure, so as always I usually tend to learn better myself when writing stuff down.. So I will have a series of posts regarding PowerShell and Azure, initially it will probably be some getting started stuff, which I hope will be usefull (I know it will be for me, so that is the most important thing :) )

Stay tuned

Read More

Adding Applications to EMET

If you have been using EMET (Enhanced Mitigation Experience Toolkit ) toolkit from Microsoft you probably have had to need to add custom application, one of the main “culprits” is Flash Player with its ever changing name (filename contains it’s version number)
In EMET wildcards are only allowed in paths not filenames, so I wrote a little script to add applications to the EMET “Watch list” :)

It consist of 2 functions one to remove an application and one to add an application.

The below example will first remove all applications that starts with Flash, then it will add all .exe found in the path: ‘C:\Windows\System32\Macromed\Flash’, so if there were multiple versions of flash in there, they would all be removed.

Read More

PowerShell v5 COM improvements

When I saw that Lee Holmes twittered about COM had been improved in WMF 5 September release, I just had to try it right away..

I have several scripts that does some auditing of computers in AD, and populates an Excel spreadsheet, where different properties get highlighted depending on its value. It usually takes around 10 minutes pr 200 servers, I upgraded the machine from PS v3 to PS v 5 September release and went down to 2 minutes for the same 200 machines. Almost 5x improvement. If you don’t believe me I have to screnshots to prove it :)

PowerShell v3
PS 3 COM
PowerShell v5
PS 5 COM

Read More

Are you going ? I am..

The European PowerShell Summit, organised by PowerShell.org, will be in Amsterdam September 29 – October 1 2014 at the Park Hotel. Details at http://powershell.org/wp/community-events/summit/

The Summit will feature 3 days of PowerShell sessions from PowerShell team members, PowerShell MVPs and other PowerShell experts. It’s the in-person gathering place for PowerShell enthusiasts and PowerShell users. It’s a place to make new connections, learn new techniques, and offer something to your peers and colleagues. If you can’t get your PowerShell questions answered at the PowerShell Summit you’ll never get an answer.

The Summit agenda is available to view at: http://eventmgr.azurewebsites.net/event/agenda/PSEU14

Registration is now open via http://eventmgr.azurewebsites.net/event/home/PSEU14

Read More

Så er det tid til at sætte X i kalenderen igen. ( 26 Juni)

XXXX 26 Juni XXXX

Denne gang er det med ret kort varsel i forhold til hvad vi plejer, vi
har ligget i “forhandlinger” med Aleksandar Nikolic ( en af de førende specialister inden for PowerShell remoting, restrained endpoints etc.)
om at komme op og afholde sessioner. Aleksandar blev desværre forhindret i sidste øjeblik, og vi har derfor måttet skyde
arrangementet med ham til start september.

Vi har derfor valgt at holde et arrangement hvor vi selv fra gruppen holder indlæg, programmet ikke helt fast endnu, da vi gerne til have DIG til at tale også.

På nuværende tidsunkt har vi:

Dennis Rye (System Hosting) kommer og fortæller om deres daglige brug af PowerShell i en hosting virksomhed, det være sig integrationer med Orchestrator, planlagt automatisk udvidelse af disk/CPU/RAM i Hyper-V.

Claus T Nielsen (AP Pension) Performance optimeringer, hvornår kan det betale sig at bruge Pipelinen, Jobs, Runspaces etc.

Jakob Svendsen T.B.A

Hvis der er andre der har lyst til at præsentere noget de har lavet, eller noget andet fedt de har brugt PowerShell til, kan i kontakte mig på claustn “Snabel@” Gmail.com, så vi kan få dig på listen over talere.

Lokation og tidspunkt på dagen meldes ud snarest. Så følg med her og på vores LinkedIN gruppe.

Read More

Updating UPN names in Active Directory

We are in the process of testing out Office 365, to see if it will be useful for us, so initially we are just going to use DirSync for some specific users, instead of setting up the complete ADFS solution. I have been extremely busy lately, so I decided to hire someone to come in and setup the DirSync and change the UPN’s for the users who are going to the cloud.

Everything went fine, I gave him a list of OU’s which contained the users who needed the change, and he started opening each user going in and changing the UPN from the GUI.. But apparently I have gotten allergic to doing stuff in the GUI, so I ended writing a small script for him. Which after some procrastinating ended up with a GUI.

It will load a tree view of the current directory (Requires AD cmdlets to be present on the system), then you can select each OU you want to change the containing users UPN name, it will also let you choose to recurse through multiple OU’s.

Be aware this is version 1, so there are no “are you sure prompts”, proceed with caution..

I have exported the code from PowerShell studio with recovery info, so you can load the form, and work with it.

UPNChanger

The treeview code is based on code from Thepip3r:
http://thepip3r.blogspot.dk/2011/06/powershell-guis-active-directory.html

Read More