Import ActiveDirectory PowerShell module on Windows Server

2015/11/05

To check if Active Directory module is installed, use

get-module -listavailable

If the PowerShell module is not present, it can be added using Add-WindowsFeature cmdlet

  if ((get-module -name ActiveDirectory) -eq $null) {
    Import-Module ServerManager
    Add-WindowsFeature RSAT-AD-PowerShell
  }
  Import-Module ActiveDirectory

Note: Credits go to StackOverflow, IT blogs and alike, sites that helped me with the code when searching for solutions.

Advertisements

Disable Windows Server firewall with PowerShell in Chef

2015/10/13

First of all, as I said in the previous post, be aware that is a very BAD practice to disable the firewall; do so only for test purposes and a short period of time.

The following code was tested under Windows Server 2008 R2, but it should also work for Windows Server 2012.
In the default.rb file from the recipe subfolder of your cookbook, add the code:

require ‘chef/win32/version’
win_version = Chef::ReservedNames::Win32::Version.new

if (win_version.windows_server_2008_r2? ||
    win_version.windows_server_2008? ||
    win_version.windows_server_2003_r2? ||
    win_version.windows_server_2003? ||
    win_version.windows_2000?)
      disableFirewallScript =<<-EOH
        netsh advfirewall set allprofiles state off
      EOH
elsif (win_version.windows_server_2012_r2? ||
    win_version.windows_server_2012?)
      disableFirewallScript =<<-EOH
        Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
      EOH
else
  raise “Unsupported Windows version !”
end

Chef::Log.debug(“Executing ' #{disableFirewallScript} ' in PowerShell.”)

disableFirewallResult = powershell_out(disableFirewallScript)

if (disableFirewallResult.stderr.to_s != “” || disableFirewallResult.exitstatus != 0)
  raise “ExitStatus : #{disableFirewallResult.exitstatus} \r\n STDOUT : [ #{disableFirewallResult.stdout} ] \r\n STDERR : [ #{disableFirewallResult.stderr} ]”
end

Note 1: Credits go to StackOverflow, IT blogs and alike, sites that helped me with the code when searching for solutions.
Note 2: Be aware that when copy-pasting, the quotes and possibly other characters get messed up by WordPress, you’ll have to replace them.


Test if Windows server firewall is disabled with Pester in Chef

2015/10/13

First of all, be aware that is a very BAD practice to disable the firewall; do so only for test purposes or a short period of time.

The following code was tested under Windows Server 2008 R2, but it should also work for Windows Server 2012.
Under your cookbook folder you must add the file test\integration\default\pester\firewall.tests.ps1.
It will contain the following PowerShell code sequence:

describe “disable firewall” {

  $publicFwEnabled = (Invoke-Command -ScriptBlock {[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(“LocalMachine”, $env:COMPUTERNAME).OpenSubKey(“System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile”).GetValue(“EnableFirewall”)})

  it “should disable public firewall” {
    $publicFwEnabled | Should Be 0
  }

  $domainFwEnabled = (Invoke-Command -ScriptBlock {[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(“LocalMachine”, $env:COMPUTERNAME).OpenSubKey(“System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile”).GetValue(“EnableFirewall”)})

  it “should disable domain firewall” {
    $domainFwEnabled | Should Be 0
  }

  $privateFwEnabled = (Invoke-Command -ScriptBlock {[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(“LocalMachine”, $env:COMPUTERNAME).OpenSubKey(“System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile”).GetValue(“EnableFirewall”)})

  it “should disable private firewall” {
    $privateFwEnabled | Should Be 0
  }
}

Then, in your cookbook folder, you can check if tests passed after running kitchen verify command.

Note 1: Credits go to StackOverflow, IT blogs and alike, sites that helped me with the code when searching for solutions.
Note 2: Be aware that when copy-pasting, the quotes and possibly other characters get messed up by WordPress, you’ll have to replace them.


%d bloggers like this: