PowerShell: Cannot Be Loaded Because Running Scripts is Disabled

KB ID 0001417

Problem

If you’ve arrived here, you are trying to run a script, and you cant;

[box]PS C:\Users\{User-name}> .\{script-name}.ps1
.\{script-name} : File C:\Users\{User-name}\{script-name} cannot be loaded because running scripts is
disabled on this system. For more information, see about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\{script-name}
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
PS C:\Users\\{User-name}>[/box]

 

Solution

 Execute the following command;

[box]Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass[/box]

Then run your script.

THIS WILL ONLY WORK: While that PowerShell window is open, so don’t close it if you are running a lot of scripts.

I Want to Always be Able to Run Scripts?

OK you can either change the ‘Scope’ of that last command, from ‘Process’ to to ‘CurrentUser’, or ‘CurrentMachine’.

  • Process: The execution policy affects only the current Windows PowerShell process.
  • CurrentUser: The execution policy affects only the current user.
  • LocalMachine: The execution policy affects all users of the computer.

Or you can simply change the policy ‘Globally’;

[box]Set-ExecutionPolicy {Value}[/box]

Possible values are;

  • Restricted: Does not load configuration files or run scripts. Restricted is the default execution policy.
  • AllSigned: Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.
  • RemoteSigned: Requires that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.
  • Unrestricted: Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.
  • Bypass: Nothing is blocked and there are no warnings or prompts.
  • Undefined: Removes the currently assigned execution policy from the current scope. This parameter will not remove an execution policy that is set in a Group Policy scope.

Related Articles, References, Credits, or External Links

NA

Cisco ASA 8.2 Upgrade to 8.3

KB ID 0001366

Problem

I can’t believe I’m writing this, it’s been so long since 8.3 was released (7 Years!) And still there’s firewalls out there running old code?

Why is the 8.3 upgrade important? This update made some very major changes to the way we did NAT, and also the way we wrote ACL’s. It was a big change. I remember keeping my client firewalls on 8.2 for a while until I fully understood the changes. And even then if there was anything ‘complicated’ I’d build them with 8.2 and then upgrade them!

So why am I writing this now? Well I’ve done a LOT of these, and every time I’ve got another one to do I check my notes. I was upgrading a clients 5510 today, so I thought I’d polish my notes and publish them for anyone else that has a ‘teal coloured dinosaur’ that needs an upgrade.

 

Solution

Make sure your firewall has enough RAM! To upgrade to/install 8.3 (or above) needs a larger amount of RAM than was installed in the 5500 firewall range before Feb 2010. Cisco RAM is expensive! I suggest a trip to eBay e.g. memory for my 5510 cost me £15.00 and memory for my 5505 cost me $6.00. Ive already written about the memory requirements, see the article below;

ASA – Memory Error (Post upgrade to version 8.3)

Performing the Upgrade 

Step 1: A Few Days Before

Before you do anything, take a full backup of the Firewall. The amount of time I’ve asked ‘You did back it up first didn’t you?’ and the answer is an awkward silence, is far to high!

1. Disable NAT Control (This is a throwback to version 6, when we had to have NAT to pass traffic between interfaces)

You may have it enabled

[box]

Petes-ASA# show run all nat-control
nat-control

[/box]

To disable it;

[box]

Petes-ASA# conf t
 Petes-ASA#(config)# no nat-control

[/box]

Will it break anything? I’ve not seen it break anything.

2. Disable ‘names’: I was never a fan of these anyway, they seemed like a good idea, then made everything difficult to troubleshoot, I routinely disable ‘names’ when I’m troubleshooting things.

[box]

Petes-ASA# conf t
 Petes-ASA#(config)# no names

[/box]

Will it break anything? Absolutely not!

3. Look at all your NAT statements: Their syntax is about to change A LOT, make sure you know what each one is doing, and why it’s there. Study the differences to the NEW NAT commands, and if you have enough time, convert them offline in notepad, then you have the commands ready to post in if there’s a drama. See the following article;

Cisco PIX/ASA 8.3 Command Changes{NAT / Global / Access-List}

Step 2: Performing the upgrade

Note: During the upgrade the Pre 8.3 config is saved as disk0:/{version-number}_startup_cfg.sav, (i.e. disk0/:8_2_5_59_startup_cfg.sav). This will be critical if there’s a problem and you need to ‘roll-back’. Another handy file is upgrade_startup_errors_{time-stamp}.log (i.e. disk0:/upgrade_startup_errors_201711151046.log). But only look in there if you actually have a problem, because there will always be things in this file, and you will only panic needlessly!

The actual upgrade is the same process for any ASA upgrade. My recommendation is to go from 8.2 to 8.4(6), then you can perform further upgrades from there (as required).

Basic upgrade commands;
copy tftp://192.168.50.2/asa846-k8.bin flash
no boot system disk0:/asa825-59-k8.bin
boot system disk0:/asa846-k8.bin
write men
reload

Cisco ASA5500 Update System and ASDM (From CLI)

Post Install Problems?

VPNs Don’t Work? Make sure the upgrade has NOT added the keyword ‘unidirectional‘ to the NAT statements for the VPN tunnel, (bug if you upgrade straight to 8.3(2))

ACL’s Don’t Work? I’ve seen the upgrade process fail to change the IP address from the Public IP to the Private IP in the ACL.(Post 8.3 ACL Statements are written to allow traffic to the internal (pre-tranlslated) IP rather than the external/public (post-transtaled IP,) like you had to do BEFORE version 8.3. This is most common on ACLs applied to the outside interface.

I need to downgrade the ASA back to 8.2!!

To downgrade;

[box]

downgrade {image} {config}
e.g.
downgrade disk0:/asa825-59-k8.bin disk0/:8_2_5_59_startup_cfg.sav

[/box]

Related Articles, References, Credits, or External Links

NA

vSphere – Virtual Machine Will Not ‘Power Off’ (Hangs at 95%)

KB ID 0000911 

Problem

I had a virtual machine crash on me, while I was doing some work on it As I was unable to shut it down gracefully, I attempted to ‘Power Off’. It progressed to 95% and stopped there.

Expecting it to ‘time out’, I carried on with some other work and kept an eye on it. 30 minutes later there was still no progress.

Solution

1. Enable SSH access on the ESX host that is hosting the problem VM.

2. Connect to the ESX host via SSH, and logon as root. Execute the following command to see all the running VMs on this host, and list their world ID numbers.

[box]

esxcli vm process list[/box]

 

3. Once you have the World ID of the problem VM, you can attempt to power it off with the following command;

[box]

Syntax

esxcli vm process kill --type {soft,hard,force} --world-id {ID Number}
Example

esxcli vm process kill –type hard –world-id 1397444

 

[/box]

4. Check, and your VM should now be powered off.

If That Didn’t Work (How to Kill a VM)

Note: This is a last resort.

1. Issue the following command to locate the Process ID’s that are associated with the problem VM.

[box]

Syntax

ps | grep "VM Name"

Example

ps | grep "2012 Test"

[/box]

You will get all the processes, and they are preceded by two columns of numbers, the first column contains the individual PID’s. The second column is the PID for the parent process, this is the one you need.

2. Armed with your PID, you need to terminate that parent process with the following command;

[box]

Syntax

kill {PID}
Example

kill 1398644

[/box]

3. Check, and your VM should now be powered off.

Related Articles, References, Credits, or External Links

NA