#Variable
$TLS_Update_64bit = "C:\tmp\Windows6.1-KB2574819-v2-x64_DTLS.msu"
$RDP8_Update_64bit = "C:\tmp\Windows6.1-KB2592687-x64_RDP8.msu"
ForEach($computer in $(Get-Content "C:\tmp\computers.txt")){
#Check Architecture 32 bit or 64 bit
If($(Get-WmiObject Win32_OperatingSystem -ComputerName $computer).OSArchitecture -eq "64-bit"){
#Copy MSU files to Workstations
Copy-Item $TLS_Update_64bit,$RDP8_Update_64bit "\\$computer\c$\temp\" -Force
& C:\tmp\PsExec.exe -s -d \\$computer powershell.exe "enable-psremoting -force"
#Use PsExec to install MSU file
& C:\tmp\PsExec.exe -s -high \\$computer wusa c:\temp\Windows6.1-KB2574819-v2-x64_DTLS.msu /passive /quiet /norestart
& C:\tmp\PsExec.exe -s -high \\$computer wusa c:\temp\Windows6.1-KB2592687-x64_RDP8.msu /passive /quiet /norestart
#Check for results of the Install
if ($LastExitCode -eq 3010,2359302) {
$ConfirmReboot = $False
} else {
$ConfirmReboot = $True
}
#Check to verify Updates are installed
Get-Hotfix -id KB2574819 -computername $computer
Get-Hotfix -id KB2592687 -computername $computer
#Remove MSU files from host
Remove-Item "\\$computer\c$\Temp\Windows6.1-KB2574819-v2-x64_DTLS.msu"
Remove-Item "\\$computer\c$\Temp\Windows6.1-KB2592687-x64_RDP8.msu"
Write-Host "Files $TLS_Update_64bit and $RDP8_Update_64bit do not exist on the target Computer"
Write-Host "Restarting $computer..."
#Initiate a host reboot if needed
Restart-Computer -ComputerName $computer -Force -Confirm:$ConfirmReboot
}
}
Friday, December 11, 2015
Friday, November 13, 2015
PowerShell script to collect all Windows 2008 Servers in Active Directory.
Get-ADComputer
The cmdlet of choice for inventorying computers through AD is Get-ADComputer. This command automatically searches for computer objects throughout a domain, returning all sorts of info.
Import the ActiveDirectory module:
Then if I want to see all the details about using this cmdlet, I run:
Get-Help Get-ADComputer -Full
As you get comfortable with AD PowerShell, I highly recommend that you start tuning for less data to be returned - the "filter left, format right" model described here by Ned Pyle.
Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap –Auto
This command is filtering all computers for all their properties. It then feeds the data (using that pipe symbol) into a formatted table. The only attributes that the table contains are the computer name, operating system description, service pack, and OS version. It also automatically sizes and wraps the data. When run, you see:
One Windows Server 2003 computer needs Service Pack 2 installed and there are still Windows 2000 servers running.
Now break down the results with filters:
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
You can change the filter to find all the computers that are running “Windows Server something”, using the –like filter.
Now only servers are listed. Where did the Windows 2000 server go? Microsoft didn’t start calling OS’s “Windows Server” until 2003. Before that it was “Windows 2000 Server”. We need to change the filter a bit:
Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Just added an extra asterisk to Server (*Server*).
As you can see, this environment has a variety of Windows server versions running. We are interested only in the ones that are running Windows Server 2008 or Windows Server 2008 R2. Once we get that, I might just want to see the R2 servers – We run these two sets of commands:
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*2008*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*r2*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Only R2 Servers:
Get-ADComputer -Filter {OperatingSystem -NotLike "*server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Get-ADComputer -Filter {OperatingSystemVersion -ge "6"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemVersion -Wrap -Auto
Filtering on operating system version needs to be equal to or greater than 6. This means that computers that have a kernel version of 6 (Vista and 2008) or higher will be returned:
For Windows Server 2008 R2 and Windows 7 family of computers, we change the filter slightly:
Get-ADComputer -Filter {OperatingSystemVersion -ge "6.1"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemVersion -Wrap -Auto
Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-CSV AllWindows.csv -NoTypeInformation -Encoding UTF8
Open AllWindows.CSV file in Excel and:
The cmdlet of choice for inventorying computers through AD is Get-ADComputer. This command automatically searches for computer objects throughout a domain, returning all sorts of info.
Import the ActiveDirectory module:
Then if I want to see all the details about using this cmdlet, I run:
Get-Help Get-ADComputer -Full
As you get comfortable with AD PowerShell, I highly recommend that you start tuning for less data to be returned - the "filter left, format right" model described here by Ned Pyle.
Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap –Auto
This command is filtering all computers for all their properties. It then feeds the data (using that pipe symbol) into a formatted table. The only attributes that the table contains are the computer name, operating system description, service pack, and OS version. It also automatically sizes and wraps the data. When run, you see:
One Windows Server 2003 computer needs Service Pack 2 installed and there are still Windows 2000 servers running.
Server Filtering
Now break down the results with filters:
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
You can change the filter to find all the computers that are running “Windows Server something”, using the –like filter.
Now only servers are listed. Where did the Windows 2000 server go? Microsoft didn’t start calling OS’s “Windows Server” until 2003. Before that it was “Windows 2000 Server”. We need to change the filter a bit:
Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Just added an extra asterisk to Server (*Server*).
As you can see, this environment has a variety of Windows server versions running. We are interested only in the ones that are running Windows Server 2008 or Windows Server 2008 R2. Once we get that, I might just want to see the R2 servers – We run these two sets of commands:
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*2008*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*r2*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Only R2 Servers:
Workstation Filtering
Simply switch from -Like to -Notlike from my previous server query:Get-ADComputer -Filter {OperatingSystem -NotLike "*server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Family filtering
If you want to filter by the “family” of operating systems. This can be useful when trying to identify computers that started having a special capability in one OS release and all subsequent releases, or we don’t care about it being server or workstation. Example would be BitLocker – it only works on Windows Vista, Windows Server 2008, and later. run:Get-ADComputer -Filter {OperatingSystemVersion -ge "6"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemVersion -Wrap -Auto
Filtering on operating system version needs to be equal to or greater than 6. This means that computers that have a kernel version of 6 (Vista and 2008) or higher will be returned:
For Windows Server 2008 R2 and Windows 7 family of computers, we change the filter slightly:
Get-ADComputer -Filter {OperatingSystemVersion -ge "6.1"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemVersion -Wrap -Auto
Getting it all into a file
This is where Export-CSV comes in. With the chaining of an additional pipeline I can find all the computers, select the attributes I find valuable for them, then send them into a comma-separated text file.Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-CSV AllWindows.csv -NoTypeInformation -Encoding UTF8
Open AllWindows.CSV file in Excel and:
Wednesday, October 28, 2015
Inventorying Active Directory Computers with Powershell
Get-ADComputer
The cmdlet of choice for inventorying computers through AD is Get-ADComputer. This command automatically searches for computer objects throughout a domain, returning all sorts of info.Import the ActiveDirectory module:
Then if I want to see all the details about using this cmdlet, I run:
Get-Help Get-ADComputer -Full
As you get comfortable with AD PowerShell, I highly recommend that you start tuning for less data to be returned - the "filter left, format right" model described here by Ned Pyle.
Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap –Auto
This command is filtering all computers for all their properties. It then feeds the data (using that pipe symbol) into a formatted table. The only attributes that the table contains are the computer name, operating system description, service pack, and OS version. It also automatically sizes and wraps the data. When run, you see:
One Windows Server 2003 computer needs Service Pack 2 installed and there are still Windows 2000 servers running.
Server Filtering
Now break down the results with filters:Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
You can change the filter to find all the computers that are running “Windows Server something”, using the –like filter.
Now only servers are listed. Where did the Windows 2000 server go? Microsoft didn’t start calling OS’s “Windows Server” until 2003. Before that it was “Windows 2000 Server”. We need to change the filter a bit:
Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Just added an extra asterisk to Server (*Server*).
As you can see, this environment has a variety of Windows server versions running. We are interested only in the ones that are running Windows Server 2008 or Windows Server 2008 R2. Once we get that, I might just want to see the R2 servers – We run these two sets of commands:
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*2008*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*r2*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Only R2 Servers:
Workstation Filtering
Simply switch from -Like to -Notlike from my previous server query:Get-ADComputer -Filter {OperatingSystem -NotLike "*server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Family filtering
If you want to filter by the “family” of operating systems. This can be useful when trying to identify computers that started having a special capability in one OS release and all subsequent releases, or we don’t care about it being server or workstation. Example would be BitLocker – it only works on Windows Vista, Windows Server 2008, and later. run:
Get-ADComputer -Filter {OperatingSystemVersion -ge "6"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemVersion -Wrap -Auto
Filtering on operating system version needs to be equal to or greater than 6. This means that computers that have a kernel version of 6 (Vista and 2008) or higher will be returned:
For Windows Server 2008 R2 and Windows 7 family of computers, we change the filter slightly:
Get-ADComputer -Filter {OperatingSystemVersion -ge "6.1"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemVersion -Wrap -Auto
Getting it all into a file
This is where Export-CSV comes in. With the chaining of an additional pipeline I can find all the computers, select the attributes I find valuable for them, then send them into a comma-separated text file.Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-CSV AllWindows.csv -NoTypeInformation -Encoding UTF8
Open AllWindows.CSV file in Excel and:
Monday, October 27, 2014
.NET 4.5 Installation failed with error code: (0x800B010B), "Generic trust failure”
Microsoft .NET Framework 4.0 Updates/Patches might fail during installation with the following error message "Generic trust failure."
As per the install failure log:
C:\4048b65f65ff4dcceb\NDP40-KB2656405.msp
- Signature verification for file NDP40-KB2656405.msp
(c:\4048b65f65ff4dcceb\NDP40-KB2656405.msp) failed with error 0x800b010e (The revocation process could not continue - the certificate(s) could not be checked.)
[8/9/2012, 9:55:26] c:\4048b65f65ff4dcceb\NDP40-KB2656405.msp Signature could not be verified for NDP40-KB2656405.msp
[8/9/2012, 9:55:26]No FileHash provided. Cannot perform FileHash verification for NDP40-KB2656405.msp
File NDP40-KB2656405.msp (c:\4048b65f65ff4dcceb\NDP40-KB2656405.msp), failed authentication. (Error = -2146762482). It is recommended that you delete this file and retry setup again.
[8/9/2012, 9:55:26]Failed to verify and authenticate the file -c:\4048b65f65ff4dcceb\NDP40-KB2656405.msp
Final Result: Installation failed with error code: (0x800B010B), "Generic trust failure. "
The above error code indicates the below information:
# for decimal -2146762482 / hex 0x800b010e
CERT_E_REVOCATION_FAILURE
# The revocation process could not continue - the
# certificate(s) could not be checked.
Make sure that the following registry key is set on the system:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
If this setting still fails to install .NET then also make a change to the following registry key:
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
The DWORD State value is 23c00.
............................................................................................................................................................
The
above value indicates that revocation checks occur when validating the
Authenticode digital signatures on downloaded programs and ActiveX
controls. You can find the settings from IE browser:
Tools, Internet Options, Advanced tab, you will find the two options which control revocation checking. Check for server certificate revocation controls whether revocation checks occur for HTTPS connections. Check for publisher’s certificate revocation
controls whether revocation checks occur when validating the
Authenticode digital signatures on downloaded programs and ActiveX
controls.
Subscribe to:
Posts (Atom)