Test Eventlog Eintrag erzeugen

Posted by O.Sommer

Will man, z.B. für Monitoring Tools wie SCOM, GFI MAX oder ähnliche Tools eine Überwachung auf bestimmte Events einführen, so steht man häufiger vor dem Problem wie man diese Eventüberwachung testen kann.
Eine einfache Möglichkeit ist ein Event manuell im LOG zu erzeugen:
Hierzu kann Write-Eventlog in Powershell verwendet werden:

NAME
    Write-EventLog

SYNOPSIS
    Writes an event to an event log.

SYNTAX
    Write-EventLog [-LogName] <string> [-Source] <string> [-EventID] <int> [-Message] <string> [[-EntryType] {Error | W
    arning | Information | SuccessAudit | FailureAudit}] [-Category <Int16>] [-ComputerName <string>] [-RawData <Byte[]
    >] [<CommonParameters>]

DESCRIPTION
    The Write-EventLog cmdlet writes an event to an event log.

    To write an event to an event log, the event log must exist on the computer and the source must be registered for t
    he event log.

    The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events fr
    om logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.

Beispiel:

Write-EventLog -EventId 4120 -LogName EASY -Source Portal -Message "TEST" -EntryType Error

http://technet.microsoft.com/de-de/library/hh849847(v=wps.620).aspx

Testen von Powershell Skripts in Powershell v1 wenn Version 2 oder v3 installiert sind

Posted by O.Sommer

Man kann verhältnismäßig einfach testen ob Skripte unter älteren Powershell Versionen laufen indem man den Version Parameter bei Starten der Powershell.exe verwendet

Powershell.exe –version 2.0

siehe auch: http://nathanhoneycutt.net/blog/running-powershell-2-scripts-after-installing-powershell-3/

How to use Powershell to remotely disable a networkadapter on an array of computers

Posted by O.Sommer

Today I had the challenge to disable a specifically named NIC on a larger number of Hyper-V hosts, because that card was causing issues with the cluster compatibility check when joining those Nodes to a Windows Hyper-V Cluster.
I found that disabling 64 Networkadapters on 64 Servers would take a while if you use RDP to remote into each server, so I wrote this little script to automate this using Remote Powershell, which is enabled by default if those computers are Part of a domain, or I enabled it during the deployment phase, which I can not remember right now:

# ask for Admin password
$cred = Get-Credential -Credential hypercluster\Administrator
# run through all i nodes and disable USB NIC
for ($i = 1;$i -le 64;$i++){
Echo Node$i
Enter-PSSession -ComputerName Node$i -Credential $cred
$usbnic = Get-WmiObject win32_networkadapter | where {$_.name -eq "IBM USB Remote NDIS Network Device"}
$usbnic.disable()
}
# exit remote Powershell
exit


EDIT:
This is an optimized version of the upper script and I also added a line that disables all disconnected networkcards:

# ask for Admin password
$cred = Get-Credential -Credential hypercluster\Administrator
# run through all i nodes and disable USB NIC
for ($i = 1;$i -le 64;$i++){
Echo Node$i
Enter-PSSession -ComputerName Node$i -Credential $cred
(Get-WmiObject win32_networkadapter -ComputerName Node$i | where {$_.name -eq "IBM USB Remote NDIS Network Device"}).Disable()
# use the following lien to disable all disconnected (unpluged networkcable) NICs
# (Get-WmiObject win32_networkadapter -ComputerName Node$i -Filter 'NetConnectionStatus= 7').Disable()

 

Edit2:
To shutdown an array of servers via Powershell i used this version of the script:

# ask for Admin password
$cred = Get-Credential -Credential hypercluster\Administrator
# run through all i nodes and shutdown each one
for ($i = 1;$i -le 64;$i++){
Echo Node$i
stop-Computer –ComputerName node$i –Credential $cred –force

DirectAccess für Essentials 2012 via Powershell Skript

Posted by O.Sommer

Die von Microsoft in der Technet unter

http://technet.microsoft.com/en-us/library/jj204618.aspx

und von meinem MVP Kollegen aus England Robert Pearman unter

http://titlerequired.com/2012/10/15/enable-directaccess-on-windows-server-2012-essentials/

bebilderte Anleitung zur Konfiguration von DirectAccess für Essentials 2012 Server hat einen nicht unwesentlichen Nachteil:

Die Anleitungen sind beide für englischsprachige Server.
Insbesondere das in der Theorie nahezu automatisierte Powershellskript am Ende des TechentArtikel zur Konfiguration eines Essentials 2012 funktioniert auf deutschen Systemen nicht und wirft diverse Fehler.

Mit etwas Einsatz kann man aber die richtigen deutschen Namen für Sicherheitsgruppen und Gruppenrichtlinen sowie Firewallregeln herausbekommen und in dem Skript korrigieren.

Damit ist es mir gelungen mit dem Powershellskript, sowie den im TechNet Artikel beschriebenen Vorarbeiten

  • Follow the procedure in Step 3: Prepare a certificate and DNS record for the network location server to enroll a certificate named DirectAccess-NLS.contoso.com (where contoso.com is replaced by your actual internal domain name), and to add a DNS record for the network location server (NLS).
  • Add a security group named DirectAccessClients in Active Directory, and then add client computers for which you want to provide the DirectAccess functionality.

eine funktionierende Essentials 2012 Umgebung mit DirectAccess Zugriff zu konfigurieren:

image

Das von mir (mehrfach) verwendete Skript lautet:

#Add Remote Access role if not installed yet
$ra = Get-WindowsFeature RemoteAccess
If ($ra.Installed -eq $FALSE) { Add-WindowsFeature RemoteAccess }

#Server may need to restart if you installed RemoteAccess role in the above step

 

#Set the internet domain name to access server, replace contoso.com below with your own domain name
$InternetDomain = "remote.sbsfaq.de"
#Set the SG name which you create for DA clients
$DaSecurityGroup = "DirectAccessClients"
#Set the internal domain name
$InternalDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name

#Set static IP and DNS settings
$NetConfig = Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "IPEnabled=$true"
$CurrentIP = $NetConfig.IPAddress[0]
$SubnetMask = $NetConfig.IPSubnet | Where-Object{$_ -like "*.*.*.*"}
$NetConfig.EnableStatic($CurrentIP, $SubnetMask)
$NetConfig.SetGateways($NetConfig.DefaultIPGateway)
$NetConfig.SetDNSServerSearchOrder($CurrentIP)

#Get physical adapter name and the certificate for NLS server
$Adapter = (Get-WmiObject -Class Win32_NetworkAdapter -Filter "NetEnabled=$true").NetConnectionId
$Certs = dir cert:\LocalMachine\My
$nlscert = $certs | Where-Object{$_.Subject -like "*CN=DirectAccess-NLS*"}

#Add regkey to bypass CA cert for IPsec authentication
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters -Name ikeflags -Type DWORD -Value 0x8000

#Install DirectAccess.
Install-RemoteAccess -NoPrerequisite  -DAInstallType FullInstall  -InternetInterface $Adapter  -InternalInterface $Adapter -ConnectToAddress $InternetDomain -nlscertificate $nlscert -force

#Restart Remote Access Management service
Restart-Service RaMgmtSvc

#Remove the unnecessary IPv6 prefix GPO
$key = Get-ChildItem -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\RemoteAccess\config\MachineSIDs | Where-Object{$_.GetValue("IPv6RrasPrefix") -ne $null}
Remove-GPRegistryValue -Name "DirectAccess-Servereinstellungen" -Key $key.Name -ValueName IPv6RrasPrefix
gpupdate

#Set the appropriate security group used for DA client computers. Replace the group name below with the one you created for DA clients
Add-DAClient -SecurityGroupNameList $DaSecurityGroup
Remove-DAClient -SecurityGroupNameList "Domänencomputer"
Set-DAClient -OnlyRemoteComputers Disabled

#Gather DNS64 IP address information
$Remoteaccess = get-remoteaccess
$IPinterface = get-netipinterface -InterfaceAlias IPHTTPSInterface | get-netipaddress -PrefixLength 128
$DNS64IP=$IPInterface[1].IPaddress
$Natconfig = Get-NetNatTransitionConfiguration

# Configure TCP and UDP firewall rules for the DirectAccess server GPO
$GpoName = 'GPO:'+$InternalDomain+'\DirectAccess-Servereinstellungen'
Get-NetFirewallRule -PolicyStore $GpoName -Displayname "Domänennamenserver (TCP eingehend)"|Get-NetFirewallAddressFilter | Set-NetFirewallAddressFilter -LocalAddress $DNS64IP
Get-NetFirewallrule -PolicyStore $GpoName -Displayname "Domänennamenserver (UDP eingehend)"|Get-NetFirewallAddressFilter | Set-NetFirewallAddressFilter -LocalAddress $DNS64IP

# Configure the name resolution policy settings for the DirectAccess server, replace the DNS suffix below with the one in your domain
$Suffix = '.' + $InternalDomain
set-daclientdnsconfiguration -DNSsuffix $Suffix -DNSIPAddress $DNS64IP

# Change the DNS64 configuration to listen to IP-HTTPS interface
Set-NetDnsTransitionConfiguration -AcceptInterface IPHTTPSInterface

# Copy the necessary files to NLS site folder
XCOPY 'C:\inetpub\wwwroot' 'C:\Program Files\Windows Server\Bin\WebApps\Site\insideoutside' /E
XCOPY 'C:\Program Files\Windows Server\Bin\WebApps\Site\Default.aspx' 'C:\Program Files\Windows Server\Bin\WebApps\Site\insideoutside'

# Reserve port for NAT64

Set-NetNatTransitionConfiguration –IPv4AddressPortPool @("$CurrentIP, 10000-47000")

Restart-Service winnat

 

Ich habe bisher keine negativen Folgen des mehrfachen Durchlaufes des Skriptes gefunden, lege aber trotzdem jedem die üblichen Sicherheitsmaßnahmen nahe (Backup, etc.).

Letztlich habe ich mittels der neuen “Powershell ISE” das Skript dann Abschnittsweise durchlaufen lassen, weil immer noch Fehler auftraten und ich die finden wollte:

image