Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Reset HP ILO password from Esxi server

February 15, 2018 03:24PM

Recently I got some new VMware projects, there HP servers ILO Administrator password were poorly managed and documented. When I took handover I didn't know ILO Administrator passwords for most of the HP servers. I wanted to streamline the the same. As servers were at the remote location and few datacenters were unmanaged by local datacenter operators, I needed a way to remotely set or reset password without restarting them (setting it up while booting).

vmware esxi hp ilo failed login reset administrator password using esxi hponcfg

To relief and perform this task, HP has provided utilities to reset it, it can be downloaded from below url, This VIB file can be installed easily using esxcli command line tool or vmware update manager. This is a HPE Lights-Out Online Configuration utility for esxi.

https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_6be6cedecfee4ffe9f6c808711

VIB installation examples
INSTALLING AND CONFIGURING ESXI EMBEDDED WEB CLIENT
ESXI VIB SOFTWARE INSTALLATION ERROR

hpe hewlate packerd ilo integrated lights out, powershell, drivers vmware esxi server. utilities vsphere, vmware, esxi

First to reset password there need to create a XML file with below information. File can be created using vi tool. If there are difficutlies, simple use notepad and upload file on esxi server using winscp tool.

<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="Administrator" PASSWORD="AnyPassword">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="AnyPassword"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

Once vib software is installed on esxi software, it is installed under path location /opt/hp/tools. cd to the location and keep the xml file in the same location.

how to reset hp ilo password, opt hp tools, reset password vmware esxi, xml reset password, hponcfg

To reset password run command ./hponcfg -f ./resetpw.xml. In the end it shows Script succeeded.

reset password HP ilo on esxi, hponcfg, administrator password integrated lights out password reset remotely

In the last test it on the ILO console.

Hp ILo web page overview hewlett packard, Enterprise, reset password on esxi, vmware vsphere

There are more information can checked using hponcfg utility. 

vmware vsphere esxi hponcfg, hp ilo configuration ip and password reset, commandline, command

Using this utility it is also possible to change IP and DNS information, to use the same copy below text to xml file, it is a great way to automate bulk ILO configuration operation remotely. 

<IP_ADDRESS VALUE = “192.168.34.201”/>
<SUBNET_MASK VALUE = “255.255.255.0”/>
<GATEWAY_IP_ADDRESS VALUE = “192.168.34.254”/>
<DNS_NAME VALUE = “ESXI001ILO”/>
<PRIM_DNS_SERVER value = “192.168.34.11”/>
<DHCP_ENABLE VALUE = “N”/>

Useful Articles
Resolved: HP ILO this page cannot be displayed ERR_SSL_BAD_RECORD_MAC_ALERT
Reset/Restart HP ILO (Integrated Lights-outs) using putty

PART 1 : BUILDING AND BUYING GUIDE IDEAS FOR VMWARE LAB
PART 1 : INSTALLING ESXI ON VMWARE WORKSTATION HOME LAB
PART 1 : INSTALL ACTIVE DIRECTORY DOMAIN CONTROLLER ON VMWARE WORKSTATION

Get the List of installed softwares on remote computers with PowerShell

February 15, 2018 01:59PM

I used to use generally win32_product wmi class to fetch installed software list from remote computer systems. But the problem with it is, It only retrieves the installed applications via MSI, However, this WMI class might not list all the installed softwares that show in Add or Remove Programs, appwiz.cpl. One answer to this issue is to collect data on installed softwares/programs from the registry, (note that not all software inscribe to the registry when they are setup on the windows computer)" https://technet.microsoft.com/en-us/library/ee692772.aspx#EBAA WMI requests on class win32_product are repeatedly slow and can yield up to 1-3 minutes for each machine. It essentially runs every MSI to collect the software data information. This could be exploited very easily. In fact for examples, when you do this for certain Intel driver software you reset the default values. This may conflict with your security policy if they are predefined.

Another option is win32reg_addremoveprogams wmi class, but it comes only when you install SCCM client.

Installed software information is stored in registry under below paths.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

There is one more location, but in most of the cases no application or nothing will be listed there.
HKEY_USERS\User_SID\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

This script is based on my earlier articles and requires Remote Registry service up and running.

Part 1: Powershell: Get registry value data from remote computer
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer

powershell remote registry get information of software remote applications remote softwares

Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

Download script here, This is also available on Github. To use this script copy paste in ps1 file and follow above blogs.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#function Get-InstalledSoftwareInfo {
<#  
  .Synopsis  
    Get installed software information from remote computer.
  .Description  
    This cmdlet Get-InstalledSoftwareInfo will fetch and retrive information from remote and local computer. This requires remote registry service to be running. 
  .Example  
    Get-InstalledSoftwareInfo -ComputerName Server01
     
   This retrives list from computername server01
  .Example
    Get-InstalledSoftwareInfo -ComputerName Server01 | Export-CSV -Path c:\temp\info.csv
    Get-InstalledSoftwareInfo -ComputerName Server01 | ft

    Using pipeline information can be exported to CSV or shows tablewise
  .OutPuts  
    ComputerName DisplayName                                                    DisplayVersion Publisher             InstallDate EstimatedSize   
    ------------ -----------                                                    -------------- ---------             ----------- --------
    Server01     Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030  11.0.61030     Microsoft Corporation 20171225    5.82MB  
    Server01     Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 9.0.30729.6161 Microsoft Corporation 20170820    1.04MB 
  .Notes  
    NAME: Get-InstalledSoftwareInfo
    AUTHOR: Kunal Udapi
    CREATIONDATE: 02 January 2018
    LASTEDIT: 7 January 2017  
    KEYWORDS: Get installed software application information
  .Link  
   #Check Online version: http://kunaludapi.blogspot.com
   #Check Online version: http://vcloud-lab.com
   #Requires -Version 3.0  
  #>
[CmdletBinding(SupportsShouldProcess=$True,
    ConfirmImpact='Medium',
    HelpURI='http://vcloud-lab.com')]
    Param ( 
        [parameter(Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = 'server01' #'.'
    )
    Begin {
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $Computer -Count 2 -Quiet) {
                $RegistryHive = 'LocalMachine'
                $RegistryKeyPath = $('SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', 'SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall')
                $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
                $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
                foreach ($regpath in $RegistryKeyPath) {
                    try {
                        $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                        $key = $reg.OpenSubKey($regpath, $true)
                    }
                    catch {
                        Write-Host "Check permissions on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed
                        Continue
                    }
                    foreach ($subkey in $key.GetSubKeyNames()) {
                        $Childsubkey = $key.OpenSubKey($subkey)
                        $SoftwareInfo = $Childsubkey.GetValueNames()
                        $Displayname = $Childsubkey.GetValue('DisplayName')
                        [Int]$rawsize = $Childsubkey.GetValue('EstimatedSize')
                        $ConvertedSize = $rawsize / 1024
                        $SoftwareSize = "{0:N2}MB" -f $ConvertedSize
                        if ($SoftwareInfo -contains 'DisplayName') {
                            $SoftInfo = [PSCustomObject]@{
                                ComputerName = $Computer
                                DisplayName = $Childsubkey.GetValue('DisplayName')
                                DisplayVersion = $Childsubkey.GetValue('DisplayVersion')
                                Publisher = $Childsubkey.GetValue('Publisher')
                                InstallDate = $Childsubkey.GetValue('InstallDate')
                                EstimatedSize = $SoftwareSize
                                InstallLocation = $Childsubkey.GetValue('InstallLocation')
                                InstallSource = $Childsubkey.GetValue('InstallSource')
                                UninstallString = $Childsubkey.GetValue('UninstallString')
                                RegistryLocation = $Childsubkey.Name
                            }
                            $SoftInfo
                        }
                        $Childsubkey.close()
                    }
                $key.close()
                }
            }
            else {
                Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
#}
#Get-InstalledSoftwareInfo -ComputerName Server01, Member01 | ft

Although if you are using latest PowerShell version 5.x and there is no requirement to gather this information from remote registry, There is by default native command provided Get-Package. It can be easily used with Powershell remoting/ winrm to pull data. This will even get the patches, updates and hotfixes information.

POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS 

microsoft windows powershell 5, desktop version, powershell core, Get-package, msu, msi and install application remotely

Useful Articles
GUI - SETUP AND CONFIGURE POWERSHELL WEB ACCESS SERVER (GATEWAY)
USE POWERSHELL ON MOBILE - SETUP AND CONFIGURE POWERSHELL WEB ACCESS (PSWA)
Powershell Trick : Execute or run any file as a script file
Set Powershell execution policy with Group Policy
Powershell execution policy setting is overridden by a policy defined at a more specific scope

Microsoft Powershell: Delete registry key or values on remote computer

February 6, 2018 02:23PM

Part 1: Powershell: Get registry value data from remote computer
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer

Method 1

Just like my another blog articles on registry I have 3 different methods to delete registry key and values remotely. First method is I created script using.net registry class. To use this script copy paste below given script under $profile file and relaunch the powershell console. No special requirement or configuration required except, remote registry service should be running and you must have appropriate permissions to perform this delete operations on remote server.

Below first script removes/deletes registry key, You can specify multiple ComputerNames and Childkeys. If there are again values and subkeys under childkey they all will be removed. 
Remove-RegistryKeyValue -ComputerName server01, member01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test1, test2

Next step is for deleting registry value names. If there are keys or values not exist on remote computer it shows message in red.
Remove-RegistryKeyValue -ComputerName server01, member01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName start, exp

Microsoft powershell, remove-registrykeyvalue, .net registry openkey, remote registry

Compare before and after registry in the editor. 

Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

Microsoft Powershell, registry editor, delete remove values, key, dword, qword, multi_sz, binary, powershell

Download this script here, It is also available on Github.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
function Remove-RegistryKeyValue {
[CmdletBinding(SupportsShouldProcess=$True,
    ConfirmImpact='Medium',
    HelpURI='http://vcloud-lab.com',
    DefaultParameterSetName='DelValue')]
    Param ( 
        [parameter(ParameterSetName = 'DelValue', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'DelKey', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = '.',

        [Parameter(ParameterSetName = 'DelValue', Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'DelKey', Position=1, ValueFromPipelineByPropertyName=$True)]
        [alias('Hive')]
        [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')]
        [String]$RegistryHive = 'LocalMachine',

        [Parameter(ParameterSetName = 'DelValue', Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'DelKey', Position=2, ValueFromPipelineByPropertyName=$True)]
        [alias('ParentKeypath')]
        [String]$RegistryKeyPath,

        [parameter(ParameterSetName = 'DelKey',Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String[]]$ChildKey,
    
        [parameter(ParameterSetName = 'DelValue',Position=5, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String[]]$ValueName
    )
    Begin {
        $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
        try {
            $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
        }
        catch {
            Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" 
        }
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $Computer -Count 2 -Quiet) {
                try {
                    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                    $key = $reg.OpenSubKey($RegistryKeyPath, $true)
                }
                catch {
                    Write-Host "Check permissions on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed
                    Continue
                }
                switch ($PsCmdlet.ParameterSetName) {
                    'DelValue' {
                        foreach ($regvalue in $ValueName) {
                            if ($key.GetValueNames() -contains $regvalue) {
                                [void]$key.DeleteValue($regvalue)
                            }
                            else {
                                Write-Host "Registry value name $regvalue doesn't exist on Computer $Computer under path $RegistryKeyPath" -BackgroundColor DarkRed
                            }
                        }
                        break
                    }
                    'DelKey' {
                        foreach ($regkey in $ChildKey) {
                            if ($key.GetSubKeyNames() -contains $regkey) {
                                [void]$Key.DeleteSubKey("$regkey")
                            }
                            else {
                                Write-Host "Registry key $regKey doesn't exist on Computer $Computer under path $RegistryKeyPath" -BackgroundColor DarkRed
                            }
                        }
                        break
                    }
                }
            }
            else {
                Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
}

#Remove-RegistryKeyValue -ComputerName server01, member01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test1, test2
#Remove-RegistryKeyValue -ComputerName server01, member01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName start, exp

 


Method 2

As usual like written in the other blogs, This requires again PSRemoting to be enabled. Once everything setup correctly using earlier blog POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS, Use below one liners to delete registry configuration.

Using Invoke-command you can run Remote-Item cmdlet to remove keys remotely. Multiple hostnames can be provided in ComputerNames parameters.
Invoke-Command -ComputerName server01 -ScriptBlock {Remove-Item -Path hklm:\SYSTEM\DemoKey\TestKey100 -Confirm:$false}

Using Remote-ItemProperty cmdlet can remove values remotely.
Invoke-Command -ComputerName server01 -ScriptBlock {Remove-ItemProperty -Path hklm:\SYSTEM\DemoKey\ -Name myValuename -Confirm:$false}

Microsoft windows powershell, enable-psremoting, invoke-command, remove-item, remove-itemproperty, delete registry key and value remotely


Method 3

This is very easy and straight forward method using cmd prompt command Reg to get the task done.

This deletes the childkey and its subkey and values in it.
reg delete \\Server01\HKLM\SYSTEM\DemoKey\test4 /f

This removes single value from registry.
reg delete \\Server01\HKLM\SYSTEM\DemoKey /v Multi /f

reg delete remote registry, registry path, delete registry remotely powershell, command prompt, cmd, dos, regkey win32

Useful Articles
GUI - SETUP AND CONFIGURE POWERSHELL WEB ACCESS SERVER (GATEWAY)
USE POWERSHELL ON MOBILE - SETUP AND CONFIGURE POWERSHELL WEB ACCESS (PSWA)
Powershell Trick : Execute or run any file as a script file
Set Powershell execution policy with Group Policy
Powershell execution policy setting is overridden by a policy defined at a more specific scope

Microsoft Powershell: remotely write, edit, modify new registry key and data value

February 5, 2018 03:34PM

Part 1: Powershell: Get registry value data from remote computer
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer

Recently I had a another requirement to write edit, modify new windows registry keys and value data on remote server using Microsoft PowerShell. Here I have used 3 scripting ways, to perform this task. This is second part of my earlier written script Powershell: Get registry value data from remote computer. This script is written using in powershell using .net registry class. This require remote registry service enabled on remote server and there should be permissions registry. For modification or editing of regedit on localhost run powershell as an administrator. here I am showing 3 methods you can achieve this taks.

Method 1

Microsoft powershell remote registry modify, write, new value key data .net write-registryvalue demo key, registry value name, .net object.png

First command creates sub key (sub folder) on remote computer in selected registry key path. In the parameter RegistryHive you can use 5 values. ClassesRoot, CurrentUser, LocalMachine, Users and CurrentConfig. Computernames can have multiple server names separated with , comma.
Write-RegistryValue -ComputerName RemoteComputer -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test

Next command can be used to create a new value data under the selected registry key path, It can also used to edit existing data changing ValueData. There are 6 value types in registry. String, Binary, DWord, QWord, MultiString and ExpandString. 
Write-RegistryValue -ComputerName RemoteComputer  -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName 'Start' -ValueData 10 -ValueType DWord

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
function Write-RegistryValue {
[CmdletBinding(SupportsShouldProcess=$True,
    ConfirmImpact='Medium',
    HelpURI='http://vcloud-lab.com',
    DefaultParameterSetName='NewValue')]
    Param ( 
        [parameter(ParameterSetName = 'NewValue', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = '.',

        [Parameter(ParameterSetName = 'NewValue', Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=1, ValueFromPipelineByPropertyName=$True)]
        [alias('Hive')]
        [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')]
        [String]$RegistryHive = 'LocalMachine',

        [Parameter(ParameterSetName = 'NewValue', Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=2, ValueFromPipelineByPropertyName=$True)]
        [alias('ParentKeypath')]
        [String]$RegistryKeyPath = 'SYSTEM\CurrentControlSet\Software',

        [parameter(ParameterSetName = 'NewKey',Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ChildKey = 'TestKey',
    
        [parameter(ParameterSetName = 'NewValue',Position=4, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [alias('Type')]
        [ValidateSet('String', 'Binary', 'DWord', 'QWord', 'MultiString', 'ExpandString')]
        [String]$ValueType = 'DWORD',

        [parameter(ParameterSetName = 'NewValue',Position=5, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ValueName = 'ValueName',

        [parameter(ParameterSetName = 'NewValue',Position=6, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ValueData = 'ValueData'
    )
    Begin {
        $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
        try {
            $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
        }
        catch {
            Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" 
        }
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $Computer -Count 2 -Quiet) {
                try {
                    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                    $key = $reg.OpenSubKey($RegistryKeyPath, $true)
                }
                catch {
                    Write-Host "Check access on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed
                    Continue
                }
                switch ($PsCmdlet.ParameterSetName) {
                    'NewValue' {
                        $ValueType = [Microsoft.Win32.RegistryValueKind]::$ValueType
                        $key.SetValue($ValueName,$ValueData,$ValueType)
                        $Data = $key.GetValue($ValueName)
                        $Obj = New-Object psobject
                        $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer
                        $Obj | Add-Member -Name RegistryPath -MemberType NoteProperty -Value "$RegistryKeyPath"
                        $Obj | Add-Member -Name RegistryValueName -MemberType NoteProperty -Value $ValueName
                        $Obj | Add-Member -Name RegistryValueData -MemberType NoteProperty -Value $ValueData
                        $Obj
                        break
                    }
                    'NewKey' {
                        try {
                            if ($key.GetSubKeyNames() -contains $ChildKey) {
                                $Obj = New-Object psobject
                                $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer
                                $Obj | Add-Member -Name RegistryPath -MemberType NoteProperty -Value $RegistryKeyPath
                                $Obj | Add-Member -Name RegistryChildKey -MemberType NoteProperty -Value $Childkey
                                $Obj
                                Continue
                            }
                            [void]$Key.CreateSubKey("$ChildKey")
                        }
                        catch {
                            Write-Host "Not able to create $ChildKey on remote computer name $Computer" -BackgroundColor DarkRed
                            Continue
                        }
                        break
                    }
                }
            }
            else {
                Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
}

#Write-RegistryValue -ComputerName server01, Member01, test, 192.168.33.11, 192.168.33.12, server01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test
#Write-RegistryValue -ComputerName server01, Member01, test -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName 'Start' -ValueData 10 -ValueType DWord

Download this script here. It is also available on Github. To use this script follow below articles.
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

Below is registry screenshot for comparing of created registry, I tested before running script and after the script.

Microsoft powershell, windows remote registry, new key, new registry value name, value data, registry hive


Method 2

Here in this method it is required to setup powershell remoting using POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS. These commands are one-liner. below command creates new SubKey under the given path.
Invoke-Command -ComputerName server01 {New-Item -Path HKLM:\SYSTEM\DemoKey -Name NewKey}

Next one-liner cmdlet executed on remote server and new registry data key created. In the PropertyType parameter use the reg data key type as listed in method 1.
Invoke-Command -ComputerName server01 {New-ItemProperty -Path HKLM:\SYSTEM\DemoKey -PropertyType String -Name Myvalue -Value 'Hello '}

If it is required to edit existing key value use command as below.
Invoke-Command -ComputerName server01 {Set-ItemProperty -Path HKLM:\SYSTEM\DemoKey -Name Myvalue -Value 'Newvalue'}

Microsoft windows powershell, invoke-command new-item new-itemproperty, set-itemproperty, itemtype, propertytype, my value, remote registry, modify new reg key


Method 3

This is another scripting method and doesn't require powershell, normal cmd command can be used with batch scritping.

Creates new registry subkey (subfolder)
REG ADD \\server01\HKLM\SYSTEM\DemoKey\TestKey

Creates new value name and data under provided remote registry path. valid registry types names are little different  and listed as  [ REG_SZ    | REG_MULTI_SZ | REG_EXPAND_SZ | REG_DWORD | REG_QWORD    | REG_BINARY    | REG_NONE ]
REG ADD \\server01\HKLM\SYSTEM\DemoKey /v BinValueName /t REG_BINARY /d ef001a7a

Modify existing value data on remote registry, every this same but /f option is added in the last (force)
REG ADD \\server01\HKLM\SYSTEM\DemoKey /v BinValueName /t REG_BINARY /d 12ac2b9d /f

Windows Powershell command prompt cmd, remote registry, reg add, reg query, reg delete


Method 4

In this last method, although I am not using any scripting but using Group Policy Object, I have created one on Group Policy server and configured and created new registry value. On the remote server wait for default 90 minutes or run gpupdate /force to apply policy.

Group policy object, gpo, new registry update, create, registry key hive, value name, registry typeUseful Blogs
Microsoft Powershell generate random anything (Filename, TempPath, GUID, Password)
How to Install and Use Microsoft PowerShell on Linux

Oneliner Microsoft Powershell Script Get members list from active directory group in excel

January 26, 2018 03:18PM

This is my tiny article on gathering members information from active directory groups using windows PowerShell in very easy, I have used one-liner script earlier for creating bulk ad users, This script will get all the members from group and export it to CSV, This is very handy when providing someone information. I am using 2 methods here to fetch group members information. Both scripts export members to CSV file. Marked values in the orange need to be changed as per your need.

Get-ADGroup Group1 | Get-ADGroupMember | Select-Object Name, SamAccountName, ObjectClass, distinguishedName | Export-Csv C:\Temp\Groupusers.csv

Get-ADGroup Group1 -Properties Members | Select-Object -ExpandProperty Members | Get-ADObject | Select-Object Name, ObjectClass, DistinguishedName |Export-Csv C:\Temp\Groupusers.csv

The best part is any user can fetch this information as needed, users cannot change any information but can retrieve easily but above scripts requires AD modules to be install and import using below URLs, 
Installing, importing and using any module in powershell
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled

microsoft powershell active directory domain controller, ad module, get-adgroup, select-object, get-adobject, group, user, members.png

CSV file can be opened easily in excel.

microsoft powershell active directory domain controller, ad module, excel, csv, get-adgroup, select-object, get-adobject, group, user, members.png

Useful articles
POWERSHELL: INSTALLING AND CONFIGURING ACTIVE DIRECTORY 
POWERSHELL ACTIVE DIRECTORY: ADD OR UPDATE (CHANGE) MANAGER NAME IN ORGANIZATION TAB OF USER
POWERSHELL ACTIVE DIRECTORY: ADD OR UPDATE PROXYADDRESSES IN USER PROPERTIES ATTRIBUTE EDITOR
Powershell one liner: Create multiple user accounts
Active Directory Powershell: Create bulk users from CSV file

Vembu BDR Suite v3.9.0 is now Generally Available and includes Tape Support & Flexible Restores

January 25, 2018 02:13PM

It is greatly significant that data requirements to be backed up and there should be an operative Disaster Recovery strategy in situation of data threat or a catastrophe. Although data stays to raise and there are number of technology providers who proposal better and complete storage methods to businesses, there has not been alternative to the notion of backup. While budgets are a chief issue for businesses, having stable backup strategy to counter data threats and obedient to strict regulatory standards (including the upcoming EU’s GDPR) is necessary. Be it virtual environment backup like VMware Backup, Microsoft Hyper-V Backup or legacy environment backup like Windows Server Backup, Workstation backup, Vembu BDR Suite has been presenting Backup & Recovery with their individual file-system, VembuHIVE thus easing the backup process, storage administration at an extremely reasonable pricing.

Last week, they did publicize the declaration of Vembu BDR Suite v3.9.0 which proposals various features and improvements to encounter the diverse needs of varied IT atmospheres. According to them, the total goal of the new version v3.9.0 is to deliver improvements in terms of Storage, Security, and Data Restoration.

Vembu BDR Suite v3.9.0 announcement is discrete because amount of critical features are incorporated for maintaining business continuity and to function effectively for high availability. Here are some of the key highlights of this release:

Tape Backup Support

Vembu now offers the popular 3-2-1 backup strategy (duplicates of backup in 2 medias (Disk and Tape) and 1 backup copy at offsite) to businesses by announcing the support for Native Tape Backup for  Image-based Backups (VMware, Hyper-V, and Physical Windows Servers & Workstations) providing an option for Long-Term Archival and Offsite storage.  Also, Vembu Tape Backup Support makes the DR possible on any physical or virtual environment. Thus Vembu Tape backup is designed keeping in mind the future needs of the ever evolving IT demands.

Vembu VDR, backup, replication, tape backup, recovery, reports management

Quick VM Recovery on ESXi host for Hyper-V and Windows Image Backups

As we speak of data backup, recovery of data is equally important, if not more. While data recovery is crucial, the amount of time taken to restore data decides the business continuity of any organization. In the previous versions, Vembu has provided instant recovery capabilities only for VMware Backups from the GUI. From this release v3.9.0, Vembu makes the instant recovery process much simpler and quicker than before by making the Quick VM Recovery possible on VMware ESXi from Vembu BDR backup server console for all image-based backups(VMware, Hyper-V and Microsoft Windows). Thus, Vembu lowers the Recovery Time Objectives of the organizations and provides quicker data regain and access.

vembu bdr backup restore hyper-v vmware

Backup-level Encryption

With the newest release, Vembu provides the ability to encrypt the data while creating a backup job. Each backup job that is configured from the distributed agents or through the Vembu BDR backup server is now highly secured through Backup-level Encryption. By using customized passwords, users will now be able to enable additional security for their backup jobs. And the backup data can be restored/accessed only by providing the password. Thus, the data is encrypted and can only be accessed by authorized users. This step is to fight data threats and also to ensure data compliances.

vembu bdr backup restore retention policies hyper-v vmware

Auto Authorization at Vembu OffsiteDR Server

Offsite data protection is critical in terms of business continuity and is primarily done to keep a backup instance of key business data. To increase data security, Vembu BDR Suite v3.9.0 has Auto Authorization feature at Vembu OffsiteDR server that lets only the registered BDR backup servers to connect to the OffsiteDR server. Vembu BDR servers are authorized through unique registration key generated at the OffsiteDR server. Thus, safeguard all your backup data even if they are transferred to offsite through Auto-Authorization at OffsiteDR server

vembu bdr backup restore authorization, recovery, reset registration, vmware hyper-v

Pre/Post backup scripts

            Many businesses are in a need to execute certain business logic before or after a backup job. But running these logics manually through scripts is difficult and is not feasible for organizations having multiple backup jobs running in their IT infrastructure. To make this process simpler, Vembu BDR Suite v3.9.0 provides a separate wizard in NetworkBackup, OnlineBackup and ImageBackup clients, where one can add a number of pre and post executable commands/scripts. This helps in automatically executing the added commands/scripts at specific stages based on the configuration and provides the ability to run the custom actions before/after the backup schedules.

vembu bdr backup restore advanced backup schedule settings, backup commands

Besides all the listed features, Vembu BDR Suite v3.9.0 has few interesting features like Windows Event Viewer Integration along with some Enhancements.

Interested in trying Vembu BDR suite?, Try Now on a 30-days free trial: https://www.vembu.com/vembu-bdr-suite-download/

Create and configure VMWare vSphere VSAN cluster step by step

January 16, 2018 03:09PM

VMware vSAN is a Hyper-Converged storage (Software Defined Storage) solutions with a vSphere-native, high-performance architecture. With software defined storage, it has opened new opportunities to new skills. With vSAN we can use local disk and create highly available, scalable, high performance datastores for vSphere infrastructure. Benefit of using local disk is there low latency and in the VSAN data is replicated with other Host disks.

Below are the system requirements for VMware virtual SAN, 
Hardware Host
     • 1GB NIC; 10GB NIC recommended
     • SATA/SAS HBA or RAID controller
     • At least one flash caching device and one persistent storage disk (flash or HDD) for each capacity-contributing node
Cluster Size
     • Min. 2 hosts – Max. 64 hosts
VMware HCL guide
     • Certified vSAN Ready server and it is on Hardware Compatibility List
Software
     • VMware vSphere 6.5 EP02 (any edition)
     • VMware vSphere with Operations Management 6.1 (any edition)
     • VMware vCloud Suite 6.0 (any edition updated with 6.5)
     • VMware vCenter Server 6.5

I have tested vSAN on Vmware workstation, you can follow my earlier article to Emulate HDD as SSD flash disk on Esxi and VMware workstation.

I am using default option to build vSAN for this demo, In the vSAN, There is a limitation of a 2 or 3 host cluster configuration, you can bear only one host failure by cluster setting option of host failure to tolerate 1. VMware vSAN keeps each of the 2 necessary copies of VM data on distinct esxi hosts. The witness object is on a third host. As there are low number of esxi server in the cluster, you might see following limitation in the cluster. When a esxi host goes down, vSAN cannot rebuild Virtual Machine data on another esxi server to safeguard against another failure. Another thing if a Esxi is put onto enter maintenance mode, vSAN cannot reprotect evacuated data. Data is uncovered to a possible catastrophe while the host is in maintenance mode. Make sure for production you are configuring proper redundancy and choosing proper options for the VSAN.

vmware vsphere vsan, virtual san, disk group, ssd, hdd, flash disk, cache tier, capacity tier, vsan datastore, vmkernel, esxi cluster, aggregated disks storage

In my environment I am running vcenter server 6.5, 3 esxi server version 6.5. Each esxi host has 2 x 10 GB disk for vSAN, out of one is SSD for cache tier and another is HDD for capacity tier. Make sure for production you use hardware or esxi host listed on VMware HCL, there are also certified VSAN ready nodes available. Before starting configuration one of the prerequisite is disable vSphere HA (high availability). Select the cluster, on the configure tab in the right, expand services and select vSphere Availability, click Edit. Again on vSphere Availability uncheck box on Turn on vSphere HA.

vmware vsphere web client, edit cluster setting turn on vsphere ha, proactive HA, configure vsan cluster, virtual san, vsphere availability

Another configuration is I have configured new VMKernel adapter port with vSAN services configured and enabled on the virtual switch. Make sure you are atleast using 10 Gig network adpater for vSAN network traffic.

vmware vsphere web client esxi, vcloud, vmware kernel adapters networking virtual switches, vmk, vsan network, dvswitch, virtual san, vsan datastore enabled

Below Services, there is vSAN option, expand it, and on the General view, you will find vSAN is Turned OFF. Press Configure button. 

VMware vSphere web client, Vmware Cluster, vSan, virtual san vSan is turned off, configure vsan, storage datastore, storage defined network

It opened the Configure vSAN wizard. Under the vSAN capabilities there are several services and options, select them how you want your vSAN cluster to work. 

Enabling or disabling deduplication and compression, requires a rolling reformt of all disks in the VSAN cluster, Depending on the amount of data stored, this might take a long time. vSAN alterations disk layout on each disk group of the cluster. To achieve this change, vSAN evacuates data from the disk group, removes the disk group, and recreates it with a new layout format that provisions deduplication and compression.

vSAN encryption needs an external Key Management Server (KMS), the vCenter Server, ESXi server. vCenter Server asks encryption keys from an outer KMS. The KMS produces and provisions the keys, and vCenter Server acquires the key IDs from the KMS and issues them to the ESXi servers.

A fault domain typically mentions to a group of hardware devices that would be impacted by an outage, I am using normal cluster without Fault domain or stretched cluster. Click next to proceed.

vmware vsphere web client, cluster, configure vSAN, fault domains, stretched cluster, datastore, storage encyption Deduplication and compression, vSan Capabilities

On the Network validation, check the existing vSAN network settings on all the hosts in the cluster. Make sure you have created configured one vmkernel adapter portgroup on each esxi host with vSAN option enabled. I have already configured this, Configuration will validate settings and Everything is green here..

vmware vsphere web client, configure vSan, network validation vmk, vsan network vmkernel vsan enabled, traffic, vsan datastores storage

On the Claim disks, select the disks to contribute to the vSAN datastore, Select which disks should be claimed for chache and which for capacity in the vSAN cluster. The disks below are grouped by model and size or by host. The recommended selection has been made based on the available devices in your environment. The number of capacity disks must be greater than or equal to the number of cache disks claimed per host.

vmware vsphere web client, configure vsan, claim disks, vsan datastores, flash ssd disk, solid state drive, hard disk drive, capactity tier, cache tier, HDD.png

Here you can make your disk appear as flash or HDD as shown in the icon. Next Select cache tier and capacity tier selecting from drop down box.
How many disks can a single esxi server add to VSAN?
     Maximum 5 diskgroup
Individually disk group needs at least 1 SDD and 1 HDD at a minimum and 7 HDDs at a maximum
     HDD count maximum per esxi host = 5 x 7 = 35
     SSD count maximum per esxi host = 5 x 1 = 5

vmware vsphere web client, esxi, disk model, serial number, claim disks, capacity tier, hdd, ssd chache tier, flash disk, vsan datastores

On the ready to complete review your settings selection before finishing the wizard. All the configured settings are listed her, click finish.

vmware vsphere vsan cluster. ready to complete, deduplication and compression, encryption, storage, capacity catche storage datastores, fault domains and streched cluster

Next check your recent tasks, Updating vSAN configuration starts based on provided information.

vmware vsphere web client vsan recent tasks, update vsan configuration, reconfigure vsan cluster.png

Check the configuration on Disk Management under vSAN. Each esxi server is listed and disks is mounted under disk groups.

vmware vsphere web client, configure vsan cluster, disk management, disk groups, connected and mounted, type hybrid, vsan datastore, ssd hdd flash cache capacity tier, configuration

Verify datastores, There is single vsanDatastore listed. It is ready to move VMs.

vmware vsphere web client, cluster vsan configuration datastores view, vsan datastore, vmfs, vsan, storage cluster

Verify Configuration Assist in vSAN, for me it is showing errors because I am not using certified hardware and warning and errors are expected.

vmware vsphere web client, vsan configuration, configuration assist, retest, vsan cluster datastore, hardware compatibility, vsan HCL

In the last enable vSphere HA.

Useful Articles
Emulate HDD as SSD flash disk on Esxi and VMware workstation
PART 1 : INSTALLING ESXI ON VMWARE WORKSTATION HOME LAB
PART 2 : CONFIGURING ESXI ON VMWARE WORKSTATION HOME LAB
PART 1 : BUILDING AND BUYING GUIDE IDEAS FOR VMWARE LAB
POWERCLI - CREATE DATACENTER AND ADD ESXI HOST IN VCENTER

Emulate HDD as SSD flash disk on Esxi and VMware workstation

January 14, 2018 09:03PM

I was required (emulated) virtual fake SSD in VMware workstation for few demos and testing purpose. I am already using SSD on my system, If vmdks are kept on the Solid state drives, VMs detects vmdk disks as SSD/Flash disk, but if you don't have SSD, it can be easily emulated with a trick configuration, but doing so performance is the same as HDD.

PART 6 : CONFIGURE VMWARE WORKSTATION TO SAVE SSD SPACE AND TIME
Create and configure VMWare vSphere VSAN cluster step by step

I have attached multiple disks on esxi server, in the Esxi on the Configure tab >> Storage Devices settings, all the local and remote disks are listed. Here see the disk drive type, it can be changed selecting it, by clicking button HDD to flash. Doing this will mark normal HDD as Flash disk and HDD button will change as F.

Warning: Marking HDD disks as flash disk could deteriorate the performance of datastores and services that use them. Mark disks as flash disks only if you are certain that those disks are flash disks.

VMware vSphere web client, configure storage devices local disk HDD and SSD flash disk type parallel scsi.png

For esxi server doesn't require much setting, but If you require fake emulated SSD in Microsoft windows Server OS, It can be done with a modifying (adding) configuration to VM vmx file. First I want to show here, I have one disk (C:) already on SSD and other (E:) HDD, I can get same information using PowerShell command Get-PhysicalDisk. Hard disk drive is shown as Unspecified.

Microsoft windows server 2016 defrag optimize drives, hard disk drive and solid drive, powershell get-physicaldisk change set hdd as ssd flash

First poweroff Virtual Machine, open VMX file in notepad and identify scsi disk location, here my second disk is 10 GB and it is located as scsi0:1. Add a new line scsi0:1.virtualSSD = 1 and save it. Power on virtual machine.

vmware workstation virtual machine settings, vm vmx configuration file SSD, HDD, disk drive, fake emulate virtual ssd, vmdk, scsi, hard disk drive, solid state drive

Once powered on VM, Verify the same in defrag on windows system or check it using Windows Powershell command.

vmware esxi, vsphere workstation, Microsoft windows server 2016 defrag optimize drives, change hard disk drive and solid drive, powershell get-physicaldisk change set hdd as ssd flash, Select-Object.png

The above steps I configured can be used on Esxi vm (Virtual machines) as well, Make sure VM is powered off before configuration. Right click VM and select Edit settings. In the VM Options tab expand Advanced, click Edit configuration in Configuration Parameters. In the wizard add Name and value, Power on VM to view SSD changes.

vmware vsphere microsoft windows server, vm virtual machines edit settings, configuration parameters, edit configuration parameters, scsi virtualssd poweroff on vm

Useful Articles for home lab
PART 1 : BUILDING AND BUYING GUIDE IDEAS FOR VMWARE LAB
PART 2 : BUILDING AND HARDWARE BUYING GUIDE IDEAS FOR VMWARE LAB
PART 3 : MY VSPHERE LAB CONFIGURATION ON VMWARE WORKSTATION
PART 4 : CONFIGURING VMWARE WORKSTATION NETWORKING IN HOME LAB
PART 5 : CONFIGURING STORAGE IN VMWare WORKSTATION FOR OPTIMAL SPEED
PART 6 : CONFIGURE VMWARE WORKSTATION TO SAVE SSD SPACE AND TIME
PART 7 : CREATING NESTED VMWARE ESXI SERVER VM IN HOMELAB ON VMWARE WORKSTATION
PART 8 : CPU COOLING SOLUTION FOR MY HOME LAB ON VMWARE WORKSTATION

Configuring a vCenter PSC Single sign-on Active directory Integrated windows authentication

January 14, 2018 02:16PM

In my one of the earlier article I shown ADDING AND CONFIGURING VMWARE VSPHERE VCENTER SSO ACTIVE DIRECTORY AS LDAP SERVER, That was one of the security best practices, Here I am going to perform the same task but will use Active directory integrated windows authentication way instead. For this few more steps need to configured on vCenter server. First step is vCenter server need to join into Active directory. Login onto vCenter server, click home icon button.

1. Under Administration, click System Configuration icon.
2. Click vCenter server in the Navigator.
3. On the right side, choose Manage tab.
4. In the Settings from list select Active Directory.
5. Click Join button.
6. Type Domain name, User name and password (user must have permissions to join computers in AD). After pressing ok, reboot the vCenter node manually to apply these changes.

Once server is restarted, check domain shows active directory name successfully.
Deploy install VCSA (vCenter server appliance 6.5) on VMWare Workstation

vmware vsphere web client psc sso single sign-on, system configuration, management join appliance to active directory, Nodes and services, domain, Organizational unit

Next start configuring vSphere PSC SSO. these steps are as same as joining computer into domain.
1. Click home button on the top.
2. Choose Administration to open advanced PSC (Platform services controller) settings.
3. In the navigator, click configuration.
4. On the right hand side, click the Identity sources,
5. Click + plus button to open Add identity Source wizard.
6. On the Identity source wizard, keep default in Select identity source type and keep checked 'Active Directory (Integrated Windows Authentication)' option.

vmware vsphere web client, administration configuration sso psc, Platform services controller, identity sources, Active Directory, integrated windows authentication

Next steps are self explanatory, Provide Active directory domain name (Keep checked use machine account - The above configured account - join vCenter server into domain). On Ready to complete, validate settings and click Finish.

vmware vsphere web client, add identity sources, domain name, service principal name spn, psc platform services controller, sso- single sign on

Active directory domain can be seen added in identity Sources, Make it default by clicking world icon with right side arrow.

vmware vsphere web client, sso, psc, platform service controller, single sign on, configuration identity sources, certificates, saml service providers, policies, Active directory configuration default domain

Here I am configuring extra steps and adding Active directory domain user in administrators group on SSO. 
1. Click Users and Groups in the Navigator pane.
2. In the Groups tab, select Administrators group.
3. Click Add Group members button, This opens Add Principals wizard.
4. In the Add Principals Wizard, type user or Group name,
5. Click Add button, this will shown on users text box.1
6. Click Ok.
7. In the Group Members you will see, user is added in the list, now this user can perform administrative task on SSO.

vmware vsphere web client home, psc, platform services controller sso users and groups configuration, administration, add group members, administrators.png

Next permissions can be assigned on Roles and Global permissions, or vCenter object and entities.

How does this help me to improve forensic insights with Audit-Quality Recording enhanced Logging, Collect logs about user activities so that IT teams can understand who did what, when, and where in the incident of a security threat or irregularity. Check task and event information to view complete information. As below screenshot I can clearly check and audit exactly what changes has been done by whom. This is very good from troubleshooting issues perspective. To see the demo, I have logged in with AD user. and performed some task, which I can monitor in Tasks and Events.

vmware vsphere vcenter 6.5 esxi, enhanced logging, tasks and events, monitor log who changed what

Userful Articles
VMWARE SECURITY BEST PRACTICES: POWERCLI ENABLE OR DISABLE ESXI SSH
vSphere ESXi security best practices: Time configuration - (NTP) Network Time Protocol
Configure syslog on VMware ESXi hosts: VMware best practices

Copy Files with PowerShell Remoting WINRM Protocol

January 11, 2018 12:21PM

Microsoft Powershell psremoting is just not limited to remoting into computers, it can also use to copy files over winrm protocol to remote system the same way, you use files are copied on traditional SMB protocol. This requires some psremoting configuration using POWERSHELL PS REMOTING BETWEEN COMPUTERS. To show everything from scratch I have listed my files using dir command from local folder and remote computer folder. I will copy one of the ISO file to remote server.

PS remoting is session based so I will create a new session first. whoami command shows the current logged in user, Session is created with same account, If another username or password need to use, provide parameter -Credential (Get-Credential) with below command.
$PSSession = New-PSSession -ComputerName Server01 

And next command will copy the file remotely over winrm protocol, it will take some time depending on the size of file to copy and will show copy progress. File once copied verify it with dir again that file exist on remote folder.
Copy-Item -Path .\Router.iso -Destination c:\temp -ToSession $PSSession

Once everything is  verified, close and remove session using
Remove-PSSession $PSSession

Microsoft windows Powershell, winrm, wsman, dir, get-childitem, new-pssession, whoami, remove-pssession, copy-item psremoting, enable psremoting

Useful Articles
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell
GUI - SETUP AND CONFIGURE POWERSHELL WEB ACCESS SERVER (GATEWAY)

View older posts »