PowerShell | Alex Ø. T. Hansen

Alex Ø. T. Hansen

18/06/2018

SCCM – Cloud Management Gateway and Cloud Distribution Point

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in Microsoft Azure, you can manage traditional clients that roam on the internet without additional infrastructure. You also don’t need to expose your on-premises infrastructure to the internet.

A cloud-based distribution point is a System Center Configuration Manager distribution point that is hosted in Microsoft Azure. The following information is intended to help you learn about configurations and limitations for using a cloud-based distribution point.

In this step-by-step guide, I will demonstrate how to configure and establish a Cloud Management Gateway (CMG) and Cloud Distribution Point (CDP) in SCCM and Azure.

In order to walk you through the entire process of setting up the Cloud Management Gateway and Cloud Distribution Point features, I am going to break this down into 6 parts.

Overview
Certificates
Azure Service
Cloud Management Gateway
Cloud Distribution Point
Log Files

Alex Ø. T. Hansen

19/05/2018

PowerShell – Intune Local Administrator Password Solution (iLAPS)

If you have devices that is connected to an on-premise, you would certainly configure the Local Administrator Password Solution (LAPS), which allows unique password for each local administrator across the enterprise network.

Unfortunately this method only works when you have on-premise devices, but what about Azure AD Joined machines? – A short answer is “no”.

LAPS takes advantage of 2 attributes in the local Active Directory, these attributes are not available in Azure AD.

Therefor I have created a small application that mimic the same behavior for Azure AD devices, which I call “iLAPS” for Intune Local Administrator Password Solution.

Alex Ø. T. Hansen

17/05/2018

PowerShell – Symmetric Encryption

You can use this PowerShell function to encrypt/decrypt data with a secret key.

I re-wrote the functions from Travis Gan, for a better overview and also added comments to the code.

Use free of charge!

Alex Ø. T. Hansen

16/05/2018

PowerShell – Azure Storage Using REST API

Yo! I’m back again. This time I have been playing around with Azure Table Storage.

Azure Table storage is a service that stores structured NoSQL data in the cloud, providing a key/attribute store with a schema less design. Because table storage is schema less, it’s easy to adapt your data as the needs of your application evolve. Access to Table storage data is fast and cost-effective for many types of applications, and is typically lower in cost than traditional SQL for similar volumes of data.

You need to create a storage account in an Azure subscription and generate a shared access signature, prior before using the code below.

I created some lightweight functions that allows you to insert and get data from a table with PowerShell, using REST API.

Alex Ø. T. Hansen

15/05/2018

PowerShell – Invoke-Ping

Just wrote a small PowerShell function that can output ping results to a file including timeouts and unreachable information. This is not something the native Test-NetConnection cmdlet can do (prove me wrong?) unfortunately.

Use the function free of charge.

Alex Ø. T. Hansen

25/10/2017

SolarWinds Orion – Certificate Expiration Template

I’m back again with one more PowerShell script, this time getting certificate expiration warnings from Windows machines.

You can use the PowerShell script below to create a template and get warnings, critical, down etc. if a certificate is close to expiration or already is expired.

Alex Ø. T. Hansen

08/08/2017

WSUS – High CPU due to “supersedence” updates.

Lately I have been seeing high CPU (90-100%) usage on servers where the Windows Server Updates Services (WSUS) is installed.

This is mainly caused by updates that is superseded, and is filling the database causing the CPU to spike.

Alex Ø. T. Hansen

14/06/2017

PowerShell – Create a TFS team project with PowerShell using REST API

I’m back again with a new PowerShell script to create a TFS project without Power Tools (which isn’t supported on TFS 15+).

Function Create-PSCredential
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true, HelpMessage="Please provide a valid username, example 'Domain\Username'.")]$Username,
        [Parameter(Mandatory=$true, HelpMessage="Please provide a valid password, example 'MyPassw0rd!'.")]$Password
    )

    #Convert the password to a secure string.
    $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force;

    #Convert $Username and $SecurePassword to a credential object.
    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword;

    #Return the credential object.
    Return $Credential;
}

Function Create-TFSProject
{
    Param
    (
        [Parameter(Mandatory=$true, HelpMessage="Specify a TFS URL, example: 'https://source.something.com/tfs'")]$URL,
        [Parameter(Mandatory=$true, HelpMessage="Specify a valid version control, example: 'TFS' or 'GIT'")][ValidateSet("TFS", "GIT")]$VersionControl,
        [Parameter(Mandatory=$true, HelpMessage="Specify a TFS Collection, example: 'Netcompany'")][ValidateSet("MyCollection1", "MyCollection2", "MyCollection3", "MyCollection4")]$Collection,
        [Parameter(Mandatory=$true, HelpMessage="Specify a TFS Project, example: 'NC12345'")]$Project,
        [Parameter(Mandatory=$true, HelpMessage="Specify a TFS Project Decription, example: 'This project is used for coding stuff'")]$Description,
        [Parameter(Mandatory=$true, HelpMessage="Specify a TFS Process Template, example: 'Scrum'")][ValidateSet("Agile", "Scrum", "CMMI")]$Template,
        [Parameter(Mandatory=$true, HelpMessage="Specify a TFS Administrator Credential")]$Credential
    )

    #Set the correct template ID.
    Switch($Template)
    {
        "Agile" {$TemplateID = "adcc42ab-9882-485e-a3ed-7678f01f66bc"}
        "Scrum" {$TemplateID = "6b724908-ef14-45cf-84f8-768b5384da45"}
        "CMMI" {$TemplateID = "27450541-8e31-4150-9947-dc59f998fc01"}
    }

    #Set the correct VCS ID.
    Switch($VersionControl)
    {
        "TFS" {$VersionControlID = "Tfvc"}
        "GIT" {$VersionControlID = "Git"}
    }

    #Construct the URI for the JSON.
    $URI = ($URL + "/" + $Collection + "/" + "_apis/projects?api-version=2.0-preview");

    #Trust all certificates.
    add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

    #Construct the JSON.
    $Body = @{
            name = "$Project"
            Description = "$Description"
            capabilities = @{
                versioncontrol = @{
                    sourceControlType = "$VersionControlID"
                }
                processTemplate = @{
                    templateTypeId = "$TemplateID"
                }
            }
        } | ConvertTo-Json

    #Execute the invoke rest API.
    Invoke-RestMethod -Method Post -Credential ($Credential) -uri ($URI) -Body ($Body) -ContentType "application/json";
}

#Credential to create the project with.
$Username = "Domain\Username";
$Password = "MySecretPassword";

#Call the function.
Create-TFSProject -VersionControl GIT -Collection MyCollection1 -Project "MyTestProject" -Description "Testing project creation on TFS" -Template Scrum -Credential (Create-PSCredential -Username $Username -Password $Password);

Function Create-PSCredential

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true, HelpMessage="Please provide a valid username, example 'Domain\Username'.")]$Username,

[Parameter(Mandatory=$true, HelpMessage="Please provide a valid password, example 'MyPassw0rd!'.")]$Password

)

#Convert the password to a secure string.

$SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force;

#Convert $Username and $SecurePassword to a credential object.

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword;

#Return the credential object.

Return $Credential;

}

Function Create-TFSProject

{

Param

(

[Parameter(Mandatory=$true, HelpMessage="Specify a TFS URL, example: 'https://source.something.com/tfs'")]$URL,

[Parameter(Mandatory=$true, HelpMessage="Specify a valid version control, example: 'TFS' or 'GIT'")][ValidateSet("TFS", "GIT")]$VersionControl,

[Parameter(Mandatory=$true, HelpMessage="Specify a TFS Collection, example: 'Netcompany'")][ValidateSet("MyCollection1", "MyCollection2", "MyCollection3", "MyCollection4")]$Collection,

[Parameter(Mandatory=$true, HelpMessage="Specify a TFS Project, example: 'NC12345'")]$Project,

[Parameter(Mandatory=$true, HelpMessage="Specify a TFS Project Decription, example: 'This project is used for coding stuff'")]$Description,

[Parameter(Mandatory=$true, HelpMessage="Specify a TFS Process Template, example: 'Scrum'")][ValidateSet("Agile", "Scrum", "CMMI")]$Template,

[Parameter(Mandatory=$true, HelpMessage="Specify a TFS Administrator Credential")]$Credential

)

#Set the correct template ID.

Switch($Template)

{

"Agile" {$TemplateID = "adcc42ab-9882-485e-a3ed-7678f01f66bc"}

"Scrum" {$TemplateID = "6b724908-ef14-45cf-84f8-768b5384da45"}

"CMMI" {$TemplateID = "27450541-8e31-4150-9947-dc59f998fc01"}

}

#Set the correct VCS ID.

Switch($VersionControl)

{

"TFS" {$VersionControlID = "Tfvc"}

"GIT" {$VersionControlID = "Git"}

}

#Construct the URI for the JSON.

$URI = ($URL + "/" + $Collection + "/" + "_apis/projects?api-version=2.0-preview");

#Trust all certificates.

add-type @"

using System.Net;

using System.Security.Cryptography.X509Certificates;

public class TrustAllCertsPolicy : ICertificatePolicy {

public bool CheckValidationResult(

ServicePoint srvPoint, X509Certificate certificate,

WebRequest request, int certificateProblem) {

return true;

}

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

#Construct the JSON.

$Body = @{

name = "$Project"

Description = "$Description"

capabilities = @{

versioncontrol = @{

sourceControlType = "$VersionControlID"

}

processTemplate = @{

templateTypeId = "$TemplateID"

}

} | ConvertTo-Json

#Execute the invoke rest API.

Invoke-RestMethod -Method Post -Credential ($Credential) -uri ($URI) -Body ($Body) -ContentType "application/json";

}

#Credential to create the project with.

$Username = "Domain\Username";

$Password = "MySecretPassword";

#Call the function.

Create-TFSProject -VersionControl GIT -Collection MyCollection1 -Project "MyTestProject" -Description "Testing project creation on TFS" -Template Scrum -Credential (Create-PSCredential -Username $Username -Password $Password);

Alex Ø. T. Hansen

12/06/2017

PowerShell – Automated Remote Desktop Services (RDS) web feed.

Recently I wanted to make it easy for users to add a Remote Desktop Service web feed through group policies. I created a script that needs to be run in the user context.

You need to specify a URL in the script as a variable.

Alex Ø. T. Hansen

08/06/2017

PowerShell – Find nested Active Directory members of a group

Lately I found out that the following doesn’t always work, I had problem with returning all users in a group.

Get-ADGroupMember -Recursive

1	Get-ADGroupMember -Recursive

So I have created a small PowerShell function that basically does the same thing. Use it free of charge!

Function Get-ADNestedGroups
{
    [cmdletbinding()]

    Param
    (
        [Parameter(Mandatory=$true, HelpMessage="Please provide a valid identity.")]$Identity
    )

    #Get all groups/users of the root group.
    $Members = Get-ADGroupMember -Identity $Identity;

    #Foreach member in the group.
    Foreach($Member in $Members)
    {
        #If the member is a group.
        If($Member.ObjectClass -eq "group")
        {
            #Run the function again against the group.
            $Users += Get-ADNestedGroups -Identity $Member.distinguishedName;
        }
        Else
        {
            #Add the user to the object array.
            $Users += @($Member);
        }
    }

    #Return the users
    Return ,$Users;
}

$Users = Get-ADNestedGroups -Identity "Domain Users";

Function Get-ADNestedGroups

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true, HelpMessage="Please provide a valid identity.")]$Identity

)

#Get all groups/users of the root group.

$Members = Get-ADGroupMember -Identity $Identity;

#Foreach member in the group.

Foreach($Member in $Members)

{

#If the member is a group.

If($Member.ObjectClass -eq "group")

{

#Run the function again against the group.

$Users += Get-ADNestedGroups -Identity $Member.distinguishedName;

}

Else

{

#Add the user to the object array.

$Users += @($Member);

}

#Return the users

Return ,$Users;

}

$Users = Get-ADNestedGroups -Identity "Domain Users";