Turn off Hyper-V VM internet but enable remoting - virtual-machine

I have a Hyper-V VM to which I copy files from and to the Host machine. Then I start a scheduled task on the VM which starts an application for which I log certain data. While the app is running I poll for the status of the scheduled task to check upon the status of the task using the below code:
$password= "password" | ConvertTo-SecureString -asPlainText -Force;
$username = "name";
$credential = New-Object System.Management.Automation.PSCredential($username,$password);
Invoke-Command -VMName INSTANCE_ID -Credential $credential -ScriptBlock
{
$timer = [Diagnostics.Stopwatch]::StartNew();
$timeout = 2000;
while (((Get-ScheduledTask -TaskName 'ID_Logging_Task').State -eq 'Running') -and ($timer.Elapsed.TotalSeconds -lt $timeout))
{
Write-Verbose -Message 'Waiting on scheduled task...';
Start-Sleep -Seconds 3;
}
$timer.Stop();
}
Now while this app is running I want to disconnect internet connectivity for the VM(as if internet is available the app logs certain data which adds to a lot of noise) but I still want to be able to poll for my scheduled tasks status. I am okay with turning the internet off permanently as long as I am able to copy files to and from the VM and run ps1 scripts on it via a python script running on the Host machine. Please tell me if this is possible and how.

Related

how to write powershell script to check if the VM is jumpbox VM from a list of VMs in azure

Powershell script to retreive Jumpbox VM from a list of VMs, which VMs are all have jumpbox connection. How to differentiate Jumpbox VM from other VMs. The output will be like this VM is Jumpbox VM.
I have tried to retrive ip addresses, security rules, tags associated with it, But all are same with other VMs, So I am not getting efficient output.I need to find unique configuration jumpbox vm has from other vms.
The output will be like this "This VM is Jumpbox VM".
I deployed one Jumpbox VM with its NIC connected to the Private IP securely and ran this PowerShell command to get the Jumpbox VM's.
Thanks #Fabricio godboy for the script.
Reference- How to write powershell script to identify whether the Azure Virtual machine has Jumpbox or bastionhost or other private vms - Microsoft Q&A
I created one Jumpbox VM and ran the Powershell script like below:-
Script:-
#
Connect-AzAccount
# Specify the resource group name and VM name
$resourceGroupName = "jumpboxvm"
$vmName = "jumpboxvm12"
# Get the VM object
$vm = Get-AzVM -ResourceGroupName $resourceGroupName -Name $vmName
# Get the VM's network interface object
$nic = Get-AzNetworkInterface -ResourceId $vm.NetworkProfile.NetworkInterfaces[0].Id
# Get the VM's private IP address
$privateIpAddress = $nic.IpConfigurations.PrivateIpAddress
# Check if the VM is connected to a jumpbox
$jumpbox = Get-AzVM -ResourceGroupName $resourceGroupName -Name "jumpboxvm12"
if ($jumpbox) {
$jumpboxNic = Get-AzNetworkInterface -ResourceId $jumpbox.NetworkProfile.NetworkInterfaces[0].Id
$jumpboxPrivateIpAddress = $jumpboxNic.IpConfigurations.PrivateIpAddress
if ($privateIpAddress -eq $jumpboxPrivateIpAddress) {
Write-Host "This VM is connected to a jumpbox"
exit
}
}
And got the output like below:-

How to rdp to azure Vm in unattended mode from command line terminal

Found the Microsoft document . but it ask for user prompt.
so is there any way to Rdp without user credentials(without user prompts) ?
If you have the IP, you can do in Powershell:
$rdpIp = "dottedIP.or.DNSName.of.VM"
cmdkey /generic:TERMSRV/$rdpIp /user:username /pass:"password"
mstsc /v:$rdpIp
cmdkey /delete:TERMSRV/$rdpIp
Going a step further, if you install Powershell Secrets Management (and configure a secret store as documented), you can set up a credential as follows:
#isolate your username and password from the connection script itself
Set-Secret -Name MyRDPUserName -Secret "MyUserNameValue"
Set-Secret -Name MyRDPPassword -Secret "MyPasswordValue"
and then the script to connect looks like:
$rdpIp = "dottedIP.or.DNSName.of.VM"
#get the secrets from the store
$user = Get-Secret -Name MyRDPUserName -AsPlainText
$pass = Get-Secret -Name MyRDPPassword -AsPlainText
cmdkey /generic:TERMSRV/$rdpIp /user:"$user" /pass:"$pass"
#erase the values from your Powershell session
$user = $null
$pass = $null
mstsc /v:$rdpIp
#remove the stored credential
cmdkey /delete:TERMSRV/$rdpIp

Change SQL Server default TCP port

I want to change the SQL Server default TCP port in server. I know the default port is 1433, and I know how do this with UI, but I need a code such as registry or batch file or programming language like Delphi, VB, C#
Thank you
Here's what I have in a Powershell script that's part of my server build from a couple of jobs ago:
param (
[string]$server_name = $(Read-Host -prompt Server)
)
$Machine = new-object 'Microsoft.SqlServer.Management.Smo.Wmi.ManagedComputer' $server_name
$instance = $Machine.ServerInstances[ 'MSSQLSERVER' ];
$instance.ServerProtocols[ 'Tcp' ].IsEnabled = $true;
$instance.ServerProtocols[ 'Tcp' ].Alter();
$ipAll = $instance.ServerProtocols['Tcp'].IPAddresses['IPAll'];
$ipAll.IPAddressProperties['TcpPort'].Value = "14330";
$ipAll.IPAddressProperties['TcpDynamicPorts'].Value = ""
$instance.ServerProtocols['Tcp'].Alter();
It assumes a non-named instance of SQL Server and that the port you want to set is 14330. Adjust to meet your requirements.
Below is an excerpt from the dockerfile used to build the official Microsoft SQL Server 2017 image for Windows.
RUN stop-service MSSQLSERVER ; \
set-itemproperty -path 'HKLM:\software\microsoft\microsoft sql server\mssql14.MSSQLSERVER\mssqlserver\supersocketnetlib\tcp\ipall' -name tcpdynamicports -value '' ; \
set-itemproperty -path 'HKLM:\software\microsoft\microsoft sql server\mssql14.MSSQLSERVER\mssqlserver\supersocketnetlib\tcp\ipall' -name tcpport -value 1433 ; \
set-itemproperty -path 'HKLM:\software\microsoft\microsoft sql server\mssql14.MSSQLSERVER\mssqlserver\' -name LoginMode -value 2 ;
The Set-ItemProperty PowerShell commands configure the SQL Server ports and set the login mode to allow both SQL Server and Windows authentication. These same commands can be run against a local SQL instance after changing the registry paths as appropriate for your version and installation as well as the desired port number. The instance needs to be restarted for the changes to become effective.

restart apache server by ssh command in perl php

I am trying to restart the Apache server through ssh command in perl - php.
Below is code I tried. It works through PuTTY. Though if I run through browser it does not run at line : $output = $ssh->exec("systemctl status apache2");
use Net::SSH::Expect;
my $ssh = Net::SSH::Expect->new (
host => "xx.xx.xx.xx",
password=> 'adsd#21',
user => 'root',
raw_pty => 1
);
print("\n");
my $output = $ssh->login();
print($output);
if ($output !~ /Welcome/) {
die "Login has failed. Login output was $login_output";
}
$output = $ssh->exec("systemctl status apache2");
The Error:
"WARNING: terminal is not fully functional"
Though Net::SSH is an elegant module, I would suggest using the system tools available to you by default.
You have ssh available and using ssh-keys are more secure, especially due to the fact that you currently display passwords in a script. If you are unsure of how to setup ssh-keys, let me know and I will add it to the answer.
Effectively your entire script can purely be:
use strict;
use warnings;
my $apache_status = `ssh username\#servername systemctl status apache2`;
print $apache_status;

How can I authenticate to Watchguard gateway using command line interface?

I'm behind a corporate Watchguard gateway and I need to get authenticated through a pc which has only command line interface
Is there a way to do this?
The only way I have found of doing this on a command-line only machine is to boot the machine off a live CD with a GUI and browser. Once the CD has loaded fire up the browser and authenticate as you would from any other PC (https://xxx.xxx.xxx.xxx:4100). Once done shut down the machine and boot as you would normally. The gateway will usually give you 24 hours before needing to re-authenticate.
If you have access to the gateway configuration you can put exceptions in for particular IP addresses and certain groups (depending on the authentication model used).
I remember reading somewhere that Links a command line browser can do this but you need to recompile it in order to get around the SSL warning. I will post the link to the article if I can find it again.
You can use Curl, Invoke-WebRequest, ... to send de webrequest as your browser would do. I use the scripts below to authenticate on our non-gui servers. It's pretty sad Watchguard does not provide simural sollutions.
In Bash:
#!/bin/bash
echo Watchguard Login script
echo -----------------------
echo
echo Enter username
read username
echo Enter Password
read -s password
echo
curl -d "fw_username="$username"&fw_password="$password"&fw_domain=yourdomain&submit=Login&action=fw_logon&fw_logon_type=logon&lang=en-US&redirect=https%3A%2F%2FyourfirewallFQDN%3A4100" -X POST https://yourfirewallFQDN:4100/wgcgi.cgi --show-error -v
In Powershell:
echo 'Watchguard Login Script'
echo '-----------------------'
echo ''
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 # In case of TLS\SSL errors
$username = Read-Host "Enter username"
$password = Read-Host -MaskInput "Enter Password"
echo ''
$body = #{
fw_username = $username
fw_password = $password
fw_domain = "yourdomain"
submit = "Login"
action = "fw_logon"
fw_logon_type = "logon"
lang = "en-US"
redirect = "https://yourfirewallFQDN:4100"
}
$Response = Invoke-WebRequest -Body $body -Method 'POST' -UseBasicParsing -URI https://yourfirewallFQDN:4100/wgcgi.cgi