Get a list of users logged on a list of servers – Powershell

This post will show you how to get a list of users logged on a list of servers (or a specific server) and how to format the output in order to work with it, in Powershell.

Specifically, we will leverage quser, let’s see a quick example on how to query the current user sessions on a remote server.

The above command, will look like this.

quser_simple-example

This is just text however. If we were to assign that result into a variable (with Invoke-Command for instance), it’ll still be unmanageable. We can work with -Replace and with ConvertFrom-Csv in order to get this output to look decent.

Just for the sake of showing every step, the code below will first grab the list of sessions on a remote server and then use the -Replace and the ConvertFrom-Csv.

We’re not out of the woods yet, but here’s how the output looks like now.quser_output-converted-from-csv-after-replace

I’ve added some color to show you what the problem is at the minute. The output in green is good and it’ll always be good as long as the session is Active. The ones in yellow though have their values shifted up. That’s because SESSIONNAME doesn’t exist and so converting it to CSV shifted all values up.

To fix this, we just need the script to identify all sessions where SESSIONNAME isn’t like “console” and not like “rdp-tcp*“. When this is the case (like in the yellow sessions in the screenshot above), then we need to shift the values and we’re done! So, SESSIONNAME will have to be empty, the ID will match SESSIONNAME, the STATE will match the ID and so on. (more…)

Read More

Building a runbook with Powershell and Telegram

In this article, we will go through building a runbook with Powershell and Telegram to allow us to interact with the script with just a message.

If you haven’t read it yet, have a look at Automating Telegram Messages with Powershell – In there, I build a simple script that helps me interact with users members of a Telegram group. That article has the core of what I’m about to show you now and will also explain how to get a Telegram Bot setup.

So in this specific example, we will build a very simple runbook with Powershell that will integrate with Telegram: this will allow us to “talk” to our powershell script with just a Telegram message. What’s cool about the below, is that you can keep adding “switches” to increase the amount of tasks the script can perform. What’s even cooler is that the script below will allow you to run powershell with a Telegram message and get the output on your phone! In other words, I can tell the script to run whatever command I want. 🙂

Here’s an example of me messaging the Telegram bot with “run get-childitem -path c:\users” and the result (screenshot taken from the web interface of Telegream, but it’s the same on your phone):

Telegram-simple-runbook-example

The script leverages a “Switch” to handle multiple IFs and specifically, it’ll will follow this flow:

  • Check for any new Message in the Telegram conversation, in a loop.
    • Note: To be safe, when the script starts up, it’ll ignore the last message sent, and will be listening for any new message right after that.
    • To perform this, I used the Message Timestamp that is in Telegram’s json ($LastMessage.message.date).
  • If a new Message has been received, check with a Switch if the message contains either “run *” and “quit_script”.
    • If it contains “run *” (example: run Get-ChildItem -Path C:\), it’ll split the string received and run the command in powershell.
    • If the message is “quit_script”, it’ll exit the script running on the computer.
    • If it doesn’t contain anything like that (example: Hello), it’ll tell the user that the script doesn’t understand that command.

(more…)

Read More

Create a Powershell Web Application

How to create a Powershell Web Application? This article will give you some guidelines on how to deploy a very simple web application that leverages Powershell and if you follow it completely, you’ll be able to have a fully functional web application.

This is a very important instrument, especially when our goal is to automate as much as possible the environment and repetitive tasks or offload a 2nd or 3rd level task to a 1st level representative. You could build a web application to check permissions for a specific shared folder (I’ve done that successfully) or you could deploy an app that would check the current top 10 RAM processes being used on a remote server (super handy to hand off to a 1st level support team who many have no access to the server) and so on.

Please see the final notes at the end of this article.

Prerequisites

You will need Visual Studio to follow this.

Creating a new Project

  • Click on File > New > Project
    • visual-studio_create-new-project
  • Select Installed > Templates > Visual C# > Web and click ASP .NET Web Application (.NET Framework). Give it a name (ITDropletsPowershell in the example).
    • visual-studio_create-new-asp.net-web-application
  • Since we want to start with a clean solution, let’s select “Empty” and click OK.
    • visual-studio_create-new-asp.net-web-application-EMPTY

(more…)

Read More

Automating Telegram Messages with Powershell

In this post I will go through automating Telegram Messages with Powershell, including a full script as an example.

Truth to be told, I’ve installed, and first used, Telegram about 3 hours before writing this post, but I saw so much potentials that I couldn’t wait to publish this. Consider also that I was actually after something similar for WhatsApp, but there’s no official API from them yet.

So because I’m such a noob here, I will actually go through the steps I’ve followed to get a Bot configured to work. Note that a Bot is an easier way to handle this sort automation, but if you’re an advanced user, you could look directly into Telegram’s API which will be way more flexible.

What can I actually use this for?

Well, of course you can just do it for fun and be able to send a message via powershell. But that’d be wasting this great potential. If I look out of the box, I see a possibility to build a (cheap) notification system and/or a (cheap) runbook system.

For example, imagine that you’ve got a script running that right now sends you an email once done just to tell you that the script has finished in 30 minutes. Why an email? Isn’t it handier having an actual push-notification on your phone telling you that?

Let’s think bigger, you’re deploying a new Virtual Machine with an automated script and, besides sending you a report via email, you want to know when it’s done so that you perhaps can go and work on the VM you just deployed, without continuously checking the status of the deployment. Or imagine adding a simple Message after an SCCM Task Sequence has been completed or even just use it to alert in case of a low disk space etc.

Now, what I like the most, what if Powershell can read what we’re writing into that conversation and based on that take actions? Like a runbook. Example: you write “Restart-Computer”. The PS script  could have a part of the code that checks every X amount of time if somebody wrote something and if they did, it checks the message. If the message equals to “Restart-Computer” then go and restart the computer. This is a very basic example, but it contain the core of what this can be used for.

Based on this idea, I actually build a very simple runbook automation script to leverage a Telegram message. Check it out here: Building a runbook with Powershell and Telegram

In the example at the end of this article I will be showing you how to send a message to a Telegram group and a possible action take after somebody replies with a specific keyword.

Set a Bot up

I suggest you to use a computer after step 1 as it’s going to be a bit faster in my opinion. This first bit is super simple.

  1. The first thing you want to do is register with Telegram if you haven’t done it yet. To do that, just go and download the app from the store (depending on what smartphone you’ve got).
  2. Launch the BotFather by opening this link: https://telegram.me/botfather
    • Start a conversation with the BotFather by typing /newbot – This will start the Bot creation wizard.
    • At this point, you will be asked to provide a Friendly name and a username. Once that is done, you will be provided with the token to be used in our scripts.
    • Telegram_botfather_create-bot

Time to intercept the Chat ID and run a quick test

So, in order for us to leverage the Bot to send a message, we will need to get the Chat ID of the conversation we want the Bot to talk/listen in. (more…)

Read More

Searching a GPO for a specific setting with Powershell

Searching a GPO for a specific setting with Powershell is a pretty simple task to perform and it’s really handy when you need to go through a ton of policies or domains in the forest. The script I’ll propose below is very basic and will only require you to input the Domain and the string you want to be searching.

Prerequisites

  • You must be able to have enough permission to access all GPOs in the environment. Searching in a domain where you can only see a part of GPOs is sort of useless as the setting you’re after might not be visible with your rights. Perhaps this is good enough for you.
  • You must have the Group Policy Management feature installed.
    • Windows Client
      • Turn Windows features on or off >> Remote Server Administration Tools >> Feature Administration Tools >>Group Policy Management Tools.
    • Windows Server
      • Enable the Group Policy Management feature.

This is not a prerequisite, but I strongly suggest you to run this from a machine as close as possible to a Domain Controller. In a large environment it’ll take a long time to run, if ran on a slow link.

Searching a GPO for a specific setting with Powershell – The script.

In the example below, I’m searching for “Windows Defender Firewall” for the domain idroplets.com.

Here’s an example of what happens when the script finds what you’re looking for:

Search-GPO-for-Specific-String-Powershell_Example

If you want to use this on your one, modify the first two lines by adding the domain and the string you want to look for.

Script Review

After the first two variables to be input by the user, the script will try to get the nearest Domain Controller from where the its being executed. This is extremely handy to avoid to go to talk to a Domain Controller on a slower network.
It then gets a list of all GPOs in the domain and sort them by their DisplayName. This is important as the script will then go through them all alphabetically and you’ll can see them as they’re displayed in the GUI without going crazy.
For each GPO found, the script will get a report for it and will finally try to match the string you’re looking for. If it’s found, it’ll write down, in green, that the GPO has been found and will return more info such as the GPO ID and its Status.

Read More