plesk_fix_dll_conflict.ps1000064400000001751147205640150011701 0ustar00$logFile = "C:\Windows\TEMP\plesk-fix-dll-conflict.log" $sourceDll = "C:\Windows\System32\vcruntime140.dll" function get-timestamp { get-date -format "yyyy-MM-dd HH:mm:ss.ffffff" } function log([string]$msg) { echo "$(get-timestamp): $msg" >>$logFile } remove-item -ea silentlycontinue $logFile log "BEGIN" if (test-path -pathtype leaf $sourceDll) { start-sleep 2 log "stopping nydus-ex-api" stop-service -ea continue -name nydus-ex-api 2>&1 >>$logFile log "stopping nydus-ex" stop-service -ea continue -name nydus-ex 2>&1 >>$logFile copy-item -ea continue $sourceDll C:\nydus\pyvenv\Scripts 2>&1 >>$logFile copy-item -ea continue $sourceDll C:\nydus\var\ops\pyvenv\Scripts 2>&1 >>$logFile start-sleep 2 log "starting nydus-ex" start-service -ea continue -name nydus-ex 2>&1 >>$logFile log "starting nydus-ex-api" start-service -ea continue -name nydus-ex-api 2>&1 >>$logFile } else { log "unable to find $sourceDll" } log "END" plesk_server_prep.ps1000064400000003267147205640150010737 0ustar00#Check to see if plesk install currently running $process = Get-WmiObject -query "select * from win32_process where " + ` "name like 'plesk-installer%' or name like 'parallels_installer_Microsoft_%'" if($process){ $process | %{$_.Terminate()} } #Remove any old installs Get-WmiObject -query "select * from win32_product where name like '%Plesk%'" | %{$_.uninstall()} #Download Installer powershell.exe Invoke-WebRequest https://hfs-public.secureserver.net/-/Windows/plesk-installer.exe ` -UseBasicParsing -OutFile C:\Windows\Temp\plesk-installer.exe #Attempt clean install. try{ C:\Windows\Temp\plesk-installer.exe --select-product-id=panel --select-release-latest ` --skip-components-check --ignore-key-errors --no-space-check --installation-type=typical }catch{ #Verify Mysql startup Get-Service | ?{$_.name -eq 'Mysql56' -and $_.Status -ne 'Running'} | Start-Service "Mysql56" | %{ $service=gwmi win32_service -filter "name='$_' and not State='Running'" if($service){ $service.ChangeStartMode("Automatic") $service.startservice() } } #Attempt to fix install C:\Windows\Temp\plesk-installer.exe --select-product-id=panel --select-release-latest ` --skip-components-check --ignore-key-errors --no-space-check --upgrade-installed-components } Start-sleep -seconds 60 $verifyInstallLog = select-string -path C:\ParallelsInstaller\autoinstaller3.log -Pattern "The changes were applied successfully." -CaseSensitive if((test-path C:\ParallelsInstaller\ai_action_time.xml) -and $verifyInstallLog){ "Plesk Successfully Installed" exit 0 } "ERROR - Plesk DID NOT INSTALL PROPERLY" exit 1 plesk_site_list.ps1000064400000002271147205640150010374 0ustar00$pleskDir=$args[0] $listOfVals=@{'FTP Login'='ftp_login'; 'IP Address'='ip_address'; 'Disk space used by httpdocs'='diskused'; 'Hosting type'='webspace'}; if(test-path "$($pleskDir)\admin\bin\subscription.exe"){ $allSubscriptions=&"$($pleskDir)\admin\bin\subscription.exe" --list; $allSites=&"$($pleskDir)\admin\bin\site.exe" --list; $dataToList=@() $dataToSend=@{} $allSites | %{ $siteName=$_; $dataObj = New-Object -TypeName PSObject $dataObj | Add-Member -MemberType NoteProperty -Name 'name' -Value $($siteName) $siteInfo=&"$($pleskDir)\admin\bin\site.exe" --info $siteName; $siteInfo | %{ $dataArr=[regex]::split($_,'\s\s+'); if($dataArr.length -eq 2){ $key=($dataArr[0]).trim(':'); if($listOfVals.ContainsKey($key)){ $val=$dataArr[1]; $dataObj | Add-Member -MemberType NoteProperty -Name $($listOfVals.Get_Item($key)) -Value $($val) } } } $dataToList+=$dataObj } $dataToSend['sites']=$dataToList $dataToSend['subscriptions']=@($allSubscriptions) $dataToSend | convertTo-json -Compress } add_user.ps1000064400000004203147205654430006770 0ustar00param([Parameter(Mandatory)] [String] $userName,[Parameter(Mandatory)] [String] $groupName) $passwordBase64 = Read-Host $password = [System.Text.Encoding]::UTF8.GetString( [System.Convert]::FromBase64String($passwordBase64)) if(Get-WmiObject -query "SELECT * FROM Win32_UserAccount where LocalAccount='True' and name = '$userName'"){ $user = [ADSI]"WinNT://$($env:COMPUTERNAME)/$userName,user" }else{ $cn = [ADSI]"WinNT://$($env:COMPUTERNAME)" $user = $cn.Create("User",$userName) $user.UserFlags = 66049 $user.Put("description", "Local Account") } try{ $user.SetPassword($password) $user.SetInfo() }catch{ $errorMessage=$_.Exception.Message if($errorMessage -like "*Passwords may not contain the user's samAccountName *"){ throw $_.Exception.Message }elseif($errorMessage -like "*The password does not meet the password policy requirements.*"){ $errorMessage secedit /export /cfg c:\secpol.cfg (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY rm -force c:\secpol.cfg -confirm:$false $user.SetPassword($password) $user.SetInfo() secedit /export /cfg c:\secpol.cfg (gc C:\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1") | Out-File C:\secpol.cfg secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY rm -force c:\secpol.cfg -confirm:$false } } $computer = [ADSI]("WinNT://$($env:COMPUTERNAME),computer") $admins = $computer.psbase.children.find('Administrators') $members = $admins.psbase.invoke('Members') | %{$_.GetType().InvokeMember('Name', 'GetProperty', $null, $_, $null)} if($members -contains $userName){ }else{ $group = [ADSI]"WinNT://$($env:COMPUTERNAME)/$groupName,group" try{ $group.psbase.Invoke("Add",([ADSI]"WinNT://$($env:COMPUTERNAME)/$userName").path) }catch{ $_.Exception.Message } }add_user_to_group.ps1000064400000001575147205654430010717 0ustar00param([Parameter(Mandatory)] [String] $userName, [Parameter(Mandatory)] [String] $groupName) if(Get-WmiObject -query "SELECT * FROM Win32_UserAccount where LocalAccount='True' and name = '$userName'"){ $user = [ADSI]"WinNT://$($env:COMPUTERNAME)/$userName,user" $computer = [ADSI]("WinNT://$($env:COMPUTERNAME),computer") $admins = $computer.psbase.children.find('Administrators') $members = $admins.psbase.invoke('Members') | %{$_.GetType().InvokeMember('Name', 'GetProperty', $null, $_, $null)} if($members -contains $userName){ }else{ $group = [ADSI]"WinNT://$($env:COMPUTERNAME)/$groupName,group" try{ $group.psbase.Invoke("Add",([ADSI]"WinNT://$($env:COMPUTERNAME)/$userName").path) }catch{ $_.Exception.Message } } }else{ "User does not exist: $userName" exit 1 } change_password.ps1000064400000003150147205654430010351 0ustar00param([Parameter(Mandatory)] [String] $userName) $passwordBase64 = Read-Host $password = [System.Text.Encoding]::UTF8.GetString( [System.Convert]::FromBase64String($passwordBase64)) if(Get-WmiObject -query "SELECT * FROM Win32_UserAccount where LocalAccount='True' and name = '$userName'"){ $user = [ADSI]"WinNT://$($env:COMPUTERNAME)/$userName,user" try{     $user.SetPassword($password) $user.SetInfo() }catch{     $errorMessage=$_.Exception.Message     $errorMessage if($errorMessage -like "*Passwords may not contain the user's samAccountName *"){ throw $_.Exception.Message }elseif($errorMessage -like "*The password does not meet the password policy requirements.*"){ $errorMessage         secedit /export /cfg c:\secpol.cfg         (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg         secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY         rm -force c:\secpol.cfg -confirm:$false         $user.SetPassword($password) $user.SetInfo()         secedit /export /cfg c:\secpol.cfg         (gc C:\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1") | Out-File C:\secpol.cfg         secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY         rm -force c:\secpol.cfg -confirm:$false     } } }else{ "User does not exist: $userName" exit 1 } configure_port.ps1000064400000002737147205654430010241 0ustar00param([Parameter(Mandatory)] [Int] $port, [Parameter(Mandatory)] [String] $action) function Ensure-NetFirewallRule { param($displayName, $direction, $action, $protocol, $localPort) if(Get-NetFirewallRule -DisplayName $displayName -ea SilentlyContinue){ Remove-NetFirewallRule -DisplayName $displayName } New-NetFirewallRule -DisplayName $displayName -Direction $direction -Action $action -Protocol $protocol -LocalPort $localPort } if ($action -eq "open") { "Configuring firewall to open port $port" $ruleName = "Open TCP $port" Ensure-NetFirewallRule -DisplayName $ruleName -Direction Inbound -Action Allow -Protocol TCP -LocalPort $port netsh advfirewall firewall set rule name=$ruleName new localport=$port # Remove any blocks. NOTE: The spaces in the rule names are required. That's how # the rules were created by OH for the images, so need to keep them consistent. Remove-NetFirewallRule -DisplayName "Block TCP $port " -ea SilentlyContinue } elseif ($action -eq "close") { "Configuring firewall to close port $port" # Remove instances of the open port. Remove-NetFirewallRule -DisplayName "Open TCP $port" -ea SilentlyContinue # Block the port $ruleName = "Block TCP $port " Ensure-NetFirewallRule -DisplayName $ruleName -Direction Inbound -Action Block -Protocol TCP -LocalPort $port netsh advfirewall firewall set rule name=$ruleName new localport=$port } else { "Unknown action $action" exit 1 } cpu_utilization.ps1000064400000000215147205654430010423 0ustar00ConvertTo-Json @{ cpuTimePercent = (Get-WmiObject Win32_PerfFormattedData_PerfOS_Processor -Filter "Name='_Total'").PercentProcessorTime } enable_winexe.ps1000064400000002220147205654430010004 0ustar00function Ensure-NetFirewallRule { param($displayName, $direction, $action, $protocol, $localPort) if(Get-NetFirewallRule -DisplayName $displayName -ea SilentlyContinue){ Remove-NetFirewallRule -DisplayName $displayName } New-NetFirewallRule -DisplayName $displayName -Direction $direction -Action $action -Protocol $protocol -LocalPort $localPort } "Configuring firewall" Ensure-NetFirewallRule -DisplayName "winexe" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 139 netsh advfirewall firewall set rule name=winexe new localport=139,445 # Remove the blocks set up in the image by OH. NOTE: The spaces in the rule names are required. That's how # the rules were created. Remove-NetFirewallRule -DisplayName "Block TCP 139 " -ea SilentlyContinue Remove-NetFirewallRule -DisplayName "Block TCP 445 " -ea SilentlyContinue "Auto-restart Lanman Server on failure" sc.exe failure LanManServer reset= 3600 actions= restart/5000/restart/10000/restart/5000 "Fix Lanman Server dependencies" # SamSS=Security Accounts Manager; Srv2=SMB2 driver sc.exe config lanmanserver depend= SamSS/Srv2 sc.exe start lanmanserver install_devcon.ps1000064400000006755147205654430010224 0ustar00param([Parameter(Mandatory)] [String] $package_url) $vertDriver_url = 'https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.240-1/virtio-win-gt-x64.msi' function Retry-Download { [cmdletbinding()] param([parameter(ValueFromPipeline)][ValidateNotNullorEmpty()][string]$url, [ValidateNotNullorEmpty()][string]$storageDir = "C:\\Windows\\Temp", [ValidateNotNullorEmpty()][int]$maxDownloadAttemptsCount = 20) begin { # We need this change to be able to make requests to urls (e.g. http://hfs-public.secureserver.net), as non-encrypted requests are blocked [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11 -bor [System.Net.SecurityProtocolType]::Tls12; $webclient = New-Object System.Net.WebClient } Process { $filename = $url.Substring($url.LastIndexOf('/') + 1) if ($filename.indexof('?') -gt -1) { $filename = $filename.split('?')[0] } $file = "$storageDir\\$filename" $count = 0 do { $lastErrMsg = "" start-sleep -seconds ($count * 10) "Downloading: $file Attempt: $($count+1)" try { $webclient.DownloadFile($url, $file) } catch { $lastErrMsg = $_.Exception.Message "$lastErrMsg" } $count++ }while (($count -lt $maxDownloadAttemptsCount) -and (($lastErrMsg -like "*The remote name could not be resolved:*") -or ($lastErrMsg -like "*Unable to connect to the remote server*") -or ($lastErrMsg -like "*The remote server returned an error: (404) Not Found.*"))) if ($lastErrMsg -ne "") { "$lastErrMsg" } } } function InstallDriver { try { Start-Process -Wait -FilePath "C:\Windows\Temp\virtio-win-gt-x64.msi" -ArgumentList "/quiet" } catch { $_.Exception.Message exit 1 } } function IsDevInitialized { $state = 1 try { $state = (Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\vioscsi' -Name Start).Start } catch { $state = 1 } return $state } function RemoveDriver { try { Start-Process -FilePath "C:\Windows\Temp\devcon.exe" -ArgumentList "install", '"C:\Program Files\Virtio-Win\Vioscsi\vioscsi.inf"', '"PCI\VEN_1AF4&DEV_1048&SUBSYS_11001AF4&REV_01"' -NoNewWindow $devID = (Get-PnpDevice -Class SCSIAdapter -FriendlyName 'Red Hat VirtIO*' | Select-Object *).HardwareID[0] if ($devID -ne $null) { Start-Process -Wait -FilePath "C:\Windows\Temp\devcon.exe" -ArgumentList "remove $devID" -NoNewWindow $status = IsDevInitialized if ($status -ne 0) { return $false } } else { return $false } } catch { return $false } return $true } Retry-Download $package_url Retry-Download $vertDriver_url InstallDriver $status = IsDevInitialized if ($status -ne 0) { echo "not Initialize" $path = Test-Path 'C:\Program Files\Virtio-Win\Vioscsi\vioscsi.inf' if ($path -is [bool] ) { $dev = RemoveDriver if ($dev -is [bool]) { exit 0 } else { exit 1 } } } else { exit 0 }install_panopta.ps1000064400000000274147205654430010376 0ustar00Invoke-WebRequest https://packages.panopta.com/install/panopta_agent_windows.ps1 -OutFile panopta_agent_windows.ps1 .\panopta_agent_windows.ps1 -customer_key $customer_key -server_key NONEinstall_qemu_agent.ps1000064400000004355147205654430011065 0ustar00param([Parameter(Mandatory)] [String] $package_url) function Retry-Download{ [cmdletbinding()] param([parameter(ValueFromPipeline)][ValidateNotNullorEmpty()][string]$url, [ValidateNotNullorEmpty()][string]$storageDir="C:\\Windows\\Temp", [ValidateNotNullorEmpty()][int]$maxDownloadAttemptsCount=20) begin{ # We need this change to be able to make requests to urls (e.g. http://hfs-public.secureserver.net), as non-encrypted requests are blocked [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11 -bor [System.Net.SecurityProtocolType]::Tls12; $webclient = New-Object System.Net.WebClient } Process { $filename=$url.Substring($url.LastIndexOf('/')+1) if($filename.indexof('?') -gt -1){ $filename=$filename.split('?')[0] } $file = "$storageDir\\$filename" $count=0 do{ $lastErrMsg="" start-sleep -seconds ($count*10) "Downloading: $file Attempt: $($count+1)" try{ $webclient.DownloadFile($url,$file) }catch{ $lastErrMsg=$_.Exception.Message "$lastErrMsg" } $count++ }while(($count -lt $maxDownloadAttemptsCount) -and (($lastErrMsg -like "*The remote name could not be resolved:*") -or ($lastErrMsg -like "*Unable to connect to the remote server*") -or ($lastErrMsg -like "*The remote server returned an error: (404) Not Found.*"))) if($lastErrMsg -ne ""){ "$lastErrMsg" } } } # Remove mount to ISO - in case previous attempt failed Dismount-DiskImage -ImagePath "C:\\Windows\\Temp\\virtio-win.iso" Retry-Download $package_url Mount-DiskImage -ImagePath "C:\\Windows\\Temp\\virtio-win.iso" $driveLetter=gwmi Win32_LogicalDisk | Where {$_.DriveType -eq 5 -and $_.VolumeName -like 'virtio-win*'} | select -ExpandProperty DeviceId # Install qemu agent Start-Process msiexec.exe -Wait -ArgumentList "/I ${driveLetter}\guest-agent\qemu-ga-x86_64.msi /quiet /norestart" -NoNewWindow # Remove mount to ISO Dismount-DiskImage -ImagePath "C:\\Windows\\Temp\\virtio-win.iso" # Enable qemu to start on boot Set-Service QEMU-GA -StartupType Automatic memory_utilization.ps1000064400000000264147205654430011150 0ustar00ConvertTo-Json @{ ramFreeMiB = (Get-WmiObject Win32_OperatingSystem).FreePhysicalMemory/1024 ramTotalMiB = (Get-WmiObject Win32_ComputerSystem).TotalPhysicalMemory/1024/1024 } setNetwork.ps1000064400000005723147205654430007357 0ustar00Start-Transcript -Path C:\Windows\Temp\setNetwork.log -Append $endPointAddr=$Args $taskName="HostingNetworkInitialization" $taskScript="C:\Windows\Tasks\initializeHostingNetwork.ps1" $currentIps=Get-NetAdapter -Name Ethernet | Get-NetIPAddress -IPAddress "*" # Delete HostingNetworkInitialization script, then stop the task if(Test-Path $taskScript){Remove-Item $taskScript -Force} schtasks.exe /End /TN $taskName schtasks.exe /Query /TN $taskName /FO LIST /V #if only one ip configured if($endPointAddr.gettype() -eq 'String'){ $endPointAddr=@($endPointAddr) } #make sure we have the saved IPs in the IPs to set 'privateip.txt','publicip.txt' | %{ if(Test-Path "C:\Windows\Tasks\$($_)"){ $initialIp=Get-Content "C:\Windows\Tasks\$($_)" if($endPointAddr -notcontains $initialIp){ $endPointAddr+=@($initialIp) } } } "Start-Transcript -Path C:\Windows\Temp\initializeHostingNetwork.log" | Out-File $taskScript -encoding ASCII -append #compare and modify accordingly $ipSetCompare=Compare-Object $endPointAddr $($currentIps.IpAddress) -IncludeEqual $ipSetCompare | %{ $ipaddress=$($_.InputObject) if($_.SideIndicator -eq '<='){ "Adding $ipaddress" Get-NetAdapter -Name Ethernet | New-NetIPAddress -AddressFamily IPv4 -IPAddress $ipaddress -PrefixLength 32 -SkipAsSource $false "Set-NetIPAddress -IPAddress $ipaddress -SkipAsSource `$False" | Out-File $taskScript -encoding ASCII -append }elseif($_.SideIndicator -eq '=>'){ "Removing $ipaddress" Get-NetIPAddress -IPAddress $_.InputObject | Remove-NetIPAddress -Confirm:$false }else{ #IP not affected $ipObject = Get-NetAdapter -Name Ethernet | Get-NetIPAddress | ?{$_.ipaddress -eq $ipaddress} if($ipObject.PrefixLength -eq 32){ #if there is a public or addon IP, set this to outbound traffic "Set-NetIPAddress -IPAddress $ipaddress -SkipAsSource `$False" | Out-File $taskScript -encoding ASCII -append }else{ #count only ips that will remain if(($ipSetCompare | ?{$_.SideIndicator -ne '=>'}).count -lt 2){ #if there is only the private ip, set this to outbound traffic "Set-NetIPAddress -IPAddress $ipaddress -SkipAsSource `$False" | Out-File $taskScript -encoding ASCII -append }else{ #otherwise we do not want outbound traffic on the private ip "Set-NetIPAddress -IPAddress $ipaddress -SkipAsSource `$True" | Out-File $taskScript -encoding ASCII -append } } } } "Get-NetIPAddress -InterfaceAlias Ethernet" |Out-File $taskScript -encoding ASCII -append "Stop-Transcript" |Out-File $taskScript -encoding ASCII -append # Run the task script we just wrote powershell.exe -ExecutionPolicy Unrestricted -File $taskScript # Log end state for posterity "Final state:" Get-NetIPAddress -InterfaceAlias Ethernet Stop-Transcript update_invalid_resolvers.ps1000064400000012372147205654430012304 0ustar00param([Parameter(Mandatory)] [String] $validResolvers, [Parameter(Mandatory)] [String] $invalidResolvers) function Get-Nic { if ($adapter = Get-NetAdapter -Name Ethernet) { return Get-WmiObject -Class "Win32_NetworkAdapterConfiguration" -Namespace "root\CIMV2" | Where-Object {$_.InterfaceIndex -eq $adapter.ifIndex} } else { throw "Adapter with name 'Ethernet' not found" } } function Test-Resolvers { # Use an internally and publicly resolvable domain to test, as the vm may not have a public IP $domain = "hfs-public.godaddy.com" return Test-NetConnection -Computername $domain -InformationLevel Quiet } function Backup-Resolvers { param([Parameter(Mandatory)] [String[]] $currentResolvers) $filePath = "C:\Windows\Temp\resolvers" "Backing up resolvers to file $filePath" $current_resolvers | Out-File -FilePath $filePath } function Restore-Resolvers { $filePath = "C:\Windows\Temp\resolvers" "Restoring resolvers from backup file $filePath" $old_resolvers = Get-Content $filePath "Old resolvers: $old_resolvers" $nic = Get-Nic $nic.SetDNSServerSearchOrder($old_resolvers) } function Remove-Backup { $filePath = "C:\Windows\Temp\resolvers" "Removing backup file $filePath" Remove-Item -Path $filePath -Force -ErrorAction SilentlyContinue } try { "Valid resolvers: $validResolvers" $invalid_resolvers_present = $False "Invalid resolvers: $invalidResolvers" $validResolversArray = $validResolvers.Split(",") $invalidResolversArray = $invalidResolvers.Split(",") $nic = Get-Nic $current_resolvers = $nic.DNSServerSearchOrder "Current resolvers are: $current_resolvers" $new_resolvers = @() # Loop through current resolvers and check for invalid resolvers. If a resolver is not invalid, # add it to the new resolvers list. foreach ($current_resolver in $current_resolvers) { if ($invalidResolversArray.Contains($current_resolver)) { "Current resolvers have invalid resolver: $current_resolver" $invalid_resolvers_present = $True } else { # Add resolver to new resolvers list $new_resolvers = $new_resolvers + $current_resolver } } "Invalid resolvers present: $invalid_resolvers_present" if ($invalid_resolvers_present) { # Test if network resolves. If it doesn't, we can't test if new resolvers will work. if (Test-Resolvers) { # We can proceed to trying to update the resolvers "Existing resolvers can resolve test domain" # Backup the existing resolvers before making any changes Backup-Resolvers -currentResolvers $current_resolvers # Update the resolvers # Add the valid resolvers to the new_resolvers list, if they are not there already foreach ($valid_resolver in $validResolversArray) { if (!$new_resolvers.Contains($valid_resolver)) { $new_resolvers = $new_resolvers + $valid_resolver } } $nic = Get-Nic "Setting new resolvers: $new_resolvers" $ret = $nic.SetDNSServerSearchOrder($new_resolvers) $exit_code = $ret.ReturnValue "ReturnValue is $exit_code" if ($exit_code -eq 0) { # Update was OK "Resolvers updated successfully" } elseif ($exit_code -eq 1) { # Update was OK, but a reboot is required! # As we can't perform a reboot here, we'll test the new resolvers and revert to backup if they are not working "Resolvers were updated but a reboot may be required" } else { # Something went wrong with the update throw "Unable to update resolvers" } # Test if network resolves if (Test-Resolvers) { "New resolvers can resolve test domain successfully" $nic = Get-Nic $updated_resolvers = $nic.DNSServerSearchOrder "New resolvers: $updated_resolvers" Remove-Backup exit 0 } else { # Restore the backup "Invalid resolvers were replaced, but test domain is not resolving." Restore-Resolvers # Re-test resolvers if (Test-Resolvers) { "Restored resolvers can resolve test domain" Remove-Backup throw "Resolvers were replaced but old resolvers had to be restored, as new resolvers could not resolve test domain." } else { throw "Restored resolvers cannot resolve test domain. Something may have gone wrong with the restore." } } } else { # We have no way to test if new resolvers will work, as the current configuration is not resolving throw "Current resolvers cannot resolve test domain. Unable to proceed." } } else { # There are no invalid resolvers in the current resolver list. Nothing to do here. "There are no invalid resolvers to replace." exit 0 } } catch { "An error occurred: $_" Write-Error $Error[0].ToString() exit 1 }