Run CryptoBlocker against a Cluster

[nickalleyne]

Hi there,

First of all, I just wanted to say this is an awesome tool you guys have put together, and is very handy, seeming to work very well.

My question is, is there any way to run CryptoBlocker against a Fileshare cluster? Everything seems to be based around the server it is run on. While I could run it manually and then copy the config, if I can target a "hostname" as part of the script, I can then schedule it to automatically push updates.

[nexxai]

Unfortunately I am not well-versed in Windows' cluster abilities so I don't know if that's even possible, but if it's as simple as sending a list of hostnames, you could probably pretty easily just add the entire contents of the script to a for loop that opens a PowerShell session with each respective server in the cluster.

If you do happen to add such functionality (appropriately generalized), please submit a PR.

[nickalleyne]

The way the clustering works, is that it just has it's own hostname for the cluster "instance" i.e. I have a cluster of 4 nodes, with 2 "instances" on them. Each instance is where I would target it (as you open it separately within FSRM from the node). I will see if I can find a way to do that, but so far I am not well versed enough in CryptoBlocker to target a hostname, I have only done it based on the local server.

[jkmurphy1]

I agree with Justin. You should be able to utilize PowerShell to execute the script on however many servers you desire. A quick Google search turns up this https://4sysops.com/archives/use-powershell-invoke-command-to-run-scripts-on-remote-computers/. I would think you could use 'invoke-command" to push and run the script on another Window's server.

This is more of having an understanding of how to use PowerShell to remotely execute a script more than a need to understand the internals of CryptoBlocker - which you probably should if you are going to be executing a script on a production server.

[nickalleyne]

Thanks, that is definitely an option, I guess I was looking at it from a different angle and thinking it can be built into the script, to accept the hostname and target that. Invoke-command is an idea of how to do it for sure, I have never used invoke-command against a cluster though, so I will need to do some testing for sure. Thanks for the input.

[nickalleyne]

I was able to get this to work using invoke-command, so thanks for the advice: Invoke-Command -ComputerName filessharename -ScriptBlock {powershell.exe \filelocation\DeployCryptoBlocker.ps1}

The only thing I found, and this is probably a windows issue nothing to do with the script, is I was unable to run it again the cluster if the share was sitting on that host, I had to use a remote host to run the task. This is probably due to invoke-command not liking connecting back to the same server with a different name.

I am now going to work on scripting it out to do weekly to get updates, but as is, that seems to work for the initial run. Not hard to do, just working on the logistics. Thanks again, great tool.

[nexxai]

Awesome - I'm glad you were able to figure it out!