Powershell - Invoke command used for Get-AppLockerFileInformation Windows 2008

This script which I have written can be used for getting app-locker event information from remote computers using power-shell on windows 2008 servers.

 

Invoke command calls applocker.ps1 on remote computer mentioned and exports the output to csv format, this can be converted to batch file to run on multiple servers

The .ps1 file and the .csv file will be on the source computer from which we are running this power-shell script. Before you run this script make sure power-shell remote management is enabled on the remote computers.

invoke-command -filepath C:\scripts\applocker.ps1 -computername servername | Export-csv c:\scripts\applocker\servername.csv

Content of applocker.ps1
-----------------------------------------------------------------------------------
Import-Module AppLocker
Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-Windows-AppLocker/EXE and DLL"
Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-Windows-AppLocker/MSI and Script"
-----------------------------------------------------------------------------------

PowerCLI script for deleting specified user account from ESX/ESXi hosts

vSphere PowerCLI: Windows PowerShell interface for managing vSphere is very powerful tool that can be used for managing large environments running ESX/ESXi servers.

I have tried writing a Powercli script for deleting specified user account from ESX host

This script reads the server names from servers.txt file and connects to each ESX server in txt file and removes the account mentioned in the script code, you can add additional commands to remove multiple users from a ESX/ESXi host.

Disadvantage of this script is that you need to enter root password every time it scans the each esx host in servers.txt file. Save this script as .ps1 file and enter the esx server names in servers.txt file

$hostx = get-content -path "c:\servers.txt"
foreach ($ESXhost in $hostx)
{
Connect-VIServer $ESXhost
Get-VMHostAccount -ID username | Remove-VMHostAccount -Confirm
}

Here "Username" is the user account to be deleted on the ESX servers mentioned in "Servers.txt" file

VSS - System writer not found in backup windows 2008 std sp2

We'll discuss about a VSS backup issue on windows 2008 Sp2 virtual machine running on VMware platform

System writer is not found in the backup

Whenever we tried to run system state backup using wbadmin, the system state backup used to fail with the below error

WBADMIN error:
-----------------------------
U:\>wbadmin start systemstatebackup -backuptarget:e:
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.

Starting System State Backup [5/21/2012 8:21 PM]
Retrieving volume information...

This would backup the system state from volume(s) System(C:),Data(E:) to e:.
Do you want to start the backup operation?
[Y] Yes [N] No y

Creating the shadow copy of volumes requested for backup.

Summary of backup:
------------------

Backup of system state failed [5/21/2012 8:22 PM]

Log of files successfully backed up
'C:\Windows\Logs\WindowsServerBackup\SystemStateBackup 21-05-2012 20-22-43.log'

Log of files for which backup failed
'C:\Windows\Logs\WindowsServerBackup\SystemStateBackup_Error 21-05-2012 20-22-43
.log'

System writer is not found in the backup.
-----------------------------


"vssadmin list writers" - all the writers were visible and stable

No errors in application or system event log. Tried procmon to see if any permission issues, no clue found in procmon

Server had symantec backup exec , SQL and IIS installed.

Tried the below article http://support.microsoft.com/kb/2009272, however this didnt worked.

Enabled vss tracing and found below messages in trace log "Error while obtaining an interface interface 0x80004002 HRESULT EXCEPTION CAUGHT: hr: 0x80042308"


Solution:

Check for any recent changes performed on the server. For example disk expansion, disk drive letter change, patch installation.. etc

After looking few days back we found there was a change performed on the server to change drive letter of the partition on which SQL was installled

During the above change the SQL services were still pointing to old partition and application team had uninstalled SQL manually and the OLD SQL services remained in registry pointing to old partition/drive letter.

We can identify non-present services in system information window -- start --> all programs --> accesssories --> system tools --> system information --> Software environment --> services --> sort services by Error control

Reference MS article http://blogs.technet.com/b/askcore/archive/2010/06/18/reasons-why-the-error-enumeration-of-the-files-failed-may-occur-during-system-state-backup.aspx

Now we have identified the non-present services(services which are having invalid path or which doesnt exists at all but remain in registry), next step is to remove the non present services from registry and reboot server, To do this.. regedit --> HKLM --> SYSTEM --> Currentcontrolset --> Services . Identify the service and delete it from registry.


Last step is Remove any third party vss provider installed on server, Our server had symantec backup exec provider which got installed with Symantec backupexec

To remove symantec backup exec provider from registry perform these steps --> regedit --> HKLM --> SYSTEM --> Currentcontrolset --> Services --> vss --> Providers . Remove provider from symantec backup exec.

Once the above steps were performed MY SYSTEM STATE BACKUP WAS SUCCESSFULLY COMPLETED WITHOUT ANY ERRORS.

Get CPU core information using Power-Shell

How to get cpu core information on windows 2003 and 2008 servers ?

The answer is here its just simple we can get CPU core information on all the servers provided in servers.txt file using power-shell script which uses WMI to get CPU core information from remote macines.

Save the below content to file coreinfo.ps1 and mention the server names in servers.txt file
----------------------------------------------------------

$Computers = Get-Content "C:\coreinfo\servers.txt"

ForEach ($cn in $computers)
{

Get-WmiObject Win32_Processor -ComputerName $cn | format-table SystemName, numberofcores, NumberOfLogicalProcessors –AutoSize
}

----------------------------------------------------------

The above script has been tested on windows 2008 servers and works perfectly fine

To run this script on Windows 2003 server machines you need to install below mentioned patches(whichever applies)

Windows 2003 Sp2 

http://support.microsoft.com/kb/936235 

http://support.microsoft.com/kb/932370