Creating a Citrix Farm inventory report without snap-ins

There are a few excellent scripts out there which can create an inventory report of your Citrix Farm. However, these scripts usually make use of the Citrix PowerShell snap-ins. Most of the data in Citrix Virtual Apps and Desktops (formerly known as XenApp and XenDesktop) is available through the Monitoring Service which is available on the Citrix Delivery Controllers. By using OData queries, most data can be retrieved without using any snap-ins or modules. I did some investigation and created a script which does exactly this.

I’m looking for any input and feedback on this script. So if you have any feedback or run into any problems, feel free to leave a comment or send me an email.

To download the PowerShell script I created, press the “Download Now” button:


Read More

PowerShell security issue with file access

I ran into strange behavior of PowerShell, which I consider being a security issue. I don’t know if this is expected behavior built in by Microsoft, but by using this “bug”, you can check the contents of a folder to which you don’t have access permissions. When using the Test-Path cmdlet, the command behaves a bit different than expected.

If Test-Path is used on a file which is in a folder where you don’t have access permissions to (eg. NTFS permissions are set), the command returns $false, but also throws an UnauthorizedAccessException (access denied). However, when the file actually doesn’t exist, the command will only return $false. By catching the error, you know if the file exists or not. By using a brute-force method, you can enumerate the entire contents of the directory. This way it’s possible to find out what kind of applications are installed on a machine, and possibly exploiting weakness in these applications. Read More

Converting Azure Managed Disks to Unmanaged

Microsoft has introduced the ability to create managed disks in Azure a while ago. This feature takes away the manual management overhead for you to keep track of your storage account limits. Managed disks are not stored in “regular” storage accounts, but Microsoft will take care of the VHD placement and will keep track of any IOPS limitions.

For example, a Standard Size VM allows 500 IOPS per disk. The maximum IOPS for a Standard storage account is 20.000 IOPS. This means that you can host a maximum of 40 disks (OS or Data) in a Standard storage account. When you use unmanaged disks, you’ll need to keep track of this limitation yourself. When using managed disks, Microsoft will make sure the 500 IOPS per disk is available, regardless of the storage account.

The conversion of an unmanaged disk to managed is very easy; Microsoft created the ConvertTo-AzureRmVMManagedDisk CmdLet for this. But if you want to convert back from managed to unmanaged, no CmdLet or function in the Azure portal is available for the conversion (for example Azure Site Recovery; very nice feature of Azure, but it doesn’t support managed disks). Converting back to unmanaged is a bit harder, but still possible.

Read More

Use PowerShell to back up your files to an Azure Storage Blob

I was browsing the Microsoft Technet forums last week and came across a question if there’s a way to back up files and folders to an Azure Storage Blob by using PowerShell. I know that Microsoft introduced Azure Site Recovery (ASR) and Azure Backup together with the Azure Backup Agent (MARS) (more information on the Microsoft site) to achieve exactly this functionality.

But thinking further, I thought this could be a nice opportunity to create such a script and get some more knowledge about writing to Azure Storage using PowerShell. So this is exactly what I did: create a script which can create a backup of your files on Azure Blob Storage. This script will check either the last write time of the file, or the MD5 hash of the content (depending on the passed parameters), and copies the files to Azure which are either newer, or have a different MD5 hash. In this article I’ll describe how the script works and what the challenges were when creating the script.

The PowerShell script I created is available on the Microsoft Technet Gallery: https://gallery.technet.microsoft.com/Back-up-files-to-Azure-b9e863d0

Read More

Create VM image and size availability matrix from Azure

In my previous post, I described how to retrieve a list of available VM sizes and images from Azure using PowerShell. I’ve written two scripts which do exactly that. The scripts allow you to create an availability matrix containing either a list of VM sizes or a list of VM images you can use to deploy your IaaS VMs.

These 2 scripts will output to a CSV file which can be imported in Excel to do filtering. This gives you an easy overview on which VM images are available in which Azure locations. The same goes for VM sizes (eg. Basic_A0, Standard_GS1, etc.).

Read More

Available VM sizes and Images in Azure per location

When creating virtual machines in Microsoft Azure, you’ll need to know which machine size and image to use (provided you’re not using your own uploaded custom image). Microsoft (and partners) did a great job in providing many pre-defined images for the IaaS platform, however not all images are available in all Azure regions. An image could be available in the South Central U.S location, but not in the “Japan East” region. The same applies to the VM sizes, for example, the Standard_NC6 size (backed by a Tesla K80 GPU) is only available in East U.S. and South Central U.S. locations, not in any of the other locations.

To check which VM sizes and images are available in your target location, can easily be done using PowerShell. To get you started with the Azure CmdLets, refer to my previous post.

Read More

Getting started with Powershell for Azure

As for every Microsoft product, every task in Microsoft Azure can be scripted using PowerShell. This article will help you get started with the Azure CmdLets.

Checking and downloading the PowerShell Tools

To start off, you’ll need the Azure PowerShell CmdLets installed on your system to be able to run any PowerShell scripts against Azure. To check if the Azure modules are available on your system, you can use the following command:

Get-Module -ListAvailable -Name Azure*

The check is simple; if there’s no output, the Azure PowerShell tools aren’t installed. If they are installed, it looks something like this:

PS C:\Data> Get-Module -ListAvailable -Name Azure*


    Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager


ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Manifest   0.0.1      AzureRM.AnalysisServices            {Resume-AzureRmAnalysisServicesServer, Suspend-AzureRmAnal...
Manifest   3.1.0      AzureRM.ApiManagement               {Add-AzureRmApiManagementRegion, Get-AzureRmApiManagementS...
Manifest   2.3.0      AzureRM.Automation                  {Get-AzureRMAutomationHybridWorkerGroup, Get-AzureRmAutoma...
Manifest   2.3.0      AzureRM.Backup                      {Backup-AzureRmBackupItem, Enable-AzureRmBackupContainerRe...
Manifest   2.3.0      AzureRM.Batch                       {Remove-AzureRmBatchAccount, Get-AzureRmBatchAccount, Get-...
...

Read More

Configuring Windows Server 2012 Core: PowerShell

As mentioned in my previous post about configuring Windows Server 2012 Core, you have multiple options. One is sconfig, but the preferred method is using PowerShell. PowerShell is a really powerful scripting language and Microsoft is pushing the use in all of their products.

In this post, I will describe how to configure your Windows Server 2012 Core installation using PowerShell. I will describe how to change your computername, set the IP address and join your server to the domain.

Read More

ICA connections using PowerShell – Part 4

It has been a while since I last posted something here. And in my previous post in the ICA-PowerShell series, I mentioned doing another post about simulating keyboard and mouse. To sum up, part 1 was about the ICO Object basics, part 2 was about controlling the ICA session appearance and in part 3 I talked about using the ICO Object’s events.

Enabling Simulation API

The ability to control the mouse and keyboard in an ICA session is not enabled by default. For this to work, you will need to enable the Simulation API. This is done by adding a registry key to the machine you will be using:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\CCM]
"AllowSimulationAPI"=dword:00000001

The “CCM” subkey doesn’t exist by default, so you should create it. If you’re using a 32bit platform for testing, the registry key should look like this:

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\CCM]
"AllowSimulationAPI"=dword:00000001

Read More

Default OU for your SCVMM 2012 Guest OS Profile

In System Center Virtual Machine Manager 2012, you have the option to modify your Guest OS settings when deploying a new virtual machine. The settings you can modify are things like the product key, local administrator password, etc.

One other thing you can define, is that fact that the new virtual machine has to be joined to the domain. Very useful. But what if you also want to define the default Organizational Unit this machine has to be put in? Well, that can also be done using the Guest OS Profile.

Read More