Tag: scripting

AirWatch REST API Script : change Self-Service Portal role for users

Here’s several scripts that may be very helpful for anyone that needs to change the self-service portal role for their users in AirWatch. AirWatch is becoming more robust and mature with every new release, but they still have a long way to go towards overall usability for administrators.

 

#******************************************
### AirWatch API Connection
###
### Template from https://support.air-watch.com/posts/94020718-REST-API-Authentication-in-PowerShell
###
### 2015-11-15 Brian Deyo www.briandeyo.us
#*******************************************

write-output ” __ ___ __ ”
write-output ” /\ | |__) | | /\ | / “ |__| ”
write-output ” /~~\ | | \ |/\| /~~\ | \__, | | ”
write-output ” ”

###############################
###
### BEGIN CONFIGURATION SECTION
###
###############################

###Insert AirWatch API Key here
###Consider it best practice to create an API Key for every account that needs API access. Easier to manage access that way.
###
$APIKEY = “blahblahblahAPIKey”

###Insert AirWatch Application Server URL
###The Server is the “Application Server” component of the AirWatch environment.
###
$AWHost = “xxyyy.awmdm.com/API/v1”

###Pop up to get username and password, and then encodes U & P to string
###
$Credential = Get-Credential
$EncodedUsernamePassword = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($(‘{0}:{1}’ -f $Credential.UserName,$Credential.GetNetworkCredential().Password)))

###Define Headers to send with each API access
###Switch Basic to Directory if using AD integrated account
###
$Headers = @{‘Authorization’ = “Basic $($EncodedUsernamePassword)”;’aw-tenant-code’ = “$APIKey”;’Content-type’ = ‘application/json’}

###Define output folder for Rest Logs when the out-file cmdlet is used
###
$RestLogPath = “\\fileshare\log\location”

###############################
###
### END CONFIGURATION SECTION
###
###############################

#***********************************
# List devices for a specific user
#***********************************
#
#write-output “Type User’s email address”
#$UserEmail = Read-Host
#Invoke-RestMethod -Method Get -Uri https://$AWHost/mdm/devices/search?user=$UserEmail -Headers $Headers

#***********************************
# Set Enrollment User’s SSP Access
#***********************************
#
# Define the JSON in the $body variable. Then the Invoke-RestMethod converts to JSON on the fly
#
#$Role = “SSP ROLE NAME”
#$user = “userID”
#$body = @{
# Role = $Role
# }
#Invoke-RestMethod -Method Post -Uri https://$AWHost/system/users/$user/update -Body (ConvertTo-Json $body) -Headers $Headers

#***********************************
# Get Enrollment User Details
#***********************************
#$user = Read-Host
#$Filename = “UserDetails.txt”
#Invoke-RestMethod -Method Get -Uri https://$AWHost/system/users/$user -Headers $Headers | Out-File -Append $RestLogPath$Filename

#***********************************
# Change a single Users SSP Role
#***********************************

#$User = Read-Host
#$NewRole = “SSP ROLE NAME”
#$body = @{
# Role = $NewRole
# }
#Invoke-RestMethod -Method Post -Uri https://$AWHost/system/users/$User/update -Body (ConvertTo-Json $body) -Headers $Headers

#*************************************************************
# Search for All Users that have specific role and change it
#*************************************************************
#$CurrentRole = “SSP ROLE NAME”
#$Filename = “SSP ROLE NAME.txt”
#$UserList = Invoke-RestMethod -Method Get -Uri https://$AWHost/system/users/search?role=$CurrentRole -Headers $Headers
#$list = $UserList.Users.Id
###Save output of every UserID getting changed
#$list.value | Out-File $RestLogPath$Filename
#
### Loop to change all the roles from the dumped list
#
#$NewRole = “SSP ROLE NAME”
#foreach ($User in $list)
#{
# $UserToUpdate = $User.value
#
# $body = @
# {
# Role = $NewRole
# }
# Invoke-RestMethod -Method Post -Uri https://$AWHost/system/users/$UserToUpdate/update -Body (ConvertTo-Json $body) -Headers $Headers
#}

#************************************
# List Number of Users in Each Role
#************************************
#$RolesToCheck = @(“Basic Access”,”External Access”,”Full Access”)
#Foreach ($Role in $RolesToCheck)
#{
# $Filename = “$Role – TOTALS.txt”
# $UserList = Invoke-RestMethod -Method Get -Uri https://$AWHost/system/users/search?role=$Role -Headers $Headers
# $list = $UserList.Users.Id
# ###Save output of every UserID getting changed
# $UserList | Tee-Object $RestLogPath$Filename
#}

 

Time to do work?

When I was working at IBM there was a daily report that I issued on the state of the environment, drivespace, and crap like that.  I always told myself that if I ever had time I would automate much or all of the process as thoroughly as possible.  As time was not on my side… that never happened, and instead I browsed my computer for 4 different servers, and 32 different directories every working day just so I knew how much drivespace I *didn’t* have left.

Now that I don’t work for them anymore it is much easier to breathe and script a bit.  Here’s what 2 hours netted me:

# Returns pre-formatted list of drivespace available to all logical drives on given servers
# outputs list to text file

$output = “c:\scripting\mtptfs.txt”
del $output
$evs = @(”evs01″,”evs02″,”evs03″)

foreach ($name in $evs) {
gwmi -computer $name -class win32_volume -filter “drivetype=3″ |
sort-object Caption |
select-object SystemName, Caption,{[math]::round($_.Capacity /1GB, 2)},{[math]::round($_.freespace / 1GB, 2)} >> $output
}

That is a neat little powershell script.  It grabs info from a WMI object of each of my exchange virtual servers, and dumps some numbers to a text file, in a not so classy way.

After another 2 hours I ditched all of that and came to a decent, but not completely done final product:

###
###  Returns pre-formatted list of drivespace available to all
###  exchange virtual servers, and returns the information in a
###  programmatically generated excel spreadsheet
###



### CREATES NEW EXCEL FILE USING COM OBJECT
$Excel = New-Object -Com Excel.Application
$Excel.visible = $True
$Excel = $Excel.Workbooks.Add()

###SETS VARIABLE FOR WORKSHEETS
$p = 1

###CREATES ARRAY FOR WHICH SERVERS TO QUERY
$evs = @(”EVS01″,”EVS02″,”EVS03″)



###LOOP FOR CREATING 1 EXCEL SHEET FOR EACH EVS
foreach ($name in $evs) {

###WRITES COLUMN HEADERS ON EACH EXCEL SHEET
$Sheet = $Excel.WorkSheets.Item($p)
$Sheet.Cells.Item(1,1) = “Computer”
$Sheet.Cells.Item(1,2) = “Drive/MountPoint”
$Sheet.Cells.Item(1,3) = “TOTAL SIZE”
$Sheet.Cells.Item(1,4) = “FREE SPACE”

###CHANGES COLORS AND FONTS ON COLUMN HEADERS
$WorkBook = $Sheet.UsedRange
$WorkBook.Interior.ColorIndex = 8
$WorkBook.Font.ColorIndex = 11
$WorkBook.Font.Bold = $True



###SETS CELL STARTING POINT FOR WRITING EVS & DRIVESPACE INFORMATION
$intRow = 2

###POWERSHELL SCRIPT FOR GETTING WMI INFORMATION ABOUT ALL LOGICAL VOLUMES ON AN EVS
$colItems = gwmi -computer $name -class win32_volume -filter “drivetype=3″ | sort-object Caption

###LOOP FOR WRITING WMI INFORMATION BY ROW
foreach ($objItem in $colItems) {
$Sheet.Cells.Item($intRow,1) = $objItem.SystemName
$Sheet.Cells.Item($intRow,2) = $objItem.Caption
$Sheet.Cells.Item($intRow,3) = $objItem.Capacity / 1GB
$Sheet.Cells.Item($intRow,4) = $objItem.freespace / 1GB
$intRow = $intRow + 1

}

###CHANGES WORKBOOK TO NEXT SHEET
$p = $p + 1

###ADJUSTS COLUMN WIDTH FOR SHEET AUTOMATICALLY
$WorkBook.EntireColumn.AutoFit()

###FORMATS THE CAPACITY INFORMATION INTO INTEGERS WITH TWO DECIMAL PLACES
$Sheet.Cells.NumberFormat = “#.00″

}

This script is much nicer.  It creates a new excel file using the COM object, and dumps each EVS to its own sheet.  This comes complete with colors.  I have also included the pictures, circles, and arrows on the back of each one, and a paragraph describing what each one was.

I didn’t finish this completely because I ran out of time trying to get the borders completed.

All that being said my 2nd week with powershell is actually a good experience.