Check CredSSP Configuration
Get-WSManCredSSP
Configure CredSSP on Client
Enable-CredSSP -Role Client -DelegateComputer *.domain.com -Force
Configure CredSSP on Server
Enable-CredSSP -Role Server -Force
Check WinRM CredSSP Authentication
winrm get winrm/config
Enable WinRM CredSSP Auth on Client
winrm set winrm/config/client/auth '@{CredSSP = "true"}'
Enable WinRM CredSSP Auth on Server
winrm set winrm/config/service/auth '@{CredSSP = "true"]'
Allow Delegating Fresh Credentials GPO
- Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow delegating fresh credentials = Enabled
- Edit -> Options -> Add servers to the list -> Show -> *.domain.com
Remote Session Setup with CredSSP
$session = New-PSSession -ComputerName {server}.domain.com -Credential $credential -Authentication CredSSP
Get a Code Signing Certificate and PowerShell signature
$codeCert = (dir Cert:\CurrentUser\My -CodeSigningCert)
## verify the index of the appropriate thumbprint for the current certificate
Set-AuthenticodeSignature {scriptUrl} -Certificate $codeCert[i]
[psobject].Assembly.Location
$tempPath = Join-Path $env:Temp "<directory-name>"
$filePath = Join-Path $tempPath "<executable-name>"
Write-Host "Using temporary directory: $tempPath"
if (!(Test-Path $tempPath)) { md $tempPath | Out-Null }
$webClient = New-Object System.Net.WebClient
$webClient.Proxy = [System.Net.WebRequest]::DefaultWebProxy
$webClient.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
Write-Host "Downloading <product-to-be-installed>"
if ([environment]::Is64BitOperatingSystem)
{
$webClient.DownloadFile('<fully-qualified-file-path>', $filePath)
}
else
{
$webClient.DownloadFile('<fully-qualified-file-path>', $filePath)
}
Write-Host "Installing <product-to-be-installed>"
& $filePath /args...
Get-Process | Out-File -FilePath ${env:USERPROFILE}\Desktop\env_processlist.txt -Encoding ascii
Get-Process | Export-Csv -Path ${env:USERPROFILE}\Desktop\env_processlist.csv
import-module ActiveDirectory
Get-ADUser {username} -properties *
// Enable remote script execution
Set-ExecutionPolicy RemoteSigned
// Establish remote session to exchange powershell
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<exchange-server>.domain.com/PowerShell/
-Authentication Kerberos -Credential $UserCredential
Import PSSession $Session
// Interact with Exchange
Enable-Mailbox -Identity DOMAIN\user.name -Database <database>
Enable-Mailbox -Identity DOMAIN\user.name -Archive -ArchiveDatabase <archive>
Set-Mailbox user.name@domain.com -RetentionPolicy <retention-policy>
// Close Remote Session
Remove-PSSession $Session
Remote SCCM Query Tests and Local WMI Query Tests
Remote SCCM Query
- Input credentials for remotely connecting to SCCM
- Specify the fully qualified location of a .txt file that contains the query you want to test. For instance, consider the following query saved on the desktop as
SMS_R_System.txt
:
select * from SMS_R_System
The fully qualified path would be: C:\Users{user}\Desktop\SMS_R_System.txt
- Specify what you would like the name of the generated .csv file to be. Specifying
System-Info
would save the .csv toDesktop\System-Info.csv
. - Specify the properties you want to retrieve from the
Get-WmiObject
result object (This uses theSelect-Object
pipe). Can either be comma-separated or space-separated. For instance:
ResourceID ResourceType Name SMSUniqueIdentifier ResourceDomainORWorkgroup Client
- The query will be executed against the remote namespace, and the results saved to the .csv on the desktop. Press exit to finish, or press Enter to test another query.
$credential = Get-Credential
$relevant = $true
function Set-Query
{
try
{
$queryFile = Read-Host 'Input Query File Location (must be .txt)'
return [IO.File]::ReadAllText($queryFile)
}
catch
{
Write-Warning 'Invalid file path. Input a valid .txt file'
return Set-Query
}
}
while ($relevant)
{
$query = Set-Query
$filename = Read-Host 'Set Output Filename'
# Thanks to Chris Dent! http://stackoverflow.com/questions/39293022/specify-select-object-details-at-runtime/39293104#39293104
$properties = (Read-Host 'Set Select-Object Details') -split ' +|, *'
$wmi = Get-WmiObject -ComputerName <SCCM_Server> -Namespace Root\SMS\SITE_<ID> -Query $query -Credential $credential
$wmi | select $properties | Export-Csv ${ENV:USERPROFILE}\Desktop\$filename.csv
Write-Host -BackgroundColor Green -ForegroundColor Black 'File output to ' ${ENV:USERPROFILE}\Desktop\$filename.csv
$test = Read-Host 'Type exit to quit. Press Enter to run again.'
if ($test.ToLower().Equals('exit'))
{
$relevant = $false
}
}
Local WMI Query
- Specify the fully qualified location of a .txt file that contains the WMI query you want to test. For instance, consider the following query saved on the desktop as
ServiceNames.txt
:
select * from Win32_Service
The fully qualified path would be: C:\Users{user}\Desktop\ServiceNames.txt
- Specify what you would like the name of the generated .csv file to be. Specifying
Service-Names
would save the .csv toDesktop\Service-Names.csv
. - Specify the properties you want to retrieve from the
Get-WmiObject
result object (This uses theSelect-Object
pipe). Can either be comma-separated or space-separated. For instance:
Name DisplayName PathName
- The query will be executed against the local namespace, and the results saved to the .csv on the desktop. Press exit to finish, or press Enter to test another query.
function Set-Query
{
try
{
$queryFile = Read-Host 'Input Query File Location (must be .txt)'
return [IO.File]::ReadAllText($queryFile)
}
catch
{
Write-Warning 'Invalid file path. Input a valid .txt file'
return Set-Query
}
}
$relevant = $true
while ($relevant)
{
$query = Set-Query
$filename = Read-Host 'Set Output Filename'
$properties = (Read-Host 'Set Select-Object Details') -split ' +|, *'
$wmi = Get-WmiObject -ComputerName <ComputerName> -Namespace root\cimv2 -Query $query
$wmi | select $properties | Export-Csv ${ENV:USERPROFILE}\Desktop\$filename.csv
Write-Host -BackgroundColor Green -ForegroundColor Black 'File output to ' ${ENV:USERPROFILE}\Desktop\filename.csv
$test = Read-Host 'Type exit to quit. Press Enter to run again.'
if ($test.ToLower().Equals('exit'))
{
$relevant = $false
}
}
{save-location}\vs_professional_2017.exe --layout c:\vs2017offline --lang en-US
cd {location of update}
mkdir {name of folder to pack update files}
<update-name>.exe /layout <fully qualified update file directory created with mkdir>
// An .exe is generated in the update file directory
dism /online /enable-feature /featurename:{name} /all /source:{drive}\sources\sxs /limitaccess