BSonPosh » Parameters

userAccountControl and “User cannot change password”

Someone asked me a question about setting the “User cannot change password” check box in ADUC. They were creating the user account and setting PASSWD_CANT_CHANGE along with other settings (see my post about HERE about userAccountControl and values) and they couldn’t figure out why the check box wasn’t being applied.

I thought about this, and my first impression was they had the wrong bit value. So, I posted the “correct” one. They came back and said “That didn’t work.”

Hmmm, that’s curious. I turned to Dean and asked him if I was missing something obvious (I had a nagging feeling I had been here before) and he informed me that it has to be set with an “Extended Right” (control access right) via an ACE.

DOH! Now the whole scenario I had THAT feeling about came back to me. I recall having this discussion with someone and providing them a Script that would set the ACE. I searched for the script and I couldn’t find it. This happens to me a lot so I decided a while ago… when I run across this again, BLOG IT!

Technical Info:

In the past, permissions on the ‘userAccountControl’ attribute could be edited oftentimes making the effective password policy moot, i.e. you could end up with accounts that don’t comply with the domain’s password policy.

In Windows 2000, you can’t easily prevent this except by using third party front-end/provisioning tools to manage user objects. In Windows 2003 and later, you can use three newly-added extended rights (Control Access Rights) to prevent these bits from being edited even when the caller has permission to do so. The three (new) ‘Extended Rights’ are -

• Update password not required bit [controls 'password not required' and maps to ACE in footnote below]
• Enable per user reversible encryption [controls whether password is stored reversibly encrypted or not]
• Unexpire password [controls 'password never expires']

Each of these extended rights MUST be configured on the domain head and scoped as “This Object only” with ALLOW or DENY for the security principals you designate. By default, ‘Authenticated Users’ is granted an ALLOW ACE for each of the three extended rights. This doesn’t mean any old authenticated user can alter the password related bits in the ‘userAccountControl’ attribute; they still require the permission to modify ‘userAccountControl’.

USAGE SCENARIO - create a single group representing ALL three extended rights (or perhaps ONE group for EACH extended right). Then ACL the group(s) accordingly on the domain head with a DENY ACE. Finally, place the account-administrator users and groups that have management permissions to user objects (i.e. they have write permissions to the ‘userAccountControl’ property) in the group(s) you just created thereby preventing those account-administrators from altering the password related bits on the ‘userAccountControl’ attribute resulting in an enforced password policy.

IMPORTANT NOTE [Observed Behavior] - When viewing or changing a user’s ability to change their own password (User Cannot Change Password) through the GUI, it no longer appears to touch ‘userAccountControl’s bit 0×40 (64) — rather, it simply grant’s the ‘SELF’ security principal ‘ALLOW’ or ‘DENY’ to ‘Change Password’ — this can be easily verified by viewing the DACL.

Links:
Modifying User Cannot Change Password (LDAP Provider)

So… Here it is (Set-UserCannotChangePassword.ps1)
Parameters
-User: The sAMAccountName of the User
-CheckBox: If passed it checks the box
-Default: Remove Check box.

Param($User = $(throw ‘$User is Required’,[switch]$CheckBox)
Write-Host
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"","(&(objectcategory=User)(sAMAccountName=$user))")
$MyUser = $Searcher.FindOne().GetDirectoryEntry()
if(!$?){" !! Failed to Get User !!";Return}
if($CheckBox)
{
Write-Host " - Checking Box for User [$($MyUser.distinguishedName)]"
$self = [System.Security.Principal.SecurityIdentifier]‘S-1-5-10′
$ExtendedRight = [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight
$deny = [System.Security.AccessControl.AccessControlType]::Deny
$selfDeny = new-object System.DirectoryServices.ActiveDirectoryAccessRule($self,$ExtendedRight,$deny,‘ab721a53-1e2f-11d0-9819-00aa0040529b’)
$MyUser.psbase.get_ObjectSecurity().AddAccessRule($selfDeny)
$MyUser.psbase.CommitChanges()
}
else
{
Write-Host " - Removing Check Box for User [$($MyUser.distinguishedName)]"
$ACL = $MyUser.psbase.get_ObjectSecurity().GetAccessRules($true,$false, [System.Security.Principal.NTAccount])
$ACEs = $ACL | ?{($_.ObjectType -eq ‘ab721a53-1e2f-11d0-9819-00aa0040529b’) -and ($_.AccessControlType -eq ‘Deny’)}
foreach($ACE in $ACEs){if($ACE){[void]$MyUser.psbase.get_ObjectSecurity().RemoveAccessRule($ACE)}}
$MyUser.psbase.CommitChanges()
}
Write-Host

tshell :: Jul.09.2008 :: All :: 3 Comments »

What Are “Parameterized Properties?”

I recently had someone ask me a question about property types. They kept referring to Parameterized Properties and while I knew they were confused, I only had vague understanding of this concept and I knew I definitely could not define it.

I had tried google and all I came up with was this ETS Parameterized Properties. I shot this description over to a friend at MS and he said that was a bad definition and one didn’t really exist. I asked him to define it the best he can and here is the result. I would consider this source pretty authoritative

Note: These are very common with COM Objects

Parameterized Property

Properties are members that are accessed like fields but are actually methods. There is a setter method for setting the value of the property and a getter method for getting the current value of the property. Normally, the setter method takes only one parameter (the value to set) and the getter does not take any.

However, there are situations where additional parameters are needed. Consider the case where you want to use the property to get and set a member of a collection. To do this, the setter method requires 2 parameters—the index (location) in the collection and the value to set the member to; the getter method requires 1 parameter—the index to retrieve the value from. When a property requires additional parameters to operate, it is called a parameterized property or an indexer.

tshell :: Jul.01.2008 :: All :: No Comments »

Test-Host (WMI Ping -or Port Check)

I often find (specifically when using WMI) the need to ping the machine first before performing any queries. WMI takes FOREVER to timeout. I decided that I should use a script/function to test a host before passing it down the pipe.

There are a couple of problems with this approach that I had to consider.
1) How do I know what to test without corrupting the pipe or using foreach?
- For this I added a “-property” parameter that would allow the user to pick what property to check against, but still output the entire object that was inputted.

2) What about firewalls that block ping?
- Added TestPort function that does a TCP connect and returns $true or $false

3) What if I want a conditional port check.
- Added the ability to Change the Default Port for TCP Connection Test

Here is the script that I came up with and some of things it does.
Parameters
- $property: The Property to Ping or Test (Default is none.)
- $tport: The Port to test against (Default is 135. Used with -port)
- $timeout: The timeout for the connection (Default is 1000 ms, Used with -port)
- [switch]$port: Switch to Test a port instead of Ping
- [switch]$verbose: Provides Verbose Output.
Features
- Will Ping ‘$_’ by default
- Can pass the property that contains the Host to test using -property
- Can use -port to test a port instead of ping. (Uses TCP)
- Maintains the Object that is tested and passes it down the pipe if connection is passed.

A Demo of the script in action

Best Viewed Full Screen
Get the Flash Player to see this player.

Script CODE

Param($property,$tport=135,$timeout=1000,[switch]$port,[switch]$verbose)
Begin{
function TestPort {
Param($srv)
$error.Clear()
$ErrorActionPreference = "SilentlyContinue"
$tcpclient = new-Object system.Net.Sockets.TcpClient
$iar = $tcpclient.BeginConnect($srv,$tport,$null,$null)
$wait = $iar.AsyncWaitHandle.WaitOne($timeout,$false)
# Traps
trap {if($verbose){Write-Host "General Exception"};return $false}
trap [System.Net.Sockets.SocketException]
{
if($verbose){Write-Host "Exception: $($_.exception.message)"}
return $false
}
if(!$wait)
{
$tcpclient.Close()
if($verbose){Write-Host "Connection Timeout"}
return $false
}
else
{
$tcpclient.EndConnect($iar) | out-Null
$tcpclient.Close()
}
if(!$error[0]){return $true}
}
function PingServer {
Param($MyHost)
$pingresult = Get-WmiObject win32_pingstatus -f "address=’$MyHost’"
if($pingresult.statuscode -eq 0) {$true} else {$false}
}
}
Process{
if($_)
{
if($port)
{
if($property)
{
if(TestPort $_.$property){$_}
}
else
{
if(TestPort $_){$_}
}
}
else
{
if($property)
{
if(PingServer $_.$property){$_}
}
else
{
if(PingServer $_){$_}
}
}
}
}

If you want this as a function use this code

function Test-Host{
Param($property,$tport=135,$timeout=1000,[switch]$port,[switch]$verbose)
Begin{
function TestPort {
Param($srv)
$error.Clear()
$ErrorActionPreference = "SilentlyContinue"
$tcpclient = new-Object system.Net.Sockets.TcpClient
$iar = $tcpclient.BeginConnect($srv,$tport,$null,$null)
$wait = $iar.AsyncWaitHandle.WaitOne($timeout,$false)
# Traps
trap {if($verbose){Write-Host "General Exception"};return $false}
trap [System.Net.Sockets.SocketException]
{
if($verbose){Write-Host "Exception: $($_.exception.message)"}
return $false
}
if(!$wait)
{
$tcpclient.Close()
if($verbose){Write-Host "Connection Timeout"}
return $false
}
else
{
$tcpclient.EndConnect($iar) | out-Null
$tcpclient.Close()
}
if(!$error[0]){return $true}
}
function PingServer {
Param($MyHost)
$pingresult = Get-WmiObject win32_pingstatus -f "address=’$MyHost’"
if($pingresult.statuscode -eq 0) {$true} else {$false}
}
}
Process{
if($_)
{
if($port)
{
if($property)
{
if(TestPort $_.$property){$_}
}
else
{
if(TestPort $_){$_}
}
}
else
{
if($property)
{
if(PingServer $_.$property){$_}
}
else
{
if(PingServer $_){$_}
}
}
}
}}

tshell :: May.27.2008 :: All :: No Comments »

Set-CitrixServerLogon.ps1 (Citrix Top 10)

Here is a useful little script. This Creates a MFCom Server Object and disables or Enables Logons for that Server.

# Set-CitrixServerLogon.ps1
# Brandon Shell [MVP]
# www.bsonposh.com
# Sets the Server to Enable or Disable Logons
Param($Server,[switch]$enable,[switch]$disable,[switch]$help)
function HelpMe{
Write-Host
Write-Host " Set-CitrixServerLogon.ps1:" -fore Green
Write-Host " Sets the Server to Enable or Disable Logons"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -Server : Optional. Server to Set Logon"
Write-Host " -Enable : Optional. Checks Hours of Idle Time (Default)"
Write-Host " -Disable : Optional. Checks Minutes of Idle Time"
Write-Host " -Help : Optional. Displays This"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " To disable the Logon for a Server" -fore White
Write-Host " Set-CitrixServerLogon.ps1 -server <serverName> -Disable" -fore Yellow
Write-Host
}
if(!$Server -or $help){helpme;Write-Host;return}
Write-Host
Write-Host " Getting Server [$Server]"
$mfsrv = New-Object -ComObject MetaFrameCOM.MetaFrameServer
Write-Host " - Initializing Server"
$mfsrv.Initialize(6,$Server)
if($enable)
{
Write-Host " - Setting to EnableLogon = 1"
$mfSrv.WinServerObject.EnableLogon = 1
}
if($disable)
{
Write-Host " - Setting to EnableLogon = 0"
$mfSrv.WinServerObject.EnableLogon = 0
}
Write-Host " - Server [$($mfSrv.ServerName)] is set to [$($mfSrv.WinServerObject.EnableLogon)] for EnableLogon"
Write-Host

Another option would be to remove the Apps from the Server all together.

# Unpublish-CitrixServer.ps1
# Brandon Shell [MVP]
# www.bsonposh.com
# Removes all App from Server
Param($Server)
$mfsrv = New-Object -ComObject MetaFrameCOM.MetaFrameServer
$mfsrv.Initialize(6,$Server.ToUpper())
$mfsrv | foreach{$_.Applications} | foreach{$_.LoadData(1);$_.RemoveServer($Server.ToUpper());$_.SaveData()}

tshell :: Apr.09.2008 :: All, Citrix, Powershell, Scripting :: No Comments »

Find-CitrixUser.ps1 (Citrix Top 10)

This is another script that I can use quite often. It is a simple script that queries all the sessions and returns the ones where the User matches. I made the User a RegEx search so you could do multiple users.

Name: Find-CitrixUser.ps1
Purpose: Finds where the user(s) are and outputs session info

# Find-CitrixUser.ps1
# Brandon Shell [MVP]
# www.bsonposh.com
# Finds where the user(s) are and out puts session info
Param($user=".*",[switch]$help)
function HelpMe{
Write-Host
Write-Host " Find-CitrixUser.ps1:" -fore Green
Write-Host " Finds where the user(s) are and out puts session info"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -User : Optional. Name of the User or RegEx (Default is all users)"
Write-Host " -Help : Optional. Displays This"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Finds User TestMe and outputs and returns ServerName,ClientAddress, and SessionID" -fore White
Write-Host " .\Find-CitrixUser.ps1 | ft ServerName,ClientAddress,SessionID " -fore Yellow
Write-Host
Write-Host " Finds all Users who start with ‘Sales’ and returns UserName,ServerName, and SessionID" -fore White
Write-Host " .\Find-CitrixUser.ps1 `"^sales`" | ft UserName,ServerName,SessionID " -fore Yellow
Write-Host
Write-Host " To View All properties availiable." -fore White
Write-Host " .\Find-CitrixUser.ps1 <username> | Get-Member" -fore Yellow
Write-Host
}
# Check for the Help or if
if($help){helpme;Write-Host;return}
# Code to Get the Farm and Initialize
$farm = New-Object -com "MetaframeCOM.MetaFrameFarm"
$farm.Initialize(1)
# Get the Sessions and Parse for Users who match
$farm.Sessions | ?{$_.UserName -match $user}

tshell :: Apr.07.2008 :: All, Citrix, Powershell, SQL, Scripting :: No Comments »

Get-CitrixPrinterInfo.ps1 (Citrix Top 10)

This script just collects the Printer Information from all the Servers in the Farm. It will output them to a file or you can pipe them and filter them.

Name: Get-CitrixPrinterInfo.ps1
Purpose: Gets Print Driver Info from all the Servers in the Farm and outputs to file or console

# Get-CitrixPrinterInfo.ps1
# Brandon Shell [MVP]
# www.bsonposh.com
# Gets Print Driver Info from all the Servers in the Farm
Param($Server,$file,[Switch]$help)
function HelpMe{
Write-Host
Write-Host " Get-CitrixPrinterInfo.ps1:" -fore Green
Write-Host " Gets Print Driver Info from all the Servers in the Farm"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -Server : Optional. Server to Get Print Info From "
Write-Host " -File : Optional. File Name to Export Info to"
Write-Host " -Help : Optional. Displays This"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Gets Print Info and Exports to File" -fore White
Write-Host " .\Get-CitrixPrinterInfo.ps1 -file MyExportFile.txt" -fore Yellow
Write-Host
Write-Host " Gets Print Drivers from a Specific Server and outputs DriverName and SourceServer" -fore White
Write-Host " .\Get-CitrixPrinterInfo.ps1 <serverName> | ft DriverName,SourceServer" -fore Yellow
Write-Host
}
# Check for Help Flag
if($help){HelpMe;Write-Host;Return}
# Check for File
if($file)
{
if($server) # If -Server was passed we run check just against it and output to screen
{
$mfsrv = new-Object -com "MetaframeCOM.MetaframeServer"
$mfsrv.Initialize(6,$Server.ToUpper())
$mfsrv | foreach{"`n$($_.ServerName) `n$(’-'*20)";$_.PrinterDrivers| Format-Table} | out-File $file -enc ASCII
}
else # We run the check against the whole farm and output results to file
{
$mfarm = new-Object -com "MetaframeCOM.MetaframeFarm"
$mfarm.Initialize(1)
$mfarm.Servers | foreach{"`n$($_.ServerName) `n$(’-'*20)";$_.PrinterDrivers| Format-Table} | out-File $file -enc ASCII
}
}
else
{
if($server) # If -Server was passed we run check just against it and output to screen
{
$mfsrv = new-Object -com "MetaframeCOM.MetaframeServer"
$mfsrv.Initialize(6,$Server.ToUpper())
$mfsrv | foreach{"`n$($_.ServerName) `n$(’-'*20)";$_.PrinterDrivers| Format-Table}
}
else # We run the check against the whole farm and output results to screen
{
$mfarm = new-Object -com "MetaframeCOM.MetaframeFarm"
$mfarm.Initialize(1)
$mfarm.Servers | foreach{"`n$($_.ServerName) `n$(’-'*20)";$_.PrinterDrivers| Format-Table}
}
}

tshell :: Apr.07.2008 :: Citrix, Powershell, Scripting :: No Comments »

Find-CitrixIdleUser.ps1 (Citrix Top 10)

This is one of the more useful scripts (at least for me.) It will query the farm and tell you all the user who have exceeded the idle time specified. I also combined another script that logged off users.

Name: Find-CitrixIdleUser.ps1
Purpose: Finds users with idle time greater than value passed and logs them off if -logoff is passed

# Find-CitrixIdleUser.ps1
# Brandon Shell [MVP]
# www.bsonposh.com
# Finds users with idle time greater than value passed
Param($time,[switch]$day,[switch]$hour,[switch]$minute,[switch]$logoff,[switch]$verbose,[switch]$help)
function HelpMe{
Write-Host
Write-Host " Find-CitrixIdleUser.ps1:" -fore Green
Write-Host " Finds users with idle time greater than value passed"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -Time : Optional. Server to Get Print Info From "
Write-Host " -Day : Optional. Checks Days of Idle Time "
Write-Host " -Hour : Optional. Checks Hours of Idle Time (Default)"
Write-Host " -Minute : Optional. Checks Minutes of Idle Time"
Write-Host " -Logoff : Optional. Logs User off if Idle Time exceeds Time"
Write-Host " -Verbose : Optional. Show Verbose Output"
Write-Host " -Help : Optional. Displays This"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Finds Users who have been idle 2 hours and return AppName, UserName, SessionID, and ClientName" -fore White
Write-Host " Find-CitrixIdleUser.ps1 2 -hour | ft AppName,UserName,SessionID,ClientName -auto" -fore Yellow
Write-Host
Write-Host " Finds Users who have been idle 2 hours and Logs them Off" -fore White
Write-Host " Find-CitrixIdleUser.ps1 2 -hour -logoff" -fore Yellow
Write-Host
}
if($verbose){$verbosepreference = "Continue"}
Write-Host
if(!$time -or $help){helpme;Write-Host;Return}
# Get Citrix Farm Object
Write-Verbose " - Creating MFFarm Object"
$farm = new-Object -com "MetaframeCOM.MetaframeFarm"
$farm.Initialize(1)
# Parse Sessions
Write-Verbose " - Parsing Sessions. Total of [$($farm.Sessions.count)] Sessions"
foreach($session in $farm.Sessions)
{
Write-Verbose " - Processing Session ID [$($Session.SessionId)]"
$shouldLogOff = $false
# Getting Citrix Session Idle Time and Convert to System.DateTime
Write-Verbose " - Getting LastInputTime"
$ctxDate = $session.LastInputTime(1)
Write-Verbose " - Checking if idle time is -gt 0"
if(($ctxDate.HighPart -ne 0) -and ($ctxDate.LowPart -ne 0))
{
$date = "{0,4}{1,2:00}{2,2:00}{3,2:00}{4,2:00}" -f $ctxDate.year,$ctxDate.Month,$ctxDate.Day,$ctxDate.Hour,$ctxDate.Minute
Write-Verbose " - Converted LastInputTime to [$date]"
$SessionIdleTime = [system.DateTime]::ParseExact($date,‘yyyyMMddHHmm’,$null)
# Get Current Time in System.DateTime
Write-Verbose " - Getting Current Date"
$now = Get-Date
Write-Verbose " - Current Date is [$now]"
# Find Difference
Write-Verbose " + Getting Time Difference"
$diff = $now - $SessionIdleTime
Write-Verbose " - Found Days [$($diff.TotalDays)] Hours [$($diff.Totalhours)] Minutes [$($diff.TotalMinutes)]"
# Output Sessions that match
if($day) { if($diff.TotalDays -gt $time) {$session;$shouldLogOff = $true} }
if($hour) { if($diff.Totalhours -gt $time) {$session;$shouldLogOff = $true} }
if($minute){ if($diff.TotalMinutes -gt $time) {$session;$shouldLogOff = $true} }
Write-Verbose " - Set `$shouldLogOff to [$shouldLogOff]"
# Logging Off User
if($logoff -and $shouldLogOff)
{
Write-Verbose " - Logging Off Session ID [$($Session.SessionId)]"
$session.Logoff($false)
}
}
else
{
Write-Verbose " - Session ID [$($Session.SessionId)] NOT Idle"
}
Write-Host
}

tshell :: Apr.07.2008 :: All, Citrix, Powershell, Scripting :: No Comments »

Set-CitrixPSVersion.ps1 (Citrix Top 10)

I am constantly looking for content for my blog and tasks that can be automated. I believe this helps me learn and helps other with their needs.

In this search I was directed to convert/write Powershell examples for scripts located here http://community.citrix.com/display/cdn/Script+Exchange

Here is the first of those scripts.

Name: Set-CitrixPSVersion.ps1
Purpose: Sets PS Version on a Server, List of Servers, or all Servers in the Farm

# Set-CitrixPSVersion.ps1
# Brandon Shell [MVP]
# www.bsonposh.com
# Sets PS Version on a Server, List of Servers, or all Servers in the Farm
Param($file,$server,$PSVer,[switch]$help,[switch]$all,[switch]$whatif,[switch]$show,[switch]$verbose)
function HelpMe{
Write-Host
Write-Host " Set-CitrixPSVersion.ps1:" -fore Green
Write-Host " Sets PS Version on a Server, List of Servers, or all Servers in the Farm"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -File <fileName> : Optional. Name of the File of Servers"
Write-Host " -Server <serverName> : Optional. Name of the Server to Change"
Write-Host " -Verbose : Optional. Enables Verbose Output"
Write-Host " -All : Optional. Sets Version on all Servers [Requires -Server]"
Write-Host " -Show : Optional. Displays the Version for Server(s)"
Write-Host " -Help : Optional. Displays This"
Write-Host " -Whatif : Optional. Will not Commit Info just Display what would change"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Set PS Version on Server1 to STD" -fore White
Write-Host " .\Set-CitrixPSVersion.ps1 -Server Server1 -psver STD " -fore Yellow
Write-Host
Write-Host " Set PS Version on Servers in a File" -fore White
Write-Host " .\Set-CitrixPSVersion.ps1 -file c:\Mylist.txt -psver STD " -fore Yellow
Write-Host
Write-Host " Get PS Version from ALL server" -fore White
Write-Host " .\Set-CitrixPSVersion.ps1 -all -Server myzdcserver" -fore Yellow
Write-Host
Write-Host " Product Edition Options" -fore Green
Write-Host " STD = Citrix Presentation Server Standard Edition" -fore White
Write-Host " ADV = Citrix Presentation Server Advanced Edition" -fore White
Write-Host " ENT = Citrix Presentation Server Enterprise Edition" -fore White
Write-Host " PLT = Citrix Presentation Server Platinum Edition" -fore White
Write-Host
}
function Ping-Server {
Param($srv)
$pingresult = Get-WmiObject win32_pingstatus -f "address=’$srv’"
if($pingresult.statuscode -eq 0) {$true} else {$false}
}
function Set-PSVer{
Param($srv)
Write-Verbose " Getting Citrix Server Object"
$type = [System.Type]::GetTypeFromProgID("MetaframeCOM.MetaframeServer",$srv)
$mfsrv = [system.Activator]::CreateInstance($type)
$mfsrv.Initialize(6,$srv)
if(!$?){Write-Host " - Server [$srv] threw and Error" -fore red;return}
if($show) # Check for $Show and will display only
{
Write-Host " - PS Version for [$srv]: $($mfsrv.WinServerObject.mpsedition)"
return
}
else
{
if($whatif) # Check for $Whatif
{
Write-Host " What if: Performing operation `"Set PS Version [$PSVer]`" on Target `"$srv`"."
}
else
{
Write-Verbose " - Setting PSVer to [$PSVer] on [$srv]"
$mfsrv.WinServerObject.mpsedition = $PSVer
Write-Host " - PS Version for [$srv]: $($mfsrv.WinServerObject.mpsedition)"
}
}
}
function Set-PSALL{
$mfarm = new-Object -com "MetaframeCOM.MetaframeFarm"
$mfarm.Initialize(1)
foreach($mfsrv in $mfarm.Servers)
{
if($show){Write-Host " - PS Version for [$($mfsrv.ServerName)]: $($mfsrv.WinServerObject.MPSEdition)";continue}
if($whatif){Write-Host " What if: Performing operation `"Set PS Version [$PSVer]`" on Target `"$($mfsrv.ServerName)`"."}
else
{
Write-Verbose " - Setting PSVer to [$PSVer] on [$($mfsrv.ServerName)]"
$mfsrv.WinServerObject.mpsedition = $PSVer
Write-Host " - PS Version for [$($mfsrv.ServerName)]: $($mfsrv.WinServerObject.MPSEdition)"
}
}
}
# Script Setup. Checking Parameters
Write-Host
## Checing Verbose flag
if($verbose){$verbosepreference = "Continue"}else{$erroractionpreference = "SilentlyContinue"}
## Verifying that File/Server was passed. If not or -help I Call HelpMe and close.
if(!$file -and !$server -and !$all -or $help){HelpMe;Return}
## Verify Valid Edition was Passed
if(!$show -and ($PSVer -notmatch "STD|ADV|ENT|PLT"))
{
Write-Host " PS Edition [$PSVER] is NOT Valid. Please use STD, ADV, ENT, or PLT" -fore RED
Write-Host
Return
}
# If $Server and we can ping it we run Set-PSVer against Server
if($server -and (ping-server $server))
{
Set-PSVer $server
Write-host
}
# Check for -File and Verify the file is valid
if($File -and (test-Path $file))
{
Write-Verbose " - Processing File [$file]"
# Process each Server checking for blanks
foreach($Server in (get-Content $file | where{$_ -match "^\S"}))
{
Write-Host " + Processing Server [$Server]"
if(ping-Server $server){Set-PSVer $Server}else{Write-Host " - Ping Failed to [$Server]" -fore Red}
Write-host
}

The “Power” of SHELL