Add-ClusterResource Generic Service Policy - windows

Im creating a windows generic service through power shell and my command is below
Add-ClusterResource -Name "FileImport" -Group "SQLINST1" -ResourceType "Generic Service" | Set-ClusterParameter -Name ServiceName -Value "FileImport"
Start-ClusterResource "FileImport"
This works but i also want to set the policies option . So i want to have the checkbox "if restart is unsuccessful, fail over all resources in this service or application". Is this possible through powershell and can someone help with the missing syntax please.

I found a way to do this in powershell. Please see code below which worked
Get-ClusterResource "FileImport"| % { $_.RestartAction="1"}

I am afraid, you will not find an easy way for that. I use the deprecated old cluster.exe to perform things like that:
cluster.exe /cluster:cluster000 res Resname /prop
cluster.exe /cluster:cluster000 res Resname /priv
Here you can easily set all the parameters you want.

Related

Trying to back up my Bitlocker Key to ADDS Through Script

I'm trying to automatize the process of storing BitLocker Keys to ADDS.
I wanna be able to run the following script at logon, in order to do that, as the OS is deployed through WDS which already encrypts the drive:
$BitVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive
$RecoveryKey = $BitVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }
Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID
BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID
I always get access denied as this has to run as admin...
Is there any command I can use prior the code to run it as admin?
I've googled but I found no useful info to actually do this...
As for the access denied part... as was already sated, you need to start your PowerShell session as an admin. However, as a point of note about your code, you are only targeting the system/os volume... which may not be the only volume that's encrypted. If you want to programmatically backup all of the encrypted volumes, may I suggest one of the two following options...
One-liner:
Get-BitLockerVolume | where {$_.VolumeStatus -like "FullyEncrypted"} | foreach {foreach($Key in $_.KeyProtector){if($Key -like "RecoveryPassword"){Backup-BitLockerKeyProtector -MountPoint $_.mountpoint -KeyProtectorId $key.KeyProtectorId}}}
Or, if you prefer something a little bit easier to read...
Script Block:
foreach ($BLV in Get-BitLockerVolume){
if ($BLV.VolumeStatus -like "FullyEncrypted"){
foreach ($Key in $BLV.KeyProtector) {
if ($Key -like "RecoveryPassword") {
Backup-BitLockerKeyProtector -MountPoint $BLV.MountPoint -KeyProtectorId $Key.KeyProtectorId
}#if
}#foreach
}#if
}#foreach
Neither is super eloquent... but, with this method it will grab all of the encrypted volumes on the system and add them to AD. You would need to modify the code slightly to add the AAD backup option you cited of course.
P.S. I'm only responding because I recently had to solve this problem of multi-volume backups as a one-liner solution and figured I would share it since your post was a top search result when I looked for a pre-canned solution. Cheers! :)

Issue with Set-CMTaskSequenceDeployment

Seems that New-CMTaskSequenceDeployment / Set-CMTaskSequenceDeployment cmdlet option -DeploymentOption does not work as expected.
I'm trying to automate a Task Sequence Deployment via Powershell. I use New-CMTaskSequenceDeployment cmdlet to create the deployment. The content of the TS should be downloaded before the start of the TS.
Works ok, but the -DeploymentOption DownloadAllContentLocallyBeforeStartingTaskSequence seems not to have any effect, when I check the deployment after the script ran, the option "pre-download content for this task sequence" isn't checked.
Same issue when I try Set-CMTaskSequenceDeployment.
Any hint from the community what I'm doing wrong?
...
# Create deployment for all waves now
foreach ($StrCollectionName in $ArrCollectionName)
{
$SchedulePhase2 = New-CMSchedule -Nonrecurring -Start $DateScheduleStartPhase2
Try {
$Deployment = New-CMTaskSequenceDeployment -CollectionName $StrCollectionName -TaskSequencePackageId $StrTaskSequenceID -DeployPurpose Required -AvailableDateTime $DateAvailablePhase1 -DeploymentOption DownloadAllContentLocallyBeforeStartingTaskSequence -SoftwareInstallation $False -SystemRestart $False -Schedule $SchedulePhase2 -RerunBehavior RerunIfFailedPreviousAttempt -AllowUsersRunIndependently $True -SendWakeUpPacket $True
Write-Host "Success - Deployment $Deployment created!"
}
Catch {
Write-Host "Error - Exception caught in creating deployment : $error[0]"
Exit
}
}
...
Looks like unfortunately (and unexpected) the pre-download behavior is different for package/program deployment and task sequence deployment.
In case of a package/program deployment the content download will start after start time in case the deployment has a mandatory time defined.
A TS deployment behaves different. It will start download when mandatory time (schedule) has been reached. Start time will be ignored.
This difference is independently from how the deployment has been started (Console or powershell cmdlet) therefore it is not an issue of the cmdlet.
First of all, you can check the picture below to make sure not to confuse these two options.
Difference between Preload content checkbox and Download all content locally before starting TS
Once done Here is my proposition :
Just by clicking, try to retrieve the property of you TSDeployment before and after you clicked the checkbox. You will see that one property changed. AdvertFlags
PS MUZ:\> (Get-CMTaskSequenceDeployment -DeploymentID MUZ200C5).AdvertFlags
[Convert]::ToString((Get-CMTaskSequenceDeployment -DeploymentID MUZ200C5).AdvertFlags,2)
Output :
34275328
10000010110000000000000000
From there, you can read from the MS doc : https://learn.microsoft.com/en-us/configmgr/develop/reference/core/servers/configure/sms_advertisement-server-wmi-class
From this, I learn that I need to change the 12th bit like this :
$advertflag = Get-CMTaskSequenceDeployment -DeploymentID MUZ200C5
$advertflag.AdvertFlags = $advertflag.AdvertFlags -bor "0x00001000"
$advertflag.put()
I hope it will help someone someday :)

How to enable FSRM quota with PowerShell

To disable FSRM quota with PowerShell is command below.
Set-FsrmQuota D:\test -Disabled
Please tell me how to enable with PowerShell.
Best regards,
I think you know how to open PowerShell. The command you gave is quite similar, but if you add "-Disabled" you basically just set a switch to tell the template to be disabled. You could use the switch in case you want to set a certain template, but do not want to have it enabled yet. Or just to disable it. To enable, first check the exact name of the template.
Run:
Get-FsrmQuotaTemplate
After that use the command Gert Jan gave you, with the exact name of the template you choose from the previous command, and run it:
Reset-FsrmQuota -Path "D:\Test" -Template "5 GB Limit"
Please note that "5 GB Limit" is the exact template name found with
the first command.
Now the template is set for the folder you chose.
If you want to set on a series of Homefolders for instance, you could do something like.
$homefolders = Get-ChildItem -Path "D:\home"
foreach($folder in $homefolders){
Reset-FsrmQuota -Path "D:\Test\$($folder.name)" -Template "5 GB Limit"
}
I hope this helps!

SCCM 2012 OSD Task Sequence - Rename computer with Service Tag

I am planning to deploy Windows 10 using SCCM 2012. It is working fine, and now I just want to rename the computer to be same as its DELL service tag, and make it as part of Task Sequence. I would ideally like to use Powershell script to do so, however happy to use VBS as well, in case it isn't easy enough with PS.
Following is the Powershell script that does the job, however I can't add it as part of Task Sequence!
$sTag = Get-WmiObject -Class win32_BIOS | Select SerialNumber
$cName = 'DESKTOP' + $sTag.SerialNumber
Rename-Computer -NewName $cName
Can someone please assist?
Thanks in advance.
I think you would be better off not renaming the computer after it is already present in sccm and ad but give it a proper name before it is joined (assuming you use unknown computer support for the osd here)
In this case you should set the SCCM Variable OSDCOmputerName already within the WinPE phase like this (you can find more detailed examples e.g. here):
$sTag = Get-WmiObject -Class win32_BIOS | Select SerialNumber
$OSDComputerName = 'DESKTOP' + $sTag.SerialNumber
$TSEnv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$TSEnv.Value("OSDComputerName") = $OSDComputerName
If you want to use powershell in PE you will have to modify your boot image (Right click --> Properties --> Optional Components) to include "Windows PowerShell"

How to use the log parser in Windows PowerShell by using for each loops to query the logs from multiple exchange servers?

I would like to use the below mentioned command in windows powershell by using the for each loops. Please let me know if you have any ideas on this query.
As I have little bit idea to input multiple values for the FROM parameter as because I need to search logs from the different servers from the given location.
I would like to feed the values for FROM filed like below but I don't have an complete idea to create the entire PowerShell script structure.
\\server1\d$\Program Files\Microsoft\Exchange\V15\Logging\HttpProxy\Mapi\*.*
\\server2\d$\Program Files\Microsoft\Exchange\V15\Logging\HttpProxy\Mapi\*.*
Command I created for individual server:
LogParser.exe "
SELECT DateTime,AuthenticatedUser,UserAgent
FROM 'd:\Program Files\Microsoft\Exchange\V15\Logging\HttpProxy\Mapi\*.*'
WHERE AuthenticatedUser LIKE '%user1%'
AND UserAgent LIKE '%Microsoft Office%'" -i:CSV -o:csv > "C:\Log parser\server1\1.csv"
Assuming you have access to the administrative shares on the remote servers you could do something like this:
$servers = 'server1', 'server2', ...
$servers | ForEach-Object {
LogParser.exe -i:csv -o:csv -q "SELECT DateTime,AuthenticatedUser,UserAgent
FROM '\\${_}\D$\Program Files\Microsoft\Exchange\V15\Logging\HttpProxy\Mapi\*.*'
WHERE AuthenticatedUser LIKE '%user1%'
AND UserAgent LIKE '%Microsoft Office%'" |
Out-File "C:\Log parser\${_}.csv"
}

Resources