I forgot to note 1 thing: Invoke-Command does NOT work against your local
machine. My understanding is that because you can't establish a remote
session to yourself, it fails to connect. So be sure to test this against a
remote computer.
Thanks,
Devin Rich
Systems Administrator
On Tue, Jun 14, 2016 at 10:28 AM, Devin Rich <
dr...@firstelectronicbankusa.com> wrote:
> It seems like you are doing this the hard way to me. I may just not be
> understanding everything correctly though. Would something like this work?
>
> Function Stop-RedCloak {
>
> [CmdletBinding()]
>
> param
>
> (
>
> [Parameter(Mandatory=$false,ValueFromPipeline=$true)]
>
> [string[]]$Servers = $env:COMPUTERNAME
>
> )
>
>
>
> Invoke-Command -ComputerName $Servers #Invoke-Command by default
> runs against 32 servers at once without negatively affecting network
> performance. You can turn it up with -ThrottleLimit XX
>
> {
>
> $Process = Get-Process -ComputerName $Server -Name
> "Inspector*","Procwall*","RedCloak*"
>
> If ($Process)
>
> {
>
> $Process | Stop-Process -Force
>
> Set-Service Redcloak -StartupType Disabled
>
> }
>
>
>
> }
>
> }
>
>
>
>
>
> Thanks,
>
> Devin Rich
> Systems Administrator
>
> On Tue, Jun 14, 2016 at 9:53 AM, Orlebeck, Geoffrey <
> geoffrey.orleb...@chomp.org> wrote:
>
>> Hello,
>>
>>
>>
>> We previously encountered performance issues in our VDI environment when
>> one a vendor kicked off a “deep scan” of all agents, causing our
>> hypervisors to peg CPU and bring VDI to a crawl. We ended up powering down
>> VMs and our team (under the gun) just used whatever methods were familiar
>> to kill the processes (PSExec, Taskkill, PowerCLI, etc.).
>>
>>
>>
>> While we surely hope this doesn’t happen again, we want to be prepared
>> with a way to hopefully kill the processes without having to kill entire
>> VMs and potentially causing loss of work. I am attempting to have a script
>> ready to kill the relevant RedCloak processes and disable the service
>> otherwise they will restart (as we discovered this last go round). I have
>> the following script, but I’ve never worked with jobs or runspaces. I’m
>> thinking with our ~2500 endpoints, it would be best to look into leveraging
>> that, but I’m not sure which is most appropriate for this type of job.
>> Based on the below process, should I focus my efforts on jobs or runspaces?
>> Any helpful examples/tips? I’ve read a few articles but having trouble
>> understanding how to deal with each. Anyway, if the multi-thread doesn’t
>> seem appropriate and I can just turn this loose on a long list of
>> hostnames, I can do that. Just looking for opinions/options. Thank you!
>>
>>
>>
>>
>>
>> Function Stop-RedCloak{
>>
>> [CmdletBinding()]
>>
>> param
>>
>> (
>>
>> [Parameter(Mandatory=$false,ValueFromPipeline=$true)]
>>
>> [string[]]$Servers = $env:COMPUTERNAME,
>>
>> [string]$Query = "Name LIKE 'procwall%.exe'`
>>
>> OR Name LIKE 'inspector%.exe'`
>>
>> OR Name LIKE 'redcloak%.exe'"
>>
>> )
>>
>>
>>
>> Foreach($Server in $Servers)
>>
>> {
>>
>> $Process = Get-Process -ComputerName $Server -Name "Inspector*",
>> "Procwall*","RedCloak*"
>>
>> If($Process -ne $null)
>>
>> {
>>
>> (Get-WMIObject Win32_Process -ComputerName $Server -Filter
>> $Query).terminate()
>>
>> Set-Service Redcloak -StartupType Disabled -ComputerName
>> $Server
>>
>> }
>>
>> }
>>
>> }
>>
>>
>> Confidentiality Notice: This is a transmission from Community Hospital of
>> the Monterey Peninsula. This message and any attached documents may be
>> confidential and contain information protected by state and federal medical
>> privacy statutes. They are intended only for the use of the addressee. If
>> you are not the intended recipient, any disclosure, copying, or
>> distribution of this information is strictly prohibited. If you received
>> this transmission in error, please accept our apologies and notify the
>> sender. Thank you.
>>
>>
>
--
The information contained in this message is privileged, confidential, and
protected from disclosure. If you are not the intended recipient, you are
hereby notified that any review, printing, dissemination, distribution,
copying or other use of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
