dewyser.net

solutions, scripting and more

Tag: vmware horizon

Querying Horizon Server API — 6th Aug 2024

Querying Horizon Server API

/Stefaan/Leave a comment

I recently was asked, how can we get a list of all the devices connecting to our environment and what client are they using to do so? With the help of the VMware.Hv.Helper I came up with the following in a couple of minutes:

function Get-ViewAPIService {
  param(
    [Parameter(Mandatory = $false)]
    $HvServer
  )
  if ($null -ne $hvServer) {
    if ($hvServer.IsConnected) {
      return $hvServer.ExtensionData
    }
  }
}

function Get-HVGlobalSession { 
  param(
    [Parameter(Mandatory = $false)]
    $HvServer = $null
  )
    
  $services = Get-ViewAPIService -HvServer $HvServer
  
  $query_service_helper = New-Object VMware.Hv.GlobalSessionQueryServiceService
  $query = new-object vmware.hv.GlobalSessionQueryServiceQuerySpec
    
  $SessionList = @()
  foreach ($pod in $services.Pod.Pod_List()) {
    $query.pod = $pod.id
    $queryResults = $query_service_helper.GlobalSessionQueryService_QueryWithSpec($services, $query)
    $GetNext = $false
    do {
      if ($GetNext) { 
        $queryResults = $query_service_helper.GlobalSessionQueryService_GetNext($services, $queryResults.id)
      }
      $SessionList += $queryResults.results
      $GetNext = $true
    } while ($queryResults.remainingCount -gt 0)
    $query_service_helper.GlobalSessionQueryService_Delete($services, $queryresults.id)
  }
  return $sessionlist
}

function Connect-HV() {
  param (
    [string] $HvServer,
    [string] $username,
    [securestring] $password,
    [string] $domain
  )

  $connection = Connect-HVServer -Server $HvServer -User $username -Password $password -Domain $domain -ErrorAction Stop

  return $connection
}

function Disconnect-HV() {
  param (
    [string] $HvServer
  )

  Disconnect-HVServer -Server $HvServer -ErrorAction Stop -Confirm:$false
}


$target_connection_server = "<connection server>"
$service_account_username = "<username>"
$service_account_domainname = "<domain>"
$service_account_password = ConvertTo-SecureString -AsPlainText "<password>" -Force

$connection = Connect-HV -HvServer $target_connection_server -username $service_account_username -password $service_account_password -domain $service_account_domainname

$sessions = Get-HVGlobalSession -HvServer $connection

$endpoints = $sessions.namesdata | Select-Object -ExpandProperty BaseNames
$endpoints | Format-Table UserName, ClientName, ClientVersion 

Disconnect-HV -HvServer $target_connection_server
Removing old agents in VMware Horizon VDI golden image — 5th Jan 2024

Removing old agents in VMware Horizon VDI golden image

/Stefaan/Leave a comment

The following script finds the uninstall strings in the registry and removes old agents from the golden image.

$execpolicy = Get-ExecutionPolicy

Set-ExecutionPolicy Unrestricted

$installed = Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object {$_.UninstallString -match "MsiExec.exe"} | Select-Object DisplayName, DisplayVersion, UninstallString
$installed += Get-ItemProperty 'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object {$_.UninstallString -match "MsiExec.exe"} | Select-Object DisplayName, DisplayVersion, UninstallString

$apps = @("VMware Tools","VMware Horizon Agent","VMware Horizon Agent Direct-Connection Plugin","VMware Dynamic Environment Manager Enterprise","App Volumes Agent","Microsoft FSLogix Apps")

$uninstall = $installed | Where-Object {($_.DisplayName -in $apps)}

$uninstall

foreach ($app in $uninstall) {
    $uninstcmd = $app.UninstallString

    $uninstcmd = (($uninstcmd -split " ")[1] -replace "/I","/X") + " /qn REBOOT=ReallySuppress"
    $uninstprc = Start-Process msiexec.exe -ArgumentList $uninstcmd -NoNewWindow -PassThru -Wait
}

$check = Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object {$_.UninstallString -match "MsiExec.exe"} | Select-Object DisplayName, DisplayVersion, UninstallString
$check += Get-ItemProperty 'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object {$_.UninstallString -match "MsiExec.exe"} | Select-Object DisplayName, DisplayVersion, UninstallString

$check | Where-Object {($_.DisplayName -in $apps)} | Format-Table

Set-ExecutionPolicy $execpolicy
Installing new Microsoft Teams in VMware Horizon VDI — 4th Jan 2024

Installing new Microsoft Teams in VMware Horizon VDI

/Stefaan/Leave a comment

The following script installs the new teams in the vdi golden image. If an old version is installed it removes it first. Afterwards a registry key is set to disable automatic updates.

The correct files can be downloaded here.

# get the current execution policy
$execpolicy = Get-ExecutionPolicy

Set-ExecutionPolicy Unrestricted

# location to the teams bootstrapper file
$bootstrapperpath = $PSScriptRoot + '\teamsbootstrapper.exe'

# allow execution of the teams bootstrapper file
Unblock-File -Path $bootstrapperpath

# check if teams is currently installed
$teamsversion = Get-AppxPackage -Name *MSTEAMS*

if ($teamsversion) {
    # if installed remove teams
    Write-Host 'Uninstalling Microsoft Teams version ' $teamsversion.version -ForegroundColor Red

    Start-Process -FilePath $bootstrapperpath -ArgumentList '-x' -Wait
    $teamsversion = ""
}

# location to the teams msix file
$msixpath = $PSScriptRoot + '\MSTeams-x64.msix'

# configure installation parameters
$args = '-p -o "' + $msixpath + '"'

# install teams
Start-Process -FilePath $bootstrapperpath -ArgumentList $args -Wait

# registry path
$registrypath = 'HKLM:\SOFTWARE\Microsoft\Teams'

# disable teams autoupdate 
if (!(Test-Path $registryPath)) {
    New-Item -Path $registrypath -Force | Out-Null
    New-ItemProperty $registrypath -Name 'disableAutoUpdate' -Value 1 -PropertyType DWord -Force | Out-Null
} else {
    if (!(Get-ItemProperty $registrypath -Name 'disableAutoUpdate')) {
        New-ItemProperty $registrypath -Name 'disableAutoUpdate' -Value 1 -PropertyType DWord -Force | Out-Null
    } else {
        Set-ItemProperty $registrypath -Name 'disableAutoUpdate' -Value 1 -PropertyType DWord -Force | Out-Null
    }
}

# check if teams installed correctly
$teamsversion = Get-AppxPackage -Name *MSTEAMS*

if ($teamsversion) {
    Write-Host 'Installed Microsoft Teams version ' $teamsversion.version -ForegroundColor Green
}

# set execution policy back to original value
Set-ExecutionPolicy $execpolicy
Setting up Carbon Black sensor gateway appliance — 29th Nov 2023

Setting up Carbon Black sensor gateway appliance

/Stefaan/Leave a comment

First thing is to do a little preparation. In Carbon Black Cloud console you’ll need to set up an API key so the appliance can communicate with the cloud console.

Go to Settings > API Access and select “Add API Key”. Set the access level to custom and select Sensor Gateway from the custom access level drop down list:

Save the information as we’ll need it later.

Next is to generate a certificate that will be used on the appliance. You can skip this part if you use self-signed certificates instead but if you go with certificates you’ll the certificate in pem format with private key file and also the full chain, so including the appliance certificate.

Now we can deploy and configure the virtual appliance. For the CBC URL you can find the necessary information here: https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/#hostname. The API ID and secret you saved before.

The entry point is the FQDN (preceded by https://) of the appliance (this information must match the certificate common name or san). The certificate line accepts more then just one line of data. You can put in the data from the pem certificate file. Same for the private.

Remember in the certificate chain put the full chain, so the certificate again and then intermediate (if used) and the root certificate. Passphrase is used if the certificate is encrypted with a password.

Last thing before deployment is the network information part.

After you boot the appliance you will see that it registers itself in the Carbon Black Cloud console under Settings > API Access > Sensor Gateways.

Now for the installation part of the sensors. You’ll see that you now have an option to generate a registration key through a Sensor Gateway. All devices installed with this new key will connect threw the Sensor Gateway Appliance instead of registering directly to Carbon Black Cloud console.

Documenting, love it or hate it … (Part 3) — 9th Nov 2022