Skript | IT-Yogi

Quickly set new DNS servers on a certain subnet

November 6, 2013 by Lars Gustavsson Leave a Comment

A customer wanted to change and validate the DNS configuration on a subnet so I created this script.

# Script that replaces or sets a random set of DNS servers on every networkadapter with a certain default gateway.
# Version 1.0
# Created by: Lars Gustavsson Knowledge Factory

# Creates two variables to randomly select between.
$0 = "10.0.10.10,10.0.10.11"
$1 = "10.0.10.11,10.0.10.10"

#Getting the IP configuration on all interfaces with a manually configured gateway.
$Interfaces = Get-NetIPConfiguration | Where-Object {$_.IPv4DefaultGateway.NextHop -eq "10.0.10.254" -and $_.IPv4Address.PrefixOrigin -eq "manual"}

#Looping through all the interfaces and setting the DNS servers.
foreach ($interface in $interfaces){
$DNS = Get-Random -InputObject $0, $1
Set-DnsClientServerAddress -InterfaceAlias $interface.InterfaceAlias -ServerAddresses $DNS
}

# Script that replaces or sets a random set of DNS servers on every networkadapter with a certain default gateway.

# Version 1.0

# Created by: Lars Gustavsson Knowledge Factory

# Creates two variables to randomly select between.

$0 = "10.0.10.10,10.0.10.11"

$1 = "10.0.10.11,10.0.10.10"

#Getting the IP configuration on all interfaces with a manually configured gateway.

$Interfaces = Get-NetIPConfiguration | Where-Object {$_.IPv4DefaultGateway.NextHop -eq "10.0.10.254" -and $_.IPv4Address.PrefixOrigin -eq "manual"}

#Looping through all the interfaces and setting the DNS servers.

foreach ($interface in $interfaces){

$DNS = Get-Random -InputObject $0, $1

Set-DnsClientServerAddress -InterfaceAlias $interface.InterfaceAlias -ServerAddresses $DNS

}

Automatiskt skapa websiter från CSV-fil

October 16, 2013 by Lars Gustavsson 2 Comments

Följande script använder en specifierad CSV-fil som indata för att skapa upp kataloger, apppooler, samt identitet på appoolen och hostheaders.

# Script that setups several websites with apppools and directories from a configuration stored in a csv file.
# Created by: Lars Gustavsson 
# Version: 1.1
# Changelog: 1.0 Created.
#            1.1 Added creation of hostheaders and some handling of empty values in CSV. 
#
# Instructions:
# If you are running the script manually, copy all the files and subfolders to c:\temp and set the current directory to c:\temp. 
# Make sure to set the execution policy to unrestricted with "set-execution policy unrestricted"
# Editing of local policy is done with a function done by Kyle Neier http://www.sqlservercentral.com/blogs/kyle-neier/2012/03/27/powershell-adding-accounts-to-local-security-policy/

#Setting variables

#Path to CSV-File.
$ACLfolder = "Folders.csv"

#Importing the module for IIS administration.
Import-Module webadministration

#Importing function for editing local policy
. .\SetLocalPrivilege.ps1

#Creating an object with the content of the CSV-file.
$CreateConfig = import-csv $ACLfolder

#Looping through each line in the CSV-file.
ForEach ($item in $CreateConfig){
#Creating the folder specified.
if ( ![string]::IsNullOrEmpty($item.FullName)){
New-Item $item.FullName -type Directory
}

#Creating the Application Pool and IIS-Website
if ( ![string]::IsNullOrEmpty($item.AppPool)){
$apppool = "IIS:\\AppPools\" + $item.AppPool
New-Item $apppool
New-Item $item.VirtualDirectory -bindings $item.Binding -physicalPath $item.FullName
#Modifying the site to use the Application Pool
Set-ItemProperty $item.VirtualDirectory -name applicationPool -value $item.AppPool

#Checking if the Application Pool should be run with a user account or with Application Pool Identity
if($item.AuthType -eq "User"){

#Giving the user the right to start services
Add-LoginToLocalPrivilege $item.UserName "SeServiceLogonRight"

#Setting the Application Pool Identity and Settings
$ChangeAppPoolUser = Get-item $apppool

$ChangeAppPoolUser.processmodel.identityType = 3
$ChangeAppPoolUser.processmodel.username = $item.Username
$ChangeAppPoolUser.processmodel.password = $item.AppPoolPassword
$ChangeAppPoolUser.processmodel.loadUserProfile = "True"
$ChangeAppPoolUser | set-item
}
else {
Set-ItemProperty -Path $apppool -Name processmodel.identityType -Value 4
}
}
#Giving the application pool user modify rights to the folders.
if ( ![string]::IsNullOrEmpty($item.FullName)){
$acl = Get-Acl $item.FullName
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($item.UserName, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl $item.FullName $acl
}

#Add more host headers to Website if specified in CSV
if ( ![string]::IsNullOrEmpty($item.HostHeader)){

$hostheader = $item.HostHeader
$binding = @{protocol="http";bindingInformation="*:80:$hostheader"}
New-ItemProperty $item.VirtualDirectory -Name Bindings -Value $binding
}

}

# Script that setups several websites with apppools and directories from a configuration stored in a csv file.

# Created by: Lars Gustavsson

# Version: 1.1

# Changelog: 1.0 Created.

# 1.1 Added creation of hostheaders and some handling of empty values in CSV.

# Instructions:

# If you are running the script manually, copy all the files and subfolders to c:\temp and set the current directory to c:\temp.

# Make sure to set the execution policy to unrestricted with "set-execution policy unrestricted"

# Editing of local policy is done with a function done by Kyle Neier http://www.sqlservercentral.com/blogs/kyle-neier/2012/03/27/powershell-adding-accounts-to-local-security-policy/

#Setting variables

#Path to CSV-File.

$ACLfolder = "Folders.csv"

#Importing the module for IIS administration.

Import-Module webadministration

#Importing function for editing local policy

. .\SetLocalPrivilege.ps1

#Creating an object with the content of the CSV-file.

$CreateConfig = import-csv $ACLfolder

#Looping through each line in the CSV-file.

ForEach ($item in $CreateConfig){

#Creating the folder specified.

if ( ![string]::IsNullOrEmpty($item.FullName)){

New-Item $item.FullName -type Directory

}

#Creating the Application Pool and IIS-Website

if ( ![string]::IsNullOrEmpty($item.AppPool)){

$apppool = "IIS:\\AppPools\" + $item.AppPool

New-Item $apppool

New-Item $item.VirtualDirectory -bindings $item.Binding -physicalPath $item.FullName

#Modifying the site to use the Application Pool

Set-ItemProperty $item.VirtualDirectory -name applicationPool -value $item.AppPool

#Checking if the Application Pool should be run with a user account or with Application Pool Identity

if($item.AuthType -eq "User"){

#Giving the user the right to start services

Add-LoginToLocalPrivilege $item.UserName "SeServiceLogonRight"

#Setting the Application Pool Identity and Settings

$ChangeAppPoolUser = Get-item $apppool

$ChangeAppPoolUser.processmodel.identityType = 3

$ChangeAppPoolUser.processmodel.username = $item.Username

$ChangeAppPoolUser.processmodel.password = $item.AppPoolPassword

$ChangeAppPoolUser.processmodel.loadUserProfile = "True"

$ChangeAppPoolUser | set-item

}

else {

Set-ItemProperty -Path $apppool -Name processmodel.identityType -Value 4

}

#Giving the application pool user modify rights to the folders.

if ( ![string]::IsNullOrEmpty($item.FullName)){

$acl = Get-Acl $item.FullName

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($item.UserName, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")

$acl.AddAccessRule($rule)

Set-Acl $item.FullName $acl

}

#Add more host headers to Website if specified in CSV

if ( ![string]::IsNullOrEmpty($item.HostHeader)){

$hostheader = $item.HostHeader

$binding = @{protocol="http";bindingInformation="*:80:$hostheader"}

New-ItemProperty $item.VirtualDirectory -Name Bindings -Value $binding

}

Skapa en CSV fil enligt följande exempel:

“FullName”,”UserName”,”AppPool”,”VirtualDirectory”,”Binding”,”AuthType”,”AppPoolPassword”,”HostHeader”

“C:\Site1″,”DOMAIN\AppPoolUser”,”Site1″,”IIS:\Sites\Site1″,”@{protocol=”http”;bindingInformation=”*:80:hostheader.domain.suffix”},”User”,”Password” “E:\Site2″,”DOMAIN\AppPoolUser2″,”Site2″,”IIS:\Sites\Site2″,”@{protocol=”http”;bindingInformation=”*:80:”},”Identity” “E:\Logdirectory”,”DOMAIN\AppPoolUser2″ “”,””,””,”IIS:\Sites\Site2″,””,””,””,”another.hostheader.com”

För att skriptet ska fungera behöver du scriptet SetLocalPrivilege från Kyle Neier

Ändra rad 101 från:

[ValidateSet(“SeManageVolumePrivilege”, “SeLockMemoryPrivilege”)

till:

[ValidateSet(“SeManageVolumePrivilege”, “SeLockMemoryPrivilege”,”SeServiceLogonRight”)]

Tack Oscar Virot för lite hjälp med variabelhanteringen.

Automatiskt maila användare vars certifikat håller på att gå ut.

October 7, 2013 by Lars Gustavsson Leave a Comment

# Script that mails users whos certificate is about to expire.
# Created by: Lars Gustavsson
# Version: 1.0
# Changelog: 1.0 Created
# 
# Instructions:
# Change the varibles for days when the certificate expires, the certificate server to use and the certificate template to filter by. 
# Make sure to set the execution policy to unrestricted with "set-execution policy unrestricted"

#Importes the PSPKI Module, it needs to be installed first, download from http://pspki.codeplex.com/releases/view/110129
import-module PSPKI

$Template = "SmartCard"
$CAServer = "caserver.domain.suffix"
#Days which to search for expired certificates in.
$Days = "14"
$MailFrom = "IT-Servicedesk@domain.suffix"
$SMTP = "smtp.domain.suffix"
$Subject = '"Your smartcard certificate is about to expire"'

$UserRcpts = Get-CertificationAuthority $CAServer | Get-IssuedRequest -Property CertificateTemplate,UPN -Filter "NotAfter -ge $(Get-Date)", "NotAfter -le $((Get-Date).AddDays($Days))","CertificateTemplate -eq $Template"

ForEach ($User in $UserRcpts) {

$MailRcpt = $User.UPN
$date = $MailRcpt.NotAfter
$MailBody = '"Your smartcard expires ' + $date + ', please contact IT-Servicedesk to renew! You need your smartcard to your computer."'

#Looks up the users email in Active Directory.
$Mail = Get-ADUser -filter {(UserPrincipalName -eq $MailRcpt)} -Properties Mail

#Checking that a mail was found before sending.
if ($Mail.Mail -ne $Null)
{
Write-host "Send-MailMessage -To" $Mail.Mail "-Body $MailBody -From $MailFrom -Subject $Subject -SmtpServer $SMTP"
}
}

# Script that mails users whos certificate is about to expire.

# Created by: Lars Gustavsson

# Version: 1.0

# Changelog: 1.0 Created

# Instructions:

# Change the varibles for days when the certificate expires, the certificate server to use and the certificate template to filter by.

# Make sure to set the execution policy to unrestricted with "set-execution policy unrestricted"

#Importes the PSPKI Module, it needs to be installed first, download from http://pspki.codeplex.com/releases/view/110129

import-module PSPKI

$Template = "SmartCard"

$CAServer = "caserver.domain.suffix"

#Days which to search for expired certificates in.

$Days = "14"

$MailFrom = "IT-Servicedesk@domain.suffix"

$SMTP = "smtp.domain.suffix"

$Subject = '"Your smartcard certificate is about to expire"'

$UserRcpts = Get-CertificationAuthority $CAServer | Get-IssuedRequest -Property CertificateTemplate,UPN -Filter "NotAfter -ge $(Get-Date)", "NotAfter -le $((Get-Date).AddDays($Days))","CertificateTemplate -eq $Template"

ForEach ($User in $UserRcpts) {

$MailRcpt = $User.UPN

$date = $MailRcpt.NotAfter

$MailBody = '"Your smartcard expires ' + $date + ', please contact IT-Servicedesk to renew! You need your smartcard to your computer."'

#Looks up the users email in Active Directory.

$Mail = Get-ADUser -filter {(UserPrincipalName -eq $MailRcpt)} -Properties Mail

#Checking that a mail was found before sending.

if ($Mail.Mail -ne $Null)

{

Write-host "Send-MailMessage -To" $Mail.Mail "-Body $MailBody -From $MailFrom -Subject $Subject -SmtpServer $SMTP"

}

Skriptet bygger på att du har modulen PSPKI installerad från http://pspki.codeplex.com/releases/view/110129