Category Archives: Microsoft Windows

Checking Encryption Status of Remote Windows Computers

Using the manage-bde command you can check the Bitlocker encryption status on both the local Windows computer but also remote devices on the local area network. For example, to check the encryption status of the C: drive on the computer “WS12345” the following command could be used

manage-bde -status -computername WS12345 C:

and the results might look something like this:

BitLocker Drive Encryption: Configuration Tool version 10.0.14393
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Computer Name: WS12345

Volume C: [OSDisk]
[OS Volume]

Size:                 237.99 GB
BitLocker Version:    2.0
Conversion Status:    Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method:    AES 256 with Diffuser
Protection Status:    Protection On
Lock Status:          Unlocked
Identification Field: None
Key Protectors:
    Numerical Password
    TPM

Expanding on this we could wrap some PowerShell around the command and read in a list of hostnames from a text file and report on the encryption status of each.

Firstly we need to format the output of manage-bde to only show us the value of the “Conversion Status” field- PowerShell’s string manupulation can come in handy here- we can locate the “Conversion Status” line, check that it is present (if the computer is not on the network, or access is denied the manage-bde command will not return a status), and then trim back the line so we only have the value of the field. For example:

#Check the Encryption Status of the C: drive, filter to the Conversion Status line
$EncryptionStatus=(manage-bde -status -computername "$hostname" C: | where {$_ -match 'Conversion Status'})
#Check a status was returned.
if ($EncryptionStatus)
{
  #Status was returned, tidy up the formatting
  $EncryptionStatus=$EncryptionStatus.Split(":")[1].trim()
}
else
{
  #Status was not returned. Explain why in the output
  $EncryptionStatus="Not Found On Network (or access denied)"
}

Once this is working, it’s just a case of reading in the text file using the get-content cmdlet and outputting a result. The full code (Get-EncryptionStatus.ps1) I used is available for downloading and/or improving on GitHub here- https://github.com/isjwuk/get-encryptionstatus

The Home Lab

Automated Deployment in the HomeLab- Part 1

I’m commencing a project with my HomeLab- I’m going to build a system whereby I can produce custom mini-lab environments by means of a script. There are off the shelf solutions to do this (see AutoLab as an example) but if I build this myself I get something tailored exactly to my needs (and available resources) and hopefully learn something along the way- which is what the HomeLab is all about really. This is the first post in what should develop into a series showing how I work through the process to create my automation system.

 

The Aims

a.k.a. what I want to achieve

  • ExampleMiniLabThe ability to run a script to deploy a predefined lab environment. For example running “Build-Project-Lab-One.ps1” makes 3 Windows Server VMs, connected on a private switch, with one running AD/DNS/DHCP roles, one acting as a Gateway, and one ready for whatever experiment I throw at it
  • The ability to quickly and easily modify a copy of that script to produce a lab with a different configuration. Then I can have a script that builds me a WDS platform, or another one that produces a SCOM test environment. I can use this library to quickly rebuild, or build a copy of, and of my environments within the HomeLab
  • This script should also create a second script for decommissioning  /destroying the lab environment when I’ve finished.
  • Whilst perhaps not meeting full “production” standards, the scripts should be at least in a state whereby I can post them online and not have to hide in a cave for the next decade whilst they get laughed at.

 

The Resources

a.k.a. what I have to play with

  • One Intel NUC host running vSphere ESXi 6 providing some compute, memory, storageIntel NUC
  • One VMUG Advantage Subscription complete with VMware EVAL Experience licensing- this provides VMware vCenter amongst other things.
  • One Microsoft DreamSpark Subscription and Microsoft Evaluation Licensing (see “Microsoft Licensing” on the Open Homelab Project for details on how to get these)
  • Me with my knowledge of Windows, vSphere, PowerShell, PowerCLI, and how to Google for stuff.
  • The community who not only kindly put content up on the internet for me to Google for but also are there for me to tweet, slack, and (shock, horror) talk to when I encounter problems or lose direction.

 

The Plan

a.k.a. How I’m hoping to achieve those aims with those resources.

To do all this I’m starting out by preparing a vSphere template of Windows Server 2012R2. I can deploy this- with customisations- using PowerCLI to form the building blocks of the lab environment. Once I have Windows VMs deployed I need to be able to configure them- this is where PowerShell remoting will come in handy- I can deploy roles and features and do some basic configuration. I’ll put together a PowerShell function to do all that. This function can then be re-used in the script to deploy multiple VMs with different configurations. For example:

CreateVM "Server1" $TemplateName $CustomizationSpec "Web-Server"
CreateVM "Server2" $TemplateName $CustomizationSpec "WDS"

I’ll use PowerCLI to deploy a private network within the Hypervisor and connect the VMs to it. This method will also be used to configure the connections to the gateway -one NIC pointing at the private switch and one at the internet-facing vSwitch already in place.

Some more in-depth PowerShell (possibly also arranged into reusable functions) to do the in-depth configuration of the roles. For example, when the script completes I want the Active Directory to be up and running, the Gateway providing an internet connection to the VMs, the VMs getting IP addresses from the lab DHCP and domain-joined. Basically I want to be able to run the script, make a brew, and come back and find a fully configured system ready to go.

 

Coming Soon- Part 2, full of scripting goodness.

Using Test-NetConnection to check connectivity

A regular “ping” command is great for checking if Host A can see Host B, but what if we want to go a bit deeper- for example check if a web server is contactable on port 80 and 443? The PowerShell cmdlet Test-NetConnection is a great tool for doing this.

It’s become a key part of my troubleshooting toolkit- is the server contactable? Is there a firewall blocking the traffic? Is the web server service running? Test-NetConnection gives us a simple yes/no and some other useful information too.

Examples:

A working connection to port 80 (HTTP) on the server

PS C:\> Test-NetConnection -ComputerName Server1.MyDomain.Com -Port 80

ComputerName : Server1.MyDomain.Com
RemoteAddress : 10.0.0.34
RemotePort : 80
InterfaceAlias : Local Area Connection
SourceAddress : 10.0.0.17
PingSucceeded : True
PingReplyDetails (RTT) : 14 ms
TcpTestSucceeded : True

A failed connection to port 443 (HTTPS) on the same server

PS C:\> Test-NetConnection -ComputerName Server1.MyDomain.Com -Port 443
WARNING: TCP connect to Server1.MyDomain.Com:443 failed

ComputerName : Server1.MyDomain.Com
RemoteAddress : 10.0.0.34
RemotePort : 443
InterfaceAlias : Local Area Connection
SourceAddress : 10.0.0.17
PingSucceeded : True
PingReplyDetails (RTT) : 22 ms
TcpTestSucceeded : False

From this we can quickly and easily establish that whilst communication with the server is possible on port 80, traffic on port 443 is not being received- the first things I would check here would be that the webserver service is running correctly, configured to accept HTTPS traffic, and not being blocked the local firewall on the server.

ICYMI- A review of the year 2015

In case you missed it, here are some of the highlights of this blog from the last year.

Events

PowerShell and PowerCLI

Windows in General

Have a great 2016!

Microsoft Wireless Display Adapter

WP_20151218_12_14_37_Pro_crop

Display Screen With Wireless Display Adapter Connected

Last week a Microsoft Wireless Display Adapter turned up in the post. I’ve tried some wireless PC display connectors before, and the general rule seemed to be they were clunky, unreliable, and not that user friendly. This however, changes that. This is WiDi/ Miracast as it should be; easy to set up and simple to use.
Continue reading