VMware Cloud Community
baburaju
Contributor
Contributor
‎01-07-2020 08:10 AM

Invoke VMScript to join Machines to point to new WSUS Servers by changing registry key and also to create new user and add that user to admin group.

$script= @'

$PlainPassword = "XXXXXXX"

$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force

New-LocalUser "winpatchadmin" -Password $SecurePassword -FullName "winpatchadmin" -Description "winpatchadmin account."

Add-LocalGroupMember -Group "Administrators" -Member "winpatchadmin"

Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUServer" -Value "WSUS URL"

Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUStatusServer" -Value "WSUS URL"

'@

$accounts = @(

    @{

User = 'XXXXXX'

Pswd = 'XXXX'

    }

)

$vms  = Import-Csv -Path C:\Temp\vms.csv | Select -ExpandProperty Name

foreach ($vm in $vms) {

$out = ' '

foreach( $user in $accounts) {

$out = Invoke-VMScript -VM $vm -GuestUser $user.User -GuestPassword $user.Pswd -ScriptText $script

   if($out) {

break

}

}

}

0 Kudos
9 Replies
LucD
Leadership
Leadership
‎01-07-2020 08:22 AM

Is there a question in here?
Or are you sharing your script with the community?
In the latter case, you would better use the Documents folder, or even better, share on the PowerCLI Community Repository


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
baburaju
Contributor
Contributor
‎01-07-2020 10:25 PM

Hi Lucd,

Thanks for the reply,

Actually the script it running but on few of the VM's the user is not creating and on other VM's the registry change is not properly happening even after the vmtools are running on all the vms. So, any change we can do the the script to work it properly.

0 Kudos
LucD
Leadership
Leadership
‎01-07-2020 10:40 PM

It depends if UAC is enabled or not in the Guest OS of these VMs?

When enabled, you will get a prompt, and the script will not work.

Also, what does the script return?

Can you add the -Verbose switch to the cmdlets?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
baburaju
Contributor
Contributor
‎01-07-2020 11:06 PM

the script does not return any output but while the script is running it will showing below warnings.

WARNING: The version of VMware Tools on VM 'XXXXX' is out of date and may cause Invoke-VMScript to work

improperly.

0 Kudos
LucD
Leadership
Leadership
‎01-07-2020 11:19 PM

That is a warning, not an error.
You should consider upgrading the VMware Tools on the VMs where that warning appears.

The script should return something.
Does it hang, does it time out?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
baburaju
Contributor
Contributor
‎01-08-2020 12:31 AM

No it was simply coming out of the script after execution.

0 Kudos
LucD
Leadership
Leadership
‎01-08-2020 12:36 AM

Then there should be output from the script.
Did you check the content of the $out variable after the Invoke-VMScript?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
baburaju
Contributor
Contributor
‎01-08-2020 12:59 AM

criptOutput

-----------------------------------------------------------------------------------------------------------------------|  New-LocalUser :

Access denied.

|  At line:3 char:1

|  + New-LocalUser "winpatchadmin" -Password $SecurePassword -FullName "wi ...

|  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

|      + CategoryInfo          : PermissionDenied: (winpatchadmin:LocalUser) [New-LocalUser], AccessDeniedException

|      + FullyQualifiedErrorId : AccessDenied,Microsoft.PowerShell.Commands.NewLocalUserCommand

|  

|  Add-LocalGroupMember : Principal winpatchadmin was not found.

|  At line:4 char:1

|  + Add-LocalGroupMember -Group "Administrators" -Member "winpatchadmin"

|  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

|      + CategoryInfo          : ObjectNotFound: (winpatchadmin:String) [Add-LocalGroupMember], PrincipalNotFoundExceptio

|     n

|      + FullyQualifiedErrorId : PrincipalNotFound,Microsoft.PowerShell.Commands.AddLocalGroupMemberCommand

|  

|  Set-ItemProperty : Requested registry access is not allowed.

|  At line:5 char:1

|  + Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Win ...

|  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

|      + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...s\WindowsUpdate:String) [Set-ItemProperty], Securit

|     yException

|      + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

|  

|  Set-ItemProperty : Requested registry access is not allowed.

|  At line:6 char:1

|  + Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Win ...

|  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

|      + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...s\WindowsUpdate:String) [Set-ItemProperty], Securit

|     yException

|      + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

|  

-----------------------------------------------------------------------------------------------------------------------

I think as you mentioned it is UAC which is not allowing to the change the settings.

0 Kudos
LucD
Leadership
Leadership
‎01-08-2020 01:00 AM

From the 1st error, I would think the account you are using does not have the correct permissions in the guest OS to make the changes.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos