Home > OS >  Figuring out which credentials to use when accessing workstations
Figuring out which credentials to use when accessing workstations

Time:01-10

Problem: I need to gather information from every workstation in my environment.

Details: I am running a script from a machine which has rights on one Domain which makes it not require credentials in a script for about 80% of the workstations. However about 20% of the workstations are on other domains or no domain at all and require creds.

Solutions: Does anyone have a clever way of handling creds like this? It seems that the local creds don't always work, not sure why. So I've resorted to trial and error. See the example.

Example:

So in this example I check using no credential, and if it doesn't return a result I try a credentials, then a different credential if need be. PS. Remoting is off and WinRM is also off on these machines.

$isApplied = "UNKNOWN"
$HotFix = $null
ForEach ($Item in $ComputerList) {
    if ($null -eq $HotFix) {
        $HotFix = isHotFixInstalled -ComputerName $Item -KB $KB  #=> Naked
    }
    if ($null -eq $HotFix) {
        $HotFix = isHotFixInstalled -ComputerName $Item -KB $KB -Credential $Cred1
    }
    if ($null -eq $HotFix) {
        $HotFix = isHotFixInstalled -ComputerName $Item -KB $KB -Credential $Cred2
    }
    if ($null -eq $HotFix) {
        $HotFix = isHotFixInstalled -ComputerName $Item -KB $KB -Credential $Cred3
    }
    if ($true -eq $HotFix) {
        $isApplied = "APPLIED"
        break 
    }
    if ($false -eq $HotFix) {
        $isApplied = "NOT_APPLIED"
        break 
    }
}

CodePudding user response:

If you don't want to run the command on each computer blindly, you can first query each domain to see if the computer is member of one of them. Lastly, if computer is not found in any domain, run the command for workgroup computer.

Something like this:

$isApplied = "UNKNOWN"
$HotFix = $null

$Domain1 = "1stDomain.com"
$Domain2 = "2ndDomain.com"
$Domain3 = "3rdDomain.com"

$FailedComputers = @() # See purpose below

$ErrorActionPreference = 'SilentlyContinue' # Optional: Don't display error message when Get-ADComputer doesn't find the computer (set globally for the script)

ForEach ($Item in $ComputerList) {

    $HotFix = $null # reset value before processing each computer

    if(Get-ADComputer -Identity $Item -Server $Domain1) {
        $HotFix = isHotFixInstalled -ComputerName $Item -KB $KB -Credential $Cred1
    } elseif(Get-ADComputer -Identity $Item -Server $Domain2) {
        $HotFix = isHotFixInstalled -ComputerName $Item -KB $KB -Credential $Cred2
    } elseif(Get-ADComputer -Identity $Item -Server $Domain3) {
        $HotFix = isHotFixInstalled -ComputerName $Item -KB $KB -Credential $Cred3
    } else {
        $HotFix = isHotFixInstalled -ComputerName $Item -KB $KB  #=> Naked (for Workgroup Computers I suppose)
    }

    # BREAK below will only exit the foreach loop and stop processing computers, really the desired behavior?
    #------------------------------------
    #if ($true -eq $HotFix) {
    #    $isApplied = "APPLIED"
    #    break 
    #}
    #if ($false -eq $HotFix) {
    #    $isApplied = "NOT_APPLIED"
    #    break 
    #}
    #------------------------------------

    # Instead, you can report failed computers by using a variable ($FailedComputers) and store the list in
    if ($HotFix -eq $null) {
        $FailedComputers  = $Item
    }
}


$ErrorActionPreference = 'Continue' # Optional: If changed before the loop execution, reset to default value

Write-Host "Hotfix Failed for the following computers"
$FailedComputers

Page link:https//www.codepudding.com/os/257908.html

Prev:PSADT To Detect Active MS Teams Call
Next:powershell failing to list AzResourceGroup name in script
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding