PowerShell: Perform DISM Restore Health on Remote Servers

# This script will use a Windows ISO image to Repair Remote Computers

$isoPath="\\FILESHERVER007\F$\Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO"
$remoteComputers="TESTKOMPUTER","TESTKOMPUTER2"

function restoreServerHealth($iso){
# Mount Image and Record Its Path:
$isoMount=Mount-DiskImage $iso -PassThru
$driveLetter=($isoMount | get-volume).DriveLetter
$wimPath="$driveLetter`:\sources\install.wim:1"
$logPath="C:\Temp\dism-repair-windows.log"

# Restore Windows Health using provided ISO:
dism /online /cleanup-image /restorehealth /source:WIM:$wimPath /limitaccess # non-native PowerShell command
# Repair-WindowsImage -Online -RestoreHealth -Source $wimPath -LimitAccess -LogPath $logPath

# Unmount ISO when done
Dismount-DiskImage -ImagePath $iso
}

function repairServer($server,$isoImage){
Invoke-Command -computername $server -credential $cred -ScriptBlock {
param( $x, $importedFunc)
"Executing script on $($ENV:computername)..."
# Import the function from the variable inside parameters
[ScriptBlock]::Create($importedFunc).Invoke($x)
} -ArgumentList $isoImage, ${function:installApp}
}

# Check whether a given username matches the list of Domain Admins
function validateDomainAdmin{
param (
[string]$username
)
$matchedAdmin=$username -in $domainAdmins
if($matchedAdmin){
Write-Host "$username is a Domain Admin";
return $True;
}else{
Write-Host "$username not a Domain Admin.";
return $False;
}
}

function testCredential{
param (
[string]$username,
[string]$password
)
$plaintextPassword = (New-Object System.Management.Automation.PSCredential 'N/A',$providedPassword).GetNetworkCredential().Password
$domainBindTest = (New-Object System.DirectoryServices.DirectoryEntry($domainObject,$username,$plaintextPassword)).DistinguishedName
if ($domainBindTest){return $True;} else{Return $False;}
}

function obtainDomainAdminCred{
$domainAdmins=(Get-ADGroupMember -Identity "Domain Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Where-Object {$_.Enabled -eq $True}).SamAccountName
$global:cred=$False
do {
$providedID=Read-Host -Prompt 'Input a domain admin username'
if (validateDomainAdmin $providedID){
$providedPassword = Read-Host -assecurestring "Please enter the password"
#$providedPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
#$providedCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $providedID,$providedPassword
$goodCredential=testCredential -username $providedID -password $providedPassword
if($goodCredential){
"Domain Admin Credential validated!";
$global:cred=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $providedID,$providedPassword;
#return $True;
}
else{
"Password doesn't match.";
$global:cred=$False;
#return $False;
}
}else{
"Try again..."
#return $False;
}
} until ($cred)
}

obtainDomainAdminCred;
$remoteComputers| %{repairServer [string]$_ $isoPath;}

Leave a Reply

Your email address will not be published. Required fields are marked *