Recently we were requested to install CA signed certificates on our ESX hosts to pass a security audit.
The thought of doing this manually bored me! so I wrote the following script – which recursively puts each host into maintenance, installs new certificate, then reboots the host, takes it out of maintenance and tests the certificate! The script also produces a detailed log file.
Continue readingIn AWS, under the EC2 instances view, you can customize the details you want to see about your EC2 instances, however once you do that there is no way of generating a CSV based EC2 instance report using the AWS UI. Plus you don’t have the option of displaying properties such as the VPC or Subnet name – which is a little annoying as working with long ids can get difficult. To make the reporting process a little easier, I put together the script below – which generates a CSV based report.
NOTE – The resulting CSV report is extremely detailed – you can simply remove properties you feel are unnecessary for your reporting purposes.
Before you can run this script install the AWS PowerShell Modules.
Install-Module -Name AWSPowerShell
Then I would recommend creating an access key profile in the SDK store – by running the following in PowerShell.
Set-AWSCredentials -AccessKey AccessKey -SecretKey SecretKey -StoreAs ProfileName
And to make things easier maybe associate a region with that profile.
Initialize-AWSDefaultConfiguration -ProfileName ProfileName -Region eu-central-1
This is a script which will allow you to enable the Hot Add vCPU and Memory feature on all or a sub set of your VMs.
IMPORTANT NOTE – the script will recursively power off each VM defined in CSV (unless Hot Add is already enabled), apply the config then power each VM back on. So make sure you run this script in an outage window.
When creating the CSV, make sure to include the header row – Name.
The script will also generate a log file.
Continue readingJust a few scripts I put together in preparation for a migration project which involves NetApp HCI iSCSI storage.
The same PowerShell modules work with Solidfire arrays as well.
Instructions on how to install the PowerShell modules and use them are in the following links.
https://blog.netapp.com/getting-started-with-powershell-for-netapp-hci/
Use the following script to create multiple volumes.
CSV should include a single column with header “Name” followed by volume names.
Volume name example:
BOOT-LUN-esx011
$Account = Get-SFAccount esxiboot
$QoSPolicy = Get-SFQoSPolicy -Name qos-policy-1
$Volumes = (Import-CSV C:\temp\volumes.csv).Name
foreach ($Volume in $Volumes)
{
New-SFVolume -Name $Volume -AccountID $Account.AccountID -TotalSize 7 -GB -
Enable512e:$true -QosPolicy $QoSPolicy.QoSPolicyID
}
I’ve got a new version of this script at this link.
This is a simple script which will allow you to enable the Hot Add vCPU and Memory feature on all or a sub set of your VMs.
IMPORTANT NOTE – the script will recursively power off each VM defined in CSV, apply the config then power each VM back on. So make sure you run this script in an outage window.
When creating the CSV, make sure to include the header row – Name.
#Function to generate wait time progress bar
function Start-Sleep($seconds) {
$doneDT = (Get-Date).AddSeconds($seconds)
while($doneDT -gt (Get-Date)) {
$secondsLeft = $doneDT.Subtract((Get-Date)).TotalSeconds
$percent = ($seconds - $secondsLeft) / $seconds * 100
Write-Progress -Activity "Sleeping" -Status "Sleeping..." -SecondsRemaining
$secondsLeft -PercentComplete $percent
[System.Threading.Thread]::Sleep(500)
}
Write-Progress -Activity "Sleeping" -Status "Sleeping..." -SecondsRemaining 0 -
Completed
}
#Variables
$HotAddVMs = Import-CSV c:\temp\hot_add_disabled_vms.csv
$vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$vmConfigSpec.CpuHotAddEnabled = "True"
$vmConfigSpec.MemoryHotAddEnabled = "True"
Foreach ($VM in ($HotAddVMs)) {
#Shutdown Guest OS / Power off VM
Get-VM $VM.Name | Shutdown-VMGuest -Confirm:$false
#Wait for VM to power off before executing config cmd
section – in which case the config cmd will fail
while((Get-VM $VM.Name).PowerState -ne 'PoweredOff') {
Start-Sleep -Seconds 10
}
#Execute config cmd
$VMConfig = Get-View -VIObject $VM.Name
$VMConfig.ReconfigVM($vmConfigSpec)
#Power on VM
Get-VM $VM.Name | Start-VM
}
Last week I was looking for a way to bundle VM Hardware Upgrades with our monthly Guest OS patching. After the Guest OS is patched, it gets rebooted. The goal was to get the VMs to upgrade their hardware after the Guest OS is rebooted. And avoid having to power of the VMs to carry out the hardware upgrades.
It appears this is possible by changing the VM UpgradePolicy to “Always” and setting a VersionKey (i.e. the ESX compatibility level) using Powershell.
To prove that changing these VM settings I mentioned above actually triggers a Hardware Upgrade at Guest reboot, I built a test VM, then carried out the steps below.
I’ve simply used the scripts provided in this blog post. https://blogs.vmware.com/vsphere/2018/09/automating-upgrade-of-vmware-tools-and-vmware-compatibility.html
Continue readingAs Microsoft no longer supports creating local user accounts on domain machines using GPO, I’ve put together this script below to achieve this. However note that once the account is created it can be modified using GPO.
This script will create a local user account on a remote domain machine, set the account password to never expire and add the account to the local Administrators security group (or which ever other group you desire – just change variable).
Run this script on a domain controller server using a domain administrator account, before executing the script, create a txt or csv file containing all the names of the computers on which you wish to create the local user account on (and place it in the root of the C drive), and define the user account variables (such as username, password, description) in the variables section of the script.
#Define variables
$computers = Get-Content C:\Computers.txt
#$computers = Import-CSV C:\Computers.csv | select Computer
$username = "Username"
$password = "Password"
$fullname = "Fullname"
$local_security_group = "Administrators"
$description = "Description"
Foreach ($computer in $computers) {
$users = $null
$comp = [ADSI]"WinNT://$computer"
#Check if username exists
Try {
$users = $comp.psbase.children | select -expand name
if ($users -like $username) {
Write-Host "$username already exists on $computer"
} else {
#Create the account
$user = $comp.Create("User","$username")
$user.SetPassword("$password")
$user.Put("Description","$description")
$user.Put("Fullname","$fullname")
$user.SetInfo()
#Set password to never expire
#And set user cannot change password
$ADS_UF_DONT_EXPIRE_PASSWD = 0x10000
$ADS_UF_PASSWD_CANT_CHANGE = 0x40
$user.userflags = $ADS_UF_DONT_EXPIRE_PASSWD + $ADS_UF_PASSWD_CANT_CHANGE
$user.SetInfo()
#Add the account to the local admins group
$group = [ADSI]"WinNT://$computer/$local_security_group,group"
$group.add("WinNT://$computer/$username")
#Validate whether user account has been created or not
$users = $comp.psbase.children | select -expand name
if ($users -like $username) {
Write-Host "$username has been created on $computer"
} else {
Write-Host "$username has not been created on $computer"
}
}
}
Catch {
Write-Host "Error creating $username on $($computer.path): $($Error[0].Exception.Message)"
}
}