$script= @'
$PlainPassword = "XXXXXXX"
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
New-LocalUser "winpatchadmin" -Password $SecurePassword -FullName "winpatchadmin" -Description "winpatchadmin account."
Add-LocalGroupMember -Group "Administrators" -Member "winpatchadmin"
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUServer" -Value "WSUS URL"
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUStatusServer" -Value "WSUS URL"
'@
$accounts = @(
@{
User = 'XXXXXX'
Pswd = 'XXXX'
}
)
$vms = Import-Csv -Path C:\Temp\vms.csv | Select -ExpandProperty Name
foreach ($vm in $vms) {
$out = ' '
foreach( $user in $accounts) {
$out = Invoke-VMScript -VM $vm -GuestUser $user.User -GuestPassword $user.Pswd -ScriptText $script
if($out) {
break
}
}
}
Is there a question in here?
Or are you sharing your script with the community?
In the latter case, you would better use the Documents folder, or even better, share on the PowerCLI Community Repository
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi Lucd,
Thanks for the reply,
Actually the script it running but on few of the VM's the user is not creating and on other VM's the registry change is not properly happening even after the vmtools are running on all the vms. So, any change we can do the the script to work it properly.
It depends if UAC is enabled or not in the Guest OS of these VMs?
When enabled, you will get a prompt, and the script will not work.
Also, what does the script return?
Can you add the -Verbose switch to the cmdlets?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
the script does not return any output but while the script is running it will showing below warnings.
WARNING: The version of VMware Tools on VM 'XXXXX' is out of date and may cause Invoke-VMScript to work
improperly.
That is a warning, not an error.
You should consider upgrading the VMware Tools on the VMs where that warning appears.
The script should return something.
Does it hang, does it time out?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
No it was simply coming out of the script after execution.
Then there should be output from the script.
Did you check the content of the $out variable after the Invoke-VMScript?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
criptOutput
-----------------------------------------------------------------------------------------------------------------------| New-LocalUser :
Access denied.
| At line:3 char:1
| + New-LocalUser "winpatchadmin" -Password $SecurePassword -FullName "wi ...
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| + CategoryInfo : PermissionDenied: (winpatchadmin:LocalUser) [New-LocalUser], AccessDeniedException
| + FullyQualifiedErrorId : AccessDenied,Microsoft.PowerShell.Commands.NewLocalUserCommand
|
| Add-LocalGroupMember : Principal winpatchadmin was not found.
| At line:4 char:1
| + Add-LocalGroupMember -Group "Administrators" -Member "winpatchadmin"
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| + CategoryInfo : ObjectNotFound: (winpatchadmin:String) [Add-LocalGroupMember], PrincipalNotFoundExceptio
| n
| + FullyQualifiedErrorId : PrincipalNotFound,Microsoft.PowerShell.Commands.AddLocalGroupMemberCommand
|
| Set-ItemProperty : Requested registry access is not allowed.
| At line:5 char:1
| + Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Win ...
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| + CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACH...s\WindowsUpdate:String) [Set-ItemProperty], Securit
| yException
| + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
|
| Set-ItemProperty : Requested registry access is not allowed.
| At line:6 char:1
| + Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Win ...
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| + CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACH...s\WindowsUpdate:String) [Set-ItemProperty], Securit
| yException
| + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
|
|
-----------------------------------------------------------------------------------------------------------------------
I think as you mentioned it is UAC which is not allowing to the change the settings.
From the 1st error, I would think the account you are using does not have the correct permissions in the guest OS to make the changes.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference