Bhargav's IT Playground

Passion for Technology. Power of Messaging.

Archive for category PowerShell

How to convert a word document to other formats using PowerShell

Jul 28

Posted by Bhargav in PowerShell | No Comments

I recently borrowed a Sony Reader Touch Edition from someone I know to try it out. As I started using Sony’s own library manager, I quickly got bored. I then tried open source Calibre which turned out to be a lot better interface but had a major flaw when it comes to supporting Sony Reader: It didn’t support importing word documents in the library despite of Sont Reader’s capability to read it. It can however import filtered html files which work can produce. Given my lazy nature, I did not want to convert a bunch of word documents I have by hand so I set out to write a PowerShell script to do the work for me.

The script turned out to be much simpler than I thought. Here it is for everyone’s benefit.

param([string]$docpath,[string]$htmlpath = $docpath)

$srcfiles = Get-ChildItem $docPath -filter "*.doc"
$saveFormat = [Enum]::Parse([Microsoft.Office.Interop.Word.WdSaveFormat], "wdFormatFilteredHTML");
$word = new-object -comobject word.application
$word.Visible = $False

function saveas-filteredhtml
	{
		$opendoc = $word.documents.open($doc.FullName);
		$opendoc.saveas([ref]"$htmlpath\$doc.fullname.html", [ref]$saveFormat);
		$opendoc.close();
	}

ForEach ($doc in $srcfiles)
	{
		Write-Host "Processing :" $doc.FullName
		saveas-filteredhtml
		$doc = $null
	}

$word.quit();

Save this code to convertdoc-tohtml.ps1 and you can run it on a set of word documents regardless of doc or docx extension. Also for efficiency I am using –filter in Get-ChildItem instead of piping to where-object or using If statement in the script. Why? Because it says right in the help:

“Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved.”

To run the script, you simple need to point it to a folder where your source document files are and provide output folder if you wish. If not provided, source folder will also be used as output folder. Here’s how you can run it:

convertdoc-tohtml.ps1 -docpath "C:\Documents" -htmlpath "C:\Output"

If you want to know how the script can be transformed to save as different format, refer to wdSaveFormat Enumeration members on MSDN.

Originally posted at http://blogs.technet.com/bshukla

  • Share/Bookmark
Print

Deceiving scopes of variables in a function

Jul 7

Posted by Bhargav in PowerShell | No Comments

I was recently troubleshooting a script when I came across a problem where a variable with defined scope was not retaining its value even though scope seemed correct. Let’s look at simplified example below:

Function Global:Name-ofaFunction
{
$Global:VariableinQuestion = $null
$VariableinQuestion = "Value"
$VariableinQuestion
}

Name-ofaFunction
$VariableinQuestion

The function “Name-ofaFunction” when called, creates a variable with global scope and sets its value to null. Next, it sets the value of a variable and prints current value to host. Part of the script, I am also calling variable after running the function. This helps me verify the value.

When you run this script, however, you will notice that it prints current value (“Value”) of the variable only once.

If you debug the code, you will notice that the variable is set to null when exiting the function! Interesting why that is happening when you have defined the variable scope to be global in line 3!!!

So let’s try this code.

Function Global:Name-ofaFunction
{
#$Global:VariableinQuestion = $null
$global:VariableinQuestion = "Value"
$VariableinQuestion
}

Name-ofaFunction
$VariableinQuestion

If you notice the difference, I have commented out line 3. Also, in line 4, I have added global scope to the variable. If you run this code, you will get the value of the variable printed to the host twice. Once inside the function and second time after the function!

How did that happen? The code doesn’t look much different. Only difference is where I define global scope. Why should that matter? Let me explain.

Although I am not sure if it is a feature or a bug, it seems PowerShell is resetting variable scope to local in line 4 in first example. Because it resets the scope to local, the variable loses its value and is set to null when exiting the function. This is because the variable is created inside the function and is scoped as local for the function. This is fixed in second example by defining it as global right where I am setting its value.

As you can imagine, there are many uses of setting correct scope of the variable. i.e. You may want to use the value returned by the function in another function. When you set the scope properly, the values are retained in appropriate scopes which can be used by other piece of code like functions of cmdlets run on host.

For more information on scope, you can read my previous blog post “PowerShell Variables and Scopes” and TechNet article “about_Scopes”.

Originally posted at http://blogs.technet.com/bshukla

  • Share/Bookmark
Print

Script to configure static ports on Exchange Server 2010

May 19

Posted by Bhargav in Exchange 2010, PowerShell | 13 Comments

If you are planning to implement or are implementing Exchange Server 2010, you may have already noticed that with new changes introduced in this version we highly recommend that you load balance your CAS servers using hardware load balancer. The client connections are not mediated through RPC Client Access service on CAS and that’s why load balancing CAS is very important.

Now if you know how Outlook clients work with Exchange RPC/MAPI, you may as well be aware that it uses random high ports for connection to the Exchange servers. This may not work well when you try to configure your hardware load balancer device. There are many other reasons why you may decide that you would rather use a static port or two for services that need it. It also makes it easy to configure network devices to work with few ports than a whole upper range of high ports.

To that matter, TechNet article “Load Balancing Requirements of Exchange Protocols” has done a great job documenting how you can configure static ports on CAS and Mailbox servers. Henrik Walther has also provided some more details on TechNet wiki article “Configuring Static RPC Ports on an Exchange 2010 Client Access Server”.

Now only if you had the script to do it all for you so you can enjoy doing other things that may be more important or interesting to you… :)

Well, that’s why I have created this script… just for YOU!

So, how do I run the script?

There are few ways you can run it. One is to just call the script with your server name.

& 'c:\scripts\Set-StaticPorts.ps1' -Server Server1

This will change RPC and Address Book ports on the server you specify.

If you want to change many servers, store your servers in a variable and pipe it. Use whichever method works for you to create the array variable with servers you need. One example is to use text file containing one server per line:

$Servers = Get-Content c:\scripts\servers.txt
$Servers | Foreach {& 'c:\scripts\Set-StaticPorts.ps1' -Server $_}

The script can be run remotely as long as you have proper permissions on the server to change registry and exchange configuration files.

So far, in examples above, we did not specify which ports to use for each service. The script accommodates for this by having default values 7575 and 7576 for RPC Service and Address Book Service respectively. But what if you want to specify your own ports? Run:

& 'c:\scripts\Set-StaticPorts.ps1' -Server Server1 -rpcport "50000" -abport "50001"

This will allow you to define your own ports. Just ensure you are not using well known ports or ports in use by other services in your environment to avoid any conflict or confusion.

The script is noisy as you may notice when you run it. It is intentional. It will prompt for your confirmation when changing ports if they are already changed before. It will ask for confirmation before restarting services. Now you may say, I am running the script and I know what I am doing. Well, let the force be with you. –force parameter I mean!

& 'c:\scripts\Set-StaticPorts.ps1' -Server Server1 -rpcport "50000' -abport "50001" –force $true


And this will silcence prompting. It will still write output for each server to the host. You can redirect it to a file as well! 

& 'c:\scripts\Set-StaticPorts.ps1' -Server Server1 -rpcport "50000" -abport "50001" –force $true | out-file c:\scripts\results.txt

So, where is this script? You can download it here: Set-StaticPorts.ps1

If you are still reading, here’s the actual script to refer:

# FUTURE, Update to run with -auto to find cas servers and run automatically
# FUTURE, Update to rung with -auto to find PF stores and run on PF host
#############################################################################
# Set-StaticPorts.ps1
# This script will configure static ports for RPC Client Access and
# Address Book Service on Exchange 2010 CAS servers.
#
# Usage syntax:
# Set-StaticPorts [-Server]  [-rpcport]  [-abport]  [-force] 
#
# Usage Examples:
# Set-StaticPorts -Server Server1 -rpcport "50000" -abport "50001" -force $true
# Set-StaticPorts -Server Server1
#
# Use this script in accordance to the following Technet wiki article:
# http://social.technet.microsoft.com/wiki/contents/articles/configuring-static-rpc-ports-on-an-exchange-2010-client-access-server.aspx
#
# Created by
# Bhargav Shukla
# http://blogs.technet.com/bshukla
# http://www.bhargavs.com
#
# DISCLAIMER
# ==========
# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
# RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
#############################################################################

# Declare Parameters with defaults
param([string]$server,[string]$rpcport = '7575',[string]$abport = '7576',[bool]$force = $false)

# Filter to set tcp-port, for avoiding redundancy in the code that follows
function tcp-port
{
	if (($regkey.getvalue($VALUE)) -eq $null)
	{
		# Create / Set TCP/IP Port key and value
		$regKey.Setvalue('TCP/IP Port', "$rpcport", 'Dword')

		# Make changes effective immediately
		$regKey.Flush()

		# Read and store current value
		$global:TCPPort = $regkey.getvalue($VALUE)	

		# Close registry key
		$regKey.Close()

		Write-Host -ForegroundColor Green "TCP/IP Port for RPC Client Access is set to $TCPPort on server $server."
	}
	else
	{
		if (($regkey.getvalue($VALUE)) -ne $rpcport)
		{
			$rpccurrport = $regkey.getvalue($VALUE)
			If (($force) -or (Read-Host "Change the RPC Client Service port from $rpccurrport to $rpcport ? [Y/N]") -eq "Y")
			{
				# Create / Set TCP/IP Port key and value
				$regKey.Setvalue('TCP/IP Port', "$rpcport", 'Dword')

				# Make changes effective immediately
				$regKey.Flush()

				# Read and store current value
				$global:TCPPort = $regkey.getvalue($VALUE)	

				# Close registry key
				$regKey.Close()

				Write-Host -ForegroundColor Green "TCP/IP Port for RPC Client Access is set to $TCPPort on server $server."
			}
			else
			{
				Write-Host -ForegroundColor Green "No changes to RPC Client Service port are made on server $server."
			}
		}
		else
		{
			Write-Host -ForegroundColor Green "No changes to RPC Client Service port are necessary on server $server."
		}
	}
}

function get-installpath
{
	# Set Exchange base key and value to read
	$Reg_ExSetup = "SOFTWARE\\Microsoft\\ExchangeServer\\v14\\Setup"
	$VALUE = "MsiInstallPath"

	# Set regKey for MsiInstallPath
	$regKey= $reg.OpenSubKey($REG_ExSetup)

	# Get Install Path from Registry and replace : with $
	$installPath = ($regkey.getvalue($VALUE) | foreach {$_ -replace (":","`$")})

	# Set Address Book Service config file path
	$global:ABFile = "\\$Server\$installPath"+"Bin\microsoft.exchange.addressbook.service.exe.config"

	# Close registry key
	$regKey.Close()
}

function restart-services
{
	# Restart Microsoft Exchange RPC Client Access and Microsoft Exchange Address Book service
	#### You must specify a timeout (in seconds) or the script could potentially never end
	$TimeOut = 30

	#### This will stop a single service on all servers in sequence
	$ServiceFilters = "(name = 'msexchangerpc')","(name = 'msexchangeab')"

	$Locator = new-object -com "WbemScripting.SWbemLocator"
	$WMI = $Locator.ConnectServer($Server, "root\cimv2")
	# Stop Service and check for timeout or sucessful stop
		$ServiceFilters | %{
			$ThisFilter = $_
			(Get-WmiObject -Class Win32_Service -ComputerName $Server -filter "$ThisFilter AND state='running'") | %{
				$Service = $_
				$Refresher = new-object -comobject "WbemScripting.SWbemRefresher"
				$FreshObject = $Refresher.Add($WMI,$Service.__RELPATH)
				$Refresher.Refresh()
				$Then = Get-Date
				:Checking Do {
					$Service.StopService() | out-null
					$Refresher.Refresh()
					if (($FreshObject.Object.properties_ | ?{$_.name -eq "state"}).value -eq "Stopped")
					{
						Write-Warning "Service $($Service.Name) is stopped on server $Server."
						break :Checking;
					} Else {
						If (((Get-Date) - $Then).seconds -ge $TimeOut)
						{
							Write-Warning "Service $($Service.Name) timed out while trying to stop on server $Server. Please restart service manually."
							break :Checking;
						}
					}
				} While ($True)
			}
		}

	# Start Service and check for timeout or sucessful start
		$ServiceFilters | %{
			$ThisFilter = $_
			(Get-WmiObject -Class Win32_Service -ComputerName $Server -filter "$ThisFilter AND state='Stopped'") | %{
				$Service = $_
				$Refresher = new-object -comobject "WbemScripting.SWbemRefresher"
				$FreshObject = $Refresher.Add($WMI,$Service.__RELPATH)
				$Refresher.Refresh()
				$Then = Get-Date
				:Checking Do {
					$Service.StartService() | out-null
					$Refresher.Refresh()
					if (($FreshObject.Object.properties_ | ?{$_.name -eq "state"}).value -eq "running")
					{
						Write-Host "Service $($Service.Name) started successfully on server $Server"
						break :Checking;
					} Else {
						If (((Get-Date) - $Then).seconds -ge $TimeOut)
						{
							Write-Warning "Service $($Service.Name) timed out while trying to start on server $Server. Please restart service manually."
							break :Checking;
						}
					}
				} While ($True)
			}
		}
}

If ($server)
{
	# Set Registry Key variables
	$REG_BASE = "System\\CurrentControlSet\\Services\\MSExchangeRPC"
	$REG_KEY = "System\\CurrentControlSet\\Services\\MSExchangeRPC\\ParametersSystem"
	$VALUE = 'TCP/IP Port'

	# Open remote registry
	$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)

	# Open the targeted remote registry key/subkey as read/write
	$regKey = $reg.OpenSubKey($REG_KEY,$true)

	# Create/Modify Key and Values as necessary
	if ($regKey)
	{
	tcp-port
	}
	else
	{
	$regBase = $reg.OpenSubKey($REG_BASE,$true)
	$regBase.CreateSubKey('ParametersSystem')
	$regBase.Close()
	# Open the targeted remote registry key/subkey as read/write
	$regKey = $reg.OpenSubKey($REG_KEY,$true)
	tcp-port
	}

	# Get location of Address Book Service configuration file
	get-installpath

	# Verify the file exists, exit if it doesn't
	if (Test-Path $ABFile -ErrorAction SilentlyContinue)
	{
		# Backup file before editing
		$currentDate = (get-date).tostring("MM_dd_yyyy-hh_mm_s")
		$ABbackup = $ABFile + ".$currentDate"
		$xml = [xml](get-content $ABFile)
		$xml.Save($ABbackup)

		# Edit RpcTcpPort if 0, ask user for approval if not 0
		$root = $xml.get_DocumentElement();
		ForEach ($item in $root.appSettings.add)
		{
		if (($item.key -eq "RpcTcpPort") -and ($item.value -eq "0"))
			{
				$item.value="$abport"
				Write-Host -ForegroundColor Green "TCP/IP Port for Address Book Service is set to $ABPort on server $server."
			}
			else
			{
			If (($item.key -eq "RpcTcpPort") -and ($item.value -ne "$abport"))
				{
				if (($force) -or (Read-Host "Change port from $($item.value) to $abport on server $server ? [Y/N]") -eq "Y")
					{
						$item.value="$abport"
						Write-Host -ForegroundColor Green "TCP/IP Port for Address Book Service is set to $ABPort on server $server."
					}
				else
					{
						Write-Host -ForegroundColor Green "No changes are made to TCP/IP Port for Address Book Service on server $server."
					}
				}
			}
		}
		$xml.Save($ABFile)
	}
	else
	{
	Write-Host -ForegroundColor Red -BackgroundColor Black "Address Book Service configuration file does not exist for server $server. Please verify file and update manually."
	}

	# Ask for and restart services if requested
	If (($force) -or (Read-Host "Restart services MSExchangeRPC and MSExchangeAB? [Y/N]") -eq "Y")
		{
			restart-services
		}
		else
		{
			Write-Warning "Please restart the Microsoft Exchange RPC Client Access (MSExchangeRPC) service for changes to take effect."
		}

	# Reminder for MAilbox Servers
	Write-Warning "Please do not forget to change ports on Mailbox servers for Public Folder Access."
}
else
{
Write-Host -ForegroundColor Red -BackgroundColor Black "Server Name is null. Please provide Server where static ports need to be set."
Write-Host -ForegroundColor Red -BackgroundColor Black "The syntax is 'Set-StaticPorts.ps1 `"servername`" `"1234`" `"1235`"'."
Write-Host -ForegroundColor Red -BackgroundColor Black "Please replace values of `"1234`" and `"1235`" with valid port numbers for RPC and Address Book Services respectively."
}


This is a cross post from http://blogs.technet.com/bshukla

  • Share/Bookmark
Print

How to install Update Rollups remotely on Exchange 2010 server

Apr 7

Posted by Bhargav in Exchange 2010, PowerShell | No Comments

If you are like me, you are always looking for ways to not leave your chair, or for that matter, not switch windows.

When it comes to install Update Rollups on every Exchange 2010 server you have, the same applies. So I set out to find a way and I found one! Even though this requires some work upfront, it will make it easy ever after.

Pre-Requisites:

The cost of making it easier for future is the work you have to do now. Well, let’s get to it. In order to be able to connect to your Exchange servers remotely, you will need to configure winrm (if not configured already). All you need to do is run 

winrm quickconfig

from elevated PowerShell session (run as administrator). The command adds an HTTP listener, configures the server to allow remote requests, and creates a Firewall exception rule. I am assuming that you are running Windows Server 2008 R2. I have not tested this on other server versions, however it should work if PowerShell v2 and WinRM is installed correctly.

Script:

So, how do I run the script?

Get-Content “\\server\share\servers.txt” | Foreach-Object {Invoke-Command –ComputerName $_ –FilePath “\\server\share\Install-UpdateRollups.ps1”}

The command will read list of servers from servers.txt (specify your path where it reads \\server\share\servers.txt) and call script to install Update Rollup specified in the script. Notice that I am user serialization by piping. This way I am running update only on one server at a time. The command could be change to look like this:

Invoke-Command –ComputerName (Get-Content “\\server\share\servers.txt”) –FilePath “\\server\share\Install-UpdateRollups.ps1”

however, I have not tested it on multiple computers and unsure of the success using this method.

After the installation of Update Rollup, the script will prompt user for reboot and if user approves, script will also reboot the server.

So, a million dollar question is, where is this script? You can download it here: Install-UpdateRollups.ps1

The code is pasted below for reference:

#############################################################################
# Install-UpdateRollups.ps1
# Remotely installs Update Rollups on Exchange 2007 or Exchange 2010 servers
#
# Pre-requisites
# --------------
# Requires winrm enabled on destination servers. Run winrm quickconfig to enable.
# Requires write access to $Log_Drive folder and $Install_Drive folder if "Logs"
#   folder doesn't exist in $Install_Drive.
#
# Created by
# Bhargav Shukla
# http://blogs.technet.com/bshukla
# http://www.bhargavs.com
#
# DISCLAIMER
# ==========
# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
# RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
#############################################################################

#Update variables to reflect correct locations and Update Rollup installer file name
$Install_Drive = "\\server\share"
$RU_File = "installer.msp"
$Log_Drive = "$Install_Drive\Logs"
$ServerName = $Env:COMPUTERNAME

# Check for RU install file
$CheckRUPath = "$Install_Drive\$RU_File"
Write-Host -ForegroundColor Green "Checking for $CheckRUPath"
if (-not (Test-Path $CheckRUPath))
{
	Write-Host -ForegroundColor Red "ERROR: Update Rollup File not found!"
	Write-Host -ForegroundColor Red "ERROR: Exiting."
	exit
}

# Check for Logs path, create folder if doesn't exist
$CheckLogPath = "$Log_Drive"
Write-Host -ForegroundColor Green "Checking for $CheckLogPath"
if (-not (Test-Path $CheckLogPath))
{
	Write-Host -ForegroundColor Yellow "ERROR: Log Folder not found!"
	Write-Host -ForegroundColor Yellow "INFO:  Creating Log Folder..."
	New-Item -Path $Install_Drive -Name Logs -itemtype directory -Force
}

# Disable "Check for publisher's certificate revocation"
Write-Host ""
Write-Host -ForegroundColor Green "Disabling publisher's certificate revocation check..."
set-ItemProperty -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" -name State -value 146944

Write-Host -ForegroundColor Green "Installing Exchange Update Rollup..."
	$oProcess = [System.Diagnostics.Process]::Start("$Install_Drive\$RU_File", " /passive /lv $Log_Drive\$ServerName-InstallRollup.log /norestart")
	$oProcess.WaitForExit() 

# Enable "Check for publisher's certificate revocation"
Write-Host -ForegroundColor Green "Re-enabling Check for publisher's certificate revocation..."
Set-ItemProperty -path "HKCU:Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" -name State -value 146432

# Reboot if user responds [Y]es
if ((Read-Host "Reboot? [Y/N]") -eq "Y")
{
write-host -ForegroundColor Red "Rebooting Server $ServerName."
Restart-Computer
}
Update:

I failed to mention the effect of double-hops and delegation of authentication for the remote installation mentioned above to work. Here’s why it is a problem:

Your install files and list of servers are located on a server (let’s call it ServerA). You are running the invoke-command from a client computer (let’s call it ClientA) and you are going to install RU on Exchange servers (let’s call it EXA, EXB and EXC). When you run the command, get-content is run is local runspace of ClientA and works fine. The next step is to pipe the servernames to invoke-command. The install script mentioned above is then called from share on ServerA. However, this is now remote runspace on exchange servers EXA, EXB and EXC. The error you will notice is when the install script checks for existence of RU file. Even if the RU file exists in mentioned share and permissions are given to account you are using to run the commands from ClientA, you will see that script errors and exits unexpectedly. It thinks the RU file doesn’t exist when it actually does!

That is because, your credentials from ClientA are passed to EXA, however, to access the file on ServerA, your credentials needs to be passed on to it. This is delegation. And we have not configured any delegation yet! This will cause script block to fail since it can’t access the RU file without access.

How can you solve this? Here are the steps:

1. on ClientA run:

Enable-wsmancredssp -role client –delegatecomputer *

This will enable credssp delegation from ClientA to computers you define in –delegatecomputer. In our example, we allowed delegation to all computer by using * which is ok for lab. In production environment, you may want to restrict it to your domain name (i.e. *.domain.com) or list of servers (i.e. EXA.domain.com, EXB.domain.com, EXC.domain.com).

2. on all target servers, EXA, EXB and EXC in our example, run:

Enable-wsmancredssp -role server

This will allow target servers to use credentials specified by ClientA using CredSSP to access files on ServerA.

3. on ClientA, run the install command:

$cred = Get-Credential
Get-Content “\\server\share\servers.txt” | Foreach-Object {Invoke-Command –ComputerName $_ –FilePath “\\server\share\Install-UpdateRollups.ps1” –Authentication CredSSP –Credential $cred}

Notice the use of CredSSP and explicit specification of credentials. This is important and required for the remote install process to work.

One more gotcha. The process above does not work if your ClientA isn’t Windows 7, Vista or Windows Server 2008. This is because CredSSP isn’t available to Windows XP or Windows Server 2003. You can host your share on Windows Server 2003, however, you must run step 1 and 3 from a client that is capable of using CredSSP.

Here are some references for further reading:

Multi-Hop Support in WinRM

Using invoke-command to launch a script on a remote computer which connects to network resources

Enable-WSManCredSSP

 

This article is also posted to http://www.bhargavs.com

  • Share/Bookmark
Print

Script to enable preview pane for PowerShell scripts

Mar 29

Posted by Bhargav in PowerShell | No Comments

If you are running Windows 7, you probably know what preview pane is. And if you use PowerShell and create ps1 scripts, you may also wonder how can you enable preview for PowerShell scripts in Windows Explorer.

Well, Nate Bruneau shared how to edit registry to enable preview for ps1 scripts. Being a scripter myself, I figured I would wrap it into a nice script and share it with everyone. Thanks Nate for your permission.

The scrip runs on Windows 7 and Windows Server 2008 R2. You must run it from elevated PowerShell session. The script uses elevation code from Ian Griffiths’ blog to check for elevation and exits with notification if PowerShell is not running as administrator.

Here’s the script:

#############################################################################
# Enable-ps1Preview.ps1
# This script will enable preview for ps1 files in Windows Explorer.
# Special thanks to Nate Bruneau for the idea.
#
# Created by
# Bhargav Shukla
# http://www.bhargavs.com
#
# DISCLAIMER
# ==========
# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
# RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
#############################################################################

# Check if OS is Windows 7 or Windows Server 2008 R2, quit if not.
$OS = (Get-WmiObject -Class win32_OperatingSystem).caption
switch -wildcard ($OS)
{
  "*Windows 7*" {"`nChecking Elevation..."}
  "*Windows Server 2008 R2*" {"`nChecking Elevation..."}
  default {Write-Host -ForegroundColor Red "`nYou are not running Windows 7 or Windows Server 2008 R2. You can't use this feature on older OS."; exit}
}

# Function to check if PowerShell is running elevated
function Check-Elevated
{
  $wid=[System.Security.Principal.WindowsIdentity]::GetCurrent()
  $prp=new-object System.Security.Principal.WindowsPrincipal($wid)
  $adm=[System.Security.Principal.WindowsBuiltInRole]::Administrator
  $IsAdmin=$prp.IsInRole($adm)
  if ($IsAdmin)
  {
    Set-Variable -Name elevated -Value $true -Scope 1
  }
}

# Make registry changes if running elevated, throw error if not
Check-Elevated
If ($elevated -eq $true)
{
	# Set Registry Key variables
	$REG_KEY = ".ps1"

	# Open remote registry
	$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('ClassesRoot', ".")

	# Open the targeted remote registry key/subkey as read/write
	$regKey = $reg.OpenSubKey($REG_KEY,$true)

	# Set PerceivedType to "text"
	if ($regKey -ne $null)
	{
		$regKey.Setvalue('PerceivedType', 'text', 'String')
		$regKey.Setvalue('Content Type', 'text/plain', 'String')

		# Close the Reg Key
		$regKey.Close()

		Write-Host -ForegroundColor Green -BackgroundColor Black "Preview for .ps1 files is now enabled. Enable preview pane in Windows Explorer.`n"

	}

}
else
{
  Write-Host -ForegroundColor Red -BackgroundColor Black "Please run PowerShell as administrator before you run this script.`n"
}

You can download the script here – Enable-ps1Preview.ps1

  • Share/Bookmark
Print

Send a Tweet from PowerShell

Mar 16

Posted by Bhargav in PowerShell | 1 Comment

I was reading Shay’s article on how to send direct messages on twitter using PowerShell when I couldn’t resist but find a way to send normal tweets from PowerShell. While trying to do that, I also incorporated security so that your transmission is secure and so is your input. Here’s the code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

function Send-Tweet($Message,$UserName)
{
   if ($Message -eq $null) {$Message = Read-Host "Enter your tweet"}
   if ($Username -eq $null) {$Username = read-host "Enter your twitter username"}
   if ($Password -eq $null)
   {
	$Password = read-host -assecurestring "Enter your twitter password"
	$marshal = [Runtime.InteropServices.Marshal]
	$Password = $marshal::PtrToStringAuto($marshal::SecureStringToBSTR($Password))
   }
   $url="https://twitter.com/statuses/update.xml?status=$Message"
   $request = [System.Net.WebRequest]::Create($url)
   $request.credentials= New-Object System.Net.NetworkCredential($UserName,$Password)
   $request.method= "POST"
   $request.contentType = "application/x-www-form-urlencoded"
   $request.GetResponse().statusCode # return the status code of the request
}

To send tweet, you need to type:

Send-Tweet -Message "Hello World!" -Username userxyz

Notice I did not include –Password. Infact, I did not include $Password in parenthesis after function. This way even if you were using tab to cycle through available parameters, you won’t see “Password” as a parameter. It still won’t stop you from typing:

Send-Tweet -Message "Hello World!" -Username userxyz -Password password

But by not declaring the parameter, I am encouraging one to skip typing password in plain-text. When user sends tweet using first option (without password) this script will prompt user for password. How is it secure? Notice –assecurestring when I am prompting user for password. This way your entry will show up as ****** instead of plaintext. If you were to use second method, you will type your password in plaintext and I am assuming you will do that when you are sure your screen is not visible to anyone else.

Another nice feature in my script is, I am using https in URL. This way I am sending authentication string over SSL. Shay’s original script for direct message does not use SSL hence username and password is transmitted in base64 encoding of string “username:password”. Your tweet will be published and will be in public domain but I don’t like the idea of transmitting username and password the same way. Here’s why:

The network capture shows the following:

image

Now let’s see what we can do with highlighted string in PowerShell:

PS> $b64upass = "dXNlcm5hbWU6cGFzc3dvcmQ="
PS> $bytes = [convert]::FromBase64String($b64upass)
PS> $decoded = [System.Text.Encoding]::UTF8.GetString($bytes)
PS> $decoded
username:password

So as you can see, even though Base64 is not plaintext, it’s very easy to decode and your username and password is more valuable than that!

If you are going to use Shay’s script for direct tweets, you can simply change URL to https and it should transmit securely. you can also use other ideas from my script to make password entry more secure.

Here’s another way of doing it:

$Tweetcred = Get-Credential
$UserName=$Tweetcred.GetNetworkCredential().UserName
$Password=$Tweetcred.GetNetworkCredential().Password

Using this method simply asks user for username and password in standard windows security dialog box and stores it in credential object of the OS.

image

I thank Shay for showing me way and hope you will benefit from both his and my scripts!

Update: Including link to Wikipedia article on HTTP Basic Access Authentication for reference.

  • Share/Bookmark
Print

Tags: , , ,

PowerShell Variables and scopes

Feb 19

Posted by Bhargav in Exchange 2010, PowerShell | No Comments

I was helping someone with a profile script. The script is supposed to connect to a remote Exchange 2010 server using PowerShell v2.0 when it is launched.

The script had a function which is called upon when profile is loaded. The function looked like the following:

function connect-remotely()
 
{
      if ($server)
      {
            $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$server/PowerShell/ -Authentication Kerberos
            Import-PSSession $Session
            write-warning 'Do not forget to run Remove-PSSession $Session'
      }
      else
      {
            $server = read-host "Server name"
            connect-remotely $server
      }
}

The $session variable in this instance gets created and populated within the function. The problem, however, is not visible until a bit later. When we were done with our remote session, we tried to remove session using Remove-PSSession $session but encountered an error which indicated that $session has null value.

Why did that happen? That’s where I needed to understand how scopes work. The PowerShell session is created when we launch PowerShell. When the function is executed, a child scope is created. The $session variable is created within child scope. All is fine until after the function completes execution and exits. At this time, $session variable value becomes null since the scope in which it was created is no longer applicable.

But wait, don’t we need the object stored in that variable to remove session successfully? We sure do. So how do we address this?

This can be accomplished using one of the two ways:

1. Define the variable as global. This will make the variable available in all scopes including the one created by function and the parent scopes. Here’s how you can do it:

$Global:Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$server/PowerShell/ -Authentication Kerberos

2. Second option (I like it better) is to define scope. I used New-Variable as describe below when creating $session within function and scoping it to value of 1:

New-Variable -Name Session -Value (New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$server/PowerShell/ -Authentication Kerberos) -Scope 1

When you scope any variable, value 0 means the scope in which it was created. 1 means parent scope, 2 is grand parent and so on. By defining scope of 1, I made the variable available to parent scope of the function which is where I was running Remove-PSSession. As anyone can guess, both methods allowed me to successfully remove session as the variable $session stayed behind populated instead of becoming null.

Hopefully this will help you understand how scope can help in certain situations. For better understanding of scopes, head out to TechNet as it contains lot more information about scopes which is not in scope of this post… get it? ;)

  • Share/Bookmark
Print

Tags:

How do I check Update Rollup version on Exchange 20xx Server?

Dec 14

Posted by Bhargav in Exchange 2007, Exchange 2010, Exchange Management Shell, Exchange Server, PowerShell | 4 Comments

Instead of updating my previous post which covers only Exchange 2007, I decided to create a new post which covers both versions.

Now that Update Rollup for Exchange Server 2010 is available, I have updated my previous script to check for Update Rollup versions on both Exchange Server 2007 and Exchange Server 2010. No need to have two versions of script. Just download this one!

Here’s what has changed between versions:

  • Product GUID has changed to AE1D439464EB1B8488741FFA028E291C (Exchange 2010) from 461C2B4266EDEF444B864AD6D9E5B613 (Exchange 2007).
  • Exchange writes installation information to HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\Setup instead of “HKLM\SOFTWARE\Microsoft\Exchange\Setup”

The script below will do the work for you so you don’t need to remember what I just said above. Isn’t that what script is for?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

# Store header in variable
$headerLine =
@"
 
Server Name,Rollup Update Description,Installed Date,ExSetup File Version
"@
 
# Write header to file
$headerLine | Out-File .\results.csv -Encoding ASCII -Append
 
function getRU()
{
# Set server to connect to
	$Server = "$_".ToUpper()
 
 
# Check if server is running Exchange 2007 or Exchange 2010
 
	$ExchVer = (Get-ExchangeServer $Server | ForEach {$_.AdminDisplayVersion.Major})
 
# Set appropriate base path to read Registry
# Exit function if server is not running Exchange 2007 or Exchange 2010
	if ($ExchVer -eq "8" -or $ExchVer -eq "14")
		{
			switch ($ExchVer)
			{
			 "14"	{
			 			$REG_KEY = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\AE1D439464EB1B8488741FFA028E291C\\Patches"
						$Reg_ExSetup = "SOFTWARE\\Microsoft\\ExchangeServer\\v14\\Setup"
			 		}
			 "8"	{
			 			$REG_KEY = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\461C2B4266EDEF444B864AD6D9E5B613\\Patches"
						$Reg_ExSetup = "SOFTWARE\\Microsoft\\Exchange\\Setup"
			 		}
			}
		}
	else
		{return}
 
# Read Rollup Update information from servers
 
# Set Registry constants
	$VALUE1 = "DisplayName"
	$VALUE2 = "Installed"
	$VALUE3 = "MsiInstallPath"
 
# Open remote registry
	$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)
 
# Set regKey for MsiInstallPath
	$regKey= $reg.OpenSubKey($REG_ExSetup)
 
# Get Install Path from Registry and replace : with $
	$installPath = ($regkey.getvalue($VALUE3) | foreach {$_ -replace (":","`$")})
 
# Set ExSetup.exe path
	$binFile = "Bin\ExSetup.exe"
 
# Get ExSetup.exe file version
	$exSetupVer = ((Get-Command "\\$Server\$installPath$binFile").FileVersionInfo | ForEach {$_.FileVersion})
 
# Create an array of patch subkeys
	$regKey= $reg.OpenSubKey($REG_KEY).GetSubKeyNames() | ForEach {"$Reg_Key\\$_"}
 
# Walk through patch subkeys and store Rollup Update Description and Installed Date in array variables
	$dispName = [array] ($regkey | %{$reg.OpenSubKey($_).getvalue($VALUE1)})
	$instDate = [array] ($regkey | %{$reg.OpenSubKey($_).getvalue($VALUE2)})
 
# Loop Through array variables and output to a file
	$countmembers = 0
 
	if ($regkey -ne $null)
	{
		while ($countmembers -lt $dispName.Count)
		{
		$server+","+$dispName[$countmembers]+","+$instDate[$countmembers].substring(0,4)+"/"+$instDate[$countmembers].substring(4,2)+"/"+$instDate[$countmembers].substring(6,2)+","+$exsetupver | Out-File .\results.csv -Encoding ASCII -Append
		$countmembers++
		}
	}
	else
	{
		$server+",No Rollup Updates are installed,,"+$exsetupver | Out-File .\results.csv -Encoding ASCII -Append
	}
}
 
# Get Exchange 2007 servers and write Rollup Updates to results file
$Servers = (Get-ExchangeServer | Where-Object {($_.AdminDisplayVersion -match "8" -OR $_.AdminDisplayVersion -match "14") -AND $_.ServerRole -ne "ProvisionedServer" -and $_.ServerRole -ne "Edge"} | ForEach {$_.Name})
$Servers | ForEach {getRU}

Download – Get-ExchangeUpdateRollups.ps1

  • Share/Bookmark
Print

Tags:

Script to install Exchange 2010 pre-requisites for Windows Server 2008 R2

Nov 18

Posted by Bhargav in Exchange 2010, PowerShell | 10 Comments

Even though installing pre-requisites on Windows Server 2008 R2 is simple and straight forward as described here, it makes it even faster if you were to use a script to do so.

MVP Anderson Patricio recently published a script for the same. What the script did not do is what I took liberty to add. I am publishing entire script below with credit to Anderson where it is due.

My code adds functionality to download and install Microsoft Filter Pack if the server has internet connectivity.

UPDATE: Pat Richard enhanced this script and added some checks and other functionality which makes it even more useful. You can read Pat’s post here. The script below is result of combined effort of Anderson, Pat and myself.

#############################################################################
# Set-Exchange2010Prereqs.ps1
# Configures the necessary prerequisites to install Exchange 2010 on a
# Windows Server 2008 R2 server
#
# Pat Richard, MVP
# http://ucblogs.net/blogs/exchange
#
# 1.0 – Original script 11/27/09 based on the work of Anderson Patricio and
# Bhargav Shukla
#
# Dedicated blog post:
# http://www.ucblogs.net/blogs/exchange/archive/2009/12/12/Automated-prerequisite-installation-via-PowerShell-for-Exchange-Server-2010-on-Windows-Server-2008-R2.aspx
#
# Some info taken from
# http://msmvps.com/blogs/andersonpatricio/archive/2009/11/13/installing-exchange-server-2010-pre-requisites-on-windows-server-2008-r2.aspx
# http://www.bhargavs.com/index.php/powershell/2009/11/script-to-install-exchange-2010-pre-requisites-for-windows-server-2008-r2/
#############################################################################
 
# Detect correct OS here and exit if no match
if (-not((Get-WMIObject win32_OperatingSystem).OSArchitecture -eq '64-bit') -and (Get-WMIObject win32_OperatingSystem).Version -eq '6.1.7600'){
	Write-Host "This script requires a 64bit version of Windows Server 2008 R2, which this is not." -ForegroundColor Red -BackgroundColor Black
	Exit
}
 
Function InstallFilterPack(){
# future: look and see if it's already installed
# 			via registry HKLM:\Software\Microsoft\CurrentVersion\Uninstall\{95120000-2000-0409-1000-0000000FF1CE}
	trap {
		Write-Host "Problem downloading FilterPackx64.exe. Please visit http://tinyurl.com/36yrlj"
		break
	}
	#set a var for the folder you are looking for
	$folderPath = 'C:\Temp'
 
	#Check if folder exists, if not, create it
	if (Test-Path $folderpath){
		Write-Host "The folder $folderPath exists."
	} else{
		Write-Host "The folder $folderPath does not exist, creating..." -NoNewline
		New-Item $folderpath -type directory | Out-Null
		Write-Host "done!" -ForegroundColor Green
	}
 
	# Check if file exists, if not, download it
	$file = $folderPath+"\FilterPackx64.exe"
	if (Test-Path $file){
		write-host "The file $file exists."
	} else {
		#Download Microsoft Filter Pack
		Write-Host "Downloading Microsoft Filter Pack..." -nonewline
		$clnt = New-Object System.Net.WebClient
		$url = "http://download.microsoft.com/download/b/e/6/be61cfa4-b59e-4f26-a641-5dbf906dee24/FilterPackx64.exe"
		$clnt.DownloadFile($url,$file)
		Write-Host "done!" -ForegroundColor Green
	}
	#Install Microsoft Filter Pack
	Write-Host "Installing Microsoft Filter Pack..." -nonewline
	$expression = $folderPath+"\FilterPackx64.exe /quiet /norestart"
	Invoke-Expression $expression
	Start-Sleep -Seconds 10
	write-host "done!" -ForegroundColor Green
}
 
Function SetRunOnce(){
	# Sets the NetTCPPortSharing service for automatic startup before the first reboot
	# by using the old RunOnce registry key (because the service doesn't yet exist, or we could
	# use 'Set-Service')
	$hostname = hostname
	$RunOnceCommand = "sc \\$hostname config NetTcpPortSharing start= auto"
	if (Get-ItemProperty -Name "NetTCPPortSharing" -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce' -ErrorAction SilentlyContinue) {
	    	Write-host "Registry key HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce\NetTCPPortSharing already exists." -ForegroundColor yellow
        	Set-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce" -Name "NetTCPPortSharing" -Value $RunOnceCommand | Out-Null
	} else {
	    	New-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce" -Name "NetTCPPortSharing" -Value $RunOnceCommand -PropertyType "String" | Out-Null
	}
}
 
Import-Module ServerManager
$opt = "None"
# Do {
	clear
	if ($opt -ne "None") {write-host "Last command: "$opt -foregroundcolor Yellow}
	write-host
	write-host Exchange Server 2010 - Prerequisites script
	write-host Please, select which role you are going to install..
	write-host
	write-host '1) Hub Transport'
	write-host '2) Client Access Server'
	write-host '3) Mailbox'
	write-host '4) Unified Messaging'
	write-host '5) Edge Transport'
	write-host '6) Typical (CAS/HUB/Mailbox)'
	write-host '7) Client Access and Hub Transport'
	write-host
	write-host '9) Configure NetTCP Port Sharing service'
	write-host '   Required for the Client Access Server role' -foregroundcolor yellow
	write-host '   Automatically set for options 2,6, and 7' -foregroundcolor yellow
	write-host '10) Install 2007 Office System Converter: Microsoft Filter Pack'
	write-host '    Required if installing Hub Transport or Mailbox Server roles' -foregroundcolor yellow
	write-host '    Automatically set for options 1, 3, 6, and 7' -foregroundcolor yellow
	write-host
	write-host '13) Restart the Server'
	write-host '14) End'
	write-host
	$opt = Read-Host "Select an option.. [1-14]? "
 
	switch ($opt)    {
		1 { InstallFilterPack; Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -restart }
		2 { SetRunOnce; Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -restart }
		3 { InstallFilterPack; Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -restart }
		4 { Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -restart }
		5 { Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -restart }
		6 { SetRunOnce; InstallFilterPack; Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -restart }
		7 { SetRunOnce; InstallFilterPack; Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -restart }
		9 { Set-Service NetTcpPortSharing -StartupType Automatic }
		10 {
			# future - auto detect Internet access
			write-host 'Can this server access the Internet?'
			$filtpack = read-host 'Please type (Y)es or (N)o...'
			switch ($filtpack)				{
				Y {InstallFilterPack}
				N {Write-warning 'Please download and install Microsoft Filter Pack from here: http://tinyurl.com/36yrlj'}
			}
		}
		13 { Restart-Computer }
		14 {write-host "Exiting..."}
		default {write-host "You haven't selected any of the available options. "}
	}
# }
# while ($opt -ne 14)
  • Share/Bookmark
Print

Tags: , ,

How to bypass confirmation prompts for Managed Folder Policy

Sep 16

Posted by Bhargav in Exchange 2007, Exchange Management Shell, PowerShell | No Comments

When you try to apply managed mailbox folder policy to a mailbox using set-mailbox, you would run a command like this:

 

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy"

 

This would result in a confirmation prompt

 

Confirm
  <br />Are you sure you want to perform this action?
  <br />...

 

To avoid the prompt, you instead run command

 

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy" –confirm:$false

 

However, you will get prompted again with the following:

 

Confirm
  <br />When assigning a managed folder mailbox policy…

To put it in perspective, the first confirmation prompt is for set-mailbox operation. The second confirmation prompt is for applying Managed Folder Policy. Whenever Managed Folder Policy is applied, it impacts legacy Outlook client functionality. Which explains why additional confirmation is needed.

So, how can you tell the shell not to ask you for confirmation as you know what you are doing or you don’t care if it breaks ;) ?

Type this:

set-mailbox -identity mailboxA -ManagedFolderMailboxPolicy "MFPolicy" -ManagedFolderMailboxPolicyAllowed -Confirm:$false

you can now tell the computer who is the boss. :)

  • Share/Bookmark
Print

Tags: ,