WilliamLam.com

Useful vSphere Automation techniques for assisting with CrowdStrike remediation

by // 9 Comments

By now, you have probably heard about or have directly been impacted by the recent CrowdStrike software update to Microsoft Windows system causing an unprecedented global outage. I know IT administrators are working around the clock to remediate thousands if not tens of thousands of Windows systems, the current recommended remediation process from CrowdStrike is definitely painful since it requires users to go into Windows safe mode to remove the offending file. To further complex things, most organizations enable Microsoft Bitlocker, which adds additional step to the already painful manual remediation process as you now have to locate your recovery keys before you login to apply the fix.

Within hours of the CrowdStrike news, I already saw a number of inquiries from our customers and field asking if there were any automated solutions or scripts that could aide in their remediation as asking any organization to manually remediate is a non-starter with the scale of deployments for most Enterprises. While getting up to speed on the remediation steps and thinking about how our vSphere platform can help users automate, what is typically a manual task, I had a few ideas that folks might find useful.

Disclaimer: The scripts provided in this article are meant as examples, please test and adapt them based on your own environment as these have not been tested in any official capacity and the behaviors may vary from environment to environment. Please use at your own risk.

[Read more...]

Instant Clone Microsoft Windows & VM Keystroke VMworld demo and code posted

by // 2 Comments

Apologies for the delay in getting my VMworld 2018 demo and code posted online, I know a number of you have been asking about the Windows Instant Clone samples to get an idea on how to create your own customization scripts for managing more "recent" Microsoft Windows releases 😉 and perhaps you might even consider submitting a pull request to share with the community. I have posted both the videos and code samples below. Enjoy and happy Automating!

Instant Clone Microsoft Windows

To demonstrate the power of the newly re-architected Instant Clone feature in vSphere 6.7 and to help make the point clear that the Instant Clone feature is really Guest Operating System agnostic, meaning you can Instant Clone any to Virtual Machine that can run VMware Tools, I thought it would be fun to see how old of a Microsoft OS that I could Instant Clone. After a bit of trial/error, that turned out to be Windows 98 and Windows 2000 🙂

Windows 98 Demo


Windows 2000 Demo


[Read more...]

Automating VM keystrokes using the vSphere API & PowerCLI

by // 41 Comments

I am constantly amazed at the number of new use cases that can now be enabled with some of the new and updated capabilities of our vSphere Platform. I recently discovered a new vSphere API that was introduced in vSphere 6.5 called PutUsbScanCodes() which may sound a little strange but it enables some really slick Automation capabilities. This feature allows customers to send keyboard character keystrokes directly to a VM regardless of the underlying OS. In fact, the OS does not even have to be booted up for this to work which means there is no reliance on VMware Tools as this is happening at the Virtual Hardware layer.

You might ask, why would this be interesting? Lets take a look at a scenario that I had ran into years ago when I was a customer and why this feature would have really helped. At the time, there were several Virtual Appliance solutions that I needed to deploy, although I could automate the deployment, I could not automate the initial setup process. The reason for this is that before the OS is fully booted up, it required the user to interactively provide password on boot which can only be done using the VM Console. This meant solutions like the Guest Operations API was out of the question since VMware Tools is not running during this time. I suspect many of you have probably came across a similiar situation, where you are prompted for a password or some other manual input was required and the only solution is to be in front of the VM Console. Some other interesting use cases that this feature could help with are OS installations where automated deployments may not be possible due to the type of OS, automated filesystem check (fsck) or verification where manual intervention was the only option. The possibilities for this API is truly endless and I am sure there are many many more use cases where this feature could be used.

OK, so now that are you sold on the feature, lets take a look at how it works! I have built a PowerCLI script called VMKeystrokes.ps1 which demonstrates the use of this vSphere API.

The API takes in an array of scan code events or what is referred to as USB Human Interface Device (HID) Codes which is part of the USB specification for human interactions with a computer system. There was not any details on what exactly this even looked like, so it took me awhile to figure out the input and what the API was expecting. I found this online reference here which provided a mapping of keyboard keys to their respective scan codes which I have implemented a subset of the scan codes within my script. However, upon further inspection, these scan codes could not be used as-is and required a conversion to the appropriate HID format which can be seen in my code. There also a modifier type within the API that can be associated with a given scan code. One use for this is to send an upper-case character rather than a lower case.

Lets now go through a demonstration to see how the Set-VMKeystrokes function works. In my environment, I have a PhotonOS VM running and I want to automate the login via the console which means I want to pass in the username (root), hit return, pass in the password (VMware1!) and hit return.

[Read more...]