Tag: hyper-v

Posted on

Manage Active Directory Users And Computers Using Windows 10 Creators Edition In PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#Manage Active Directory Users And Computers Using Windows 10 Creators Edition Using PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#If you connect to a virtual machine using PowerShell Remote then you need to enable CredSSP to avoid Second-Hop or “Multi-Hop” Issues when managing Active Directory objects. CredSSP is always needed when connecting to a physical machine since PowerShell Direct only works when connecting to a virtual machine directly from the host computer.

#PowerShell Direct doesn’t have the “Second-Hop” issue when managing Windows Server 2016 from a Windows 10 Creators Edition virtual machine running Hyper-V. I have enabled the Hyper-V role on Windows 10 Professional and my physical machine is not joined to a domain. The Windows 10 virtual machine will need to be joined to the Active  Directory domain you intend to manage without making further “workgroup” related configuration changes.

Enter-PSSession -VMName Win10 -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Direct
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test
Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false #Unprotect OU=Test for intentional deletion
Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Remove-ADOrganizationalUnit -Verbose #Delete OU=Test

#The Longer Story…

#Create a new Organizational Unit in PowerShell Remote using just the computer name

#Without CredSSP enabled this command fails in PowerShell Remote

Enter-PSSession -ComputerName KERMIT -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Remote
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

#Create a new Organizational Unit in PowerShell Direct using just the computer name

#Just using OU=Test as an example to show how this command doesn’t fail in PowerShell Direct like it did in the previous example.

Enter-PSSession -VMName Win10 -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Direct
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

#Set –ProtectedFromAccidentalDeletion to $false on OU=Test so it can be deleted

#This needs to be done to allow the OU to be deleted.

Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false #Unprotect OU=Test for intentional deletion

#Delete OU=Test from -Server KERMIT.

#KERMIT is the NetBIOS computer name of my domain controller and not the domain NetBIOS name. They are different things.

Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Remove-ADOrganizationalUnit -Verbose #Delete OU=Test

 

Posted on

Enabling Remote Desktop Via PowerShell Direct From A Windows 10 Hyper-V Host Machine

#Enabling Remote Desktop Via PowerShell Direct From A Windows 10 Hyper-V Host Machine

#Note: This does not work on Windows 10 Home Edition.

#Just the code:

If (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server') {Get-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server'|Set-ItemProperty -Name fDenyTSConnections -Value 0 -PassThru|fl}
Get-NetFirewallRule -DisplayGroup "Remote Desktop"|Set-NetFirewallRule -enabled true -PassThru|select Name,DisplayName,Enabled,Profile|ft -a

#The Long Story…

#Yeah so PowerShell Direct doesn’t do everything and neither does PowerShell Remote.  Simply put, PowerShell Direct is a connection to a remote computer initiated with Enter-PSSession -VMName. PowerShell Remote uses WinRM to communicate and is initiated using Enter-PSSession -ComputerName. It is important to know the difference because each way of connecting doesn’t function exactly the same way. You will get errors in PowerShell Direct using commands that require the Background Intelligent Transfer Serviceor BITS, for one. BITS only works in PowerShell Remote.

#Sometimes using Remote Desktop isn’t even enough to do everything but you can do so much more running commands directly. Simple things like using Out-GridView for formatting complex command output needs to be run directly from the machine you are running PowerShell ISE on via a Remote Desktop session and PowerShell ISE. PowerShell Direct and PowerShell Remote sessions are not allowed to call on Out-Gridview at all.

#Note: These commands work in Windows 10 and in PowerShell Remote and PowerShell Direct.

These are the default Remote Desktop settings (Disabled)

#Enable the Remote Desktop Services (also known as RDP and Terminal Services)

#For maximum security only run this and the firewall command like I have shown above under #Just the code:.

If (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server') {Get-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server'|Set-ItemProperty -Name fDenyTSConnections -Value 0 -PassThru|fl}

#Check configured port number for Remote Desktop Services (RDS). The default incoming port is 3389 unless you change it.

Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\' -Name PortNumber -Verbose|ft -w #Check default Remote Desktop incoming port

#Open Firewall for Remote Desktop Services (RDS)

#Open the Windows Firewall for Remote Desktop Services.

Get-NetFirewallRule -DisplayGroup "Remote Desktop"|Set-NetFirewallRule -enabled true -PassThru|select Name,DisplayName,Enabled,Profile|ft -a

#Add users to the Remote Desktop Users group

#The default administrator account is automatically added so this is only needed if you have additional accounts to add. You can also add Active Directory domain user accounts and groups using domain\remoteuser credentials after the –Member switch.

Add-LocalGroupMember -Group 'Remote Desktop Users' -Member remoteuser -Verbose #username or domain\username will work

#Disable NLM authentication

#Allow older versions of Windows to connect with weaker authentication by issuing the following command. I would not disable NLM authentication unless you absolutely need to.

If (Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp') {Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'|Set-ItemProperty -Name UserAuthentication -Value 0 -PassThru|fl} #disable NLM authentication

#I’ve already disabled Remote Assistance so the settings look like the screenshot below for me once NLM authentication is disabled:

 

Posted on

Automatically Determine Unallocated Space And Expand Drive C In PowerShell After Expanding Virtual Hard Drive In Hyper-V

#Automatically Determine Unallocated Space And Expand Drive C In PowerShell After Expanding Drive In Hyper-V

#Code to automatically determine unallocated space and expand boot drive C.

#NOTE: I am not responsible if you muck everything up. I am working in a lab under optimal conditions. Always backup your critical data before messing with your hard drives and virtual machines. BACKUP BACKUP BACKUP!!! if you are doing this in a production environment. At least create a checkpoint in Hyper-V so you can go back if needed. I am not responsible for random code snippets I wrote or posted here. You choose what to run on your computers and I am not part of that decision or any undesired consequences. Ok then, moving on…

#Change $Drive2Expand = 'C' to whatever other drive you wish to expand but be aware that I am running Get-Disk with the IsBoot parameter equal to Yes. If you change $Drive2Expand to a non-boot drive these commands with fail.

#Just the code:

$Drive2Expand='C' #Change to the NTFS drive letter you want to expand
$VirtDiskNum=(Get-Disk -FriendlyName 'Msft Virtual Disk'|? IsBoot -eq Yes) #Get disk number of default hyper-v boot drive but change if expanding a secondary or non-boot drive
$PartitionNum=(Get-Partition -DriveLetter $Drive2Expand) #Get the partition number for drive c 
$PartSize=(Get-PartitionSupportedSize -DiskNumber $VirtDiskNum.number -PartitionNumber $PartitionNum.PartitionNumber) #Get partition info for drive c 
Resize-Partition -PartitionNumber $PartitionNum.PartitionNumber -Size $PartSize.SizeMax -DiskNumber $VirtDiskNum.number #Expand drive C using all unallocated space available

#The longer story…

#This used to be done with diskpart but PowerShell can get the job done without launching an application and is much more easily scripted.

#Run Get-Disk to get the disk number

#? is an alias to the where command. You can change IsBoot to any parameter or value listed with the Format-List command or fl in the code I type. I am basing this on working with virtual hard drives in Hyper-V but these command can be modified to address the same issues with physical drives.

Get-Disk|ft -a #If you have only one virtual disk installed then this command is fine.
Get-Disk -FriendlyName 'Msft Virtual Disk'|? IsBoot -eq Yes|fl #Get a list of the available parameters on an automatically created default boot drive

#Run Get-Partition on -DriveLetter C to get drive C configuration information

#Note the PartitionNumber in the command output as that will be needed for the rest of the commands. Change -DriveLetter to whatever drive you wish to expand.

Get-Partition -DriveLetter C

#Another option is to get only the PartitionNumber value instead of the standard output.

Get-PartitionSupportedSize -DiskNumber 0 -PartitionNumber $PartitionNum.PartitionNumber

#Check minimum and maximum supported sizes for the partition

Get-PartitionSupportedSize -DiskNumber 0 -PartitionNumber 4

#Use Resize-Partition to use the maximum size available to expand –PartitionNumber 4.

#I just copied and pasted the SizeMax number from above to the command below. I can’t screenshot this command at the moment since my drive is fully expanded but I update with screenshot soon.

Resize-Partition -PartitionNumber 4 -Size 2209358000 -DiskNumber 0 #Expand drive C using all unallocated space available

#SCREENSHOT PLACEHOLDER#

 

 

#Get free space on drive C

#The following commands are  to get the free space on drive C and display it in a friendly manor. This code is just for fun.  It is not really needed. Is just to show how to manipulate number results in PowerShell by converting the free space on drive C to a easily readable format. Many of the principles below can be applied to the results of the above commands.

$Free = (Get-PSDrive C) #Set drive information to variable
$Free = ($Free.free/1GB) #Get free space and divide by 1 gigabyte
$Free = ([math]::Round($Free,2)) #Round free space to two decimal places
Write-Host $Free'/GB Free on Drive C:\' #Display free space is an easily readable format

Posted on

Enable Hyper-V Role In Windows 10 Professional, Enterprise And Education Vs. Android Emulators

#Enable The Hyper-V Role in Windows 10 Professional, Enterprise Or Education Using PowerShell

#If this is the first time, and if if this will be the only time enabling the Hyper-V role in Windows 10, then this PowerShell command is all you need. If you need to switch the Hyper-V services on/off to avoid interference with other hypervisors and without removing the Hyper-V role then download Hyper-V Switch.

#Enable Hyper-V Role Using PowerShell

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Disable Hyper-V Role Using PowerShell

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

#The Long Story…

#Continue reading if you are having issues or are using a conflicting hypervisor or emulator and getting the dreaded Blue Screen of Death.

#Having Issues Enabling Hyper-V Role In Windows 10 Professional, Enterprise Or Education?

Check Requirements

  • Windows 10 Enterprise, Professional, or Education
  • 64-bit Processor with Second Level Address Translation (SLAT)
  • CPU support for VM Monitor Mode Extension (VT-c on Intel CPU’s)
  • Minimum of 4 GB memory

NOTE: The Hyper-V role cannot be installed on Windows 10 Home.

OK so beyond those requirements lies a different issue many are facing with the advent of Android based virtual machines and emulators.

BlueStacks Android Emulator and Andy Android Emulator both crash on load every time, when the Hyper-V role is active.  It looks like both used to work together before the Anniversary Edition update broke the support of Hyper-V and other emulators running at the same time. Here is the bulletin from BlueStacks regarding this issue.

I  want my computer to run everything and work right all the time, so I tried to install x86Android Android Emulator in Hyper-V as an alternative. Once I finally was able to get an older version to work; I found the touchscreen support / controls were unsuitable for my needs. The controls were pure garbage. I may revisit that scenario and try for a more complete configuration but BlueStacks Android Emulator is just so much more user friendly on every level. For now, I switch back and forth between a Hyper-V and a BlueStacks setup.

Here is what I found to switch Hyper-V on and off.  Previously, I was removing the Hyper-V role and adding it again when needed, but a caveat of doing that is the Hyper-V Virtual Switch Manager settings are lost in the process. The settings need to be recreated and reattached to each virtual machine, every time the role is reinstalled. You end up with a lot of orphaned network adapters.

!!!Hyper-V Switch To The Rescue!!!

Calm down. This utility doesn’t allow Hyper-V to run simultaneously with VMWare, VirtualBox or BlueStacks, but this great tool I found at least saves a reboot (it takes two reboots if you add and remove the Hyper-V role). Also, I don’t have to reconfigure Virtual Switch Manager every time I do it. This program automates a bcdedit process to disable Hyper-V without removing the Hyper-V role as part of the process.

Use Hyper-V Switch to toggle Hyper-V support on and off when using other emulators like VirtualBox or Andy Android Emulator to keep it fast and simple. I saved it to my Desktop and edited the executable file to Run as Administrator just to be sure it has the rights needed. You can also single right-click on the executable file or shortcut and then single left-click on Run as Administrator every time.

https://github.com/ygoe/HyperVSwitch – Download from GitHub

http://unclassified.software/apps/hypervswitch – Hyper-V Switch Website

#Enable The Hyper-V Role Using PowerShell manually or for the first time

#For the first and if the only time enabling the Hyper-V role then the command  below is all you need.

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Enable Hyper-V and all features.

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Type y and press Enter

#Disable The Hyper-V Role Using PowerShell

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

#Disable Hyper-V and all features

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V#Type y and press Enter

Manually Enable Hyper-V From The GUI

Windows Key-R to bring up the Run box.

Type optionalfeatures.exe and single left-click OK to execute (just means to run) optionalfeatures.exe. This method actually allows for more control of the Hyper-V installation since you can deselect unneeded features. For example, some people may not have any need for the Hyper-V Module for Windows PowerShell module if they don’t use PowerShell  or PowerShell Direct to administer any virtual machines.

Single left-click to select the Hyper-V option. Single left-click the Plus sign to expand if you need to select or deselect any of the default features. I use all the Hyper-V features so PowerShell for this installation works just fine for me. The end goal is to avoid moving my mouse as much as possible.

Proudly powered by WordPress