Sunday, May 21, 2017

Using the Windows Defender PowerShell cmdlets

There are several ways to manage and configure Windows Defender, such as via the System Center Configuration Manager (SCCM), Desired State Configuration (DSC), Intune, and Group Policy. The Defender PowerShell module is another tool you can use. In this article, I will provide an introduction to the Defender module and examples of using its commands.

With the release of the Windows 10 Anniversary Update, Microsoft has improved their antivirus (AV) solution by adding features, including the ability to perform offline scans, cloud integration, and enhanced notifications as noted here. One advantage of Windows Defender over third-party AV products is Defender's built-in PowerShell support.

Running Get-Command -Module Defender shows the cmdlets you can use to work with Defender. Essentially, you can manage preferences, threats, definitions, scans, and get the current status of Windows Defender.


Thursday, May 18, 2017

What version of SMB are my clients connecting to my Windows server with?

In light of the recent WannaCry attack, this simple PowerShell one liner will give you some insight into what SMB version your clients are connect to your Windows servers with. This works with any server that is running 2012 and up. This gives the current SMB connections for all 2012 servers in your Active Directory domain.

Wednesday, May 17, 2017

The best training experience I ever had

First off, before I tell my story I will admit that I am very lucky and in more than one way. The story I will tell is not the norm, it is an exception.

I am fortunate enough to work at a phenomenal organization. It is an organization that treats their employees VERY well. The pay is great, the benefits are excellent, and the atmosphere is beautiful. Each year we are given an opportunity to take training in a particular area, online or in-person and with all expenses paid. As an IT professional I have attended many classroom trainings. Some past trainings have been in VMware, Red Hat, Netapp, PHP, Sharepoint among others. Some have been good, others have been not so good.

For those who have attended training, you know how it goes. They are usually geared towards certifications, which means they try to cram as much material down your throat as they can and at breakneck pace. By the third day, your brain is wiped out and you start to spend a lot of time checking work emails and not engaging in the classroom.

Last Fall I decided I wanted to take a class in PowerShell DSC, in particular the class DevOps Management Fundamentals using Desired State Configuration (DSC), with the instructor Jason Helmick. There were a few reasons for this choice. First, I have wanted to start using DSC for a while, but just haven't had to the time to sit down and learn it. I use PowerShell a lot, so I knew I would be able to pick it up fairly easily. Second, the training is not geared towards a certification. I hoped this meant there would be time to dive a little deeper into DSC and PowerShell (I was right). Third, I have used Puppet and Ansible, but I work primarily in Windows. They both support Windows but I would rather use a Windows-based config management solution. Fourth, the instructor was Jason Helmick, who I consider a "higher-up" in the PowerShell community. I knew I would be getting expert training. I had actually seen him teach a session at Ignite in Chicago a few years back.

As I arrived in Phoenix on day one of the training, I walked in and met Jason. For anyone who has met Jason before you would know he is extremely down to earth, smart, easy to talk to, and fun. Having seen him at Ignite I felt really lucky to have a chance to learn for him for a week. As I sat down I asked him how many other students would be attending. He said "just one". Now for an IT training to have only two attendees is not only rare, it's unheard of. Most trainings would get cancelled with only two attendees, but since it was a fairly new course they decided to run it. 

As we started getting into learning DSC, I soon learned this was not just another training, it was a once in a lifetime experience to learn from someone who knows a lot more than I am. Being there were only two students, it was easy to ask questions and get help on the labs. Not only that, but Jason was so open to sharing his knowledge that discussions about DSC turned into discussions about using PowerShell as well, which is just about my favorite topic in the world. I learned more in depth PowerShell that week than I have in the last year, because I had a great instructor that I could easily ask questions to without feeling like I was wasting the time of other students. It was awesome.

As the week ended, I felt comfortable using DSC and I was excited to go back home and start implementing it. Before I left though, I wanted to pick Jason's brain about one more topic, technical writing. I had long been interested in starting a blog and trying to establish myself as a technical author and here was a guy who is already a respected author at Pluralsight which is the best IT training site in my opinion. Jason was really supportive of my ambition to become an author, and gave me a few great nuggets of advice to help me get started in the field.

As I returned home I immediately starting working on this blog and reached out to a few sites to propose some ideas for articles. I was fortunate enough to be given the chance to write for 4sysops and Tom's IT Pro recently, which has been an awesome experience and I owe it all to Jason. I would not have tried writing without some inspiration from a great instructor who I was fortunate enough to have direct access to for a week.

In closing, I know I am fortunate for this training experience, but I guess the moral of the story is that if you have access to learn from someone who knows more than you do, do not waste that opportunity. Ask questions, learn, most professionals will be more than willing to share, especially in the PowerShell community. This is why PSHSummit is such a popular conference.

Wednesday, May 10, 2017

Automating Windows updates using the PowerShell PSWindowsUpdate module

I will admit it. I love PowerShell and if my choice is to use PowerShell over another tool to do just about anything, I am choosing PowerShell even if it may not be the "best" tool for the job. The PowerShell community is getting larger and larger as great developers are adding quality modules to PSGallery, but perhaps my favorite module so far is PSWindowsUpdate. This is a module created by Michal Gajda and is one of the most popular modules (222k downloads).

There are only two cmdlets I use for the most part with PSWindowsUpdate, Invoke-WUInstall along with Get-WUInstall. Invoke-WUInstall allows you to kick off the installation of patches remotely and it works beautifully.

Get-WUInstall actually downloads and installs the updates. To install all available updates and reboot when finished you can run Get-WUInstall -AcceptAll -AutoReboot locally.

How does it work?

A look inside the Get-WUInstall code and you will see the remoting is actually done via the task scheduler. A scheduled task is created and runs on the remote computer under the system account due to certain methods not available with PowerShell remoting (pretty cool way to get around this). The scheduled task is a PowerShell command that you specify. In my case I use Invoke-WUInstall -ComputerName <ComputerName> -Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll -AutoReboot  | Out-File C:\PSWindowsUpdate.log  } -Confirm:$false -Verbose. This allows me to start the update process on remote machines and log the output. One drawback for Invoke-WUInstall is that it does not monitor the output of the update process after you run it. A workaround I use for this is adding a few lines to Get-WUInstall to send an email to me when the computer is finished installing updates. The email includes which updates were installed and if they were successful or not.

In this example I want to install updates on all servers in my Active Directory domain at the same time:

Monday, May 8, 2017

Using PowerShell to test Active Directory-integrated DNS resolution

For anyone who has worked with Active Directory, they know that AD is dependent on it's associated DNS zones/records. If for some reason these stop resolving, all hell breaks loose in the environment.

To monitor these necessary zones are resolving in DNS, I turned to PowerShell and wrote a simple script to test resolving the tcp, msdcs, udp, sites, domaindnszones and forestdnszones zones that I run from a client machine.

$Domain = ''
$Zones = ('_tcp.','_msdcs.','_udp.','_sites.','domaindnszones.','forestdnszones.')

foreach ($Zone in $Zones)
        if (Resolve-DnsName -Name $Zone$Domain -ErrorAction Stop)
            Write-Output "$Zone$Domain Resolved"
        Write-Warning  "$Zone$Domain not resolving"

Wednesday, May 3, 2017

How to Deploy Virtual Machines in vSphere Using PowerCLI

When I started deploying servers, the process involved racking the hardware, connecting it to the network, inserting a CD/DVD, installing the operating system and drivers, configuring network settings in the OS and then installing and configuring services such as Active Directory or Exchange. These tasks were done using a GUI. Needless to say, this process has become archaic.
vSphere made the process of building a server much simpler by leveraging virtual machines. But many users still rely on using the GUI for bringing up new systems with the Windows vSphere client. In vSphere, servers can be built quickly and easily using PowerCLI. Code is king when deploying servers and using a GUI lacks scalability.

Using New-VM

In PowerCLI, the New-VM cmdlet is used to create a new virtual machine. A few important things that can be set with New-VM are the following:
Continue reading on Tom's IT Pro:

Windows 10 in-place upgrade with PowerShell and MDT

In this article, I will demonstrate how to use Microsoft Deployment Toolkit (MDT) and PowerShell to create a reusable in-place upgrade pr...