Disk Inventory with PowerShell

Hard Drive
Hard Drive

Almost every time I write a PowerShell script, tool, or module it is to scratch an itch that I have. The Get-DiskInventory script is not new to me, but I have recently published because I saw others needed the same type of tool.

Get-DiskInventory gets a list of disk (really volumes) on a local or remote computer and displays their drive letter, name, free space, capacity, used space, and % free. While new operating systems have Get-Volume, sometimes you need a tool to work with those “legacy” operating systems such as Windows Server 2008 R2.

Get-DiskInventory leverages Get-WmiObject to gather the necessary information and is compatible across all versions of Windows client and server.

Examples:

Get your copy now from the TechNet Script repository.

Using PowerShell with SCCM Pending Updates

SCCM Pending Updates
SCCM Pending Updates

We’ve been deploying Microsoft updates with System Center Configuration Manager for a few months now. Each month we get a little better at the process and trust the system more. After approving each month’s patches, I kept finding myself logging into my servers to see if they had pending updates ready to be deployed at the next maintenance window. Logging into each server doesn’t scale, so I needed to find a way to automate the process using PowerShell.

After using a search engine I was able to find the correct WMI class that I could use to query for SCCM client software updates.

Once I had the proper namespace and class, I wrapped a function around it to get the information I need along with a simplified summary output.

Full Output (Default)

Summary Output

If I find that the computer I’m working on still doesn’t have the updates that I approved, I give it a good kick with the following three client actions from the same CMClient module :

Try it out for yourself.

 

PowerShell and SCCM Client Actions

SCCM Client Actions
SCCM Client Actions

If you work with System Center Configuration Manager (SCCM) you will be familiar with the number client actions that you can execute. Some of these actions are used more often than others, and learning what each of them do is for another blog post.

In our quest to roll out automated patching with SCCM we found that we often needed to run these various actions to get the SCCM client to check back in for new policy and check for pending updates. After logging into a handful of computers to open the Configuration Manger client applet from Control Panel to perform a Machine Policy Retrieval and Evaluation Cycle, I had to stop myself and find a faster way.

“What if I could use PowerShell to do this for me?”

I started like I normally do trying to find a SCCM client module with built-in cmdlets, but that path led to futility. Thankfully I found @adbertram wrote a PowerShell module that could execute the proper WMI method for the client actions. I immediately downloaded the code and started to try it out. I found one problem: the functions only accepted a single computer name at a time. I asked Adam about it. He told me to go ahead and update the code, and do a pull request on Git. I said I’d be glad to, pretending I knew how to do any of that Git stuff. After updating the code and performing my first Git pull request, we now have a SCCM client module for invoking client actions on multiple computers.

Let me show you a few examples:

Check out the CMClient module on Github and the PowerShell gallery (Install-Module CMClient).

Send your positive feedback to me and your bugs and complaints to Adam.

Automate Snipping Tool with Autohotkey

Snipping Tool

Taking screenshots is necessary in the life of an IT worker. Every day we run into error messages that require investigation and resolution. I often find when I run into an issue that chances are I will run into the issue again (and usually a day or two after I completely forgot how I fixed it). That’s why I use screen shots in combination with OneNote to document what I do on a daily basis to fix recurring problems that my brain has forgot about. (PowerTip: OneNote can index text inside of screenshots.) Screenshots should also be used for documenting processes, installations, and changes. Although there are many spectacular screenshot tools out there, I’ve always tried to build my workflow around in-the-box apps when they are sufficient. For my screen shots I use the built-in Snipping Tool which has been around since Windows Vista. However when launching the Snipping Tool you have to switch to the app and then tell it to start a capture. In my never-ending quest for efficiency I want to find ways to keep my hands on my keyboard and use the mouse less and less. I needed a way to use Launchy to not only launch Snipping Tool, but to start the capture. I found and modified an Autohotkey script to help me accomplish my goal. Now I can press Alt+Space, type “snipit” and immediately begin my screenshot selection.

snipit.ahk

 

 

Detailed Cluster Shared Volume Information

Cluster Shared Volume DiagramIf you’re running Hyper-V clusters and/or Scale-out File Servers (SoFS) you may have the need to get a quick report of the Cluster Shared Volumes (CSV’s). However with the built-in cmdlet Get-ClusterSharedVolume you only get basic information. I wrote a function called Get-ClusterSharedVolumeUsage to gather additional useful information including Path, Size, FreeSpace, UsedSpace, and PercentFree.

Example:

Get-ClusterSharedVolumeUsage

Certificate Keys: Size Matters

Keys

When issuing SSL certificates you can specify the key size (or length). The larger the key size the more secure the certificate, however higher key sizes also increase CPU load for encryption/decryption. When issuing certificates for your web servers the current recommendation is to use at least 2048 or higher.  Certificates with key sizes less than 2048 (i.e. 1024 or 512) are considered vulnerable and should be replaced as soon as possible. Check your SSL certificates key sizes to ensure they are using an securable key size.

 

PowerShell Certificate Health Module

Hyper-V and Mounted DVD Drives

thinkcentre_dvd_rom_drive_41n5618

From time to time there is a need to mount an ISO to a Hyper-V virtual machine to install an operating system or SQL or other software. Unfortunately not everyone remembers to dismount the ISO from Hyper-V after they completed their task. This can cause errors when live migrating the VM to another host if the ISO is not located in a cluster shared volume. Either way it’s a good habit to keep those DVD drives unmounted if they are not in use. I wrote a script to connect to System Center Virtual Machine Manager to find any VM’s with mounted DVD drives and created a report. The script can also optionally send the report to the address of your choosing. I set it up to run once a week to nag remind our team to clean up after ourselves.

Get-SCVirtualMachinewithMountedDVDDrive

Certificates and Algorithms

binary

When an SSL certificate is issued it uses a cryptographic hash algorithm (read: hard math) to ensure your private information stays private. There are a number of hash algorithms, also known as signature algorithms, used in certificates in the past and present. Security researchers and scientists are constantly evolving the algorithms as the bad guys are always trying to break the encryption in the never-ending arm’s race of cryptography. When an algorithm is known to shown to be weak and vulnerable to cracking, it is deprecated. The mainstream browsers begin to warn and eventually not accept certificates using these vulnerable algorithms.  Currently certificates using the MD5 algorithm are no longer considered secure, and now SHA1 certificates are being deprecated. All your new certificates should be signed using the SHA256 or higher which should now be the default on your Windows systems.

You can check your certificate’s algorithm health using the PowerShell Certificate Health Module.

Who’s Watching Your SSL Certificates

SSL Certificate Lock Symbol

Every business needs SSL certificates for encrypting their traffic. Typically we see SSL certificates being used for encrypting our http web traffic, but certificates are also used for securing LDAP (Active Directory), SMTP, IMAP, POP3, and so many more protocols. Certificates can also be using for authentication on your domain or on the web. When you purchase a certificate you typically choose to pay for the certificate to be valid for a year or more. After the certificate is processed, you install it and then your work is done. Except one year or so from now something breaks, and you realized that your certificate has expired.

Keep an eye on your certificates with the PowerShell Certificate Health Module.