PowerShell for Windows Admins


May 27, 2015  12:30 PM

PowerShell Summit Europe 2015 – – sold out

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

The PowerShell Summit Europe 2015 is sold out.  Please be aware that we don’t maintain a waiting list as the Summit is a benefit of  PowerShell Association membership

May 21, 2015  1:30 PM

IPAM: 1 Installation and configuration

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

IPAM stands for IP Address Management. It’s a feature in Windows Server 2012 R2 that enables you manage your DHCP and DNS servers as a whole rather than at the individual service or server level.

Installation of IPAM follows the standard approach for any Windows feature. Note that you can install IPAM on a Domain Controller but it won’t configure. IPAM is designed to be installed on a member server.

Full details on deploying IPAM server are available from here https://technet.microsoft.com/en-us/library/hh831353.aspx

I’m not going to run through the full deployment and configuration – just point out some issues and where you can use PowerShell to make things easier.

Once the IPAM feature is installed you have to provision the IPAM server. There isn’t a separate MMC for IPAM admin – you use Server Manager.  Provisioning an IPAM server can be done manually or by GPO.  Manual seemed best for lab/experiment/initial set up as can’t swap from GPO to manual. You can use Windows Internal Database (WID) or SQL Server – I used WID.

You then need to configure your DHCP servers, DNS servers and domain controllers. This involves a number of group membership changes, firewall rule changes and a registry setting.

Create a group called IPAMUG and add the IPAN server into it.

New-ADGroup -Name IPAMUG -DisplayName IPAMUG -SamAccountName IPAMUG    -Description ‘IPAM management group’ -GroupCategory Security -GroupScope Universal

Add-ADGroupMember -Identity IPAMUG -Members (Get-ADComputer -Identity W12R2SUS)

Add IPAMUG to a number of groups

Add-ADGroupMember -Identity ‘Event Log Readers’ -Members (Get-ADGroup -Identity IPAMUG)

Add-ADGroupMember -Identity ‘DHCP Users’ -Members (Get-ADGroup -Identity IPAMUG)

Add-ADGroupMember -Identity ‘DNSAdmins’ -Members (Get-ADGroup -Identity IPAMUG)

I also found I had to add the IPAM server to the domain Administrators group to get the DNS data to come through.

Modify some firewall rules

$cs = New-CimSession -ComputerName W12R2SCDC01

Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (RPC)’ -CimSession $cs -PassThru
Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (NP-In)’ -CimSession $cs -PassThru
Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (RPC-EPMAP)’ -CimSession $cs -PassThru

Get-NetFirewallRule -DisplayGroup ‘Remote Service Management’ -CimSession $cs |
ft  DisplayName, Enabled, Direction,Profile –a

There are a bunch of firewall rules that need setting. You can find the full list in the TechNet documentation.

For DHCP servers create an audit share

New-SmbShare -Name dhcpaudit -Path ‘C:\Windows\System32\dhcp’ -ReadAccess ‘manticore\IPAMUG’
Set-SmbShare -Name dhcpaudit -Description ‘DHCP audit share for IPAM’ -Force

## restart DHCP service
Get-Service -Name DHCPServer | Restart-Service -PassThru

Enable event log monitoring on the DNS servers

$csd = Get-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\DNS Server’ -Name CustomSD |
select -ExpandProperty CustomSD
$ipamsid = (Get-ADComputer -Identity W12R2SUS | select -ExpandProperty SID).value
$csd = $csd + “(A;;0x1;;;$ipamsid)”
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\DNS Server’ -Name CustomSD -Value $csd –PassThru

I also had to manually add the IPAMUG group into the security permissions for the DNS servers. Didin’t seem to be a way to automate that bit.

IPAM has a PowerShell module – IpamServer – which contains lots of cmdlets:

Add-IpamAddress
Add-IpamAddressSpace
Add-IpamBlock
Add-IpamCustomField
Add-IpamCustomFieldAssociation
Add-IpamCustomValue
Add-IpamDiscoveryDomain
Add-IpamRange
Add-IpamServerInventory
Add-IpamSubnet
Disable-IpamCapability
Enable-IpamCapability
Export-IpamAddress
Export-IpamRange
Export-IpamSubnet
Find-IpamFreeAddress
Get-IpamAddress
Get-IpamAddressSpace
Get-IpamAddressUtilizationThreshold
Get-IpamBlock
Get-IpamCapability
Get-IpamConfiguration
Get-IpamConfigurationEvent
Get-IpamCustomField
Get-IpamCustomFieldAssociation
Get-IpamDatabase
Get-IpamDhcpConfigurationEvent
Get-IpamDiscoveryDomain
Get-IpamIpAddressAuditEvent
Get-IpamRange
Get-IpamServerInventory
Get-IpamSubnet
Import-IpamAddress
Import-IpamRange
Import-IpamSubnet
Invoke-IpamGpoProvisioning
Invoke-IpamServerProvisioning
Move-IpamDatabase
Remove-IpamAddress
Remove-IpamAddressSpace
Remove-IpamBlock
Remove-IpamConfigurationEvent
Remove-IpamCustomField
Remove-IpamCustomFieldAssociation
Remove-IpamCustomValue
Remove-IpamDhcpConfigurationEvent
Remove-IpamDiscoveryDomain
Remove-IpamIpAddressAuditEvent
Remove-IpamRange
Remove-IpamServerInventory
Remove-IpamSubnet
Rename-IpamCustomField
Rename-IpamCustomValue
Set-IpamAddress
Set-IpamAddressSpace
Set-IpamAddressUtilizationThreshold
Set-IpamBlock
Set-IpamConfiguration
Set-IpamCustomFieldAssociation
Set-IpamDatabase
Set-IpamDiscoveryDomain
Set-IpamRange
Set-IpamServerInventory
Set-IpamSubnet
Update-IpamServer

Now I’ve got my IPAM server up and running its time to see what I can do with it

 

 


May 18, 2015  7:58 AM

PowerShell Summit Europe 2015–nearly sold out

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

There are a handful of places left for the PowerShell Summit Europe 2015. If you want to secure a place I recommend that you book very soon as we can’t extend capacity any further.


May 15, 2015  11:56 AM

Playing with the range operator

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

The range operator allows you to reference a range of numbers

1..10

is equivalent to

1,2,3,4,5,6,7,8,9,10

If you want anything other than numbers you’re stuck as the range operator only works with integers

though you can have a decrementing list

10..1

65..74 | foreach {[char]$psitem}

would be A – J

If you want A-Z

65..90 | foreach {[char]$psitem}

For lowercase letters (a – z)  use

97..122 | foreach {[char]$psitem}

You can even work from an array of values

$data = ‘value1′,’value2′,’value3′,’value4′,’value5′,’value6′,’value7′,’value8′,’value9′,’value10′

$data[3..6]
$data[6..3]


May 7, 2015  3:35 AM

PowerShell DSC for Linux

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
CIM, Powershell

PowerShell DSC for Linux has moved out of CTP and v1 is available for download from http://www.microsoft.com/en-us/download/details.aspx?id=46919

You will find more details at http://blogs.msdn.com/b/powershell/archive/2015/05/06/powershell-dsc-for-linux-is-now-available.aspx

You will need to download OMI version 1.0.8-1 which is available from https://collaboration.opengroup.org/omi/documents.php?action=show&dcat=&gdid=32721

OMI has to be installed on the Linux box before the DSC package

A useful getting started guide is available https://technet.microsoft.com/en-us/library/mt126211.aspx

I demonstrated DSC for Linux at the recent PowerShell Summit NA 2015

https://www.youtube.com/watch?v=X5igUenOJiU&index=30&list=PLfeA8kIs7CochwcgX9zOWxh4IL3GoG05P

though things have changed a bit since I built that demo environment using the DSC for Linux CTP. I’m going to rebuild my Linux box with the new bits and give it a whirl.

Being able to manage Windows and Linux environments through the same techniques, and in some cases the same DSC configurations is a big step forward


May 6, 2015  7:08 AM

WMF 5.0 April 2015 preview – – software inventory logging

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

A software inventory module is now included with the April 2015 WMF 5.0 preview

£> Get-Command -Module SoftwareInventoryLogging | select Name

Name
—-
Get-SilComputer
Get-SilComputerIdentity
Get-SilData
Get-SilLogging
Get-SilSoftware
Get-SilUalAccess
Get-SilWindowsUpdate
Publish-SilData
Set-SilLogging
Start-SilLogging
Stop-SilLogging

Windows updates are always a good place to start poking into your systems

£> Get-Command Get-SilWindowsUpdate -Syntax

Get-SilWindowsUpdate [[-ID] <string[]>] [-CimSession <CimSession[]>]
[-ThrottleLimit <int>] [-AsJob] [<CommonParameters>]

£> Get-SilWindowsUpdate
ID          : KB3055381
InstallDate : 4/30/2015

etc

The parameters for Get-SilWindowsUpdate look like those I’d expect from a CDXML module. Inspection of C:\Windows\System32\WindowsPowerShell\v1.0\modules\SoftwareInventoryLogging\

shows  a number of cdxml files

MsftSil_Computer.cdxml
MsftSil_ComputerIdentity.cdxml
MsftSil_Data.cdxml
MsftSil_ManagementTasks.psm1
MsftSil_Software.cdxml
MsftSil_UalAccess.cdxml
MsftSil_WindowsUpdate.cdxml
Msft_MiStreamTasks.cdxml

The WMF 5,0 release notes supply a link to further data of software inventory logging – interestingly its flagged as a Windows Server 2012 R2 page.

Trying the cmdlet against a Windows Server 2012 R2 system running WMF 4.0 (with the November 2014 roll up)

$cs = New-CimSession -ComputerName W12R2SUS
Get-SilWindowsUpdate -CimSession $cs

£> Get-SilWindowsUpdate -CimSession $cs
ID             : KB3006193
InstallDate    : 1/5/2015
PSComputerName : W12R2SUS

etc

This means the class is on our Windows Server 2012 R2 box so we could use it directly

£> Get-CimInstance -Namespace root/InventoryLogging -ClassName  MsftSil_WindowsUpdate | Format-Table -a

ID                  InstallDate                                PSComputerName
—                   ———–                                 ————–
KB3006193 1/5/2015 12:00:00 AM
KB2894856 9/14/2014 12:00:00 AM

etc

This module supplies a useful way to find out the software installed on our systems – I’ll be digging into this over a few more posts


May 5, 2015  12:44 PM

WMF 5.0 April 2015 preview – – creating guid

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

Creating a GUID has always been possible with PowerShell – you just had to drop into .NET

£> [System.Guid]::NewGuid()

Guid
—-
46c130ca-39ff-463c-b7fb-ed728a1c134f

With the latest WMF 5.0 preview life gets easier:

£> Get-Command New-Guid -Syntax

New-Guid [<CommonParameters>]

£> New-Guid

Guid
—-
112866a5-1662-4265-b851-f9086607bcb2

The New-Guid cmdlet happily creates a GUID for you – and you don’t have to remember the >NET syntax.

If you want the GUID in a variable as a string

£> $guid = New-Guid | select -ExpandProperty Guid
£> $guid
5c832d40-0ea4-4b42-b0bd-b228da008c9d


May 1, 2015  4:30 AM

WMF 5.0 April 2015 preview – – Format-Hex

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

Have you ever needed to generate a hex representation of a string or binary data?

Say you have a string – ‘PowerShell Rocks’

And you want to go the hex representation which is

50 6f 77 65 72 53 68 65 6c 6c 20 52 6f 63 6b 73

You would have to do something like this

$hexary = @()
$chars = ‘PowerShell Rocks’ -split ”

foreach ($char in $chars) {
if ($char -ne ”) {
$hexary += [convert]::ToString(([byte][char]$char),16)
}
}

$hexary -join ‘ ‘

Split the string into an array of strings each of a single character. If the string is not empty convert it to a [char] then a [byte] and finally a string formatted as hex.

The April 2015 WMF 5.0 preview simplifies that process

£> ‘PowerShell Rocks’ | Format-Hex
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000   50 6F 77 65 72 53 68 65 6C 6C 20 52 6F 63 6B 73  PowerShell Rocks

You can also view binary files such as Word documents in .doc format


April 30, 2015  12:00 PM

WMF 5.0 – Clipboard cmdlets

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

The April 2015 WMF 5.0 preview brings new functionality in the shape of cmdlets for working directly with the clipboard.

You use Set-Clipboard to put data onto the clipboard

£> get-command Set-Clipboard -Syntax

Set-Clipboard [-Append] [-WhatIf] [-Confirm] [<CommonParameters>]

Set-Clipboard [-Value] <string[]> [-Append] [-WhatIf] [-Confirm] [<CommonParameters>]

Set-Clipboard -Path <string[]> [-Append] [-WhatIf] [-Confirm] [<CommonParameters>]

Set-Clipboard -LiteralPath <string[]> [-Append] [-WhatIf] [-Confirm] [<CommonParameters>]

You can add text or files to the clipboard. Notice that you can use –Append to add to the clipboard content rather than overwriting any existing data.

For instance:
Set-Clipboard -Value “test”

The contents of the clipboard are retrieved using Get-Clipboard

£> Get-Clipboard -Raw
test

As well as raw data you can pull data in a number of formats.

£> Get-Command Get-Clipboard -Syntax

Get-Clipboard [-Format <ClipboardFormat>] [-TextFormatType <TextDataFormat>] [-Raw] [<CommonParameters>]

Format can be one of: Text, FileDropList, Image, Audio

TextFormat type can be one of:  Text, UnicodeText, Rtf, Html, CommaSeparatedValue

These all produce the same result:

£> Get-Clipboard -Raw
test

£> Get-Clipboard -TextFormatType Text
£> Get-Clipboard -Raw
test
£> Get-Clipboard -Format Text
£> Get-Clipboard -Raw
test

Notice how use the TextFormatType Text or Format Text cause get-Clipboard to be called again with the –Raw parameter

One obvious and useful tasking for the clipboard cmdlets is copying commands between PowerShell sessions:

On the source machine

£> Get-History -Id 43

Id CommandLine
— ———–
43 Find-Package -Name PSReadline -Source PSGallery | fl *

Set-Clipboard -Value (Get-History -Id 43 | select -ExpandProperty Commandline)

On the target machine:

Invoke-Expression -Command (Get-Clipboard -Raw)

This is one set of cmdlets that will generate many more uses as you experiment with them


April 30, 2015  5:51 AM

WMF 5.0–New-TemporaryFile

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

Creating a temporary file in PowerShell 4.0 and earlier has been possible using a number of techniques such as:

£> $file = [System.IO.Path]::GetTempFileName()
£> $file
C:\Users\Richard\AppData\Local\Temp\tmpEFAD.tmp

With the April 2015 WMF 5.0 preview this becomes much easier

£> $file2 = New-TemporaryFile
£> $file2
    Directory: C:\Users\Richard\AppData\Local\Temp
Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-        4/30/2015  12:42 PM              0 tmp1FE1.tmp

Now you can create files simply and easily without having to remember the .NET syntax.

Notice that the temporary files are automatically created in your TEMP folder.

£> $env:TEMP
C:\Users\Richard\AppData\Local\Temp


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: