Skip to content

Instantly share code, notes, and snippets.

@lrivallain

lrivallain/README.md

Last active December 20, 2023 13:27
Show Gist options
  • Save lrivallain/17eb19c95ff66f44713de03b7c93c6f2 to your computer and use it in GitHub Desktop.
Save lrivallain/17eb19c95ff66f44713de03b7c93c6f2 to your computer and use it in GitHub Desktop.
Download ZIP
ESU with Arc checks for 2012 servers
Raw
README.md

ESU with Arc checks for 2012 servers

A set of test to ensure pre-requisites for enabling ESU with Arc checks for 2012 servers.

Download

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri https://gist.github.com/lrivallain/17eb19c95ff66f44713de03b7c93c6f2/raw/arc-esu-check.ps1 -OutFile arc-esu-check.ps1

Run

From a PowerShell console on the target server:

.\arc-esu-check.ps1

Optionnal

You can also get and execute the ESU script from @nitinbps by running:

Invoke-WebRequest -Uri https://raw.githubusercontent.com/nitinbps/ArcforServerSamples/main/ArcESUEnabled.ps1 -OutFile ./ArcESUEnabled.ps1

If file exists, it will be run at the end of the arc-esu-check.ps1

Output example

Hostname:  WIN-49b8953c
OS name:   Microsoft Windows Server 2012 R2 Datacenter
           Windows is properly activated

Agent version:  1.35.02478.1326
Agent state:    Connected

Looking for 2012 R2 pre-requisites
  Checking: Servicing stack update (SSU)...  KB5029368 is installed
  Checking: Licensing Preparation Package... KB5017220 is not installed on this server

Looking for November released ESU
  Checking: Security Monthly Quality Rollup... KB5032249 is installed
  Checking: Servicing stack update (SSU)...    KB5032308 is installed
  
Checking certificate:  CN=Microsoft Azure TLS Issuing CA 01, O=Microsoft Corporation, C=US
Microsoft Azure TLS Issuing CA 01 - Certificate is valid

VERBOSE: Extended Security Update is enabled.
True
Raw
arc-esu-check.ps1
# Check ESU requirements
Write-Host "" # Separator
######################################################################
# OS details
$sysInfoCsv = SystemInfo /fo csv
$sysInfo = ConvertFrom-Csv $sysInfoCsv
Write-Host "Hostname: " $sysInfo."Host Name"
Write-Host "OS name: " $sysInfo."OS Name"
# Windows Server Licence activation
$activationState = (Get-CimInstance SoftwareLicensingProduct -Filter "Name like 'Windows%'" |
where { $_.PartialProductKey }).LicenseStatus
if ($activationState -eq 1) {
Write-Host -ForegroundColor green " Windows is properly activated"
} else {
Write-Host -ForegroundColor Yellow " Windows is not activated"
}
Write-Host "" # Separator
# Arc Agent state
$ArcAgentStatusData = Invoke-WebRequest -Uri "http://localhost:40342/agentstatus" | ConvertFrom-Json
Write-Host "Agent version: " $ArcAgentStatusData.agentVersion
Write-Host "Agent state: " $ArcAgentStatusData.status
if ($ArcAgentStatusData.error) {
Write-Host -ForegroundColor Yellow "Error: " $ArcAgentStatusData.error
}
Write-Host "" # Separator
######################################################################
# Check installed KBs
function look_for_kb {
param (
$KBId
)
$kb_installed = Get-HotFix -Id $KBId -ErrorAction SilentlyContinue
if ($null -eq $kb_installed) {
Write-Host -ForegroundColor Yellow " $KBId is not installed on this server"
} else {
Write-Host -ForegroundColor Green " $KBId is installed"
}
}
######################################################################
# ESU Pre-requisites
if ($sysInfo."OS Name".Contains("2012 R2")) {
Write-Host "Looking for 2012 R2 pre-requisites"
Write-Host " Checking: Servicing stack update (SSU)... " -NoNewline
look_for_kb KB5029368
Write-Host " Checking: Licensing Preparation Package..." -NoNewline
look_for_kb KB5017220
} else {
if ($sysInfo."OS Name".Contains("2012")) {
Write-Host "Looking for 2012 pre-requisites"
Write-Host " Checking: Servicing stack update (SSU)... " -NoNewline
look_for_kb KB5029369
Write-Host " Checking: Licensing Preparation Package..." -NoNewline
look_for_kb KB5017221
} else {
Write-Warning "Non 2012 server"
}
}
Write-Host "" # Separator
######################################################################
# Test november ESU upgrades
Write-Host "Looking for November released ESU"
if ($sysInfo."OS Name".Contains("2012 R2")) {
Write-Host " Checking: Security Monthly Quality Rollup..." -NoNewline
look_for_kb KB5032249
Write-Host " Checking: Servicing stack update (SSU)... " -NoNewline
look_for_kb KB5032308
} else {
if ($sysInfo."OS Name".Contains("2012")) {
Write-Host " Checking: Security Monthly Quality Rollup..." -NoNewline
look_for_kb KB5032247
Write-Host " Checking: Servicing stack update (SSU)... " -NoNewline
look_for_kb KB5032309
} else {
Write-Warning "Non 2012 server"
}
}
Write-Host "" # Separator
######################################################################
# Test certificate
$certSubject = "CN=Microsoft Azure TLS Issuing CA 01, O=Microsoft Corporation, C=US"
$certThumbprint = "2f2877c5d778c31e0f29c7e371df5471bd673173".ToUpper()
Write-Host "Checking certificate: " $certSubject
$actualThumb = Get-ChildItem -path Cert:\* -Recurse | where {$_.Subject -eq $certSubject} | Select-Object Thumbprint
if ($null -eq $actualThumb) {
Write-Host -ForegroundColor Yellow "Microsoft Azure TLS Issuing CA 01 - Certificate not found"
} else {
if ($actualThumb.Thumbprint.ToUpper() -eq $certThumbprint) {
Write-Host -ForegroundColor Green " Microsoft Azure TLS Issuing CA 01 - Certificate is valid"
} else {
Write-Host -ForegroundColor Yellow " Microsoft Azure TLS Issuing CA 01 - Certificate is not valid"
}
}
Write-Host "" # Separator
######################################################################
# Test ESU enablement
if (Test-Path "./ArcESUEnabled.ps1" -PathType leaf)
{
./ArcESUEnabled.ps1
} else {
Write-Warning "ArcESUEnabled.ps1 not found: you can download it from: https://raw.githubusercontent.com/nitinbps/ArcforServerSamples/main/ArcESUEnabled.ps1"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment