PowerShell for Windows Admins

March 26, 2012  11:38 AM

PowerShell Deep Dive 2012 Agenda

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The agenda for the PowerShell Deep Dive next month has just been published on the PowerShell team blog


If you are already booked to go – looking forward to meeting you.  If you’re thinking of going last years event was amazing. If you are interested in PowerShell it is the place to be

March 25, 2012  5:09 AM

UG meeting reminder – March 2012

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Quick reminder that the UK user group meeting is on Tuesday 27 March @ 7.30 BST.  Details from



The meeting is on the new CIM functionality in PowerShell v3.  This is a need to know technology as much of the new PowerShell functionality in Windows Server 8 is based on this.

Please double check the time as the UK switched to daylight saving time this weekend.

March 21, 2012  4:32 PM

PowerShell Deep Dive

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I heard at the beginning of the week that I’ve been granted a speaker slot at the PowerShell Deep Dive next month – http://www.theexpertsconference.com/us/2012/

I’ll be speaking on creating cmdlets from WMI objects using a new feature in PowerShell v3 that is so cool it could start a new Ice Age

Look forward to seeing you there

March 21, 2012  3:14 PM

Folder sizes

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Question on the forums related to folder sizes and last write time

Get-ChildItem -Path "C:\PersonalData\MyBooks\PowerShell and WMI" -Recurse |             
where { $_.PSIsContainer} |            
foreach {            
 $size = Get-ChildItem -Path $_.FullName | measure -Sum Length | select -ExpandProperty Sum            
 Add-Member -InputObject $($_) -MemberType NoteProperty -Name Size -Value $size            
 $_ | select Fullname, LastWriteTime, @{N="Size(MB)"; E={[math]::Round(($_.Size/1mb), 2)}}            
} | Format-Table -AutoSize -Wrap

Unfortunately the object returned by get-ChildItem doesn’t include folder size. So we loop through each folder & get the sum of its contents. The size value is added to the folder object and Fullname, LastwriteTime and size displayed.  The size is recalculated to megabytes. Substitute your favourite size

March 19, 2012  4:33 PM

Reading registry values with CIM

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

In this post


and its predecessors we saw how to enumerate registry sub-keys. But how do we read a registry value?

function get-CIMRegValue{             
param (             
 [ValidateSet("HKCR", "HKCU", "HKLM", "HKUS", "HKCC")]            
 [Validateset("DWORD", "EXPANDSZ", "MULTISZ", "QWORD", "SZ")]            
switch ($hive){            
"HKCR" { [uint32]$hdkey = 2147483648} #HKEY_CLASSES_ROOT            
"HKCU" { [uint32]$hdkey = 2147483649} #HKEY_CURRENT_USER            
"HKLM" { [uint32]$hdkey = 2147483650} #HKEY_LOCAL_MACHINE            
"HKUS" { [uint32]$hdkey = 2147483651} #HKEY_USERS            
"HKCC" { [uint32]$hdkey = 2147483653} #HKEY_CURRENT_CONFIG            
switch ($type) {            
"DWORD"     {$methodname = "GetDwordValue"}            
"EXPANDSZ"  {$methodname = "GetExpandedStringValue"}            
"MULTISZ"   {$methodname = "GetMultiStringValue"}            
"QWORD"     {$methodname = "GetQwordValue"}            
"SZ"        {$methodname = "GetStringValue"}            
$arglist = @{hDefKey = $hdkey; sSubKeyName = $key; sValueName = $value}            
switch ($psCmdlet.ParameterSetName) {            
 "UseComputer"    {$result = Invoke-CimMethod -Namespace "root\cimv2" -ClassName StdRegProv -MethodName $methodname  -Arguments $arglist -ComputerName $computer}            
 "UseCIMSession"  {$result = Invoke-CimMethod -Namespace "root\cimv2" -ClassName StdRegProv -MethodName $methodname  -Arguments $arglist -CimSession $cimsession }            
 default {Write-Host "Error!!! Should not be here" }            
switch ($type) {            
"DWORD"     {$result | select -ExpandProperty uValue}            
"EXPANDSZ"  {$result | select -ExpandProperty sValue}            
"MULTISZ"   {$result | select -ExpandProperty sValue}            
"QWORD"     {$result | select -ExpandProperty uValue}            
"SZ"        {$result | select -ExpandProperty sValue}            
Displays a registry value

Displays a registry value using WSMAN or DCOM 
to access remote machines 

Hive Name. One of "HKCR", "HKCU", "HKLM", "HKUS" or "HKCC"
The name is validated against the set

The registry key - without the hive name e.g.

The specific registry value to return for the 
given key

The type of registry value to return.
Must be one of

.PARAMETER  computer
Name of a remote computer. Connectivity will be by WSMAN.

.PARAMETER  cimsession
An object representing a cimsession. Connectivity is controlled 
by the CIM session and can be WSMAN or DCOM

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DelayedAutoStart -type DWORD

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value ObjectName -type SZ  

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DependOnService -type MULTISZ 

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value ImagePath -type EXPANDSZ

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DelayedAutoStart -type DWORD -computer "."

$cs = New-CimSession -ComputerName Win7test  
get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DelayedAutoStart -type DWORD -cimsession $cs   

$opt = New-CimSessionOption -Protocol Dcom                                                                                                          
$csd = New-CimSession -ComputerName server02 -SessionOption $opt                                                                                    
get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DelayedAutoStart -type DWORD -cimsession $csd




Parameters define the hive, key, value to be read and the type of value.

Registry values come in a number of types:

  • DWORD and QWORD are 32 & 64 bit numbers
  • SZ is a string
  • EXPANDSZ is a string containing environmental variables that gets expanded
  • MULTISZ is a multi-valued string

Parameters to define a computer name or CIM Session are also present

The numeric value for the hive is set in a switch statement. The data type is used to define the method name – each data type has its own method.

The argument list is populated and the method is invoked using a computer name or CIM session as appropriate

The results are decoded according to type.

Full help is provided on the function.

March 18, 2012  2:30 PM

Get Global Catalog from DNS

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

One option for finding global catalog servers is often overlooked – DNS.  In an AD environment DNS stores the SRV records that advertise the services domain controllers can deliver

$dnsserver = "dc02"            
Get-WmiObject -Namespace 'root\MicrosoftDNS' -Class  MicrosoftDNS_SRVType `
-ComputerName $dnsserver -Filter "ContainerName = 'Manticore.org'" |             
Where {$_.OwnerName -like "_gc*"} |            
select TextRepresentation

We are interested in the ‘root\MicrosoftDNS’ name space and the MicrosoftDNS_SRVType records. We want the manticore.org zone and all records where the Ownername is like “_gc*”

The results look like this

_gc._tcp.Site1._sites.Manticore.org IN SRV 0 100 3268 dc02.manticore.org.

_gc._tcp.Site1._sites.Manticore.org IN SRV 0 100 3268 server02.manticore.org.  
_gc._tcp.Manticore.org IN SRV 0 100 3268 dc02.manticore.org.                                                     
_gc._tcp.Manticore.org IN SRV 0 100 3268 server02.manticore.org. 

March 16, 2012  4:24 PM

Up coming User group sessions

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The sessions for the next few months are:

  • 27 March – PowerShell v3 CIM cmdlets and “cmlets over objects”
  • April – Managing Windows Server 8 with PowerShell
  • May – Managing Windows Server 8 with PowerShell

No thats not a mistake – there is so much new PowerShell functionality in Windows server 8 that two sessions will just scratch the surface.  I’m delivering the April session and PowerShell MVP Jonathan Medd is delivering the May session.

Details on March’s sessions from


As always the session will be recorded and made available afterwards.

March 15, 2012  4:25 PM

Active Directory WMI provider

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I stumbled on this namespace on my domain controller – root\directory\ldap – which appears to be a WMI provider for AD. From the information at http://technet.microsoft.com/en-us/library/hh831568.aspx it appears that it is being deprecated in Windows Server 8. This means it will be removed in a future version. In the mean time we have more toys to play with. Managing AD with the PowerShell cmdlets is going to be the best way to do it but we have an opportunity to experiment and discover other ways of doing things.

The namespace is huge so getting a full listing of classes is problematic.

Some quick observations

Get-WmiObject -Namespace root/directory/ldap -Class ds_grouppolicycontainer | select DS_displayName

gets a list of group policies

The domain security policy can be exposed like this

Get-WmiObject -Namespace root/directory/ldap -Class ds_domain | select DS_lockoutDuration, DS_lockOutObservationWindow, DS_lockoutThreshold, DS_maxPwdAge, DS_minPwdAge, DS_minPwdLength, DS_pwdHistoryLength, DS_pwdProperties

DS_lockoutDuration          : -600000000
DS_lockOutObservationWindow : -600000000
DS_lockoutThreshold         : 25
DS_maxPwdAge                : -36288000000000
DS_minPwdAge                : 0
DS_minPwdLength             : 7
DS_pwdHistoryLength         : 24
DS_pwdProperties            : 1

It will be worth poking around a bit more in this namespace

March 13, 2012  12:11 PM

PowerShell–Good Scripts guide

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Ed Wilson, the Microsoft Scripting Guy, wrote recently http://blogs.technet.com/b/heyscriptingguy/archive/2012/03/08/2012-scripting-games-judging-criteria-revealed.aspx

about the judging for the 2012 games.

At the top of that post there is a section labelled General criteria for good Windows PowerShell scripts.

I would strongly recommend everyone who is working with PowerShell, whether you intend to enter the games or not, to read that section and apply it to every script you produce.

The advice doesn’t get better than that!

March 11, 2012  11:22 AM

Setting a Network address in Windows Server 8

Richard Siddaway Richard Siddaway Profile: Richard Siddaway


Windows Server 8 & Windows 8 bring a host of new functionality to us. I wanted to try out some of it so created a new VM and installed the OS – went for full GUI for now

Opened PowerShell and ran

Set-ExecutionPolicy remotesigned
Enable-PSRemoting -Force

The NetTCPIP module has some commands for working with network addresses

Get-NetIPInterface -ConnectionState Connected

ifIndex ifAlias            AddressFamily  NlMtu(Bytes)  InterfaceMetric Dhcp    Store
——- ——-            ————-  ————  ————— —-     —–
21      Virtual Wireless   IPv6           1500          5               Disabled Active
12      Virtual LAN        IPv6           1500          5               Disabled Active
21      Virtual Wireless   IPv4           1500          5               Disabled Active
12      Virtual LAN        IPv4           1500          5               Disabled Active

The display is abridged to fit

The important points are the ifIndex and ifAlias.  The index scheme is totally   different to the Win32_NetworkAdapter*  scheme

To set the address

New-NetIPAddress -InterfaceAlias "Virtual Wireless" -IPv4Address -PrefixLength 24 -DefaultGateway

Set-DnsClientServerAddress -InterfaceAlias "Virtual Wireless" -ServerAddresses
Set-DnsClient -InterfaceIndex 21 -ConnectionSpecificSuffix beta8.test

Notice that you have to use New-NetIPAddress. The logic seems to be that you are adding a new address to the adapter so use New*.

Set-NetIPAddress works to modify an existing address BUT you can’t change the default gateway that way!

The Set-DnsClient* cmdlets are in the DnsClient module

All of these cmdlets are based on calls to WMI classes

At the end of all that I wanted to bounce the machine any way so used


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: