PowerShell for Windows Admins

April 29, 2011  3:28 AM

PowerShell Deep Dive: II Win32_Volume

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

One question that I was asked at the deep dive –

Is there a way to link a disk volume back to the physical disk it resides on?

There doesn’t seem to be. If we test the WMI classes associated with a volume we get these results


If anyone knows how to relate Win32_Volume to the physical disk (need to get the serial number off the disk) then I’d be interested in hearing about it

April 26, 2011  1:27 PM

May 2011–UK PowerShell UG

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

When: Tuesday, May 10, 2011 8:30 PM (BST)

Where: Live Meeting


Join PowerShell MVP and author Jonathan Medd to learn about PowerShell modules and how to get the most out of them.


Richard Siddaway has invited you to attend an online meeting using Live Meeting.
Join the meeting.
Audio Information
Computer Audio
To use computer audio, you need speakers and microphone, or a headset.
First Time Users:
To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting.
Unable to join the meeting? Follow these steps:

  1. Copy this address and paste it into your web browser:
  2. Copy and paste the required information:
    Meeting ID: 8TWQGF
    Entry Code: 6NB,TJm(m
    Location: https://www.livemeeting.com/cc/usergroups

If you still cannot enter the meeting, contact support

Microsoft Office Live Meeting can be used to record meetings. By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting.

April 26, 2011  1:08 PM

System Stability part II

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Last time we looked at the Win32_ReliabilityStabilityMetrics and closed by stating we’d look at the reliability records.  Reliability records are event log records related to system reliability.  The working part of the record is shown below (after the system properties are removed)

ComputerName     : RSLAPTOP01
EventIdentifier  : 19
InsertionStrings : {Security Update for Microsoft .NET Framework 4 on  Windows XP, Windows Server     2003, Windows Vista, Windows 7, Windows Server 2008, {ac2a295d-228e-4941-8568-ff131f842920}, 105}

Logfile          : System
Message          : Installation Successful: Windows successfully installed the following update: Security Update for Mi                 crosoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708)

ProductName      : Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008
RecordNumber     : 180291
SourceName       : Microsoft-Windows-WindowsUpdateClient
TimeGenerated    : 20110414224442.000000-000
User             : NT AUTHORITY\SYSTEM


This is fairly typical in that it shows something that has changed and could therefore affect system reliability. Which logs are involved.  On my system

PS> Get-WmiObject Win32_ReliabilityRecords | select Logfile -Unique


As we are talking about event logs they have to have a source

PS> Get-WmiObject Win32_ReliabilityRecords | select SourceName -Unique

Application Error
Application Hang

If we want to see the events related to a particular source then we can do this

PS> Get-WmiObject -Class Win32_ReliabilityRecords -Filter "SourceName=’Application Hang’" | Format-Table TimeGenerated, ProductName, Message –wrap –AutoSize

What we really need is a function to wrap the choices so we just choose parameters. Thats what we’ll do next

April 23, 2011  5:34 AM

System Stability

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

As admins one of the things we need to be able to prove is the stability and reliability of our systems. With Windows 7 and Windows 2008 R2 we have a way to do this

function get-stabilityindex {
Get-WmiObject -Class Win32_ReliabilityStabilityMetrics
-ComputerName $computer |
 select @{N="TimeGenerated"; E={$_.ConvertToDatetime($_.TimeGenerated)}},

Use the Win32_ReliabilityStabilityMetrics class – see http://msdn.microsoft.com/en-us/library/ee706632(VS.85).aspx for details

The function takes a computer name and returns the date and time a metric was computed and its value.

We’ll follow this up with a look at Win32_Reliability records next time

April 21, 2011  1:52 PM

PowerShell and WMI MEAP update

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Chapters 8 and 9 of PowerShell and WMI have been released into the MEAP. They are available from http://www.manning.com/siddaway2/


Chapter 8 covers the File system

  • Administer shares
  • Compress or encrypt files
  • Monitor file system events

Chapter 9 covers Services and processes including:

  • service load order
  • discover process owners
  • use WMI events to control processes

The code from the chapters is available for download.

Next up is chapter 10 dealing with printers.

Chapter 11 on Networking is complete and I’m working on the IIS WMI provider (chapter 12) and configuring a new server (chapter 13)


April 13, 2011  12:58 PM

Tuesday’s recording

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The recording from Tuesdays UG meeting is available.

Richard Siddaway has invited you to view a Microsoft Office Live Meeting recording.
View Recording
Recording Details
Subject: PowerShell and COM objects
Recording URL: https://www.livemeeting.com/cc/usergroups/view
Recording ID: Q4DPJT
Attendee Key: 4~_TzB%6w

The slides and scripts are available from


Previous meeting’s recordings are still available:

  • Regular Expressions
  • PowerShell utility cmdlets
  • PowerShell best practice
  • Remoting
  • Registry
  • DNS
  • Events
  • Modules

April 11, 2011  1:08 PM

User Group meeting–tomorrow

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Don’t forget the user group meeting tomorrow


April 9, 2011  2:29 AM

Scripting Games 2011 commentary ||: top 10 mistakes

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

See this excellent for tips on what not to do when writing PowerShell scripts


April 8, 2011  3:15 PM

Scripting Games 2011 commentary I: Line continuations

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

No I’m not going to give you the answers – you’ll just have to wait until the events close.

During (and possibly after) the games I’m going to comment on some of the things I’ve noticed about PowerShell usage.

I want to start with breaking a PowerShell line across multiple lines.  The “one liner” is what many PowerShell users aspire to and we can put together some impressive functionality by stringing together some cmdlets using the pipeline – for instance:

Get-Process | sort CPU -Descending | select -First 6 | Format-Table –AutoSize


Now we’ll assume we need to break this so that it fits on shorter lines.  The back tick is the line continuation character so we could end up with this

Get-Process | `
sort CPU -Descending | `
select -First 6 | `
Format-Table –AutoSize

which is actually easier to read.  Another alternative could be this

Get-Process `
| sort CPU -Descending `
| select -First 6 `
| Format-Table –AutoSize

which again is easy to read.  The difference is in the positioning of the back tick before or after the pipe symbol.


Both of these options take more effort than required.  All we need to do is this

Get-Process |
sort CPU -Descending |
select -First 6 |
Format-Table –AutoSize

The pipeline symbol works as a line continuation symbol as well.  Save typing and make life easier.


April 4, 2011  11:34 AM

Scripting Games have started

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The 2011 Scripting Games have started and this year its a PowerShell only contest.  Head over to http://blogs.technet.com/b/heyscriptingguy/ to get the details of the first events

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: