Category Archives: PowerShell

How to change the Friendly Name on a certificate -Windows

I ran into the situation where someone created and applied a certificate in IIS and the friendlyName was wrong. During automatic deployments of the software, they would call into the cert store and select the certificate to use for their 443 bindings based on the friendly name. The certificate was named wrong and wouldn’t get applied during deployment or it would apply the wrong one.

Here is how to fix this using PowerShell without re-issuing the certificate.

Open up PowerShell with administrative rights and change your location to the certificate store.

We will change the certificate with the thumbprint named wrong_internal_wildcard to right_internal_wildcard

In the above example, I have done the following:

    Opened Powershell
    Set-Location to the certificate store by typing Set-Location cert:
    Listed out the certs by typing Get-ChildItem
    Located the cert I wanted to change the friendly name of
    Put that cert in a variable so I could view it’s properties
    Verified that the cert is the right one by typing $cert.friendlyname
    Then changed the friendlyname by typing $cert.FriendlyName = “right_internal_wildcard”
    lastly, I verifed the cert friendlyname by typing $cert.FriendlyName

    • Google Plus
    • Facebook
    • Twitter
    • Delicious
    • LinkedIn
    • StumbleUpon
    • Add to favorites
    • Email
    • RSS

Disable SSLv2, SSLv3 and Enable TLS 1.2 and pass Qualis SSL Test

I was tasked with securing one of our internet facing web servers against the POODLE SSL vulnerability and weaker old SSL technologies. After doing many searches online, I finally wrote a script to run against our Windows 2008 R2 server to disable the protocols in IIS via the registry. The following is a simple script that you can run to change the STUNNEL ciphers to make your server secure.

FIRST and most important, backup the registry hive that you will be changing. << You have been warned! Do this by going to the following hive and right clicking it and exporting the hive:

HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

Then simply run this script and reboot your server:

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

SSH with Powershell: Backup multiple Cisco devices

Today, I was asked to write a script to connect to all our Cisco devices and backup the configs to our fileserver. After a few hours of figuring it out, this is what I came up with

You ONLY need a READ ONLY account on the Cisco devices.

We run this every day at 2:00 AM and backup many Cisco devices.

I downloaded and use this SSH.NET Library: SSH With Powershell

You have to move it to your powershell modules directory and then import-module

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

How To: Import AD Users from .csv file

I had a project that required me to make over 40 domain accounts. I decided that it was time to create all the domain accounts with a Powershell script. The script I came up with uses an import csv file with all the accounts and info I needed in it. Make sure you take the time to plan a naming convention for your AD accounts. In this case, they were a type of service account for many different environments. To keep it quick, I decided to not auto-gen the passwords so I simply put them in the csv file and removed them when I was done. Well, it took me a day or so to figure out my script to create ad accounts because I had problems…

My troubleshooting was a bit flawed but I didn’t know it until the very end (After running for all the users). I was having problems with the script ending in error . This is a very generic error. I knew that my accounts had spaces in them for $GivenName $Surname and $Name. So, I went through the trouble making sure that my variable properties with spaces had “” around them. Yes, that’s a pair of double quotes. My Display name I wanted to use had GivenName and Surname in it with a space. So it looks like this: Displayname = ($User.”GivenName”+” “+$User.”Surname”). The quotes around “GivenName” allowed me to use two names in the GivenName column of the .csv file and the same for “Surname”. This way I can create an account that looks like: First Second Third Forth. In other words, my “GivenName” in my CSV was First Second so I had to put “” around it in the script so it would read it as one word. What I missed is after everything was put together, the fields were over 20 characters. Well, the limit on Windows 2008 Account “Names” is 20 characters. Until I ran my script and found that it didn’t create about 1/2 of them, I started analyzing the .csv file to figure out why it didn’t work. I found out that the ones that didn’t get created are the ones that were over 20 characters.

Here is the script. You will notice that I’ve got a comment in the script for the .csv file’s header fields. You can add to them or remove as needed. I think it’s easier to view the powershell references on Microsoft’s site. Here is the link to Set-ADUser cmdlet: http://technet.microsoft.com/en-us/library/ee617215.aspx. For each property, you need it in the script and in the .csv file. If there are special characters or spaces. Remember to use the “” around it in the script. Also, make sure you are not exceeding the field length in AD for each property. The sAMAccountName (pre-Windows 2000 logon name) is limited to 20 characters for user objects. This is what got me a few times 🙁

Let me know if you need anything below explained! I’ll answer all comments on this the same day if I can.

I’m a seasoned Systems Administrator with experience starting in the early 90’s when 286 computers with 20 and 30 Mhz processors running Windows 3.1 which was the newest operating system.

…and that’s the way Ed does it 🙂 — Thanks Scott J. for that 🙂

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Connect remotely to a computer with powershell and get ipconfig /all from it

Are you looking to connect remotely to a computer and run powershell commands. Below is a simple one liner that will connect to a computer and get the ipconfig /all and display it on your computer.

If it doesn’t work, you may have to enable WinRM on the remote computer. This can be done with group policy or simply typing Winrm quickconfig at the command prompt on the computer you want to connect to. This has to be done before hand so there may be some prep involved but when you have Winrm enabled on all your computers, you can connect with powershell and run all sorts of commands.

Here is

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

How to Get The Logged On User on a Remote Windows Machine

This one is super cool and you will amaze your boss. Many times, I’m asked if I can find who is logged into a machine.

As long as you have PSRemoting enabled across your network you can run this:

Also replace IP or name with the IP address or computer name of the computer

or you can do a | select * and it will give you more info.

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

How to Search Files Recursivly and Replace content in files

I was tasked to search many files in a directory structure and find content in each file and replace that content. The directory has MANY types of files in it so I had to search for a certain type of file, then search inside that file and replace a string if found.

So, I did this:

Get-ChildItem | ForEach-Object Get-Content -replace and then Set-Content

change *File.Type* with the filetype you want to search for. It could be a *.log or a *.bak

Change string1 to what you’re looking for and string2 to what you want to change it to.

NOTE: This code will save the file with a new date even if it doesn’t replace the string. One minor issue that you must be aware of because if you later want to search for all old files and delete them, it wont find old ones that you’ve touched with this script because of the date change. I’m working on a new version that only saves the file if the string is found in it. Feel free to comment if you got the answer to this 🙂

Here is the code:

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Script to get a distribution list membership easily

Throughout my years as a System Administrator, I’ve been asked repeatedly to produce a list for someone of the contents of a distribution list. I searched and found some scripts out there and ended up modifying one that now fits my needs.

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Move a Virtual Machine from one host to another

After building a new set of VMware ESX servers in a new vCenter cluster, I was tasked with moving around 200 virtual servers from the old cluster to the new cluster. To do this in an orderly fashion and to make sure I didn’t miss a step, I turned to Powershell to help me accomplish the task. The below script does the following:

  • Validates that you’re logged in using an admin account. Hopefully, you are and your naming convention for all your admin accounts is the same. Simply edit that part to match your convention or comment it out
  • You then Enter the server name and it fetches the Cluster, Host and Server information from VMWare.
  • The script then queries VMware vSphere for the clusters available and puts them in a list for selection.
  • You are then presented with a list of hosts in that cluster to select the destination server to move the virtual server to.
  • Then it allows you to review what you’re going to do before any servers are shutdown, moved, VMware tools upgrade and and final reboot.
  • Sometimes the script gives some errors at the end as it has a hard time determining if the server is back online. Not a big deal and everything works great!

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS