PowerShell for Windows Admins


April 26, 2016  3:30 AM

PowerShell team announcements

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

A few announcements from the PowerShell Team that I’m catching up on.

The Microsoft.PowerShell.Archive module is now open source

https://blogs.msdn.microsoft.com/powershell/2016/04/25/the-archive-module-is-now-open-source/

The archive module was introduced in WMF 5.0. Its now available on the PowerShell Gallery for installation on WMF 4.0. Any future updates will be through the gallery. The version in the gallery is 1.0.1.0 as opposed to 1.0.0.0 that ships with WMF 5.0

You can now view the contents of files directly in the PowerShell gallery

https://blogs.msdn.microsoft.com/powershell/2016/04/21/view-file-content-feature-is-available-on-the-gallery/

A DSC toolkit for working with Amazon Web Services (AWS) is now available

https://blogs.msdn.microsoft.com/powershell/2016/04/20/aws-dsc-toolkit/

WMF 5.1 will become available when Windows Server 2016 ships

https://blogs.msdn.microsoft.com/powershell/2016/04/06/windows-management-framework-5-0-updates-and-wmf-5-1/

WMF 5.1 will contain the changes and bug fixes introduced since WMF 5.0 shipped. Many of these have been available on Windows Insider preview builds

April 25, 2016  1:20 PM

PowerShell certifications revisited

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

Years ago (seems like decades so much has happened) I published my view on PowerShell certification:

https://richardspowershellblog.wordpress.com/2008/11/17/powershell-certifications/

A recent comment on the post asked if I still felt the same way.

Its not a topic I’d thought about all that much to be honest but having reflected on the matter I still believe what I wrote back in 2008 – the world doesn’t need a PowerShell certification.

I’ve stated it many times and will keep stating it – PowerShell isn’t important. Its what you can do with it that matters.

Very few people are employed as full time creators of PowerShell code –even today. They are  employed as administrators of X (and often Y, Z, A and B etc etc). PowerShell provides a tool to administer most of things in your Windows environment (and quite a few non-Windows items as well). Having a certification in the PowerShell language won’t help you administer Windows, Active directory, Exchange, SQL Server, VMware or network switches. You need to know what you’re doing before you can automate it!!!

At recent PowerShell Summits we’ve run a VERIFIED EFFECTIVE exam. The pass rates have been abysmal – and that’s for people who attended a pre-conference workshop on the topic! See:

http://powershell.org/wp/2016/04/22/verified-effective-exam-results/

We won’t be offering the exam at the next Summit – the results don’t measure up to the effort put into it.

The world isn’t really ready for a PowerShell certification and I suspect that it never will be.


April 25, 2016  8:33 AM

Cim session oddity

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
CIM, Powershell, WMI

The CIM cmdlets were introduced with PowerShell 3.0.  You can use the –ComputerName parameter to access a remote machine or, if you need to run multiple commands to the remote machine, you can create a CIM session.

CIM sessions are analogous to PowerShell remoting sessions and use WSMAN by default to connect to the remote machine:

PS> $c12 = New-CimSession -ComputerName W12R2SUS

PS> Get-CimInstance -CimSession $c12 -ClassName Win32_OperatingSystem | fl
SystemDirectory : C:\Windows\system32
Organization    :
BuildNumber     : 9600
RegisteredUser  : Windows User
SerialNumber    : 00252-00107-57895-AA282
Version         : 6.3.9600
PSComputerName  : W12R2SUS

In this case I’m accessing a Windows 2012 R2 system

If you try to create a CIM session to a machine running PowerShell 2.0 it will appear to work but you’ll get an error when you try to access the session:

PS> $c8 = New-CimSession -ComputerName W8R2STD01
PS> Get-CimInstance -CimSession $c8 -ClassName Win32_OperatingSystem | fl
Get-CimInstance : The WS-Management service cannot process the request. A DMTF resource URI was used to access a non-DMTF class. Try again using a non-DMTF resource URI.
At line:1 char:1
+ Get-CimInstance -CimSession $c8 -ClassName Win32_OperatingSystem | fl
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (root\cimv2:Win32_OperatingSystem:String) [Get-CimInstance], CimException
+ FullyQualifiedErrorId : HRESULT 0x80338139,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand
+ PSComputerName        : W8R2STD01

The reason is that the version of WSMAN installed with with PowerShell 2.0 (WSMAN 2.0) isn’t compatible with CIM sessions which expect WSMAN 3.0

One option is to use a DCOM based session:

PS> $opt = New-CimSessionOption -Protocol Dcom
PS> $c8D = New-CimSession -ComputerName W8R2STD01 -SessionOption $opt
PS> Get-CimInstance -CimSession $c8D -ClassName Win32_OperatingSystem | fl
SystemDirectory : C:\Windows\system32
Organization    :
BuildNumber     : 7601
RegisteredUser  : Windows User
SerialNumber    : 00477-179-0000007-84050
Version         : 6.1.7601
PSComputerName  : W8R2STD01

PowerShell MVP Jeff Hicks discovered that if you use a filter parameter with Get-CimInstance you can access PowerShell 2.0 machines using a WSMAN based CIM session

PS> Get-CimInstance -CimSession $c8 -ClassName Win32_OperatingSystem -Filter “Caption LIKE ‘%'”  | fl
SystemDirectory : C:\Windows\system32
Organization    :
BuildNumber     : 7601
RegisteredUser  : Windows User
SerialNumber    : 00477-179-0000007-84050
Version         : 6.1.7601
PSComputerName  : W8R2STD01

In this case you’re filtering on the Caption being like any characters

I stood in for a speaker who was ill at the recent European PowerShell conference and part of the session was on using CIM sessions. This issue came up and I decided to investigate a bit closer

Without a filter:

PS> Get-CimInstance -CimSession $c8 -ClassName Win32_OperatingSystem -Verbose
VERBOSE: Perform operation ‘Enumerate CimInstances’ with following parameters, ”namespaceName’ =
root\cimv2,’className’ = Win32_OperatingSystem’.
Get-CimInstance : The WS-Management service cannot process the request. A DMTF resource URI was used to access a
non-DMTF class. Try again using a non-DMTF resource URI.
At line:1 char:1
+ Get-CimInstance -CimSession $c8 -ClassName Win32_OperatingSystem -Ver …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (root\cimv2:Win32_OperatingSystem:String) [Get-CimInstance], CimException
+ FullyQualifiedErrorId : HRESULT 0x80338139,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand
+ PSComputerName        : W8R2STD01

VERBOSE: Operation ‘Enumerate CimInstances’ complete.

An attempt is made to enumerate the instances of the Win32_OperatingSystem class

If you use a filter

PS> Get-CimInstance -CimSession $c8 -ClassName Win32_OperatingSystem -Filter “Caption LIKE ‘%'”  -Verbose | fl
VERBOSE: Perform operation ‘Query CimInstances’ with following parameters, ”queryExpression’ = SELECT * FROM
Win32_OperatingSystem WHERE Caption LIKE ‘%’,’queryDialect’ = WQL,’namespaceName’ = root\cimv2′.
SystemDirectory : C:\Windows\system32
Organization    :
BuildNumber     : 7601
RegisteredUser  : Windows User
SerialNumber    : 00477-179-0000007-84050
Version         : 6.1.7601
PSComputerName  : W8R2STD01

VERBOSE: Operation ‘Query CimInstances’ complete.

You’re sending a WQL  query to the remote machine.

My current theory is that Get-CimInstance is trying to enumerate the instances of a particular class (in a similar way to Get-WSmnaInstance does) and that fails due to the WSMAN version mismatch.  Using the Filter bypasses the enumeration allowing it to work.

This is a totally undocumented feature and there is no guarantee it will continue to work in future versions. Until PowerShell 2.0 is gone from you environment be aware that its an option but be careful


April 14, 2016  8:27 AM

Folder creation dates from WMI

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
CIM, Powershell, WMI

A question on the powershell.org about finding the creation date of folders raises some interesting points

To find a folder’s creation date use:

Get-WmiObject -Class Win32_Directory -Filter “Drive=’C:’ AND Path = ‘\\users\\$user\\'” | select Name, @{N=’Creation date’; E={$_.ConvertToDateTime($_.CreationDate)}}

OR

Get-CimInstance -ClassName Win32_Directory -Filter “Drive=’C:’ AND Path = ‘\\users\\$user\\'” | select Name, CreationDate

If you use Get-WmiObject the date is returned in the form

20160128110039.938756+000

Which is why you need to perform the conversion using the ConvetToDateTime method that PowerShell adds to every WMI object.

Get-CimInstance automatically performs the conversion for you.

The other interesting part is the filter

“Drive=’C:’ AND Path = ‘\\users\\$user\\'”

Note that it’s wrapped in double quotes. Each of the values is a string so HAS to be in single quotes. Also note that you need to double the \ characters as WMI treats a single \ as an escape character so you have to escape the escape character.


April 14, 2016  4:50 AM

PowerShell Summit 2016 recordings

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

The recordings from this years PowerShell Summit are now available:

http://powershell.org/wp/2016/04/13/powershell-devops-global-summit-videos-online/

https://www.youtube.com/playlist?list=PLfeA8kIs7Coc1Jn5hC4e_XgbFUaS5jY2i


April 13, 2016  3:49 AM

IT Ops Education program and Scholarship

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
DevOps, IT education, Powershell

Do you know a young person in the USA that is just starting their IT career and would benefit from an intensive training program and scholarship?

Point them to the DevOps Collective site (DevOps Collective is the parent organization for powershell.org)  https://devopscollective.org/2016/04/04/announcing-the-getgoing-it-ops-education-program-scholarship/

Initially this program is US only but we hope to make a global program in years to come


April 12, 2016  3:33 PM

Monitor Info

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
CIM, Powershell, WMI

A question on the forum about combining information from 2 CIM classes produced this:

function Get-MonitorInfo {
[CmdletBinding()]
param(
$computername = $env:COMPUTERNAME
)

$cs = New-CimSession -ComputerName $computername

$monitors =  Get-CimInstance -Namespace root\wmi -ClassName WmiMonitorId -Filter “Active = ‘$true'” -CimSession $cs

foreach ($monitor in $monitors) {

$in = ($monitor.InstanceName).Replace(‘\’, ‘\\’)
Write-Verbose -Message $in
$dp = Get-CimInstance -Namespace root\wmi -ClassName WmiMonitorBasicDisplayParams -Filter “InstanceName = ‘$in'” -CimSession $cs

$name = ”

foreach ($c in $monitor.UserFriendlyName){
if ($c -ne ’00’){$name += [char]$c}
}
$type = ‘Unknown’
switch ($dp.VideoInputType){
0 {$type = ‘Analog’}
1 {$type = ‘Digital’}
}

New-Object -TypeName PSObject -Property @{
Name = $name
Type = $type
}
}

Remove-CimSession -CimSession $cs
}

Create a CIM session to the computer. Get the instances of the WmiMonitorId class. Iterate through them and find the matching WmiMonitorBasicDisplayParams class instance.

The InstanceName of the monitor will look like this:

DISPLAY\GSM598F\4&19086f00&0&UID200195_0

you need to replace \ by \\ to use the value in a CIM query because \ is treated as the escape character and you have to escape it to use it

Translate the UserFriendly name by converting the byte array to a string and determine the VideoInputType using the switch.

Create an object and output


April 4, 2016  7:28 AM

PowerShell Summit: CIM Deep Dive

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell, Windows 10

A big thank you to everyone who attended my Summit pre-conference workshop. The interaction was great and I really enjoyed it even though I was feeling the efffects of my flight the previous day.

One thing we discovered was that good old dependable calc has changed. On a Windows 10 (build 14295 and last couple of builds) its now calculator.exe.

PS> Get-CimInstance -ClassName Win32_Process -Filter “Name LIKE ‘calc%'”

ProcessId Name           HandleCount WorkingSetSize VirtualSize
——— —-           ———– ————– ———–
1400      Calculator.exe 373         56770560       336953344

On Windows 2012 r2 its still calc.exe which caused a bit of confusion until we realised what was happening


April 1, 2016  8:53 AM

MVP renewal 2016

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

Its April first and the email arrives mid-afternoon. My MVP award has been renewed for another year (9th consecutive year)

I still really appreciate the recognition this award bestows and hope to keep working to make the PowerShell community even better in the next 12 months


March 31, 2016  1:01 PM

IIS information

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
CIM, IIS, Powershell, WMI

In my recent post about getting server information from a IIS web server I said I post about getting similar information from later machines.

You still have the root\MirosoftIISv2 namespace available if you install the IIS 6.0 tools but one question to keep in mind – how long will they continue to be available?

Your alternative is the root\webadministration names space. You can use the Site class to get the relevant information

$serverdata = @()
Get-CimInstance -Namespace root\webadministration -ClassName Site -ComputerName $env:COMPUTERNAME |
foreach {

$serverdata += New-Object -TypeName PSObject -Property @{
Port = [string]::Join(‘,’, ($_.Bindings | select -ExpandProperty BindingInformation))
SiteName = $_.Name
SiteId = $_.id
PSComputerName = $_.PSComputerName
Status = Invoke-CimMethod -InputObject $_ -MethodName GetState | select -ExpandProperty ReturnValue
}
}
$serverdata

Remember that COM objects are inert so you can’t call the method directly on the object. otherwise the info is about the same


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: