checking WINRM from powershell

I read a blog post and there was a one-liner (with a pipe in it) to check on the status of WINRM (Windows Remote Management) on remote servers.  The script returned a boolean (True) if successful, and a big block of (red) message if not.  I wanted to run this against our Active Directory server OU, but didn’t want to deal with the error message.  So i put it into a try\catch\finally (finally was empty) block, and ran it.  Worked just fine.

The lookup to the LDAP object (System.DirectoryServices.DirectoryEntry) was straight-forward (or at least it is by this time since i just stole it from other code) and results in a $servers array.  FYI = i needed to declare the array first, then add to it, otherwise the $server variable turned out to be a string, and foreach over the string didn’t work right.  And the query returns the server SAMAccount name with a “$” in it – duntknowwhy it was there, but i removed it.

$servers = @()
 $objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://adl.university.edu/ ou=servers, DC=universityt,DC=edu")
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)  {
     $objUser = $objResult.GetDirectoryEntry()
      $server = ($objuser.sAMAccountName).tostring()
      $servers += $server.replace("$","")
 }

So i have the server list in the $servers variable.  Foreach over it into the variable $remoteserver (i would typically go from $servers into $server, but the other script used $remoteserver, so i didn’t change it)

foreach ($remotemachine in $servers){
 if ($remotemachine -ne ""){
      try {} 
     catch {}
     finally {}
}# end of if blank line
} # end of foreach

The try block is directly from the blog code:

([system.convert]::ToBoolean(((winrm get winrm/config/winrs -r:$remotemachine |
?{$_ -imatch "AllowRemoteShellAccess"}).split("="))[1].trim()))

I put it into an if() statement and then if “true” ran a block of code to write the name of the server ($remotemachine) and a happy message.  Or i append to an external file.

The catch block contains

"Remote administration with WintRT not confirmed on $RemoteMachine" >>c:\SCRIPTS\rtmonitor.txt
# write-host '$_.Exception is' $_.Exception

In production, i don’t need to see the exception that is thrown if WINRM is not enabled.  I CAN get other errors, however the message (to console or to file) is generic enough to cover “can’t find the server” and “can’t find the service”.

The finally block just says “end of try-catch, and gets commented out.

This won’t work.  I ALSO need to control the  $ErrorActionPreference condition and set it to “stop”, otherwise the error is not processed.

The entire script:

<#
.SYNOPSIS 
reports on status of WINRm 
Created: 8/29/2013
#>
[CmdletBinding()]
 param(
 )
$servers = @()

 $objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://ad.university.edu/ ou=servers, DC=university,DC=edu")
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
 {
     $objUser = $objResult.GetDirectoryEntry()
     $server = ($objuser.sAMAccountName).tostring()
     $servers += $server.replace("$","")
 }

 $ErrorActionPreference = "stop"
 "LIST OF SERVERS INCLUDING MACHINES WITH WINRT ENABLED" >>c:\SCRIPTS\rtmonitor.txt
foreach ($remotemachine in $servers){
    if ($remotemachine -ne ""){
        $remotemachine
        try {
            if ([system.convert]::ToBoolean(((winrm get winrm/config/winrs -r:$remotemachine |`
                 ?{$_ -imatch "AllowRemoteShellAccess"}).split("="))[1].trim())){
            "$RemoteMachine has WinRM enabled" >>c:\SCRIPTS\rtmonitor.txt
            } # end of if
    } #end of try
    catch {
        "Remote admin with WintRT not confirmed on $RemoteMachine" >>c:\SCRIPTS\rtmonitor.txt
        # write-host '$_.Exception is' $_.Exception
        } # end of catch
    } # end of server not blank
} # end foreach
Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.