Tag: file

How to gpudate and RDP with PowerShell

In my first PowerShell post, I described running into the issue of maintaining a network where you do not have all admin permissions. A second issue that I ran into was how to gpupdate and RDP with PowerShell.  Updates were pushed out from group policy but machines were not pulling them and staying up to date. How I forced gpupdate was a lot like how I forced remote reboots with PowerShell.

for($i=0; $i -lt $WorkstationArray.Count; $i++){
     $temp = $WorkstationArray[$i]
     Write-Output "Initiate gpupdate for: " $temp
     Invoke-GPUpdate -Computer $temp
}

Loop through an array and RDP into machines

While looping through an array of the workstations it was possible that some of them would be disconnected from the network. I added code to allow me to log any workstation that I could not RDP into. I also added code to save my username and password, but you could make that more secure and not save that in your script.

$LogFile = "C:\workstation_unreachables.txt"
$User="XXXXXXXXXXXXXXX"
$Password="XXXXXXXXXXXXXXX"

Function Logfile{
    Param ([string]$logstring)
    Add-content $LogFile -value $logstring
}

for($i=0; $i -lt $ServerArray.Count; $i++){ 
    cmdkey /generic:"$Templogin" /U:$User /pass:$Password
    $temp = $ServerArray[$i] mstsc /v:"$temp" /admin 
    $log = Read-Host -Prompt "Press y to log this computer name
                   Press any other key to continue"
    if ($log -match "y"){
        LogFile "$temp"
    }
}

Run PowerShell as admin

The last item I had to do was run the PowerShell script as an administrator.  I decided to make a batch script for that. This prompted me for admin credentials whenever it was ran.

@ECHO OFF 

PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\gpupdate.ps1""' -Verb RunAs}"

:END
pause

I hope this helps with your admin tasks on your network. If you missed my first post you can read more here. Thank you – Powersjo

How to Loop through AD objects with PowerShell

While at work, I came across the problem of ‘You don’t own the network but you must deploy and administer the network’. That’s when I had the idea to employ PowerShell scripts and Batch files. When you are given tier 2 admin access to only a particular OU and not full admin access to the whole domain, these scripts might help you ensure your workstations stay up to date. How did I loop through AD objects with PowerShell?

Grab list from Active Directory

In order to loop through multiple active directory objects, I made the choice to grab all the objects in an OU and put them in a text file. To do this I ran a simple windows command in a batch file. Use the command ‘DSQUERY COMPUTER’.
For each OU, start at the top level OU and dive into the final OU.
For the Domain Controller (DC), start at your top level domain (example: blog) eventually diving into the overall domain (example: com, mil, org, us, etc…)

@echo off

DSQUERY COMPUTER "OU=TOPLEVEL,OU=MIDLEVEL,OU=LOWERLEVEL,OU=FINALLEVEL,DC=BLOG,DC=POWERSJO,DC=COM" -o rdn -limit 1000 > c:\objects.txt

pause

Using an array in PowerShell

$WorkstationArray =
''number1'', “number2”, “number3”

In the array put the list of objects from the batch file. I did this manually but I’m sure there is a way to automate it.

Loop through an array in PowerShell

for($i=0; $i -lt $WorkstationArray.Count; $i++){
$temp = $WorkstationArray[$i]
Write-Output "Initiate reboot for: " $temp
Restart-Computer -ComputerName $temp -Force
}

In the above loop I reference each workstation and initiate a restart of each one. If you use ‘-Force’, even when a user is logged in the workstation will restart.

In the next blog post I will post my method of running ‘gpupdate’, initiating RDP and running the PowerShell scripts as an administrator with batch files.