gpupdate and RDP with PowerShell

How to gpudate and RDP with PowerShell

In my first PowerShell post, I described running into the issue of maintaining a network where you do not have all admin permissions. A second issue that I ran into was how to gpupdate and RDP with PowerShell.  Updates were pushed out from group policy but machines were not pulling them and staying up to date. How I forced gpupdate was a lot like how I forced remote reboots with PowerShell.

for($i=0; $i -lt $WorkstationArray.Count; $i++){
     $temp = $WorkstationArray[$i]
     Write-Output "Initiate gpupdate for: " $temp
     Invoke-GPUpdate -Computer $temp
}

Loop through an array and RDP into machines

While looping through an array of the workstations it was possible that some of them would be disconnected from the network. I added code to allow me to log any workstation that I could not RDP into. I also added code to save my username and password, but you could make that more secure and not save that in your script.

$LogFile = "C:\workstation_unreachables.txt"
$User="XXXXXXXXXXXXXXX"
$Password="XXXXXXXXXXXXXXX"

Function Logfile{
    Param ([string]$logstring)
    Add-content $LogFile -value $logstring
}

for($i=0; $i -lt $ServerArray.Count; $i++){ 
    cmdkey /generic:"$Templogin" /U:$User /pass:$Password
    $temp = $ServerArray[$i] mstsc /v:"$temp" /admin 
    $log = Read-Host -Prompt "Press y to log this computer name
                   Press any other key to continue"
    if ($log -match "y"){
        LogFile "$temp"
    }
}

Run PowerShell as admin

The last item I had to do was run the PowerShell script as an administrator.  I decided to make a batch script for that. This prompted me for admin credentials whenever it was ran.

@ECHO OFF 

PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\gpupdate.ps1""' -Verb RunAs}"

:END
pause

I hope this helps with your admin tasks on your network. If you missed my first post you can read more here. Thank you – Powersjo

How to loop through AD objects with PowerShell

How to Loop through AD objects with PowerShell

While at work, I came across the problem of ‘You don’t own the network but you must deploy and administer the network’. That’s when I had the idea to employ PowerShell scripts and Batch files. When you are given tier 2 admin access to only a particular OU and not full admin access to the whole domain, these scripts might help you ensure your workstations stay up to date. How did I loop through AD objects with PowerShell?

Grab list from Active Directory

In order to loop through multiple active directory objects, I made the choice to grab all the objects in an OU and put them in a text file. To do this I ran a simple windows command in a batch file. Use the command ‘DSQUERY COMPUTER’.
For each OU, start at the top level OU and dive into the final OU.
For the Domain Controller (DC), start at your top level domain (example: blog) eventually diving into the overall domain (example: com, mil, org, us, etc…)

@echo off

DSQUERY COMPUTER "OU=TOPLEVEL,OU=MIDLEVEL,OU=LOWERLEVEL,OU=FINALLEVEL,DC=BLOG,DC=POWERSJO,DC=COM" -o rdn -limit 1000 > c:\objects.txt

pause

Using an array in PowerShell

$WorkstationArray =
''number1'', “number2”, “number3”

In the array put the list of objects from the batch file. I did this manually but I’m sure there is a way to automate it.

Loop through an array in PowerShell

for($i=0; $i -lt $WorkstationArray.Count; $i++){
$temp = $WorkstationArray[$i]
Write-Output "Initiate reboot for: " $temp
Restart-Computer -ComputerName $temp -Force
}

In the above loop I reference each workstation and initiate a restart of each one. If you use ‘-Force’, even when a user is logged in the workstation will restart.

In the next blog post I will post my method of running ‘gpupdate’, initiating RDP and running the PowerShell scripts as an administrator with batch files.

VMCE v9.5 Study Guide

The Veeam Certified Engineer (VMCE) V9.5 Study Guide.

Below is an incomplete list of study material I used for my VMCE Study Guide. This guide may not be up to date on the latest version of Veeam.

After going through the test and passing I wanted to share my experience for others out there to gauge what their experience will be. The test covered 11 sections:

  • Overview of Veeam Products
  • Deployment
  • Initial Configuration
  • Protect
  • Verification
  • Entire VM Recovery
  • Objects Recovery
  • Advanced Data Protection
  • Veeam ONE Features and Functionality
  • Product Editions
  • Troubleshooting
VMCE Study Guide Overview:

The test was 50 questions and you needed a 70% minimum to pass.  I got 70 minutes to take the exam.  Overall, I am not a good test taker.  I needed the 70 minutes to look over my answers again and think through some questions that I flagged.

Before the test I used various resources to study and prep. Aside from the book that Veeam provides for the course, this guide here got me started with practice tests.  I found the test from rhyshammond.com the most helpful because it gave the answers to questions and even had some references on answers you got wrong with links to documentation. Very well done!

I work with Veeam every day since my work uses / offers Veeam as a cloud services provider. Even with my daily exposure to Veeam I needed to study to learn about the offerings I don’t use on a daily basis. Example: Hyper-V vs. VMware configurations, different backup methods, vendor storage directly compatible with Veeam, vendor monitoring that integrates with Veeam and so on.

Finally, I would say don’t underestimate the exam. Study well and give yourself time to learn the parts of Veeam that you don’t work with all the time.  I hope the rest of my referenced material helps push you towards your certification!

List of supported storage compatible with Veeam Backup, reference:

  • EMC (Dell)
    • Dell EMC VNX
    • Dell EMC VNX2
    • EMC VNXe
  • Hewlett Packard Enterprise (HPE)
    • HPE 3PAR StoreServ
    • HPE StoreVirtual
    • StoreVirtual VSA
  • NetApp
    • NetApp FAS
    • FlexArray (V-Series)
    • NetApp Data ONTAP Edge VSA
    • IBM N series
  • Nimble Storage
    • CS-Series
    • AF Arrays
Things to know:

See my list of Veeam extensions here:

In order to use the predefined tests (Heartbeat, Ping, Application) for a VM you must have VMware tools or Hyper-V integration services installed on the VM.  You can also run custom scripts.

Veeam explorers datasheet here:

If you plan on using ‘extreme compression’ Veeam recommends using a proxy that has at least 6 modern CPU cores.

Another item is new compression settings are applied at the next run of a job. New deduplication settings are applied after a new active full backup is created.

WAN accelerators must be installed on 64 bit Windows machines with a recommended minimum 8GB of RAM.

SureBackup recovery verification configurations: Basic (one network) and Advanced (two or more networks) single host virtual lab.

Also, SureReplica recovery verification configurations: Single host basic (one network) and advanced (two or more networks) virtual lab. Also advanced (one or more networks, must reside in one datacenter) multi-host virtual lab. (SureReplica is only available with VMware)

Finally, Veeam supports these de-duplicating storage appliances: EMC Data Domain, ExaGrid, HPE StoreOnce.

Memorize these:

The five benefits of Veeam are:

  • High-Speed Recovery
  • Data Loss Avoidance
  • Verified Recoverability
  • Leveraged Data
  • Complete Visibility

Additionally, the Veeam Support Response times.

Severity Production Support Basic Support
1 1 hour 2 hours
2 3 hours 8 business hours
3 6 hours 12 business hours
4 8 hours 24 business hours