Disabling RDP access by PowerShell

When we have to do that, most of the times we try to change a registry key that will enable or disable RDP connectivity on a Windows Server or desktop. But sometimes, modifying the registry is not always convenient. For those out there who thinks there should be much easier way, this post is for them

You can enable RDP on a remote host by simply running the below two lines.

$tsobj = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace Root\CimV2\TerminalServices -ComputerName SERVER01$tsobj.SetAllowTSConnections(1,1)

Or, if you want to disable it…

$tsobj = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace Root\CimV2\TerminalServices -ComputerName SERVER01$tsobj.SetAllowTSConnections(0,0)

and waht about if you want to check if its currently enabled or disabled?

$tsobj = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace Root\CimV2\TerminalServices -ComputerName SERVER01$tsobj.AllowTSConnections

If you are wondering what are the 2 arguments for SetAllowTSConnections function, let me answer to that:

  • The first one represents AllowTSConnections(0 – disable, 1 – enable)
  • The second one represents ModifyFirewallException (0 – don’t modify firewall rules, 1 – modify firewall rules)

Till next time!

Moving VM disk to remote subscription

Hey Folks! In todays article I want to show you how to copy managed disks between Azure subscriptions using PowerShell.

Script is very easy in use. The only things which you should provide are variables on the beginning like subscription ids, resource groups etc. As a result .vhd file will be created under destination container on storage account.

Remember that Azure account under which script for copy managed disks between Azure subscriptions will be run should have permission in both subscriptions, otherwise script will retun error.

Let’s rock!

#Variables
$SourceRG = ''
$SourceSubscrpitionId = ''
$SourceTenantId = ''
$ManagedDiskName = ''
$DestinationRG = ''
$DestinationSubscriptionId = ''
$DestinationTenantId = ''
$DestinationStorageAccount = ''
$containerName = ''
$vhdName = $ManagedDiskName + '.vhd'
#Source
Select-AzSubscription -Subscription $SourceSubscrpitionId -Tenant $SourceTenantId
$grant = Grant-AzDiskAccess -ResourceGroupName $SourceRG -DiskName $ManagedDiskName -Access Read -DurationInSecond 10800
#Destination
Select-AzSubscription -Tenant $DestinationTenantId  -Subscription $DestinationSubscriptionId
$storageAccount = Get-AzStorageAccount -StorageAccountName $DestinationStorageAccount -ResourceGroupName $DestinationRG
if($storageAccount -eq $null)
{
New-AzStorageAccount -StorageAccountName $DestinationStorageAccount -ResourceGroupName $DestinationRG -Location "West Europe" -SkuName "Standard_LRS"
}
$storageAccountKey = Get-AzStorageAccountKey -ResourceGroupName $DestinationRG -Name $DestinationStorageAccount
$storageContext = New-AzStorageContext -StorageAccountName $DestinationStorageAccount -StorageAccountKey $storageAccountKey.Value[0]
$container = Get-AzStorageContainer $containerName -Context $storageContext -ErrorAction Ignore
if ($container -eq $null)
{
New-AzStorageContainer $containerName -Context $storageContext
}
#copy
$CopyToBlob = Start-AzStorageBlobCopy -AbsoluteUri $grant.AccessSAS -DestContainer $containerName -DestBlob $vhdName -DestContext $storageContext
#copystate
$State = $CopyToBlob | Get-AzStorageBlobCopyState
While($State.Status -eq "Pending"){
Start-Sleep 30
$State = $CopyToBlob | Get-AzStorageBlobCopyState
$PercentCompleted = [Math]::Round((($State.BytesCopied/$State.TotalBytes)*100))
Write-Host "$PercentCompleted % completed for managed disk $ManagedDiskName"
}

O365 PowerShell Module Installs

If you need to configure a new machine in order to execute o365 PS commands, this is your post. You can see similar information in Todd Klindt’s post

suppress the warning you get when installing from the PowerShell Gallery, run this:

Set-PSRepository -Name PSGallery -InstallationPolicy Trusted

Official Microsoft Modules

Sign-in assistant (needed for MSOL and AzureAD Modules)

Microsoft Online
Original Tenant Directory Management
Prefix: MSOL
Install-Module -Name MSOnline

AzureAD
Newer Tenant Directory Management
Prefix: AzureAD
Install-Module azuread

AzureADPreview
Latest Tenant Directory Management
Prefix: AzureAD
Install-Module -Name AzureADPreview

SharePoint Online
Manage SharePoint sites and related services
Prefix: SPO
Install-Module -Name Microsoft.Online.SharePoint.PowerShell

Teams
Microsoft Teams Management
Prefix: Team
Install-Module MicrosoftTeams

Skype for Business
(No PowerShell module install from Gallery)

Flow and PowerApps
Flow and PowerApps management
Prefix: No Prefix
Install-Module -Name Microsoft.PowerApps.PowerShell
Install-Module -Name
 Microsoft.PowerApps.Administration.PowerShell –AllowClobber
(First module works for user, add the second module for Admin management cmdlets)

3rd Party Installs

SharePoint PnP PowerShell
Essential to manage SharePoint and related technologies
Install-Module SharePointPnPPowerShellOnline

Credential Manager
Used to create and retrieve Windows Stored Credentials
Install-Module credentialmanager

If you only need to update the modules, you can execute the follwing command: Update-Module cmdlet.

PowerShell Alternative Proxy Address

Hi!

I was doing some powershelling for a client, and then I was trying to do an export from the proxyaddresses, but when I tried to export to CSV in the output file I was receiving something similar to System.Collections.Generic.List`1[System.String] in that field.

So, if you are facing an error similar to that, you need just to convert the field in order to export it. So you will need to execute something similar to that:

get-azureaduser | select-object  UserPrincipalName,@{Name=”proxyaddresses”;Expression={$_.ProxyAddresses}}, DisplayName | export-csv -path C:\export.csv

that’s all, pretty simple, isn’t it

Exporting credentials in XML

Working as a consultant, from time to time you receive some petitions from your customers in order to facilitate their daily lives.

The other day I receive a petition to save user credentials, and to not prompt for them, is it very easy to do it, lets crack into it:

#Save credentials to file

Get-Credential | Export-Clixml -Path C:\aar\credentials.xml

#Import credentials from file

$credentials = Import-Clixml -Path c:\aar\credentials.xml

Once you have done this, you can include this last line into your scripts pointing to the location where you stored the credentials. Simply as follows:

azuread.png

Error connecting to SharePoint Online with PowerShell

While I was doing some PowerShell scripting for a client, I received a weird error in SharePoint Online, the console it was throwing errors like “Unauthorized” and “…the web site does not support SharePoint Online credentials” even though my username and password is fine.

I tried with Connect-PnPOnline and other legacy commands, with the same bad result, but what is happenning backwards?

SharePoint Online has a setting named “LegacyAuthProtocolsEnabled” with the purpose “Prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources .”.

By default this is allowed in all tenants. But as an administrator it is possible to tighten up the security and disallow us to login with these non-modern approaches.

More details can be found here: https://technet.microsoft.com/en-in/library/fp161390.aspx

Solution

1. Start using modern authentication (recommended)

Check if your application support the use of modern authentication through either WebLogin or using application credentials (ClientId/ClientSecret) authentication. This is advice to be the recommended and a more secure approach.

2. Re-enable support for legacy apps

connect-sposervice “https://tenant-admin.sharepoint.com”
set-spotenant -legacyauthprotocolsenabled $True

Updating SharePoint Online tenant settings does not take immediate effect. So is it possible that you will need to wait a while, exact how long can be from from minutes to 24 hours with the different settings.

Till next time!

 

Unable to discover PowerShell endpoing URI error

While I was trying to connect to the S4B Online admin center by PowerShell I received the following error: “Unable to discover PowerShell endpoing URI”

I used the following PowerShell commands to connect to the admincenter:

error.png

So, as you can see the only method allowed to connect to the S4B admin center is by explicity using the domain:

$cssession = New-CsOnlineSession –Credential $credential –OverrideAdminDomain “domainname.onmicrosoft.com”

It is very straightforward to solve the error, but I hope that it will help someone

How to replicate a SharePoint farm

Hi!

The other day I found this interesting article from Nik Charlebois, he talks about how to automate a replicate farm of SharePoint, this farm can be used as development farm or even Test farm.

What he is explaining in the article, is how can we retrieve all the information from our SharePoint 2013/2016 farm by PowerShell (he wrote a PS1 to do that) and collect all this information to create a series of PowerShell codes.

Once this information has been retrieved, is it possible to replicate your environment to another location on-premises.

Hope it helps!

 

How to Disable “Open with Explorer” View

Hi!

In a project we got a requirement to hide the “Open with explorer view” from the ribbon, this can be done by PowerShell by creating a custom action in the library/list

The following code will be used to hide the action from the ribbon:

$sites = get-spwebapplication http://yourwebappurl | Get-spsite -limit ALL
foreach ($site in $sites) {
foreach ($web in $site.AllWebs) {
foreach ($list in $web.Lists) {
$CustomAction = $list.UserCustomActions.Add()
$CustomAction.Title = "Hide Explorer View"
$CustomAction.Location = "CommandUI.Ribbon"
$CustomAction.commandUIExtension = "
<CommandUIExtension>
<CommandUIDefinitions>
<CommandUIDefinition Location='Ribbon.Library.Actions.OpenWithExplorer' />
</CommandUIDefinitions>
</CommandUIExtension>"
$CustomAction.Update();
}
}
}

After the code has been executed, the action will disappear from the ribbon.

If you need to recover the action from the ribbon, the following PowerShell can be used for this:

$CustomActionTitle = "Hide Explorer View"
$sites = get-spwebapplication http://yoururlwebapp | Get-spsite -limit ALL
foreach ($site in $sites) {
foreach ($web in $site.AllWebs) {
foreach ($list in $web.Lists) {
$CustomAction = $list.UserCustomActions | where {$_.title -eq $CustomActionTitle}

#Delete the custom action from list
if ($CustomAction)
{
    $CustomAction.Delete()
}
}
}
}

That’s all!

Ref.http://www.sharepointdiary.com/2015/03/how-to-disable-open-with-explorer-view-in-sharepoint-2013.html

Run IISReset on All Servers in your farm at the same time

In case you have a large number of servers in a farm, the following script will help you to do a iisreset in all servers at the same time:

#Specify servers in an array variable
[array]$servers = “Server1″,”Server2″,….”

#Step through each server in the array and perform an IISRESET
foreach ($server in $servers)
{
Write-Host “Restarting IIS on server $server…”
IISRESET $server /noforce
Write-Host “IIS status for server $server”
IISRESET $server /status
}
Write-Host IIS has been restarted on all servers

Till next time!