PowerShell for Windows Admins


November 29, 2013  12:43 PM

Windows 8.1 Defender module



Posted by: Richard Siddaway
PowerShell v4, Windows 8.1, WMI

Windows 8.1 includes a module – Defender for working with the anti-malware engine on the machine. I’m presuming this means Windows Defender only

The starting point is Get-MpComputerStatus

£> Get-MpComputerStatus

AMEngineVersion : 1.1.10100.0
AMProductVersion : 4.3.9600.16384
AMServiceEnabled : True
AMServiceVersion : 4.3.9600.16384
AntispywareEnabled : True
AntispywareSignatureAge : 2
AntispywareSignatureLastUpdated : 27/11/2013 11:14:50
AntispywareSignatureVersion : 1.163.737.0
AntivirusEnabled : True
AntivirusSignatureAge : 2
AntivirusSignatureLastUpdated : 27/11/2013 11:14:50
AntivirusSignatureVersion : 1.163.737.0
BehaviorMonitorEnabled : True
ComputerID : 10EEA25B-DB88-4238-BA5C-C500519F9C56
ComputerState : 0
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : False
NISEngineVersion : 2.1.10003.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 109.17.0.0
OnAccessProtectionEnabled : True
QuickScanAge : 1
QuickScanEndTime : 27/11/2013 21:48:57
QuickScanStartTime : 27/11/2013 21:47:16
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
PSComputerName :

which shows a lot of useful data.

The cmdlet has a CimSession parameter so you can work with remote Windows 8.1 machines. This module isn’t available on Windows 2012 R2.

Other cmdlets include:

Add-MpPreference
Get-MpComputerStatus
Get-MpPreference
Get-MpThreat
Get-MpThreatCatalog
Get-MpThreatDetection
Remove-MpPreference
Remove-MpThreat
Set-MpPreference
Start-MpScan
Update-MpSignature

If you think the output is reminiscent of a WMI class you’re right. The cmdlet is CDXML built from the ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus CIM class

November 29, 2013  4:33 AM

Remoting series



Posted by: Richard Siddaway
PowerShell

My remoting series on the Scripting Guy blog has finished. The full set of posts is:

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/29/remoting-week-non-domain-remoting.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/28/powertip-remove-powershell-web-access-authorization-rules.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/28/remoting-week-remoting-security.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/powertip-use-powershell-to-discover-certificate-thumbprints.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/remoting-week-configuring-remoting.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/powertip-determine-version-of-wsman-on-remote-computer.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/remoting-week-remoting-sessions-in-powershell.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/powertip-use-powershell-to-find-key-of-wmi-class.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/remoting-week-remoting-recap.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/powertip-use-powershell-to-discover-certificate-thumbprints.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/remoting-week-configuring-remoting.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/powertip-determine-version-of-wsman-on-remote-computer.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/remoting-week-remoting-sessions-in-powershell.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/powertip-use-powershell-to-find-key-of-wmi-class.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/remoting-week-remoting-recap.aspx


November 28, 2013  3:36 PM

PowerShell on Windows RT



Posted by: Richard Siddaway
PowerShell v4

PowerShell v4 contains a help file

get-help about_Windows_RT –showwindow

That explains the differences between PowerShell on a full Windows device and on a Windows RT device such as a Surface 2


November 28, 2013  3:28 PM

Get-Process in PowerShell 4



Posted by: Richard Siddaway
PowerShell v4

If you use Get-Process in PowerShell v3

£> Get-Process powershell

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
——- —— —– —– —– —— — ———–
516 17 49436 59220 233 8.86 7100 powershell

PowerShell v4 enables you to see the user account associated with the process

£> Get-Process powershell -IncludeUserName

Handles WS(K) VM(M) CPU(s) Id UserName ProcessName
——- —– —– —— — ——– ———–
593 214888 823 17.27 2148 MANTICORE\richard powershell

Now we have an easy way to discover who started a process


November 27, 2013  2:35 PM

Capacity planning series finished



Posted by: Richard Siddaway
Office 2013, PowerShell, SQL Server, WMI

My capacity planning series on the Scripting Guy blog finished last week. Didn’t get chance to post about it as I was at Microsoft in Seattle.

Full series and associated powertip postings:

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/18/powertip-compare-the-contents-of-files-with-powershell.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/18/the-admin-s-first-steps-capacity-planning-part-3.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/powertip-use-powershell-to-format-dates.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/the-admin-s-first-steps-capacity-planning-part-2.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/powertip-view-network-statistics-with-powershell.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/the-admin-s-first-steps-capacity-planning.aspx

Enjoy


November 27, 2013  3:48 AM

PowerShell team topics for 2014 Summit



Posted by: Richard Siddaway
PowerShell, Summit

The detailed agenda for the PowerShell Summit can be linked from here.

http://msmvps.com/blogs/richardsiddaway/archive/2013/11/11/powershell-summit-2014-agenda.aspx

Members of the PowerShell team will be speaking at the Summit. They are looking for input on the topics you want them to cover. Please view the list of possible topics and leave your comments at

http://blogs.msdn.com/b/powershell/archive/2013/11/05/seeking-input-on-powershell-summit-sessions.aspx


November 11, 2013  12:17 PM

Capacity Planning part 2



Posted by: Richard Siddaway
PowerShell, SQL Server

My capacity planning mini series on the Scripting Guy blog continues with the second part – dealing with storing data in SQL Server – available today

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/the-admin-s-first-steps-capacity-planning-part-2.aspx

I’ll repeat the URL for the first part for reference

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/the-admin-s-first-steps-capacity-planning.aspx


November 11, 2013  4:59 AM

PowerShell Summit 2014 agenda



Posted by: Richard Siddaway
PowerShell, Summit

The final agenda for the 2014 PowerShell summit has been released.

http://powershell.org/wp/community-events/summit/powershell-summit-north-america/summit-agenda/

I’ve got three sessions:

WSMAN cmdlets
Networking cmdlets
Cmdletize the registry
There are some interesting sessions on that list.

Nows the time to get those tickets booked.


November 9, 2013  11:04 AM

Windows Surface RT upgrade to Windows 8.1



Posted by: Richard Siddaway
Windows 8.1

Having seen the comments regarding the removal of the RT upgrade to Windows 8.1 from the Windows app store I was surprised to see it had re-appeared last night.

Late this morning I started the upgrade. Its a 2GB+ download so make sure your Surface is plugged into the mains!

The download wasn’t a speedy affair but it progressed and immediately cut into the upgrade. Everything seemed to go well – usual questions regarding accepting T&Cs and configuration. Express seems to work OK.

The usual Windows.old is left behind (2GB+) so used Disk Cleanup to delete that through the Clean up System Files button and selecting to remove previous windows installations – see http://windows.microsoft.com/en-GB/windows-8/how-remove-windows-old-folder

The apps that I had installed appear to be preserved and at the moment everything looks good. A painless upgrade for me. Hopefully the earlier reported issues are all resolved.


November 8, 2013  3:01 PM

Get-ADUser issue fixed



Posted by: Richard Siddaway
Active Directory, PowerShell v4, Windows 8.1, Windows Server 2012 R2

I reported in this post http://richardspowershellblog.wordpress.com/2013/11/06/get-aduser-issue/ an issue with Get-ADUser under PowerShell 4.0 on Windows 8.1/2012 R2 where using –Properties * caused a failure.

I had a comment that this is schema related and a schema upgrade fixes the problem.

My starting point is a Windows 20012 domain

£> Get-ADDomain | ft DomainMode -a

DomainMode
———-
Windows2012Domain

And I have schema version 56

On a Windows 2012 R2 member server I try get-aduser

£> Get-ADUser -Identity richard -Properties *
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.GetADUser

Now lets try the schema upgrade – looks like it goes to version 69 – that’s quite a big upgrade. Once the upgrade has been performed – let the schema replication occur & reboot the Windows 2012 R2 member server just to make sure nothing is cached that could affect the result.

Now to re-try Get-AdUser

Get-ADUser -Identity richard -Properties *
Get-ADUser -Identity richard -Property *

Both work – we have a winner. If you are seeing this problem the answer is to upgrade your schema. You don’t need to upgrade the Domain Controllers just the schema.

Its a bit naught that this happens – I don’t remember similar problems putting a Windows 8/2012 machine with PowerShell 3.0 into a Windows 2008 r2 domain


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: