Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Wednesday, September 19, 2012

Powershell - Adding A Trusted Server

So I'm going through and automating my new infrastructure. I don't have the money for a log analysis tool, so I've created a tidy little script that will run on each of my servers that will gather error and warning events from the system and application logs over the past day and email them to me.

#Get yesterday's date and set some headers for the email I'll create later.

 $Date = ((get-date).adddays(-1))
$SystemHeader = "`r`n+++   System Log Errors and Warnings    +++"
$ApplicationHeader = "`r`n+++ Applications Log Errors and Warnings  +++"
$DelimiterLog = "`r`n++++++++++++++++++++++++++++++++++++++++++++"
$Newline = "`r`n"

 #Get the hostname
$Hostname = ($env:computername)

 #Get Error/Warning events from the System log
$System = (get-eventlog system -after $Date -EntryType Error,Warning | select Entrytype, Source, EventID, Message | ft -autosize)

 #Get Error/Warning events from the Application log
$Application = (get-eventlog application -after $Date -EntryType Error,Warning | select Entrytype, Source, EventID, Message | ft -autosize)

 #Craft and send the email
$Body = $DelimiterLog
$Body += $SystemHeader
$body += $DelimiterLog
$body += ($System | Out-string)
$body += $Newline
$body += $Newline
$body += $DelimiterLog
$body += $ApplicationHeader
$body += $DelimiterLog
$body += ($Application | Out-string)
Send-Mailmessage -from "administrator@foo.com" -to "me@foo.com" -subject "Log Errors and Warnings from $Hostname" -smtpserver mailservername -body $body

I put the script on my central "management" server that performs all of my scheduled tasks. Everything ran fine when I tested the script, but most of my scheduled tasks failed. I remoted (that should be a verb in the dictionary at this point, methinks) into one of the servers that didn't run the script correctly, and lo and behold, when I ran the script from the local prompt I got a weird prompt:

Security Warning Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your computer. Do you want to run \server\scripts\my.ps1? [D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"):

This won't do!
After hunting around on the web I found out that the server you run the script from needs to be a trusted site in your Internet Settings. The easiest way I found to accomplish this was pushing out the following registry key via group policy:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\<servername>
Now, create a REG_DWORD named *, and set the data to 2 (decimal)
Because I wanted to trust our DFS infrastructure, the servername key was our root DFS namespace server.

And voila! No more prompts!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)