|
stubblyhead posted:I need to do some remote admin on an AWS instance using powershell, but the machine I need to do it from can only access the web through a proxy server. Assuming the AWS server is configured correctly am I correct in thinking that all I need to do is specify the proxy details with New-PSSessionOption and feed that into New-PSSession?
|
# ? Jul 1, 2015 07:20 |
|
|
# ? Jun 3, 2024 22:56 |
|
Hi, newbie here... I'm trying to use the device management script/dlls from TechNet in a script, but every time I try to load them in, I get an operation not supported exception. Googling this tells me it's something to do with the files being blocked/prohibited, but I've unblocked them in the Properties window and still no go. Any ideas?
|
# ? Jul 1, 2015 15:10 |
|
Are you using an elevated prompt?
|
# ? Jul 1, 2015 15:14 |
|
stubblyhead posted:Are you using an elevated prompt? You're right, that was it. Do I have to run an elevated prompt to import 3rd party scripts/libraries, or what's the pattern there? Thank you!
|
# ? Jul 1, 2015 15:19 |
|
Wardende posted:You're right, that was it. Do I have to run an elevated prompt to import 3rd party scripts/libraries, or what's the pattern there? Thank you!
|
# ? Jul 1, 2015 16:55 |
|
Briantist posted:I've never tried it before, but yeah that's how it should work. You could also use the PSSessionOption object in Invoke-Command or Enter-PSSession, and you can set the $PSSessionOption variable to set the default options going forward. I'm not sure if I'm doing the session settings wrong or if it's AWS fuckery getting in my way. If I'm reading it right winrm is only listening on its private IP addresses, and indeed the public IP isn't even listed for any of the adapters. I'm guessing Amazon NATs that out or something, but regardless the winrm service doesn't seem to be accessible from the internet at large.
|
# ? Jul 1, 2015 21:13 |
|
stubblyhead posted:I'm not sure if I'm doing the session settings wrong or if it's AWS fuckery getting in my way. If I'm reading it right winrm is only listening on its private IP addresses, and indeed the public IP isn't even listed for any of the adapters. I'm guessing Amazon NATs that out or something, but regardless the winrm service doesn't seem to be accessible from the internet at large.
|
# ? Jul 1, 2015 22:22 |
|
It wasn't the Windows firewall, but you're on the right tack. When you start AWS instances you assign security groups that specify what kind of traffic you want to allow, and the group I used for my test server didn't have the right ports open. A couple quick changes and I can get in. e: Actually I spoke too soon. I am able to connect directly to the instance, but going through a proxy appears to require https. A certificate is required to start an https listener, and I'm not sure a self-signed one will pass muster with my client (no CA in AWS we can use, and setting one up will probably get shot down as well). I think this is becoming more of an AWS question than a PS question, so I think I'll bow out at this point. stubblyhead fucked around with this message at 23:00 on Jul 1, 2015 |
# ? Jul 1, 2015 22:39 |
|
Powershell was giving me fits earlier today when trying to accomplish a simple task. I have a file called patient.txt with contents similar to: code:
|
# ? Jul 3, 2015 04:15 |
|
Hughmoris posted:Powershell was giving me fits earlier today when trying to accomplish a simple task. (get-content C:\temp\patient.txt) -match "^Location:+" Output: Location: ICU Unless you want to find all of the patients where the location is ICU? Your question is poorly worded.
|
# ? Jul 3, 2015 04:42 |
|
I got tired of assigning $global:variablename to a bunch of variables at the top of my script. I just went through the process of building a class in Powershell to hold all my global variables. It's kind of excessive for short small scripts but if it's going to be over 200 lines long, that seems to be the break even point for doing it this way. Powershell's Intellisense (i.e. the popup windows that show up in Powershell ISE 4.0 and forward) really kicks in to high gear if you do it this way. Once you have this setup, while you're typing, you can type $g.q and it will autocomplete as $g.queue if you hit the tab key. Just typing " $g. " will give you a list of all your global variables which is pretty nice. Heck, if you type $g = Gvars - it will autocomplete with i, type in a value, hit - and it will pick the next value, etc etc. It's very elegant and you don't have to go hunting for variable names at the top of the script, and perhaps better yet, you don't have to type "$global:" inside of all your functions. Strongly borrowed from this blog post: https://powertoe.wordpress.com/2014/04/26/you-know-powershell-is-an-object-oriented-language-right/ Supposedly Powershell 5 (which is coming out with the release of Windows 10 at the end of this month) has more native support for Classes, but variable scope will always be a problem in Powershell so this should still be useful. And this way won't break in PS5, and this method works back to at least PS3, probably PS2 code:
Hadlock fucked around with this message at 11:47 on Jul 3, 2015 |
# ? Jul 3, 2015 11:37 |
|
Hadlock posted:I got tired of assigning $global:variablename to a bunch of variables at the top of my script. [...] I would go back to what I suggested originally which is for you to make a module. Simple as gently caress, barebones config would be: code:
This is still also the "stupid" way of doing things, if you are going to need to create a lot of classes I would really recommend at taking a look at the .ps1xml files. 12 rats tied together fucked around with this message at 21:05 on Jul 3, 2015 |
# ? Jul 3, 2015 21:00 |
|
How can i convert an enum value into a string? For example i have the following code:code:
*EDIT* I feel dumb: code:
UberJumper fucked around with this message at 18:40 on Jul 5, 2015 |
# ? Jul 5, 2015 18:34 |
|
Hadlock posted:I got tired of assigning $global:variablename to a bunch of variables at the top of my script.
|
# ? Jul 6, 2015 01:05 |
|
Briantist posted:Why do you have such a need for global variables? Typically if I find myself needing a global I take it as a sign that I've designed something poorly and refactor it. I apologize if you covered the reason in some previous post and I forgot it or missed it. Yeah, globals are one of the paths to mind-boggling read-only code that you can't modify because it relies on constantly mutating global state and is impossible to debug.
|
# ? Jul 6, 2015 01:09 |
|
Can anyone recommend a guide for creating a GUI in Powershell? I want to make a frontend for a few of my scripts to make them easier for end users.
|
# ? Jul 6, 2015 02:25 |
|
Raere posted:Can anyone recommend a guide for creating a GUI in Powershell? I want to make a frontend for a few of my scripts to make them easier for end users. If you try this, let me know how it works out.
|
# ? Jul 6, 2015 03:48 |
|
Briantist posted:Most of the code you see out there for making GUIs in PowerShell uses Windows forms and it has you creating windows through code. Nothing wrong with that, if not a bit verbose, but I've always wanted to try creating a GUI in PowerShell with XAML. I've seen this post before but I've still never played with it myself. I like the idea of designing the windows in a GUI and then just taking that XML and using it. Thanks! I'm definitely going to take a look at it this week. I'm used to making GUIs with code in Python, but WYSIWYG is definitely going to be easier, even if there are additional steps to integrate it into the script. I will report back.
|
# ? Jul 6, 2015 05:15 |
|
stubblyhead posted:e: Actually I spoke too soon. I am able to connect directly to the instance, but going through a proxy appears to require https. A certificate is required to start an https listener, and I'm not sure a self-signed one will pass muster with my client (no CA in AWS we can use, and setting one up will probably get shot down as well). I think this is becoming more of an AWS question than a PS question, so I think I'll bow out at this point. In the unlikely event anyone cares, the client didn't give a poo poo about self-signed certificates since these are short-lived servers by design. I actually just copied the Remote Desktop cert into Personal and skipped CA and CN checks. I hit a minor roadblock due to their proxy being a butthead, but switching the WinRM service to listen on 443 instead of 5986 took care of that. The powershell part to this was actually really simple, it was all the other layers that caused problems.
|
# ? Jul 6, 2015 22:36 |
|
Ithaqua posted:(get-content C:\temp\patient.txt) -match "^Location:+" Sorry, the question was very poorly worded. Now that I my work laptop with me, here is my input file (with fake patient info): code:
code:
Hughmoris fucked around with this message at 02:36 on Jul 8, 2015 |
# ? Jul 8, 2015 02:25 |
|
Hughmoris posted:Sorry, the question was very poorly worded. Now that I my work laptop with me, here is my input file (with fake patient info): I think I would do something like this: code:
RegEx breakdown:
Then it's just a matter of using the $Matches object and referring the capture group, either by number, or in this case by name. You could do multiple capture groups (with multiple names) all in the one match, and refer back to all of them, so you could break down each line of this file into its components if you wanted (patient, location, facility, etc.). Briantist fucked around with this message at 02:40 on Jul 8, 2015 |
# ? Jul 8, 2015 02:38 |
|
Briantist posted:I think I would do something like this: Thanks for this.
|
# ? Jul 9, 2015 00:49 |
|
Where $Airspace.jets is a .net ArrayList ($Airspace.jets = New-Object System.Collections.ArrayList) And Rand777 is a constructor for an example object with two randomized [int]properties Why is this valid with double parenthesis $Airspace.jets.add((Rand777)) But with single parenthesis, it fails? $Airspace.jets.add(Rand777) I'm happy I have a solution, but I'm curious about why I have to encapsulate Rand777 a second time in parenthesis. I know that the first set are required as a parameter for the add method, but if I set $newjet = Rand777, this works, and for about an hour I was just doing code:
error messag code:
Hadlock fucked around with this message at 10:12 on Jul 9, 2015 |
# ? Jul 9, 2015 10:08 |
|
Hadlock posted:Where $Airspace.jets is a .net ArrayList ($Airspace.jets = New-Object System.Collections.ArrayList) It's not because it's a .Net object, it also happens when you are assigning property values for cmdlets. It's looking for a value or object, sometimes of a specific type. The expression you've given is interpreted as a value. Wrapping the expression in parentheses evaluates it and then returns the value of it. Similarly, assigning to variable first (using = ) triggers the evaluation too, so the variable then contains the result, and you can use it directly. For example (excuse the redundancy): code:
|
# ? Jul 9, 2015 18:03 |
|
Okay i have a super weird bug, i am trying to uninstall a previous version of our software through powershell:code:
Any ideas?
|
# ? Jul 9, 2015 23:42 |
|
UberJumper posted:Okay i have a super weird bug, i am trying to uninstall a previous version of our software through powershell: The worst one is that it validates/reconfigures every installed package on the system which is not only slow, it can lead to weird behavior. I don't know for sure why you're seeing what you're seeing, but since you should do this another way anyway, you might as well focus on how to do that and then see if you're still having the same issue. The article I linked to has, from what I've seen, the best solution for listing packages: register your own WMI class using the registry provider. The only problem is that you need a MOF file (provided) and then need to register it on every machine where you want to use it, but since your code isn't using -ComputerName I assume you could script that part too. The neat thing is, once the WMI class is registered on the machine, you can use WMI remotely to query it from then on, and it's way faster. Once you do that, I'm not sure yet how to programmatically remove it, other than just shelling out to msiexec. Briantist fucked around with this message at 00:48 on Jul 10, 2015 |
# ? Jul 10, 2015 00:39 |
|
Unrelated but does that win32_product weirdness also apply when running 'wmic product' from the command line?
|
# ? Jul 10, 2015 04:06 |
|
Swink posted:Unrelated but does that win32_product weirdness also apply when running 'wmic product' from the command line?
|
# ? Jul 10, 2015 15:58 |
|
UberJumper posted:Okay i have a super weird bug, i am trying to uninstall a previous version of our software through powershell: You're using -match to filter the name, so if $FooBar contains some part of the name of the VC++ packages (e.g. "dist"), they'll be counted as well. I've done this previously by uninstalling based on the GUID: code:
|
# ? Jul 11, 2015 06:50 |
|
I'm specifically using it for broken packages* that wont remove correctly so maybe it should still be avoided in normal scenarious. New Q: What is a simple option for source control? I want it to be free and private. Can I set up Git on Windows and sync it with Dropbox? I'd use GitHub for Windows except I dont want to pay for a private repository at this stage. *Java Swink fucked around with this message at 12:21 on Jul 15, 2015 |
# ? Jul 14, 2015 02:41 |
|
Swink posted:For the record, I have not seen any crazy reconfiguration of all packages when using wmic product. I'm specifically using it for broken packages* that wont remove correctly so maybe it should still be avoided in normal scenarious. Visual Studio Online
|
# ? Jul 14, 2015 03:02 |
|
Swink posted:What is a simple option for source control? I want it to be free and private. Can I set up Git on Windows and sync it with Dropbox? I'd use GitHub for Windows except I dont want to pay for a private repository at this stage. Remember that GitHub is just a place online to store it. Git runs locally, and your repo is stored within the directory, so you should be able to sync it with dropbox, though it is helpful to use some central place like github. If you want private but don't want to pay, check out BitBucket from Atlassian. GitHub for Windows is just a graphical Git client. You don't have to use that to use GitHub. Atlassian also makes a graphical client called SourceTree Visual Studio (later versions) have git support built-in; it works quite well. Unless I'm using VS, I typically will use command line git, even on Windows. If you need a quick primer on Git, I like Atlassian's online tutorials but GitHub has one too.
|
# ? Jul 14, 2015 15:40 |
|
Briantist posted:Win32_Product is bad So I was using this for software uninstalls, and after all the posts here I went looking for alternatives and found the regkey HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall which lists everything installed on the system by UID along with the uninstall string, which if it's an MSI is just "MSIEXEC /X{UID}". Was easy to script and faster to boot, since everything I'm working with is installed via MSI anyway.
|
# ? Jul 15, 2015 01:52 |
|
Right, cool. I was unfamiliar with the relationship with git, github and other services like bitbucket. I'm familiarish with command line Git so I'm happy I can just use that. Private repos on BitBucket is handy. hihifellow posted:So I was using this for software uninstalls, and after all the posts here I went looking for alternatives and found the regkey HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall which lists everything installed on the system by UID along with the uninstall string, which if it's an MSI is just "MSIEXEC /X{UID}". Was easy to script and faster to boot, since everything I'm working with is installed via MSI anyway. This is the way I usually enumerate and unininstall programs. Swink fucked around with this message at 12:06 on Jul 15, 2015 |
# ? Jul 15, 2015 05:31 |
|
Double post but I wanted to seperate this out. I'm trying to focus on abstraction and parametising the stuff I write so I can be a ~good coder~. I'm having trouble figuring out when and why its necessary on some scripts. Take this script I wrote to warn users of an impending password expiry. It's going to run every day or so as a scheduled task. How could I improve it? What could I gain by improving it? Is this an example of a script that doesnt really need to be anything more than it is? code:
|
# ? Jul 15, 2015 12:20 |
|
Can't you just configure the group policy that notifies users literally every time they log in that their AD password is going to expire in [X] days?
|
# ? Jul 15, 2015 15:23 |
|
Ithaqua posted:Can't you just configure the group policy that notifies users literally every time they log in that their AD password is going to expire in [X] days? What if they're not always using their laptop / desktop?
|
# ? Jul 15, 2015 15:27 |
|
Swink posted:Take this script I wrote to warn users of an impending password expiry. It's going to run every day or so as a scheduled task. How could I improve it? What could I gain by improving it? Is this an example of a script that doesnt really need to be anything more than it is? The only way this could possibly be "improved" would be if you turned the actual get-and-check-and-email part into a function that accepts a username, checks to see if their password is going to expire soon, and then sends them an email. This gives you a little bit more control in that you can run the script against only some users, only one user whenever you want, etc. It also removes the need for you to have a searchbase. Since, at some point in the future, the location of your users may change OUs, having a hardcoded script isn't as flexible as having just a function for "user object -> password expiration?". You can handle the actual searching and selection of user objects outside of the function itself, so your scheduled task would be "passwordcheck_allusers.ps1" and inside the script you would have your function definition (or the import of your module that contains this function), some brief powershell that grabs the users you want to check and then pipes them into a ForEach loop that runs the actual function. This isn't the greatest example for a couple of reasons, like that the functionality already exists in group policy and that the actual parameters of your script (where to look, who to check) aren't likely to change. But, the philosophy of turning "script that does things" into "script that provides input to a more general function that does things" could be useful in the future. You could separate it out even further by removing the send-email part of the script, so you just have a function that "returns an object containing html output for a password expiration notice", but that is potentially not worthwhile since you are (for now) almost always going to just be sending an email. In the end it comes down to a judgement call based on the context of the situation and the complexity of the script. In general though, for powershell administration tasks, I strongly recommend having all of your scripts (even those intended to be tasks) be callable at any point from the shell against one-off cases. It's great to have check_all_drives.ps1 that gets all the users and filters by x,y, and z and then checks all of their mapped drives and compares them to a list that you specify and compiles an email and sends it to everyone in sysadmins and sends you a confirmation that the script worked or not, but that's not very useful if you just need to get Jeff from Finance's mapped drives real quick to check something. So, it would be better if you just had Get-MappedDrive -user Jeff and a scheduled task that does some bigger poo poo with Get-MappedDrive if necessary, if that makes any sense.
|
# ? Jul 15, 2015 16:14 |
|
Swink posted:Double post but I wanted to seperate this out. I do think it's beneficial to abstract some of the hardcoded values away. Besides being good practice, it makes it much easier to change things around when the environment changes. Even if you just hardcode the values into variables at the top of the script, at least everything you could have to change is in one place. Things that could change:
It might seem silly to make these into parameters for this script because it's called by a task, but consider that it makes debugging/testing much easier (especially if you use -WhatIf), let's you use the script in other environments more easily (or will you be working at this company until you retire/die?), and still allows for sensible defaults and validation. So yeah, I went a little crazy here: code:
You can call this with -WhatIf and it won't send an email (use -Verbose to see the actual email contents). So now this is parameterized, to the point where hopefully anyone reading this can use it. I would probably go further and add a parameter for the email To address, useful for overriding it during testing (send it to myself instead of the end user), maybe make a few other tweaks, but meh.
|
# ? Jul 15, 2015 17:07 |
|
|
# ? Jun 3, 2024 22:56 |
|
Good responses, thanks all.Ithaqua posted:Can't you just configure the group policy that notifies users literally every time they log in that their AD password is going to expire in [X] days? The answer to this was already put forward, but I've had the CEO overseas with only his iPad. He got locked out and had to wait until he was back in local business hours to get support. The email is specifically for that scenario. Plus stacks of users just dont heed the popup. Briantist, you just demonstrated supreme aptitude. The HTML template has applications to some other god-awful scripts I have in place. For me and my current org I don't see the value of parametrizing that particular script in this particular scenario. You've left me with a great example for the future though.
|
# ? Jul 16, 2015 04:17 |