Atera's PowerShell for Automation - Part 3

Atera's PowerShell for Automation - Part 3

This post was written as part of a series for Atera, the PSA and RMM product we use at Cage Data.


In the first and second posts in this series, we looked at how to get started with PowerShell, and how to access the strength of the community by accessing PowerShell modules from the PowerShell Gallery. Now it's time to put this new knowledge to work for us.

When combined with Atera, PowerShell offers a powerful tool for automating common workflows that we step through every day. For example, here is a simple, but complete, script for resetting a users password in ActiveDirectory:

# Make sure we're on a system with the ActiveDirectory module
if (!(Get-Module -ListAvailable ActiveDirectory)) {
  Write-Host "ActiveDirectory is not installed on this system."
  exit
}

# Get the user and exit if it can't be found
$User = Get-ADUser -Identity "{[User_Name]}" -ErrorAction SilentlyContinue
if (!$User) {
  Write-Host "User not found by username: `"{[User_Name]}`""
  exit
}

# Set the password for the user and force change on next login
$Password = ConvertTo-SecureString -AsPlainText "{[New_Password]}" -Force
Set-ADAccountPassword -Identity "$($User.DistinguishedName)" -Reset -NewPassword "$Password"
Set-ADUser -Identity $User.DistinguishedName -ChangePasswordAtLogon $true

# Trigger an Azure AD Connect sync
if (Get-Module -ListAvailable ADSync) {
  Write-Host "Queueing AD Sync sync cycle"
  Start-ADSyncSyncCycle -PolicyType Delta
}

Write-Host "Password successfully changed for {[User_Name]}"

When a customer is on the phone waiting for their password to be reset before thay can start working, it's important to make it quick and easy to reset their password. With this script added to Atera, technicians don't need to login to a server to do this simple task anymore.

Getting started automating

XKCD #1319

So how do you get started automating tasks with PowerShell? How do you know which tasks warrant automation? The first place to start is to look at your knowledgebase. Chances are you have a bunch of SOPs or "How-To's" already written with step by step instructions for tasks. Which steps can be written as scripts?

How about your SOP for setting up a new computer for a client:

1. Join to Domain
 Put the computer in the following OU depending on department:
 ...
2.  Install Software
 * Google Chrome
 * Adobe Reader
 * Dropbox
 * Microsoft Teams
 * ...
3. Configure Printers
...

From that SOP take the steps and start writing up the scripts for each one. For example, the second step, "Install Software" can easily be written in PowerShell using Chocolatey:

# Install Chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

# Install Software
@(
    # Productivity
    "googlechrome",
    "adobereader"
    "dropbox",
    "microsoft-teams.install"
) | ForEach-Object { & C:\ProgramData\chocolatey\bin\cinst.exe --yes $_ }

Or better yet, you can use an Automation Profile in Atera for the Chocolatey part of the install:

Atera Software Install

Another great example of a script to automate a sometimes frustrating task is creating a VPN connection. The script below creates a VPN connection for a Meraki VPN:

if (Get-VPNConnection "{[Connection_Name]}" -ErrorAction SilentlyContinue) {
  Write-Host "VPN Connection already exists"
  exit
}

Add-VpnConnection -Name "{[Connection_Name]}" -ServerAddress "{[Server_Address]}" -TunnelType L2tp -L2tpPsk "{[PreShared_Key]} -EncryptionLevel **Required** -AuthenticationMethod Pap -RememberCredential -DnsSuffix "{[DNS_Suffix]}"

No more having to remember which encryption settings to use for setting up the VPN. Just run the script and it takes care of the heavy lifting.

Self-Healing Scripts

One last area to start automating processes is to dig into some common issues that come up regularly that you're fixing manually. As much as we don't want to admit it, we all have servers that we have to login to every week to restart a process that has stopped for whatever reason. It's not that we haven't tried to fix this, but it's some ancient line of business service that this client is seemingly the only company that uses. If you are still logging into that server to restart the service every week, stop it.

To use self-healing scripts to restart this service automatically first find out the name of the service with Get-Service. Let's use Acronis as an example:

> Get-Service "*Acronis*" | Select Name
Name
----
AcronisActiveProtectionService
AcronisCyberProtectionService

Now create a script in Atera called "Start-Acronis.ps1" and populate it with the following:

Start-Service -Name "AcronisActiveProtectionService"
Start-Service -Name "AcronisCyberProtectionService"

With the Start-Acronis.ps1 script in Atera, create a Threshold profile or open one of your existing profiles. Add a new item for monitoring each of the Acronis services. In the Run Script section of the Threshold Item select our Start-Acronis.ps1 script from earlier.


There you have it. From here you can go get started automating your tasks and free yourself up to build your business more. In the next post, we'll go deeper into using script for IT Automation and Monitoring. We'll even go into how we can alert back to Atera when our script discovers something wrong on a server.