Archive | Scripts-API RSS feed for this section

Script to install CrowdStrike Sensor and VMware App Volumes snapvol.cfg exclusions for CrowdStrike Sensor

20 Aug

If you are planning to deploy CrowdStrike Sensor (CS Sensor) within your virtual desktop (Windows 10) or server operating(Remote Desktop – Windows Server 2016), then continue reading. In this post, we will take a look into the following topics:

  • Scripted silent install of CrowdStrike Sensor
  • Process exclusions for VMware App Volumes – Writable Volumes (snapvol.cfg)

Script to install CrowdStrike Sensor

Pre-requisites:

  • Based on your requirements, a complete range of silent switches can be found here – How to Install CrowdStrike Falcon Sensor | Dell US
  • Create a folder called C:\Temp\Sensor and place all the CS Sensor EXE within this folder.
  • Make sure to read the installer log files after the install is completed.
  • We use the proxy details as the virtual machines don’t have direct internet access.
  • Look for the exit code = 0 = success
#############################################################################################
# Install Crowd Strike Sensor to the Golden Image on Windows 10 and Windows Server 2016/2019
# Look for Exit Code 0 = Success
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari - https://twitter.com/askaresh
#############################################################################################

###################################################################
#                    Declare Variables                            #
###################################################################

#Sensor Names
$CSSensorName = "WindowsSen*"

#The sensor installer Location
$TempInstallPath = "C:\Temp\Sensor"

#Log Files location
$CSSensorlogFile = "C:\Temp\Sensor\CSSensor.log"

###################################################################
#                    EXE Arguments Arrary for CS Sensor           #
###################################################################
# Modify any Installer switches related to the sensor here.
# Dell Article covering all silent switches 
# https://www.dell.com/support/kbdoc/en-us/000126124/how-to-install-crowdstrike-falcon-sensor
# Proxy switches if your endpoints dont have direct Internet Access
# Log Files w.r.t to installation is generated in C:\Temp\*

# Crowd Strike Sensor Arguments
$CSArguments = @(
    "/install"
    "/quiet"
    "/norestart"
    "CID=YOUDIDGUIDWILLGOHERE-EG"
    "ProvToken=YOURTOKENNUMBER"
    "GROUPING_TAGS=TAG1,TAG_VDI"
    "ProvWaitTime=3600000"
    "APP_PROXYNAME=proxy.whateverproxy.com"
    "APP_PROXYPORT=80"
    "VDI=1"
	"/log"
    $CSSensorlogFile
)

###################################################################
#                    Main                                        #
###################################################################

# Install Crowd Strike Sensor
Write-Host "Installing the Crowd Strike Sensor" -ForegroundColor Green
$CSSensorPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $CSSensorName}).Fullname
$CSSensorInstall = (Start-Process -Filepath $CSSensorPath -Wait -ArgumentList "$CSArguments" -PassThru)
$CSSensorInstall.ExitCode

Start-Sleep 20

Git Hub scripts/CSSensor-Install at master · askaresh/scripts (github.com)

Process exclusions for VMware App Volumes

It is advisable you add the CrowdStrike process exclusions within the VMware App Volumes – Writable Volumes templates on snapvol.cfg. Here is the detailed guidance on how to modify the snapvold.cfg – Using the VMware App Volumes snapvol.cfg File to Customize Writable Volumes | VMware End-User Computing Blog. These two processes are visible within the Task Manager.

#Crowdstrike Exclusions
exclude_process_name=CSFalconService.exe
exclude_process_name=CSFalconContainer.exe

A big thanks to Jishan for the numerous testing cycles! I hope you will find this script and exclusions useful to install the CrowsStrike Sensor. A small request if you further enhance the script or exclusions, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Script to replace VMware Unified Access Gateway certificates (ADMIN and Internet)

9 Jul

Our certificates are coming close to expiry, and we use VMware Unified Access Gateway for Internal and External traffic tunneling. This brings us to perform the replacement of the expiring certificates on 12 UAG Appliances. Performing this activity from the GUI is straight forward. However, we need to perform this activity on 12 appliances.

Thanks to Mark Benson for the motivation, and I went ahead and created a script to perform this activity at further ease, sit back, relax and have a coffee!

Pre-requisites:

  • You need the CAchain pem and RSA private key certificate output in one line. Please make sure you run the following command to grab the output in a single line
    • Linux/Unix command – awk ‘NF {sub(/\r/, “”); printf “%s\n”,$0;}’ cert-name.pem
    • Linux/Unix command – awk ‘NF {sub(/\r/, “”); printf “%s\n”,$0;}’ cert-namersapriv.pem
    • I saved the certificate files on a Linux machine and then ran the above command. Pasted the output in Notepad++, which is in one line.
    • Doco reference
    • The CAChain pem certificate should include (MainCA content, Subordinate Certificate content and Root Certificate content without any spaces between them.)
  • There are seperate API calls for the certificate replacement for the ADMIN and Internet facing. You can comment or un-comment the block as per your requirement
    • /rest/v1/config/certs/ssl/ADMIN
    • /rest/v1/config/certs/ssl/END_USER
  • The IP address or Hostname of the UAG Appliance along with the admin password.
##############################################################################################################################################
# Replace the ADMIN and Internet Facing certificate on the UAG Appliance
# Uncomment if you dont plan to do both the interfaces (Internet/ADMIN)
# Get the certificate in one line following this documentation 
# https://docs.vmware.com/en/Unified-Access-Gateway/3.10/com.vmware.uag-310-deploy-config.doc/GUID-870AF51F-AB37-4D6C-B9F5-4BFEB18F11E9.html
# Author - Aresh Sarkari (Twitter - @askaresh)
##############################################################################################################################################

#UAGServer Name or IP
$UAGServer = "10.1.1.1"

#Ignore cert errors
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'


#API Call to make the intial connection to the UAG Appliance##
$Uri = "https://$UAGServer`:9443/rest/v1/config/adminusers/logAdminUserAction/LOGIN"

$Username = "admin"
$Password = "enteryouradminpassword"

$Headers = @{ Authorization = "Basic {0}" -f [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $Username,$Password))) }

Invoke-WebRequest -SessionVariable DaLogin -Uri $Uri -Headers $Headers

#The PEM Certificate + Private Key in RSA Format
#The certificate has to be in online using linux command - awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' cert-name.pem 
$certificatersaContent = "-----BEGIN RSA PRIVATE KEY-----\nMIIEo... followed by a large block of text...\n-----END RSA PRIVATE KEY-----\n"
$certificateContent = "-----BEGIN CERTIFICATE-----\nMIIEo... followed by a large block of text...\n-----END CERTIFICATE-----\n"

#Body to replace the certificate
$body = @{
  privateKeyPem = $certificatersaContent
  certChainPem = $certificateContent
} 

#Converting the Json and line breaks in strings 
#https://communary.net/2018/03/30/quick-tip-convertto-json-and-line-breaks-in-strings/
$Jsonbody = ($body | ConvertTo-Json).Replace('\\n','\n')

#API to replace the Admin Certificate of the UAG Appliance
#Please note that the Backtick ` is required in order to escape the colon
$outputadmin = Invoke-WebRequest -WebSession $DaLogin -Method Put -Uri "https://$UAGServer`:9443/rest/v1/config/certs/ssl/ADMIN" -Body $Jsonbody -ContentType "application/json" -Verbose

#API to replace the Internet facing Certificate of the UAG Appliance
#Please note that the Backtick ` is required in order to escape the colon
$outputenduser = Invoke-WebRequest -WebSession $DaLogin -Method Put -Uri "https://$UAGServer`:9443/rest/v1/config/certs/ssl/END_USER" -Body $Jsonbody -ContentType "application/json" -Verbose

GitHub scripts/vmwareuagcertreplace at master · askaresh/scripts (github.com)

Observations:

  • The array within the $body has further line breaks, which needs to adjust. I had to spend a considerable amount of time. Thanks to this blog post which came in hand. Powershell function ConvertTo-Json
  • The Powershell function Invoke-Webrequest and the -URI I had to add the Backtick ` in order to escape the colon
  • The key of the above script is the CAChain certificate and RSA Private Key certificate to be available online.

I hope you will find this script useful to replace or change the certificate on the VMware Unified Access Gateway appliances. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Script to install VMware EUC Agents – App Volumes Agent, DEM Agent and Horizon Agent

30 Jun

If you are planning for the VMware EUC Stack migration or upgrade and want to install the VMware EUC agent, then continue reading. The guidance on uninstalling the existing agents can be found on this blog post – Script uninstall VMware EUC Agents – App Volumes Agent, Horizon Client, DEM Agent, Horizon Agent and VMware Tools | AskAresh

In this script, we shall perform the agents install and reboot the golden image towards the end. There is no need to install the individual agents one by one, instead, sit back, relax and have a coffee!

VMware EUC Agents:

  • VMware Horizon Agent (Works on 7.x and 8.x/YYMM)
    • Note few MSI switches are deprecated if you still use them, you will have an error code 1603
  • VMware Dynamic Environment Manager Agent (Works on 9.x and YYMM)
  • VMware App Volumes Agent (Works on 2.x and 4.x/YYMM)

Note – All the above testing is carried out on Windows 10 1909 with PowerShell 5.1. Reboot is required to complete the installation operations.

VMware EUC Agents Install

Pre-requisites:

#################################################################################################
# Install EUC Agents in the proper order - Horizon Agent , DEM Agent and App Volumes Agent
# Reboot the OS towards the end after install all Agents. Look for Exit Code 0 or 3010
# If you notice exit code 1603 there is a installation issue. Refer to my MSI switches blogpost
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari (Twitter - @askaresh)
################################################################################################

###################################################################
#                    Declare Variables                            #
###################################################################

#Agent Names
$HorizonAgentName = "VMware-Horizon-Agent-x86_64*"
$DEMAgentName = "VMware Dynamic Environment Manager*"
$AppVolumesAgentName = "App Volumes Agent*"
$AppVolMGR = "avm001.domain.com" # Manager LB VIP

# All the installer Location
#Create a folder C:\Temp\Agents and place all the MSI\EXE in there
$TempInstallPath = "C:\Temp\Agents" 

#Log Files location
# Go through all the logs post installation
$HZlogFile = "C:\Temp\Agents\HZAgent.log"
$DEMlogFile = "C:\Temp\Agents\DEMAgent.log"
$ApplogFile = "C:\Temp\Agents\AppVolAgent.log"

###################################################################
#                    MSI Arguments Arrary for EUC Agents          #
###################################################################
# Modify any MSI switched related to the agent here.
# Follow this blog post for swithces - https://askaresh.com/2021/06/28/comparision-vmware-horizon-agent-7-x-8-x-silent-install-switches-and-properties/

# VMware Horizon Agent MSI Switches
$HZMSIArguments = @(
	"/qn"
	"VDM_VC_MANAGED_AGENT=1"
    "SUPPRESS_RUNONCE_CHECK=1"
	"VDM_IP_Protocol_Usage=IPv4"
	"ADDLOCAL=Core,ClientDriveRedirection,NGVC,USB,RTAV,PerfTracker,PrintRedir,HelpDesk,TSMMR,VmwVaudio,V4V"
	"REBOOT=REallySuppress"
	"/L*v"
	$HZlogFile
)

# VMware Dynamic Enivornment Agent MSI Switches
$DEMMSIArguments = @(
    "/qn"
    "ADDLOCAL=FlexEngine"
    "REBOOT=REallysuppress"
    "/L*v"
    $DEMlogFile
)

# VMware App Volumes Agent MSI Switches
$AppVolMSIArguments = @(
    "/qn"
    "MANAGER_ADDR=$AppVolMGR"
    "MANAGER_PORT=443"
    "REBOOT=REallysuppress"
    "EnforceSSLCertificateValidation=0"
    "/L*v"
    $ApplogFile
)

###################################################################
#                    Main                                        #
###################################################################

# Install VMware Horizon Agent
Write-Host "Installing the VMware Horizon Agent" -ForegroundColor Green
$HZAgentPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $HorizonAgentName}).Fullname

# The switches "/s /v " is the Install Shield switches and rest of the aruguments are passed with MSI
$HZAgentInstall = (Start-Process -Filepath $HZAgentPath -Wait -ArgumentList "/s /v ""$HZMSIArguments" -PassThru)
$HZAgentInstall.ExitCode

Start-Sleep 20

# Install DEM Agent
Write-Host "Installing the VMware DEM Agent" -ForegroundColor Green
$DEMPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $DEMAgentName}).Fullname
$DEMAgentInstall = (Start-Process -Filepath $DEMPath -ArgumentList $DEMMSIArguments -Wait -PassThru)
$DEMAgentInstall.ExitCode

Start-Sleep 20

# Install App Volumes Agent
Write-Host "Installing the VMware App Volumes Agent" -ForegroundColor Green
$AppVolPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $AppVolumesAgentName}).Fullname
$AppVolAgentInstall = (Start-Process -Filepath $AppVolPath -ArgumentList $AppVolMSIArguments -Wait -PassThru)
$AppVolAgentInstall.ExitCode

Start-Sleep 20

# Restart the computer
Write-Host "Restarting the computer post the VMware EUC Agents install" -ForegroundColor Green
Restart-Computer -Force

Git Hubscripts/vmwareeucagent-install at master · askaresh/scripts (github.com)

A big thanks to Chris H for providing the original blueprint of the script and Wouter for showing me the magical “space” on the switch /v within the Horizon Agent installer. Final thanks to Jishan for the numerous testing cycles and additions to a different version of this script which tackles VMware Tools reboot and continues installing post a reboot.

I hope you will find this script useful to install the VMware EUC agents and never look back to install them individually. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Reference Article – VMware Agent Install order – Agent installation order for Horizon View, Dynamic Environment Manager, and App Volumes (vmware.com)

Script uninstall VMware EUC Agents – App Volumes Agent, Horizon Client, DEM Agent, Horizon Agent and VMware Tools

29 Jun

If you are planning for the VMware EUC Stack migration or upgrade and are in the middle of uninstalling the existing agents, look no further and here is the script that will allow you to uninstall all the agents and reboot the golden image towards the end. There is no need to remove individual agents one by one from the “Program and Features”; instead, sit back, relax and have a coffee!

VMware EUC Agents:

  • VMware App Volumes Agent (Works on 2.x and 4.x/YYMM)
  • VMware Horizon Client (Optional)
  • VMware Dynamic Environment Manager Agent (Works on 9.x and YYMM)
  • VMware Horizon Agent (Works on 7.x and 8.x/YYMM)
  • VMware Tools (Works on 11.x)

Note – All the above testing is carried out on Windows 10 1909/Windows Server 2016 with PowerShell 5.1. The PowerShell module Uninstall-Package suppresses individual reboot and we perform the final reboot towards the end using the Restart-Computer module. (Reboot is required to complete the uninstallation operations.)

VMware EUC Agents
#################################################################################
# Un-Install EUC Agents in the proper order for Golden Image
# App Volumes Agent, Horizon Client(Optional), DEM, Horizon and VMware Tools
# Suppressed auto Reboot the OS towards the end after un-installing all Agents.
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari (Twitter - @askaresh)
#################################################################################

#Un-installing VMware App Volumes Agent
Write-Host "Un-installing the App Volumes Agent" -ForegroundColor Green
Get-Package -Name 'App Volumes **' | Uninstall-Package

sleep -Seconds 60

#Un-installing VMware Horizon Client
#Write-Host "Un-installing the VMware Horizon Client" -ForegroundColor Green
#Get-Package -Name 'VMware Horizon Cli**' | Uninstall-Package

#sleep -Seconds 60

#Un-installing VMware Dynamic Environment Agent
Write-Host "Un-installing the Dynamic Environment Agent" -ForegroundColor Green
Get-Package -Name 'VMware Dynamic **' | Uninstall-Package

sleep -Seconds 60

#Un-installing VMware Horizon Agent
Write-Host "Un-installing the VMware Horizon Agent" -ForegroundColor Green
Get-Package -Name 'VMware Horizon Ag**' | Uninstall-Package

sleep -Seconds 60

#Un-installing VMware Tools Agent
Write-Host "Un-installing the VMware Tools Agent" -ForegroundColor Green
Get-Package -Name 'VMware Tools' | Uninstall-Package

sleep -Seconds 60

# Restart the computer
Write-Host "Restarting the computer post the VMware EUC Agents Un-install" -ForegroundColor Green
Restart-Computer -Force

GitHub scripts/vmwareeucagent-uninstall at master · askaresh/scripts (github.com)

Thanks to Hilko and Joel for reviewing the script and providing valuable feedback.

I hope you will find this script useful to uninstall the VMware EUC agents and never look back to remove individual programs under “Programs and Features”. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Script create read-only account for monitoring VMware Unified Access Gateway

23 Sep

We have been using VMware Unified Access Gateway (UAG) for quite a few years. To monitor the appliance using vROPS or other monitoring tools or API calls scripts you need a read-only monitoring account created in the console under “Account Settings”.

Account Settings - UAG
Read-only account for monitoring

In our deployment we have 14 UAG appliances (Internal/External) – Yes we tunnel internal connections too. Post the upgrade we had to re-create the read-only account for the API call monitoring on all 14 appliances. The following script I wrote to create the read-only account per UAG server. Just change the IP and point to another UAG to create accounts.

####################################################################
# Create ready-only account in the VMware Unified Access Gateway Appliance
# for monitoring purposes using vROPS or API etc.
# Author - Aresh Sarkari (@askaresh)
# Version - V5.0
####################################################################


# Ignore UAG cert errors (self signed or 

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'


##API Call to make the intial connection to the UAG Appliance##

$Uri = "https://10.0.0.1:9443/rest/v1/config/adminusers/logAdminUserAction/LOGIN"
$Username = "admin"
$Password = "adminpassword"

$Headers = @{ Authorization = "Basic {0}" -f [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $Username,$Password))) }

Invoke-RestMethod -SessionVariable DaLogin -Uri $Uri -Headers $Headers


###API Call to create the user account with read-only access under VMware Unified Access Gateway##

$body = @{
  name = "UAG_vRops"
  password= "typeyourpassword"
  enabled=$true
  roles = @("ROLE_MONITORING")
  noOfDaysRemainingForPwdExpiry=0
} | ConvertTo-Json

$output = Invoke-RestMethod -WebSession $DaLogin -Method Put -Uri "https://10.0.0.1:9443/rest/v1/config/adminusers" -Body $body -ContentType "application/json"

Write-Output $output

GitHub https://github.com/askaresh/scripts/blob/master/uagreadonlyacct

I hope you will find this script useful to create the UAG read only accounts and would not have to create them manually on multiple appliances. My request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Swagger-UI and Postman Collection for VMware Unified Access Gateway

6 May

I aimed to perform a particular VMware Unified Access Gateway (UAG) tasks programatically. After some guidance from Mark Benson he introduced me to the Swagger-UI that is available within the product.

To access the Swagger-UI on UAG open the following URL within the browser and enter your username and password.

https://uagnameorip:9443/swagger-ui/index.html
Swagger-UI – UAG API Calls

One can do alot within the swagger-ui to make various GET, POST, PUT actions. However, my preferred tool is POSTMAN. I needed a way to figure out how to get all the swagger-ui converted to POSTMAN. Upon searching, I came across this method mentioned here.

To fetch all the swagger JSON output, go to this URL on the VMware UAG Appliance.

https://uagnameorip:9443/rest/swagger.json

We have two options here. #Option1 – copy all the data from the webpage and paste it under Postman – Import – Paste Raw Text. You will have all the VMware UAG Access Gateway Rest API listed. #Option2 – Paste the above URL into Postman – Import – Import from link (This didn’t work for me maybe authentication was required)

Postman – Import

Please find attached the POSTMAN export for the VMware Unified Access Gateway Appliance 3.9.1. (Note I believe swagger-ui was availble post UAG 3.7 onwards).

Postman – API Calls UAG

I hope you will find this post useful to start using the Swagger-UI and Postman collections to begin working with UAG appliance. My request if you further create interesting scripts or perform cool activities with UAG appliance, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Report all VMware App Volumes Writable Volumes with Status Disabled and Orphaned

22 Apr

Often within the App Volumes Manager, there are Writable Volumes that will show up as Status “Orphaned” and essentially that can be caused by active directory user accounts that have been disabled in AD.

Writable Status = Orphaned

There is also a Status called “Disabled” and that can be caused when an App Volumes administrator decides to disable the Writable Volumes.

Writable Status = Disabled

Now if you have a enteprise environment with 1000’s of users, it’s hard to perform this activity from the UI. I have created a script that can report on the status of “Orphaned” and “Disabled” send you the output in *.csv report on a daily/weekly basis as per your needs.

####################################################################
# Get List of Writable Volumes from AppVolumes Manager for Status Disabled and Orphaned
# Author - Aresh Sarkari (@askaresh)
# Version - V2.0
####################################################################

# Run at the start of each script to import the credentials
$Credentials = IMPORT-CLIXML "C:\Scripts\Secure-Creds\SCred_avmgr.xml"
$RESTAPIUser = $Credentials.UserName
$RESTAPIPassword = $Credentials.GetNetworkCredential().Password


$body = @{
    username = “$RESTAPIUser"
    password = “$RESTAPIPassword”
}

Invoke-RestMethod -SessionVariable DaLogin -Method Post -Uri "https://avolmanager.askaresh.com/cv_api/sessions” -Body $body

$output = Invoke-RestMethod -WebSession $DaLogin -Method Get -Uri "https://avolmanager.askaresh.com/cv_api/writables" -ContentType "application/json"

$output.datastores.writable_volumes | Select-Object owner_name, owner_upn, title, status | Where-Object {[string]$_.status -match "Orphaned" -and $_.title -match "(disabled)"} | Export-Csv -NoTypeInformation -Append D:\Aresh\Orphaned.Disabled-Writables.$(Get-Date -Format "yyyyMMddHHmm").csv

#send an email (provided the smtp server is reachable from where ever you are running this script)
$emailfrom = 'writablevolumes@askaresh.com'
$emailto = 'email1@askaresh.com', 'email2@askaresh.com'
$emailsub = 'Wrtiable Volumes with status Orphaned and Disabled - Weekly'
$emailbody = 'Attached CSV File from App Volumes Manager. The attachment included the API response for all the Writable which are orphaned and Disabled in UI'
$emailattach = "D:\Aresh\Orphaned.Disabled-Writables.$(Get-Date -Format "yyyyMMddHHmm").csv"
$emailsmtp = 'smtp.askaresh.com'

Send-MailMessage -From $emailfrom -To $emailto -Subject $emailsub -Body $emailbody -Attachments $emailattach -Priority High -DeliveryNotificationOption OnFailure -SmtpServer $emailsmtp

GitHub – https://github.com/askaresh/scripts/blob/master/wrtiable-orph-disa

Depending upon the output, you can have your service desk get in touch with the Active Directory teams to get the affected end-users to be removed from the App volumes writable volumes entitled groups and then proceed towards clean up of their writable volumes if there is no legal hold requirements.

I hope you will find this script useful to get a report for all writable volumes with status Orphaned and Disabled. My request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Report all VMware App Volumes Writable Volumes with low disk space

20 Apr

We have provided end-users with 30 GB Writable Volumes, and within the App Volumes Manager console there is an ability in the UI to see the Writable Volumes disk free under the view called – “Usage View”

Writable Volumes - Usage View
Writable Volumes – Usage View

The biggest challenge is if you have 1000’s of users, it’s hard to perform this activity from the UI. I have created a script that can send you the output in *.csv report on a daily/weekly basis as per your needs.

####################################################################
# Get List of Wrtiable Volumes from AppVolumes Manager for free space less than 3 GB out of 30 GB
# Author - Aresh Sarkari (@askaresh)
# Version - V2.0
####################################################################


# Run at the start of each script to import the credentials
$Credentials = IMPORT-CLIXML "C:\Scripts\Secure-Creds\SCred_avmgr.xml"
$RESTAPIUser = $Credentials.UserName
$RESTAPIPassword = $Credentials.GetNetworkCredential().Password


$body = @{
    username = “$RESTAPIUser"
    password = “$RESTAPIPassword”
}

Invoke-RestMethod -SessionVariable DaLogin -Method Post -Uri "https://avolmanager.askaresh.com/cv_api/sessions” -Body $body

$output = Invoke-RestMethod -WebSession $DaLogin -Method Get -Uri "https://avolmanager.askaresh.com/cv_api/writables" -ContentType "application/json"

$output.datastores.writable_volumes | Select-Object owner_name, owner_upn,total_mb, free_mb, percent_available, status | Where-Object {$_.free_mb -lt 3072}  | Export-Csv -NoTypeInformation -Append D:\Aresh\Writableslt3gb.$(Get-Date -Format "yyyyMMddHHmm").csv

#send an email (provided the smtp server is reachable from where ever you are running this script)
$emailfrom = 'writablevolumes@askaresh.com'
$emailto = 'email1@askaresh.com', 'email2@askaresh.com' #Enter your SMTP Details
$emailsub = 'Wrtiable Volumes Size (free_mb) less than 3 GB out of 30 GB - 24 Hours'
$emailbody = 'Attached CSV File from App Volumes Manager. The attachment included the API response for all the Writable Volumes less than 3 GB of free space'
$emailattach = "D:\Aresh\Writableslt3gb.$(Get-Date -Format "yyyyMMddHHmm").csv"
$emailsmtp = 'smtp.askaresh.com'

Send-MailMessage -From $emailfrom -To $emailto -Subject $emailsub -Body $emailbody -Attachments $emailattach -Priority High -DeliveryNotificationOption OnFailure -SmtpServer $emailsmtp

GitHub https://github.com/askaresh/scripts/blob/master/writablevolumesdiskusage

Depending upon the output, you can have your service desk get in touch with the affected end-users to clear-up disk space or provide options for further expansion.

I hope you will find this script useful to get a report for all writable volumes nearing their disk space usage. My request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari