Thursday, April 27, 2017

Using VMware vSphere Update Manager with PowerCLI

In a vSphere environment, VMware states that vSphere Update Manager (VUM) is the preferred method of upgrading and patching vSphere. Fortunately, for PowerShell users, PowerCLI supports performing the functions of VUM.
Using VUM to upgrade ESXi hosts in a GUI is a relatively straight forward process which is shown on 4sysps here by Jim Jones. Using PowerCLI, I will show you how to update a single ESXi host and an entire cluster. Please note I am using PowerShell v5.1, PowerCLI v6.3 and vSphere v6 in these examples.
Update Manager baselines
VUM uses baselines, which are a group of patches that you can “attach” to a template, virtual machine, ESXi host, cluster, data center, folder, or VApp. After a baseline is attached to one of these entities you can scan to see if it is in compliance, meaning if it is missing any patches that apply to it in the baseline. Below you can see how to retrieve compliance information about a host with the Get-Compliance cmdlet.
$Baseline = Get-Baseline -Name 'Critical Host Patches (Predefined)'
C:\> Get-Compliance -Entity VMHost-1 -Baseline $Baseline
Entity                       Baseline                               Status
------                       --------                               ------
VMHost-1                     Critical Host Patches (Predefined)     Compliant

In this article I will be using the “Critical Host Patches” baseline exclusively. This is a built-in baseline that will include any critical patch for your ESXi hosts.

Import hosted Chocolatey packages into Microsoft Deployment Toolkit

For users of Microsoft Deployment Toolkit (MDT) the ability to separate applications from the OS during deployment is a great feature. It is a much easier way to manage and deploy packages during the imaging process. Thankfully for Chocolatey users, MDT allows admins to have applications that do not have source files, in this case just a command like "choco install dropbox -y".

Most organizations that use Chocolatey have their own hosted NuGet server which they use to deploy packages from. In this example I have setup a Chocolatey simple server. To see what packages are on your hosted server you can run "choco list --source<server>".

So if you are using MDT and host a NuGet server how can we quickly import all your packages into MDT? We can use the MDT PSSnapin and Chocolatey CLI.

In this example I have my own hosted NuGet server "". I create a new PS drive to my MDT share "MDT", use "choco list" in order to get a list of my hosted packages and then loop through them to create an MDT application in the subfolder "test" for each package.

Just like that, Chocolatey deliciousness.

Thursday, April 20, 2017

Possessor of many skills, master of none - the IT generalist

The one single piece of technology I have spent the most time learning and exploring it is PowerShell. Since I began using it years ago, I quickly understood how awesome and useful it was to do my job, which is a Windows systems admin/engineer. More than anything else I do, I love building tools and automating things in IT operations. I find it extremely fulfilling. There is no greater feeling than taking a monotonous task and making it easily repeatable, to the point where you no longer have to worry about it because PowerShell just does it. It is fitting that my most coveted IT skill is in something that having deep knowledge and expertise in it alone, can't really get you a job because it is simply the method to use other technologies like Active Directory, Sharepoint, Exchange and many others.

I have always been most interested in understanding the gist of things and focusing on the breadth and not depth of a given technology. I have found that this usually does not bode well in job interviews. Inevitably, the interviewer will ask what key technologies I know and I always have a crappy answer, because I do not consider myself an "expert" in any one technology, outside of a language that is not used to create applications. Sure, I know Windows. I am a VCP so I am familiar with VMware. I dabble in Linux, but I probably can't talk in depth with professionals who use these exclusively or extensively.

I have written some code in Python. I have created algorithms to use with big data. I can troubleshoot Outlook issues. I can deploy a simple Exchange environment. I have worked with Sharepoint. I can write a simple bash script. I have done desktop support. I can troubleshoot and replace hardware. I can write an SQL query. I can write some HTML. I can setup a SAN. I took a class in PHP. I have deployed Puppet and Ansible. I know a bit of Cisco.

I love learning new technologies and playing with them, but most of the time that is where it stops.

So I am the possessor of many skills and the master of none. The IT generalist.

Tuesday, April 18, 2017

The new local user and group cmdlets in PowerShell 5.1

With the recent release of PowerShell 5.1—part of Windows Management Framework (WMF) 5.1—Microsoft introduced new cmdlets for working with local user and group accounts: Get-LocalUser, New-LocalUser, Remove-LocalUser, New-LocalGroup, Add-LocalGroupMember, and Get-LocalAdministrators. In this article, I will explore how to use these cmdlets by showing a few simple examples as well as how to perform some advanced tasks.

Prior to this release, having to perform tasks with local users and groups from the Windows command line could be cumbersome. It was necessary to revert to commands such as net user, VB scripting, or using the Active Directory Service Interfaces (ADSI) WinNT provider such as Sitaram showed here on 4sysops.


Wednesday, April 12, 2017

Using PSReleaseTools to install latest PowerShell v6 release on Mac

I have been throughly enjoying the use of PowerShell on my new MacBook since it arrived a few months ago. Each release gets better and better. One thing that annoyed me was constantly having to install the latest release from Github. Luckily, Jeff Hicks created a nifty module for doing that named PSReleaseTools. While this is a great tool for grabbing the latest PowerShell v6 package, it does not actually install the package on your machine.

For this reason I went ahead and created a small function to leverage PSReleaseTools and the Mac command-line tool Installpkg to somewhat automate the process of grabbing the latest version of PS and installing it. I say "somewhat" because it appears installpkg requires you to use sudo when installing a package, so that is part of the function. Keep in mind I threw this together this morning so it does not have much error checking or best practices used and there is much to be improved. It obviously requires you install Installpkg, which you can download here

Tuesday, April 11, 2017

How Chocolatey Business saved me from a Patch Tuesday disaster

First off, I will admit it. I have bad luck with Patch Tuesday and WSUS servers. Twice in the last two years my WSUS server has decided to crash prior to pushing out patches to my servers on a Patch Tuesday. Perhaps this is just my experience but it seems I need to rebuild my WSUS server at least once a year from some bizarre bug that hits me. I normally research the error, but after a while realize it is just easier to rebuild it. Needless to say the WSUS Gods hate me.

Tonight, I first got hit with this pretty little number -

After resolving it with the workaround, my WSUS synced updates successfully but was still acting funny as I received errors about it not being able to download update files. I realized that the server had crapped out two days ago as no clients had been reporting since then and I just did not realize it until now.

So here I was an hour before my scheduled outage with no WSUS server to hand out updates. Sh*t! Normally, I would resort to copying the .msu files to each server and then strictly using PSExec and PowerShell for this, but tonight another solution came to mind. Chocolatey.

I remembered that Chocolatey can actually create packages from .msu files and since Microsoft only hands out one big patch a month now for 2008/2012 servers all I had to do was create a package from the .msu files I needed and push them out.

So I downloaded the April 2017 patches for my servers and ran:
choco new --file=<.msu file> --build-package and like magic my packages were created. I pushed them to my hosted NuGet server, and then deployed them using PSExec (PS remoting does not seem to be an option with wusa.exe). All and all the process actually took less time than my normal routine of using Invoke-WUInstall from the PSWindowsUpdate module.

Moral of this story is, WSUS is about as dependable as the weather so always have a backup method of deploying patches.

Windows 10 in-place upgrade with PowerShell and MDT

In this article, I will demonstrate how to use Microsoft Deployment Toolkit (MDT) and PowerShell to create a reusable in-place upgrade pr...