PowerShell for Windows Admins


September 17, 2012  2:24 PM

Change user attribute based on group membership

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Want to change an attribute on all members of an Active Directory group.  Then try this

Get-ADGroupMember -Identity Legal |             
where {$_.objectclass -eq "user"} |            
foreach {            
 Set-ADUser -Identity $($_.distinguishedName) -Department "Student"            
}

Get the group members – filter out nested groups by checking the objectclass of the object. For each user set the attribute.

You can test its worked or look at an attribute in a similar way

Get-ADGroupMember -Identity Legal |             
where {$_.objectclass -eq "user"} |            
foreach {            
 Get-ADUser -Identity $($_.distinguishedName) -Property Department |            
 select Name, distinguishedName, Department            
}

You can perform a similar process with the Quest cmdlets

September 16, 2012  1:17 PM

Decoding the mounted device information

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

In the previous post we looked at how to read the mounted device information. The data is in binary though – if you want it readable and not all of it is readable – try this

$data = @()            
Get-Item -Path HKLM:\SYSTEM\MountedDevices |            
select -ExpandProperty Property |            
where {$_ -like "\Dos*"} |             
foreach {            
 $name = $_            
 $bin = (Get-ItemProperty -Path HKLM:\SYSTEM\MountedDevices -Name $name)."$name"            
             
 $decoded = @()            
 $bin | foreach {            
  $decoded += [char]$_            
 }            
            
            
 $data += New-Object -TypeName psobject -Property @{            
  Device =  $name            
  BinaryValue  = $bin            
  DecodedValue = $($decoded -join "")            
 }            
             
}            
$data | Format-Table  Device, DecodedValue  -AutoSize

Same as last time except for the loop through the binary data using [char] to decode the ASCII values.  use –join to make a string rather than an array. The apparent gaps in the resultant string are because we’re dealing with Unicode


September 16, 2012  7:41 AM

Reading mounted device information from the registry

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Interesting question about reading the registry.  How do you read HKLM:\SYSTEM\MountedDevices and pull out the name of the device and the associated data.

Get-Item -Path HKLM:\SYSTEM\MountedDevices

returns data of this form

Name                           Property
—-                           ——–
MountedDevices                 \DosDevices\C: : {218, 187, 32, 142…}
                               \DosDevices\G: : {92, 0, 63, 0…}
                               \DosDevices\E: : {95, 0, 63, 0…}
                               \DosDevices\F: : {92, 0, 63, 0…}
                               \DosDevices\D: : {218, 187, 32, 142…}
                               \DosDevices\I: : {95, 0, 63, 0…}

We need to drill into the property but if we expand the property we will only get the name of the device. So we need to loop through those names

$data = @()            
Get-Item -Path HKLM:\SYSTEM\MountedDevices |            
select -ExpandProperty Property |            
where {$_ -like "\Dos*"} |             
foreach {            
 $name = $_            
$data += New-Object -TypeName psobject -Property @{            
  Device =  $name             
  Value  = (Get-ItemProperty -Path HKLM:\SYSTEM\MountedDevices -Name $name)."$name"            
 }            
            
}            
$data

To simplify the output is limited to Dos devices

Get-itemproperty returns the data with the name of the device as the property name so we need to drill in to get the value


September 16, 2012  7:03 AM

Random confusion

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

There seems to be a bit of cofusion about how Get-Random works.

Try this

1..10 | foreach {Get-Random}

you’ll get  randomly selected 32-bit unsigned integer between 0 (zero) and Int32.MaxValue (0x7FFFFFFF, 2,147,483,647).

The –Minimum parameter sets a minimum value – you will not get any values BELOW this

try this

1..10 | foreach {Get-Random -Minimum 1000}

The –Maximum parameter sets the ceiling on returned values – you will not get any values AT OR ABOVE this value

try this

1..10 | foreach {Get-Random -Maximum 1000}

used in conjunction they define a range of values from which a random value is chosen

try this

1..10 | foreach {Get-Random -Minimum 500 -Maximum 1000}


September 12, 2012  2:26 PM

PowerShell Summit 2013 dates

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The dates for the summit have been announced – 22-24 April 2013 @ Microsoft campus Redmond

You can register at http://powershell.org/summit

1/7 th of the tickets have already gone – don’t miss out.


September 11, 2012  11:22 AM

Finding the drive letter of a mounted VHD

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

In Windows 8/2012 you can mount a VHD into the file system. Is there a way to discover the drive letter of the mounted VHD

function get-mountedvhdDrive {            
$disks = Get-CimInstance -ClassName Win32_DiskDrive | where Caption -eq "Microsoft Virtual Disk"            
foreach ($disk in $disks){            
 $vols = Get-CimAssociatedInstance -CimInstance $disk -ResultClassName Win32_DiskPartition             
 foreach ($vol in $vols){            
   Get-CimAssociatedInstance -CimInstance $vol -ResultClassName Win32_LogicalDisk |            
   where VolumeName -ne 'System Reserved'            
 }            
}            
}

Use Get-CimInstance to get the Win32_DiskDrive class. Filter on caption equalling "Microsoft Virtual Disk"

for each “physical” disk returned get the associated Win32_Volume and use that to get the associated Win32_Logical disk where you will find the drive letter.

Nice example of using associations in the CIM cmdlets


September 10, 2012  2:27 AM

PowerShell Summit Open for registration

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The PowerShell summit to be held April 2013 at Microsoft’s Redmond campus is now open for early registration.  There are very good deals available for early registration.

Details and registration link here – http://powershell.org/summit/registration.php


September 5, 2012  12:40 PM

PowerShell Summit April 2013

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A PowerShell summit is being proposed for April 2013.  It will be held on the Microsoft campus in Redmond.

Preliminary information can be found here

http://powershell.org/summit/

We’d like your help with this   by answering a s very short survey

http://674004.polldaddy.com/s/powershell-summit-na-2013

Your feed back will help us get it right

Thanks


September 4, 2012  2:46 PM

PowerShell v3 download

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The download for PowerShell v3 – now know as Windows Management Framework as you get PowerShell, WinRM and new WMI API is now available from

http://www.microsoft.com/en-us/download/details.aspx?id=34595

Versions are available for:

  • Windows 7 SP1
  • Windows 2008 R2 SP1
  • Windows 2008 SP2

No support for Windows 2003, Vista or XP


September 4, 2012  12:53 PM

Finding if the user associated with a profile is logged on

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A forum question asked how to find if the user to whom a profile belonged was logged on. There isn’t an easy way as there isn’t an association between the profile and the log on session.

There is a quick and dirty way  though

Get-WmiObject -Class Win32_UserProfile |            
foreach {            
            
$filt =  Split-Path -Path $($_.LocalPath) -Leaf            
$loggedon = $null            
$loggedon = Get-WmiObject Win32_loggedonuser |             
 where {$_.Antecedent -like "*Name=*$filt*"} |             
 select -First 1             
            
$log = $false            
if ($loggedon){$log = $true}            
            
New-Object -TypeName PSObject -Property @{            
 Name = $filt            
 Logged = $log            
}            
}

get the profiles and for each split the Localpath (path to profile) – the leaf holds the user name

Test if you can find an instance of Win32_LoggedOnUser where the Antecedent contains the name

Display data.  Results look like this

Name           Logged

—-           ——

DefaultAppPool  False

Richard          True

NetworkService  False

LocalService    False

systemprofile   False

need to filter the system accounts out but I’ll leave that to you


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: