Schannel Set-Crypto PowerCLI Script

Are you in need of configuring crypto or schannel (IIS) settings on more than a few Windows virtual machines?  The Set-Crypto PowerCLI script might be of interest to use in your VMware environment. Recently I had to configure all the Windows servers in our VMware environment to use the correct crypto/schannel settings.  The gold standard for Windows/IIS administrators for configuring crypto is a program called IISCrypto . 

Schannel Security
Schannel Security

I have been using IISCrypto for a few years now and it is hands down the easiest way to configure your Windows vms using the schannel settings you choose. It also has built-in ‘best practices’ settings for general security as well as pci and fips requirements.  This is a great tool for setting one server at a time but I needed to do this en masse.  I thought wouldn’t it be great if they had a command-line tool.  Well it turns out that they do have a command-line tool. It allowed me to create a script to configure all my servers for crypto/schannel settings.

Set-Crypto Schannel

The schannel PowerCLI script  Set-Crypto utilizes IISCrypto command-line, batch files, and template profiles created ahead of time based on ‘best practices’ for 2012R2 Windows Server and 2016 Windows Server respectively. You can also go to my Pastebin Set-Crypto folder to get the needed batch files and template profile files. You will need to get IISCrypto from Nartac software.  It is free to use but their site does not explain their licensing model so I do not know the implications of using their software.  Please contact Nartac software for more information regarding licensing.  Please read the assumptions at the beginning of the script. Always be sure to read and understand any code you download from the internet before running in a production environment.

Feel free to comment and give suggestions on how to improve this script or any others I have shared.  If you like this script you may want to check out one of my previous scripts Powershell SSL Certificate Script .



Backup VDS PowerCLI Script

I started doing all my VDS (Virtual Distributed Switch) backups manually which isn’t too hard. But you can do better with a Backup VDS script.  Even if you don’t realize it now, you will want to automate as much as possible.  Here is how I automated VDS backups. Starting with a powercli script from VCDX56 I made sure that I understood how it worked and modified it to fit my environment. 

Backup VDS PowerCLI Script Modification

You can edit your Backup VDS PowerCLI script to fit your needs. My modification started with a few variables which are automatically incorporated into the naming of the backup files.  To keep several versions of the backup files I added the date into the file naming as well. This really helps keep the vds backup files organized by name and date.  You will need a vCenter connection in the script.  If you want to utilize mine called Get-vCenter (It is very handy in a multi-vCenter environment) please feel free.

Backup VDS Code

For complete automation create a static array for all your vCenters and loop them. Then you nest this script in another loop.  Utilize Task Scheduler on a Windows computer to call the script on a schedule.  Then you have automated backups of all your VDS switches.

Caution: Like all code you download from the internet, please understand and modify the code accordingly to prevent unforeseen production problems.  Also known as career-altering events. 

 For this script the main command is Export-VDSwitch. I like to familiarize myself with any PowerCLI commands I am running in my environment.  The quickest way to get help and examples is to run from a Powershell prompt the command ‘help verb-noun -showwindow’.  In this case it would be help Export-VDSwitch -showwindow.

Cross SSO vMotion Between vCenters

This week I am sharing a very helpful PowerCLI script to vMotion a vm from one SSO domain to another SSO domain.  I shamelessly borrowed this script from Romain Decker’s site Cloud Maniac. The original script was very good and functioned well.  I just took it a step further and added some functions to customize it for our environment.  These functions are:  Get-SourcevCenter, Get-DestvCenter, Ask-VMNameForMigration, Ask-DCForMigration, Ask-ClusterForMigration, Choose-StorageForVMMigration.  The names of each function should explain their use.   Essentially you will need to edit the script to customize some of these functions for your environment. 

I have used it dozens of times and it works flawlessly with one exception.  If your EVC modes don’t quite match between vCenters there may be some vms that cannot be vMotioned while powered on.  Just arrange for a downtime and try again with the vm powered off.  It will work well.  This sure beats downloading a vm to your desktop and then uploading it to the new vCenter environment.  If you need any explanation or help with modifying this code to fit your environment please feel free to comment.

( If you like this please check out some of my other PowerCLI posts like PowerCLI Get-vCenter Function )

Caution: Like all code you download from the internet, please understand and modify the code accordingly to prevent unforeseen production problems.  Also known as career-altering events. 

Cross SSO vMotion PowerCLI Code: 

Photo by bruce mars from Pexels
Thinking equals coding



PowerCLI Get-vCenter Function

Since I work in a multiple vCenter environment, it is nice to have a function that allows for a connection choice when running a PowerCLI script.  The Get-vCenter function has an array of all the vCenters I potentially might connect with to run a PowerCLI script.  This array is presented in a numbered format that allows the script user to choose the vCenter they want to use for the rest of the script. You can make the array as large or small as you want.  It will dynamically create a numbered choice next to each vCenter.  It is simple but comes in very handy.

Caution: Like all code you download from the internet, please understand and modify the code accordingly to prevent unforeseen production problems.  Also known as career-altering events. 

PowerCLI Code:

Using PowerCLI to Patch ESXi Hosts

I have been looking to automate more processes at work and patching ESXi hosts was definitely in my top 5 PowerCLI projects.  I really like the simplicity of Ben Liebowitz’s script over at The Lowercase w.  I will use this as a starting point for my own script. (Not that it needs too much tweaking.  Good job Ben!)

Please follow the link below to see the script.

Source: Patching VMware ESXi Hosts via PowerCLI! « The Lowercase w