// This is the script to give summary on the main page.
Think IPM

Saturday, May 13, 2017

PSA: Powershell script to find unpatched machines. (WannaCry)

imageI’m not a programmer but PowerShell is really starting to grow on me lately.  Here is a quick script that will see if your servers are properly patched for the WannaCry ransomware exploit.

It’s not super fast but it should do the job.  I’m sure there are PLENTY of improvements to be made to it.  If you make any, please drop me (and everyone else) a note in the comments with your new improved version.

The script takes a file as input with a list of machine names in it (1 per line) and outputs that same server list with any appropriate hotfixes next to them.  Any names without hotfixes next to them should be investigated.

You can add additional hotfixes as they are released to the list below.

# List of all HotFixes containing the patch
$hotfixes = "KB4012212", "KB4019215", "KB4012217", "KB4012218",  "KB4015551", "KB4015552",  "KB4019216", "KB4012216", "KB4015549", "KB4015550", "KB4013429", "KB4019472", "KB4015217", "KB4015438", "KB4016635", "KB4019264"

$listofvms = Read-Host " Full path to VM txt file - (i.e. C:\Carlo\VMS.TXT)"
$guests =  get-content $listofvms

foreach ($guest in $guests) {

# Search for the HotFixes
$hotfix = Get-HotFix -ComputerName $guest | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"

write-host -foregroundcolor yellow $guest $hotfix

}

image

As always with scripts on the internet, your mileage may vary and this script comes with no guarantees AT ALL.  Not responsible if it burns your house down, steals your mate or cancels your health insurance.

Click Here to Continue Reading >>

Friday, May 12, 2017

PSA : Patch your Windows Servers (MS17-010)

If you’ve seen the news today, there is a crippling ransom ware spreading across the globe.  I’ve seen reports that say at least 45k attacks hitting more than 74 countries in the past 10 hours.

The ransom ware is called ‘WannaCry’.  It will encrypt your desktop or server’s files and demand that users pay an initial $300 to unlock the files and the sum goes up with each passing hour.

imageThe patch to prevent the exploit can be found here [MS17-010] or just running Windows Update and updating to the latest patches will block the vulnerability.   The patch was released March 14th 2017.

If you have been infected, the patch will not remove the virus so best to be vigilant and process your updates ASAP.

Click Here to Continue Reading >>

Monday, April 24, 2017

Cleaning up Horizon Database Errors

vSphere vCenter is great.  Horizon is great.  Composer is great.  Sometimes though, they go off script and start getting out of sync.  I’m sure everyone who has run a VMware View Horizon farm has run into issues where the view database just doesn’t reflect reality.  The VMs are long deleted but Composer and Horizon still think they are there and you get the never completing status of Deleting in the Horizon administrator console.

image

I remember the not so distant days when this would require firing up ADSI edit and doing some surgical removals of MANY entries in LDAP… 

As of Horizon 6.1, there is a MUCH easier way now.  Check out ViewDBCheck.  Most likely in
‘C:\Program Files\VMware\VMware View\Server\tools\bin’ on our connection server.

image

This handy tool will scour the Horizon DB and look for inconsistencies between the DB, the vCenter inventory and Composer DB.  If it finds any, it will give you a yes/no prompt to clean up and then do it’s thing.  Very Nice!

Although officially released for 6.1 and up, you can also use it for 5.3 by using the Fling found here.

Click Here to Continue Reading >>

Wednesday, April 19, 2017

Pushing the NVIDIA Grid VIB to vSphere using Update Manager for vGPUs.

I’ve been working with a customer getting the NVIDIA Tesla M60 cards working in their environment and compiled some great information for those of you looking into this.

So the official installation guide for the VIB is pretty much this KB article :  https://kb.vmware.com/kb/2033434

This is a pretty manual process.  I found that you can also easily and successfully use Update Manager to push the entire installation of the VIBs to your hosts.  The advantage being scale, consistency and also the ability to see the VIB installation (Baseline) in vCenter.

To start, make sure you are getting the correct enterprise versions of the VIBs and drivers.  (https://nvidia.flexnetoperations.com)

Once you have your offline bundle, you can head over to your Update Manager screen and choose the patch repository and Import Patches.

image

Once you upload the VIB Offline bundle, you should see it in the list of patches. (Note that the kepler one is the consumer version and should NOT be used) If you know how to remove it from the patch repository, drop me a note on twitter or in the comments.

From there, you can add it to a host extension baseline.

image

Now you can easily scan and remediate individual hosts or groups of hosts to install the VIB for Shared vGPUs.

To verify that the VIB was installed correctly, you can putty over to a host and run the command nvidia-smi.  If the VIB is installed correctly and you have you GPU cards in the host, you should see a similar output.

image

Once the VIB is installed, using the HTML vSphere Client, you should be able to add the shared PCI device to the Desktop VM (or image) and see the appropriate profiles.  

image

Note that shared PCI is a feature of VMware’s Enterprise Plus licensing.  Appropriate host licensing or Horizon licensing will be needed to power a machine up with a shared vGPU card.

ScreenClip

After installing the Display Drivers in the Windows VM, be sure to set the licensing to GRID Virtual Workstation.

Bonus: Once you have it all working, test it all out using the new awesome Google Earth!
(Super cool 3D modeling across many of the world’s neighborhoods)

image

Click Here to Continue Reading >>

Thursday, March 9, 2017

Throw-Back Thursday Post –Need to restart Explorer shell Gracefully?

Sometimes you need to restart Explorer to get things straightened out on your desktop.  Maybe the Notification Area is losing it or you want to refresh your Quick Launch.   Whatever the reason, in the past I have always pulled up Task Manager and killed the explorer process.  Simple and effective but maybe too harsh for all particular situations.  Jacques Bensimon let me in on a quick and proper way to shutdown the Explorer Shell gracefully.  Basically check out the image below and know that I CTRL-SHIFT-RIGHT Clicked to get the Exit Explorer option.  Explorer shuts down gracefully and you can restart it using Task Manager/ New Task.  

Explorer Shell Exiting image

*With Windows 8 and above, you need to CTLR-SHIFT-RIGHT-CLICK on an empty area of the Taskbar [second image] instead of the Start Bar.

Nice Tip JB! Way to promote peace. Smile

Click Here to Continue Reading >>