PowerShell for Windows Admins

October 20, 2014  10:42 AM

Upgrading PowerShell

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The Scripting Guy has started a series on upgrading the version of  PowerShell you run.

My article in the series is out today – http://blogs.technet.com/b/heyscriptingguy/archive/2014/10/20/should-i-upgrade-to-latest-windows-powershell-version.aspx

October 18, 2014  1:49 PM

DSC Resource Kit Wave 8 coming?

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Looks like the next wave of the DSC resource kit is on its way – a set of resources for Exchange 2013 have been published – https://gallery.technet.microsoft.com/office/xExchange-PowerShell-1dd18388 with a wave 8 tag.

I’ve been waiting for the Exchange resources – they’re going to make my life so much easier.

October 15, 2014  11:44 AM

Default formatting

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

If you run get-process you will see something like this for each process

£> Get-Process | select -f 1

Handles NPM(K) PM(K) WS(K) VM(M)  CPU(s)   Id ProcessName
——- —— —– —– —–  ——   — ———–
80      7   960  4096    44         1560 armsvc

You’ll get the same display if you use

£> Get-Process | select -f 1 | ft

If you ask for a list – you get something different

£> Get-Process | select -f 1 | fl
Id      : 1560
Handles : 80
CPU     :
Name    : armsvc

Looking at all of the data for a single process give you this:

£> Get-Process | select -f 1 | fl *
__NounName                 : Process
Name                       : armsvc
Handles                    : 80
VM                         : 46186496
WS                         : 4194304
PM                         : 983040
NPM                        : 7136
Path                       :
Company                    :
CPU                        :
FileVersion                :
ProductVersion             :
Description                :
Product                    :
Id                         : 1560
PriorityClass              :
HandleCount                : 80
WorkingSet                 : 4194304
PagedMemorySize            : 983040
PrivateMemorySize          : 983040
VirtualMemorySize          : 46186496
TotalProcessorTime         :
BasePriority               : 8
ExitCode                   :
HasExited                  :
ExitTime                   :
Handle                     :
MachineName                : .
MainWindowHandle           : 0
MainWindowTitle            :
MainModule                 :
MaxWorkingSet              :
MinWorkingSet              :
Modules                    :
NonpagedSystemMemorySize   : 7136
NonpagedSystemMemorySize64 : 7136
PagedMemorySize64          : 983040
PagedSystemMemorySize      : 89712
PagedSystemMemorySize64    : 89712
PeakPagedMemorySize        : 1212416
PeakPagedMemorySize64      : 1212416
PeakWorkingSet             : 4300800
PeakWorkingSet64           : 4300800
PeakVirtualMemorySize      : 50155520
PeakVirtualMemorySize64    : 50155520
PriorityBoostEnabled       :
PrivateMemorySize64        : 983040
PrivilegedProcessorTime    :
ProcessName                : armsvc
ProcessorAffinity          :
Responding                 : True
SessionId                  : 0
StartInfo                  : System.Diagnostics.ProcessStartInfo
StartTime                  :
SynchronizingObject        :
Threads                    : {1564, 1572}
UserProcessorTime          :
VirtualMemorySize64        : 46186496
EnableRaisingEvents        : False
StandardInput              :
StandardOutput             :
StandardError              :
WorkingSet64               : 4194304
Site                       :
Container                  :

Notice that you don’t see anything corresponding to any of these fields from the default display – NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)

That’s because they are calculated by PowerShell when the data is formatted to display.  See about_Format.ps1xml for more details

October 15, 2014  1:15 AM

PowerShell Summit Europe 2014 – All videos available

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

All of the recordings from the recent PowerShell Summit in Amsterdam are now available through the PowerShell.org channel on youtube. The playlist for the Summit is https://www.youtube.com/playlist?list=PLfeA8kIs7Coehjg9cB6foPjBojLHYQGb_

Thank you again to the speakers, and attendees, who made for a wonderful first Summit in Europe and more thanks to the people who donated to our appeal to raise funds for the recording equipment.

October 13, 2014  2:22 PM

WMI Associations

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
CIM, Powershell, WMI

I saw a question regarding finding the Win32_NetworkAdapter instance using the matching Win32_NetworkAdapterConfiguration starting point. This answers the “which adapter has an IP address of X” type question.

The Index property on a Win32_NetworkAdapterConfiguration instance has the same value as the DeviceId property on the corresponding Win32_NetworkAdapter.

An alternative is to use the ASSOCIATORS WQL keyword.

That approach get s a bit messy but looks like this:

$query = “ASSOCIATORS OF {Win32_NetworkAdapterConfiguration.Index=’18’} WHERE RESULTCLASS = Win32_NetworkAdapter”
Get-WmiObject -Query $query

The CIM cmdlets get a bit better

$config = Get-CimInstance win32_networkadapterconfiguration -Filter “Index = 18”
Get-CimAssociatedInstance -InputObject $config -ResultClassName Win32_NetworkAdapter

Much simpler and you avoid the WQL.

October 13, 2014  11:00 AM

1,000,000 hits

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

This blog and its mirrors have reached the total of 1,000,000 hits for the year to date. Thank you to everyone who takes the time to read my postings

October 9, 2014  1:25 AM

PowerShell Summit Europe 2014 – – videos from day 1

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The videos from day 1 of the Powershell Summit Europe 2014 are now available on the PowerShell.org YouTube channel. The European Summit playlist can be found at

Uploading of day 2 is in progress and I’ll supply notification when complete.


October 7, 2014  12:10 PM

PowerShell Summit Europe 2014 – – slides and code

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

All of the slides and demo code the speakers wanted to share are available for your enjoyment at http://1drv.ms/1vMWmtm

I’m currently uploading the videos which is a slow process. I’ll post when that activity is completed.

October 3, 2014  5:43 AM

Windows 10 and PowerShell 5

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

With the release of the technical previews of Windows 10 and Windows server you can see PowerShell v5 in its native environment. There’s a good introduction to the new features in PowerShell v5 here – http://technet.microsoft.com/library/hh857339.aspx.

Its worth comparing the information given for PowerShell v4 and v3 (in the same article) to see where PowerShell has changed.

October 1, 2014  8:48 AM

PowerShell Summit Europe 2014 – – Wednesday afternoon

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Tobias Weltner started the last part of the Summit with a session on AST – Abstract Syntax Tree – and the PowerShell parser.

You can access the tokens used by the parser for instance to create a variable inventory.

AST takes you beyond the parser tokens and enables to do wonderful things to your scripts such as applying code formatting standards and expanding alias to the full

cmdlet and parameter names.

The second session was delivered by Jeff Wouters – Securing Remoting.  How do you secure remoting across the Internet?  How do you authenticate users?

Jeff showed us the issues around credentials and how to manage authentication – especially how to manage passwords.

The third session was a Best Practice discussion lead by Don Jones.

Code – If you don’t understand it don’t run it

PowerShell gallery – trusting the code?  Who wrote it? Feedback on code. Code should have ratings.

Module storage – where and why?

What are your thoughts?

Jeffrey Snover closed the Summit with a look at Just Enough Admin – RBAC through PowerShell.

Admins are part of the attack surface.

Need to Incrementally reduce admin exposure

JEA controls admin actions through PowerShell constrained endpoints and proxy functions.

JEA toolkit available for download through DSC resource kit

Use DSC for endpoint configuration – makes it simpler and easier

Example – allow access to manage file system but not view contents of files

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: