PowerShell for Windows Admins

April 2, 2012  12:39 PM

Scripting Games have started

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Jump over to http://blogs.technet.com/b/heyscriptingguy/

for event 1 in the beginners and advanced categories

April 2, 2012  12:33 PM

Finding the primary name of a DNS alias record

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A forum question asked how to find the primary name from an alias or CNAME record.

Get-WmiObject -Namespace 'root\MicrosoftDNS' -Class MicrosoftDNS_CNAMEType `
-Filter "ContainerName = 'Manticore.org'" -ComputerName server02  |             
select @{N='Alias'; E={$_.Ownername}}, Primaryname            


use the MicrosoftDNS_CNAMEType class. Filter on the domain ie containername.  ComputerName holds the DNS server name.

Change OwnerName to Alias in a select calculated field

April 1, 2012  10:09 AM

MVP renewal 2012

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

My MVP award was renewed for another year today.

Thank you to Microsoft for bestowing the honour for the fifth year and thank you to all of the people who’ve helped me gain this award by posting questions, reading my blogs, listening to talks etc.

March 30, 2012  8:49 AM

PowerShell in Practice offer today only

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Manning have PowerShell in Practice on a half price offer today. Go to www.manning.com and use code dotd0330cc when ordering

March 29, 2012  2:57 PM

UK PowerShell Group March 2012 meeting recording

Richard Siddaway Richard Siddaway Profile: Richard Siddaway


The recording, slides and demo script from the session on CIM cmdlets – Tuesday 27 March is available



March 26, 2012  11:38 AM

PowerShell Deep Dive 2012 Agenda

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The agenda for the PowerShell Deep Dive next month has just been published on the PowerShell team blog


If you are already booked to go – looking forward to meeting you.  If you’re thinking of going last years event was amazing. If you are interested in PowerShell it is the place to be

March 25, 2012  5:09 AM

UG meeting reminder – March 2012

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Quick reminder that the UK user group meeting is on Tuesday 27 March @ 7.30 BST.  Details from



The meeting is on the new CIM functionality in PowerShell v3.  This is a need to know technology as much of the new PowerShell functionality in Windows Server 8 is based on this.

Please double check the time as the UK switched to daylight saving time this weekend.

March 21, 2012  4:32 PM

PowerShell Deep Dive

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I heard at the beginning of the week that I’ve been granted a speaker slot at the PowerShell Deep Dive next month – http://www.theexpertsconference.com/us/2012/

I’ll be speaking on creating cmdlets from WMI objects using a new feature in PowerShell v3 that is so cool it could start a new Ice Age

Look forward to seeing you there

March 21, 2012  3:14 PM

Folder sizes

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Question on the forums related to folder sizes and last write time

Get-ChildItem -Path "C:\PersonalData\MyBooks\PowerShell and WMI" -Recurse |             
where { $_.PSIsContainer} |            
foreach {            
 $size = Get-ChildItem -Path $_.FullName | measure -Sum Length | select -ExpandProperty Sum            
 Add-Member -InputObject $($_) -MemberType NoteProperty -Name Size -Value $size            
 $_ | select Fullname, LastWriteTime, @{N="Size(MB)"; E={[math]::Round(($_.Size/1mb), 2)}}            
} | Format-Table -AutoSize -Wrap

Unfortunately the object returned by get-ChildItem doesn’t include folder size. So we loop through each folder & get the sum of its contents. The size value is added to the folder object and Fullname, LastwriteTime and size displayed.  The size is recalculated to megabytes. Substitute your favourite size

March 19, 2012  4:33 PM

Reading registry values with CIM

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

In this post


and its predecessors we saw how to enumerate registry sub-keys. But how do we read a registry value?

function get-CIMRegValue{             
param (             
 [ValidateSet("HKCR", "HKCU", "HKLM", "HKUS", "HKCC")]            
 [Validateset("DWORD", "EXPANDSZ", "MULTISZ", "QWORD", "SZ")]            
switch ($hive){            
"HKCR" { [uint32]$hdkey = 2147483648} #HKEY_CLASSES_ROOT            
"HKCU" { [uint32]$hdkey = 2147483649} #HKEY_CURRENT_USER            
"HKLM" { [uint32]$hdkey = 2147483650} #HKEY_LOCAL_MACHINE            
"HKUS" { [uint32]$hdkey = 2147483651} #HKEY_USERS            
"HKCC" { [uint32]$hdkey = 2147483653} #HKEY_CURRENT_CONFIG            
switch ($type) {            
"DWORD"     {$methodname = "GetDwordValue"}            
"EXPANDSZ"  {$methodname = "GetExpandedStringValue"}            
"MULTISZ"   {$methodname = "GetMultiStringValue"}            
"QWORD"     {$methodname = "GetQwordValue"}            
"SZ"        {$methodname = "GetStringValue"}            
$arglist = @{hDefKey = $hdkey; sSubKeyName = $key; sValueName = $value}            
switch ($psCmdlet.ParameterSetName) {            
 "UseComputer"    {$result = Invoke-CimMethod -Namespace "root\cimv2" -ClassName StdRegProv -MethodName $methodname  -Arguments $arglist -ComputerName $computer}            
 "UseCIMSession"  {$result = Invoke-CimMethod -Namespace "root\cimv2" -ClassName StdRegProv -MethodName $methodname  -Arguments $arglist -CimSession $cimsession }            
 default {Write-Host "Error!!! Should not be here" }            
switch ($type) {            
"DWORD"     {$result | select -ExpandProperty uValue}            
"EXPANDSZ"  {$result | select -ExpandProperty sValue}            
"MULTISZ"   {$result | select -ExpandProperty sValue}            
"QWORD"     {$result | select -ExpandProperty uValue}            
"SZ"        {$result | select -ExpandProperty sValue}            
Displays a registry value

Displays a registry value using WSMAN or DCOM 
to access remote machines 

Hive Name. One of "HKCR", "HKCU", "HKLM", "HKUS" or "HKCC"
The name is validated against the set

The registry key - without the hive name e.g.

The specific registry value to return for the 
given key

The type of registry value to return.
Must be one of

.PARAMETER  computer
Name of a remote computer. Connectivity will be by WSMAN.

.PARAMETER  cimsession
An object representing a cimsession. Connectivity is controlled 
by the CIM session and can be WSMAN or DCOM

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DelayedAutoStart -type DWORD

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value ObjectName -type SZ  

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DependOnService -type MULTISZ 

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value ImagePath -type EXPANDSZ

get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DelayedAutoStart -type DWORD -computer "."

$cs = New-CimSession -ComputerName Win7test  
get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DelayedAutoStart -type DWORD -cimsession $cs   

$opt = New-CimSessionOption -Protocol Dcom                                                                                                          
$csd = New-CimSession -ComputerName server02 -SessionOption $opt                                                                                    
get-CIMRegValue -hive HKLM -key "SYSTEM\CurrentControlSet\services\BITS" -value DelayedAutoStart -type DWORD -cimsession $csd




Parameters define the hive, key, value to be read and the type of value.

Registry values come in a number of types:

  • DWORD and QWORD are 32 & 64 bit numbers
  • SZ is a string
  • EXPANDSZ is a string containing environmental variables that gets expanded
  • MULTISZ is a multi-valued string

Parameters to define a computer name or CIM Session are also present

The numeric value for the hive is set in a switch statement. The data type is used to define the method name – each data type has its own method.

The argument list is populated and the method is invoked using a computer name or CIM session as appropriate

The results are decoded according to type.

Full help is provided on the function.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: