Tag: PowerShell

Could not establish trust relationship for the SSL/TLS secure channel.

Working with some older Cisco ASA devices, I’m trying to access the ASDM interface. The browser isn’t giving me luck, so I turned to PowerShell to help me, but I get the following error when trying an Invoke-WebRequest to grab the asdm.jnlp file I need.

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Eh, ok. My first thought was to somehow avoid a certificate check but I did not see a native way of doing this with Invoke-WebRequest (at least from an old Server 2008 box with PowerShell v4.0).

StackOverflow to the rescue. Here’s the solution that worked for me.

if (-not("dummy" -as [type])) {
    add-type -TypeDefinition @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

public static class Dummy {
    public static bool ReturnTrue(object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors) { return true; }

    public static RemoteCertificateValidationCallback GetDelegate() {
        return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
    }
}
"@
}

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate()

Now I can add on my Invoke-WebRequest and everything works.

Get Enabled AD Users with Last Logon Time and Organizational Unit Information

This PowerShell script retrieves information about enabled Active Directory (AD) users, including their SAM account name, last logon time, and organizational unit (OU). The script makes use of several cmdlets and concepts that are common in PowerShell, including filtering, selecting, sorting, and transforming data.

Get-ADUser -Filter * -Properties lastLogon |
    Where-Object { $_.Enabled -eq $True } |
    Select-Object samaccountname, @{
        Name="lastLogon";
        Expression={[datetime]::FromFileTime($_.lastLogon)}
    }, @{
        Name="OU";
        Expression={( $_.distinguishedname -split ',' )[1].Split('=')[1]}
    } |
    Sort-Object OU |
    Where-Object { $_.OU -notmatch "CN=" }

Here is a detailed explanation of each part of the code:

  1. Get-ADUser cmdlet:

The Get-ADUser cmdlet is used to retrieve information about AD user objects. The -Filter parameter is used to specify that I want to retrieve all user objects, and the -Properties parameter is used to specify that I want to retrieve the lastLogon property.

  1. Where-Object cmdlet:

The Where-Object cmdlet is used to filter the results of the Get-ADUser cmdlet based on the Enabled property. In this case, I want to retrieve only those users that have their Enabled property set to $True.

  1. Select-Object cmdlet:

The Select-Object cmdlet is used to select specific properties from the filtered results. In this case, I want to select the samaccountnamelastLogon, and OU properties. The @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.lastLogon)}} expression is used to convert the lastLogon property from a file time format to a more readable date/time format. The @{Name="OU";Expression={( $_.distinguishedname -split ',' )[1].Split('=')[1]}} expression is used to extract the name of the OU from the DistinguishedName property.

  1. Sort-Object cmdlet:

The Sort-Object cmdlet is used to sort the selected results based on the distinguishedname property. In this case, I want to sort the results in ascending order by the distinguishedname property.

  1. Where-Object cmdlet:

The final Where-Object cmdlet is used to further filter the sorted results based on the distinguishedname property. In this case, I want to retrieve only those results where the distinguishedname property does not match the string “CN=”.

Check Windows Servers Activation Status

I needed a quick way to check activation status of Windows Servers in a domain. This is the solution I came up with using PowerShell to run the slmgr.vbs script for output. I’m not great with PowerShell, and I’m sure this can be cleaned up or made more efficient, but this ‘hack’ worked for me.

$computers = get-adcomputer -filter "OperatingSystem -Like '*Windows Server*' -and Enabled -eq 'True'" | select-object name

foreach($computer in $computers) {
	write-host $computer.name
	Invoke-Command { (cscript /Nologo "C:\Windows\System32\slmgr.vbs" /xpr) -join '' } -ComputerName $computer.name
}

The output will be one of the following, with variation to the edition:

Windows(R), ServerStandard edition:    Windows is in Notification mode
Windows Server(R), ServerDatacenter edition:    The machine is permanently activated.

Enable nested virtualization for VM in Hyper-V

Nested virtualization is available on Windows 10 build 19636 and later. As far as I understand, AMD support will be officially available as part of Windows 11 and Windows Server 2022. Both products are expected in the second half of 2021.

Enable Nested Virtualization

Get the virtual machine intending to enable nested virtualization on using Powershell.

get-vm

Now with the name of the VM, enable nested virtualization.

Set-VMProcessor -VMName 'Windows 11' -ExposeVirtualizationExtensions $True

Confirm Nested Virtualization is Enabled

To confirm nested virtualization is enabled for the VM, or any VM, use the following Powershell command.

(Get-VM 'proxmox ve 7.2' | Get-VMProcessor ).ExposeVirtualizationExtensions

Clear Windows Event Log and Reliability History Command Line

Clear all the Windows Event Logs, resetting reliability history, from the command line.

Command Line Method

for /F "tokens=*" %1 in ('wevtutil.exe el') do wevtutil.exe cl "%1"

Batch Script Method

@echo off
for /F "tokens=*" %%E in ('wevtutil.exe el') do wevtutil.exe cl "%%E"

Powershell Method

wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}