• Hi, Mike.
    I didn't quite forget it; it's just a function, not a module. If you save it as a PSM1 file, then you can install/ reference it. But I wouldn't create a dedicated module for such a small function. My vanity doesn't go that far. 🙂

    Cheers! Emanuel

    0
  • Hi, Jonathan.
    Well, before it's recognised, you need to copy/paste the code from this article in your PowerShell window. To always have it available, you can save it as a script and reference it, you can copy it in your PowerShell Profile, or you can save it in a (new or existing) PowerShell module.
    I hope this helps. Emanuel

    0
  • The Show-Progress function provides a nice, compact way to display the progress of longer-running tasks in PowerShell. You can use it as a replacement for Write-Progress. While this has the advantage of being a "native" cmdlet with a few options to customize the progress of tasks, it occupies a bit of real estate in the PowerShell window (the upper portion of the console), sometimes hiding interesting information. The Show-Progress function is only a single line of text, at the current cursor position, and does not hide any output or status messages from other commands.

    0
  • Hi, Olivier.

    Thanks for the clarification. Don't worry, English is not my native language, either. And yes, I do like to use descriptions. I find them as important as comments in scripts. 

    For groups you can use a prefix or suffix like U-Something, Something-DL, etc.

    Fortunately, I have been blessed with working in single-domain environments. But I still favour/use group suffixes like -RO and -RW for read-only or read-write access. It just makes life a bit easier for me. 

    Cheers. Emanuel

    0
  • Hi Oliver.

    Wow, thanks for the comments and feedback. There's a lot of it, and it's much appreciated.

    Let me try to answer to some bits:

    • Splatting is a very good suggestion, and I've started to use it more and more often. I always preach about it to others, but... I'm still guilty of not doing it myself from time to time.
    • I'm aware that servers usually have more than one NIC (usually the front-end ones), and yes, this would certainly be an area of improvement. However, I still care about DNS everywhere. If anything else, for Kerberos authentication. You can't have that using a server's IP instead of hostname/FQDN. That aside, I might change the script at some point to pick a specific NIC. And yes, having an IP address is a good requirement for creating a firewall rule, although there are many ways to select a certain NIC when you have more than one.
    • I'd say creating the Excel file is more time-consuming, saving it as CSV is not that difficult. It takes a bit longer to create lists of all the groups, but after that it requires little maintenance, though. And the traffic rules would be filled in by other than you, ideally (my whole idea is that the application owner or architect should fill it in, not the sysadmin).
    • I understand your preference for GPOs, and I agree with it. However, there are cases (few, admittedly) where the servers are not domain members, and (and this is my main objection, really) the GPOs creation is not as easy to automate. 
    • I don't understand the last bullet. If it was appreciation for using descriptions, thank you. 🙂 I prefer to use them whenever possible (AD Groups, special user accounts, computer accounts). I also use them heavily in GPOs, for trickier settings and also I put a description for the GPO itself (it's not very intuitive, but lovely to do and have). If it wasn't a compliment but a criticism/ objection, please clarify. I developed the habit to take criticism and complaints as compliments, it makes corporate life so much easier. However, sometimes it backfires. smiley

    Once again, thank you for the comments and suggestions/hints for improvement. Cheers! Emanuel

    0
  • With my PowerShell script, you can easily import rules from an Excel sheet to the Microsoft Defender Firewall in Windows 10. The script reads the ports that need to be opened or blocked from a simple CSV file.

    0
  • Hello (again), Olivier.

    Well, I'm quite sure there is a lot of room for improvement in my scripts in general. 🙂

    -WhatIf would be great, but I didn't think of it at the time. If at some point in the future I decide to improve this funtion, I will keep it in mind (as well as your other suggestion). 

    Cheers! Emanuel

    0
  • Hi, Oliver.

    1. Maybe it helps to use Get-NetAdapter -Physical and start from there? The switch -Physical filters the non-physical NICs.

    2. If you have a load-balancing cluster for DHCP, just do it on one server, it will replicate to the other(s). You can add at the beginning of your script something like $DhcpServer = (Get-DhcpServerInDC)[0], which picks only one DHCP server from the list. If you have an active-passive configuration, make sure you change your script to pick the active DHCP server.

    3. Clear-DNSClientCache is the equivalent of ipconfig /flushdns, if I remember correctly. After a reboot it doesn't really matter if I didn't flush the cache, but yes, you are correct. I use Clear-DNSClientCache a lot in other scripts that involve operations with DNS, for example when I change the IP Address of a remote computer (in order to connect to the proper server after its IP Address has changed).

    I hope 1) and 2) help. And thank you for the suggestion for 3).

    Cheers!

    0
  • Hi, David.

    I couldn't find a way to set an alternate IP Address (that would take over in case a DHCP server cannot be reached) via PowerShell. 

    I've seen a lot of VBScripts that can do it, which I would not call ideal. At the end of the day -as almost anything that's configurable in Windows- there's a registry key for that, and you could use PowerShell to populate that registry key with an alternate configuration. The link below is a nice starting point for that, since it mentions the registry keys.

    Is it possible to configure a static IP alternative for all adapters using the registry? - Super User

    I hope it helps.

    Cheers! Emanuel

    0
  • Leos, that sounds like a better idea. I was trying to stick to Gino's restrictions, but your workaround sounds easier than static MACs (which would accumulate to a messy problem in time).

    0
  • Hi, Gino.

    I had no idea the MACs are not "seen" until the VM is powered on.

    I guess a workaround would be to assign the MACs manually from a pool.

    You would need to figure a way to avoid duplicate MACs, but probably a shared CSV file would be enough. You may populate it when you're planning your infrastructure or as you add VMs in the environment).

    If I could pick, I'd just use more recent OS'es, but is it safe to guess the restriction is not technical? (I don't know if a happy or sad emoticon is more suitable here...)

    0
  • Hi, Gino.

    One thing I could think of is to retrieve the MAC address from the host, and then use that information to identify the NIC.

    Get-VMNetworkAdapter -VMName VM1 | Select-Object SwitchName, MacAddress

    I haven't tested in WS2012 (I don't have hosts with WS2012), but if it works, I think that should help you.

    Regards. Emanuel

    0
  • Hi, Gino.

    According to this Microsoft article, the feature was introduced in WS2016. It's a feature for Gen2 Hyper-V VMs. I couldn't find any workaround for earlier versions (like WS2012R2).

    Regards. Emanuel

    0
  • I learn the same way, too. Given how many problems I run into, I should be almost a guru by now. 🙂

    Thank you for the feedback, hints and appreciation, Tim.

    0
  • Hello, Tim!

    You can easily avoid the allocation using Set-DhcpServerSetting, using the switch ConflictDetectionAttempts (the default value is 0, but you can set it to 1 or up to 5).

    Of course, a more honest answer should also include that I haven't considered that, and it should also include thanks for pointing this. So, thank you for pointing this. 🙂

    0
  • In this post, I'll explain how you can easily convert a DHCP reservation to a static (or manual or fixed) IP for a server's NIC. I will show you how you can automate this process with PowerShell.

    0
  • Hi, Jake.

    It's Emanuel again. The article is updated now to reflect the missing "}".

    0
  • Hello, Jake.

    By the looks of it, yes, you are right. The last bracket in the code is the closing one for the last else statement.

    As the function was working (I checked and tested it thoroughly), most likely the function's closing bracket was lost in the posting process. 🙂

    I don't have access to change it (or I don't think I do), I'll point this to someone that definitely has.

    Cheers for the heads-up!

    Em.

     

    0
  • Hello, Robert.

    This will not work with your Linux DHCP server, as the function is using commands from the DHCP Server PowerShell module (I mentioned in the article it only works with Microsoft's own DHCP server implementation). Most likely these commands will not work on other flavours of DHCP servers.

    If your Linux DHCP server provides a PowerShell module for administration, you could tweak the script in this post to match those commands.

    Another option would be to build a temporary Windows Server 201x DHCP server, create the reservations and then migrate the whole configuration (including reservations) to your Linux server, if such a migration tool is available.

    Cheers. Emanuel

    0
  • In this post, I will explain how you can easily change the IP configuration for a server's NIC from manual (or static or fixed) to a DHCP reservation. If you have to scale the procedure with many servers involved, you can automate the task with PowerShell.

    0
  • Load More
© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account