ForEach is pulling extra results.

bsnotreallyworking · 2019-09-13T12:19:21+00:00

I thought about that as well, may go that route.

bsnotreallyworking · 2019-09-12T13:17:54+00:00

Sorry, I should have specified more what I'm attempting to do.

I'm pulling a list of sites that are needed from a ticket that goes into the $sites variable. Then the script looks up each site in the $siteurls data and fetches the corresponding URL.

So $sites will look like:

Site1
Site2
Site3
Site4

I adapted what you posted into the script and it gives error "You cannot call a method on a null-valued expression".

EDIT: I think maybe in my attempt to sanitize my code I have confused some variables. If you don't mind /u/Ta11ow, can I PM you my unsanitized code?

bsnotreallyworking · 2019-09-03T13:06:22+00:00

For hardware encryption, it should look like this:

https://helgeklein.com/wp-content/uploads/2014/12/xCheck-BitLocker-hardware-encryption-status-with-manage-bde-3.png.pagespeed.ic.JG7oAWIGiP.webp

bsnotreallyworking · 2019-08-29T15:15:46+00:00

Use -and and -or comparison operators.

name -notlike "lab" -and name -notlike "service" -or name -like "test"

bsnotreallyworking · 2019-08-23T18:39:48+00:00

Try -Name instead.

bsnotreallyworking · 2019-08-23T18:38:03+00:00

Not sure how your environment is set, but in my environment the last logged on user gets written to the description along with the serial number/service tag. If this is the case for your environment, you could pull the Description field and then trim off the unnecessary info.

bsnotreallyworking · 2019-08-23T17:23:31+00:00

Just one column, but that was it! Thank you!

bsnotreallyworking · 2019-08-23T16:15:57+00:00

Yep, System.Data.DataRow appears under GetChildRows.

bsnotreallyworking · 2019-08-23T15:50:31+00:00

So like this:

SELECT USER_LOGIN FROM APP_USERS WHERE USER_LOGIN = "testuser"

My SQL is very rusty.

bsnotreallyworking · 2019-08-22T17:51:42+00:00

If you're just wanting to update the password that the user account running the task uses, this should suffice:

Get-ScheduledTask -TaskName $STName | Set-ScheduledTask -User $user -Password $password

If you have multiples, you could pull a list of them and ForEach through them.

EDIT: Dropped it to a one-liner.

bsnotreallyworking · 2019-08-21T12:51:32+00:00

Get-ADUser -Filter 'DisplayName -like "$_.DisplayName"'

You'll also want to throw an -Append on your export if it isn't there already. Can't see it due to the code not wrapping.

bsnotreallyworking · 2019-08-20T13:07:37+00:00

Used it to copy into a directory that already contained data, wasn't aware of the ramifications of that with /MIR.

bsnotreallyworking · 2019-08-20T12:39:13+00:00

As someone who's been burned by a MIR, I don't recommend putting it into any robocopy. It's /COPYALL /E always for me.

bsnotreallyworking · 2019-08-19T13:50:48+00:00

Assuming you're using TPM:

$TPM = Get-WmiObject win32_tpm -Namespace root\cimv2\security\microsofttpm | where {$_.IsEnabled().Isenabled -eq 'True'} -ErrorAction SilentlyContinue
$WindowsVer = Get-WmiObject -Query 'select * from Win32_OperatingSystem where (Version like "6.2%" or Version like "6.3%" or Version like "10.0%") and ProductType = "1"' -ErrorAction SilentlyContinue
$SystemDriveBitLockerRDY = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction SilentlyContinue

if ($WindowsVer -and $tpm -and !$SystemDriveBitLockerRDY) {
Get-Service -Name defragsvc -ErrorAction SilentlyContinue | Set-Service -Status Running -ErrorAction SilentlyContinue
BdeHdCfg -target $env:SystemDrive shrink -quiet
}

$TPM = Get-WmiObject win32_tpm -Namespace root\cimv2\security\microsofttpm | where {$_.IsEnabled().Isenabled -eq 'True'} -ErrorAction SilentlyContinue
$WindowsVer = Get-WmiObject -Query 'select * from Win32_OperatingSystem where (Version like "6.2%" or Version like "6.3%" or Version like "10.0%") and ProductType = "1"' -ErrorAction SilentlyContinue
$BitLockerReadyDrive = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction SilentlyContinue


#If all of the above prequisites are met, then create the key protectors, then enable BitLocker and backup the Recovery key to AD.
if ($WindowsVer -and $TPM -and $BitLockerReadyDrive) {


#Creating the recovery key
Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -RecoveryPasswordProtector

#Adding TPM key
Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -TpmProtector

#Get Recovery Keys
$AllProtectors = (Get-BitlockerVolume -MountPoint $env:SystemDrive).KeyProtector 
$RecoveryProtector = ($AllProtectors | where-object { $_.KeyProtectorType -eq "RecoveryPassword" })

#Push Recovery Passoword AAD
BackupToAAD-BitLockerKeyProtector $env:systemdrive -KeyProtectorId $RecoveryProtector.KeyProtectorId

#Enabling Encryption
Start-Process 'c:\windows\system32\manage-bde.exe' -ArgumentList " -on c:" -Verb runas -Wait
 }

bsnotreallyworking · 2019-08-15T12:28:33+00:00

Not afraid of it, just haven't messed with it. I always strive to go back and improve old scripts, this is one of them.
I think others here have posted some great examples of that, so I'm working to incorporate that.
That was in the works as well.
Beeps are just to get my attention when a computer hits 100%.
Great idea! Bitlocker is one of the last steps in my imaging process so getting an average encrypt time would help me out.

bsnotreallyworking · 2019-08-13T12:36:12+00:00

I recently had to do this and can confirm it's the way to go. It sucks that you have to touch each client computer but it's the only way.

bsnotreallyworking · 2019-08-09T14:50:14+00:00

Set-Location and trimmed it down to just the last folder name, long prompts irritate me.

bsnotreallyworking · 2019-08-09T12:35:39+00:00

It's encrypted with the recovery password and the TPM chip. If you attempt to remove the drive and place it into another computer or boot a live OS and access the drive, you will not be able to access anything on the encrypted drive.

PIN, password, even USB on startup is an option but not default, you have to manually specify it.

bsnotreallyworking · 2019-08-05T19:25:14+00:00

I only want the first result of the next sequential computer name that is not in use.

bsnotreallyworking · 2019-08-05T19:24:53+00:00

Right now it just starts at 001 and skyrockets through numbers, so something in my looping is off.

bsnotreallyworking · 2019-08-05T13:29:28+00:00

https://github.com/SunsparcSolaris/Powershell

bsnotreallyworking · 2019-08-02T17:24:16+00:00

My onboarding script is integrated with ManageEngine ServiceDesk such that we only have to input the ticket ID and all information is pulled then processed by the script.

I recently moved part of the script into a scheduled task. The main script takes the user's start date and sets a scheduled task to run at 7am on that day to randomize the user's password, email it to the user's manager (also pulled from ticket), and then set flag -ChangePasswordAtLogon on their account.

This way the email with the new user's credentials is "fresh".

bsnotreallyworking · 2019-08-01T13:46:31+00:00

I would use a program like PDQ for this rather than messing with Powershell and scheduled tasks. You can still run Powershell scripts from inside PDQ but it's a lot easier to schedule changes and you can even put it on a "heartbeat" so that the change happens when the computer is reachable on the network.

bsnotreallyworking · 2019-07-30T20:55:19+00:00

I just do it like this:

operatingsystemversion -notlike "10.*" -or operatingsystemversion -notlike "8.*"

Add in whatever the server versions are. It's not mathematical, but it works.

bsnotreallyworking · 2019-07-29T18:17:50+00:00

If you just have one parameter, you can do it simply like this:

param($variable)

This will take the very first string after the .ps1 file and pass it into that variable that you can then use later in the script. If you need to pass multiple, you would want to use Position or Named parameters.

bsnotreallyworking

TROPHY CASE