26 January, 2013

Edit MultiString registry value remotely - OS

The other day I needed to edit a RED_MULTI_SZ value on ~400 servers. You could say: it's an "everyday" task, why a blog post about it?
Indeed, it's no big deal, but I spent about an hr on one particular issue with this task that I wanted to share.

As I mentioned I had to edit a MultiString value (which is basically an array - in scripting world) and add a new element to it.

Let's start at the beginning. To write a String value to a remote registry you can use Microsoft.Win32.RegistryKey:
[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine','REMOTEHOST').OpenSubKey("SOFTWARE\Microsoft\FTH",$true).SetValue('ExclusionList', $newdata,'string')

However, if you want to edit a REG_MULTI_SZ value, you need to read the content first, do whatever you want with it (search for item, remove, add...etc) and then write it back to the registry. In my case I had to add a new item to the beginning of the registry value:
$Array = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine','r2d2').OpenSubKey("SOFTWARE\Microsoft\FTH",$true).GetValue("ExclusionList")
$newArray = @("newitem")
$newarray += $array
[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine','r2d2').OpenSubKey("SOFTWARE\Microsoft\FTH",$true).SetValue('ExclusionList', $newarray,'MultiString')

And it will throw an error:
Exception calling "SetValue" with "3" argument(s): "The type of the value object did not match the specified
RegistryValueKind or the object could not be properly converted."
At line:1 char:1
+ [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine','r2d2').OpenSubK ...


Why? The error message has the answer: the type of value object did not match...etc. Hah! Object?? What object? I've got strings in an array... let's see:
PS C:\> $newarray.GetType()
IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     Object[]                                 System.Array

Khm, ok, I forgot about PS being object oriented :) Let's force the array to have String type then:
[string[]]$newArray = @("newitem")

Now, let's double check its type:
PS C:\> $newArray.GetType()
IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     String                                   System.Object

Awesome. As expected, the following line now works:
[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine','r2d2').OpenSubKey("SOFTWARE\Microsoft\FTH",$true).SetValue('ExclusionList', $newarray,'MultiString')


May the Force...
t

20 January, 2013

Compare hotfixes on two computers - OS

In an enterprise environment, inevitably, you will find high availability systems. A typical solution to reach a relatively high availability is to setup a cluster. A cluster usually consists of two or more identical computers (nodes), ideally in different physical locations and they are capable of running exactly the same service, some of them have shared disks to be able to run database engines...etc. If one of the nodes in a cluster goes down for whatever reason, another one can pick up the services and run them (a service can be an IP address, a network name, database engine or any custom service which supports clustering).


In the definition of these systems, there's is a very important word: identical nodes. The computers which are part of a cluster of some sort should be very similar. Ideally same hardware model, same operating system, same applications installed, same OS, network, disk...etc configuration. And not least, same hotfixes installed.

Because Microsoft hotfixes are supposed to be installed at least once a month, a quick tool is always helpful which can tell you the differences between the list of installed hotfixes on two computers. You can get the list of Microsoft patches installed to a host with one line:
$hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixID like 'KB%'" -computer $fsrv | select hotfixid

If you want to compare two lists, PowerShell offers you and easy way with Compare-Object, however, to make the output a bit better and more readable, you can feed the data into an object collection and then make it as the output of the script (see compareHotfixes function in the script below).

Example output:







 

Some of the interesting parts of the script:
#### Function for enumerating hotfixes

function gethotfixes ([string]$fsrv){
   writelog 0 "$fsrv, reading hotfixes data from Win32_quickfixengineering......" "nonew"
   $hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixid like 'KB%'" -computer $fsrv | select hotfixid
   $strHotfixes = $hotfixes | %{$_.hotfixid.tostring()}
   writelog 1 "[done]" "extend"
   return $strHotfixes
} 
This function reads the list of hotfixes from a remote host (has some logging as well) and returns the results in $strHotfixes variable.

#### Function for comparing hotfixes between 2 hosts
function compareHotfixes ($fobjColl, $fullreport){
   writelog 0 "Comparing hotfixes between the 2 hosts......" "nonew"

   
# compare the list of hotfixes from the 2 hosts

   if($fullreport) {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500 -IncludeEqual} #we need the equals for the host details output
   else {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500}

   # going through the output of compare-object's output and feed the data into an object collection

   foreach ($c in $comparedHotfixes) {
      $fsObj = new-Object -typename System.Object
      $hotfixId = $c.InputObject
      switch ($c.SideIndicator)
      {
         "=>" {

               $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "Missing"
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
         }
           
"<=" {

               $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "Missing"
         }
           
"==" {

               $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
               $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
         }
      }

     
if($fsObj.item){

         $script:ReturnObjColl += $fsObj
      }
   }
  
writelog 1 "[done]" "extend"

} 
This is the main part of the script where we take the list of hotfixes on each node (first and second element of the $fobjcoll object collection, which is basically an array of objects and we take the hotfixes property of them: $fobjColl[0].hotfixes, $fobjColl[1].hotfixes.) and then we use the compare-object command to compare the lists. Then there's a bit of data processing with a switch case.

if($hostlistlength -eq 2){
   foreach ($srv in $hostlist) {
      $sObjHotfixes = new-Object -typename System.Object
      $sObjHotfixes | add-Member -memberType noteProperty -name ComputerName -Value $srv
      $sObjHotfixes | add-Member -memberType noteProperty -name hotfixes -Value ""
      $sObjHotfixes.hotfixes = gethotfixes $srv
      $objColl += $sObjHotfixes
   }
}


The script checks how any nodes were specified, if 2 then we are good to go. Then we just go through the list and create and object for each which will contain the name of the computer and the hotfixes enumerate from it.

Run it like this:
PS C:\> "host1","host2" | compare-hotfixes.ps1

Clipboard friendly code:
 param (     [string] $log = "",
            [switch] $fullreport = $false)
  
 if (!$log){
      $date = get-date -uformat "%Y-%m-%d-%H-%M-%S"
      $log = "c:\temp\$scriptname-$date.log"
      write-host -foregroundcolor 'yellow' "No logfile is specified, $log will be used." 
 }     
 $logfile = New-Item -type file $log -force
  
 ##################################################### Functions ##################################################### 
 # ================== Logging and reporting functions ==================
 #### Function for creating log entries in a logfile and on standard output
 function writeLog ([int]$type, [string]$message, [string]$modifier) { #usage: writeLog 0 "info or error message"
      # $modifier: <nonew | extend>
      # Value nonew: writes the output the the console and the logfile without carriage return
      # Value extend: writes the message to the output without date and 
      # both values can be used e.g. for writting to the console and logfile and put a status message at the end of the line as a second step
  
      $date = get-date -uformat "%Y/%m/%d %H:%M:%S"
      if($modifier -eq "extend"){
           switch ($type) {
                "0"     {$color = "Green"}
                "1"     {$color = "Yellow"}
                "2"     {$color = "Red"}
           }
      }
      else{
           switch ($type) {
                "0"     {$message = $date + ", INF, " + $message; $color = "Green"}
                "1"     {$message = $date + ", WAR, " + $message; $color = "Yellow"}
                "2"     {$message = $date + ", ERR, " + $message; $color = "Red"}
           }
      }
      if($modifier -eq "nonew"){
           write-host $message -ForegroundColor $color -NoNewLine
           $bytes = [text.encoding]::ascii.GetBytes($message)
           $bytes | add-content $logfile -enc byte
      }
      else{
           write-host $message -ForegroundColor $color
           Add-Content $logfile $message
      }
 }
  
 #### Function for enumerating hotfixes
 function gethotfixes ([string]$fsrv){
      writelog 0 "$fsrv, reading hotfixes data from Win32_quickfixengineering......" "nonew"
      $hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixid like 'KB%'" -computer $fsrv | select hotfixid
      $strHotfixes = $hotfixes | %{$_.hotfixid.tostring()}
      writelog 1 "[done]" "extend"
      return $strHotfixes
 }
  
 #### Function for comparing hotfixes between 2 hosts
 function compareHotfixes ($fobjColl, $fullreport){
      writelog 0 "Comparing hotfixes between the 2 hosts......" "nonew"
      # compare the list of hotfixes from the 2 hosts
      if($fullreport)     {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500 -IncludeEqual} #we need the equals for the host details output
      else               {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500}
  
      # going through the output of compare-object's output and feed the data into an object collection
      foreach ($c in $comparedHotfixes) { 
           $fsObj = new-Object -typename System.Object
           $hotfixId = $c.InputObject
 
           switch ($c.SideIndicator) 
           {
                "=>" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "Missing"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
                } 
                "<=" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "Missing"
                } 
                "==" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
                } 
           }

           if($fsObj.item){
                $script:ReturnObjColl += $fsObj
           }
      } 
      writelog 1 "[done]" "extend"
}
  
##################################################### Body #####################################################
  
 writelog 0 "Syntax: $($MyInvocation.MyCommand.Path)$($myinvocation.line.substring(($myInvocation.InvocationName).length ))"
 writelog 0 "Invoked by: $([Security.Principal.WindowsIdentity]::GetCurrent().Name)"
  
 $hostlist = @($Input)
 $objColl = $script:ReturnObjColl = @()
 $hostlistlength = $hostlist.length
  
 if($hostlistlength -eq 2){
      foreach ($srv in $hostlist) {
           $sObjHotfixes = new-Object -typename System.Object
           $sObjHotfixes | add-Member -memberType noteProperty -name ComputerName -Value $srv
           $sObjHotfixes | add-Member -memberType noteProperty -name hotfixes -Value ""
           $sObjHotfixes.hotfixes = gethotfixes $srv
           $objColl += $sObjHotfixes
      }
 }
  
 compareHotfixes $objColl $fullreport
 $script:ReturnObjColl
  



Have a look and let me know what you think.

May the Force...
t