Powershell related code snippets
This PowerShell code snippet creates an Azure AD application registration with an associated SPN and self-signed certificate for Azure authentication.
I've used this for generating certificates that Virtual Machines can use for authenticating to Azure as an alternative to Managed Identities.
Some time back I had cause to demonstrate the possibility of using Azure Automation in generating time limited certificates for use with Azure. It turned out to be more difficult than I thought as certificate creation on a local server or desktop uses the COM based CryptoAPI... which isnt available for use with Automation Runbooks.
This example script used the brilliant "Bouncy Castle" library for creating certificates.
Over the years I've posted a number of atricles related to using PowerShell with SCCM. The most read of these was about creating SCCM Applications with Enhanced Detection methods - specifically for File Based Detection. A number of people have asked for an example of the same script using Registry based detection for installed applications.
Not to go over old ground - the earlier blogs that may be of interest are found here:
PowerShell’s Desired State Configuration is becoming a core component of Windows and is included with the installation of PowerShell 5.
Earlier I wrote about enabling WinRM using a self-signed certificate (http://www.laurierhodes.info/?q=node/115). Use those instructions to configure WinRM on a newly built machine.
Azure Automation is the next step in Microsoft’s Orchestration path. Using predefined workflows / with REST/Odata/WebAPI has been a core component of Orchestrator, Service Management Automation and the Cloud based Azure Automation.
WMI is easy to use and great for querying information about remote machines. It’s the obvious choice for reporting on hardware usage – especially for scoping EC2 instances. What is a little more interesting is using the retrieved information to construct a report.
Windows Remote Management is a core technology for the remote management and configuration of Windows machines. WinRM is essential for automating complex Azure and AWS tasks. This guide will outline how to establish WinRM using SSH and a self-signed certificate. A certificate issued from a Certificate Authority would be preferable but for the purpose of establishing a test environment, the steps below are enough to get the technology working.
This demonstration is in three parts.
To demonstrate how powerful the IIS Odata extension for PowerShell is, I’ve tweaked the SSH PowerShell module that I published previously for use with Azure Pack. By doing so, as long as I can connect to my Windows IIS web server, I can relay SSH commands from any other physical environment.
You will need to have setup the Odata IIS server extension as described in http://www.laurierhodes.info/?q=node/111
This module is reworked from the version posted by Eamon O’Reily on the technet gallery.
