PowerShell for Windows Admins


January 16, 2014  1:41 PM

Win32_Process examples–set priority

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Changing the priority of a process can give a processing boost to an application – but its not always a safe option.

You can modify the process like this:

function set-procpriority {
[CmdletBinding()]
param (
[string]$computername = $env:COMPUTERNAME,
[string]$processname,

[ValidateSet("Idle", "BelowNormal", "Normal", "AboveNormal", "HighPriority", "RealTime")]
[string]$priority
)

switch ($priority){
“Idle”         {[uint32]$priorityin =    64; break}
“BelowNormal”  {[uint32]$priorityin = 16384; break}
“Normal”       {[uint32]$priorityin =    32; break}
“AboveNormal”  {[uint32]$priorityin = 32768; break}
“HighPriority” {[uint32]$priorityin =   128; break}
“RealTime”     {[uint32]$priorityin =   256; break}
}

Get-CimInstance -ClassName Win32_Process -ComputerName $computername -Filter “Name = ‘$processname’” |
Invoke-CimMethod -MethodName SetPriority -Arguments @{Priority = $priorityin}
}

The advanced takes three parameters – computername (defaults to local machine), a process name and the priority that process should have.

A switch statement converts the priority name to an unsigned integer value

The process objects are retrieved by Get-CimInstance and Invoke-CimMethod is used to call the SetPriority method.

You can use it like this:

£> notepad

£> get-process notepad | Format-List Name, PriorityClass

Name          : notepad
PriorityClass : Normal

£> set-procpriority -processname ‘notepad.exe’ -priority HighPriority

ReturnValue PSComputerName
———– ————–
0 RSSURFACEPRO2

£> get-process notepad | Format-List Name, PriorityClass

Name          : notepad
PriorityClass : High

The function will modify the priority of all instances of the process. If you want to modify just one instance then you need to remove the process name parameter and add a process id parameter

January 15, 2014  4:31 PM

Winter Scripting Games 2014 –Event 1

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The first event in the 2014 Winter Scripting Games kicks off in just over 2 days time.

The practice event is finished and we’re testing the judging system

Good luck to all participants


January 15, 2014  2:02 PM

Win32_Process examples: get process owner

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Moving on with examples of using Win32_Process you can find the process owner:

function get-procowner {
[CmdletBinding()]
param (
[string]$computername = $env:COMPUTERNAME
)

Get-CimInstance -ClassName Win32_Process -ComputerName $computername |
foreach {
$owner = Invoke-CimMethod -InputObject $psitem -MethodName GetOwner

$props = [ordered]@{
Name = $psitem.Name
Domain = $owner.Domain
User = $owner.User
ComputerName = $psitem.PSComputerName

}
New-Object -TypeName PSObject -Property $props
}
}

Use the same param block as before to pass a computername – defaulted to local machine.

For each of the Win32_Process objects get the corresponding owner using the GetOwner method.

Create an ordered hash table for the properties and output a PSObject using those properties


January 14, 2014  12:50 PM

Win32_Process examples–processor time and memory usage

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I saw some example code for using Win32_Process and didn’t like it so decided to create my own versions.  In this case the objective is to display the processor time and memory usage:

function get-proctimeandRAM {
[CmdletBinding()]
param (
[string]$computername = $env:COMPUTERNAME
)

Get-CimInstance -ClassName Win32_Process -ComputerName $computername |
foreach {
$props = [ordered]@{
Name =  $psitem.Name
ProcessId = $psitem.ProcessId
WorkingSetSize = $psitem.WorkingSetSize
PageFileUsage = $psitem.PageFileUsage
PageFaults = $psitem.PageFaults
ProcessorTime = ($psitem.KernalModeTime + $psitem.UserModeTime) / 10000000
}

New-Object -TypeName PSObject -Property $props
}
}

Start by creating an advanced function that takes a computername as a parameter.  This is used to call Get-CimInstance to access the Win32_Process class on the machine.

I’m switching to the CIM cmdlets for everything as my test environment is, or soon will be, Windows 2012 R2 or Windows 8.1.

For each if the Win32_Process objects create a New-Object. I’ve chosen to use an ordered hash table (PS 3 and above) so that my properties remain in the order I want

The function produces a list by default as there 6 properties on the object. If you want  table output use Format-Table.

Examples of use:

get-proctimeandRAM
get-proctimeandRAM | ft -AutoSize


January 14, 2014  12:24 PM

VM disk info

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A question came into the forum about getting information on the virtual disks associated with particular Hyper-V virtual machines. Is a bit of a digging exercise but this gets the results:

Get-VM |
foreach {
$VMname = $psitem.Name
Get-VMHardDiskDrive -VMName $VMname  |
foreach {
Get-VHD -Path $_.Path |
select @{N=’VMname’; e={$VMName}}, Path, Size, FileSize
}
}

Get the set of VMs and for each of them get the VMHardDisks associated with the machine. For each VMHardDisk get the VHD – this is where you find the data you need.

 

The size and file size are in bytes – its a simple matter to create calculated fields that divide by 1GB or percentages if you require


January 10, 2014  6:28 AM

Finding a sequence

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I saw a challenge to find the occurrences of the sequence 1759 in the larger sequence 11759171759.  It was originally presented as a SQL Server based challenge to be solved with TSQL but we can do this just as easily with PowerShell using Select-String

£> $data = ’11759171759′
£> Select-String -InputObject $data -Pattern ’1759′ -AllMatches | foreach {$_.Matches.Index}

1
7

Create a variable to hold the big sequence and use that with the –InputObject parameter of Select-String. Supply the pattern to be tested and use –AllMatches to get all matches not just the first which is default. The resultant MatchInfo is piped to foreach-object where the Index of each match is retrieved.

if you want to see the full MatchInfo

£> $m = Select-String -InputObject $data -Pattern ’1759′ -AllMatches
£> $m.Matches
Groups   : {1759}
Success  : True
Captures : {1759}
Index    : 1
Length   : 4
Value    : 1759

Groups   : {1759}
Success  : True
Captures : {1759}
Index    : 7
Length   : 4
Value    : 1759

The indexes are zero based.  Add one if you want the position based on a starting index of 1

£> foreach ($match in (Select-String -InputObject $data -Pattern ’1759′ -AllMatches).Matches){$match.Index + 1}
2
8

Interesting puzzle that gives a good example of using Select-String


January 9, 2014  4:34 PM

Cim cmdlet aliases

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I don’t use aliases in scripts/functions and don’t use them much at the command line. One alias I do use reasonably often is gwmi for Get-WmiObject – mainly because I do a lot with WMI.  I’m using the CIM cmdlets much more these days and suddenly realised that I didn’t know if they had aliases.

One quick trip to Get-Alias and I had the answer:

£> Get-Alias | where Definition -like ‘*Cim*’

CommandType     Name
———–     —-
Alias           gcai -> Get-CimAssociatedInstance
Alias           gcim -> Get-CimInstance
Alias           gcls -> Get-CimClass
Alias           gcms -> Get-CimSession
Alias           icim -> Invoke-CimMethod
Alias           ncim -> New-CimInstance
Alias           ncms -> New-CimSession
Alias           ncso -> New-CimSessionOption
Alias           rcie -> Register-CimIndicationEvent
Alias           rcim -> Remove-CimInstance
Alias           rcms -> Remove-CimSession
Alias           scim -> Set-CimInstance

Also note change in the way the data is presented compared to earlier versions of Get-Alias


January 8, 2014  12:47 PM

Test windows activation

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I’m currently upgrading my lab environment to Windows Server 2012 R2 which involves upgrading some machines and rebuilding the others.  One task in any build or upgrade situation is to make sure that Windows is activated.

Windows Server 2012 R2 will activate once an Internet connection is established. This can sometimes take a few minutes. Rather than keep checking in the GUI I wrote a little function to do the job for me:

function test-activation {
$slp = Get-CimInstance -ClassName SoftwareLicensingProduct -Filter “PartialProductKey LIKE ‘%’”
if ($slp.LicenseStatus -eq 1) {
return “$($slp.Name) on $env:COMPUTERNAME is activated”
}
else {
return “$($slp.Name) on $env:COMPUTERNAME is NOT activated”
}
}

This is based on technique 104 in PowerShell and WMI  – www.manning.com/siddaway2

Get-CimInstance  uses the SoftwareLicensingProduct class and filters on the PartialProductKey property. The filter only picks up those instances where the property has a value.

If the LicensesStatus property equals its activated otherwise it isn’t.


January 5, 2014  10:27 AM

CDXML: Cim jobs

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

One of the freebies you get when using CDXML is that the cmdlets you create automatically get the –AsJob parameter. I was thinking about jobs in general and realised that I didn’t know how CIM jobs were run.

To put this into context:

PowerShell jobs run in another PowerShell process that is started as a child of the PowerShell process in which you start the job.

WMI jobs use a process called unsecapp – C:\Windows\System32\wbem\unsecapp

Another process – C:\Windows\system32\wbem\wmiprvse.exe will also run.

In order to discover the process(es) used by CIM jobs I needed a CIM job that would run for a long time – using CIM_DataFile class to enumerate the files on disk would work. I created a quick module using that class

<?xml version=’1.0′ encoding=’utf-8′?>

<PowerShellMetadata xmlns=’http://schemas.microsoft.com/cmdlets-over-objects/2009/11′>

<Class ClassName=’ROOT\cimv2\Cim_DataFile’>

<Version>1.0</Version>

<DefaultNoun>DataFile</DefaultNoun>

<InstanceCmdlets>

<GetCmdletParameters DefaultCmdletParameterSet=’DefaultSet’>

</GetCmdletParameters>

</InstanceCmdlets>

</Class>

</PowerShellMetadata>

and saved it as Cim_DataFile.cdxml

After importing the module I opened another PowerShell session and got a list of processes as a baseline.

Then use the new cmdlet in a Job

Get-DataFile –AsJob

The job type is CimJob

A new process appears – wmiprvse. This the same process that appears with WMI jobs. The path to the exe is C:\Windows\system32\wbem\wmiprvse.exe and the Description is: WMI Provider Host

This process provides isolation for WMI activities so that the whole of WMI isn’t pulled down in the event of a failure.

The same process is started if Get-CimInstance Cim_Datafile is run.


December 31, 2013  6:15 AM

The PowerShell year – 2013

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

This year has been a pretty good year for the PowerShell community. The highlights include:

  • PowerShell 4.0 becomes available
  • A very successful PowerShell Summit in April
  • A community hosted and judged Scripting Games – though as PowerShell is the only accepted language maybe a name change is needed?
  • PowerShell in Depth and PowerShell Deep Dives are published

The big ticket item in PowerShell 4.0 is Desired State Configuration. This functionality was extended at the end of the year with the publication of the  Desired State Configuration Resource Kit Wave 1 -  see the PowerShell team blog at http://blogs.msdn.com/b/powershell/archive/2013/12/26/holiday-gift-desired-state-configuration-dsc-resource-kit-wave-1.aspx

The most important part of the announcement is that it is wave 1 – meaning we should expect more DSC resources in the New Year.

Looking forward to 2014 what do we expect?

  • More DSC resources
  • 2014 Winter Scripting Games – this time we’re making them a team based event. Should be interesting
  • A PowerShell Summit in Seattle in April
  • A European PowerShell summit later in the year

Assuming you already know the PowerShell basics, or more, where should you be spending your PowerShell time in 2014?

If your work involves creating servers on a regular basis make sure you understand DSC

If you need to administer many servers – look to PowerShell workflow, PowerShell jobs and Scheduled jobs.  These options seem to have slipped out of the limelight lately.

Workflows are different – they use a PowerShell syntax but aren’t pure PowerShell. Some of the rules for using them are a bit strange and need some practice.

PowerShell jobs were introduced in PowerShell 2.0 but have always been overshadowed by remoting. The ability to run PowerShell jobs asynchronously and schedule them makes for a very powerful system for performing bulk tasks overnight.

The last recommendation for 2014 – learn more about CIM/WMI.  A significant fraction of the PowerShell functionality in Windows 8/2012 and later is built on WMI. If you don’t understand how it works you won’t get the best out of it. The OMI initiative is gaining traction which makes CIM an even more important technology to learn.

I’d also recommend experimenting with any of the areas of PowerShell you don’t know so well.

Finally, and most importantly, share what you learn with the rest of the PowerShell community – powershell.org is a very good place to start.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: