Over the past few years I have been writing various tools that my team and I use to accelerate and automate various systems administration tasks. Previously I had been publishing these eclectic tools as individual script files on the TechNet script repository. Now I decided to collect the tools into a toolbox module called MrAToolbox (for Mr. Automaton). Now as I update the module you can automatically get the new version through PowerShell (Update-Module). Here’s the list of functions included as of version 1.0.2.
It’s been weeks since the #WannaCry #WannaCrypt exploited thousands of computers across the internet. If you have been regularly patching your systems you would have been covered by the March 2017 update. The vulnerability used the legacy protocol SMB version 1 to propagate across the network once a machine was infected. Security experts and even Microsoft have been calling for the disabling and or removal of the SMBv1 protocol from Windows environments for quite some time.
A Little History
Introduced with Windows XP, the SMBv1 protocol has been installed and enabled by default on all Windows operating systems for backwards compatibility. SMB version 2 was introduced with Windows Vista/Windows Server 2008 adding additional security and performance. SMB version 3 was introduced with Windows 8/Windows Server 2012 adding even more performance and availability options.
Disabling SMBv1 across an enterprise is no small feat. There’s a process to follow, and there’s research that needs to be done ahead of time. There are basically three hang-ups that can keep you from disabling SMBv1 across the board:
Windows XP and Windows Server 2003 boxes still hanging around the network. You REALLY need to get rid of them.
Linux servers, appliances, or devices that share or access data over SMBv1. Check with your vendors on supporting SMB 2.
Network scanners or multi-function printers that scan to file servers using SMBv1. See if they can be reconfigured or updated to support SMB 2.
Do the work to identify these gotchas so that you can know where you can and can’t proceed with disabling the legacy protocol.
Note that when disabling the SMBv1 protocol you need to disable both the server-side (I’m sharing files with you) and client-side (you’re sharing files with me) of the protocol.
Get It Done!
You route to disabling SMBv1 depends on the tools at your disposal.
I wrote a PowerShell tool to gather the SMB protocols that are enable/disabled on a Windows computer called Get-SmbStatus. You can use this tool for discovery before and/or after you make your changes.
VERBOSE:SERVER01 isrunning Microsoft Windows Server2012R2 Standard version6.3.9600.
VERBOSE:SMB1 registry key exists andisset to0.
VERBOSE:SMB2 key value notfound on SERVER01.
VERBOSE:SMB3 key value notfound on SERVER01.
You can pick up the PowerShell function Get-SmbStatus at the Technet Script Repository.
Last month I had the privilege to attend the DEV Intersection conference in Orlando, FL. Being a infrastructure engineer I stuck to the IT Transformation track which was stocked with great speakers and sessions. The general focus of the sessions and keynotes was utilizing Microsoft (and others’) technologies to move towards devops oriented processes. I was additionally grateful for the workshops focusing on leveraging Visual Studio Team Services with Visual Studio Code to write PowerShell infrastructure as code taught by Jeffrey Snover, Don Jones, and Michael Greene. They convinced me to finally switch to using Code as my PowerShell editor.
Another highlight of the conference was Jeffrey Snover’s keynote on the impending release of Azure Stack. He presented the value proposition of businesses and service providers being able to provide a subset of Azure services in places where the Azure public cloud doesn’t yet make sense. I really think this is more game changing then most people realize and will put Microsoft in a unique position to help businesses transition to the “cloud” both in architecture and destination.
For years I have been listening to podcasts, reading blogs, and watching training videos, and it was a real treat to finally meet some of these people in person, shake their hand, and thank them for their influence on my career.
Almost every time I write a PowerShell script, tool, or module it is to scratch an itch that I have. The Get-DiskInventory script is not new to me, but I have recently published because I saw others needed the same type of tool.
Get-DiskInventory gets a list of disk (really volumes) on a local or remote computer and displays their drive letter, name, free space, capacity, used space, and % free. While new operating systems have Get-Volume, sometimes you need a tool to work with those “legacy” operating systems such as Windows Server 2008 R2.
Get-DiskInventory leverages Get-WmiObject to gather the necessary information and is compatible across all versions of Windows client and server.
We’ve been deploying Microsoft updates with System Center Configuration Manager for a few months now. Each month we get a little better at the process and trust the system more. After approving each month’s patches, I kept finding myself logging into my servers to see if they had pending updates ready to be deployed at the next maintenance window. Logging into each server doesn’t scale, so I needed to find a way to automate the process using PowerShell.
After using a search engine I was able to find the correct WMI class that I could use to query for SCCM client software updates.
Description:Install thisupdate toresolve issues inWindows.Foracomplete listing of the issues that are included inthisupdate,see the associated Microsoft Knowledge Base article formore information.After you
install thisitem,you may have torestart your computer.
If you work with System Center Configuration Manager (SCCM) you will be familiar with the number client actions that you can execute. Some of these actions are used more often than others, and learning what each of them do is for another blog post.
In our quest to roll out automated patching with SCCM we found that we often needed to run these various actions to get the SCCM client to check back in for new policy and check for pending updates. After logging into a handful of computers to open the Configuration Manger client applet from Control Panel to perform a Machine Policy Retrieval and Evaluation Cycle, I had to stop myself and find a faster way.
“What if I could use PowerShell to do this for me?”
I started like I normally do trying to find a SCCM client module with built-in cmdlets, but that path led to futility. Thankfully I found @adbertram wrote a PowerShell module that could execute the proper WMI method for the client actions. I immediately downloaded the code and started to try it out. I found one problem: the functions only accepted a single computer name at a time. I asked Adam about it. He told me to go ahead and update the code, and do a pull request on Git. I said I’d be glad to, pretending I knew how to do any of that Git stuff. After updating the code and performing my first Git pull request, we now have a SCCM client module for invoking client actions on multiple computers.
I’ve been working on a project to roll out automated patching to the servers in our environment. We have been using a combination of group policy and WSUS, which is a great solution, but it doesn’t allow for multiple maintenance windows. Since we are primarily a Windows shop we chose to use System Center Configuration Manger (SCCM) as our solution. If you’ve worked with SCCM you know that “it’s a full time job.” So over the last few months we’ve been carving off some servers from our WSUS and moving them to SCCM for patching. During the changeover we needed to verify if the server was actually talking to SCCM instead of our existing WSUS infrastructure. For the first few servers I logged on and launched regedit.exe to look at the policy key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate. After doing this two (too many) times I realized this wasn’t going to scale. I put together a PowerShell script to read the registry keys we needed from one or more remote servers.
Today I saw that one of our Azure IaaS VM’s was getting low in disk space. The VM was configured with a number of data disks in a storage pool so adding a disk to expand space would not be a problem. In fact we have done this quite a few times for this specific VM, so the process is all too familiar. However this time I ran into a problem. I stepped through the process to add a new disk using the Azure Portal and received the following error:
Wait….what? I can’t add a disk because I can’t add a NIC when the machine is running? But I’m trying to add a disk not a network adapter! I attempted to stop the VM to see if I could add this disk while the VM was offline. “No soup for you!”
Failed to stop the virtual machine ‘server01’. Error: Secondary network interfaces cannot be added or removed from a running virtual machine.
What? Now what do I do? I restarted the guest OS and attempted a redeploy of the VM, but nothing worked. I opened a ticket with Azure support. After walking the support technician through my issue he was also stumped. However after a few hours of research he came back with the solution which was to force the first (and only) network adapter to be primary through PowerShell.
After executing these commands the VM shutdown without warning or intervention after which I was able to add my additional data disk, power on the VM, and get back to work.
I’m glad to find a solution, but this is definitely a pain point. I don’t have access to the hypervisor to force stop or reset a VM to fix the configuration through Hyper-V Manager, Failover cluster manager, or System Center Virtual Machine Manager. I know that’s not going to happen ever with Azure, nor should it. This is just one of those edge cases where you have to reach out to support for help.
Nugget of Wisdom
Purchase your Azure support before you need it. When you’re in the thick of it you don’t want to be establishing a support contract which can take time before you can even open a ticket.
Hello. My name is [redacted], and I’m a performance junkie. It’s been five days since I wrote a PowerShell script to make me work faster.
Sometimes I feel like a NASCAR pit crew chief constantly trying to find ways to shave off seconds of inefficiencies in the way that I work. I’ve learned that the less I leave the keyboard to use the mouse the more I can get done, especially if I just need to start an app.
The Start Menu was introduced to the world with Windows 95 and has gone through many iterations since. Since Windows Vista, Microsoft built search into the Start Menu to help us “quickly” find the apps we wanted to use. Unfortunately it hasn’t been very fast, perhaps because the search is also accessing an index of files and email as well. In 2007 Launchy was created to be a single purpose application launcher to quickly start apps based upon keystrokes. Once I taught myself to use it, I have never looked back. I still use the Start Menu for various purposes, but to start my apps I just press Alt + Space, type a few letters and press Enter.
With Windows 8/8.1 and Windows 10 Microsoft is moving to a new style of app which has gone by many names, Metro, Modern, Windows Store, and now Universal Windows Platform (UWP). These apps are packaged into a Appx format and run in isolated ‘containers’. These UWP apps are registered into the modern Start Menu, but not as shortcut files which means Launchy can’t index them. I set out on a journey to figure out a way to get Launchy to “see” these apps so that I can keep my hands on the keyboard.
My first thought was to find the exe that associated with the UWP app. UWP apps are installed in two locations.
Paths to UWP Apps
However running those exe’s didn’t seem to do anything, or it popped up the SmartScreen warning.
I did find the processes suspended in the task manager.
It seems like these exe’s have to be launched via the container or host process. I hit a dead end, or it was time for another approach.
I found some information on the Googles (actually Duckduckgo) on UWP apps registering protocols which can be used to launch the app. Now we were on to something. The blogs and documentation I found listed example apps and their protocols, but not how to retrieve them. I decided to look into the PowerShell Appx module.
Cmdlets for Appx Module
CommandType Name Version Source
I started with Get-AppxPackage to see what properties the cmdlet would output. The only properties I found that were useful were Name and InstallLocation.
From there I browsed the xml tree until I could find and isolate the protocol. Now that I had a found a way to get the protocol for UWP apps, I had to look up some code for creating shortcuts from PowerShell using the COMObject.
Instead of making one “big” script to do the whole process I decided to make one script per tool. One script’s job was to “get” the protocol of an UWP app and then another script to create the shortcuts.