I was in a situation recently when I had to collect RDS host logon details from a farm with 20-odd servers. While I already had a script that collected this kind of information from another set of servers, it didn't work on this particular farm.
As it turned out, the firewall blocked RPC access to event logs. I had to enable the "Remote Event Log Management (RPC)" firewall rule on each server.
Yes, it can be done manually one by one. No, that's not how I prefer to do things at scale.
Run this one-liner as administrator on the RDS Broker server to do it the quick way:
(Get-RDServer -Role RDS-RD-SERVER).Server | ForEach-Object { Invoke-Command -ComputerName $_ { Set-NetFirewallRule -DisplayName "Remote Event Log Management (RPC)" -Enabled true }}
More generically, you can run the following to achieve the same for any firewall rule on an arbitrary list of servers:
@("SERVER1","SERVER2", ..., "SERVERn") | ForEach-Object { Invoke-Command -ComputerName $_ { Set-NetFirewallRule -DisplayName "display_name_of_firewall_rule" -Enabled true }}
Replace -Enabled true with -Enabled false to disable the rule.
A word of caution: since we are playing with firewall rules on a large number of servers, one wrong parameter will have a spectacular effect in a bad way - have your your resignation letter handy. Before you unleash your custom code on your entire infrastructure, make sure you've tested it thoroughly.
You've been warned.
Have fun!
No comments:
Post a Comment