PowerShell for Windows Admins

September 5, 2014  3:03 PM

Finding a file version

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Interesting question on the forum – how to find the file version of IE on remote machines?


Get-CimInstance -ClassName CIM_DataFile -Filter “Name = ‘C:\\Program Files\\Internet Explorer\\iexplore.exe'”  | select -ExpandProperty Version


Use the CIM_dataFile class.  Its one of the few CIM_ classes that doesn’t have a Win32_ equivalent.


In this case you know the path to the file – note the \\ as you have to escape a single \ in WMI filters

September 5, 2014  1:48 AM

WMF 5.0 September 2014 preview now available

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Another preview for WMF 5.0, and PowerShell 5.0, is available for download.  Details from



September 4, 2014  1:07 PM

OneNote and XML–finding notebooks

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

When OneNote first came out there wasn’t an API for it as you get for Word or Excel. A community module enabled you to work with the XML that formed the OneNote note books but it wasn’t updated after Office 2007 and doesn’t really work with later versions of OneNote.


I was looking at the Office developer site and noticed that there was some information on OneNote http://msdn.microsoft.com/en-us/library/office/jj680118(v=office.15).aspx.  This series will investigate how to script against OneNote and also expalin how to use Select-XML and XPath on the way.


A good starting point would be to discover the OneNote notebooks:

$onenote = New-Object -ComObject OneNote.Application
$scope = [Microsoft.Office.Interop.OneNote.HierarchyScope]::hsPages
[ref]$xml = ”

$onenote.GetHierarchy($null, $scope, $xml)

$schema = @{one=”http://schemas.microsoft.com/office/onenote/2013/onenote”}
$xpath = “//one:Notebook”
Select-Xml -Xml ($xml.Value) -Namespace $schema -XPath $xpath |
foreach {


The starting point – like all good Office applications – is a COM object that exposes the OneNote object model.  As an aside isn’t time office moved away from COM and we had a proper .NET API or even better a PowerShell module.


You also need to define the scope – in this case get all pages. The enumeration is described here http://msdn.microsoft.com/en-us/library/office/jj680119(v=office.15).aspx


You also need to create a [ref] object to hold the output


The GetHierarchy() method is used to read through the notebooks. The $null argument means start at the top


The schema can be found inside the XML produced so to avoid a circular argument I’ll set that in a variable – it has to be a hash table as shown


Define the XPath – in this case get the nodes labelled one:Notebook


Select-XML will extract the required nodes – notice how the object has to be presented.


A simple foreacch iterates over the nodes which look like this

name             : Personal (Web)
nickname         : Personal (Web)
ID               : {F8CC78D5-9CC3-40C8-847B-96B15E3D6AD2}{1}{B0}
path             :
https://<a path>  (Web)/
lastModifiedTime : 2014-09-04T17:48:07.000Z
color            : #FFD869
Section          : {Quick Notes, Unfiled Notes, PowerShell Summit}
SectionGroup     : SectionGroup


And you can select the name of the notebook.

August 29, 2014  2:29 PM

Grains of rice on a chess board

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

There is a story about the inventor of chess being rewarded by putting 1 grain of rice on the first square of the board; 2 on the second and so on.  How much rice does that come to?


The total number of grains is 1.84467440737096E+19


At 25mg per grain thats 461168601842739 kilogrammes of rice


Which in more understandable terms is:


461,168,601,842.739 metric tonnes


453,886,749,619.642 tons


That’s a lot of rice


If you want to play around with the numbers the calculations are:


[double]$result = 0

1..64 |
foreach {

$square = [math]::Pow(2, ($psitem -1))
$result += $square


$wt = 0.025

$totalweight = ($wt * $result)/1000

$mtwt = $totalweight /1000

$tons = $totalweight * 0.00098421

August 29, 2014  1:00 PM

Event Log Providers

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

An event log provider is writes to an event log.  I’ve used WMI in the past to get these but while looking for somethign else discovered that Get-WinEvent can also find this information


Get-WinEvent -ListProvider * | ft Name, LogLinks -AutoSize –Wrap


Provides a nice long list of all of the providers and the event logs they write to.


Usually I’m only interested in what’s writing to a particular event log. And that’s where things get a bit more messy.


The loglinks are supplied as a System.Collections.Generic.IList[System.Diagnostics.Eventing.Reader.EventLogLink] LogLinks  object that doesn’t play nicely with –in or –contains


So we need a bit of PowerShell manipulation to get what we want


$log = ‘System’

Get-WinEvent -ListProvider * |
foreach {

if ($log -in ($psitem | select -ExpandProperty Loglinks | select -ExpandProperty Logname)){
New-Object -TypeName psobject -Property @{
Name = $psitem.Name
Log = $log


The trick here is that the loglinks are a collection of objects so you need to expand them twice to get to the name.  Not pretty but it works

August 28, 2014  12:56 PM

Patching Server Core

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I’ve been rebuilding my test lab after installing a SSD into the machine running it in place of the SATA drive.  Huge improvement in load speed of virtual machines – well worth the cost.

I usually have a number of server core machines in the lab and use WSUS for patching.  One issue I’d never really resolved was patching those server core machines  – the control panel fro Windows Update isn’t available!

Finally found a solution in the Windows Update PowerShell module from


Install the module and then you can install your patches using

Get-WUInstall –AcceptAll

I’m running Windows 2012 R2 on all my servers so the modules auto load

August 28, 2014  11:26 AM

European Summit deadline approaching

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

There are just over two weeks left for you to register for the European PowerShell Summit. At the moment we are still short of the number that would enable us to repeat a European Summit in 2015.  We had a lot of comments from people stating they wanted a Summit in Europe.  Now is the time to step up and support that idea.

Hope to see you there

August 28, 2014  6:15 AM

DSC Resource Kit–wave 6

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The next wave of the DSC resource kit is available with some new resources and updates to old favourites.

Details from:


August 21, 2014  2:04 AM

Learning, always learning

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

PowerShell is going mainstream amongst the administrator community – it may seem slow but the last couple of years has definitely seen a sustained upswing in adoption in my experience. As more people are demonstrating the benefits we see more people asking how they can learn PowerShell.


Two good ways come to mind. First is go on a course delivered by a recognised expert – if you’re thinking of attending a PowerShell course find out who is delivering it and look them up. If they don’t seem like an expert look for another course. There is s lot of bad practice being communicated and you rally want to cut through that and learn from a master of the subject.


if you don’t like, or can’t attend, a course then your best bet is Don Jones’ book – Learn PowerShell in a Month of Lunches – http://www.manning.com/jones3/


That completes the first part of your action. The second part is learning how to use PowerShell to administer the technology, or technologies, you work with.  Assuming you understand how to administer the underlying technology you need something to help you learn how to apply PowerShell to that technology. These are books I’d recommend:

For Active Directory

Learn Active Directory in a Month of Lunches – http://www.manning.com/siddaway3/



Learn IIS in a Month of Lunches  – http://www.manning.com/helmick/


For more general administration

PowerShell in Practice – http://www.manning.com/siddaway/

PowerShell and WMI – http://www.manning.com/siddaway2/


For VMware

VMware vSphere PowerCLI Reference: Automating vSphere Administration

Managing VMware Infrastructure with Windows PowerShell


These are books that I’ve used or worked on in one form or another and that I’m prepared to recommend. There are books on other administration through PowerShell topics but not having read them I can’t recommend for or against


I’ll update this post periodically as I work through more technologies.

August 20, 2014  10:19 AM

Count property

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Its frequently said that PowerShell is so big that no one can know everything about it.  I proved that today when I “discovered” a change in PowerShell of which I wasn’t aware.


If you create an array:

£> $a = 1,2,3

You can then get the number of members of that array i.e. its length


£> $a.count


£> $a[0]


In PowerShell 1.0 and 2.0 if you tried that on a variable that only held a single value you would get an error when you tried to access the first value:

£> $b = 1
£> $b.count

The count property returns nothing


£> $b[0]
Unable to index into an object of type System.Int32.
At line:1 char:4
+ $b[ <<<< 0]
+ CategoryInfo          : InvalidOperation: (0:Int32) [], RuntimeException
+ FullyQualifiedErrorId : CannotIndex


This changed in PowerShell 3.0 and later

£> $b = 1
£> $b.count
£> $b[0]


You can even try other indices
£> $b[1]


And just get nothing back rather than an error.


This is really useful as you can now safely test on the Count property and if the value is greater than 1 to determine if its a collection.  Alternatively always treat it as a collection and iterate over the number of elements.  I can see this simplifying things for me in quite a few situations

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: