Monday, January 18, 2021

How to Turn Off the Windows Firewall in Windows Server 2008 R2/Windows 7 and Above

The Windows Firewall contains three separately configurable firewalls, one each for public, private, and domain authenticated networks. Whenever your computer connects to a new network, Windows checks to see if that network provides a connection to a domain controller (if your computer is part of a domain). If a domain controller is found, the network connection profile and the firewall are set to domain authenticated. If a domain controller is not found, the user is prompted as to whether the network is public or private. This network profile determine which firewall configuration is used.

To check which network profile your computer is currently running with, you can use the following PowerShell cmdlet:

Get-NetConnectionProfile

This will result in output that resembles the following:




Notice that my computer's network connection profile is currently set to "DomainAuthenticated." Note that as a general rule, I would never disable the firewall for a Public interface, especially on a laptop.

To check the current state of the firewall for a DomainAuthenticated connection, you can use this PowerShell command:

Get-NetFirewallProfile -Name Domain

This results in the following output:








You can disable the firewall for the Domain profile using the following PowerShell command:

Set-NetFirewallProfile -Name Domain -Enabled False

You can change the name to Public or Private to change the state of those firewall profiles. Or, you can change multiple profiles with a single command like this:

Set-NetFirewallProfile -Name Domain,Private -Enabled False

And, of course, you can enable the firewall for a profile by changing the -Enabled False to -Enabled True.

If you found this blog helpful or have a question, please leave a comment.

Thanks for reading!

Posted by at No comments:

Monday, January 11, 2021

Performing an Operation on All Servers in Active Directory

In a previous blog post, Getting a List of All of Your Windows Servers Using PowerShell, I showed you how to retrieve a list of all of your Windows Servers using PowerShell. In this post, I am going to expand on that post and create a script template that iterates across all the servers and performs a simple task, in this case a network ping.

Let's start by looking at the PowerShell code we wrote to retrieve the server list from Active Directory:

Get-ADComputer -Filter {OperatingSystem -like "*windows*server*"}

The only change we're going to make to this line of code is to assign the results to a variable:

$servers = Get-ADComputer -Filter {OperatingSystem -like "*windows*server*"}

The next step is to iterate over the list of servers.

$count = 0
foreach ($server in $servers)
{
    $count += 1
    $percentDone = $count / $servers.Count * 100
    Write-Progress -Activity "Scanning $($server.Name)..." -PercentComplete $percentDone
    
    if ((Test-Connection -ComputerName $server.DNSHostName -Count 1 -ErrorAction Ignore) -eq $null)
    {
    	continue
    }
}

Because I have a large number of servers in my production environment, over 700, I add a progress bar to many of my scripts so that I can monitor the progress as the script runs. I do this using the $count variable, which tracks how many servers the script has iterated over, and the $percentDone variable, which is the calculated completion percentage of the script. The Write-Progress cmdlet then display a progress bar and status message so that you can see the script progress through the list of servers.

Whenever you have a large number of servers in your environment, it is likely that there will be some servers listed in Active Directory that are no longer active. Because of this, I have added a Test-Connection command (the PowerShell equivalent of a ping) to the script, and immediately skip to the next server in the list if the Test-Connection fails. Depending on what operation you are performing, this can significantly increase the speed of the script.

The last thing we need to do is add an action to be performed on each server that is still active. In this case, I am just going to do another ping, but this time I will output the results of the ping to the console. And to make the script a little more modular, I will create a function to actually perform the ping operation.

The completed script look like this:

function PingServer
{
    param
    (
        [String]
        $ComputerName = $env:COMPUTERNAME,
    )
    
    return Test-Connection -ComputerName $ComputerName -Count 1
}

$servers = Get-ADComputer -Filter {OperatingSystem -like "*windows*server*"

$count = 0
foreach ($server in $servers)
{
    $count += 1
    $percentDone = $count / $servers.Count * 100
    Write-Progress -Activity "Scanning $($server.DNSHostName)..." -PercentComplete $percentDone
    
    if ((Test-Connection -ComputerName $server.DNSHostName -Count 1 -ErrorAction Ignore) -eq $null)
    {
    	continue
    }
    
    PingServer -ComputerName $server.DNSHostName
}

On my test network, I get the following output:



We can replace the PingServer function with any other function that performs an operation on a single server. We will use this template in the future to do some very useful work on our entire server list.

If you found this blog helpful or have a question, please leave a comment.

Thanks for reading.

Posted by at No comments:

Monday, January 4, 2021

Getting a List of All of Your Windows Servers Using PowerShell

One of the most often asked for things in an IT department is a current list of servers. Key word here, CURRENT. Keeping an accurate inventory of the servers on your network can be a daunting task. And the larger your network, the more daunting the task can become.

Thankfully, PowerShell gives you a way to collect this information from Active Directory.

To run the scripts presented in this article, you will need to be running one of the following:

  • Windows 7 (or newer) with the Remote Server Administration Tools (RSAT) installed.
  • Windows Server 2008 R2 with RSAT installed.

Assuming you are logged on to your computer with a domain account, you can run the following PowerShell command to retrieve a list of servers in your domain:

Get-ADComputer -Filter {OperatingSystem -like "*windows*server*"}

This command produces the following output on my test network:


Assuming you only want to display the computer name and the operating system, you can pipe your output to the Select-Object cmdlet like so:
Get-ADComputer -Filter {OperatingSystem -like "*windows*server*"} -Properties OperatingSystem | 
    Select-Object -Properties SamAccountName,OperatingSystem

This command truncates the output as follows:


Lastly, if you want to save the output of this command so that you can work with it in a spreadsheet, you can export the list of servers to a CSV file with the Export-CSV cmdlet. Here's an example:
Get-ADComputer -Filter {OperatingSystem -like "*windows*server*"} -Properties OperatingSystem | 
    Select-Object -Properties SamAccountName,OperatingSystem |
    Export-Csv -Path C:\Temp\Test.csv -NoTypeInformation

If you found this blog helpful or have a question, please leave a comment.

Thanks for reading.

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)