I would like to know how to disable Automatic Updates with PowerShell on a windows machine.
Thanks in advance!
Here's a couple functions to set and get Windows Update configurations
$SCRIPT:AutoUpdateNotificationLevels= #{
0="Not configured";
1="Disabled";
2="Notify before download";
3="Notify before installation";
4="Scheduled installation"
}
$SCRIPT:AutoUpdateDays=#{
0="Every Day";
1="Every Sunday";
2="Every Monday";
3="Every Tuesday";
4="Every Wednesday";
5="Every Thursday";
6="Every Friday";
7="Every Saturday"
}
Function Get-WindowsUpdateConfig
{
$AUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
$AUObj = New-Object -TypeName System.Object
Add-Member -inputObject $AuObj -MemberType NoteProperty -Name "NotificationLevel" `
-Value $AutoUpdateNotificationLevels[$AUSettings.NotificationLevel]
Add-Member -inputObject $AuObj -MemberType NoteProperty -Name "UpdateDays" `
-Value $AutoUpdateDays[$AUSettings.ScheduledInstallationDay]
Add-Member -inputObject $AuObj -MemberType NoteProperty -Name "UpdateHour" `
-Value $AUSettings.ScheduledInstallationTime
Add-Member -inputObject $AuObj -MemberType NoteProperty -Name "Recommended updates" `
-Value $(IF ($AUSettings.IncludeRecommendedUpdates) {"Included"} else {"Excluded"})
$AuObj
}
Function Set-WindowsUpdateConfig
{
Param (
[Parameter()]
[ValidateRange(0,4)]
[int]
$NotificationLevel ,
[Parameter()]
[ValidateRange(0,7)]
[int]
$Day,
[Parameter()]
[ValidateRange(0,24)]
[int]
$hour,
[Parameter()]
[bool]
$IncludeRecommended
)
$AUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
if ($NotificationLevel) {$AUSettings.NotificationLevel =$NotificationLevel}
if ($Day) {$AUSettings.ScheduledInstallationDay =$Day}
if ($hour) {$AUSettings.ScheduledInstallationTime=$hour}
if ($IncludeRecommended) {$AUSettings.IncludeRecommendedUpdates=$IncludeRecommended}
$AUSettings.Save()
}
Here is a link and how to set the registry settings
# http://support.microsoft.com/kb/328010
New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows -Name WindowsUpdate
New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name AU
New-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name NoAutoUpdate -Value 1
you can use CMD command:
sc stop wuauserv
Related
I have app pools on the IIS web server with settings that I have been able to get out in a CSV file but I have a need to change some settings based on that CSV file extracted previously.
How do I configure the settings with powershell scripts without going from server to server? Here is a sneak peak of the script I have written:
$IISInstalled = (Get-WindowsFeature -Name "Web-Server").installed
If ($IISInstalled -ieq $false){
Write-Output "IIS not installed"
exit
}
Import-Module webadministration
$hostname = hostname
$allapppools = (Set-Item IIS:\AppPools\).name
$path = "c:\appsettings\"
if(!(test-path $path))
{
New-Item -ItemType Directory -Force -path $path
}
$allapppools | ForEach-Object($_) {
$apppool=Set-ItemProperty IIS:\AppPools\$_
$obj = New-Object PSObject
$obj | Add-Member Hostname $hostname
$obj | Add-Member AppPoolName $apppool.Name
$obj | Add-Member .NETCLRVer $apppool.ManagedRuntimeVersion
$obj | Add-Member 32-bit $apppool.Enable32BitAppOnWin64
$obj | Add-Member ManagedPipeline $apppool.ManagedPipelineMode
$obj | Add-Member QueueLength $apppool.QueueLength
$obj | Add-Member StartupMode $apppool.StartMode
$obj | Add-Member recycling-periodicRestarttime $apppool -Name recycling.periodicRestart.time -Value '0.23:00:00'
$obj | Add-Member recycling-periodicRestartHours $apppool -Name recycling.periodicRestart.time.Hours -Value '23'
$obj | Add-Member recycling-periodicRestartDays $apppool -Name recycling.periodicRestart.time.Days -Value '0'
$obj | Add-Member recycling-periodicRestartMinutes $apppool -Name recycling.periodicRestart.time.Minutes -Value '0'
$obj | Add-Member recycling-periodicRestartTotalHours $apppool -Name recycling.periodicRestart.time.TotalHours -Value '23'
$obj | Add-Member recycling-periodicRestartTotalMinutes $apppool -Name recycling.periodicRestart.time.TotalMinutes -Value '1380'
$obj | Add-Member recycling-periodicRestartTotalDays $apppool -Name recycling.periodicRestart.time.TotalDays -Value '0.958333'
$obj | Add-Member ItemXPath $apppool.ItemXPath
$obj | Add-Member PSPath $apppool.PSPath
$obj | Add-Member PSParentPath $apppool.PSParentPath
$obj | Add-Member PSChildName $apppool.PSChildName
$obj | Add-Member PSDrive-Root $apppool.PSDrive.Root
$obj | export-csv \\w2-cmn-util02\Reports\app-pool-azure-20210729.csv -NoTypeInformation -append
}
I understand I might have to change the scripts to effect changes on the server but I do not know how this should be done, please I'd need some help. Could someone advice on the working way to make changes on the some pools and not all.
Thanks
Need help with speeding up the script as it is going to be run against 10-20K servers. Currently tested on 4K servers and took almost 6 hours. Tried running it asjob (One parent job and 4000 childjobs, it runs fine and a lot faster but the parent job gets stuck in "running" state forever. It is because one of the childjobs stays in "Notstarted" state. Not sure how to fix that.
######################################################################################
$today = Get-Date
$path = (Get-Location).Path
$path += "\"
$date = Get-Date -uformat "%Y%m%d%H%M"
$Inputfile = $path + "Computers.txt"
$outfile = $path + "Report\" + "Certificate_Report_$date.csv"
$transcript = $path + "Logs\" + "Transcript_$date.log"
Start-Transcript $transcript
$computers = gc $Inputfile
Foreach ($c in $computers){
$cert = Invoke-Command -ComputerName $c -ScriptBlock{Get-ChildItem Cert:\localmachine -Recurse} -ErrorVariable issue -ErrorAction Continue
If ($issue){
$Connection = $Error[0].FullyQualifiedErrorId
$obj1 = New-Object Psobject
$Obj1 | Add-Member -MemberType NoteProperty -Name Server -Value $c
$Obj1 | Add-Member -MemberType NoteProperty -Name Serverconnection -Value $Connection
#$report += $obj1
$obj1 | Export-Csv $outfile -NoTypeInformation -Append -force
}
Else{$Connection = "Success"}
Foreach ($cer in $cert){
if($cer.Thumbprint -ne $null){
$obj = New-Object Psobject
$Obj | Add-Member -MemberType NoteProperty -Name Server -Value $c
$Obj | Add-Member -MemberType NoteProperty -Name Serverconnection -Value $Connection
$Obj | Add-Member -MemberType NoteProperty -Name PsParentpath -Value $Cer.PsParentpath
$Obj | Add-Member -MemberType NoteProperty -Name Subject -Value $Cer.Subject
$Obj | Add-Member -MemberType NoteProperty -Name Thumbprint -Value $Cer.Thumbprint
$Obj | Add-Member -MemberType NoteProperty -Name DnsNamelist -Value $Cer.DNSNamelist
$Obj | Add-Member -MemberType NoteProperty -Name FriendlyName -Value $Cer.FriendlyName
$Obj | Add-Member -MemberType NoteProperty -Name Issuer -Value $Cer.Issuer
$Obj | Add-Member -MemberType NoteProperty -Name Valid_From -Value $Cer.NotBefore
$Obj | Add-Member -MemberType NoteProperty -Name Expiration_Date -Value $Cer.NotAfter
if ($cer.NotAfter -lt $today){
$status = "Expired"
}
Else{$status = "Valid"}
$Obj | Add-Member -MemberType NoteProperty -Name Cert_Status -Value $status
$obj | Export-Csv $outfile -NoTypeInformation -Append
}
}
}
Stop-Transcript
The only obvious optimization that comes to mind (without parallelizing the remote queries) is to avoid | Add-Member and use [pscustomobject] syntax for the result objects:
$today = Get-Date
$date = Get-Date -uformat "%Y%m%d%H%M"
$Inputfile = (Resolve-Path "Computers.txt").Path
$outfile = (Resolve-Path "Report\Certificate_Report_$date.csv").Path
$transcript = (Resolve-Path "Logs\Transcript_$date.log").Path
Start-Transcript $transcript
$computers = gc $Inputfile
Foreach ($c in $computers) {
$cert = Invoke-Command -ComputerName $c -ScriptBlock { Get-ChildItem Cert:\localmachine -Recurse } -ErrorVariable issue -ErrorAction Continue
If ($issue) {
$Connection = $Error[0].FullyQualifiedErrorId
$obj1 = [pscustomobject]#{
Server = $c
Serverconnection = $Connection
} | Export-Csv $outfile -NoTypeInformation -Append -force
}
Else {
$Connection = "Success"
}
Foreach ($cer in $cert) {
if ($null -ne $cer.Thumbprint) {
[pscustomobject]#{
Server = $c
Serverconnection = $Connection
PsParentpath = $Cer.PsParentpath
Subject = $Cer.Subject
Thumbprint = $Cer.Thumbprint
DnsNamelist = $Cer.DNSNamelist
FriendlyName = $Cer.FriendlyName
Issuer = $Cer.Issuer
Valid_From = $Cer.NotBefore
Expiration_Date = $Cer.NotAfter
Cert_Status = if ($cer.NotAfter -lt $today) { "Expired" } else { "Valid" }
} | Export-Csv $outfile -NoTypeInformation -Append
}
}
}
Stop-Transcript
As Lee_Dailey mentions, you might also want to try offloading parallel execution of the remoting commands to Invoke-Command completely, by passing it all the computer names up front:
Invoke-Command -ComputerName $computers -ScriptBlock {Get-ChildItem Cert:\localmachine -Recurse} -ErrorAction Continue |For-EachObject {
# Process the results here
}
If you want help troubleshooting using background jobs, please post the code with which you have problems :)
Script posted in my question took almost 6 hours to do the same thing this modified version does in under 30 mins. Grateful for the help on this post. Final script below:
$today = Get-Date
$date = Get-Date -uformat "%Y%m%d%H%M"
$Inputfile = gc (Resolve-Path "Computers.txt").Path
$outfile = (Resolve-Path "Report\").Path + "Certificate_Report_$date.csv"
$transcript = (Resolve-Path "Logs\").Path + "Transcript_$date.log"
$failed = "Couldn't retrieve Data"
$IC_ScriptBlock = {Get-ChildItem Cert:\localmachine -Recurse}
$IC_Params = #{
ComputerName = $Inputfile
ScriptBlock = $IC_ScriptBlock
ErrorAction = 'SilentlyContinue'
}
$responding = Invoke-Command #IC_Params|ForEach-Object {
if ($null -ne $_.Thumbprint) {
[pscustomobject]#{
Server = $_.pscomputername
PsParentpath = $_.PsParentpath
Subject = $_.Subject
Thumbprint = $_.Thumbprint
DnsNamelist = $_.DNSNamelist
FriendlyName = $_.FriendlyName
Issuer = $_.Issuer
Valid_From = $_.NotBefore
Expiration_Date = $_.NotAfter
Cert_Status = if ($_.NotAfter -lt $today) { "Expired" } else { "Valid" }
} | Export-Csv $outfile -NoTypeInformation -Append
}
}
$not_responding = $Inputfile.Where({
$_ -notin $responding.Pscomputername -and "[$_]" -notin $responding.pscomputername
}).
foreach({
[pscustomobject]#{
Server = $_
PsParentpath = $failed
Subject = $failed
Thumbprint = $failed
DnsNamelist = $failed
FriendlyName = $failed
Issuer = $failed
Valid_From = $failed
Expiration_Date = $failed
Cert_Status = "NA"
} | Export-Csv $outfile -Append -NoTypeInformation
})
I am very new to using powershell and trying to execute a script that scans the entire network for all .mdb and .accdb files, for example, and generates a spreadsheet containing the data on them that I process elsewhere.
I put the sensistive data that I didnt want to provide in ()s
Here is my code:
#single threaded
import-module activedirectory
$arr = #()
$computers = Get-ADComputer -filter 'name -like "(employee computers)*"' | Select -Exp Name
foreach ($computer in $computers) {
Write-Host "Scanning" $computer "..."
gci \\$computer\c$\* -Include *.mdb, *.accdb -Recurse | ? {$_.PSIsContainer -eq $False} | % {
$obj = New-Object PSObject
$obj | Add-Member NoteProperty Directory $_.DirectoryName
$obj | Add-Member NoteProperty Name $_.Name
$obj | Add-Member NoteProperty FullName $_.FullName
$obj | Add-Member NoteProperty Size $_.Length
$obj | Add-Member NoteProperty CreationTime $_.CreationTime
$obj | Add-Member NoteProperty LastWriteTime $_.LastWriteTime
$arr += $obj
Write-Host "Scanning..."
}}
$arr | Export-CSV -notypeinformation '(path)\EmployeeDBs.csv'
This has been working pretty well so far, but for certain machines and/or directories on some machines I am receiving the following error messages:
Get-ChildItem : The specified network name is no longer available
[Get-ChildItem], IOException
+ FullyQualifiedErrorId : DirIOError,Microsoft.PowerShell.Commands.GetChildItemCommand
and
Get-ChildItem : An object at the specified path \\(employee computer)\c$ does not exist.
[Get-ChildItem], IOException
+ FullyQualifiedErrorId : ItemDoesNotExist,Microsoft.PowerShell.Commands.GetChildItemCommand
I have been googling around but havent had much luck in understanding these error messages. Would somebody be able to explain what the issues are?
I am thinking (hoping) that they are permissions problems because I am testing the scripts on my personal machine before I run them from the admin machine
Any insight is greatly appreciated!
EDIT: below is my edited code for asynchronous execution:
import-module activedirectory
$computers = Get-ADComputer -filter 'name -like "wa-150*"' | Select -Exp Name
Get-job | Remove-Job -Force
Remove-Item -path (path)\EmployeeDBs.txt
foreach ($computer in $computers) {
$scriptBlock = {gci \\$($args[0])\c$\Users\z*\Desktop\* -Include *.mdb, *.accdb -Recurse | ? {$_.PSIsContainer -eq $False} | % {
$obj = New-Object PSObject
$obj | Add-Member NoteProperty Directory $_.DirectoryName
$obj | Add-Member NoteProperty Name $_.Name
$obj | Add-Member NoteProperty Size $_.Length
$obj | Add-Member NoteProperty CreationTime $_.CreationTime
$obj | Add-Member NoteProperty LastWriteTime $_.LastWriteTime
Write-Output -InputObject $obj
}
}
while ((Get-Job -State Running).Count -ge 20) {
Write-Host "Full - Waiting ... "
Start-Sleep -Seconds 5;
}
Start-Job -name $computer -ScriptBlock $scriptBlock -ArgumentList $computer
#Invoke-Command -ScriptBlock $scriptBlock -ArgumentList $computer
}
Get-Job | Wait-Job | Receive-Job | Out-File -Append -FilePath '(path)\EmployeeDBs.txt'
Write-Host "Done"
when calling the function below, it doesn't display output on "Windows PowerShell console" but on "Windows Powershell ISE" can.
Function DNSSearchOrders{
$Computer = $env:computername
$Networks = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Computer
$DNSServers = $Networks.DNSServerSearchOrder
$NetworkName = $Networks.Description
$PrimaryDNSServer = $DNSServers[0]
$SecondaryDNSServer = $DNSServers[1]
$TertiaryDNSServer = $DNSServers[2]
$OutputObj = #()
$NewObj = New-Object -Type PSObject
$NewObj | Add-Member -MemberType NoteProperty -Name Domain -Value $Computer.ToUpper()
$NewObj | Add-Member -MemberType NoteProperty -Name PrimaryDNSServers -Value $PrimaryDNSServer
$NewObj | Add-Member -MemberType NoteProperty -Name SecondaryDNSServers -Value $SecondaryDNSServer
$NewObj | Add-Member -MemberType NoteProperty -Name TertiaryDNSServers -Value $TertiaryDNSServer
$OutputObj += $NewObj
$NewObj = New-Object -Type PSObject
$NewObj | Add-Member -MemberType NoteProperty -Name Domain -Value contoso.com
$NewObj | Add-Member -MemberType NoteProperty -Name PrimaryDNSServers -Value 111.111.88.88
$NewObj | Add-Member -MemberType NoteProperty -Name SecondaryDNSServers -Value 222.333.444.88
$NewObj| Add-Member -MemberType NoteProperty -Name TertiaryDNSServers -Value "DC IP Address"
$OutputObj += $NewObj
$OutputObj
}
DNSSearchOrders
I've got 2 Scheduled Tasks in Windows: StartAppPool and StopAppPool.
In StartAppPool I've got only 1 job trigger. In StopAppPool I've got 2 job triggers.
I'm trying to create a script that can display the status of my Scheduled Tasks and related properties.
Write-Host "9. Checking Task Scheduler Execution Status...." -BackgroundColor DarkCyan
$taskService = New-Object -ComObject "Schedule.Service"
$taskService.Connect($env:COMPUTERNAME)
$rootTaskFolder = $taskService.GetFolder('\')
$tasks = $rootTaskFolder.GetTasks(1) | Where-Object { $_.Name -in 'StopAppPool','StartAppPool' }
$TaskArray = #()
ForEach ( $task in $tasks ) {
$object = New-Object -TypeName PSObject
$object | Add-Member -Name 'Name' -MemberType Noteproperty -Value $task.Name
$object | Add-Member -Name 'TaskEnabled' -MemberType Noteproperty -Value $task.Enabled
$object | Add-Member -Name 'LastRunTime' -MemberType Noteproperty -Value $task.LastRunTime
$object | Add-Member -Name 'NextRunTime' -MemberType Noteproperty -Value $task.NextRunTime
$TaskXMLObject = [xml]$task.Xml
$CalendarTriggers = $TaskXMLObject.Task.Triggers.CalendarTrigger
$TaskTriggerArray = #()
ForEach ($CalendarTrigger in $CalendarTriggers) {
$object2 = New-Object -TypeName PSObject
$object2 | Add-Member -Name 'StartBoundary' -MemberType Noteproperty -Value ( Get-Date $CalendarTrigger.StartBoundary.Replace('T',' ') -Format "dd/MM/yyyy hh:mm:ss tt" )
$object2 | Add-Member -Name 'Enabled' -MemberType Noteproperty -Value $CalendarTrigger.Enabled
$DaysOfWeek = ( $CalendarTrigger.ScheduleByWeek.DaysOfWeek | Get-Member -MemberType Property | Select -ExpandProperty Name) | ForEach-Object -Process { [enum]::parse([System.DayOfWeek],$_ ) } | Sort-Object #parsing the values into an enum will allow the objects to be sorted by day instead of alphabetical order
$object2 | Add-Member -Name 'DaysOfWeek' -MemberType Noteproperty -Value ( $DaysOfWeek -join ', ' )
$TaskTriggerArray += $object2
}
$object | Add-Member -Name 'StartBoundary' -MemberType NoteProperty -Value ($TaskTriggerArray.StartBoundary | Out-String )
$object | Add-Member -Name 'TriggerEnabled' -MemberType Noteproperty -Value ($TaskTriggerArray.Enabled | Out-String )
$object | Add-Member -Name 'DaysOfWeek' -MemberType Noteproperty -Value ($TaskTriggerArray.DaysOfWeek | Out-String )
$TaskArray += $object
}
$TaskArray | Format-Table Name, TaskEnabled, LastRunTime, NextRunTime, #{Label='StartBoundary';Expression={(($_.StartBoundary )}}, TriggerEnabled, DaysOfWeek -Wrap
Unfortunately, the "StartBoundary" column seems to append extra spaces behind and I couldn't figure how how to fix that. Here's the sample output
Name TaskEnabled LastRunTime NextRunTime StartBoundary TriggerEnabled DaysOfWeek
---- ----------- ----------- ----------- ------------- -------------- ----------
StartAppPool True 10/2/2017 6:00:00 AM 11/2/2017 6:00:00 AM 29/09/2016 06:00:00 AM true Monday, Tuesday, Wednesday, Thursday, Friday, Saturday
StopAppPool True 10/2/2017 5:10:01 AM 11/2/2017 5:10:00 AM 29/09/2016 05:10:00 AM true Tuesday, Wednesday, Thursday, Friday, Saturday
05/11/2016 10:00:00 AM true Saturday
Anyone has an idea how I can fix that?
Try to use Trim method, like this:
$_.StartBoundary.ToString().Trim()
You can also try to add -AutoSize switch for Format-Table cmdlet