PowerShell for Windows Admins


November 30, 2013  8:52 AM

CDXML: Module Manifest

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Last time we created a module using CDXML to wrap the Win32_Bios WMI class. This gave us a cmdlet – Get-Bios. As the intention is to create a number of modules that expose the WMI classes related to hardware we need a module manifest file (.psd1) to load them so that we can take advantage of module auto-loading in PowerShell 3 & 4

Remember – one WMI class per CDXML file and each CDXML file is treated as a module

I find the easiest way to create new manifest is run New-ModuleManifest and give it the full path to the psd1 file you want to create

New-ModuleManifest -Path C:\scripts\Modules\Hardware\Hardware.psd1 –PassThru

You can then open the file in ISE and edit to give this:

#
# Module manifest for module ‘Hardware’
#
# Generated by: richard
#
# Generated on: 30/11/2013
#

@{

# Script module or binary module file associated with this manifest.
# RootModule = ”

# Version number of this module.
ModuleVersion = ‘1.0’

# ID used to uniquely identify this module
GUID = ‘55512ad7-c2aa-4678-818f-8f19b4f110dd’

# Author of this module
Author = ‘Richard’

# Company or vendor of this module
CompanyName = ‘Macdui’

# Copyright statement for this module
Copyright = ‘(c) 2013 Richard. All rights reserved.’

# Description of the functionality provided by this module
# Description = ”

# Minimum version of the Windows PowerShell engine required by this module
# PowerShellVersion = ”

# Name of the Windows PowerShell host required by this module
# PowerShellHostName = ”

# Minimum version of the Windows PowerShell host required by this module
# PowerShellHostVersion = ”

# Minimum version of Microsoft .NET Framework required by this module
# DotNetFrameworkVersion = ”

# Minimum version of the common language runtime (CLR) required by this module
# CLRVersion = ”

# Processor architecture (None, X86, Amd64) required by this module
# ProcessorArchitecture = ”

# Modules that must be imported into the global environment prior to importing this module
# RequiredModules = @()

# Assemblies that must be loaded prior to importing this module
# RequiredAssemblies = @()

# Script files (.ps1) that are run in the caller’s environment prior to importing this module.
# ScriptsToProcess = @()

# Type files (.ps1xml) to be loaded when importing this module
# TypesToProcess = @()

# Format files (.ps1xml) to be loaded when importing this module
# FormatsToProcess = @()

# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
NestedModules = @(‘Win32_BIOS.cdxml’)

# Functions to export from this module
FunctionsToExport = @(‘Get-Bios’)

# Cmdlets to export from this module
CmdletsToExport = ‘*’

# Variables to export from this module
VariablesToExport = ‘*’

# Aliases to export from this module
AliasesToExport = ‘*’

# List of all modules packaged with this module
# ModuleList = @()

# List of all files packaged with this module
# FileList = @()

# Private data to pass to the module specified in RootModule/ModuleToProcess
# PrivateData = ”

# HelpInfo URI of this module
# HelpInfoURI = ”

# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ”

}

You can cut out the items you don’t need but I prefer to leave them as reminders of the commands.

Once the file is modified – save it back as Hardware.psd1

Start a new PowerShell console and your new module is available for use immediately.

This also means that you can add new CDXML files and test them independently of the module. Once you’re happy with the new functionality you add the appropriate lines to the module manifest.

November 30, 2013  6:48 AM

CDXML

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Its been stated many times that over 60% of the modules in PowerShell 3 & 4 are created using CDXML – objects-over-cmdlets.

This involves taking a WMI class and wrapping it in XML to create a PowerShell module. At this time many admins are running for the door but it really isn’t that difficult.

Most admins will have used the Win32_Bios class

£> Get-CimInstance -ClassName Win32_Bios

SMBIOSBIOSVersion : 090006
Manufacturer : American Megatrends Inc.
Name : BIOS Date: 05/23/12 17:15:53 Ver: 09.00.06
SerialNumber : 5518-5018-0990-2526-2313-2106-44
Version : VRTUAL – 5001223

View the code at

http://richardspowershellblog.wordpress.com/2013/11/30/cdxml/

The verb is automatically set to GET.

I keep all my scripts in a folder called c:\scripts – this has subfolders by category. I also amend my module path in my PowerShell profile

$env:PSModulePath = “C:\Scripts\Modules;” + $env:PSModulePath

to add the \scripts\modules folder. This folder has all of the module I develop to keep them separate from the Microsoft modules.

I’m creating a module called Hardware that will contain a suite of CDXML files for accessing WMI classes related to hardware.

I saved the XML above to C:\Scripts\Modules\Hardware\Win32_BIOS.cdxml

For testing I change directory the C:\Scripts\Modules\Hardware folder and I can test my new module.

£> Import-Module .\Win32_BIOS.cdxml
£> Get-Command -Module Win32_BIOS

CommandType Name ModuleName
———– —- ———-
Function Get-Bios Win32_BIOS

Running Get-Bios produces:

£> get-bios

SMBIOSBIOSVersion : 090006
Manufacturer : American Megatrends Inc.
Name : BIOS Date: 05/23/12 17:15:53 Ver: 09.00.06
SerialNumber : 5518-5018-0990-2526-2313-2106-44
Version : VRTUAL – 5001223

Exactly the same as using Get-CimInstance.

You also get a set of free functionality (meaning you don’t have to do anything)

£> Get-Command Get-Bios -Syntax

Get-Bios [-CimSession ] [-ThrottleLimit ] [-AsJob] []

£> $sess = New-CimSession -ComputerName server02
£> Get-Bios -CimSession $sess

SMBIOSBIOSVersion : 6NET61WW (1.24 )
Manufacturer : LENOVO
Name : Ver 1.00PARTTBLX
SerialNumber : R81BG3K
Version : LENOVO – 1240
PSComputerName : server02

The properties displayed are controlled by the PowerShell formatting system as with most WMI classes. You can display all data:

Get-Bios | Format-List *

Next time we’ll create a module manifest file to enable module auto-loading


November 30, 2013  5:39 AM

Defender Module: Threat Catalog

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

You can see the threats that defender is testing against

Get-MpThreatCatalog | select SeverityID, ThreatName

You get a long list like this

5 TrojanDownloader:Win32/Agent.A
4 TrojanDownloader:Win32/Holistyc
2 Dialer:Win32/EPlugin
5 Backdoor:Win32/Fxsvc
2 Adware:Win32/Networkone

This is the important one:

Get-MpThreatDetection

You want this to return nothing i.e. no threats found

You can start a scan like this:

Start-MpScan -ScanType QuickScan

A progress bar will show how things are going – again if your machine is clean you won’t get a return


November 29, 2013  4:56 PM

Mac Address

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

No not where you go for a burger!

I saw a post on the forum about getting the MAC address fro remote machines. The original post was using a fixed filter on NetConnectionID which assumes that all of your machines are configured equally. I think a better approach is to gather all the data

function get-macaddress {
[CmdletBinding()]
param(
[string]$computername = $env:COMPUTERNAME
)
Get-WmiObject -Class Win32_NetworkAdapter -ComputerName $computername -Filter “NetConnectionID LIKE ‘%'” |
select PSComputerName, Description, NetConnectionID, MACAddress

}

The WMI filter ensures that only adapters with a NetConnectionID are returned.

Once you have the data you can ensure your machines are configured the same


November 29, 2013  4:44 PM

Clear the Trusted Hosts list

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

This post rounds out the remoting series and shows you how to clear the trusted hosts list

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/29/powertip-use-powershell-to-clear-the-trusted-hosts-file.aspx


November 29, 2013  12:43 PM

Windows 8.1 Defender module

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Windows 8.1 includes a module – Defender for working with the anti-malware engine on the machine. I’m presuming this means Windows Defender only

The starting point is Get-MpComputerStatus

£> Get-MpComputerStatus

AMEngineVersion : 1.1.10100.0
AMProductVersion : 4.3.9600.16384
AMServiceEnabled : True
AMServiceVersion : 4.3.9600.16384
AntispywareEnabled : True
AntispywareSignatureAge : 2
AntispywareSignatureLastUpdated : 27/11/2013 11:14:50
AntispywareSignatureVersion : 1.163.737.0
AntivirusEnabled : True
AntivirusSignatureAge : 2
AntivirusSignatureLastUpdated : 27/11/2013 11:14:50
AntivirusSignatureVersion : 1.163.737.0
BehaviorMonitorEnabled : True
ComputerID : 10EEA25B-DB88-4238-BA5C-C500519F9C56
ComputerState : 0
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : False
NISEngineVersion : 2.1.10003.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 109.17.0.0
OnAccessProtectionEnabled : True
QuickScanAge : 1
QuickScanEndTime : 27/11/2013 21:48:57
QuickScanStartTime : 27/11/2013 21:47:16
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
PSComputerName :

which shows a lot of useful data.

The cmdlet has a CimSession parameter so you can work with remote Windows 8.1 machines. This module isn’t available on Windows 2012 R2.

Other cmdlets include:

Add-MpPreference
Get-MpComputerStatus
Get-MpPreference
Get-MpThreat
Get-MpThreatCatalog
Get-MpThreatDetection
Remove-MpPreference
Remove-MpThreat
Set-MpPreference
Start-MpScan
Update-MpSignature

If you think the output is reminiscent of a WMI class you’re right. The cmdlet is CDXML built from the ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus CIM class


November 29, 2013  4:33 AM

Remoting series

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

My remoting series on the Scripting Guy blog has finished. The full set of posts is:

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/29/remoting-week-non-domain-remoting.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/28/powertip-remove-powershell-web-access-authorization-rules.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/28/remoting-week-remoting-security.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/powertip-use-powershell-to-discover-certificate-thumbprints.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/remoting-week-configuring-remoting.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/powertip-determine-version-of-wsman-on-remote-computer.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/remoting-week-remoting-sessions-in-powershell.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/powertip-use-powershell-to-find-key-of-wmi-class.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/remoting-week-remoting-recap.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/powertip-use-powershell-to-discover-certificate-thumbprints.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/remoting-week-configuring-remoting.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/powertip-determine-version-of-wsman-on-remote-computer.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/remoting-week-remoting-sessions-in-powershell.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/powertip-use-powershell-to-find-key-of-wmi-class.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/remoting-week-remoting-recap.aspx


November 28, 2013  3:36 PM

PowerShell on Windows RT

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

PowerShell v4 contains a help file

get-help about_Windows_RT –showwindow

That explains the differences between PowerShell on a full Windows device and on a Windows RT device such as a Surface 2


November 28, 2013  3:28 PM

Get-Process in PowerShell 4

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

If you use Get-Process in PowerShell v3

£> Get-Process powershell

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
——- —— —– —– —– —— — ———–
516 17 49436 59220 233 8.86 7100 powershell

PowerShell v4 enables you to see the user account associated with the process

£> Get-Process powershell -IncludeUserName

Handles WS(K) VM(M) CPU(s) Id UserName ProcessName
——- —– —– —— — ——– ———–
593 214888 823 17.27 2148 MANTICORE\richard powershell

Now we have an easy way to discover who started a process


November 27, 2013  2:35 PM

Capacity planning series finished

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

My capacity planning series on the Scripting Guy blog finished last week. Didn’t get chance to post about it as I was at Microsoft in Seattle.

Full series and associated powertip postings:

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/18/powertip-compare-the-contents-of-files-with-powershell.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/18/the-admin-s-first-steps-capacity-planning-part-3.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/powertip-use-powershell-to-format-dates.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/the-admin-s-first-steps-capacity-planning-part-2.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/powertip-view-network-statistics-with-powershell.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/the-admin-s-first-steps-capacity-planning.aspx

Enjoy


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: