I am seeing different outputs for few set of vms.
If i execute the script(Code present in $script) from inside the guestos and from outside using invoke-vmscript then the two outputs are different.
Can some one pls correct the flaw in the script.
Here is the script-
$Script=
@'
if([IntPtr]::Size -eq 8){
$text = Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Network Associates\ePolicy Orchestrator\Agent\" -ErrorAction SilentlyContinue |
%{"$($_.AgentGUID) and ePOServerList is $($_.ePOServerList)"}
}
elseif([IntPtr]::Size -eq 4){
$text = Get-ItemProperty -Path "HKLM:\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent\" -ErrorAction SilentlyContinue |
%{"$($_.AgentGUID) and ePOServerList is $($_.ePOServerList)"}
}
if(-not $text){
$text = Get-Service -Name "McAfee*" -ErrorAction SilentlyContinue |select -First 1 | %{"$($_.Name) is $($_.Status)"}
if(-not $text){
$text = "McAfee Not Installed"
}
}
$cbstatusinfo= "CarbonBlack Not Installed"
$cbout = Get-Service -Name "CarbonBlack" -ErrorAction SilentlyContinue
if($cbout){
$cbstatusinfo = "$($cbout.name -join ',') installed"
}
$wuserv= Get-Service -Name "wuauserv" | Select -first 1 | %{"$($_.Name) is $($_.Status)"}
$windowsUpdateObject= New-Object -ComObject Microsoft.Update.AutoUpdate
$wup= $windowsUpdateObject.Results
$windowsupdateresult= "LastSearchSuccessDate is $($wup.LastSearchSuccessDate) and LastInstallationSuccessDate $($wup.LastInstallationSuccessDate)"
$hotfix = "KB4012598", "KB4012598", "KB4012598", "KB4012598", "KB4012212", "KB4012215", "KB4012212", "KB4012215", "KB4012213", "KB4012216", "KB4012214", "KB4012217", "KB4012213", "KB4012216", "KB4012606", "KB4013198", "KB4013429", "KB4013429"
$val = Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -Name "SMB1" -ErrorAction SilentlyContinue
$fixes = Get-WmiObject -Class "win32_quickfixengineering" | where{$hotfix -contains $_.HotFixID} | Select -ExpandProperty HotFixID
if($fixes){
$hotfixinfo = "$($fixes -join ',') installed"
}
elseif($fixes -eq $null -and $wup.LastSearchSuccessDate -ge (Get-Date 12-03-2017) ){
$hotfixinfo= "$("KB4012598" -join ',') installed"
}
elseif($fixes -eq $null -and $val.SMB1 -eq 0){
$hotfixinfo= "$("KB4012212" -join ',') installed"
}
else{
$hotfixinfo = "No hotfix found!"
}
$outputarray=@()
$outputarray+=$hotfixinfo
$outputarray+=$cbstatusinfo
$outputarray+=$text
$outputarray+=$wuserv
$outputarray+=$windowsupdateresult
$outputarray -join ','
'@
#$vm=Get-VM 'AJDBServer (f2c5ae1c-f84b-4c83-9202-7a1a484314c8)'
Invoke-VMScript -VM 'AJDBServer (f2c5ae1c-f84b-4c83-9202-7a1a484314c8)' -GuestUser 'admin' -GuestPassword '' -ScriptText $Script -ScriptType Powershell
Out Put :
If I execute the code which in present in $script inside the guest OS for the same vm then the output is different.
Here is the output from inside the guest os
Seems this is a known issue when the target is using Windows Update, and not WSUS.
In that case, the target requires an Internet connection it seems, and the FW should not block the outgoing request.
Is that the case?
Some mention that the method works when one leaves out the IsInstalled filter, something like this
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$UpdateSearcher.Online = $true
$UpdateSearcher.Search("Type='Software'").Updates |
select @{N='KB';E={[regex]::Match($_.Title,"\W(KB\d+)\W").Groups[1].Value}},Title
'@
Invoke-VMScript -VM MyVM -ScriptText $code -ScriptType Powershell
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Can you check what this returns (inside the guest OS and via Invoke-VMScript)?
Get-WmiObject -Class "win32_quickfixengineering"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes I can see the difference in the results. But why its not displaying security updates if i executed from invoke-vmscript?
Strange, so Security Updates are not displayed in one case.
Same account I assume?
Do you get the same result with Get-HotFix, provided you can use that?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Strange, so Security Updates are not displayed in one case.
Same account I assume?
Yes Same account (admin user)is used while executing in both ways.
Security updates are not displaying when we use invoke-vmscript.
Do you get the same result with Get-HotFix, provided you can use that?
Yes I can see same results even with get-hotfix cmdlet.
Any thoughts why it is happening?
Not really.
The Get-HotFix documentation contains a note on what it reports on.
This might explain some differences, but I can't see how this would make a difference for running it through Invoke-VMScript or not.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I have just checked the temp file where invoke-vmscript output saved. In that file it shows no hotfix installed.(same output is showing in remote machine where cmd executed).
Sorry, don't get that last answer.
Output from which command? Get-Hotfix?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
What I mean to say is -I have verified the temp directory in destination machine for the user i executed invoke-vmscript.
In temp director I can see a text file which contains the output and that output is similar to what it is displayed in workstation where I executed scrip.
——/—/——
Output from which command? Get-Hotfix?
yes.
Is it a bug in invoke-vmscript cmdlet which is displaying wrong output?
Any other alternate way to test the script?
I would be very much amazed if you find a file that is created by Invoke-VMScript.
The files the cmdlet uses are normally removed before the cmdlet returns.
That would mean something goes wrong there.
What kind of OS is that guest OS?
Can you run another command, and check if that output also appears in a file in the user's Temp folder?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I would be very much amazed if you find a file that is created by Invoke-VMScript.
The files the cmdlet uses are normally removed before the cmdlet returns.
That would mean something goes wrong there.
Sorry this time I am unable to reproduce the text file in temp directory. I agree cmdlet uses are normally removed before the cmdlet returns, But somehow when I open temp directory in first attempt I have seen the text file.
What kind of OS is that guest OS?
OS -Windows 2012 R2
Can you run another command, and check if that output also appears in a file in the user's Temp folder?
I have tried with multiple other commands but output file didn't appeared in temp folder.
You might want to give my Invoke-VMScriptPlus a try, it produces more verbose output (when using the Verbose switch).
Can you try the following snippet?
To check if it returns all the patches.
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$UpdateSearcher.Online = $true
$UpdateSearcher.Search("IsInstalled=1 and Type='Software'").Updates |
select @{N='KB';E={[regex]::Match($_.Title,"\W(KB\d+)\W").Groups[1].Value}},Title
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You might want to give my Invoke-VMScriptPlus a try, it produces more verbose output (when using the Verbose switch).
Sure Sir I will give a try.
I have check with below script and this time I got exemption call when executed using invoke-vmscript.
Using invoke-vmscript this is the Error:
If I executed directly inside the guestos with same user. Here is the output
That is interesting, let me dig a bit deeper on that COM object issue.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Seems this is a known issue when the target is using Windows Update, and not WSUS.
In that case, the target requires an Internet connection it seems, and the FW should not block the outgoing request.
Is that the case?
Some mention that the method works when one leaves out the IsInstalled filter, something like this
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$UpdateSearcher.Online = $true
$UpdateSearcher.Search("Type='Software'").Updates |
select @{N='KB';E={[regex]::Match($_.Title,"\W(KB\d+)\W").Groups[1].Value}},Title
'@
Invoke-VMScript -VM MyVM -ScriptText $code -ScriptType Powershell
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
After replacing this line $UpdateSearcher.Online = $true to $UpdateSearcher.Online = $false I can able to get all the installed updates in both ways (invoke-vmscript and directly inside the guest os). I am working now to add this code to the main script by replacing (Get-WmiObject -Class "win32_quickfixengineering").
You only need the first calculated property (the RegEx function), not the title.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes I will remove the title while using in main code.