PowerShell for Windows Admins


July 28, 2011  9:56 AM

The New IT?

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A recent headline asked “How will you fit into the New IT?”

My answer is what new IT?

I have been working in IT for well over 20 years and in that time I can’t remember a period when there wasn’t a significant change coming:

  • introduction of PCs
  • growth of networks
  • Internet
  • Rise of Windows and fall of Novell
  • Token ring giving way to Ethernet
  • Viruses and other malware
  • Virtualisation

The so called new IT is the “cloud” and all its ramifications. We’ve been hosting applications elsewhere for years but all of a sudden its the only way to run your IT shop – at least according to the experts in the computer press. When was the last time one of these pundits actually worked in IT – if they ever did.

IT is constantly changing – if you don’t realise that and can’t live with it you shouldn’t be in the industry. An IT professional’s job is to work out which of the changes are beneficial to their organisation and which are a distraction.

No matter what the “experts” tell you there is no single answer that fits every organisation – pick whats needed and disregard the rest.

The only constant is change

July 27, 2011  2:54 AM

Just a thought

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I’ve working with WMI a lot recently and frequently seen things like this

Get-WmiObject -Class Win32_OperatingSystem -ComputerName dc02

Get-WmiObject -Class Win32_ComputerSystem -ComputerName dc02

Get-WmiObject -Class Win32_LogicalDisk -ComputerName dc02

Each of these has to create a connection

is

$sb = {
Get-WmiObject -Class Win32_OperatingSystem
Get-WmiObject -Class Win32_ComputerSystem
Get-WmiObject -Class Win32_LogicalDisk
}

Invoke-Command -ScriptBlock $sb -ComputerName dc02

more efficient

In some cases yes depending on what you want to do with the information. Especially if need to filter data


July 24, 2011  12:13 PM

PowerShell remoting–User group meeting

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Final reminder for the user group meeting on Tuesday 26 July

Details from:

http://msmvps.com/blogs/richardsiddaway/archive/2011/07/20/july-2011-user-group-reminder.aspx


July 22, 2011  1:43 PM

Can I? Should?–copying VBscripts

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

One of the major errors I see PowerShell newcomers performing is copying script structures and syntax of VBScript into PowerShell. Let me give you an example

This piece of VBScript is borrowed from the Windows 2000 scripting guide

 

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery _
("SELECT * FROM Win32_OperatingSystem")
For Each objOperatingSystem in colSettings
Wscript.Echo "OS Name: " & objOperatingSystem.Name
Wscript.Echo "Version: " & objOperatingSystem.Version
Wscript.Echo "Service Pack: " & _
objOperatingSystem.ServicePackMajorVersion _
& "." & objOperatingSystem.ServicePackMinorVersion
Wscript.Echo "OS Manufacturer: " & objOperatingSystem.Manufacturer
Wscript.Echo "Windows Directory: " & _
objOperatingSystem.WindowsDirectory
Wscript.Echo "Locale: " & objOperatingSystem.Locale
Wscript.Echo "Available Physical Memory: " & _
objOperatingSystem.FreePhysicalMemory
Wscript.Echo "Total Virtual Memory: " & _
objOperatingSystem.TotalVirtualMemorySize
Wscript.Echo "Available Virtual Memory: " & _
objOperatingSystem.FreeVirtualMemory
Wscript.Echo "OS Name: " & objOperatingSystem.SizeStoredInPagingFiles
Next

It uses the Win32_OperatingSystem class to display information about the computers OS. As you can see the bulk of the script is concerned with formatting. Note the error in the script regarding OS Name

 

What often happens is that this will be translated directly, line by line, into PowerShell – which gives us something like this

$strComputer = "."            
            
$colSettings = Get-WmiObject -Query "SELECT * FROM Win32_OperatingSystem" -ComputerName $strComputer            
foreach ($objOperatingSystem in $colSettings){            
 Write-Host "OS Name: "  $objOperatingSystem.Name            
 Write-Host "Version: "  $objOperatingSystem.Version            
 Write-Host "Service Pack: "  $objOperatingSystem.ServicePackMajorVersion "." $objOperatingSystem.ServicePackMinorVersion            
 Write-Host "OS Manufacturer: "  $objOperatingSystem.Manufacturer            
 Write-Host "Windows Directory: "  $objOperatingSystem.WindowsDirectory            
 Write-Host "Locale: "  $objOperatingSystem.Locale            
 Write-Host "Available Physical Memory: "  $objOperatingSystem.FreePhysicalMemory            
 Write-Host "Total Virtual Memory: "  $objOperatingSystem.TotalVirtualMemorySize            
 Write-Host "Available Virtual Memory: " $objOperatingSystem.FreeVirtualMemory            
}

This is less code but still seems like a lot of work

 

lets put it into PowerShell as if we had written it from scratch

$strComputer = "."            
            
Get-WmiObject -Class Win32_OperatingSystem -ComputerName $strComputer |            
select Name, Version, ServicePackMajorVersion, ServicePackMinorVersion,            
Manufacturer, WindowsDirectory, Locale, FreePhysicalMemory,             
TotalVirtualMemorySize, FreeVirtualMemory

 

Now that is much easier. Quicker to code and easier to understand.

 

By all means use VBscripts as references for using WMI classes (I do) but re-write into PowerShell its much, much easier.

This isn’t a contradiction of my previous post as I advocated leaving legacy VBScript alone until you needed to  modify it


July 20, 2011  3:09 PM

Can I? Should I?–examples–legacy scripts

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

In this post http://msmvps.com/blogs/richardsiddaway/archive/2011/07/17/can-i-should-i.aspx I stated that PowerShell isn’t necessarily the right answer to every problem.

I was left a comment asking if I could expand.  I’ll do that over a series of short posts as I think of examples.

One of the first that comes to mind is legacy scripts.

VBScript never really caught on as a mainstream administration tool. There were a number of reasons for this:

  • non interactive
  • harder to use and debug
  • less information
  • less flexible
  • admins addicted to the GUI
  • less pressure on people i.e. more admins

However, a number of organisations created a significant number of scripts and performed some very clever stuff.

Now, the question for those organisations is this -

“PowerShell has appeared. Do I convert all those scripts, that work really well to PowerShell?”

 

My answer would be no!  Learn PowerShell first . Get really proficient. Develop new stuff in PowerShell and migrate the legacy scripts when they need an over haul (or you get some free timeSurprised smile) that way you get the best of both worlds and run the smallest risk when you come to migrate the legacy scripts.


July 20, 2011  2:49 PM

July 2011–User Group reminder

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Next Tuesday – 26 July there will be a UK user group session looking at PowerShell remoting:

  • cmdlets with remoting capabilities
  • .NET remoting capabilities
  • Invoke-Command
  • PowerShell sessions
  • WinRm and WSMan cmdlets

Details on joining the live meeting session:


When: Tuesday, Jul 26, 2011 7:30 PM (BST)


Where:

*~*~*~*~*~*~*~*~*~*

A look at PowerShell Remoting using individual commands, Invoke-Command and PowerShell sessions. How to configure remoting and get the best out of it

Notes


Richard Siddaway has invited you to attend an online meeting using Live Meeting.
Join the meeting.
Audio Information
Computer Audio
To use computer audio, you need speakers and microphone, or a headset.
First Time Users:
To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting.
Troubleshooting
Unable to join the meeting? Follow these steps:

  1. Copy this address and paste it into your web browser:
    https://www.livemeeting.com/cc/usergroups/join
  2. Copy and paste the required information:
    Meeting ID: C7JCCP
    Entry Code: fKg^5N’,D
    Location: https://www.livemeeting.com/cc/usergroups

If you still cannot enter the meeting, contact support

Notice
Microsoft Office Live Meeting can be used to record meetings. By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting.


July 18, 2011  12:36 PM

Joining objects

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

PowerShell doesn’t have the equivalent of an SQL Union statement that lets you join objects together. What you can do is use New-Object to create the joined output.

As an example that recently came up on a forum

$outputs = @()            
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "IPenabled=$true" |            
foreach {            
 $nic = Get-WmiObject -Class Win32_NetworkAdapter -Filter "DeviceId='$($_.Index)'"            
            
 $output= New-Object -TypeName PSObject -Property @{            
  NICCardName = $nic.NetConnectionId            
  DHCPEnabled = $($_.DHCPEnabled)            
  IPAddress = $($_.IPAddress)            
  SubnetMask = $($_.IPSubnet)            
  Gateway = $($_.DefaultIPGateway)            
  DHCPServer = $($_.DHCPServer)            
  DNSDomain =  $($_.DNSDomain)            
  DNSDomainSuffixSearchOrder = $($_.DNSDomainSuffixSearchOrder)            
  DNSServerSearchOrder = $($_.DNSServerSearchOrder)            
 }             
$outputs += $output            
}            
$outputs

Get the NetworkAdapterConfigurations where they are IPenabled. Then for each get the associated adapter.

Create a new object and add the properties.  Add the object to the array of results.

At the end output the array.

I would not use the array and just output the object and allow the pipeline to take care of any other processing


July 17, 2011  4:17 AM

Can I? Should I?

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The question “Can I do X with PowerShell?” comes up very frequently.

PowerShell provides access to a huge range of functionality:

  • .NET
  • COM
  • WMI
  • Microsoft and third party products

Usually the answer is “Yes, you can”

BUT

What doesn’t seem to be considered so often is the question “Should I do X with PowerShell?”

If you don’t have alternatives then by all means try it but if there are better ways to accomplish the task then consider them.

If all you have is PowerShell everything looks like a script


July 15, 2011  6:47 AM

Printer Security settings

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I was recently asked about getting the security settings for printers.

$pace = DATA {            
ConvertFrom-StringData -StringData @'
983052 = ManagePrinters
983088 = ManageDocuments
131080 = Print 
524288 = TakeOwnership
131072 = ReadPermissions
262144 = ChangePermissions 
'@            
}             
$flags = @(983052,983088, 131080, 524288, 131072, 262144)            
            
            
function get-printersecurity {            
 [CmdletBinding()]            
 param (            
  [string]$computer="."            
 )            
             
 Get-WmiObject -Class Win32_Printer -ComputerName $computer |            
 foreach {            
  "`nPrinter: $($_.DeviceId)"            
  $query = "ASSOCIATORS OF {Win32_Printer.DeviceID='$($_.DeviceID)'} WHERE ResultClass=Win32_Share"            
  Get-WmiObject -ComputerName $computer -Query $query |             
  foreach {            
    ""            
    "Share: $($_.Name)"            
                
    $query2 = "ASSOCIATORS OF {Win32_Share.Name='$($_.Name)'} WHERE ResultClass=Win32_LogicalShareSecuritySetting"            
    $sec = Get-WmiObject -ComputerName $computer -Query $query2            
    $sd = $sec.GetSecurityDescriptor()            
    $sd.Descriptor.DACL | foreach {            
      ""             
      "$($_.Trustee.Domain)  $($_.Trustee.Name)"            
                  
      foreach ($flag in $flags){            
        if ($_.AccessMask -band $flag){            
          $pace["$($flag)"]            
        }            
      }            
    }            
  }            
 }            
}

 

Create a hash table lookup and an array of flags

The function then gets all the printers on a system, links through to any shares and then gets the security descriptor of the share. The DACL on the security descriptor is iterated over to generate a list of users and their permissions


July 13, 2011  5:01 AM

European PowerShell Deep Dive

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

In April there was a Powershell Deep Dive at The Experts conference. It went
so well that the event is to be repeated at the European version of The Experts
Conference – October 17-18

Available details are limited but start here

http://blogs.msdn.com/b/powershell/archive/2011/07/12/powershell-deep-dive-the-experts-conference-europe-2011.aspx


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: