ResolveIPtoName ile IP adreslerinin ait olduğu FQDN adresini bulabilirsiniz (tr-TR)
Resolve-DnsName iş sürecini tersten düşünelim. elimizde IP var bu IP aderesine ait FQDN çözümlenmesine ihtiyacımız var. Bunun için çok basit bir script çalıştırdıktan sonra "ReolveIPtoName" komutu ile iş sürecinizi yönetebilirsiniz. PowerShell script function ResolveIPtoName($IP) { $ResolvingResults = "" $ResolvingResults = @() $IPList += @($IP) foreach ($IP in $IPList) { try {$ResolvingResults += [System.Net.Dns]::GetHostEntry($IP)} catch{Write-Host $IP could not be Resolved -BackgroundColor Black -ForegroundColor Red} } $ResolvingResults | Select AddressList, HostName } Uygulama: PS C:\Users\emreozanmemis.MARVEL> function ResolveIPtoName($IP) { >> $ResolvingResults = "" >> $ResolvingResults = @() >> $IPList += @($IP) >> foreach ($IP in $IPList) { >> try {$ResolvingResults += [System.Net.Dns]::GetHostEntry($IP)} >> catch{Write-Host $IP could not be Resolved -BackgroundColor Black -ForegroundColor Red} >> } >> >> $ResolvingResults | Select AddressList, HostName >> } PS C:\Users\emreozanmemis.MARVEL> Çıktı: PS C:\Users\emreozanmemis.MARVEL> ResolveIPtoName 10.172.100.101 AddressList HostName ----------- -------- {fe80::568:93c8:f180:637d%4, 10.172.100.101} shield.marvel.localPowerShell ile WSUS Cleanup Wizard Script (tr-TR)
Aktif kullanılan WSUS serverlarda artan disk alanını kontrol altında tutmak ve kaynakları tasaruflu kullanmak için düzenli olarak temizlik yaparak eski süresi dolmuş yada kullanılmayan güncelleme paketlerini için aşağıdaki script kullanarak düzenleyebilir temizleyebilirsiniz. PowerShell açıp aşağıdaki script kopyala yapıştır ile çalıştırabilir ve ilgili update paketlerini temizleyerek disk kullanımınızı optimize ederbilirsiniz. # WSUSCleanupscript.ps1 [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")` | out-null $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer(); $cleanupScope = new-object Microsoft.UpdateServices.Administration.CleanupScope; $cleanupScope.DeclineSupersededUpdates = $true $cleanupScope.DeclineExpiredUpdates = $true $cleanupScope.CleanupObsoleteUpdates = $true $cleanupScope.CompressUpdates = $true $cleanupScope.CleanupObsoleteComputers = $true $cleanupScope.CleanupUnneededContentFiles = $true $cleanupManager = $wsus.GetCleanupManager(); $cleanupManager.PerformCleanup($cleanupScope); # Script ENDPowerShell ile WSUS kurulum ve yapılandırması (tr-TR)
Bu yazımda sizlere WSUS (Windows Server Update Services) bahsedeceğim. WSUS ile kendi yapınızda Windows serverlar için kendi update sunucunuzu yapılandırabilir ve bu sunucu üzerinden Microsoft ürünü kullandığınız işletim sistemlerini ve Microsoft yazılımlarını güncelleyebilirsiniz. PowerShell ile kurulum ve yapilandırmasını yapacağımız WSUS için detayları aşağıda bulabilirsiniz. Öncesinde bazı detaylardan bağsetmek isterim. WSUS normal şartlarda kolay kurulan ve yönetilen bir servistir ancak çok ilgi ister. Her gün kontrol edilmeli yada anlık olarak monitor edilmelidir. Günlük yayınlanan defender güncelllemeleri onaylanmalı yada otomatik olarak kurallaştırılarak onaylanması sağlanmalıdır. Aylık yayınlanan major ve minor Windows updateleri için incelemeler yapılmalı ve kontrollü bir şekilde uygulanmalıdır. Kurulum yapacağınız Windows Server domain join durumda yada workgroup olarak çalışan bir sunucu olabilir. Önerilen mimarilerde genelde Domain yapısında olması yönetim kolaylığı açısından tervcih edilemektedir. Ancak Workgroup olarakda sorunsuz çalışmaktadır. Kurulum için Windows Server işletim sistemimizde PowerShell'i administrator olarak çalıştırarak başlıyoruz. Install-WindowsFeature kurulum komutu ile iligli servisimiz WSUS için isim tanımlası ve yönetim araçlarını yüklemek için gerekli tanımlamaları aşağıdaki şekilde komutuma yazarak işlemlerime başlıyorum. Install-WindowsFeature UpdateServices -IncludeManagementTools Komut çıktısı: Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. PS C:\Users\Administrator> Install-WindowsFeature UpdateServices -IncludeManagementTools Success Restart Needed Exit Code Feature Result ------- -------------- --------- -------------- True No Success {ASP.NET 4.7, HTTP Activation, Remote Serv... WARNING: Additional configuration may be required. Review the article Managing WSUS Using PowerShell at TechNet Library (http://go.microsoft.com/fwlink/?LinkId=235499) for more information on the recommended steps to perform WSUS installation using PowerShell. Kurulum işlemimiz tamamlanmıştır. Yapılandırma işlemleri için aşağıdaki PowerShell scripti size yardımcı olacaktır. ### WUSUS post-deplpyment yapilandirma ayarlari . "C:\Program Files\Update Services\Tools\WsusUtil.exe" postinstall CONTENT_DIR=C:\WSUS ### WSUS nesnesinin tanımlanması $wsus = Get-WSUSServer ### WSUS yapilandirma tanimlamasi $wsusConfig = $wsus.GetConfiguration() ### Microsoft güncellemelerinin yapilandirilamsi Set-WsusServerSynchronization –SyncFromMU ### Güncelleme paketi dil tanımlaması sadece ingilizce yapilandirilmisiti bu bölümde istediğiniz dilleri virgul ekleyerek kısa kodunu yazabilirsiniz. $wsusConfig.AllUpdateLanguagesEnabled = $false $wsusConfig.SetEnabledUpdateLanguages("en") $wsusConfig.Save() ### WSUS ve Microsoft güncelleme SYNC tanimlamasi $wsus.GetSubscription().StartSynchronizationForCategoryOnly() start-sleep 15 ### SYNC tanimlamasi while ($wsus.GetSubscription().GetSynchronizationStatus() -ne "NotProcessing") { $time = get-date -UFormat "%H:%M:%S" $total = $wsus.GetSubscription().getsynchronizationprogress().totalitems $processed = $wsus.GetSubscription().getsynchronizationprogress().processeditems $process = $processed/$total $progress = "{0:P0}" -f $process Write-Host "" Write-Host "The first synchronization isn't completed yet $time" Write-Host "Kindly have patience, the progress is $progress" Start-Sleep 10 } Write-Host "The synchronization has completed at $time" -ForegroundColor Green Write-Host "The WSUS Configuration will now continue" -ForegroundColor Green ### Guncelleme urunlerinin tanimlanmasi, bu bolumu genisletebilrisiniz. Ben örnek için sadece Windows Server 2019 ekledim scritpti genisleterek diger urunleride ekleyebilirsiniz. write-host 'Setting WSUS Products' Get-WsusProduct | where-Object { $_.Product.Title -in ( 'Windows Server 2019') } | Set-WsusProduct ### Guncelleme sinfilarinin tanimlanmasi yine bu bolumde de siniflari arttirabilir yada azaltabilirsiniz. write-host 'Setting WSUS Classifications' Get-WsusClassification | Where-Object { $_.Classification.Title -in ( 'Critical Updates', 'Definition Updates', 'Feature Packs', 'Security Updates', 'Service Packs', 'Update Rollups', 'Updates') } | Set-WsusClassification ### SYNC yapilandirmasi write-host 'Enabling WSUS Automatic Synchronisation' $subscription = $wsus.GetSubscription() $subscription.SynchronizeAutomatically=$true ### otomatik sync yapilandirmasi $subscription.SynchronizeAutomaticallyTimeOfDay= (New-TimeSpan -Hours 0) $subscription.NumberOfSynchronizationsPerDay=1 $subscription.Save() ### Guncellenecek hedef grubun belirlenmesi $wsus.CreateComputerTargetGroup("Updates") ### Guncelleme paketlerinin onaylanmasi write-host 'Configuring default automatic approval rule' [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") $rule = $wsus.GetInstallApprovalRules() | Where { $_.Name -eq "Default Automatic Approval Rule"} $class = $wsus.GetUpdateClassifications() | ? {$_.Title -In ( 'Critical Updates', 'Security Updates')} $class_coll = New-Object Microsoft.UpdateServices.Administration.UpdateClassificationCollection $class_coll.AddRange($class) $rule.SetUpdateClassifications($class_coll) $rule.Enabled = $True $rule.Save() ### Computer groupların güncelleme islemi $wsusConfig.OobeInitialized = $true $wsusConfig.Save() ### SYNC baslamasi $wsus.GetSubscription().StartSynchronization() Uygulama ekran görüntüleri: Windows Server Update Services açarsanız Overview ekranından yaptığımız işlemleri çapraz kontrolünü yapabilirsiniz. WSUS ile client ve server istemcilerinizi update etmek için; İstemcileri (Windows server işlerim sistemleri ve client işletim sistemlerini) WSUS'a ekleyerek güncellemelerini tek bir sunucu üzerinden kontrol ederek hangi sunucuda hangi güncelleme eksik yada hangi sunucunun güncellemeleri tamamlanmış görebiliyoruz. İstemci sistemi WSUS üzerinden güncellemek için aşağıdaki adımları yapmanız gerekmektedir. Bu işlemleri AD DS üzerinden policy olarak oluşturup tüm DC yapınızdaki bilgisayarları gruplayıp güncelleme servisini güncelleyebilirsiniz. Windows Update servisini WSUS üzerinde yapilandirmak için aşağıdaki işlemler iuygulayabilirsiniz. İlk olarak GPEDIT.msc (Local Group Policy Editor) gidiyoruz. Bu adımda WSUS sunucusuna istemciyi eklememiz için GPleri kullanıyoruz. Windows update server olarak WSUS'u göstereceğiz. Local Group Policy Editorumuz açıldığında aşağıdaki pencereyi görüntüleyeceksiniz. Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Winows Update dizinine gidiyoruz. Windows Update Dizininde "Specify intranet Microsoft update service locaition" politikasını buluyoruz. Specify intranet Microsoft update service locaition çift tıklayara giriş yapıyoruz. Gördüğünüz gibi not configured şeklinde gözükmektedir. Bu politikayı aktif duruma getirmek için enabled konumuna getiriyoruz. Enabled ettikten sonra alt bölümde "set the intranet update service for detecting updates" ve "set the intranet statistics server" bölümlerine Vargonen olarak kullandığımız WSUS serverin bilgilerini giriyorsunuz. WSUS bilgisi: ht target=_blank target=_blank target=_blank target=_blanktp://192.168.2.212:8530 (işlem sürecinde wsus adresini FQDN olarak tanımlayıp gerekli dns yapılandırmasını yapıp kullanmanızı tavsiye ederim yarın IP adresini değiştirmek zorunda kalırsanız FQDN adresinin IP bilgisini değiştirmeniz yeterli olacaktır. .) Politikamızı aktif ettikten sonra aktif olduğunu kontrol etmek için Control Panel > Windows Update dizinine gidiniz. You receive updates: Managed by your system administrator şeklinde bir bölüm göreceksiniz. Bu WSUS üzerinden güncelleme aldığını gösteren bir uyardır. Özel durumlarda (Örneğin: WSUS çalışmadığında) "Check online for updates from Microsoft Update" linkine tıklayınız, güncellemeleriniz Microsoft update servisleri üzerinden online olarak indirilecektir. Güncellemeleri yüklemek ve kontrol etmek için check for updates linkine tıklayınız Çapraz kontrol için WSUS sunucusu üzerinden kontrol ediniz WSUS erişim bilgileriniz yok ise ilgili sistem yöneticinize başvurunuz. Sunucumuz başarı ile WSUS üzerine eklenmiş ve güncellemeleri tamamlanmış olduğunu göreceksiniz. Sunucunuz WSUS üzerinde gözükmüyor yada güncellemeleri yaptınız ve güncellemeler yüklü gözükmüyor ise aşağıdaki komutları çalıştırınız. Not: Komutlar komut satırı yada powershell de çalışmaktadır herhangi birinde bu işlemi gerçekleştirebilirsiniz. wuauclt.exe /resetauthorization /detectnow komutunu çalıştırıyoruz. wuauclt.exe /resetauthorization /detectnow İşle sonucu ekrana çıktı vermeyecektir. 5 dk sonra WSUS üzerinden tekrar kontrol ediniz. Kaynak: docs.microsoft.com Kaynak: spiceworks.comPowerShell and what it means to you!
In recognition of Jeffery Snover's announcement that he’s leaving Microsoft I have decided to try and pull together some data and a video with clips from whoever in the tech community that wants to add their voice as to what PowerShell has meant to them over the years. As such I have tweeted this thread which has a link to a form to add in some details about what PowerShell has meant for you, that includes the option for you to share a link to a video of 30-60 seconds of what PowerShell has meant to you, I also have in this form the option for people to just give a typed answer instead as I know not everyone will want to record themselves. This form also will collect some additional details around user groups and conferences as to help enable further community growth in the coming months and years and I will share the information gathered with User Group/Conference organisers if submitters allow me to do so. My intention is that we can get the video ready and then release it on August 18 th as a continual celebration of PowerShell going Open Source back in 2016. However I will need help with this as I am not the best at video editing. Please Retweet that thread and send the form link to anyone that you may think would want to add their view to this video & share on other social media platforms like LinkedIn too. Lastly I want to thank Jeffery for having the vision & determination to get PowerShell to be one of the most important tools in any administrator or developers tool kit, and getting so many incredible engineers & Project/Programme managers on the team over the years. So many hundreds of millions of hours have been saved just from the ability to make use of this incredible language, and one that with Steve Lee & the team leading it can only get better from here on in. I and many others definitely would not have had the same career opportunities if it hadn’t been for PowerShell and to which I am forever in your debt, which I hope with all the community work I do pays it forward to help not only current generations across tech but all future ones too. Ryan Yates Cloud & Datacentre Management MVP Uk PowerShell User Groups LeedsAzure User Group LinkedIn Twitter Tech Blog Mental Health BlogA simple example of Windows PowerShell Just Enough Administration (JEA)!
Dear Microsoft and PowerShell Friends, Using PowerShell to establish a remote connection and then manage, for example, a domain controller or any other server that is a member of the domain, is really fun. But what about security? When I as a domain administrator establish a remote connection, I have a huge number of cmdlets at my disposal. #We start a "normal" remote connection and check how many cmdlets are available Enter-PSSession -ComputerName dc01 (Get-Command).count Maybe you (the administrator) do not always want to establish the remote connection to a specific server to process an existing task, but you would like to delegate this step to another person. But only in a way that this person cannot work with too many cmdlets. That's where PowerShell Just Enough Administration (JEA) comes in. With this technique you can, for example, provide a specific Active Directory group with exactly the number of cmdlets to perform the necessary work on the desired server. JEA is best suited for tasks that are clearly defined. JEA is not suitable for troubleshooting or research. The best place to start is in Active Directory: 1. Create a security group with the name Helpdesk in AD. 2. Add a user (or users) to the group After that we switch to the PowerShell ISE (on the server where you want to make the cmdlets available) or the one you trust (maybe VSCode ;-). #Are comments! #We navigate in to the following path Set-Location 'C:\Program Files\WindowsPowerShell\Modules' #Create a new directory New-Item -ItemType Directory Helpdesk #Navigate to the directory Set-Location Helpdesk #Create a new directory New-Item -ItemType Directory RoleCapabilities #Navigate to the directory Set-Location RoleCapabilities #Creates a file that defines a set of capabilities to be exposed through a session configuration New-PSRoleCapabilityFile -Path .\Helpdesk.psrc #Now we edit this file ISE .\Helpdesk.psrc In this file you can specify among others cmdlets, functions and also commands that can be used. In this example I provide "Get-Service" and "whoami". In a practical example, you would provide all the necessary commands/cmdlets needed for the specific task (just as the case may be). #Creates a file that defines a session configuration New-PSSessionConfigurationFile .\Helpdesk.pssc #Now we edit this file ISE .\Helpdesk.pssc In this file, you can specify the session configuration, a virtual administrator account, and user roles, among other things. #Let us check the settings Test-PSSessionConfigurationFile .\Helpdesk.pssc #Creates and registers a new session configuration Register-PSSessionConfiguration -Name Helpdesk -Path .\Helpdesk.pssc #We need to restart the WinRM Service Restart-Service WinRM #Gets the registered session configurations on the computer Get-PSSessionConfiguration Now switch to the system from which you want to establish a remote session. #We establish a connection Enter-PSSession -ComputerName dc01 -ConfigurationName Helpdesk -Credential grid\james.west #And check the number of cmdlets and the account created for the connection Get-Command We now have exactly the cmdlet and the command we specified. We also see that the session was established with a virtual account. This means that these credentials are not saved after the session ends. #Close the Session Exit-PSSession Back to the server. #(Optional) Deletes registered session configurations from the computer Unregister-PSSessionConfiguration -Name Helpdesk Clearly, that was not super spectacular or fancy. But I still wanted to share my experience with you. Thank you for taking the time to read this article. Kind regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerVideo: Mastering Azure using Cloud Shell, PowerShell and Bash!
I recorded my presentation and made it available for everyone. The presentation is a live demo and summary of my blog post “Mastering Azure with Cloud Shell“, which gives you an overview about the Cloud Shell and some of the advanced stuff you can do. In the session you learn: Overview about Cloud Shell Azure PowerShell and Bash experience Persistent Storage using Azure Files Azure Drive Third party tools Editors Visual Studio Code integration Using Git as Source Control Remote manage Azure virtual machines Integration of Cloud Shell in Microsoft Docs, Microsoft Learn and more Cloud Shell in the Azure Mobile App and more. I hope you enjoy watching it and let me know what you think in the comments.
Part 5 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, This article continues with the topic Microsoft Graph PowerShell SDK. Part 1 to 4 can be found here: https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3300352 https://techcommunity.microsoft.com/t5/windows-powershell/part-2-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3302366 https://techcommunity.microsoft.com/t5/windows-powershell/part-3-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3339696 https://techcommunity.microsoft.com/t5/windows-powershell/part-4-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3409310 This article is about connecting to Exchange Online. Remember: Connections to the Microsoft Graph are protected by one or more permission scopes. Service Scopes: Exchange Online (Focus in this article) Mail and Calendar SharePoint Online Files and Sites Microsoft Teams Teams, Channels, Chats and Members Mail Delegated Permissions: Mail.Read Allows reading mail in in user mailboxes Mail.ReadBasic Allows reading mail in the signed-in user's mailbox, except for body, bodyPreview, uniqueBody, attachments, extensions, and any extended properties Mail.ReadWrite Allows creating, reading, updating, and deleting mail in user mailboxes Mail.Read.Shared Allows reading mail that the user can access, including the user's own and shared mail Mail.ReadWrite.Shared Allows creating, reading, updating, and deleting mail that the user has permission to access, including the user's own and shared mail Mail.Send Allows sending mail as users in the organization Mail.Send.Shared Allows sending mail as the signed-in user, including sending on-behalf of others MailboxSettings.Read Allows reading user's mailbox settings MailboxSettings.ReadWrite Allows creating, reading, updating, and deleting user's mailbox settings IMAP.AccessAsUser.All Allows reading, updating, creating and deleting mail in user mailboxes POP.AccessAsUser.All Allows reading, updating, creating and deleting mail in user mailboxes SMTP.Send Allows sending mail as users in the organization Mail Application Permissions: Mail.Read Allows reading mail in all mailboxes without a signed-in user Mail.ReadBasic.All Allows reading all users mailboxes except Body, BodyPreview, UniqueBody, Attachments, ExtendedProperties, and Extensions Mail.ReadWrite Allows creating, reading, updating, and deleting mail in all mailboxes without a signed-in user Mail.Send Allows sending mail as any user without a signed-in user MailboxSettings.Read Allows reading user's mailbox settings without a signed-in user MailboxSettings.ReadWrite Allows creating, reading, updating, and deleting user's mailbox settings without a signed-in user Calendar Delegated Permissions: Calendars.Read Allows reading events in user calendars Calendars.Read.Shared Allows reading events in all calendars that the user can access, including delegate and shared calendars Calendars.ReadWrite Allows creating, reading, updating, and deleting events in user calendars Calendars.ReadWrite.Shared Allows creating, reading, updating, and deleting events in all calendars the user has permissions to access Calendar Application Permissions: Calendars.Read Allows reading events of all calendars without a signed-in user Calendars.ReadWrite Allows creating, reading, updating, and deleting events of all calendars without a signed-in user Connecting to Exchange Online: Set-Location C:\ Clear-Host #If needed Import-Module Microsoft.Graph #Set the API to the 'beta' endpoint Select-MgProfile -Name "beta" #We check the profile Get-MgProfile #Connection for Creating, Reading, Updating, and Deleting Mail $scopes = @("Mail.ReadWrite") Connect-MgGraph -Scopes $scopes #We search for my a UserID Get-MgUser #An example $User = Get-MgUser -UserId "ab8637c3-39ba-47f3-ad53-7fcd9a3f49a6" $mailfolders = Get-MgUserMailFolder -UserId $User.Id -All $mailfolders #Connection for Sending Mail as Users in the Organization $scopes = @("SMTP.Send") Connect-MgGraph -Scopes $scopes #Connection for Creating, Reading, Updating, and Deleting Events in User Calendars $scopes = @("Calendars.ReadWrite") Connect-MgGraph -Scopes $scopes #An example $User = Get-MgUser -UserId "ab8637c3-39ba-47f3-ad53-7fcd9a3f49a6" $calendar = Get-MgUserCalendar -UserId $User.Id -All $calendar #Core Connection for Managing Mail and Calendar $scopes = @("Mail.ReadWrite","Calendars.ReadWrite") Connect-MgGraph -Scopes $scopes So that's it again for part 5, we'll see you again in the next part! A little preview, in the next part we'll talk about SharePoint Online and Microsoft Teams in the Microsoft Graph. See you soon. I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
