Monday, June 12, 2017

Add Devices to LogicMonitor with Speed!

Here is a short PowerShell function that was written to speed up the time it takes to add servers to LogicMonitor.

I use this when a Domain Admin account cannot be obtained, this helps to keep security tight. This gets around it by adding the domain user account to the local Administrators and Distributed COM users group. It does even more than that even, it sets the PS execution policy, PS Remoting and it allows WMI through the windows firewall.

This script was developed for use with Server 2012R2 and newer however it should be backwards compatible all the way back to PowerShell version 2.0!

Function Add-ToLogicMonitor {
<#
.Synopsis
   Prepares a server to be added to LogicMonitor.
.DESCRIPTION
   This function will prepare a server to be added to LogicMonitor by enabling PS remoting, `
   setting the PS execution policy, adding LogicMonitorServiceAccountName to both the local administrator's group `
   and the Distributed DCOM Users group.
.EXAMPLE
   PS C:\> Add-ToLogicMonitor
.FUNCTIONALITY
   Used to speed up onboarding of servers into  LogicMonitor
#>

    [CmdletBinding()]
      
        Param(
               $Computer = $env:computername,
               $User = "LogicMonitorServiceAccountName",
               $ErrorActionPreference = "SilentlyContinue"
             )

                        # Enables PowerShell Remoting
                        Enable-PSRemoting -Force
                        Write-Host "PowerShell Remoting has been enabled." -BackgroundColor Black -ForegroundColor Green

                    # Sets the PowerShell Scripting Execution Policy to allow from the domain.
                    Set-ExecutionPolicy remotesigned -force
                    Write-Host "The Windows PowerShell Execution Policy has been set to allow scripts that are remotesigned." -BackgroundColor Black -ForegroundColor Green

                # Opens firewall for LogicMonitor support.
                netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
                netsh firewall set service RemoteAdmin enable

                Write-Host "Enables the required firewall rules for LogicMonitor to speak to the collector." -BackgroundColor Black -ForegroundColor Green

            # Enables remote WMI and DCOM
            Start-Service RemoteRegistry -Verbose
            Set-Service RemoteRegistry -StartupType Automatic -Verbose
            Write-Host "Remote WMI and DCOM have been enabled, the remote registry service has also been started and set to automatic startup." -BackgroundColor Black -ForegroundColor Green

        # Adds $User to the local administrators group
        $Administrators = [ADSI]("WinNT://$Computer/Administrators,group")
        $Administrators.add("WinNT://$User,user")
        Write-Host "$User has been added to the local Administrators group." -BackgroundColor Black -ForegroundColor Green

    # Adds $User to the Distributed COM users group
    $Administrators = [ADSI]("WinNT://$Computer/Distributed COM Users,group")
    $Administrators.add("WinNT://$User,user")
    Write-Host "$User has been added to the Distributed COM Users group." -BackgroundColor Black -ForegroundColor Green

}

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)