Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
 All Forums
 HALP! Questions on Windows and Windows Server
 PowerShell
 modules without RSAT?

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Note: please do not cross-post.
Cross-postings will be deleted and ignored.
Thanks for helping to keep this forum junk-free!
 Check here to subscribe to this topic.
   

T O P I C    R E V I E W
Rambler Posted - 06/29/2012 : 10:32:10 AM
Hi everyone.
Is it somehow possible to use modules such as ActiveDirectory, FailoverClusters etc. without actually installing/enabling RSAT?

I have a script that needs to be run locally on every machine (it's setting permissions using icacls), but I'd like to avoid enabling RSAT (even parts of it) on the servers.
10   L A T E S T    R E P L I E S    (Newest First)
Rambler Posted - 07/04/2012 : 7:54:28 PM
Thanks Jeffery, I'll try that out.
I guess I'll stick to connecting directly to the cluster in this particular script. I'll have to see how it turns out in my other scripts where I need this functionality.
jhicks Posted - 07/03/2012 : 09:50:00 AM
The long answer is to set up delegation with CredSSP. But that is a pain. The issue is 2nd hop authentication. I've had luck manually authenticating with a simple net use command. In the session run the net use command and map a drive to c$ or IPC$

[remote]PS C:\> net use * \\server2\c$ /user:domain\admin MyPassw0rd

Then try running PowerShell commands that connect to remote computers. I can't guarantee this technique will work 100% of the time.
Rambler Posted - 07/03/2012 : 09:00:28 AM
Yes, that seems to be the problem. I've created the session with providing the -Credential parameter and imported the failovercluster module, Get-ClusterSharedVolume failed again with access denied.
Then I've tried the same, but created the session directly to the cluster node and then it worked because I didn't have to specify the -cluster parameter. The good news is I can use the cluster name instead of a node name to connect to.

You said this cred/token "transitiveness" is not normally allowed - is there a way to allow it then?
jhicks Posted - 07/03/2012 : 07:56:41 AM
I just had a thought. If you are remoting to Server1 and then using the cluster cmdlets to connect to another remote machine that can be problematic. This second-hop isn't normally allowed for security reasons.
jhicks Posted - 07/03/2012 : 07:41:25 AM
So Server1 is the cluster that has the Failovercluster module, right? I would try creating the session with -PSCredential explicitly specifying an admin credential for the server. Then enter the session, import the module and try running the the Get-ClusteredShareVolume command. This will help verify if credentials are an issue.
Rambler Posted - 07/03/2012 : 06:06:01 AM
Maybe my description wasn't clear enough in the first post. I need to run stuff that isn't installed on the computer from which I run the script.
For example I have script that displays CSV information on a Hyper-V cluster. I use the FailoverClusters module, which I don't have installed on the machine from which I run the script. So I've added the implicit remoting code from the above link and the module loads fine, but now there's a problem with credentials/elevation. I get access denied, although I'm running the script as domain admin (even tried elevated PSH session).

# Create a Powershell remote session to a server with the #commandlets installed.
$Session = New-PSsession -Computername server1
# Use the newly created remote Powershell session to send a #command to that session
Invoke-Command -Command {Import-Module FailoverClusters} -Session $Session
# Use that session with the modules to add the available # commandlets to your existing Powershell command shell with a #new command name prefix.
Import-PSSession -Session $Session -Module FailoverClusters

$objs = @()

$csvs = Get-ClusterSharedVolume -cluster <clustername>
foreach ( $csv in $csvs )
{
   $csvinfos = $csv | select -Property Name -ExpandProperty SharedVolumeInfo
   foreach ( $csvinfo in $csvinfos )
   {
      $obj = New-Object PSObject -Property @{
         Name        = $csv.Name
         Path        = $csvinfo.FriendlyVolumeName
         Size        = $csvinfo.Partition.Size / 1GB
         FreeSpace   = $csvinfo.Partition.FreeSpace / 1GB
         UsedSpace   = $csvinfo.Partition.UsedSpace /1GB
         PercentFree = $csvinfo.Partition.PercentFree
      }
      $objs += $obj
   }
}

$objs | ft -auto Name,Path,@{ Label = "Size(GB)" ; Expression = { "{0:N2}" -f ($_.Size) } },@{ Label = "FreeSpace(GB)" ; Expression = { "{0:N2}" -f ($_.FreeSpace) } }`
,@{ Label = "UsedSpace(GB)" ; Expression = { "{0:N2}" -f ($_.UsedSpace) } },@{ Label = "PercentFree" ; Expression = { "{0:N2}" -f ($_.PercentFree) } }


The script is raw, nothing fancy, just to get the info I need.

Here's the error:
quote:
You do not have administrative privileges on the cluster. Contact your network administrator to request access.
Access is denied
+ CategoryInfo : NotSpecified: (:) [Get-ClusterSharedVolume], ClusterCmdletException
+ FullyQualifiedErrorId : Get-ClusterSharedVolume,Microsoft.FailoverClusters.PowerShell.GetClusterSharedVolumeComm
and

out-lineoutput : The object of type "Microsoft.PowerShell.Commands.Internal.Format.FormatStartData" is not valid or not
in the correct sequence. This is likely caused by a user-specified "format-table" command which is conflicting with th
e default formatting.
+ CategoryInfo : InvalidData: (:) [out-lineoutput], InvalidOperationException
+ FullyQualifiedErrorId : ConsoleLineOutputOutOfSequencePacket,Microsoft.PowerShell.Commands.OutLineOutputCommand
Do I need to create the remote session in a different way or what is the problem?
jhicks Posted - 06/29/2012 : 12:28:35 PM
That's a little different. Implicit remoting allows you to use stuff that isn't installed on your computer. I don't think this applies to your situaton. But in your case you want to run some icalcs commands on remote computers and use some AD stuff along the way. Even with the AD module loaded on your machine, you can't run a command like Get-ADUser on the remote machine. What you can do however, is run the command on your machine and then use the result remotely. Ultimately, this is going to come down to what you need to achieve.
JeffWouters Posted - 06/29/2012 : 12:19:24 PM
Take a look at Don Jones' Secrets of PowerShell Remoting book (free): http://powershellbooks.com/
A lot of content but explaines it from A to Z :-)
Rambler Posted - 06/29/2012 : 10:46:51 AM
Thanks Jeffery. I haven't explored remoting much yet - do I understand it correctly that I could create remote session from my management station which has RSAT installed and still use the modules on the remote computer (inside the PSH session)?

Edit: Ah, found this http://blogs.metcorpconsulting.com/tech/?p=240, so I guess the answer is yes
jhicks Posted - 06/29/2012 : 10:37:56 AM
The only way you can get the AD module on Windows 7 is to install RSAT and configure it for AD. What you might have to do is install RSAT on your machine, use remoting to run icacls. Use the AD module locally to get what you need and then pass that to the remote icacls command. The other option, at least for AD, is to write your own functions using ADSI.

Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.08 seconds. Snitz Forums 2000