dewyser.net

solutions, scripting and more

Category: powershell

New functions Get-WS1PolicyList and Get-WS1AuthenticationMethods — 10th Apr 2025

New functions Get-WS1PolicyList and Get-WS1AuthenticationMethods

/Stefaan/Leave a comment

I’ve added two new functions Get-WS1PolicyList and Get-WS1AuthenticationMethods to the module. Below also an example on how to use the module.

Import-Module ./Github/PSWorkspaceOneAccess/PSWorkspaceOneAccess.psd1 # -Verbose

& "$PSScriptRoot/Private/credentials.ps1"

if ([string]::IsNullOrEmpty($accessToken)) {
    $accessToken = Open-WS1AccessConnection -ClientId $clientId -ClientSecret $clientSecret -AccessURL $accessURL
}

$policies = Get-WS1PolicyList -AccessURL $accessURL -accessToken $accessToken
Write-Host "Policy count: $($policies.Count)" -ForegroundColor DarkYellow

$authMethods = Get-WS1AuthenticationMethods -accessURL $accessURL -accessToken $accessToken
Write-Host "Enabled authentication method count: $($authMethods | Where-Object enabled -eq $true | Measure-Object | Select-Object -ExpandProperty Count)" -ForegroundColor Red

$users = Get-WS1User -AccessURL $accessURL -AccessToken $accessToken
Write-Host ( $users | Where-Object userName -eq "rsmoot" | Select-Object -ExpandProperty name ) -ForegroundColor Green

$not_me = Get-WS1UserByUsername -AccessURL $accessURL -AccessToken $accessToken -Username "rsmoot"
$not_me | Select-Object -ExpandProperty name | Select-Object @{Name = "Firstname"; Expression = { $_.givenName } }, @{Name = "Lastname"; Expression = { $_.familyName } } | Format-Table

$directory = Get-WS1Directory -AccessURL $accessURL -accessToken $accessToken
$directory = $directory | Where-Object type -eq "ACTIVE_DIRECTORY_LDAP"
Write-Host "DirectoryId: $($directory.directoryId)" -ForegroundColor Blue

$directoryInfo = Get-WS1DirectoryById -AccessURL $accessURL -AccessToken $accessToken -DirectoryId $directory.directoryId
Write-Host "DirectoryId: $($directoryInfo.directoryId)" -ForegroundColor Cyan

Remove-WS1MagicToken -AccessURL $accessURL -AccessToken $accessToken -Username $not_me.userName
$magicToken = Get-WS1MagicToken -AccessURL $accessURL -AccessToken $accessToken -Domain $domain -Username $not_me.userName

$magicToken = Reset-WS1MagicToken -AccessURL $accessURL -AccessToken $accessToken -Domain $domain -Username $not_me.userName

Write-Host "$($magicToken.replace($accessURL,"<accessURL>"))" -ForegroundColor Red

Remove-Module PSWorkspaceOneAccess # -Verbose

This would result in the following output:

Rudiger Smoot

DirectoryId: f37e07c3-3d2d-4e82-85b1-5bad6ee60d5d
DirectoryId: f37e07c3-3d2d-4e82-85b1-5bad6ee60d5d

https:///SAAS/auth/login?token=eyJpZCI6IjJlY2U3ZTc2LTk1YTgtNDBkOS1iMDdjLTAxOGQzMDljNWIzYyIsInZhbHVlIjoicXlTUEcyd3kzZHRnZXVWbjhMemtZR3Z3eHg4VWhjYUkiLCJzaWduYXR1cmUiOiJhbW1KaGl4eWtrZUlVTEMvRUxQaHRMRUpteFpraGZIa1d1RmlkeWRpUm9QRkZ3Kzk3OU5VanRwL0FkdmNMOFJUM0d6akUzRlFObU5rRUlONWhhSWtVTTFqMjIrckMwYmIxRjBRSThReUF3Y1J6ZklvTGY0OGdVSXhFdmY5Y3dLK1RPNy9oWWlEMFpYN2YyR1hQSnJYaUZTL3FEZWdKOFN4UHpPMXlYV05heTE4eEpEWE92SjZqcUdad2JWU3RQZlIreUNwUW52RDJsWGZ1dCtTbElBQXVBaU1kSkdkRVJUMC9ESjZCQm5iZmZINnF6R0tSSmZFamVMQzF5NU5aazRTem8yMHJHQjFUM1p4NXdEanQ0UVR3UkFUMWRTbTUvcVJnWTBnQ3g4NTZ4Vkkwek8yeUN1ZUxLb0FkcW5ycWZSNDlhQVQ0ODYydkI4dHlPOUp5enR5b28rYmFuQzlJeXNBckl1dmgzZFVsYmlLaTNnb29EN2tHd0MwbDh2d21CZEI0R1RFVjJhMEVlTGw4MmVFK25rTFpZV2NMSGtTRUJLMXVmNGhmZ24zWUVPMTVVazN6enFQYVJnVy9qY1I2ejFxSFVLbm1XeVRiZUpKeG40NFhtdHhxYTUvL0I2MVpjWVdsY2UxUCtwLzM2ekRXSDk2K3J5SDRrUStaU2hHM1IveDlST3V4T3hQeHJHTUxnZC9SdE1WeTR3VGVicU5pLzdNeEpQalNCdUdCWll2UTN2RjNmb1BxZkFxaVV3VjlUa0p2UjduTkc5aU90TElsZWRVakQxN0s4TXRUVk0rQjVqWEF4eUtxRVNNamJFNEk1Ry9zTmpUdElOMVo3OVBKYVBJbWYrMGNib1pqMWx2WHpFZGhoZ1pKTE16MUJPMWFlOEVKSlVvaGlYOEdIVT0ifQ%253D%253D&userstore=Userstore_f37e07c3-3d2d-4e82-85b1-5bad6ee60d5d

You can find the latest version of the module on my github page.

New command Get-WS1AuditInformation — 10th Jan 2025

New command Get-WS1AuditInformation

/Stefaan/Leave a comment

Added a new command Get-WS1AuditInformation to the module PSWorkspaceOneAccess that retrieves a detailed audit report for Workspace ONE Access events and replaces Get-WS1LoginAuditForUser, WS1LoginAuditForDateRange and Get-WS1AuditReport. It allows filtering by object type, date range and username. The object returned is no longer json but is now a PowerShell object.

The updated module is available on my GitHub.

Querying Horizon Server API — 6th Aug 2024

Querying Horizon Server API

/Stefaan/Leave a comment

I recently was asked, how can we get a list of all the devices connecting to our environment and what client are they using to do so? With the help of the VMware.Hv.Helper I came up with the following in a couple of minutes:

function Get-ViewAPIService {
  param(
    [Parameter(Mandatory = $false)]
    $HvServer
  )
  if ($null -ne $hvServer) {
    if ($hvServer.IsConnected) {
      return $hvServer.ExtensionData
    }
  }
}

function Get-HVGlobalSession { 
  param(
    [Parameter(Mandatory = $false)]
    $HvServer = $null
  )
    
  $services = Get-ViewAPIService -HvServer $HvServer
  
  $query_service_helper = New-Object VMware.Hv.GlobalSessionQueryServiceService
  $query = new-object vmware.hv.GlobalSessionQueryServiceQuerySpec
    
  $SessionList = @()
  foreach ($pod in $services.Pod.Pod_List()) {
    $query.pod = $pod.id
    $queryResults = $query_service_helper.GlobalSessionQueryService_QueryWithSpec($services, $query)
    $GetNext = $false
    do {
      if ($GetNext) { 
        $queryResults = $query_service_helper.GlobalSessionQueryService_GetNext($services, $queryResults.id)
      }
      $SessionList += $queryResults.results
      $GetNext = $true
    } while ($queryResults.remainingCount -gt 0)
    $query_service_helper.GlobalSessionQueryService_Delete($services, $queryresults.id)
  }
  return $sessionlist
}

function Connect-HV() {
  param (
    [string] $HvServer,
    [string] $username,
    [securestring] $password,
    [string] $domain
  )

  $connection = Connect-HVServer -Server $HvServer -User $username -Password $password -Domain $domain -ErrorAction Stop

  return $connection
}

function Disconnect-HV() {
  param (
    [string] $HvServer
  )

  Disconnect-HVServer -Server $HvServer -ErrorAction Stop -Confirm:$false
}


$target_connection_server = "<connection server>"
$service_account_username = "<username>"
$service_account_domainname = "<domain>"
$service_account_password = ConvertTo-SecureString -AsPlainText "<password>" -Force

$connection = Connect-HV -HvServer $target_connection_server -username $service_account_username -password $service_account_password -domain $service_account_domainname

$sessions = Get-HVGlobalSession -HvServer $connection

$endpoints = $sessions.namesdata | Select-Object -ExpandProperty BaseNames
$endpoints | Format-Table UserName, ClientName, ClientVersion 

Disconnect-HV -HvServer $target_connection_server
Removing old agents in VMware Horizon VDI golden image — 5th Jan 2024

Removing old agents in VMware Horizon VDI golden image

/Stefaan/Leave a comment

The following script finds the uninstall strings in the registry and removes old agents from the golden image.

$execpolicy = Get-ExecutionPolicy

Set-ExecutionPolicy Unrestricted

$installed = Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object {$_.UninstallString -match "MsiExec.exe"} | Select-Object DisplayName, DisplayVersion, UninstallString
$installed += Get-ItemProperty 'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object {$_.UninstallString -match "MsiExec.exe"} | Select-Object DisplayName, DisplayVersion, UninstallString

$apps = @("VMware Tools","VMware Horizon Agent","VMware Horizon Agent Direct-Connection Plugin","VMware Dynamic Environment Manager Enterprise","App Volumes Agent","Microsoft FSLogix Apps")

$uninstall = $installed | Where-Object {($_.DisplayName -in $apps)}

$uninstall

foreach ($app in $uninstall) {
    $uninstcmd = $app.UninstallString

    $uninstcmd = (($uninstcmd -split " ")[1] -replace "/I","/X") + " /qn REBOOT=ReallySuppress"
    $uninstprc = Start-Process msiexec.exe -ArgumentList $uninstcmd -NoNewWindow -PassThru -Wait
}

$check = Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object {$_.UninstallString -match "MsiExec.exe"} | Select-Object DisplayName, DisplayVersion, UninstallString
$check += Get-ItemProperty 'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object {$_.UninstallString -match "MsiExec.exe"} | Select-Object DisplayName, DisplayVersion, UninstallString

$check | Where-Object {($_.DisplayName -in $apps)} | Format-Table

Set-ExecutionPolicy $execpolicy
Installing new Microsoft Teams in VMware Horizon VDI — 4th Jan 2024

Installing new Microsoft Teams in VMware Horizon VDI

/Stefaan/Leave a comment

The following script installs the new teams in the vdi golden image. If an old version is installed it removes it first. Afterwards a registry key is set to disable automatic updates.

The correct files can be downloaded here.

# get the current execution policy
$execpolicy = Get-ExecutionPolicy

Set-ExecutionPolicy Unrestricted

# location to the teams bootstrapper file
$bootstrapperpath = $PSScriptRoot + '\teamsbootstrapper.exe'

# allow execution of the teams bootstrapper file
Unblock-File -Path $bootstrapperpath

# check if teams is currently installed
$teamsversion = Get-AppxPackage -Name *MSTEAMS*

if ($teamsversion) {
    # if installed remove teams
    Write-Host 'Uninstalling Microsoft Teams version ' $teamsversion.version -ForegroundColor Red

    Start-Process -FilePath $bootstrapperpath -ArgumentList '-x' -Wait
    $teamsversion = ""
}

# location to the teams msix file
$msixpath = $PSScriptRoot + '\MSTeams-x64.msix'

# configure installation parameters
$args = '-p -o "' + $msixpath + '"'

# install teams
Start-Process -FilePath $bootstrapperpath -ArgumentList $args -Wait

# registry path
$registrypath = 'HKLM:\SOFTWARE\Microsoft\Teams'

# disable teams autoupdate 
if (!(Test-Path $registryPath)) {
    New-Item -Path $registrypath -Force | Out-Null
    New-ItemProperty $registrypath -Name 'disableAutoUpdate' -Value 1 -PropertyType DWord -Force | Out-Null
} else {
    if (!(Get-ItemProperty $registrypath -Name 'disableAutoUpdate')) {
        New-ItemProperty $registrypath -Name 'disableAutoUpdate' -Value 1 -PropertyType DWord -Force | Out-Null
    } else {
        Set-ItemProperty $registrypath -Name 'disableAutoUpdate' -Value 1 -PropertyType DWord -Force | Out-Null
    }
}

# check if teams installed correctly
$teamsversion = Get-AppxPackage -Name *MSTEAMS*

if ($teamsversion) {
    Write-Host 'Installed Microsoft Teams version ' $teamsversion.version -ForegroundColor Green
}

# set execution policy back to original value
Set-ExecutionPolicy $execpolicy