Quantcast
Channel: Windows PowerShell forum
Viewing all 21975 articles
Browse latest View live

Enter-PSSession: WinRM cannot process the request, Kerberos authentication error 0x80090322

$
0
0

Hi!

I've configured PowerShell Remoting on the server using Enable-PSRemoting commandlet.

But when I'm trying to connect to the server I'm constantly getting the following error:

PS C:\Users\sergeyp> Enter-PSSession SERVERNAME.DOMAINNAME.com
Enter-PSSession : Connecting to remote server SERVERNAME.DOMAINNAME.com failed with the following error message : WinRM cannot process the request. The following error
with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1+ Enter-PSSession SERVERNAME.DOMAINNAME.com+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : InvalidArgument: (SERVERNAME.DOMAINNAME.com:String) [Enter-PSSession], PSRemotingTransportException+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Also, in the System event log on a client computer I see the Security-Kerberos error described here:
http://technet.microsoft.com/en-us/library/52ddf7d9-a0e7-4c9d-be3c-3c35219f2d69.aspx

Error details:

Log Name: System Source: Microsoft-Windows-Security-Kerberos Date: 2/22/2013 1:42:39 PM Event ID: 4 Task Category: None Level: Error Keywords: Classic User: N/A Computer: ... Description:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server
SERVERNAME$. The target name used was HTTP/SERVERNAME.DOMAINNAME.com.
This indicates that the target server failed to decrypt the ticket
provided by the client. This can occur when the target server principal
name (SPN) is registered on an account other than the account the target
service is using. Please ensure that the target SPN is registered on,
and only registered on, the account used by the server. This error can
also happen when the target service is using a different password for
the target service account than what the Kerberos Key Distribution
Center (KDC) has for the target service account. Please ensure that the
service on the server and the KDC are both updated to use the current
password. If the server name is not fully qualified, and the target
domain (DOMAINNAME.COM) is different from the client domain
(DOMAINNAME.COM), check if there are identically named server accounts
in these two domains, or use the fully-qualified name to identify the
server.
...

And... I have identical WinRM configuration on the other server, and it works fine.

I'm using Windows Server 2008 Standard SP2 and PowerShell 3.0.

I'm logging in as a domain user.

Both client and server are in the same domain.

The SPN HTTP/SERVERNAME.DOMAINNAME.com doesn't exist, but the corresponding SPN also doesn't exist for the computer on which PS Remoting works fine!

Could somebody help me with identification of this error source, please?



Convert HTML to Excel keeping structure

$
0
0

Hi guys!

I run a script of mine on a fileserver 2008 R2; the script return a report in html but it's huge (50000 KB) so it takes a lot of time to load and i can't order it.

The function that create the html report is this:

Function Get-Report{
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory=$True,Position=0)]$Drives,
        [Parameter(Mandatory=$True,Position=1)][string]$Kind,
        [Parameter(Mandatory=$True,Position=2)]$Source
    )

    $Today = Get-Date -Format "dd-MMM"

    $Head = @"<Title>$Kind Report</Title><style>
        body {
            background-color:#FFFFFF;
            font-family:Verdana;
            font-size:12pt;
        }
        td, th {
            border:1px solid blue;
            border-collapse:collapse;
        }
        th {
            color:white;
            background-color:green;
        }
        table, tr, td, th { padding: 5px; margin: 0px }
        table { margin-left:50px; }</style>"@

    [xml]$html = $Drives | ConvertTo-Html -fragment

    for ($i=1;$i -le $html.table.tr.count-1;$i++) {
        $class = $html.CreateAttribute("class")
    }

    $Body = @"<H1>$Kind File Report for $Source</H1>
$($html.innerxml)"@

    $Log = $Kind + "Report" + $Today

    if(!(Test-Path -Path "C:\Powershell Reports")){
        New-Item -Path "C:\Powershell Reports" -ItemType directory
    }

    ConvertTo-HTML -head $head  -PostContent "<br><i>$(Get-date)</i>" -body $body |
    Out-File "C:\Powershell Reports\$Log.html" -Encoding ascii
}
And this is the output.Powershell output

Does anyone knows some easy function to convert and save the html output to an excel file keeping this structure?

Thanks!

A

Powershell script for number of Microsoft products in our company?

$
0
0

Hi,

I am looking for way to find out how many of our computers in our company are using for example:

Windows OS, like 7,8,8.1

Office 2007/2010/2013 suites

Visio/Project suites

Visual Studio

SQL Servers

I would need a query which asks all of the computers in AD do they have a licenses, is it valid (not that important), and most important number of machines using specified products.

Ofcourse query can be only for one product and then I adjust it to my likinings.

Get-ADComputer -filter * | get-wmiobject -class softwarelicensingproduct - i got only this but this is begineers stuf so please help.


Thanks,

set user inherit permissions check box using powershell

$
0
0

Hi All,

How can I set the the  "include inherit permissions from this objects parent" propertiy in Active Directory user object to a list of users using powershell.

This option is not checked for some of my users and I'll like to set it using a powershell script.

 

Thanks

Simon

 


MCSA, MCSE, MCITP:SA, MCITP:EA, MCITP:Enterprise Messaging Administrator 2010, CCNA

Update-Help cmdlet not able to update the help with https protocol.

$
0
0

Hi all,

 

I am using powershell 3.0 and trying to implement this updatable feature for our custom powershell module. But I getting the below error:


PS C:\Users\scorchsvc> update-help -Module <modulename> -Force
update-help : Failed to update Help for the module(s) 'modulename' : HelpInfoURI
 https://10.65.182.141/dev_releases/modulename/onlinehelp does not start with http.
At line:1 char:1
+ update-help -Module modulename-Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (HelpInfoUri:Uri) [Update-Help], Exception
    + FullyQualifiedErrorId : InvalidHelpInfoUriFormat,Microsoft.PowerShell.Commands.UpdateHelpCommand

I am able to get this work if I use "http". Error message clearly says that it only expects http. But in the Microsoft help topic for Update-Help cmdlet, it is mentioned that cmdlet works for both http and https both.

Here are my enteries:

  • HelpInforURI entry in module manifest file is:

                    HelpInfoURI = "https://10.65.182.141/dev_releases/modulename/onlinehelp"

  • HelpContentURI in HelpInfo.xml file is:

                   <HelpContentURI> https://10.65.182.141/dev_releases/modulename/onlinehelp</HelpContentURI>

 

I am running powershell as an administrator.

I am not behind any proxy.

Windows firewall is off.

I am mentioning it again that I am able to update help for our custom module if I use http in HelpInfoURI.

 

Can any one please help?

 

Thanks,

Vinay Ravish.

Export user in active directory with all their properties

$
0
0

Hello,

i'm trying to export all users from active directory with all their properties but i only get a few of them;

code used:

Get-ADUser -Filter * Properties *  | Export-Csv all_adusers.csv 

what can i do to get all their properties ?

thanks,
Marius

Get Pst files and move

$
0
0

Hi , all

difficult situation below :

i have another script that get me all pst name + Their path  that connected to my outlook :

$usr=[Environment]::UserName $dmn=[Environment]::UserDomainName $comp=[Environment]::MachineName $outlook = New-Object -comObject Outlook.Application $final=$outlook.Session.Stores | where { ($_.FilePath -like '*.pst')} | select FilePath$final >> c:\3.txt$new = import-csv c:\3.txtdel c:\3.txtforeach($line in $new){$line = $line.trim()'"'+$line+'"'>>c:\3.txt}

Result :

"FilePath"
"C:\Users\mtest\Desktop\My Outlook Data File(1).pst"
"C:\Users\mtest\Documents\My Outlook Data File(2).pst"
"C:\Users\mtest\Pictures\My Outlook Data File(3).pst"
"C:\Owo.pst"

as you see all pst files exists in different location , i would like to special script that know read the paths of pst and move them to specific location like X: or whatever


I have a script that "move " all my pst files to new location , see below the script :

Get-ChildItem -Path "C:\Users\mtest\Documents\Outlook Files\" -Filter *.pst -Recurse | Move-Item -Destination "x:\"

my problem is that my script knows to move them from specific location to specific destination , maybe there are another options that can read several path and perform move ? 

Thank you very much for the effort




My Website:www.Pelegit.co.il Mcitp /Mcsa 2012

ps1 file opens with Notepad and won’t run

$
0
0

PowerShell Documentation states that I only need to double-click PowerShell script (extension “ps1”) in order to run it.
This does not happen; instead Notepad opens ps1 script for editing. Set ExecutionPolicy to “RemoteSigned” to no avail.


Is documentation not specific or is there another problem on my PC (Vista Ultimate x86)?


Thank you.


Unable to find type [Microsoft.TeamFoundation.Build.Workflow.WorkflowHelpers]

$
0
0

I'm trying to queue a TFS Build from Powershell passing custom process parameters.  I'm getting the following error:

Unable to find type [Microsoft.TeamFoundation.Build.Workflow.WorkflowHelpers]: make sure that the assembly containing this type is loaded.

At line:19 char:1

+ $paramValues = [Microsoft.TeamFoundation.Build.Workflow.WorkflowHelpers]::Deseri ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (Microsoft.TeamF...WorkflowHelpers:TypeName) [], RuntimeException

    + FullyQualifiedErrorId : TypeNotFound

I'm getting quite frustrated and I know it's something really simple!  Any ideas?

function Get-BuildServer
    {
    param($serverName = $(throw 'please specify a TFS server name'))
    [void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.TeamFoundation.Client")
    [void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.TeamFoundation.Build.Client")
    $tfs = [Microsoft.TeamFoundation.Client.TeamFoundationServerFactory]::GetServer($serverName)

    return $tfs.GetService([Microsoft.TeamFoundation.Build.Client.IBuildServer])
    }

# SAS: Get the Build Server
$buildserver = Get-BuildServer "http://tfsserver:8080/tfs/My%20Project%20Collection"

# SAS: Set the parameters (Team Project and Build Definition)
$teamProject = "MyProject"
$buildDefinition = "MyDefinition"

# SAS: Get the build definition
$definition = $buildserver.GetBuildDefinition($teamProject, $buildDefinition)

# SAS: Create the build request
$request = $definition.CreateBuildRequest()

# SAS: Deserialise the Process Parameter for the Build Definition
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.TeamFoundation.Build.Workflow")
$paramValues = [Microsoft.TeamFoundation.Build.Workflow.WorkflowHelpers]::DeserializeProcessParameters($request.ProcessParameters)

# SAS: Set the parameter(s)
$paramValues.Item("asdf") = "new value"

# SAS: Serialise the Process Parameter for the Build Definition
$request.ProcessParameters = [Microsoft.TeamFoundation.Build.Workflow.WorkflowHelpers]::SerializeProcessParameters($paramValues)

# SAS: Queue the build
$buildserver.QueueBuild($request, "None") 


Simon Sutherill


GPO - (Logon) powershell script - Not executing

$
0
0

Hi everybody,

So I setup a logon script to map some network drives depending on the group membership of a user:

$user = $env:username

# Get-ADUser $user -Properties *

(Get-ADUser $user -Properties *).MemberOf | foreach {
    if ($_ -match "instream - Shares Users") {
        New-PSDrive –Name “N” –PSProvider FileSystem –Root “\\instream.local\GlobalShares\instream” –Persist
    }

    if ($_ -match "CSI - Shares Users") {
         New-PSDrive –Name “M” –PSProvider FileSystem –Root “\\instream.local\GlobalShares\csi” –Persist
    }
}


They are setup as persistent so they are available after the session ends. If I run it manually it works. But with the GPO it does not.

I have added it to a logon policy and it is running last.

Now here is some additional information, from what I know, Machine Policy pre-empts all others:

Get-ExecutionPolicy -List

                                 Scope                                             ExecutionPolicy
                                 -----                                             ---------------
                         MachinePolicy                                                Unrestricted
                            UserPolicy                                                   Undefined
                               Process                                                   Undefined
                           CurrentUser                                                   Undefined
                          LocalMachine                                                RemoteSigned

But when I try to run the script manually:

Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by
a policy defined at a more specific scope.  Due to the override, your shell will retain its current effective
execution policy of Unrestricted. Type "Get-ExecutionPolicy -List" to view your execution policy settings. For more
information please see "Get-Help Set-ExecutionPolicy".
At line:1 char:46+ if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process  ...+                                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException+ FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand

Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning
message. Do you want to run
\\instream.local\SysVol\instream.local\Policies\{47F0D016-3BF4-440C-ADE4-84F5A3403605}\User\Scripts\Logon\Map Network
Drives.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"):

Any idea why it is not working ?

Best regards,

Export Users and their Group memberships from OU

$
0
0

I am looking to use Powershell in order to export users and their group memberships from a specific OU.  The OU contains about 300 members with various group memberships for each.  I would like to export this information into Excel.

Is anyone familiar with a Powershell script that would be capable of this?  I understand using the Get-ADUser and Get-ADUserGroups will be used, but I am unsure of how to break down to users only in a specific OU and export to Excel.

Any help is appreciated.

Thank you.

Retrieve User Session count of Web Application

$
0
0

I was wondering if anyone knew how to or if it is even possible to get a web application user session count?

I can get that session count at the Web Site level by doing

Get-Counter "\\$ServerName\web service($website)\current connections"
Since our web site host an n number of web applications, a user connected to the site but using a specific application, so I would like to know what app they are actually using, is this possible?


If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

Don't Retire Technet

Import-CSV to bulk Update AD Attributes

$
0
0

Hello, I am trying to import a csv to do some clean up on some AD account’s.

My question is similar to this post https://social.technet.microsoft.com/Forums/windowsserver/en-US/031f084b-b9b3-4d17-9783-75796db16fab/importcsv-to-update-setaduser-but-skip-fields-that-are-null But I can’t seem to use that example it to work for my needs.

I have exported the user properties to csv and used excel to make the updates.

Now I just need to import the updated csv to write the new attribute values. Here is the script I am starting with

$cv = Import-Csv .\test.csv
foreach ($User in $cv){
Set-ADUser $User.sAMAccountName -Replace @{Description = $User.description; Customattribute1 = $User. Customattribute1; Customattribute2 = $User. Customattribute2}
}

And this works as long as there are no blanks. But I get an error when a field is intentionally blank in effort to clear out all contents of an attribute from some users.

Here is the CSV. For this test I am wanting to clear out the value of Customattribute1 for the second user.

givenName,Surname,sAMAccountName,description,Customattribute1, Customattribute2

John,Smith,John.Smith,descrip1,catt1,catt2

Bill,Smith,Bill.Smith,descrip2,,catt2

I have tried  this but I get an error missing ‘=’ operator after key in hash literal.

Set-ADUser $user.sAMAccountName -Replace @{

                                if(($user. Customattribute1-eq $null)){ Customattribute1= $null;}

if(!($user. Customattribute1-eq $null)){ Customattribute1= $User. Customattribute1;}

if(($user. Customattribute2-eq $null)){ Customattribute2= $null;}

if(!($user. Customattribute2-eq $null)){ Customattribute2= $User. Customattribute2;}

Any help in fixing this and maybe telling me what I was doing wrong would be appreciated.

Thanks,

Robert

Pwershell script

$
0
0
need to retrieve information (sp_configure)from multiple SQL server with powershell script.But sp_configure doesn't have sql server name when it provide the output.I need output of sp_configure with server name in powershell script since I am retrieving information from multiple server.

storing encrypted strings (DPAPI clarification)

$
0
0

Hello, 

I have used the following code to store an encrypted string. Note, UserA is not the user logged on but rather the user that was used to run PowerShell (i.e. RunAs). 

PS C:\Users\Administrator> whoami
testdomain\userA
PS C:\Users\Administrator> $string = Read-Host -Prompt ‘Enter String’ -AsSecureString | ConvertFrom-SecureString | Set-Content ‘c:\encString.txt’

After having read up on the DPAPI it's my understanding that the key used for encryption is UserA’s “logon credential”.  When I then run PowerShell under UserB's context (i.e. RunAs) and try pull in the encrypted string I receive the expected error seen below.

PS C:\Users\Administrator> whoami
testdomain\userB
PS C:\Users\Administrator> $UserAEncString = Get-Content ‘c:\encString.txt’ | ConvertTo-SecureString
ConvertTo-SecureString : Key not valid for use in specified state.
At line:1 char:47
+ $UserAEncString = Get-Content c:\encString.txt | ConvertTo-SecureString+                                               ~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

This is obviously normal because UserB's logon credential is different than UserA's. I'm looking for clarification / confirmation that the only user that will be able to leverage the encrypted string in a credential is UserA. An example of what I mean by leverage a credential is listed below. 

PS C:\Users\Administrator> whoami
testdomain\userA
PS C:\Users\Administrator> $UserAEncString = Get-Content ‘c:\encString.txt’ | ConvertTo-SecureString
PS C:\Users\Administrator> $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'MyUser',$encString
Thanks!





Folder that is there but not there; script delete options?

$
0
0

I am seeing a strange behavior with Autodesk AutoCAD Architecture, which creates two seemingly identically named 'Autodesk' folders in My Documents. If you click on them they each contain very different things.

However, Get-ChildItem 'C:\Users\USERNAME\Documents' | ?{ $_.PSIsContainer } | Select-Object FullName returns just a single folder name. Properties of both claim they are folders, and with very different content. Remove-Item 'C:\Users\Px_User\Documents\Autodesk' -recurse will delete one of them, but the second attempt fails, claiming the folder is not there. 

My guess is that there is something jacked up in the permissions. Autodesk is well know for screwing this kind of thing up. But I am trying to figure out, what, if anything, can I even do? If the user doesn't have admin rights, then nothing scripted can be used to delete this junk folder, that of course gets left behind when ACAD is uninstalled because Windows/Autodesk uninstallers are total junk. So very frustrating how much crap gets left behind.

Obtain Name, Department ID from List of AD Users.

$
0
0

I'm trying to figure out how to obtain the Name and department fields from all the members of an AD group named "TS Users"

I have obtained the a list of users Names and SamAccountName and placed it within a Users.txt file on the root of my C:\

Get-ADGroupMember -Identity "TS Users" | select SamAccountName, Name | Ft -auto | out-file c:\users.txt

I'm having trouble figuring out how to writing the Foreach-object within the C:\users.tst { Get-ADUser -Identity -Property Department}

Thanks you.. 

Help parse CSV file using powershell to create Report

$
0
0

I have an excel file that holds some information on several computers.  I was hoping to figure out a way to get some needed information and create some calculations that I've been able to create with the use of this forum.

SERVER_NAMEOSDISK_DRIVE
Server01Microsoft Windows Server 2008 R2 Standard  Service Pack 1C:^116.03 GB Total^45.18 GB Free^S:^20 GB Total^7.53 GB Free
Server02Microsoft Windows Server 2008 R2 Standard  Service Pack 1C:^59.9 GB Total^22.52 GB Free^S:^20 GB Total^7.35 GB Free
Server03Microsoft Windows Server 2008 R2 Standard  Service Pack 1C:^60 GB Total^29.01 GB Free^S:^20 GB Total^3.35 GB Free
Server07Microsoft Windows Server 2008 R2 Standard  Service Pack 1C:^60 GB Total^21.15 GB Free^D:^274 GB Total^31.42 GB Free^S:^20 GB Total^3.38 GB Free
Server08Microsoft Windows Server 2008 R2 Standard  Service Pack 1C:^60 GB Total^14.59 GB Free^D:^50 GB Total^16.7 GB Free^E:^60 GB Total^31.26 GB Free^F:^40 GB Total^21.54 GB Free^S:^25 GB Total^6.74 GB Free

I'm not sure who to get the data so I can work with the Disk_Drive column.  Every time I use:

import-csv c:\computers.csv, I start getting a bunch of errors.  My guess it's due to the "^" but know sure how to parse those out.

Secondly, I need to break out the C/D/E etc drives so I can calculate SizeGB/UsedGB/FreeGB from the Disk_Drive column.

Please let me know if more data is needed.

Thanks


Jr. Admin

Edit Excel file opend

$
0
0
After open an Excel spreadsheet manually, is there a way to use PS to edit it without open another copy?

get-aduser -filter doesn't show users in OUs and SubOUs

$
0
0

hi friends

in my Active Directory, in default "Users" container, have created a group named "helpdesks".

i have also some OUs and SubOus which each contains some users.

i need to get all users in my entire domain which are not member of helpdesks group.

Get-ADUser -SearchBase -Filter {memberof -notlike  'cn=helpdesks,cn=users,dc=mydomain,dc=lab' } | select name

Get-ADUser -SearchBase 'dc=mydomain,dc=lab' -searchscope subtree -Filter {memberof -notlike  'cn=helpdesks,cn=users,dc=mydomain,dc=lab' } | select name

but all commands get only these 3 accounts : administrator , Guest , krbtgt

( and not those accounts which are in ou-users , users-marketing subou & any other locations )

strange !

any idea

thanks in advanced




Viewing all 21975 articles
Browse latest View live