Checking certificate expiration with PowerShell

Had an idea to write some (PowerShell) script which will check and maybe notify me of certificates that are nearing expiration for a bunch of (public) sites that… somewhat matter to me. 😊

As it turns out, someone already had this idea and wrote very nice PowerShell script that does just that, available here – thank you!

While testing it, there were sites on which the script worked just fine, and there were sites on which I got errors like this one (Error: “String was not recognized as a valid DateTime.”):

Seems to be connected to my regional settings (I know… who would ever use hr-HR instead of en-US, but… 😊) and date/time formatting:

I’ve tried to fix it in a couple of ways, but the one that finally did it (for me) was explained on Dan Sheehan’s blog (thanks!), implemented on lines 25-26 below.

So, my adapted script looks like this (and works with my hr-HR culture):

It provides the following output (which can be further customized per your needs, of course… and I know – need to insert some line breaks, convert output to HTML, send it via e-mail, … it’s a start! 😊):

Note that I’m returning expiration date “the Croatian way”, by using the following formatting:

Hope it helps someone (and #kudos to original authors)!

Cheers!

Patch Tuesday with PowerShell

It’s actually Wednesday here, but yesterday was another “Patch Tuesday” and Microsoft released its update packages.

So – it’s time to patch! 😊

Not sure how you’re patching your machines, but just wanted to make you aware of the nice PowerShell module called PSWindowsUpdate.

You can read more about it on the official PowerShell Gallery page and also here.

In short – this module takes care of controlling Windows Update from within PowerShell on your local and also remote machines.

And… I know it’s not nice like the Windows Update screen, but it does its job! 😊

To make use of it, you’ll have to take care of some minor prerequisites and install it via PowerShell Gallery.

Once done, you can use it to control Windows Update:

To make it easier for you, here is the installation script which takes care of… everything:

And that’s it – we’re done!

Happy patching!

Cheers!

Yet another “Kubernetes with Raspberry Pi” post

There’s a ton of the tutorials on how to get Kubernetes installed onto your Raspberry Pi, so… let’s write another one. 😊

As mentioned in my last post, I’ve found my forgotten Raspberry Pi, and played around with installing and configuring Raspbian Buster on it.

Today, I wanted to check if it will be possible to install Kubernetes onto such small machine – they are many articles on the “widest of the world’s webs” that say “Yes, it can be done!“, so I’ve decided to give it a try! And I chose to follow one of them (seemed like a nice reference).

As you remember, I’m starting with a cleanly installed (and just slightly customized) Raspbian Buster and building it from there.

And I’ll be using kubeadm for installing my cluster.

So, once I had at least two machines (my Raspberry Pi for the “control plane” and Ubuntu 20.04 LTS Hyper-V virtual machine as the “node” – you can read more about it here), I prepared them like this:

  • install Docker (in my case)
  • change the default cgroups driver for Docker to systemd
  • add cgroups limit support (for my Raspberry Pi 3)
  • configure iptables
  • disable swap (this one was a bit challenging)
  • prepare for Kubernetes installation (source, keys, kubeadm)
  • install Kubernetes “control plane”
  • add flannel
  • add a node to the cluster
  • test with some workload

One thing that bothered me (on Buster) was disabling swap in a way that it also stays disabled after a reboot (I know, it’s the details that eventually get you) – after a while, I’ve stumbled on this forum post and the solution provided by powerpetedid the trick! Thank you, @powerpete! 😊

And finally, details about the each step are here (outputs are commented and somewhat redacted/condensed):

Seems to be working (😊):

Cheers!

P.S. I’ve read about some having issues with flannel and using other network options (didn’t have this one). Also, if you’ll have issues with iptables (v1.8+), maybe you’ll need to switch to legacy version (didn’t have this one either).

Found my forgotten Raspberry Pi

And, naturally, decided to put it to use (although, for exactly what… is currently unclear). 😊

So… how?

As there was already a micro SD card inside my Raspberry Pi, I was all set!

Basically, what I had to do:

  • download the OS image (Raspberry Pi OS Lite)
  • download imaging software (Etcher)
  • extract the OS onto micro SD card
  • enable SSH by adding an empty file called “ssh” (yes, without any extension) to the boot volume
  • boot it up
  • set it up as I like

Extracting the OS image onto micro SD card is a “breeze” with right tools – select OS image, select where do you want to put it and click Flash:

After it’s finished, don’t forget to enable yourself the SSH access (it’s easier that way):

Done.

Let’s put the card back into Raspberry Pi and boot it up.

Few seconds later, you can use (e.g.) Windows Terminal and included SSH client to access your Raspberry Pi (default networking option is DHCP, with default username of pi and password raspberry):

I wanted to “tweak” my installation a bit (with the provided raspi-config script), so I’ve used the following for disabling unnecessary devices, custom network settings, etc.:

And after a while, my Raspberry Pi is finally ready:

Cheers!

Scheduling a PowerShell script… with arguments

Let’s say that you have a neat PowerShell script, which you want to run on some kind of a schedule (a script which will collect some data and send you an e-mail, every day in the same hour… ‘til the end of time – maybe this one) – how can you do it? Smile

The answer is simple. Yes, there is a tool included with Windows operating system, which can help you… and it’s called… well – Task Scheduler. Smile

And… if you never used the Task Scheduler in Windows, maybe this is the time to start.

It’s a rather simple tool – you click through a simple wizard, select what you need (a program) and when you need it, and you’ve created a scheduled task.

image

OK… so, I can run a program? What about a PowerShell script?

The real question here is “Who/what will run my PowerShell script?”. And then, the answer is simple – the PowerShell engine.

This means that your “program” is powershell.exe. This also means that in your scheduled task you should enter something like this:

image

(note the full path to powershell.exe – C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe)

Now we have a scheduled task which will start PowerShell in designated time, every single day. Usually, this is not enough, and we need to add some arguments to the command running (like the path to the script we want to execute).

image

(argument field in this case contains -Command “& C:\Scripts\Get-HyperVReport.ps1 – be really careful about the single/double quotes here!)

Configured like this, our scheduled task will execute the following command:

Two remaining things that we have to check is to have our Get-HyperVReport.ps1 script saved in C:\Scripts and that user, under whom this task is running, has the appropriate permissions to run it. Also, if task should be running unnatended (usually it should), make sure to configure it so.

One other thing that may be useful – with this script, we need to specify some additional parameters (like ClusterName or if it will send us an e-mail when completed). In this case, we can easily add the required parameters to the arguments field, like this:

image

(argument field in this case contains -Command “& C:\Scripts\Get-HyperVReport.ps1‘ -ClusterName MyCluster -SendMail $true -SMTPServer smtp.mail.com -MailFrom [email protected] -MailTo [email protected])

The whole command is then:

Hope this helps!

Cheers!

P.S. One other other thing (yes, it’s written twice… live with it Smile) that can be useful – you can also use PowerShell to create scheduled task which will run this PowerShell script (instead of using “the lame wizard”). Pssst… take a look at the New-ScheduledTask command. Winking smile

P.P.S. You can also make use of Adam’s function, which will make your life easier – https://github.com/adbertram/Random-PowerShell-Work/blob/master/Scheduled%20Tasks/New-ScheduledScript.ps1. Thanks, Adam!

How PowerShell keeps my photo collection neat

As I love taking photos, sometimes it might be difficult to keep my photo collection “neat”. My camera is set to save every photo in two formats (one for editing, and another one for “long term storage”, as I like to say Smile) – .ARW and .JPG.

When I come home from a “photo trip”, I go through the photos taken and delete the ones I don’t really like. As I need to delete both copies, sometimes it happens that I forgot to delete .JPG or .ARW file of the same photo (which leads to “inconsistencies” in my collection… which is not “neat” Smile).

To overcome this, I’ve come up with a solution – a simple PowerShell script to check if there are any .ARW files which are missing it’s corresponding .JPG file (basically, I’m looking for files sharing the same name, but with different extension):

So, output will be something like this (with right arrow in results meaning that I have .ARW files for which I don’t have the corresponding .JPG file, which further means that I’ve deleted the .JPG file which I didn’t like and now I need to delete .ARW as well):

image

Arrow on the left side means that I have .JPG files for which I don’t have the corresponding .ARW file. No results will mean that I have the files in sync – for each .ARW file, there is a corresponding .JPG file.

Next step will be to tweak the script and probably automate the deletion process. For now, I’m satisfied with PowerShell providing me info about the duplicates and deleting the files manually. Smile

Cheers!

Reinstalling your Hyper-V hosts

Have you ever reinstalled your Hyper-V hosts?

I know, there is not much need for it (as everything usually works just fine), but still… there is a “Windows Server 2016 re-installation wave” coming and maybe you’ll find the the next pieces interesting and useful.

One of the “messy” tasks with Windows reinstallation is networking… and by “messy” I mean “you have more than one network cable in your Hyper-V hosts” and you need to know which networks are connected where. Smile

What happens is that Windows somehow always forgets your network device order, all the pretty names you’ve applied and you get stuck with names like “Ethernet”, “Ethernet 2”, etc.

There is a way to fix this (there are many, actually) – we can ask our younger colleague to go to the server room and unplug the cables one by one and then plug them back in, following the rename on our (Windows) side. This way we are certain that all the corporate, DMZ, storage, live migration, etc. cables don’t get “confused” when added to their respective teams and if we labeled cables properly, everything will work with fresh Windows installation also.

But… there is another way. We can use what we already have – our documentation. Here I mean “our current setup” – we have our network adapters and teams already configured in our current Windows installation, why don’t we just export this info and use it after the reinstallation?

We can do this easily by using PowerShell!

The idea is to export network adapter names and MAC addresses of our physical network adapters (excluding the virtual and team adapters), in a CSV file, so that we can use it later, to rename our adapters after the reinstallation:

After reinstallation, we can use the following command to rename our adapters, as per our saved CSV file:

And voilà – our networks are named nicely again (and our colleague didn’t need to go to the cold server room… this time). Smile

Cheers!

Missed the Microsoft Ignite 2016?

Don’t be sad! Smile

In case you’ve missed the Microsoft Ignite conference this year (like me Smile), all of its content is available online! You can visite the conference homepage (https://ignite.microsoft.com/) and catch video streams and…

… even better – there is a PowerShell script that can help you download the videos and slides of about 570 Ignite sessions!!! How cool is that???

Script was made by Michel de Rooij and Mattias Fors, and can be found here (read the “help” section to figure out what you need and how to use it).

When launched (properly), it looks something like this:

image

Happy downloading, watching and learning! Smile

Cheers!

P.S. With the script alone, you’ll need the YouTube downloader utility available here (it actually says so in the script’s “help”, but who reads the documentation, right? Smile).

Playing with folders and permissions

This one will be short and sweet. SmijeĹĄak

Imagine you have an Active Directory full of users. You also have a file server in your environment. And, as it happens, each of your users needs to have a folder created just for himself, on this file server. Each folder should have inheritance disabled and each user should get full permissions on his folder.

What do you do?

Well, we can manually create the required folders, or we can use a PowerShell script which will do it for us. Obviously, I’ve chosen PowerShell (maybe not the nicest script in the world, but it does the job), or this post would be… lame. Smiješak

So, the interesting part of this script goes like this (I’ve added a few empty lines to make comments more visible):

Cheers!

Installing the KB2920189… successfully!

The other day, I’ve written about an issue with installation of update KB2920189 for Windows Server 2012 R2 (post called [TIP] Latest “Patch Tuesday” & errors installing update). So, the problem I was facing was failing installation on Generation 2 virtual machines, with Secure Boot enabled.

Actually, you can overcome this problem easily by reading the documentation before it happens or… with PowerShell after (OK, you can use GUI also, but who uses it nowadays?)! Smile

As I’ve already mentioned, all you need to do is just one thing – install the BitLocker feature on your server.

(yes, “-Restart” is optional – if you want, you can restart your server manually, of course)

image

After that, BitLocker is installed, and you can successfully install the KB2920189 also.

Second (not official) approach on installing this update on Generation 2 virtual machine, as I’ve written in the mentioned post, is to uncheck Secure Boot, install the update, and then check the Secure Boot option again.

This can be easily done using the following script:

We can now install this “problematic” update as the Secure Boot feature is disabled:

image

image

…and Secure Boot is enabled again (“nothing” happened)!

Of course, you can do all of this manually, but then again – why do we have PowerShell? Smile

Cheers!

P.S. I’m no PowerShell expert… just like to automate some things. Smile