WMI Filter for applying GPO to all instances of internet explorer where the version is less than 9.0

Create WMI filter -
SELECT * FROM CIM_DataFile WHERE Filename = 'iexplore' AND Path = '\\Program Files\\Internet Explorer\\' AND version <'9.0'

Powershell script to age out Netapp snapshots

I had a an incident where i had to recreate the SMVI jobs on one of our Filers , we have a requirement to keep 26 days of backups online.
As always space was at a premium so What i wanted to do was to delete the old version of the SMVI
Snapshot each time after the new snapshot was taken...

so i created a script which loops through decreasing the value of the number of backups we want to keep

$days = -26
for ($loops = 26;$loops -ge 0; $loops --)
 {
  $BackupstoKeep = (get-date).adddays($days)
  Connect-nacontroller "Filer1"
  Get-Navol | Get-NaSnapshot | where-object { $_.name -like "smvi_*" -and $_.created -lt $Backupstokeep }  | remove-nasnapshot
  Connect-nacontroller "Filer2"
  Get-Navol | Get-NaSnapshot | where-object { $_.name -like "smvi_*" -and $_.created -lt $Backupstokeep }  | remove-nasnapshot
  $days++
 
Start-sleep 86400
}

Enable SSH on all hosts and set the policy to automatic

(in a non production lab obviously)

First , have a look at the current state of the SSH service on all of the hosts

Get-VMHost | Get-VMHostService | Where {$_.label -like "SSH"} | select VMhost , running , policy , Label

Then start the SSH service on each of your hosts 

Get-VMHost | Get-VMHostService | Where {$_.label -like "SSH"} | Start-VMHostService

Then ensure that it starts up each time on startup

Get-VMHost | Get-VMHostService | Where {$_.label -like "SSH"} | Set-VMHostService -Policy Automatic

Migration of Netapp Filer in one geographic location whilst maintaining large snapmirror relationship with original destination.

I was upgrading a filer in one of our remote sites , part of the project called for the migration of our CIFS data , the CIFS volume contained over 1 TB of data and our link back to our Primary datacenter was 20Mbps. Snapping all of this data back down would have been a time consuming excersize
and needless waste of resources.

What follows are the high level steps i took to ensure that the new source filer replaced the old source filer in the snapmirror relation ship

Filer A = Old Regional Filer
Filer B = New Regional Filer
Filer C = Primary Datacentre Filer


1. Snapmirror relationship between FilerA(FilerAcifsvol1) already exists to FilerC(FilerAcifsvol1M)
2. Create Snapmirror relationship between FilerA(FilerAcifsvol1) and FilerB(FilerBcifsvol1)
3. Allow all Snapmirrors to become consistent
4. Change Snapmirror trigger to manual
5. Stop CIFS Service on FilerA
6. Perform final snapmirror in the following sequence
    FilerA(FilerAcifsvol1) ->FilerC(FilerAcifsvol1M)
    FilerA(FilerAcifsvol1) ->FilerB(FilerBcifsvol1)
   
Make sure that the correct snapshots exist on each filer
7. Quiesce and break  FilerA(FilerAcifsvol1) ->FilerB(FilerBcifsvol1) snapmirror relationship
8. Modify \\filerC\c$\etc\snapmirror.conf on FilerC as follows
    replace
   FilerA:FilerAcifsvol1 FilerC:FilerAcifsvol1M KBS=XXX ... ... ... ...
    With
  FilerB:FilerBcifsvol1 FilerC:FilerAcifsvol1M KBS=XXX ... ... ... ...

9. Putty  into filerC and execute the following command
   snapmirror update -S FilerB:FilerBcifsvol1 -w FilerC:FilerAcifsvol1M

Powershell script to create a VLAN'd portgroup on vswitch0 for each ESX host in the appropriate cluster.


Connect-VIServer vcentreServer
$DublinSite1ProdHosts = get-vmhost | where-object {($_.parent -like "DublinCluster01")}
$DublinSite1ProdHosts | ForEach-Object {( get-vmhost $_.name ) | Get-VirtualSwitch -name "vswitch0" | New-VirtualPortGroup -Name Site1IsolatedObsoleteServers -VLanId 181 }


Connect-VIServer vcentreServer2
$DublinSite2ProdHosts = get-vmhost | where-object {($_.parent -like "DublinCluster02")}
$DublinSite2ProdHosts | ForEach-Object {( get-vmhost $_.name ) | Get-VirtualSwitch -name "vswitch0" | New-VirtualPortGroup -Name Site2IsolatedObsoleteServers -VLanId 182 }

PowerShell script to apply a specific GPO and disable another Specific GPO .

$ohewes = Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -searchbase 'ou=users,ou=users,ou=users,dc=ie,dc=companyname,dc=companyname,dc=com' -searchscope Onelevel | Where-object {$_.name -notlike "IT" -and $_.name -notlike "Unassigned*"}

$ohewes | ForEach-Object {
    New-GPLink -name "EncryptionCheck - UserPolicy" -target $_.DistinguishedName  -linkEnabled Yes
}

$ohewes | ForEach-Object { set-GPLink -name "OldEncryptionCheck - User Policy" -target $_.DistinguishedName  -linkEnabled no -whatif }

PowerShell script to refresh training environment to most recent snapshot

#Refreshes the training system to the latest snapshot
connect-viserver viserver
$PSEmailserver = "SMTP.companyname.com"
$CurrentTrainingSnap = (get-snapshot Appserver** | sort-object -Property Created -Descending | select-object -ExpandProperty Name -First 1)
Set-VM Appserver** -Snapshot $CurrentTrainingSnap -Confirm:$false
Send-MailMessage -From "emailaddress" -To "emailaddress" -cc "emailaddress" -Subject "Appserver** has been refreshed"

PowerShell script to check for unencrypted computers and send email alert

Computers log any decryption event to a log file , if the log file is older than a day
then the process is assumed to have failed , in this case an email is sent to our helpdesk system which automatically logs a call for the helpdesk staff to contact the end user and manually remediate the device

$PSEmailserver = "SMTP.emailserver.com"
$DateToCompare = (Get-date).addDays(-1)
$PathToCheck = "\\fileserver\emcryptionuninstall$\DecryptLimbo\"
$LimboComputers = get-childitem $PathToCheck | Where-object {$_.lastwritetime -lt $DatetoCompare}
$limbocomputers | ForEach-Object { Send-MailMessage -From "Security@company.ie" -To "me@company.ie" -cc "others@company.ie" -Subject "The following computer has not completed the encryption Process" -Body (get-content $_.fullname)}