hyper-v

June 1, 2017January 20, 2025

Manage Active Directory Users And Computers Using Windows 10 In PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#Manage Active Directory Users And Computers Using Windows 10 in PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#When connecting to a virtual machine using PowerShell Remoting, enabling CredSSP (Credential Security Support Provider) is essential to avoid “Second-Hop” or “Multi-Hop” issues when managing Active Directory objects. CredSSP is particularly necessary when connecting to physical machines, as PowerShell Direct only functions when connecting directly from the host computer to a virtual machine.

#PowerShell Direct does not encounter the “Second-Hop” problem when managing Windows Server 2016 from a Windows 10 virtual machine running Hyper-V. Since I have enabled the Hyper-V role on my Windows 10 Professional system and my physical machine is not part of a domain, the Windows 10 virtual machine must be joined to the Active Directory domain that I intend to manage. This setup avoids additional configuration changes related to workgroup settings.

Enter-PSSession -VMName Win10 -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Direct
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test
Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false #Unprotect OU=Test for intentional deletion
Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Remove-ADOrganizationalUnit -Verbose #Delete OU=Test

Enter-PSSession -VMName Win10 -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Direct

New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false #Unprotect OU=Test for intentional deletion

Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Remove-ADOrganizationalUnit -Verbose #Delete OU=Test

#The Longer Story…

#Create a new Organizational Unit in PowerShell Remote using just the computer name

#Without CredSSP enabled this command fails in PowerShell Remote which is initiated by using-ComputerName with Enter-PSSession

Enter-PSSession -ComputerName KERMIT -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Remote
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

Enter-PSSession -ComputerName KERMIT -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Remote

New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

#Create a new Organizational Unit in PowerShell Direct using just the virtual machine name

#Just using OU=Test as an example to show how this command doesn’t fail in PowerShell Direct using -VMName like it did in the previous example using -ComputerName.

Enter-PSSession -VMName Win10 -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Direct
New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

1 2	Enter-PSSession -VMName Win10 -Credential DOMAIN\administrator #Connect to a Windows 10 Creators Edition virtual machine using PowerShell Direct New-ADOrganizationalUnit -Server KERMIT -Name Test -Description 'Administrator Rights' -DisplayName Test -PassThru -Verbose #Create a new OU called Test

#Set `–ProtectedFromAccidentalDeletion` to `$false` on `OU=Test` so it can be deleted

#This needs to be done to allow the OU to be deleted.

Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false #Unprotect OU=Test for intentional deletion

1	Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'\|Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false #Unprotect OU=Test for intentional deletion

#Delete `OU=Test` from `-Server KERMIT`.

#KERMIT is the NetBIOS computer name of my domain controller and not the domain NetBIOS name. They are different things.

Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'|Remove-ADOrganizationalUnit -Verbose #Delete OU=Test

1	Get-ADOrganizationalUnit -Server KERMIT -Identity 'OU=Test,DC=domain,DC=muppetlabs,DC=com'\|Remove-ADOrganizationalUnit -Verbose #Delete OU=Test

May 17, 2017January 20, 2025

Enabling Remote Desktop Via PowerShell Direct From A Windows 10 Hyper-V Host Machine

#Enabling Remote Desktop Via PowerShell Direct From A Windows 10 Hyper-V Host Machine

#Note: This does not work on Windows 10 Home Edition.

#Just the code:

If (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server') {Get-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server'|Set-ItemProperty -Name fDenyTSConnections -Value 0 -PassThru|fl}
Get-NetFirewallRule -DisplayGroup "Remote Desktop"|Set-NetFirewallRule -enabled true -PassThru|select Name,DisplayName,Enabled,Profile|ft -a

If (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server') {Get-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server'|Set-ItemProperty -Name fDenyTSConnections -Value 0 -PassThru|fl}

Get-NetFirewallRule -DisplayGroup "Remote Desktop"|Set-NetFirewallRule -enabled true -PassThru|select Name,DisplayName,Enabled,Profile|ft -a

#The Long Story…

#Yeah so PowerShell Direct doesn’t do everything and neither does PowerShell Remote. Simply put, PowerShell Direct is a connection to a remote computer initiated with Enter-PSSession -VMName. PowerShell Remote uses WinRM to communicate and is initiated using Enter-PSSession -ComputerName. It is important to know the difference because each way of connecting doesn’t function exactly the same way. You will get errors in PowerShell Direct using commands that require the Background Intelligent Transfer Service, or BITS, for one. BITS only works in PowerShell Remote.

#Sometimes using Remote Desktop isn’t even enough to do everything but you can do so much more running commands directly. Simple things like using Out-GridView for formatting complex command output needs to be run directly from the machine you are running PowerShell ISE on via a Remote Desktop session and PowerShell ISE. PowerShell Direct and PowerShell Remote sessions are not allowed to call on Out-Gridview at all.

#Note: These commands work in Windows 10 and in PowerShell Remote and PowerShell Direct.

These are the default Remote Desktop settings (Disabled)

#Enable the Remote Desktop Services (also known as RDP and Terminal Services)

#For maximum security only run this and the firewall command like I have shown above under #Just the code:.

If (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server') {Get-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server'|Set-ItemProperty -Name fDenyTSConnections -Value 0 -PassThru|fl}

1	If (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server') {Get-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server'\|Set-ItemProperty -Name fDenyTSConnections -Value 0 -PassThru\|fl}

#Check configured port number for Remote Desktop Services (RDS). The default incoming port is `3389` unless you change it.

Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\' -Name PortNumber -Verbose|ft -w #Check default Remote Desktop incoming port

1	Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\' -Name PortNumber -Verbose\|ft -w #Check default Remote Desktop incoming port

#Open Firewall for Remote Desktop Services (RDS)

#Open the Windows Firewall for Remote Desktop Services.

Get-NetFirewallRule -DisplayGroup "Remote Desktop"|Set-NetFirewallRule -enabled true -PassThru|select Name,DisplayName,Enabled,Profile|ft -a

1	Get-NetFirewallRule -DisplayGroup "Remote Desktop"\|Set-NetFirewallRule -enabled true -PassThru\|select Name,DisplayName,Enabled,Profile\|ft -a

#Add users to the Remote Desktop Users group

#The default administrator account is automatically added so this is only needed if you have additional accounts to add. You can also add Active Directory domain user accounts and groups using domain\remoteuser credentials after the –Member switch.

Add-LocalGroupMember -Group 'Remote Desktop Users'&nbsp;-Member remoteuser -Verbose #username or domain\username will work

1	Add-LocalGroupMember -Group 'Remote Desktop Users' -Member remoteuser -Verbose #username or domain\username will work

#Disable NLM authentication

#Allow older versions of Windows to connect with weaker authentication by issuing the following command. I would not disable NLM authentication unless you absolutely need to.

If (Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp') {Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'|Set-ItemProperty -Name UserAuthentication -Value 0 -PassThru|fl} #disable NLM authentication

1	If (Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp') {Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'\|Set-ItemProperty -Name UserAuthentication -Value 0 -PassThru\|fl} #disable NLM authentication

#I’ve already disabled Remote Assistance so the settings look like the screenshot below for me once NLM authentication is disabled:

May 5, 2017January 20, 2025

Automatically Determine Unallocated Space And Expand Drive C In PowerShell After Expanding Virtual Hard Drive In Hyper-V

#Automatically Determine Unallocated Space And Expand Drive C In PowerShell After Expanding Drive In Hyper-V

#Code to automatically determine unallocated space and expand boot drive `C`.

#NOTE: I am not responsible if you muck everything up. I am working in a lab under optimal conditions. Always backup your critical data before messing with your hard drives and virtual machines. BACKUP BACKUP BACKUP!!! if you are doing this in a production environment. At least create a checkpoint in Hyper-V so you can go back if needed. I am not responsible for random code snippets I wrote or posted here. You choose what to run on your computers and I am not part of that decision or any undesired consequences. Ok then, moving on…

#Change $Drive2Expand = 'C' to whatever other drive you wish to expand but be aware that I am running Get-Disk with the IsBoot parameter equal to Yes. If you change $Drive2Expand to a non-boot drive these commands with fail.

#Just the code:

$Drive2Expand='C' #Change to the NTFS drive letter you want to expand
$VirtDiskNum=(Get-Disk -FriendlyName 'Msft Virtual Disk'|? IsBoot -eq Yes) #Get disk number of default hyper-v boot drive but change if expanding a secondary or non-boot drive
$PartitionNum=(Get-Partition -DriveLetter $Drive2Expand) #Get the partition number for drive c 
$PartSize=(Get-PartitionSupportedSize -DiskNumber $VirtDiskNum.number -PartitionNumber $PartitionNum.PartitionNumber) #Get partition info for drive c 
Resize-Partition -PartitionNumber $PartitionNum.PartitionNumber -Size $PartSize.SizeMax -DiskNumber $VirtDiskNum.number #Expand drive C using all unallocated space available

$Drive2Expand='C' #Change to the NTFS drive letter you want to expand

$VirtDiskNum=(Get-Disk -FriendlyName 'Msft Virtual Disk'|? IsBoot -eq Yes) #Get disk number of default hyper-v boot drive but change if expanding a secondary or non-boot drive

$PartitionNum=(Get-Partition -DriveLetter $Drive2Expand) #Get the partition number for drive c

$PartSize=(Get-PartitionSupportedSize -DiskNumber $VirtDiskNum.number -PartitionNumber $PartitionNum.PartitionNumber) #Get partition info for drive c

Resize-Partition -PartitionNumber $PartitionNum.PartitionNumber -Size $PartSize.SizeMax -DiskNumber $VirtDiskNum.number #Expand drive C using all unallocated space available

#The longer story…

#This used to be done with diskpart but PowerShell can get the job done without launching an application and is much more easily scripted.

#Run Get-Disk to get the disk number

#? is an alias to the where command. You can change IsBoot to any parameter or value listed with the Format-List command or fl in the code I type. I am basing this on working with virtual hard drives in Hyper-V but these command can be modified to address the same issues with physical drives.

Get-Disk|ft -a #If you have only one virtual disk installed then this command is fine.
Get-Disk -FriendlyName 'Msft Virtual Disk'|? IsBoot -eq Yes|fl #Get a list of the available parameters on an automatically created default boot drive

1 2	Get-Disk\|ft -a #If you have only one virtual disk installed then this command is fine. Get-Disk -FriendlyName 'Msft Virtual Disk'\|? IsBoot -eq Yes\|fl #Get a list of the available parameters on an automatically created default boot drive

#Run `Get-Partition` on `-DriveLetter C` to get drive `C` configuration information

#Note the PartitionNumber in the command output as that will be needed for the rest of the commands. Change -DriveLetter to whatever drive you wish to expand.

Get-Partition -DriveLetter C

1	Get-Partition -DriveLetter C

#Another option is to get only the `PartitionNumber` value instead of the standard output.

Get-PartitionSupportedSize -DiskNumber 0 -PartitionNumber $PartitionNum.PartitionNumber

1	Get-PartitionSupportedSize -DiskNumber 0 -PartitionNumber $PartitionNum.PartitionNumber

#Check minimum and maximum supported sizes for the partition

Get-PartitionSupportedSize -DiskNumber 0 -PartitionNumber 4

1	Get-PartitionSupportedSize -DiskNumber 0 -PartitionNumber 4

#Use `Resize-Partition` to use the maximum size available to expand –`PartitionNumber 4`.

#I just copied and pasted the SizeMax number from above to the command below. I can’t screenshot this command at the moment since my drive is fully expanded but I update with screenshot soon.

Resize-Partition -PartitionNumber 4 -Size 2209358000 -DiskNumber 0 #Expand drive C using all unallocated space available

1	Resize-Partition -PartitionNumber 4 -Size 2209358000 -DiskNumber 0 #Expand drive C using all unallocated space available

#SCREENSHOT PLACEHOLDER#

#Get free space on drive `C`

#The following commands are to get the free space on drive C and display it in a friendly manor. This code is just for fun. It is not really needed. Is just to show how to manipulate number results in PowerShell by converting the free space on drive C to a easily readable format. Many of the principles below can be applied to the results of the above commands.

$Free = (Get-PSDrive C) #Set drive information to variable
$Free = ($Free.free/1GB) #Get free space and divide by 1 gigabyte
$Free = ([math]::Round($Free,2)) #Round free space to two decimal places
Write-Host $Free'/GB Free on Drive C:\' #Display free space is an easily readable format

$Free = (Get-PSDrive C) #Set drive information to variable

$Free = ($Free.free/1GB) #Get free space and divide by 1 gigabyte

$Free = ([math]::Round($Free,2)) #Round free space to two decimal places

Write-Host $Free'/GB Free on Drive C:\' #Display free space is an easily readable format

April 17, 2017January 20, 2025

Enable Hyper-V Role In Windows 10 Professional, Enterprise And Education Vs. Android Emulators

#Enable The Hyper-V Role in Windows 10 Professional, Enterprise Or Education Using PowerShell

#If this is the first time, and if if this will be the only time enabling the Hyper-V role in Windows 10, then this PowerShell command is all you need. If you need to switch the Hyper-V services on/off to avoid interference with other hypervisors and without removing the Hyper-V role then download Hyper-V Switch.

#Enable Hyper-V Role Using PowerShell

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

1	Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Disable Hyper-V Role Using PowerShell

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

1	Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

#The Long Story…

#Continue reading if you are having issues or are using a conflicting hypervisor or emulator and getting the dreaded Blue Screen of Death.

#Having Issues Enabling Hyper-V Role In Windows 10 Professional, Enterprise Or Education?

Check Requirements

Windows 10 Enterprise, Professional, or Education
64-bit Processor with Second Level Address Translation (SLAT)
CPU support for VM Monitor Mode Extension (VT-c on Intel CPU’s)
Minimum of 4 GB memory

NOTE: The Hyper-V role cannot be installed on Windows 10 Home.

Many users have experienced issues with Android-based virtual machines and emulators, especially BlueStacks and Andy Android Emulator, which crash on startup when the Hyper-V role is active. This problem seems to have arisen after the Anniversary Update, which broke compatibility between Hyper-V and these emulators. Fortunately, recent updates to BlueStacks have addressed this issue. As of June 2023, BlueStacks now supports running with Hyper-V enabled when using Android 9 Pie instances. This means you can enjoy both Hyper-V functionalities and BlueStacks without having to constantly toggle Hyper-V on and off.

In my previous attempts to find a workaround, I installed the x86Android Android Emulator in Hyper-V. Although I managed to get an older version running, I found its touchscreen support and controls inadequate for my needs. Given BlueStacks’ user-friendly interface and overall better experience, I prefer to switch between Hyper-V and BlueStacks setups as necessary. Previously, I would remove and reinstall the Hyper-V role whenever needed, but this approach has a significant drawback: it results in the loss of Hyper-V Virtual Switch Manager settings. Each time I reinstall Hyper-V, I have to recreate these settings and reattach them to each virtual machine, leading to numerous orphaned network adapters. For those who want a seamless experience without the hassle of managing Hyper-V settings repeatedly, keeping up with the latest version of BlueStacks that supports Hyper-V might be the best solution.

!!!Hyper-V Switch To The Rescue!!!

Calm down. This utility doesn’t allow Hyper-V to run simultaneously with VMWare, VirtualBox or BlueStacks, but this great tool I found at least saves a reboot (it takes two reboots if you add and remove the Hyper-V role). Also, I don’t have to reconfigure Virtual Switch Manager every time I do it. This program automates a bcdedit process to disable Hyper-V without removing the Hyper-V role as part of the process.

Use Hyper-V Switch to toggle Hyper-V support on and off when using other emulators like VirtualBox or Andy Android Emulator to keep it fast and simple. I saved it to my Desktop and edited the executable file to Run as Administrator just to be sure it has the rights needed. You can also single right-click on the executable file or shortcut and then single left-click on Run as Administrator every time.

https://github.com/ygoe/HyperVSwitch – Download from GitHub

http://unclassified.software/apps/hypervswitch – Hyper-V Switch Website

#Enable The Hyper-V Role Using PowerShell manually or for the first time

#For the first and if the only time enabling the Hyper-V role then the command below is all you need.

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

1	Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

#Enable Hyper-V and all features.

#Type y and press Enter

#Disable The Hyper-V Role Using PowerShell

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

1	Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V

#Disable Hyper-V and all features

#Type y and press Enter

Manually Enable Hyper-V From The GUI

Windows Key-R to bring up the Run box.

Type optionalfeatures.exe and single left-click OK to execute (just means to run) optionalfeatures.exe. This method actually allows for more control of the Hyper-V installation since you can deselect unneeded features. For example, some people may not have any need for the Hyper-V Module for Windows PowerShell module if they don’t use PowerShell or PowerShell Direct to administer any virtual machines.

Single left-click to select the Hyper-V option. Single left-click the Plus sign to expand if you need to select or deselect any of the default features. I use all the Hyper-V features so PowerShell for this installation works just fine for me. The end goal is to avoid moving my mouse as much as possible.

#Manage Active Directory Users And Computers Using Windows 10 in PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#The Longer Story…

#Create a new Organizational Unit in PowerShell Direct using just the virtual machine name

#Set –ProtectedFromAccidentalDeletion to $false on OU=Test so it can be deleted

#Delete OU=Test from -Server KERMIT.

#Enabling Remote Desktop Via PowerShell Direct From A Windows 10 Hyper-V Host Machine

#Just the code:

#The Long Story…

#Enable the Remote Desktop Services (also known as RDP and Terminal Services)

#Check configured port number for Remote Desktop Services (RDS). The default incoming port is 3389 unless you change it.

#Open Firewall for Remote Desktop Services (RDS)

#Add users to the Remote Desktop Users group

#Disable NLM authentication

#Automatically Determine Unallocated Space And Expand Drive C In PowerShell After Expanding Drive In Hyper-V

#Code to automatically determine unallocated space and expand boot drive C.

#Just the code:

#The longer story…

#Run Get-Disk to get the disk number

#Run Get-Partition on -DriveLetter C to get drive C configuration information

#Another option is to get only the PartitionNumber value instead of the standard output.

#Check minimum and maximum supported sizes for the partition

#Use Resize-Partition to use the maximum size available to expand –PartitionNumber 4.

#Get free space on drive C

#Enable The Hyper-V Role in Windows 10 Professional, Enterprise Or Education Using PowerShell

#Enable Hyper-V Role Using PowerShell

#Disable Hyper-V Role Using PowerShell

#The Long Story…

#Having Issues Enabling Hyper-V Role In Windows 10 Professional, Enterprise Or Education?

Check Requirements

!!!Hyper-V Switch To The Rescue!!!

#Enable The Hyper-V Role Using PowerShell manually or for the first time

#Disable The Hyper-V Role Using PowerShell

Manually Enable Hyper-V From The GUI

#Set `–ProtectedFromAccidentalDeletion` to `$false` on `OU=Test` so it can be deleted

#Delete `OU=Test` from `-Server KERMIT`.

#Check configured port number for Remote Desktop Services (RDS). The default incoming port is `3389` unless you change it.

#Code to automatically determine unallocated space and expand boot drive `C`.

#Run `Get-Partition` on `-DriveLetter C` to get drive `C` configuration information

#Another option is to get only the `PartitionNumber` value instead of the standard output.

#Use `Resize-Partition` to use the maximum size available to expand –`PartitionNumber 4`.

#Get free space on drive `C`