Monthly Archives: March 2011

Active Directory / Group Policy / Security Settings

Here’s one I just ran across.

If you have a GPO that enforces the password Age so it cannot be changed very often (IE:  Password must be at least 48 hours before you’re allowed to change it as an example) and don’t realize it there you can be banging you head against the wall

*HUH?!*

Yeah this threw me for a loop.  I was banging my head against the wall on this until I realized everything was working fine unless we tried to change our passwords more than once every two days (not a typical thing)

But the stupid thing was that error.

“Unable to update the password.  The value provided for the new password does not meet the length, complexity or history requirements of the domain.”

Each and every time I kept glancing and saying “It’s a new password, it’s stupid complexity, it’s 500 letters long…”

Never dawned on me about a Password MINIMUM age.

So if you find you get that error, don’t forget to check for password MINIMUM age as well.

“Grumble grumble grumble….”

Sean
The Energized Tech

FacebookTwitterGoogle+Share

Using #Powershell to auto start your Hyper-V Demo Environment

powershell

One of things you encounter when you start doing repeat presentations is the need to have your environment in a Consistent and Ready state every time.

We all know the rules after a while.  Don’t change your demo box.  Avoid altering your environment in any way prior to the demo.   Avoid Murphy’s law.

Well here’s something to help you out.   I wrote a simple Powershell script to fire up the Demo machines in a times manner, Get my Powerpoint on the screen and even start the Connections to “remotely view” the Virtual machines in Hyper-V.

First off, you need to goto http://pshyperv.codeplex.com/ and download the HyperV modules for Powershell.  If you’re running SCVMM you can use the modules from it if you choose, but not all of us are running a fully licensed copy of SCVMM on our Demo Hyper-V box Smile

Once the Hyper-V module is downloaded and installed things get a lot easier on your HyperV demo box.

So our first script is going

  • Launch Powerpoint with our provided Presentation
  • Start VMCONNECT.EXE and connect us up to our Child Partitions in Hyper-V
  • Start up one demo machine
  • Sleep
  • Start up the next demo machine

So why would I want a delay?  How about dependences?   The Domain Controller?  An SQL Server?   The point is you typically do start up your Demo environment in a particular order.

First off once you execute an

IMPORT-MODULE HYPERV

Execute a

GET-VM

and get the names of the Virtual Machines.  Once you have them, the rest of this is easy.

————– START-DEMOENV.PS1 ————————

# Import HyperV Management Modules from Codeplex
import-module hyperv

# Specify name of Powerpoint Presentation

$PPT=’c:\users\Administrator\Desktop\MyPowerpoint.pptx’

# Launch Powerpoint 2010 (32bit version)
# Just edit the Path and filename if you’re running a 64bit version instead or
# Previous version of Microsoft Office

& ‘C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE’ $PPT

# Launch VMConnect.exe connecting to the computer ‘localhost’
# and Virtual Machine called ‘HYPERV-DC1’ and the Virtual Machine called
# HYPERV-CLIENT

& ‘c:\Program Files\Hyper-V\vmconnect.exe’ localhost HYPERV-DC1
& ‘c:\Program Files\Hyper-V\vmconnect.exe’ localhost HYPERV-CLIENT

# Start the Child partition in Hyper-V called HYPERV-DC1
Start-VM "HYPERV-DC1"

# Sleep for 3 minutes (180 seconds) before starting up the client machines or those
# Dependant on your Demo Active Directory

Start-Sleep -Seconds 180

# Start the next machine (or machines) depedant on the Demo Active Directory
# environment.  this computer is called “HYPERV-CLIENT”

Start-VM “HYPERV-CLIENT"

————– START-DEMOENV.PS1 ————————

Now to have this script launchable from the desktop, you just need to create a shortcut pointing to the script and with the execution policy set

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file C:\Users\Administrator\Desktop\Start-DemoEnv.PS1 -executionpolicy ‘RemoteSigned’

 

The other script I have you may find handy is the one to undo all of this.   For each of these machines I have a single Snapshot created (always a good idea in a demo setup) to allow myself to rollback to a previous state.  So our next script will

  • Rollback to the original snapshot state of each of these machines.  The states are programmed originally to NOT startup automatically
  • Kill the Powerpoint presentation
  • Kill the Remote connections to the Child partitions in HyperV

 

————– END-DEMOENV.PS1 ————————

# Import HyperV Management Modules from Codeplex

Import-module HyperV

# Get Child Partition “HYPERV-DC1”, pull the Snapshot and Force a Restore

GET-VM "HYPERV-DC1" | Get-VMSnapshot | Restore-VMSnapshot –force

# Get Child Partition “HYPERV-CLIENT”, pull the Snapshot and Force a Restore

GET-VM "HYPERV-CLIENT" | Get-VMSnapshot | Restore-VMSnapshot –force

# GET VMCONNECT and POWERPNT – Shut them down

GET-PROCESS VMCONNECT | STOP-PROCESS
GET-PROCESS POWERPNT | STOP-PROCESS

————– END-DEMOENV.PS1 ————————

Like the previous script, we want a way to launch this with the execution policy set.

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file C:\Users\Administrator\Desktop\End-DemoEnv.PS1 -executionpolicy ‘RemoteSigned’

 

You of course may not have your scripts under the “Administrator” folder on the Desktop or be called END-DEMOENV.PS1 but that’s something you can always choose Smile

The nice part I like is the ability to have some consistency when start up just before you present to an audience.   The neater part is to notice something else.  Powershell launched standard executables in that run.

The Power of Shell is in YOU

Sean
The Energized Tech

FacebookTwitterGoogle+Share

Interviewed by Quest at MVP11

A good friend of mine from Quest, Dmitris cornered me with a video camera and decided to interview me

I apologize for my hoarse voice.  Apparently another good friend (who shall be named to protect his innocense) decided I should be a one man cheering squad for all the Canadian MVP’s.

No.  There is unfortunately NO video of that…. to my knowledge…

FacebookTwitterGoogle+Share

Interviewed by Quest at MVP11

A good friend of mine from Quest, Dmitris cornered me with a video camera and decided to interview me

I apologize for my hoarse voice.  Apparently another good friend (who shall be named to protect his innocense) decided I should be a one man cheering squad for all the Canadian MVP’s.

No.  There is unfortunately NO video of that…. to my knowledge…

FacebookTwitterGoogle+Share

The CN Tower Climb–and UNSTOPPABLE FORCE vs. the IMMOVABLE OBJECT

That’s right.

Sean went stupid or got really inspired (I’ll opt for really inspired)

I’m going to climb the CN Tower.  I’m going to try and do it.   In doing so I will surmount a goal for no other reason.

All funds go to the WWF (World Wildlife Federation, NOT… I repeat NOT the World Wrestling Federation)

And you can help.

Either chip in because

  • You want to change tomorrow
  • You need to burn some cash
  • You want to help a fat guy climb 4,000 plus steps
  • or you think Watching Sean faint at the sight of the CN Tower would be funny
  • or you just think I CAN’T DO IT

I intend to prove everybody wrong.  I intend to change your day, my day and my kids day

Oh heck, I intend to prove that the CN Tower is just a big concrete stick in the ground with Lousy Radio reception.

Donate here and help it all happen.  Smile 

Because you can, Because I will try.

JUST CUZ!

Click away and send what you can.  I’m going to do this anyhow, but you can help in the process and change tomorrow

FacebookTwitterGoogle+Share

The CN Tower Climb–and UNSTOPPABLE FORCE vs. the IMMOVABLE OBJECT

That’s right.

Sean went stupid or got really inspired (I’ll opt for really inspired)

I’m going to climb the CN Tower.  I’m going to try and do it.   In doing so I will surmount a goal for no other reason.

All funds go to the WWF (World Wildlife Federation, NOT… I repeat NOT the World Wrestling Federation)

And you can help.

Either chip in because

  • You want to change tomorrow
  • You need to burn some cash
  • You want to help a fat guy climb 4,000 plus steps
  • or you think Watching Sean faint at the sight of the CN Tower would be funny
  • or you just think I CAN’T DO IT

I intend to prove everybody wrong.  I intend to change your day, my day and my kids day

Oh heck, I intend to prove that the CN Tower is just a big concrete stick in the ground with Lousy Radio reception.

Donate here and help it all happen.  Smile 

Because you can, Because I will try.

JUST CUZ!

Click away and send what you can.  I’m going to do this anyhow, but you can help in the process and change tomorrow

FacebookTwitterGoogle+Share

Systems Center Data Protection Manager 2010–List the Contents and Status of your Tapes

Caught this one in Twitter today.  A fellow needed to know of a way to list the status of all the tapes on all his DPM Servers.

It makes sense.  You need to easily report on what tapes can be pulled, where the data is, which ones are expired.

I’m also not going to be done in just one posting.  There’s a lot here but I’ll list the important Cmdlets that pull the data.  The rest is a matter of Scripting it into a report

Our first task is pull all the Tape libraries together.  That’s done by using a

GET-DPMLibrary –DPMServerName ‘NameOfADPMServer’

You can then pipe that list of tape  libraries into

GET-TAPE

which will actually pull a list of all the tapes out for you as well.  Now for the tricky part.  Finding what’s on the tapes.   You have to pipe THAT into a

GET-RECOVERYPOINT

So a simple one liner will dump all the recovery points on TAPE like so

GET-DPMLibrary –DPMServerName ‘NameOfADPMServer’ | GET-TAPE | GET-RECOVERYPOINT

Ok neat, that worked.   But it’s not very useful is it?   I mean we need to know what TAPE each point is on and it would be a great thing to know which server has that tape.   Be even BETTER if we knew the library.

Well that’s doable.   We just script it.   Instead of just piping in and pooping out what we say (*sorry, I couldn’t resist…. no wait… yes I could…*) We could pull out the blocks of information and break them down.

So first …. let’s store away that list of libraries

$TAPELIBRARIES=GET-DPMLibrary –DPMServerName ‘NameOfADPMServer’

Now we can loop through each library and EXAMINE the tapes and show the contents

Foreach ($TAPELibrary in $TAPELIBRARIES) {

$TAPELIST=$TAPELibrary | GET-TAPE

Then we’ll step through the tapes and show their contents

Foreach ( $TAPE in $TAPELIST ) {

$RP=$TAPE | GET-RECOVERYPOINT

Then you step through each Recovery point for individual details

Foreach ($point in $RP) {

So how is this any better?   At this point you now have data that you can’t easily pull out of the pipe.  As you “PIPE” information into each Cmdlet, each Cmdlet is only going to pass along information IT is supposed to produce. So in writing a script we can now pull out specific information and build a report from it.  Or simply build it into CSV file.  There is certain Key useful information from each part we could use for a report.

 

From $TAPELibraries

UserFriendlyName – Nice name give to describe a particular tape unit

MachineName – We should be able to say which server any of these tapes and drives are on

 

From $TAPELlist

Barcode – for Easy Identification when removing from a Library

CreationDate – Good to know how old it is

DatasetState – Current or ready for Recycling?

DataWrittenDisplayString – How much is sitting on that tape?  How many Gigs/Megs?

IsOffsiteReady – Can we send this for offsite storage?

Location – What slot is the tape sitting it?

 

From $RP (our Recovery Points)

UserFriendlyName – Very descriptive name of what is on there

Size – How many Bytes is that sucker eating up

 

So what can we do with this?  Build a simple onscreen report like so.   Get the data from each line and spit out to the console (Hey, It’s late and I wanna go home, so you can play with it your own way) Winking smile

$TAPELIBRARIES=GET-DPMLibrary –DPMServerName ‘NameOfADPMServer’

$FILENAME=’C:\Powershell\DPMTapes.csv’

NEW-ITEM –path $FILENAME –itemtype File –force

$HEADER=’TapeLibrary,ComputerName,TapeLocation,TapeState,Barcode,CreationDate,RecoveryPointName,Size’

ADD-CONTENT –path $FILENAME –value $HEADER

Foreach ($TAPELibrary in $TAPELIBRARIES) {

     $TLUFN=$TAPELibrary.UserFriendlyName
     $TLMN=$TAPELibrary.Machinename

     $TAPELIST=$TAPELibrary | GET-TAPE

         Foreach ( $TAPE in $TAPELIST ) {

         $TapeLocation=$Tape.Location
         $TapeState=$Tape.DataSetState
         $TapeBarcode=$Tape.Barcode
         $TapeDate=$Tape.CreationDate

              $RP=$TAPE | GET-RECOVERYPOINT

              Foreach ($point in $RP) {

               $RPUFN=$Point.UserFriendlyName
               $RPSize=$Point.Size

                $OUTPUT=$TLUFN+’,’+$TLMN+’,’+$Tapelocation+’,’+$TapeState+’,’+$TapeBarcode+’,’+$Tapedate+’,’+$RPUFN+’,’+$RPSize

                ADD-CONTENT –path $FILENAME –value $OUTPUT

                }

       }

}

Yes…. I agree the script is horribly written and even worse for formatting Smile Yes we should have filtered too and made it nicer.

But now that you have this, you can tweak it away.  Add your own information.  Since it’s a CSV file, this can be played with in Excel, or just use a SEND-MAILMESSAGE after mining.

The Power is yours and the Power of Shell is in YOU

Sean
the Energized Tech

FacebookTwitterGoogle+Share