PowerShell: Setting Azure Active Directory Diagnostics Forwarding

Currently we a spending most of our time doing Azure Gonvernance projects for customers.This includes DevOpsPipelinesTemplatesand moreManagement/Resource Group StructurePoliciesMonitoringIf you need anything in aboveareas, don’t hesistate to contact us!We can help you get into azure from nothing to production, or help you get control of your azure spending and structure.One of the things we setup is Diagnostics logging in Azure Log Analytics from various resources.This is super easy to setup on all Azure Resources, but it is actually also possible to enable on Azure ADs.Azure AD forwards these logs:AuditLogsSignInLogsThe challenge is that Azure AD is Not  a normal Azure resource, [...]

By |2019-02-19T11:30:37+01:00februar 19th, 2019|Automation, Azure, Monitoring, Powershell|3 Comments

#PS5.1–Import-PSSession against JEA endpoint Error

Today I implemented a JEA solution in PowerShell, but at the customer site we hit an error which I did not see in our test environments. When we tried to execute Import-PSSession we got this error: Running the Get-Command command in a remote session reported the following error: A parameter cannot be found that matches parameter name ‘PowerShellVersion’ Searching the net found this issue in github for PS6.0, but there is no information around a fix in PS5.1 https://github.com/PowerShell/PowerShell/issues/4195 I asked my friend Aleksandar Nikolic and he suggested to try and make a workaround for Get-FormatData. So we did, and [...]

By |2018-12-12T17:58:08+01:00december 11th, 2018|Powershell|3 Comments

Disabling LEDBaT on Your Windows 2016/2019 Server

I have seen a few threads across a couple of forums asking about how to disable LEDBaT correctly. Here are two options which are applicable across a couple of scenarios: Scenario#1: You are confident you do not have any other custom CongestionProvider or TransportFilter configurations on your server. Solution: 1 of the 2Pints, Phil Wilcock (follow: @2PintPhil), has provide what is by far the quickest and easiest solution with good 'ol netsh: netsh int tcp reset *When you run the reset command, it overwrites the following registry keys, both of which are used by TCP/IP: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters SYSTEM\CurrentControlSet\Services\DHCP\Parameters This has the same effect as [...]

By |2018-11-19T06:23:22+01:00november 18th, 2018|Configuration Manager (SCCM), Powershell, Scripting|3 Comments

Automating SSRS favorites with REST API

This information applies to SQL Server Reporting Services 2017 and later. As more and more organizations rely on visualization and reporting to get the information they need, more and more reports come into play. With Configuration Manager 1710 you get almost 500 reports where only a subset are relevant to you and your team. This blog post will show you how you can automate the use of favorites in SQL Reporting Services 2017. Prior to SSRS 2017 you had to find the report and mark it as a favorite. Beginning from SSRS 2017 we can now use a combination of [...]

Taking advantage of Run Script in ConfigMgr 1710

As most of you already know, Microsoft has released a new function in ConfigMgr to run scripts directly on computers and/or servers in your environment. With this new function, scripts can be run in real time on a single computer or an entire collection. How cool is that? This was initially released in the 1706 Tech Preview, but since then Microsoft has put a lot of effort into the functionality of the latest builds and have really made it shine! If you’re like me, you might get stuck in the “this is awesome but how do I move forward with [...]

By |2017-12-20T09:12:22+01:00december 20th, 2017|Powershell|1 Kommentar

Create ConfigurationItems and Baselines without killing your mouse

This information applies to ConfigMgr version 1710 and later. One of the things I really love about working in IT is that you can learn new stuff all the time, and when new stuff turns into boring repetitive stuff you can apply automation and add yet another new piece of learning to your skillset. Over the last few releases of Configuration Manager, the product team has added some new cmdlets for managing Configuration Items and Baselines, and I started to look into these when I was given the task to create a lot of very similar CIs and Baselines for [...]

Create User collections based on AD department attribute with Powershell

If you are an organization who uses the Department attribute in Active directory and want to target users withing those departments for different deployments but you have a lot of departments and you don't know where to start, well then this post might be useful for you.   The script in this post retrieves all the departments that gets collected by the Users AD attribute by ConfigMgr (Not turned on by default needs to get added. See guide below) and from those departments it creates a user collection with a query that populates the collection with all users who are [...]

ConfigMgr PowerShell and WMI Excel spreadsheet

I just posted on Github updated version of Excel spreadsheet where you can find all the ConfigMgr PowerShell cmdlets, Primary Site WMI namespace methods, ConfigMgr Client WMI methods and COM object methods as well. You can download the Excel spreadsheet from here - https://github.com/Kaidja/ConfigMgrSDK/blob/master/ConfigMgr_cmdlets.xlsx

By |2017-12-08T09:48:01+01:00december 7th, 2017|Configuration Manager (SCCM), Powershell, Scripting|Kommentarer lukket til ConfigMgr PowerShell and WMI Excel spreadsheet

Intune: Use PowerShell management extension to enable BitLocker on a modern managed Win10 device

I wrote a blog post back in April on "how to manage BitLocker on a Azure AD Joined Windows 10 Device managed by Intune", where I also wrote a PowerShell script to automate the encryption process for the day that we would get PowerShell support in Intune. Well Microsoft announced in September the Management extension for Intune which basically lets you deploy PowerShell scripts via. Intune to Windows 10 devices. My co-worker Peter Daalmans wrote a great blog post about it right after, where he explained in more detail about the extension. I have a link for that post at [...]

PowerShell Script for updating Runbook Steps in a Task Sequence!

The MDT Toolkit is great! One very useful feature is the “Execute Runbook” Step, which can execute a runbook in Orchestrator. Unfortunately Orchestrator has a little quirk, when moving to new environment, such as moving from Test to Prod. All runbooks get a new GUID, and runbook parameters might get a new GUID.  Besides this, the Server names usually needs to be changed too! This can be a trivial task, which an automation guy like me hate to do! Everytime Server name is updated, all parameters has to be setup again. This also makes the task prone to errors! So [...]

Manage your Windows 10 devices via PowerShell and Microsoft Intune

A big wish of the community and companies using Microsoft Intune was the ability to manage Windows 10 devices that are managed with Microsoft Intune via PowerShell. Since the MDM channel is not supporting deployment and the execution of PowerShell scripts, Microsoft announced today at Ignite the Microsoft Intune Management Extension. Meet the Microsoft Intune Management Extension The Microsoft Intune Management Extension is an addition to the current Windows 10 MDM capabilities and allows us now to deploy and execute PowerShell scripts. The Microsoft Intune Management Extension is automatically deployed and installed on Azure AD joined devices. The Microsoft Intune [...]

Enhanced Sync-VSTSGit runbook that support Pull Requests

My colleague Andreas and me was preparing demos for our Azure Automation – Advanced runbook design session at Experts Live EU More info on the session hereUse thís runbook to support automatic synchronization from visual studio git repositories! (See the session recording for WHY!)It is based on the script provided by MSFT at https://github.com/azureautomation/runbooks/blob/master/Utility/ARM/Sync-VSTS.ps1We will make sure to submit a pull request to get the enchanced code implemented in that version.This version add’s support for multiple branches and pull requests, while the original runbook only supports synchronizing direct commits.To setup the solution, follow the guide described here:https://docs.microsoft.com/en-us/azure/automation/automation-scenario-source-control-integration-with-vstsGood luck! <#PSScriptInfo .VERSION [...]

By |2017-08-25T14:11:40+01:00august 24th, 2017|Powershell|Kommentarer lukket til Enhanced Sync-VSTSGit runbook that support Pull Requests

Azure Automation Runbook Template 1.0

This is a base runbook template developed by CT Global. This version was first presented at Experts Live EU 2017. [CmdletBinding()] [OutputType([Object])] #Set to specific object type if possible (fx. if script gets a ADUser, set output type to ADUser) Param ( [Parameter (Mandatory = $true)] [String] $ResourceGroupName ) $ErrorActionPreference = "stop" $VerbosePreference = "silentlycontinue" #//---------------------------------------------------------------------------- #// #// Global constant and variable declarations #// Shared Resource retrieval (Assets) #// #//---------------------------------------------------------------------------- #Constants $Prefix = "CT-" #Assets $Credential = Get-AutomationCredential -Name "Admin" #//---------------------------------------------------------------------------- #// Procedures (Logging etc.) #//---------------------------------------------------------------------------- #region Procedures Function Add-Tracelog { param($Message, $TraceLog) $Message = "$(get-date) - $Message`n" Write-Verbose $Message [...]

By |2017-08-23T14:34:56+01:00august 24th, 2017|Powershell|2 Comments

Create and run scripts with the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

In my last post I talked about how we could activate the new feature "Run Powershell script from the ConfigMgr" on current branch 1706 and in this post I would like to talk about on how to get started using this wonderful feature once you have activated it. This feature really shows that the ConfigMgr product team over at Microsoft really listens to its community and that they do everything they can to improve the product. Tho this feature is a bit rough around the edges it shows great potential and i can't wait to see how it will evolve over time [...]

How to activate the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

Yesterday the ConfigMgr product team over at Microsoft released the latest current branch version 1706 (and the techincal preview 1707 within a 24 hour period, Awesome work!) and with that came another great pre-release feature that we previously only had access to in the Technical Preview (TP 1706) and that's the ability to run powershell scripts directly from the ConfigMgr console. This is one great feature that really excites me :D   If you want to learn more about this feature you can read the MS docs here: https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-deploy-scripts   Lets get started. First make sure that we are running [...]

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Watch out when using $PSModuleAutoLoadingPreference = “none” in a PS Remote Session in Windows Server 2016

Recently I discovered a change in the default behavior of PSRemoting Sessions in Windows Server 2012 R2 vs. Server 2016. I was migrating a script from 2012R2 to 2016 and surprisingly, I got this error:   The term 'Get-Date' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included , verify that the path is correct and try again. + CategoryInfo : ObjectNotFound: (Get-Date:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException + PSComputerName : ctaa01   When I vestigated the issue I found that [...]

VIP Users Part 2 or how to synchronize group membership from AD to SCSM

Dealing with VIP users is a common practice within Service Management. This old blogpost explains a very good approach to mark VIP users in SCSM as VIP users. We simply extend the User class with an extra boolean property (true/false) and we then expose that property on the Incident right under the Affected User. That way Analysts can quickly see if the person is VIP and you can also make various workflows or notifications based on this property.   What is missing in the above post is how we figure out who is VIP or not. For many, this relationship [...]

By |2017-08-30T11:48:15+01:00november 15th, 2016|Automation, Powershell, Service Manager (SCSM)|2 Comments

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Example of setting up a custom monitor in SCOM with a Powershell Script – Monitor NIC teams in SCOM

In this blogpost, I'll run through an example of how to configure a monitor from the ground up, going through every step, for making a monitor in Powershell for SCOM. It's a very basic script, but it have a value we measure on, so you have all the basic building blocks. But first… What time is it? ADVENTURE TIME! The other day I was transferring an OS Image to one of our new Hyper-V servers, and the transfer speed was around 10 Mbit on our internal network. Asking the guy responsible for the server if there was something wrong, and [...]

Azure PowerShell: How to assign access to a subscription using PowerShell (RBAC)

I had this question from a customer recently, and when I searched the net I wouldn’t find any specific examples. This example assigns a user as a Contributor to the subscription. When you assign roles to resources, all you need is the URL for the resource and provide it to this cmdlet. Here you go: Login-AzureRMAccount $userEmail = "[email protected]" $SubscriptionName = "Test Subscription" Get-AzureRmSubscription -Subscriptionname $SubscriptionName New-AzureRmRoleAssignment -SignInName $userEmail -Scope "/subscriptions/$($sub.SubscriptionId)" -RoleDefinitionName Contributor That’s all for today!

By |2016-02-18T13:41:05+01:00februar 18th, 2016|Azure, Powershell|4 Comments

FTP / SFTP monitor for SCOM

In this post we'll make a script for a FTP / SFTP monitor that can monitor the FTP/SFTP status, by doing the following operations: -Log in -Upload a file -Download a file -Delete the file Since Powershell doesn't have any built-in ftp support I was looking for some alternatives, and since I use WinSCP normally for ftp/sftp I found that they also support Powershell scripting, so why not take advantage of this? This guide was written with great help from WinSCP's own page: https://winscp.net/eng/docs/library_powershell Get the SSH fingerprint (This part is only nessary for the SFTP solution). Since we need the SSH [...]

Roll Out New Configuration Manager Distribution Point with PowerShell

Here is a quick example how to install new Configuration Manager Distribution Point with PowerShell. As you see we have many options to expand this script. We can install Windows Server features, reboot it remotely, install additional software etc. It all depends how you wanna install and configure it. #Import the Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE #Change the connection context Set-Location "$($SiteCode.Name):\" #New DP Information $DistributionPoint = 'DP01.4demo4.com' $SiteCode = 'PS1' # Test the connection to server     Test-Connection `         -ComputerName $DistributionPoint # OPTIONAL - Install Windows Server Roles and Features     Install-WindowsFeature `         -Name [...]