I'm putting together a list of commands to check things against the vSphere Security Configuration Guide, and I've come across an issue with the output of the script. When running the line of code directly in PowerShell, the output is what I expect, but when it is run as part of the script, the output is not what is desired.
Example:
PS D:\> Get-AdvancedSetting -Entity (Get-VMHost) -Name Security.AccountUnlockTime | Select Entity, Name, Value
Entity Name Value
------ ---- -----
host1.domain.com Security.AccountUnlockTime 900
host2.domain.com Security.AccountUnlockTime 900
host3.domain.com Security.AccountUnlockTime 900
host4.domain.com Security.AccountUnlockTime 900
host5.domain.com Security.AccountUnlockTime 900
host6.domain.com Security.AccountUnlockTime 900
host7.domain.com Security.AccountUnlockTime 900
But the output displayed when the same line of code is run within the script show this:
Security.AccountUnlock...
Security.AccountUnlock...
Security.AccountUnlock...
Security.AccountUnlock...
Security.AccountUnlock...
Security.AccountUnlock...
Security.AccountUnlock...
Why is this? What do I have to change? Thanks!
The PS output engine takes the first object it encounters in the pipeline to pick the headers and formatting of the console output.
Since you are mixing different output objects, the output engine displays your output incomplete.
If you are mixing different outputs, you can avoid this by piping the Select-Object output to the Out-Default cmdlet.
For example
# List Syslog.global.logDir for each host
# http://vbrainstorm.com/investigating-and-setting-syslog-settings-for-esxi-with-powercli/
# ESXi.config-persistent-logs
Write-Host "`nSyslog" -ForegroundColor Yellow -BackgroundColor Black
Write-Host "==============================================================" -ForegroundColor Yellow -BackgroundColor Black
Get-AdvancedSetting -Entity (Get-VMHost) -Name "Syslog.global.logDir" | Select Entity, Name, Value | Out-Default
Get-AdvancedSetting -Entity (Get-VMHost) -Name "Syslog.global.logHost" | Select Entity, Name, Value | Out-Default
When I ran your script the incomplete output started with the Syslog check.
You could do the same on the Select-Object lines that come after this part.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You have to provide a bit more info.
Which PowerShell version are you using?
Is that the output the script produces on screen? Or in a file?
How do you run the script?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
PS D:\> $PSVersionTable.PSVersion
Major Minor Build Revision
----- ----- ----- --------
5 1 18362 628
PS C:\Windows\system32> get-module |Select Version,Name
Version Name
------- ----
3.1.0.0 Microsoft.PowerShell.Management
3.1.0.0 Microsoft.PowerShell.Utility
2.0.0 PSReadline
7.0.1.16997275 VMware.Vim
12.1.0.16997582 VMware.VimAutomation.Cis.Core
12.1.0.16997174 VMware.VimAutomation.Common
12.1.0.16997984 VMware.VimAutomation.Core
12.1.0.16997004 VMware.VimAutomation.Sdk
The script output is to the PowerShell console.
It is run by:
PS D:\> .\CheckSecurityConfig.ps1
The script, so far:
# Check to see if the SSH Server Is running
# ESXi.Audit-SSH-Disable
Write-Host "SSH" -ForegroundColor Yellow -BackgroundColor Black
Write-Host "==============================================================" -ForegroundColor Yellow -BackgroundColor Black
foreach ($VMhost in (Get-VMHost)) {
$ServiceList = Get-VMHostService -VMhost $VMhost
$SSHservice = $ServiceList | Where-Object {$_.Key -eq "TSM-SSH"}
if ($SSHservice.Running -eq $true) {
Write-Host "SSH Server on host $VMhost is " -NoNewLine
Write-Host "Running" -ForegroundColor Red
} else {
Write-Host "SSH Server on host $VMhost is " -NoNewLine
Write-Host "Stopped" -ForegroundColor Green
}
}
# List the NTP Settings for all hosts
# https://vtechdummies.wordpress.com/2017/10/22/powercli-scripts-to-check-and-configure-ntp-configuration-of-esxi-hosts/
# ESXi.config-ntp
Write-Host "`nNTP" -ForegroundColor Yellow -BackgroundColor Black
Write-Host "==============================================================" -ForegroundColor Yellow -BackgroundColor Black
Get-VMHost | Sort Name | Select Name, @{N="NTPServer";E={$_ |Get-VMHostNtpServer}}, @{N="ServiceRunning";E={(Get-VmHostService -VMHost $_ | Where-Object {$_.key-eq "ntpd"}).Running}}
# List Syslog.global.logDir for each host
# http://vbrainstorm.com/investigating-and-setting-syslog-settings-for-esxi-with-powercli/
# ESXi.config-persistent-logs
Write-Host "`nSyslog" -ForegroundColor Yellow -BackgroundColor Black
Write-Host "==============================================================" -ForegroundColor Yellow -BackgroundColor Black
Get-AdvancedSetting -Entity (Get-VMHost) -Name "Syslog.global.logDir" | Select Entity, Name, Value
Get-AdvancedSetting -Entity (Get-VMHost) -Name "Syslog.global.logHost" | Select Entity, Name, Value
# List ESXi account unlock time
# ESXi.set-account-auto-unlock-time
Write-Host "`nESXi Security" -ForegroundColor Yellow -BackgroundColor Black
Write-Host "==============================================================" -ForegroundColor Yellow -BackgroundColor Black
Write-Host "Account Auto Unlock Time (should be 900; Default = 120)" -ForegroundColor DarkCyan
Get-AdvancedSetting -Entity (Get-VMHost) -Name Security.AccountUnlockTime | Select Entity, Name, Value
# ESXi.set-account-lockout
Write-Host "Account Lockout (should be 10; Default = 3)" -ForegroundColor DarkCyan
Get-AdvancedSetting -Entity (Get-VMHost) -Name Security.AccountLockFailures | Select Entity, Name, Value
# ESXi.set-dcui-timeout
Write-Host "DCUI Timeout (should be 600; Default = 0)" -ForegroundColor DarkCyan
Get-AdvancedSetting -Entity (Get-VMHost) -Name UserVars.DcuiTimeOut | Select Entity, Name, Value
# ESXi.set-password-policies
Get-AdvancedSetting -Entity (Get-VMHost) -Name Security.PasswordQualityControl | Select Entity, Name, Value
# ESXi.set-shell-interactive-timeout
Write-Host "Interactive Timeout (should be 900; Default = 0)" -ForegroundColor DarkCyan
Get-AdvancedSetting -Entity (Get-VMHost) -Name UserVars.ESXiShellInteractiveTimeOut | Select Entity, Name, Value
# ESXi.set-shell-timeout
Write-Host "Shell Timeout (should be 900; Default = 0)" -ForegroundColor DarkCyan
Get-AdvancedSetting -Entity (Get-VMHost) -Name UserVars.ESXiShellTimeOut | Select Entity, Name, Value
The PS output engine takes the first object it encounters in the pipeline to pick the headers and formatting of the console output.
Since you are mixing different output objects, the output engine displays your output incomplete.
If you are mixing different outputs, you can avoid this by piping the Select-Object output to the Out-Default cmdlet.
For example
# List Syslog.global.logDir for each host
# http://vbrainstorm.com/investigating-and-setting-syslog-settings-for-esxi-with-powercli/
# ESXi.config-persistent-logs
Write-Host "`nSyslog" -ForegroundColor Yellow -BackgroundColor Black
Write-Host "==============================================================" -ForegroundColor Yellow -BackgroundColor Black
Get-AdvancedSetting -Entity (Get-VMHost) -Name "Syslog.global.logDir" | Select Entity, Name, Value | Out-Default
Get-AdvancedSetting -Entity (Get-VMHost) -Name "Syslog.global.logHost" | Select Entity, Name, Value | Out-Default
When I ran your script the incomplete output started with the Syslog check.
You could do the same on the Select-Object lines that come after this part.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That's right. I only picked one as an example as most of them had the same behavior. Out-Default did the trick! I never heard of it until now.
Thanks a lot!