Scripting – Page 4 – A Geeks World

List all VM’s with a Dynamic MAC Address

Short, simple script to list all VM’s which has NIC’s with a Dynamic MAC Address set.

# Get all VM's from Localhost (change to SCVMM Server if running remote) 
$AllVMS = Get-SCVirtualMachine -VMMServer localhost
$DynamicVMs = @()

# For each VM, check Virtual Network Adapters if Mac = Dynamic. 
foreach ($vm in $AllVMS ) {
   $vmnics = $vm | Get-SCVirtualNetworkAdapter
     if ($vmnics.MACAddressType -eq "Dynamic") {     
     $DynamicVMs += $vm.Name
     }
   }

# List all VM's with a Dynamic Mac address. 
$DynamicVMs | Sort-Object
Write-Output "--------"
$DynamicVMs.Count

# Get all VM's from Localhost (change to SCVMM Server if running remote)

$AllVMS = Get-SCVirtualMachine -VMMServer localhost

$DynamicVMs = @()

# For each VM, check Virtual Network Adapters if Mac = Dynamic.

foreach ($vm in $AllVMS ) {

$vmnics = $vm | Get-SCVirtualNetworkAdapter

if ($vmnics.MACAddressType -eq "Dynamic") {

$DynamicVMs += $vm.Name

}

# List all VM's with a Dynamic Mac address.

$DynamicVMs | Sort-Object

Write-Output "--------"

$DynamicVMs.Count

It will give a list of all VM’s and the number of VM’s in that list.
Small, simple and efficient.

Controlling my intrusion detection system (alarm) via Powershell!

I’ve recently invested in a alarm for my house, after quite a lot of research i finally went for Siemens SPC 5320 for all the cool features, it feels like one of the most modern alarms out there. As it can be controlled from the web, smartphone applications for iphone and android, usb, ethernet (ip) etc etc.

It’s more of a high-risk enterprise alarm, than a residence alarm as it got Grade 3 (and can have up to Grade 5) classification, making it usable for Banks and other high-risk objects, or to protect my geek lair (man-cave), son’s hideout, my wife’s gym, bedroom, the kitchen and other areas, also known as our home.

Another reason I bought that specific alarm is that a Swedish company called Lundix has recently released a Gateway that can talk with the Alarm and connect it to other systems. Or just execute things when specific triggers happen in the alarm. Like send a mail (to specific persons) when the Alarm goes off, or maybe notice the parents when a specific person arms or unarms the alarm, ie leaves and gets home from school.
It’s even possible to get noticed if that’s done outside the normal hours. For example if personnel in the store is late unarming the alarm, or arms it too early…

Summary: The SPC Web Gateway is providing a generic open web interface to Siemens SPC panels. The interface will simplify SPC integration with third party applications and products such as Home and Building Automation Systems, Smartphone Apps and Web applications. The Web API is using HTTP and REST principles (RESTful) for requests to SPC panel and WebSocket to reporting events from the SPC panel

And as the Gateway talks REST and WebSocket, it makes it possible to use Powershell! Looks how easy, cool, and smoth it is;

Next step is to add it to the new-user-creation workflow. So when a new user is created in AD, it will also create a user in the Alarm, generate a random PIN code and include that information in the Welcome Mail and SMS sent to new users.

Or possibly initiate a company wide erase of confidential data, in case of a Alarm. Anyone who can see that going wrong and causing problems? Especially as I saw some figures stating that more than 90% of all Alarms are false due to user error or indicator faults.

Well, I’ve just started playing around with it and if there is interest I’ll keep you posted on my progress and different automation scenarios i setup.

List and Remove Corrupted files reported by Data Deduplication with Powershell

I’ve been copying 7TB of data in about 100.000 files from an old fileserver to the new one, but I just noticed that some of the files are corrupted! Gahhh…

Chkdsk found some issues, but didn’t solve the problem. As this server is running Windows Server 2012 R2 with Data Deduplication I decided to have a look at that.

Yeah, unfortunately a lot of corrupted files with EventID 12800

Log Name:      Microsoft-Windows-Deduplication/Scrubbing
Source:        Microsoft-Windows-Deduplication
Date:          5/16/2014 11:11:10 AM
Event ID:      12800
Task Category: Data Deduplication Scrubbing Task
Level:         Error
Keywords:      Reporting
User:          SYSTEM
Description:
Data Deduplication service detected corruption in "Drive:\PATH\FILE.Name". The corruption cannot be repaired.

Log Name: Microsoft-Windows-Deduplication/Scrubbing

Source: Microsoft-Windows-Deduplication

Date: 5/16/2014 11:11:10 AM

Event ID: 12800

Task Category: Data Deduplication Scrubbing Task

Level: Error

Keywords: Reporting

User: SYSTEM

Description:

Data Deduplication service detected corruption in "Drive:\PATH\FILE.Name". The corruption cannot be repaired.

So Data Deduplication is reporting a lot of corrupted files, and this error message didn’t really make me any happier.

Log Name:      Microsoft-Windows-Deduplication/Operational
Source:        Microsoft-Windows-Deduplication
Date:          5/21/2014 8:00:16 PM
Event ID:      4105
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Description:
Data Deduplication error: Unexpected error.


Operation:
   Add a merged target chunk store container.
   Reconciling duplicate chunks in the chunk store.
   Running the deduplication job.

Context:
   File name: \\?\Volume{d44b1e9d-922f-46b7-965b-05d184cc6b74}\System Volume Information\Dedup\ChunkStore\{D2110CC9-B0D2-4F6A-B391-0680AE13C77B}.ddp\Stream\002b0000.00000002.ccc
   File name: \\?\Volume{d44b1e9d-922f-46b7-965b-05d184cc6b74}\System Volume Information\Dedup\ChunkStore\{D2110CC9-B0D2-4F6A-B391-0680AE13C77B}.ddp\Stream\002b0000.00000001.ccc
   Chunk store: \\?\Volume{d44b1e9d-922f-46b7-965b-05d184cc6b74}\System Volume Information\Dedup\ChunkStore\{D2110CC9-B0D2-4F6A-B391-0680AE13C77B}.ddp\Stream
   Volume name: E: (\\?\Volume{d44b1e9d-922f-46b7-965b-05d184cc6b74}\)

Log Name: Microsoft-Windows-Deduplication/Operational

Source: Microsoft-Windows-Deduplication

Date: 5/21/2014 8:00:16 PM

Event ID: 4105

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Description:

Data Deduplication error: Unexpected error.

Operation:

Add a merged target chunk store container.

Reconciling duplicate chunks in the chunk store.

Running the deduplication job.

Context:

File name: \\?\Volume{d44b1e9d-922f-46b7-965b-05d184cc6b74}\System Volume Information\Dedup\ChunkStore\{D2110CC9-B0D2-4F6A-B391-0680AE13C77B}.ddp\Stream\002b0000.00000002.ccc

File name: \\?\Volume{d44b1e9d-922f-46b7-965b-05d184cc6b74}\System Volume Information\Dedup\ChunkStore\{D2110CC9-B0D2-4F6A-B391-0680AE13C77B}.ddp\Stream\002b0000.00000001.ccc

Chunk store: \\?\Volume{d44b1e9d-922f-46b7-965b-05d184cc6b74}\System Volume Information\Dedup\ChunkStore\{D2110CC9-B0D2-4F6A-B391-0680AE13C77B}.ddp\Stream

Volume name: E: (\\?\Volume{d44b1e9d-922f-46b7-965b-05d184cc6b74}\)

Hopefully this quick and dirty powershell script that I just wrote can help you too.
As I still had the working fileserver with working files available, I decided to just delete all corrupted files with this script.

$corrupted = Get-WinEvent -LogName Microsoft-Windows-Deduplication/Scrubbing | where ID -EQ "12800" 

$msg = $corrupted | select Message 
$file = $msg -replace ". The corruption cannot be repaired.}",""
$files = $file -replace "@{Message=Data Deduplication service detected corruption in ",""

foreach ($file in $files) {
  Get-Item ($file.Remove(0,1) -replace ".$") | Remove-Item
}

$corrupted = Get-WinEvent -LogName Microsoft-Windows-Deduplication/Scrubbing | where ID -EQ "12800"

$msg = $corrupted | select Message

$file = $msg -replace ". The corruption cannot be repaired.}",""

$files = $file -replace "@{Message=Data Deduplication service detected corruption in ",""

foreach ($file in $files) {

Get-Item ($file.Remove(0,1) -replace ".$") | Remove-Item

}

And then ran a robocopy script to recopy everything (it will skip any files that already exists making it a quite fast process).
robocopy /mir /copyall /r:1 /w:1 \\source\path \\destination\path

Updated 2014-05-22 16:22: Added a full delete and copy script, which is a bit better written;

$corrupted = Get-WinEvent -LogName Microsoft-Windows-Deduplication/Scrubbing | where ID -EQ "12800" | Sort-Object -Property Message

$sourcedir="\\server\share$\"

foreach ($entry in $corrupted) {
#  Write-Output $entry
   $file = "$((($entry | select -ExpandProperty Properties)[4]).value)$((($entry | select -ExpandProperty Properties)[5]).value)$((($entry | select -ExpandProperty Properties)[6]).value)" 
   write-output "Deleting file: $file" 
   Get-Item $file -ErrorAction SilentlyContinue | Remove-Item -Force
   write-output "Copying file: $file" 
   Copy-Item "$($sourcedir)$((($entry | select -ExpandProperty Properties)[5]).value)$((($entry | select -ExpandProperty Properties)[6]).value)" -Destination $file -Force 
}

$corrupted = Get-WinEvent -LogName Microsoft-Windows-Deduplication/Scrubbing | where ID -EQ "12800" | Sort-Object -Property Message

$sourcedir="\\server\share$\"

foreach ($entry in $corrupted) {

# Write-Output $entry

$file = "$((($entry | select -ExpandProperty Properties)[4]).value)$((($entry | select -ExpandProperty Properties)[5]).value)$((($entry | select -ExpandProperty Properties)[6]).value)"

write-output "Deleting file: $file"

Get-Item $file -ErrorAction SilentlyContinue | Remove-Item -Force

write-output "Copying file: $file"

Copy-Item "$($sourcedir)$((($entry | select -ExpandProperty Properties)[5]).value)$((($entry | select -ExpandProperty Properties)[6]).value)" -Destination $file -Force

}

Script for importing existing VMs into Azure Pack

As you start working with Azure Pack, you probably realize that you have a lot of existing VM’s that you would like to import into Azure Pack, and by that be able to use them just as you can handle all new ones?

All that’s needed for that, is to set the correct AzurePack user as the owner and SelfServicUuser on that Virtual Machine. And of course, have the machine in the correct “Cloud”.

Here is a small script which will help you out by;

Asking in a Grid View, which Cloud you would like to import a machine in.
Ask which user that should be the new owner of this VM.
Let you pick, which VM from the Cloud you would like to import.

As we have multiple clouds, and users can have multiple subscriptions, I chose to make the script use GridView, to minimize the risk for human errors (typos).

# You have to set your SCVMM server and use -ForOnBehalfOf to make use of SPF. 
$SCVMMSERVER = Get-SCVMMServer -ComputerName YOUR.SCVVM.SERVER.FQDN -ForOnBehalfOf 

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | Out-GridView -Title "Select Cloud" -PassThru).Name
$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name -Replace "_.+","" | Out-GridView -PassThru -Title "Select User" 
$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser* 
$SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name | Out-GridView -Title "Select VM" -PassThru).Name)

Set-SCVirtualMachine -VM $SCVM –UserRole $vmselfserviceuserrole –Owner $SCUser

# You have to set your SCVMM server and use -ForOnBehalfOf to make use of SPF.

$SCVMMSERVER = Get-SCVMMServer -ComputerName YOUR.SCVVM.SERVER.FQDN -ForOnBehalfOf

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | Out-GridView -Title "Select Cloud" -PassThru).Name

$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name -Replace "_.+","" | Out-GridView -PassThru -Title "Select User"

$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser*

$SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name | Out-GridView -Title "Select VM" -PassThru).Name)

Set-SCVirtualMachine -VM $SCVM –UserRole $vmselfserviceuserrole –Owner $SCUser

SCVMM : Automatic Baseline update script

SCVMM (System Center: Virtual Machine Manager) 2012 and 2012R2 can manage the patch compliance on your servers. That’s a great feature but normally involves some manual work as you have to add each update to the Baselines manually.

My colleague Mikael Nyström (MVP) made a script to handle this automatically, which I’ve developed a bit further.

<#
.Synopsis
   Script to automatically keep SCVMM Baselines in sync with WSUS 
.DESCRIPTION
   Script that synchronizes WSUS Updates with SCVMM, both adding new updates and removes old inactive updates. 
.EXAMPLE
   Update-BaseLineUpdates $Baselinename

# Author
Current Author, Markus Lassfolk @Truesec 
Original Author, Mikael Nyström @Truesec 

# Version 1.2
  Markus Lassfolk 
 - Added section to remove inactive updates 

# Version 1.0 
  Markus Lassfolk 
 - Initial Release 

# Version 0.5 
  Mikael Nyström 

#>

Function Update-BaseLineUpdates{
Param
 (
 [Parameter(Mandatory=$false,
 ValueFromPipeline=$true,
 ValueFromPipelineByPropertyName=$true,
 ValueFromRemainingArguments=$false,
 Position=0)]
 [String]
 $BaseLineName
 )
$baseline = Get-SCBaseline -Name $BaseLineName

# Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -RemoveUpdates $baseline.Updates
write-host $baseline.UpdateCount : Current number of Updates in Baseline $BaseLineName

$addedUpdateList = ""
$addedUpdateList = @()

if ($baseline.UpdateCount -eq 0) { 
        write-host "No previous updates in" $BaselineName", adding all existing updates for" $BaseLineName "from WSUS"  
        $addedUpdateList += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "True" | Where-Object -Property IsDeclined -Like -Value "False"| Where-Object -Property IsExpired -Like -Value "False" | Where-Object -Property IsSuperseded -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"
        write-host $addedUpdateList.Count ": New updates to add in" $Baseline 
        Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -AddUpdates $addedUpdateList -RunAsynchronously
  }

if ($baseline.UpdateCount -gt 0 ) { 
        write-host "Scanning Newest 500 WSUS Updates for matching updates for $BaselineName" 
        $LatestUpdates = Get-SCUpdate -Newest 500 | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "True" | Where-Object -Property IsDeclined -Like -Value "False"| Where-Object -Property IsExpired -Like -Value "False" | Where-Object -Property IsSuperseded -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"
        write-host $LatestUpdates.Count ": Updates found, verifying if update(s) already exist in" $BaseLineName 

        Compare-Object -ReferenceObject $baseline.Updates -DifferenceObject $LatestUpdates -IncludeEqual | % {
        if($_.SideIndicator -eq '=>') { $addedUpdateList += Get-SCUpdate -ID $_.inputobject.id } 
        }

    write-host $addedUpdateList.Count : New updates to be added to SCVMM for $BaseLineName 
    write-host $addedUpdateList | ft
    Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -AddUpdate $addedupdateList -RunAsynchronously 
    }

    write-host "Scan WSUS for Updates that should not be Checked anymore" 
    $remove = ""
    $remove = @()
    $removeUpdateList = ""
    $removeUpdateList = @()

    $remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"
    $remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsDeclined -Like -Value "True"| Where-Object -Property Products -like "*Windows Server 2012*"
    $remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsExpired -Like -Value "True" | Where-Object -Property Products -like "*Windows Server 2012*"
    $remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsSuperseded -Like -Value "True" | Where-Object -Property Products -like "*Windows Server 2012*"

    write-host $remove.count "Remove Unapproved/Superseded/Expired/Declined updates" 

        Compare-Object -ReferenceObject $baseline.Updates -DifferenceObject $remove -IncludeEqual | % {
        if($_.SideIndicator -eq '==') { $removeUpdateList += Get-SCUpdate -ID $_.inputobject.id } 
        }

    Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -RemoveUpdates $RemoveupdateList 
}

Function Add-BaseLine{
Param
 (
 [Parameter(Mandatory=$false,
 ValueFromPipeline=$true,
 ValueFromPipelineByPropertyName=$true,
 ValueFromRemainingArguments=$false,
 Position=0)]
 [String]
 $BaseLineName
 )
$baseline = New-SCBaseline -Name $BaseLineName -Description $BaseLineName
$scope = Get-SCVMHostGroup -Name "All Hosts"
Set-SCBaseline -Baseline $baseline -AddAssignmentScope $scope
$scope2 = Get-SCVMMManagedComputer
ForEach($Server in $scope2){
Set-SCBaseline -Baseline $baseline -Name $baseLine -AddAssignmentScope $Server
}
}

Write-Host "Synchronizing with WSUS Server" 
Get-SCUpdateServer | Start-SCUpdateServerSynchronization 

. Update-BaseLineUpdates "Security Updates"
. Update-BaseLineUpdates "Critical Updates"
. Update-BaseLineUpdates "Updates"
. Update-BaseLineUpdates "Update Rollups"

#. Update-BaseLineUpdates "Definition Updates"
#. Update-BaseLineUpdates "Service Packs"
#. Update-BaseLineUpdates "Feature Packs"

write-host "Start Compliance Scan for all Servers" 
Get-SCVMMManagedComputer | Start-SCComplianceScan

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

.Synopsis

Script to automatically keep SCVMM Baselines in sync with WSUS

.DESCRIPTION

Script that synchronizes WSUS Updates with SCVMM, both adding new updates and removes old inactive updates.

.EXAMPLE

Update-BaseLineUpdates $Baselinename

# Author

Current Author, Markus Lassfolk @Truesec

Original Author, Mikael Nyström @Truesec

# Version 1.2

Markus Lassfolk

- Added section to remove inactive updates

# Version 1.0

Markus Lassfolk

- Initial Release

# Version 0.5

Mikael Nyström

Function Update-BaseLineUpdates{

Param

(

[Parameter(Mandatory=$false,

ValueFromPipeline=$true,

ValueFromPipelineByPropertyName=$true,

ValueFromRemainingArguments=$false,

Position=0)]

[String]

$BaseLineName

)

$baseline = Get-SCBaseline -Name $BaseLineName

# Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -RemoveUpdates $baseline.Updates

write-host $baseline.UpdateCount : Current number of Updates in Baseline $BaseLineName

$addedUpdateList = ""

$addedUpdateList = @()

if ($baseline.UpdateCount -eq 0) {

write-host "No previous updates in" $BaselineName", adding all existing updates for" $BaseLineName "from WSUS"

$addedUpdateList += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "True" | Where-Object -Property IsDeclined -Like -Value "False"| Where-Object -Property IsExpired -Like -Value "False" | Where-Object -Property IsSuperseded -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"

write-host $addedUpdateList.Count ": New updates to add in" $Baseline

Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -AddUpdates $addedUpdateList -RunAsynchronously

}

if ($baseline.UpdateCount -gt 0 ) {

write-host "Scanning Newest 500 WSUS Updates for matching updates for $BaselineName"

$LatestUpdates = Get-SCUpdate -Newest 500 | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "True" | Where-Object -Property IsDeclined -Like -Value "False"| Where-Object -Property IsExpired -Like -Value "False" | Where-Object -Property IsSuperseded -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"

write-host $LatestUpdates.Count ": Updates found, verifying if update(s) already exist in" $BaseLineName

Compare-Object -ReferenceObject $baseline.Updates -DifferenceObject $LatestUpdates -IncludeEqual | % {

if($_.SideIndicator -eq '=>') { $addedUpdateList += Get-SCUpdate -ID $_.inputobject.id }

}

write-host $addedUpdateList.Count : New updates to be added to SCVMM for $BaseLineName

write-host $addedUpdateList | ft

Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -AddUpdate $addedupdateList -RunAsynchronously

}

write-host "Scan WSUS for Updates that should not be Checked anymore"

$remove = ""

$remove = @()

$removeUpdateList = ""

$removeUpdateList = @()

$remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"

$remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsDeclined -Like -Value "True"| Where-Object -Property Products -like "*Windows Server 2012*"

$remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsExpired -Like -Value "True" | Where-Object -Property Products -like "*Windows Server 2012*"

$remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsSuperseded -Like -Value "True" | Where-Object -Property Products -like "*Windows Server 2012*"

write-host $remove.count "Remove Unapproved/Superseded/Expired/Declined updates"

Compare-Object -ReferenceObject $baseline.Updates -DifferenceObject $remove -IncludeEqual | % {

if($_.SideIndicator -eq '==') { $removeUpdateList += Get-SCUpdate -ID $_.inputobject.id }

}

Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -RemoveUpdates $RemoveupdateList

}

Function Add-BaseLine{

Param

(

[Parameter(Mandatory=$false,

ValueFromPipeline=$true,

ValueFromPipelineByPropertyName=$true,

ValueFromRemainingArguments=$false,

Position=0)]

[String]

$BaseLineName

)

$baseline = New-SCBaseline -Name $BaseLineName -Description $BaseLineName

$scope = Get-SCVMHostGroup -Name "All Hosts"

Set-SCBaseline -Baseline $baseline -AddAssignmentScope $scope

$scope2 = Get-SCVMMManagedComputer

ForEach($Server in $scope2){

Set-SCBaseline -Baseline $baseline -Name $baseLine -AddAssignmentScope $Server

}

Write-Host "Synchronizing with WSUS Server"

Get-SCUpdateServer | Start-SCUpdateServerSynchronization

. Update-BaseLineUpdates "Security Updates"

. Update-BaseLineUpdates "Critical Updates"

. Update-BaseLineUpdates "Updates"

. Update-BaseLineUpdates "Update Rollups"

#. Update-BaseLineUpdates "Definition Updates"

#. Update-BaseLineUpdates "Service Packs"

#. Update-BaseLineUpdates "Feature Packs"

write-host "Start Compliance Scan for all Servers"

Get-SCVMMManagedComputer | Start-SCComplianceScan

The script has a few Pre-Requisites;

A WSUS Server defined in SCVMM
Approved patches for “Windows Server 2012” and “Windows Server 2012 R2” in WSUS
Pre-Defined Baselines (you can use Add-Baseline to create them) with these names;
- Security Updates
- Critical Updates
- Updates
- Update Rollups

That’s it! You can now run the script and automatically import all matching updates.

The following actions will be performed;

Synchronize updates with WSUS
Check if there are any updates in the Baseline already
- If the baseline is empty, import ALL matching updates
- If the baseline is NOT empty, check the Newest 500 updates and import all matching updates
Remove inactive updates
Repeat for all Baselines
Start a compliance scan

The script will not initiate any remediation. And as the script normally only checks the newest 500 updates, it has to be run fairly regular. In my environment, 500 updates is about 1 month of updates. Though to be safe, run it once a week.

Azure Pack : Tenant Site automatic installation

If you want to install Azure Pack : Tenant Site in a distributed installation meaning not an Express installation on just one server. It’s possible to do it manually, OR … of course in a scripted way, so it’s automatic, scripted and unattended. Same result each time and smallest amount of time wasted on installations. Here is a small powershell script that will take care of all the dependencies and install all the packages for the Public Tenant Site.

Import-Module ServerManager
Add-WindowsFeature Web-Server -IncludeManagementTools
# You may have to add -source d:\source\sxs to the following 2 lines. 
# We use a GPO that distributes that source-path to all servers. 
Add-WindowsFeature Web-Asp-Net
Add-WindowsFeature Web-Net-Ext
Add-WindowsFeature Web-Asp-Net45
Add-WindowsFeature Web-Net-Ext45
Add-WindowsFeature Web-ISAPI-Ext
Add-WindowsFeature Web-ISAPI-Filter
Add-WindowsFeature Web-Mgmt-Console
Add-WindowsFeature Web-Basic-Auth
Add-WindowsFeature Web-Windows-Auth
Add-WindowsFeature Web-Dyn-Compression

# Download The following files manually and install them manually, or install with Wep Platform Installer.
# Cloud Cruiser for Azure Pack - Tenant Site Extension
# Windows Azure Pack - Tenant Site
# Windows Azure Pack - Tenant Authentication Site
# Windows Azure Pack - Tenant Public Api
# Some packages will automatically be added as Dependencies

#### Download WEB Platform Installer
# write-host Downloading WebPlatform Installer
# $source = "http://go.microsoft.com/fwlink/?LinkId=255386"
# $destination = "$env:temp\wpilauncher.exe"
# $wc = New-Object System.Net.WebClient
# $wc.DownloadFile($source, $destination)

####Start WEB Platform Installer
# Start-Process -wait -FilePath $destination

# This list of URL's is up to date 2013-11-18 and can be used for Automatic installation.

# Windows Azure Pack - Tenant Site
$source = "http://download.microsoft.com/download/8/7/2/87230A1A-D4CA-4925-B57B-8C27E5BD153C/MgmtSvc-TenantSite.msi"
$destination = "$env:temp\MgmtSvc-TenantSite.msi"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $env:SystemRoot\System32\msiexec.exe -ArgumentList "/i $destination /norestart /passive"

# Windows Azure Pack - Tenant Authentication Site
$source = "http://download.microsoft.com/download/8/7/2/87230A1A-D4CA-4925-B57B-8C27E5BD153C/MgmtSvc-AuthSite.msi"
$destination = "$env:temp\MgmtSvc-AuthSite.msi"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $env:SystemRoot\System32\msiexec.exe -ArgumentList "/i $destination /norestart /passive"

# Windows Azure Pack - Tenant Public Api
$source = "http://download.microsoft.com/download/8/7/2/87230A1A-D4CA-4925-B57B-8C27E5BD153C/MgmtSvc-TenantPublicAPI.msi"
$destination = "$env:temp\MgmtSvc-TenantPublicAPI.msi"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $env:SystemRoot\System32\msiexec.exe -ArgumentList "/i $destination /norestart /passive"

# These will automatically be added as Dependencies
$source = "http://download.microsoft.com/download/8/7/2/87230A1A-D4CA-4925-B57B-8C27E5BD153C/MgmtSvc-ConfigSite.msi"
$destination = "$env:temp\MgmtSvc-ConfigSite.msi"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $env:SystemRoot\System32\msiexec.exe -ArgumentList "/i $destination /norestart /passive"

$source = "http://download.microsoft.com/download/2/F/6/2F63CCD8-9288-4CC8-B58C-81D109F8F5A3/AspNetMVC4Setup.exe"
$destination = "$env:temp\AspNetMVC4Setup.exe"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $destination -ArgumentList "/norestart /passive"

$source = "http://download.microsoft.com/download/2/D/C/2DCA2ADA-AD18-40FC-9F2D-715977CB2FCC/AspNetWebPages2Setup.exe"
$destination = "$env:temp\AspNetWebPages2Setup.exe"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $destination -ArgumentList "/norestart /passive"

$source = "http://download.microsoft.com/download/6/7/D/67D80164-7DD0-48AF-86E3-DE7A182D6815/rewrite_amd64_en-US.msi"
$destination = "$env:temp\rewrite_amd64_en-US.msi"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $env:SystemRoot\System32\msiexec.exe -ArgumentList "/i $destination /norestart /passive"

$source = "http://download.microsoft.com/download/8/7/2/87230A1A-D4CA-4925-B57B-8C27E5BD153C/MgmtSvc-PowerShellAPI.msi"
$destination = "$env:temp\MgmtSvc-PowerShellAPI.msi"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $env:SystemRoot\System32\msiexec.exe -ArgumentList "/i $destination /norestart /passive"

# Cloud Cruiser for Azure Pack - Tenant Site Extension
$source = "https://file.ac/kLa3HIp4zBg/CloudCruiser.AzurePack.TenantSite_v1.0.3.msi"
$destination = "$env:temp\CloudCruiser.AzurePack.TenantSite_v1.0.3.msi"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
Start-Process -wait -FilePath $env:SystemRoot\System32\msiexec.exe -ArgumentList "/i $destination /norestart /passive"

function Disable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
    Stop-Process -Name Explorer
    Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
function Enable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1
    Stop-Process -Name Explorer
    Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
}
function Disable-UserAccessControl {
    Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
    Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green    
}

Disable-InternetExplorerESC
Start-Process -FilePath https://localhost:30101/

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

Import-Module ServerManager

Add-WindowsFeature Web-Server -IncludeManagementTools

# You may have to add -source d:\source\sxs to the following 2 lines.

# We use a GPO that distributes that source-path to all servers.

Add-WindowsFeature Web-Asp-Net

Add-WindowsFeature Web-Net-Ext

Add-WindowsFeature Web-Asp-Net45

Add-WindowsFeature Web-Net-Ext45

Add-WindowsFeature Web-ISAPI-Ext

Add-WindowsFeature Web-ISAPI-Filter

Add-WindowsFeature Web-Mgmt-Console

Add-WindowsFeature Web-Basic-Auth

Add-WindowsFeature Web-Windows-Auth

Add-WindowsFeature Web-Dyn-Compression

# Download The following files manually and install them manually, or install with Wep Platform Installer.

# Cloud Cruiser for Azure Pack - Tenant Site Extension

# Windows Azure Pack - Tenant Site

# Windows Azure Pack - Tenant Authentication Site

# Windows Azure Pack - Tenant Public Api

# Some packages will automatically be added as Dependencies

#### Download WEB Platform Installer

# write-host Downloading WebPlatform Installer

# $source = "http://go.microsoft.com/fwlink/?LinkId=255386"

# $destination = "$env:temp\wpilauncher.exe"

# $wc = New-Object System.Net.WebClient

# $wc.DownloadFile($source, $destination)

####Start WEB Platform Installer

# Start-Process -wait -FilePath $destination

# This list of URL's is up to date 2013-11-18 and can be used for Automatic installation.

# Windows Azure Pack - Tenant Site

$source = "http://download.microsoft.com/download/8/7/2/87230A1A-D4CA-4925-B57B-8C27E5BD153C/MgmtSvc-TenantSite.msi"

$destination = "$env:temp\MgmtSvc-TenantSite.msi"