PowerShell script is triggering the AD alert when executing on any local server. as user or computer
Hello All, I have PowerShell script which generates the data from each local server. This script tested and its working fine but the challenge is it trigger the alert on AD server as "user of computer logged on to this computer from the network" , but script is executing on any server not on AD. Why this is happening I am not able to find out it. Is the AD level security configured or hardening which is creating this problem. Where I do find the exact cause of this. Can any one help me please. I am attaching the script here for the reference. ############################Script##################### $Computer = $env:ComputerName $OutputDir = "c:\temp\" $Name = ($OutputDir + $Computer + "_LocalUser.csv") out-file -filepath $Name $OutputFile = $Name Add-Content -Path $OutPutFile -Value "ComputerName;OS;IP;UserID;FullName;SID;UserType;PasswordLastSet;Enabled;UserMayChangePassword;PasswordNeverExpires;InteractiveLogon;AccessDetails;LastLogOn;TimeZone" $LocalUsers = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount=True" | Select-Object -ExpandProperty Name $localgroups = Get-WmiObject Win32_Group -Filter “LocalAccount=True” | Select-Object -ExpandProperty Name $groupsOutput = $null $IP = $(((ipconfig | findstr [0-9].\.)[0]).Split()[-1]) if($PSVersionTable.PSVersion.Major -gt 4){ foreach($localuser in $LocalUsers) { $Name = $localuser $FullName = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty FullName $SID = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty SID $UserType = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty PrincipalSource $PasswordLastSet = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty PasswordLastSet $Enabled = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty Enabled $UserMayChangePassword = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty UserMayChangePassword $PasswordNeverExpires = (Get-LocalUser -Name $localuser | Select-Object -ExpandProperty PasswordExpires) -eq $null [Int]$i=0 $groupsOutput = "" $groups = (Get-LocalGroup | Where-Object { (Get-LocalGroupMember $_).name -eq "$Computer\$Name" }).Name foreach($group in $groups) { $i++ if($i -le 1) { $groupsOutput = -join ("$groupsOutput", "$group") } else { $groupsOutput = -join ("$groupsOutput", " / " ,"$group") } } $LastLogOn = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty LastLogOn $TimeZone = [regex]::Matches([System.TimeZoneInfo]::Local.DisplayName, '(?<=\()(.*)(?=\))').Value Add-Content -Path $OutPutFile -Value "$Computer;Windows;$IP;$Name;$FullName;$SID;$UserType;$PasswordLastSet;$Enabled;$UserMayChangePassword;$PasswordNeverExpires;;$groupsOutput;$LastLogOn;$TimeZone" } }else{ foreach($localuser in $LocalUsers) { $user = Get-WmiObject -query "SELECT * FROM Win32_UserAccount WHERE LocalAccount = 'True' and Name = ""$localuser""" $Name = $localuser $FullName = $user.FullName $SID = $user.SID $UserType = "Local" $PasswordLastSet = $(net user $Name| findstr /B /C:"Password last set") $PasswordLastSet = $PasswordLastSet.Substring(29) $Enabled = -not $user.Disabled $UserMayChangePassword = -not $user.PasswordChangeable $PasswordNeverExpires = -not $user.PasswordExpires $groupList = Get-CimInstance -ClassName Win32_UserAccount -Filter "Name='$name'" | Get-CimAssociatedInstance -Association Win32_GroupUser | Select-Object Name $groups = "" foreach($group in $groupList.Name){ $groups += $group + "," } $groups = $groups.Substring(0,$groups.Length-1) $LastLogOn = $(net user $Name| findstr /B /C:"Last logon") $LastLogOn = $LastLogOn.Substring(29) $TimeZone = [regex]::Matches([System.TimeZoneInfo]::Local.DisplayName, '(?<=\()(.*)(?=\))').Value $passwordNeverExpires = -not $user.passwordExpires Add-Content -Path $OutPutFile -Value "$Computer;Windows;$IP;$Name;$FullName;$SID;$UserType;$PasswordLastSet;$Enabled;$UserMayChangePassword;$PasswordNeverExpires;;$groups;$LastLogOn;$TimeZone" } }
Calculate Percent on Compliance SCCM Powershell by Device collection
I have a function that pulls compliance status of a software update deployment (assignment ID). I want to configure this to calculate percent of the status types (Success, Error, In Progress, Unknown) and I would also like to pull compliance status based on device collection name instead of the deployment ID as it is shown below. What I want to accomplish is automatically take a list of device collection names and run a software update deployment which organizes each collection by compliance percent (for each status), and then receive it by email every morning. I have several locations based on device collection, and I want to be able to differentiate which locations and devices are the problematic ones. This method makes tracking and reporting much easier and SCCM console will not have to be launched each individual time to get reporting. function Get-SCCMSoftwareUpdateStatus { [CmdletBinding()] param( [Parameter()] [switch] $DeploymentIDFromGUI, [Parameter(Mandatory = $false)] [Alias('ID', 'AssignmentID')] [string] $DeploymentID, [Parameter(Mandatory = $false)] [ValidateSet('Success', 'InProgress', 'Error', 'Unknown')] [Alias('Filter')] [string] $Status ) BEGIN { $Site_Code = 'ABC' $Site_Server = 'SYSTEMCENTERSERVERNAME' $HasErrors = $False if ($Status -eq 'Success') { $StatusType = 1 } if ($Status -eq 'InProgress') { $StatusType = 2 } if ($Status -eq 'Unknown') { $StatusType = 4 } if ($Status -eq 'Error') { $StatusType = 5 } } PROCESS { try { if ($DeploymentID -and $DeploymentIDFromGUI) { Write-Error "Select the DeploymentIDFromGUI or DeploymentID Parameter. Not Both" $HasErrors = $True throw } if ($DeploymentIDFromGUI) { $ShellLocation = Get-Location Import-Module (Join-Path $(Split-Path $env:SMS_ADMIN_UI_PATH) ConfigurationManager.psd1) #Checking to see if module has been imported. If not abort. if (Get-Module ConfigurationManager) { Set-Location "$($Site_Code):\" $DeploymentID = Get-CMSoftwareUpdateDeployment | select AssignmentID, AssignmentName | Out-GridView -OutputMode Single -Title "Select a Deployment and Click OK" | Select -ExpandProperty AssignmentID Set-Location $ShellLocation } else { Write-Error "The SCCM Module wasn't imported successfully. Aborting." $HasErrors = $True throw } } if ($DeploymentID) { $DeploymentNameWithID = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID" | select AssignmentID, AssignmentName $DeploymentName = $DeploymentNameWithID.AssignmentName | select -Unique } else { Write-Error "A Deployment ID was not specified. Aborting." $HasErrors = $True throw } if ($Status) { $Output = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID and StatusType = $StatusType" | ` select DeviceName, CollectionName, @{Name = 'StatusTime'; Expression = {$_.ConvertToDateTime($_.StatusTime) }}, @{Name = 'Status' ; Expression = {if ($_.StatusType -eq 1) {'Success'} elseif ($_.StatusType -eq 2) {'InProgress'} elseif ($_.StatusType -eq 5) {'Error'} elseif ($_.StatusType -eq 4) {'Unknown'} }} } else { $Output = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID" | ` select DeviceName, CollectionName, @{Name = 'StatusTime'; Expression = {$_.ConvertToDateTime($_.StatusTime) }}, @{Name = 'Status' ; Expression = {if ($_.StatusType -eq 1) {'Success'} elseif ($_.StatusType -eq 2) {'InProgress'} elseif ($_.StatusType -eq 5) {'Error'} elseif ($_.StatusType -eq 4) {'Unknown'} }} } if (-not $Output) { Write-Error "A Deployment with ID: $($DeploymentID) is not valid. Aborting" $HasErrors = $True throw } } catch { } finally { if (($HasErrors -eq $false) -and ($Output)) { Write-Output "" Write-Output "Deployment Name: $DeploymentName" Write-Output "Deployment ID: $DeploymentID" Write-Output "" Write-Output $Output | Sort-Object Status } } } END {} }
Using Powershell to Migrate SCVMM VM Network and IP Pools
I’m trying to migrate in VMM 2016 the VM Network, VM Logical Network, and all IP Pools that go with that network. See in the attached code block the first two sections do work OK. It finds and creates the logical network and the VM network from the source VMM server. When I run the 3rd section to read and create the Logical Network Definitions I get the error: New-SCLogicalNetworkDefinition : Unable to find the specified host group. The host group name may be incorrect, or the host group may have been moved or deleted. (Error ID: 1750)Verify that the host group name is correct, that the host group exists on the Virtual Machine Manager management server, and that the host group is in the specified host path. So its something with that -VMHostGroup $LND.HostGroups section. However if I run just the variable $LND.HostGroups it returns: PS C:\Windows\system32> $LND.HostGroups AllowUnencryptedTransfers : True CreationDate : 6/4/2013 4:34:35 PM Creator : ME\user Description : ID : 17441540-f13f-438f-ac3c-81994f2d440e InheritNetworkSettings : True IsFullyCached : True IsRoot : False MarkedForDeletion : False ModificationDate : 7/17/2017 9:23:13 AM ModifiedBy : ME\user Name : Group 1 Hosts ParentHostGroup : All Hosts Path : All Hosts\Group 1 Hosts ServerConnection : Microsoft.SystemCenter.VirtualMachineManager.Remoting.ServerConnection Any suggestions on how to get around this? This Logical network has about 100 IP Pools under it I would like to not have to manually re-enter on the new VMM server I am working on. # Find logical network being queried from SourceVMMsvr and Create it on DestVMMsvr $ReadLogicalNetwork = Get-SCLogicalNetwork -VMMServer SourceVMMsvr | Where-Object Name -eq “VM Logical Network 1” New-SCLogicalNetwork $ReadLogicalNetwork -VMMServer DestVMMsvr # Read VM Network on SourceVMMsvr and create on DestVMMsvr $VMNetwork = Get-SCVMNetwork -VMMServer SourceVMMsvr -LogicalNetwork $ReadLogicalNetwork New-SCVMNetwork -VMMServer DestVMMsvr -Name $VMNetwork.Name -LogicalNetwork $LNToCreate -IsolationType $VMNetwork.IsolationType -Description $VMNetwork.Description | Out-Null # Read the Logical Network Definitions from SourceVMMsvr and create on DestVMMsvr $LNDs = Get-SCLogicalNetworkDefinition -LogicalNetwork $ReadLogicalNetwork -VMMServer SourceVMMsvr ForEach ($LND in $LNDs) { $LNDToCreate = New-SCLogicalNetworkDefinition -VMMServer DestVMMsvr -LogicalNetwork $LND.LogicalNetwork.Name -SubnetVLan $LND.SubnetVLans -Name $LND.Name -VMHostGroup $LND.HostGroups # Read IP pools on this Logical Network and create on DestVMMsvr $IPPools = Get-SCStaticIPAddressPool -VMMServer SourceVMMsvr -LogicalNetworkDefinition $LND ForEach ($IPPool in $IPPools) { New-SCStaticIPAddressPool -VMMServer DestVMMsvr -LogicalNetworkDefinition $LNDToCreate -Name $IPPool.Name -Description $IPPool.Description -Subnet $IPPool.Subnet -Vlan $IPPool.VLanID -IPAddressRangeStart $IPPool.IPAddressRangeStart -IPAddressRangeEnd $IPPool.IPAddressRangeEnd -VIPAddressSet $IPPool.VIPAddressSet -DNSServer $IPPool.DNSServers -DNSSuffix $IPPool.DNSSuffix -NetworkRoute $IPPool.NetworkRoute -IPAddressReservedSet $IPPool.IPAddressReservedSet -WINSServer $IPPool.WINSServers -EnableNetBIOS $IPPool.EnableNetBIOS | Out-Null } }
Fetch Email of Login User In System Context
Dear Team, We are working on retrieving email address of the user joined to Entra ID from Entra-joined Windows devices, specifically while running in a system context.The whoami /upn command successfully returns the joined user’s email address in a user context, but it does not work in a system context, particularly when using an elevated terminal via the psexec utility.We also tested the dsregcmd /status command; however, in a system context, the User Identity tab in the SSO State section only appears when there is an error in AzureAdPrt. Under normal, healthy operating conditions, this command does not provide the user identity or the full domain username. We would greatly appreciate guidance on how to retrieve the Entra ID joined user’s email address in a system context, especially from those with prior experience in this area. Thank you for your support.Gui to deploy folder contents to multiple VMs
I am trying to improve imaging computers where I work. I need to create a gui for new hires since the imaging process is so complicated. I need the GUI to request necessary computer names that are being imaged and then copy files from a local workstation to the machines that are being imaged on the network that our technicians do not have physical access to. I have turned to Powershell for the solution in an attempt to improve on my knowledge which is basic really. Below is the code I have come up with so far. In this code I am getting the location of the file. I would rather copy the entire folder instead of the file but I couldnt find the code to do that. So, if that is possible please show me how. If not I figure I would have to save these imaging files to a ZIP file. Then I could maybe use this GUI I am working on to move the zip file to the remote computers. Add-Type -AssemblyName System.Windows.Forms # Create the form $form = New-Object System.Windows.Forms.Form $form.Text = "File and Network Location Collector" $form.Size = New-Object System.Drawing.Size(400, 200) # Create the label for file name $fileLabel = New-Object System.Windows.Forms.Label $fileLabel.Text = "File Name:" $fileLabel.Location = New-Object System.Drawing.Point(10, 20) $form.Controls.Add($fileLabel) # Create the text box for file name $fileTextBox = New-Object System.Windows.Forms.TextBox $fileTextBox.Location = New-Object System.Drawing.Point(100, 20) $fileTextBox.Size = New-Object System.Drawing.Size(250, 20) $form.Controls.Add($fileTextBox) # Create the label for network location $networkLabel = New-Object System.Windows.Forms.Label $networkLabel.Text = "Network Location:" $networkLabel.Location = New-Object System.Drawing.Point(10, 60) $form.Controls.Add($networkLabel) # Create the text box for network location $networkTextBox = New-Object System.Windows.Forms.TextBox $networkTextBox.Location = New-Object System.Drawing.Point(100, 60) $networkTextBox.Size = New-Object System.Drawing.Size(250, 20) $form.Controls.Add($networkTextBox) # Create the button to submit $submitButton = New-Object System.Windows.Forms.Button $submitButton.Text = "Submit" $submitButton.Location = New-Object System.Drawing.Point(150, 100) $form.Controls.Add($submitButton) # Add event handler for the button click $submitButton.Add_Click({ $fileName = $fileTextBox.Text $networkLocation = $networkTextBox.Text [System.Windows.Forms.MessageBox]::Show("File Name: $fileName`nNetwork Location: $networkLocation") }) # Show the form $form.ShowDialog() In this portion of the code it is copying from one source to many locations. Thank you for any assistance as this would help my organization a lot. We are getting several new hires who are very new to the industry. This would be a huge blessing. Pardon the change in font size. It did that for no reason, its my first time using the blog, and there appears to be no way to change the sizes lol. Forgive me. #Define the source folder and the list of target computers $sourceFolder = "C:\Path\To\SourceFolder" $destinationFolder = "C:\Path\To\DestinationFolder" $computers = @("Computer1", "Computer2", "Computer3") # Replace with actual computer names # Function to copy the folder function Copy-Folder { param ( [string]$source, [string]$destination ) Copy-Item -Path $source -Destination $destination -Recurse -Force } # Execute the copy operation on each computer foreach ($computer in $computers) { Invoke-Command -ComputerName $computer -ScriptBlock { param ($source, $destination) Copy-Folder -source $source -destination $destination } -ArgumentList $sourceFolder, $destinationFolder } Write-Host "Folder copied to all specified computers."