0

Powershell – Read Computergroups and add them on another Computer

Another small script to read the AD Groups of a Computer account and then add the Groups to another Computer. You Need Quest Admin Tools installed, or RSAT. If you use RSAT, just remove the Q in “QADMemberOF” and “QADGroupMember”

$Groups = get-QADMemberOf “WS01$”
$Groups | foreach{
if ($_.name -ne “Domain Computers”) {
  Add-QADGroupMember $_ -Member “WS02$”
}

Where “WS01$” has to be changed to the source Computername, following the $ sign and “WS02$” has to be changed to the Destination Computername, don’t Forget the $ at the End!

 

If you’re just curious about the computergroups, you can get them via Powershell like this:

Get-QADComputer $Computer -Properties Memberof | Select-Object -Expand memberof

 

 

0

Powershell – Show Mapped drives of remote machine (Win8/8.1 only)

Here again one line of code that could be very useful. unfortunately it only works on machines that are on Windows 8 or higher

get-wmiobject -class “Win32_MappedLogicalDisk” -namespace “root\CIMV2” -computername $Computername | Select DeviceID puttygen ,ProviderName

$Computername has to be changed to the machine Name you want to check. As always, local admin rights are needed and the Firewall has to be set correct.

if you Need more Information like size or free space, you can just run the command without the select part:

get-wmiobject -class “Win32_MappedLogicalDisk” -namespace “root\CIMV2” -computername $Computername

 

0

CMD – Run Powershell script with restricted executionpolicy

In Software deployment, you sometimes Need to script stuff. For now, most of the guys I know use Batch files. Because they are easy to use, and they know how to script in Batch. I prefer powershell. But there could be a Problem:

xyz.ps1 cannot be loaded because the execution of scripts is disabled on this System. Please see “get-help about_signing” for more Details.”

This means, that the script you try to run is blocked by your local executionpolicy. You could Change it with Set-Executionpolicy Unrestricted, but for that, you would Need Access to the machine and start powershell as admin. In Addition, you would Need to Change the Setting back after starting the script. There is a better way:

Use cmd: powershell -noprofile -ExecutionPolicy Bypass -File “C:\Path\Script.ps1”

The script now Bypasses the executionpolicy. You can just add the line of code in e.g. your batchfile. puttygen ssh

0

Powershell – Get Hostsfile of Remote Machine and add entries

Reading the hostsfile (Get-Content)

Here is a small script which can read a hostsfile of a remote machine (appropriate Firewall Settings and local admin rights required)

This can all be aquired with only one line of code:

Get-Content “\\$computername\c$\windows\system32\drivers\etc\Hosts”

$computername has to be changed to the machine Name of the remote Computer, eg. ws01

Adding new entries (Add-Content)

To add new entries you can use the Add-Content commandlet:

Add-Content “C:\Windows\System32\drivers\etc\hosts” “`r`n127.0.0.1`t`t`t`tgoogle.com”

This method can be useful for Software Distribution if host entries are required. You can’t use Add-Content commandlet for a remote machine. But there is a solution. Just start a remote Powershell Session (PS Remoting has to be enabled)

Start-Process powershell.exe -ArgumentList “-noexit -command Enter-PSSession -ComputerName $ComputerName”

in this session puttygen download , you can use the Add-Content Commandlet.

 

 

0

Powershell members of Local Admin Group on Remote Computer

You can easily check the local admins with the compmgmt.msc or direct via cmd “compmgmt.msc /computer:$ComputerName”

If you want to achive the Task with powershell, you just Need to use this code:

#region Get-LocalAdmins
function get-localadmins{
[cmdletbinding()]
Param(
[string]$computerName
)
$group = get-wmiobject win32_group -ComputerName $computerName -Filter “LocalAccount=True AND SID=’S-1-5-32-544′”
$query = “GroupComponent = `”Win32_Group.Domain=’$($group.domain)’`,Name=’$($group.name)’`””
$list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
$list | %{$_.PartComponent} | % {$_.substring($_.lastindexof(“Domain=”) + 7).replace(“`”,Name=`””,“\”)}
}
#endregion Get-LocalAdmins

Now you can query every Computer with “get-localadmins computername” – You need local admin rights to do this.

 

 

0

Powershell AD User Unlock

With this Script you can unlock locked users from AD without RSAT or RDP to your AD Server. It can be only used with Domain Admins rights, which should be clear. You Need to install the Quest Admin Tools from http://www.quest.com/powershell/activeroles-server.aspx and then follow the script.

function Show-MsgBox
{
[CmdletBinding()]
param(
[Parameter(Position=0, Mandatory=$true)] [string]$Prompt,
[Parameter(Position=1, Mandatory=$false)] [string]$Title =“”,
[Parameter(Position=2, Mandatory=$false)] [ValidateSet(“Information”, “Question”, “Critical”, “Exclamation”)] [string]$Icon =“Information”,
[Parameter(Position=3, Mandatory=$false)] [ValidateSet(“OKOnly”, “OKCancel”, “AbortRetryIgnore”, “YesNoCancel”, “YesNo”, “RetryCancel”)] [string]$BoxType =“OkOnly”,
[Parameter(Position=4, Mandatory=$false)] [ValidateSet(1,2,3)] [int]$DefaultButton = 1
)
[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.VisualBasic”) | Out-Null
switch ($Icon) {
“Question” {$vb_icon = [microsoft.visualbasic.msgboxstyle]::Question }
“Critical” {$vb_icon = [microsoft.visualbasic.msgboxstyle]::Critical}
“Exclamation” {$vb_icon = [microsoft.visualbasic.msgboxstyle]::Exclamation}
“Information” {$vb_icon = [microsoft.visualbasic.msgboxstyle]::Information}}
switch ($BoxType) {
“OKOnly” {$vb_box = [microsoft.visualbasic.msgboxstyle]::OKOnly}
“OKCancel” {$vb_box = [microsoft.visualbasic.msgboxstyle]::OkCancel}
“AbortRetryIgnore” {$vb_box = [microsoft.visualbasic.msgboxstyle]::AbortRetryIgnore}
“YesNoCancel” {$vb_box = [microsoft.visualbasic.msgboxstyle]::YesNoCancel}
“YesNo” {$vb_box = [microsoft.visualbasic.msgboxstyle]::YesNo}
“RetryCancel” {$vb_box = [microsoft.visualbasic.msgboxstyle]::RetryCancel}}
switch ($Defaultbutton) {
1 {$vb_defaultbutton = [microsoft.visualbasic.msgboxstyle]::DefaultButton1}
2 {$vb_defaultbutton = [microsoft.visualbasic.msgboxstyle]::DefaultButton2}
3 {$vb_defaultbutton = [microsoft.visualbasic.msgboxstyle]::DefaultButton3}}
$popuptype = $vb_icon -bor $vb_box -bor $vb_defaultbutton
$ans = [Microsoft.VisualBasic.Interaction]::MsgBox($prompt,$popuptype,$title)
return $ans
}
# Script
$Locked_User = Get-QADUser -Locked | Select-Object -expand samaccountname
if ($Locked_User -ne $null){
Show-MsgBox -Prompt “The following Users are locked: `n $Locked_user” -Title “Locked Users” -Icon Information -BoxType OKOnly
$Confirmation_User = Show-MsgBox -Prompt “Unlock User?” -Title “Unlock User?” -Icon Information -BoxType YesNo
if ($Confirmation_User -eq “YES”){
$Unlock_User = $Locked_User
Unlock-QADUser $Unlock_User
$Locked_User_2 = Get-QADUser -Locked | Select-Object -expand samaccountname
if ($Locked_User_2 -eq $Locked_User){
$Locked_Error = Show-MsgBox -Prompt “Error unlocking $Unlock_User” -Title “Error unlocking User” -Icon Critical -BoxType OKOnly
}
else{
Show-MsgBox -Prompt “User $Unlock_User unlocked!” -Title “Entsperrt” -Icon Information -BoxType OKOnly
}
}
else{
Show-MsgBox -BoxType “OKOnly” -Title “Unlock User” -Prompt “No user unlocked!” -Icon “Information”}
}
else{
Show-MsgBox -Prompt “No user locked!” -Icon Information -BoxType OKOnly
}

First Comes the Show-Msg function for the Msg Boxes. Second the simple User Unlock function. If multiple Users are locked, you can unlock all at once.

 

0

Powershell CSV Export / Import

If you want do e.g. save Settings of your script, you have multiple ways to do so. For my Powershell Toolkit, i decided to use CSV Export and Import, because it is very easy to implement.

Export:

$folderbrowserdialog1.ShowDialog()
$save = $folderbrowserdialog1.SelectedPath += “/config.csv”
New-Object -TypeName PSCustomObject -Property @{
“global:Language” = $Language
“global:Profilefolder” = $Profilefolder
“global:Homefolder” = $Homefolder
“global:Outfile” = $Outfile
“global:SiteName” = $SiteName
“global:SCCMServer” = $SCCMServer
“global:SCCMNameSpace” = $SCCMNameSpace
} | Export-Csv -Path $save -NoTypeInformation -Force

I Use Powershellstudio for GUI implementing. It is very intiutive to use. If you don’t have it, you can make a Folderbrowser Dialog like this:

$app = new-object -com Shell.Application
$folder = $app.BrowseForFolder(0, “Select Folder”, 0, “C:\”)

Second, I add the filename with:

$save = $folderbrowserdialog1.SelectedPath += "/config.csv"

Now you have to create a custom Powershell Object for your Export. And you have to give your variables names for the CSV. If you want to Import the CSV later, I recommend to use the Variable Names, if you use it for something else, Excel maybe, you can change the names as you wish.

New-Object -TypeName PSCustomObject -Property @{
“global:Language” = $Language
“global:Profilefolder” = $Profilefolder
“global:Homefolder” = $Homefolder
“global:Outfile” = $Outfile
“global:SiteName” = $SiteName
“global:SCCMServer” = $SCCMServer
“global:SCCMNameSpace” = $SCCMNameSpace
}

At last, we export the whole custom object in our CSV-File.

Export-Csv -Path $save -NoTypeInformation -Force

Import

Now for the import, it is pretty much the same but the other way around.

$openfiledialog1.ShowDialog()
$load = $openfiledialog1.FileNames
$Import = Import-Csv -Path $load
foreach ($Line in $Import) {
$global:Language=$($Line.“global:Language”)
$global:Profilefolder=$($Line.“global:Profilefolder”)
$global:Homefolder=$($Line.“global:Homefolder”)
$global:Outfile=$($Line.“global:Outfile”)
$global:SiteName=$($Line.“global:SiteName”)
$global:SCCMServer=$($Line.“global:SCCMServer”)
$global:SCCMNameSpace=$($Line.“global:SCCMNameSpace”)
$global:SCCMEnabled=[bool]$($Line.“global:SCCMEnabled”)
}

 

Openfiledialog opens a File Browser, where you can select your config file. Here is how you can do it without Powershell Studio:

[void] [Reflection.Assembly]::LoadWithPartialName( ‘System.Windows.Forms’ )
$d = New-Object Windows.Forms.OpenFileDialog
$d.ShowHelp = $true
$d.ShowDialog()

Now the Import itself:

$Import = Import-Csv -Path $load
foreach ($Line in $Import) {
$global:Language=$($Line.“global:Language”)
$global:Profilefolder=$($Line.“global:Profilefolder”)
$global:Homefolder=$($Line.“global:Homefolder”)
$global:Outfile=$($Line.“global:Outfile”)
$global:SiteName=$($Line.“global:SiteName”)
$global:SCCMServer=$($Line.“global:SCCMServer”)
$global:SCCMNameSpace=$($Line.“global:SCCMNameSpace”)
$global:SCCMEnabled=[bool]$($Line.“global:SCCMEnabled”)
}

You have to import the CSV into a variable, then check each Item for your given Title, e.g. “global.Language” The $ and Brackets are needed.

That’s all for the Import / Export I am using in Powershell Toolkit