Wednesday, March 10, 2010

Novell Netware Fail

Click here to vote for this fail. 

Posted by at 10:13 PM 0 comments
Labels:

Monday, February 15, 2010

Powershell Remoting Again

The plan was simple:  Create a script to remotely rename several hundred machines to match the new organizational naming standard.  This would require pulling from several asset and employee databases as well as querying AD for user properties.  “Powershell should be great!”  The data pulls work fantastic, however, the rename not so much.  It seems Win32_ComputerSystem.Rename method doesn’t work remotely – and Powershell remoting isn’t actually like being on the local machine at all, apparently.  It is unfortunate that Win32_ComputerSystem doesn’t work remotely, and that we don’t have the Windows Management Framework deployed on the desktops so that we could simply run it as a login script.  Currently, we’ve got no way to restrict the powershell command prompt and we’re not keen on using software restriction policies just yet.  We’re examining the implications of deploying it to the organization.  Still, it is a bit of a letdown regardless that even with remoting it isn’t like being on the local system.  Looks like I may have to hack up some psexec solution.

Posted by at 1:24 PM 0 comments
Labels:

Monday, February 1, 2010

Powershell Remoting – First “Real” Encounter

I’ve been trying to get into the habit of using Powershell remoting when it is convenient and the I’ve got an active window or ISE.  I was testing a script which stores a password as a secure string, which of course is per-user.  I was surprised to learn that when in a remote session, the process expects delegation to be configured to execute the script.  I didn’t have time to see whether or not this was an intended behavior, but it looks like more and more I’m going to need to read through Windows PowerShell in Action Second Edition.

Posted by at 12:08 AM 0 comments
Labels: ,

Friday, January 22, 2010

When Under the Gun…

Now that our Network Operating System conversion project got a date that seems really close – February 3rd – I feel a bit of pressure, especially since my once-working task sequence built in MDT 2008 now “mostly” works.  I spent the better part of the day trying to troubleshoot why the domain join was no longer working, despite it prompting for valid username, credentials, and OU (and time and again my poor VM trying over and over with proper credentials and failing).  Eventually I added a recover from domain failure – manual – task in the sequence, manually joined the domain and proceeded.

I was then a bit shocked to see that my recently-deployed Windows Management Framework didn’t deploy from the internal WSUS server.  I haven’t checked the WSUS report or heard anything from the WSUS admin, so I figured that things had gone well.  The few servers I checked had installed properly, but my newly deployed and fully updated VM didn’t have Powershell 2.0 yet. 

I’m a bit reluctant to capture a whole bunch of stuff in the image as it pertains to updates as I’ve seen a forum post on technet today from folks recommending that users not update past a service pack for fear of changing build numbers and breaking a script.  I’ve yet to use a capture image, too.  Thus far I’ve simply used the base 2008 SP2 media and the task sequence – apparently, that is a no-no according to one post.

Posted by at 10:19 PM 0 comments
Labels: , ,

Windows Management Framework

Recently we were able to approve Windows Management Framework for distribution using WSUS.  If you haven’t heard, the WMF is a package of tools that enables administrators to do some great things.  Included in the Windows Management framework is Powershell 2.0, BITS 4.0, and WinRM 2.0.

The downloads come as two packages for Server 2008 and Vista, where BITS 4.0 is a separate installation.  The great news is however that Powershell 2.0 and WinRM 2.0 can be easily deployed.  With the help of Group Policy, servers enterprise wide can be enabled for Powershell remoting.  If you’re looking for the Windows 7 and Windows 2008 R2 links, don’t worry – though it isn’t apparent at first the “Windows Management Framework” simply combines features that are already available in Windows 7 and Windows Server 2008 R2 and makes them available to Windows Vista, Windows Server 2008, Windows Server 2003 and Windows XP.  I am quite excited to be able to use a single Powershell platform to manage servers.  Already we’ve been making great use of the new cmdlets in Powershell 2.0 such as Write-Eventlog to log our relevant information related to functions of servers, which we can then subscribe to or act upon using the built in tools in Vista, Server 2008, Windows 7, and Server 2008 R2.

*Update*

Jeffrey Snover [MSFT] asks

I would love to know
1) What sort of events you write to the log.
2) Are you using remoting? If so, how is that working for you.
3) What things would you like to see in the next version?”

Currently, we write the script results to the event log.  For example, the one script I’ve done so far queries hard disk space.  In the event it is too low, it will stop a service, delete some files that grow without releasing space automatically, then write the result of that action as well as the filenames to the custom event log.

2.  I used remoting for the first time today, just as a test.  I enabled the listeners via Group Policy for our ServersOU as well as the firewall rule for WS-Management 5895.  Haven’t had a chance to use this power a lot yet!

3.  Standard operators.  Although I’m getting used to “-eq” and “-lt”, years of “==” and “>” or “<” will be hard to break.  It is especially hard to transition when I go to the C# level to make a command line app or something that I’m not yet familiar enough with Powershell syntax to accomplish.  If there is a place to leave the suggestions please comment – I know my colleagues who use Powershell quite a bit more than me (800+ line identity management script at one point that has since been redone in C# as a service) will have more than a few suggestions.

Posted by at 10:07 PM 4 comments
Labels: , , ,

Wednesday, December 30, 2009

Microsoft Deployment Toolkit to aid in Netware to Windows Server Conversion

Just about a year ago I started messing around with the MDT 2008. I found it to be rather slick, despite the glaring crashes that happen frequently. Since then, MDT 2010 was released, and still it crashes. However, despite the rough edges, the results are very, very impressive. I haven't scratched the surface as to the power of how it can aid in any number of scenarios, but I have one in mind that will definitely be put to use.

I've created a task sequence that will install Windows Server 2008 SP2 (x86) if the hardware that installs the necessary roles for our file and print servers. What is so special about that? Well, it automatically partitions the drive, for one, then proceeds to do all sort of slick things like install applications, drivers, and custom scripts. If that sounds not so different than imaging, you're not far off. The MDT works in conjunction with Windows Deployment Services and can be used to capture images back to the WDS server. In fact, that is one of the recommended uses. For my purposes, however, it will deploy a new server preloaded with several applications that aren't "image friendly" thanks to their "tatoo" effect based on server name or other parameters. I've even added some custom Powershell scripts to the task sequence to automatically create a standardized folder structure for each branch office and create the shares with the proper permissions.

Once the new OS is loaded on the hardware, we're going to do a simple robocopy with a Windows XP workstation. This won't preserve any of the ACL's associated with the files, but in our environment that is part of what we're hoping for - to force the "crud" that has accumulated over the past 15 years to be sanitized a bit. Once the robocopy is complete, we simply power down the Netware server then re-IP the Windows server.

Printers will be pushed via Group Policy Preferences based on business logic using Item Level Targeting, and existing NDPS printers will be deleted from the machine based on a user login script that checks for a registry key that is also pushed via Group Policy preferences that has targeting based on the proper criteria.

Resources:

Posted by at 6:00 AM 0 comments
Labels: , , , ,

Monday, December 28, 2009

Sample Application using Groupwise Administrative Object API

Below is a copy of the source to a C# App that connects to a domain and creates a nickname for every user in the CSV. This code can be easily modified (and was in our case) to set the LDAP Authentication field in Groupwise to enable authentication via services such as Active Directory.

using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.IO;
namespace GWAdmin
{

class Program
{
[STAThread]
static void Main(string[] args)
{
StringBuilder sbLog = new StringBuilder();
StreamWriter swLog = new StreamWriter(@"C:\alias-to-nickname.log");
try
{
AdminTypeLibrary.System GWSystem = new AdminTypeLibrary.System();
string strPath = @"\\fs\vol1\gw\dom\primary";
GWSystem.Connect(strPath);
List list = parseCSV(@"C:\aliasnohead-test.csv");

foreach (string[] strarr in list)
{

string poName = strarr[3];
string owner = strarr[4];
string nickname = strarr[1];
AdminTypeLibrary.Domain domain = GWSystem.Domains.Item("primary");
AdminTypeLibrary.PostOffice po = GWSystem.PostOffices.Item(poName, domain);
AdminTypeLibrary.User3 user3User = (AdminTypeLibrary.User3)po.Users.Item(owner, po, domain);
if (user3User.PrefEMailID != null)
{
user3User.PrefEMailID = null;
user3User.ClearAddressFormat();
user3User.ClearAllowedAddressFormat();
user3User.ClearInternetDomainName();
user3User.Commit();
sbLog.AppendLine(DateTime.Now + " :: Cleared PrefEMailID from user: " + user3User.Name);
}
else
{
sbLog.AppendLine(DateTime.Now + " :: PrefEMailID for : " + user3User.Name + " was blank. Skipping...");
}
AdminTypeLibrary.AdminObject ao = (AdminTypeLibrary.AdminObject)user3User;
GWSystem.Nicknames.Add(nickname, ao, ao.PostOffice, ao.PostOffice.Domain);
sbLog.AppendLine(DateTime.Now + " :: Added nickname: " + nickname + " for owner: " + owner);
}

}
catch (Exception ex)
{
sbLog.AppendLine(DateTime.Now + " :: " + ex.ToString);
swLog.WriteLine(sbLog.ToString());
}
swLog.WriteLine(sbLog.ToString());
swLog.Close();

}
public static List parseCSV(string path)
{
List parsedData = new List();

try
{
using (StreamReader readFile = new StreamReader(path))
{
string line;
string[] row;

while ((line = readFile.ReadLine()) != null)
{
row = line.Split(',');
parsedData.Add(row);
}
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}

return parsedData;
}

}
}

Posted by at 10:03 PM 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)