Skip to content
Permalink
Browse files

Multiple patch updates

* fixes #6231 Get-DbaNetworkCertificate doc update
* fixes #6225 Restore\Backup-DbaDbCertificate fix param and doc
* fixes #6214 Set-DbaStartupParameter support multiple instances
  • Loading branch information
wsmelton committed Dec 27, 2019
1 parent 052e13d commit 2c495d6f2471fe72fe22a79f1d6605523dc63a2a
@@ -29,7 +29,7 @@ function Backup-DbaDbCertificate {
A string value that specifies the system path to encrypt the private key.
.PARAMETER DecryptionPassword
A string value that specifies the system path to decrypt the private key.
Secure string used to decrypt the private key.
.PARAMETER Path
The path to output the files to. The path is relative to the SQL Server itself. If no path is specified, the default data directory will be used.
@@ -1,24 +1,24 @@
function Get-DbaNetworkCertificate {
<#
.SYNOPSIS
Simplifies finding computer certificates that are candidates for using with SQL Server's network encryption
Gets the computer certificate enabled for the SQL Server instance's network encryption.
.DESCRIPTION
Gets computer certificates on localhost that are candidates for using with SQL Server's network encryption
Gets the computer certificates that is assigned to the SQL Server instance for enabling network encryption.
.PARAMETER ComputerName
The target SQL Server instance or instances. Defaults to localhost. If target is a cluster, you must specify the distinct nodes.
The target SQL Server instance or instances. Defaults to localhost. If target is a cluster, you must specify the distinct nodes.
.PARAMETER Credential
Allows you to login to $ComputerName using alternative credentials.
Alternate credential object to use for accessing the target computer(s).
.PARAMETER EnableException
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
.NOTES
Tags: Certificate
Tags: Certificate, Encryption
Author: Chrissy LeMaire (@cl), netnerds.net
Website: https://dbatools.io
@@ -34,7 +34,6 @@ function Get-DbaNetworkCertificate {
PS C:\> Get-DbaNetworkCertificate -ComputerName sql2016
Gets computer certificates on sql2016 that are being used for SQL Server network encryption
#>
[CmdletBinding()]
param (
@@ -43,21 +42,16 @@ function Get-DbaNetworkCertificate {
[PSCredential]$Credential,
[switch]$EnableException
)

process {
# Registry access


foreach ($computer in $computername) {

try {
$sqlwmis = Invoke-ManagedComputerCommand -ComputerName $computer.ComputerName -ScriptBlock { $wmi.Services } -Credential $Credential -ErrorAction Stop | Where-Object DisplayName -match "SQL Server \("
} catch {
Stop-Function -Message $_ -Target $sqlwmi -Continue
}

foreach ($sqlwmi in $sqlwmis) {

$regroot = ($sqlwmi.AdvancedProperties | Where-Object Name -eq REGROOT).Value
$vsname = ($sqlwmi.AdvancedProperties | Where-Object Name -eq VSNAME).Value
$instancename = $sqlwmi.DisplayName.Replace('SQL Server (', '').Replace(')', '') # Don't clown, I don't know regex :(
@@ -120,8 +114,7 @@ function Get-DbaNetworkCertificate {
}

try {
Invoke-Command2 -ComputerName $computer.ComputerName -Credential $Credential -ArgumentList $regroot, $serviceaccount, $instancename, $vsname -ScriptBlock $scriptblock -ErrorAction Stop |
Select-DefaultView -ExcludeProperty Certificate
Invoke-Command2 -ComputerName $computer.ComputerName -Credential $Credential -ArgumentList $regroot, $serviceaccount, $instancename, $vsname -ScriptBlock $scriptblock -ErrorAction Stop | Select-DefaultView -ExcludeProperty Certificate
} catch {
Stop-Function -Message $_ -ErrorRecord $_ -Target $ComputerName -Continue
}
@@ -19,7 +19,7 @@ function Restore-DbaDbCertificate {
.PARAMETER Path
The Path the contains the certificate and private key files. The path can be a directory or a specific certificate.
.PARAMETER SecurePassword
.PARAMETER DecryptionPassword
Secure string used to decrypt the private key.
.PARAMETER EncryptionPassword
@@ -52,12 +52,12 @@ function Restore-DbaDbCertificate {
.EXAMPLE
PS C:\> $securepass = Get-Credential usernamedoesntmatter | Select-Object -ExpandProperty Password
PS C:\> Restore-DbaDbCertificate -SqlInstance Server1 -Path \\Server1\Certificates -SecurePassword $securepass
PS C:\> Restore-DbaDbCertificate -SqlInstance Server1 -Path \\Server1\Certificates -DecryptionPassword $securepass
Restores all the certificates in the specified path, password is used to both decrypt and encrypt the private key.
.EXAMPLE
PS C:\> Restore-DbaDbCertificate -SqlInstance Server1 -Path \\Server1\Certificates\DatabaseTDE.cer -SecurePassword (Get-Credential usernamedoesntmatter).Password
PS C:\> Restore-DbaDbCertificate -SqlInstance Server1 -Path \\Server1\Certificates\DatabaseTDE.cer -DecryptionPassword (Get-Credential usernamedoesntmatter).Password
Restores the DatabaseTDE certificate to Server1 and uses the MasterKey to encrypt the private key.
@@ -72,13 +72,13 @@ function Restore-DbaDbCertificate {
[object[]]$Path,
[Security.SecureString]$EncryptionPassword,
[string]$Database = "master",
[Alias("Password", "DecryptionPassword")]
[Security.SecureString]$SecurePassword = (Read-Host "Password" -AsSecureString),
[Alias("Password", "SecurePassword")]
[Security.SecureString]$DecryptionPassword = (Read-Host "Password" -AsSecureString),
[switch]$EnableException
)
process {
try {
$server = Connect-SqlInstance -SqlInstance $SqlInstance -SqlCredential $sqlcredential
$server = Connect-SqlInstance -SqlInstance $SqlInstance -SqlCredential $SqlCredential
} catch {
Stop-Function -Message "Failed to connect to: $SqlInstance" -Target $SqlInstance -ErrorRecord $_
return
@@ -116,16 +116,16 @@ function Restore-DbaDbCertificate {
Write-Message -Level Verbose -Message "Private key: $privatekey"
try {
if ($EncryptionPassword) {
$smocert.Create($fullcertname, 1, $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($SecurePassword)), [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($EncryptionPassword)))
$smocert.Create($fullcertname, 1, $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($DecryptionPassword)), [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($EncryptionPassword)))
} else {
$smocert.Create($fullcertname, 1, $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($SecurePassword)))
$smocert.Create($fullcertname, 1, $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($DecryptionPassword)))
}
} catch {
try {
if ($EncryptionPassword) {
$smocert.Create($fullcertname, $([Microsoft.SqlServer.Management.Smo.CertificateSourceType]::"File"), $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($SecurePassword)), [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($EncryptionPassword)))
$smocert.Create($fullcertname, $([Microsoft.SqlServer.Management.Smo.CertificateSourceType]::"File"), $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($DecryptionPassword)), [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($EncryptionPassword)))
} else {
$smocert.Create($fullcertname, $([Microsoft.SqlServer.Management.Smo.CertificateSourceType]::"File"), $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($SecurePassword)))
$smocert.Create($fullcertname, $([Microsoft.SqlServer.Management.Smo.CertificateSourceType]::"File"), $privatekey, [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($DecryptionPassword)))
}
} catch {
Stop-Function -Message $_ -ErrorRecord $_ -Target $instance -Continue

0 comments on commit 2c495d6

Please sign in to comment.
You can’t perform that action at this time.