Disabling RDP access by PowerShell

When we have to do that, most of the times we try to change a registry key that will enable or disable RDP connectivity on a Windows Server or desktop. But sometimes, modifying the registry is not always convenient. For those out there who thinks there should be much easier way, this post is for them

You can enable RDP on a remote host by simply running the below two lines.

$tsobj = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace Root\CimV2\TerminalServices -ComputerName SERVER01$tsobj.SetAllowTSConnections(1,1)

Or, if you want to disable it…

$tsobj = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace Root\CimV2\TerminalServices -ComputerName SERVER01$tsobj.SetAllowTSConnections(0,0)

and waht about if you want to check if its currently enabled or disabled?

$tsobj = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace Root\CimV2\TerminalServices -ComputerName SERVER01$tsobj.AllowTSConnections

If you are wondering what are the 2 arguments for SetAllowTSConnections function, let me answer to that:

• The first one represents AllowTSConnections(0 – disable, 1 – enable)
• The second one represents ModifyFirewallException (0 – don’t modify firewall rules, 1 – modify firewall rules)

Till next time!

Advertisement

Moving VM disk to remote subscription

Hey Folks! In todays article I want to show you how to copy managed disks between Azure subscriptions using PowerShell.

Script is very easy in use. The only things which you should provide are variables on the beginning like subscription ids, resource groups etc. As a result .vhd file will be created under destination container on storage account.

Remember that Azure account under which script for copy managed disks between Azure subscriptions will be run should have permission in both subscriptions, otherwise script will retun error.

Let’s rock!

#Variables
$SourceRG = ''
$SourceSubscrpitionId = ''
$SourceTenantId = ''
$ManagedDiskName = ''
$DestinationRG = ''
$DestinationSubscriptionId = ''
$DestinationTenantId = ''
$DestinationStorageAccount = ''
$containerName = ''
$vhdName = $ManagedDiskName + '.vhd'
#Source
Select-AzSubscription -Subscription $SourceSubscrpitionId -Tenant $SourceTenantId
$grant = Grant-AzDiskAccess -ResourceGroupName $SourceRG -DiskName $ManagedDiskName -Access Read -DurationInSecond 10800
#Destination
Select-AzSubscription -Tenant $DestinationTenantId  -Subscription $DestinationSubscriptionId
$storageAccount = Get-AzStorageAccount -StorageAccountName $DestinationStorageAccount -ResourceGroupName $DestinationRG
if($storageAccount -eq $null)
{
New-AzStorageAccount -StorageAccountName $DestinationStorageAccount -ResourceGroupName $DestinationRG -Location "West Europe" -SkuName "Standard_LRS"
}
$storageAccountKey = Get-AzStorageAccountKey -ResourceGroupName $DestinationRG -Name $DestinationStorageAccount
$storageContext = New-AzStorageContext -StorageAccountName $DestinationStorageAccount -StorageAccountKey $storageAccountKey.Value[0]
$container = Get-AzStorageContainer $containerName -Context $storageContext -ErrorAction Ignore
if ($container -eq $null)
{
New-AzStorageContainer $containerName -Context $storageContext
}
#copy
$CopyToBlob = Start-AzStorageBlobCopy -AbsoluteUri $grant.AccessSAS -DestContainer $containerName -DestBlob $vhdName -DestContext $storageContext
#copystate
$State = $CopyToBlob | Get-AzStorageBlobCopyState
While($State.Status -eq "Pending"){
Start-Sleep 30
$State = $CopyToBlob | Get-AzStorageBlobCopyState
$PercentCompleted = [Math]::Round((($State.BytesCopied/$State.TotalBytes)*100))
Write-Host "$PercentCompleted % completed for managed disk $ManagedDiskName"
}


SPO: Remove a Document Library that used to contain records

When you use “declare record” in a SharePoint Online library it makes the library un-deletable.

Even if you undeclare all records and remove all the files the “remove library” setting will be unavailable from the document library settings page in the UI.

Luckily this is easily remidied with some PnP PowerShell

Connect-PnPOnline https://.sharepoint.com -Credentials 
$list = Get-PnPList -Identity ""
$list.AllowDeletion = $true
$list.Update()
Remove-PnPList $list -Force

Disabling Teams Creation Prompt in SharePoint Online

The other day a customer asked me why when they access to SPO TS, appears the owners an option saying that a Team has not been associated with a SharePoint Online site, like the image above:

In same scenarios this could lead a problem, taking into account that this kind of things should be governed from the governance plan.

In this case, we can use some PowerShell to hide some propertybags in SPO to hide this option to all users, leading to us to create Teams from the admin site directly.

So we can execute the following:

$tenant = "https://spotenant-admin.sharepoint.com"
$web = "https://spotenant.sharepoint.com/sites/Modernsposite"

Connect-PnPOnline -Url $tenant -SPOManagementShell
$site = Get-PnPTenantSite -Detailed -Url $web
if ($site.DenyAddAndCustomizePages -ne 'Disabled') {
    $site.DenyAddAndCustomizePages = 'Disabled'
    $site.Update()
    $site.Context.ExecuteQuery()
}

Set-PnPPropertyBagValue -Key 'TeamifyHidden' -Value 'True'

Once this has been done, if you refresh the homepage after setting the value, the dialog box to create Teams should no longer appear.

Disabling Accelerated Networking on Azure

This a thing that I had to do in the past, first, not all VM size support Accelerated Network, the supported OS and VM size can be found here:

https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-cli

https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-powershell

In order to make the change I had to so deallocate the VM and execute the following PowerShell:

$nic = Get-AzureRmNetworkInterface -ResourceGroupName "RGName" -Name "VMName"

$nic.EnableAcceleratedNetworking = $false

$nic | Set-AzureRmNetworkInterface

Once I did this, I was able to change the size of the VM.

And of course, if you want to change the state of accelerated networking in a scale set, the procedure is slightly different:

Stop-AzVmss -ResourceGroupName "RG-name" -VMScaleSetName "vmss-name"

$vmss = Get-AzVmss -ResourceGroupName "RGName" -VMScaleSetName "vmss-name"

$vmss.VirtualMachineProfile.NetworkProfile.NetworkInterfaceConfigurations[0].EnableAcceleratedNetworking = $false

Update-AzVmss -ResourceGroupName "RGName" `
    -VMScaleSetName "vmss-name" `
    -VirtualMachineScaleSet $vmss

I changed the size of the VM Scale Set and then…

Start-AzVmss -ResourceGroupName "RGname" -VMScaleSetName "vmss-name"

 
That’s all

Office 365 Set mailbox default language

When I have to set up new O365 tenants in order to do PoC or even to  do large migrations, it might be convenient to change the default mailbox language settings for all the end users. By default each user needs to set the default language and time zone at first login to OWA in Office 365, if not you can find some problems due to this feature

With the following PowerShell Script you should be able to change it within a few seconds. Change it accordingly.

get-mailbox | Set-MailboxRegionalConfiguration -LocalizeDefaultFolderName: $true -DateFormat d/M/yyyy -Language 1027 -TimeZone "W. Europe Standard Time"

You can find the Local ID in the following web

That’s all folks!

O365 PowerShell Module Installs

If you need to configure a new machine in order to execute o365 PS commands, this is your post. You can see similar information in Todd Klindt’s post

suppress the warning you get when installing from the PowerShell Gallery, run this:

Set-PSRepository -Name PSGallery -InstallationPolicy Trusted

Official Microsoft Modules

Sign-in assistant (needed for MSOL and AzureAD Modules)

Microsoft Online
Original Tenant Directory Management
Prefix: MSOL
Install-Module -Name MSOnline

AzureAD
Newer Tenant Directory Management
Prefix: AzureAD
Install-Module azuread

AzureADPreview
Latest Tenant Directory Management
Prefix: AzureAD
Install-Module -Name AzureADPreview

SharePoint Online
Manage SharePoint sites and related services
Prefix: SPO
Install-Module -Name Microsoft.Online.SharePoint.PowerShell

Teams
Microsoft Teams Management
Prefix: Team
Install-Module MicrosoftTeams

Skype for Business
(No PowerShell module install from Gallery)

Flow and PowerApps
Flow and PowerApps management
Prefix: No Prefix
Install-Module -Name Microsoft.PowerApps.PowerShell
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell –AllowClobber
(First module works for user, add the second module for Admin management cmdlets)

3rd Party Installs

SharePoint PnP PowerShell
Essential to manage SharePoint and related technologies
Install-Module SharePointPnPPowerShellOnline

Credential Manager
Used to create and retrieve Windows Stored Credentials
Install-Module credentialmanager

If you only need to update the modules, you can execute the follwing command: Update-Module cmdlet.

PowerShell Alternative Proxy Address

Hi!

I was doing some powershelling for a client, and then I was trying to do an export from the proxyaddresses, but when I tried to export to CSV in the output file I was receiving something similar to System.Collections.Generic.List`1[System.String] in that field.

So, if you are facing an error similar to that, you need just to convert the field in order to export it. So you will need to execute something similar to that:

get-azureaduser | select-object  UserPrincipalName,@{Name=”proxyaddresses”;Expression={$_.ProxyAddresses}}, DisplayName | export-csv -path C:\export.csv

that’s all, pretty simple, isn’t it

Microsoft Teams Administrator Roles

As you know, Microsoft has created four new roles specifically for admins responsible for Microsoft Teams.

Let’s dig in which roles do we have available in O365:

Teams service admin

Can manage all aspects of Microsoft Teams except license assignment. This includes policies for calling, messaging, and meetings; use of call analytics tools to troubleshoot telephony issues, and management of users and their telephony settings.

They can also manage Office 365 Groups.

Teams communications admin

Can manage calling and meeting features of Microsoft Teams, including phone number assignments and meeting policies.

They can also use call analytics tools to troubleshoot issues.

Teams communications support engineer

Can troubleshoot communication issues in Teams using call analytics tools, and can view full call record information for all participants involved.

Teams communications support specialist

Can troubleshoot communication issues in Teams using call analytics tools, and can view call record information for the specific user being searched for.

But I want to use PowerShell to check the roles and assign them

Yes, you can use PowerShell to check it out those roles and assign them, let’s do it 🙂

Get–MsolRole |? {$_.Name –like “Teams”} |ft Name,Description –Autosize

And if you want to assign the role…

Add–MsolRoleMember –RoleName “Teams Communications Administrator” –RoleMemberEmailAddress “user@domain.com”

Till next time folks!

Exporting credentials in XML

Working as a consultant, from time to time you receive some petitions from your customers in order to facilitate their daily lives.

The other day I receive a petition to save user credentials, and to not prompt for them, is it very easy to do it, lets crack into it:

#Save credentials to file

Get-Credential | Export-Clixml -Path C:\aar\credentials.xml

#Import credentials from file

$credentials = Import-Clixml -Path c:\aar\credentials.xml

Once you have done this, you can include this last line into your scripts pointing to the location where you stored the credentials. Simply as follows: