PowerShell for Windows Admins


July 25, 2010  4:40 AM

Complexity vs Heterogeneity



Posted by: Richard Siddaway
Infrastructure Architecture

Most organisations have a degree of heterogeneity in their infrastructure for example:

  • mainly Windows with a few Unix or Linux servers
  • multiple versions of SQL Server because of application restrictions
  • a mixture of fat client and thin client systems because of application and mobility drivers
  • virtual and physical servers

Cost can also be a contributing factor to heterogeneity – for instance an organisation wants to virtualise its whole infrastructure but can’t afford to perform the migration in a single project under the current economic conditions.

Complexity, in infrastructure terms, may seem to be the same as heterogeneity in that a complex infrastructure is usually heterogeneous however a heterogeneous infrastructure isn’t necessarily complex.

Complexity arises from a number of sources:

  • multiple systems performing the same task
  • manual administration processes across multiple, disparate systems
  • multiple technologies – “just because we can”
  • wrong choice of technology
  • infrastructure driven by technology rather than business need
  • adopting new technologies without a clear business need

The last point may need some clarification.  There is a simple progression of needs:

  • organisations have business processes
  • business processes need applications to make them work
  • applications need to be hosted on and supported by infrastructure

If we approach this list in a top down manner we build infrastructure that meets the business requirements. If we supply technology and attempt to make the applications and business processes fit the result may well not meet the requirements and almost certainly will be more complex.

Complexity can be removed from a heterogeneous environment e.g:

  • use Active Directory for authentication\authorisation on your handful of Unix/Linux servers
  • extend your management tools across the whole environment
  • determine a strategic approach to infrastructure and ensure there is a governance/enforcement mechanism

I’ve stated before that infrastructure seems to a forgotten subject.  There is a lot published on software architectures but very little on the infrastructure.  We don’t even seem to have a set of guiding principles. I’ll offer one here:

Heterogeneity driven by business need should be embraced. Complexity should be removed from the environment.

July 24, 2010  7:29 AM

Remove Registry Key



Posted by: Richard Siddaway
PowerShell v2, Registry

Alternatively we can remove the whole key

001
002
003
004
005
006
007
008
$HKLM = 2147483650 #HKEY_LOCAL_MACHINE

$computer = "."  #local machine
$reg = [wmiclass]"\\$computer\root\default:StdRegprov"

$key = "SOFTWARE\ITKE PSAdmins"

$reg.DeleteKey($HKLM, $key)

We define the hive and the key and call the DeleteKey() method


July 24, 2010  7:27 AM

Remove-RegValue



Posted by: Richard Siddaway
PowerShell v2, Registry

Removing a registry value is a matter of using the DeleteValue() method

001
002
003
004
005
006
007
008
009
$HKLM = 2147483650 #HKEY_LOCAL_MACHINE

$computer = "."  #local machine
$reg = [wmiclass]"\\$computer\root\default:StdRegprov"

$key = "SOFTWARE\ITKE PSAdmins"
$value = "String Entry"

$reg.DeleteValue($HKLM, $key, $value)

Set the hive, the key and the value and call the method


July 23, 2010  1:50 PM

Setting permissions



Posted by: Richard Siddaway
PowerShell v2, Security, WMI

There was a question on the ITKE forum about creating folders and setting permissions.  That immediately started me thinking about a PowerShell answer

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
$trustee = ([wmiclass]‘Win32_trustee’).psbase.CreateInstance()
$trustee.Domain = “RSLAPTOP01″
$trustee.Name = “Test”

$fullcontrol = 2032127
$change = 1245631
$read = 1179785

$ace = ([wmiclass]‘Win32_ACE’).psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 3
$ace.AceType = 0
$ace.Trustee = $trustee

$sd = ([wmiclass]‘Win32_SecurityDescriptor’).psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace
$sd.group = $trustee
$sd.owner = $trustee

Get-ChildItem -Path c:\test | 
where{($_.PSISContainer) -and ($_.Name -like “test?”)} |
foreach {
    New-Item -Path $_.FullName -Name “Special” -ItemType directory
    $folder = Join-Path -Path $_.FullName -ChildPath “Special” 
    $name = $folder.Replace(“\”,“\\”)
    $fldr = Get-WmiObject -Class Win32_Directory -Filter “Name=’$name’”
    $fldr.ChangeSecurityPermissions($sd, 4)
}

I created a group called test on my machine – then used Win32_Trustee to create an object referring to the group. The creatinstance method doesn’t show on the PowerShell object so we have to drill down into the base object.

We then create an ACE defining full control and a security descriptor encompassing the ACE and the trustee.

I can loop through a folder picking off the folders that match a pattern and then create a new folder in each. After creation I set the security permission.


July 20, 2010  2:53 AM

July 2010 UG meeting – Registry



Posted by: Richard Siddaway
PowerShell v2, User Group

How we can use PowerShell, WMI and .NET to work with the registry

Notes


Richard Siddaway has invited you to attend an online meeting using Live Meeting.
Join the meeting.
Audio Information
Computer Audio
To use computer audio, you need speakers and microphone, or a headset.
First Time Users:
To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting.
Troubleshooting
Unable to join the meeting? Follow these steps:

  1. Copy this address and paste it into your web browser:
    https://www.livemeeting.com/cc/usergroups/join
  2. Copy and paste the required information:
    Meeting ID: CB99JS
    Entry Code: mm$2!”,$G
    Location: https://www.livemeeting.com/cc/usergroups

If you still cannot enter the meeting, contact support

Notice
Microsoft Office Live Meeting can be used to record meetings. By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting.


July 18, 2010  12:03 PM

Page File information



Posted by: Richard Siddaway
Operating System, PowerShell v2

A simple function to retrieve page file details

function Get-PageFile {
param(
    [string]$computer="."
)   
        Get-WmiObject -Class Win32_PageFileUsage  -ComputerName $computer |
        Select  @{Name="File";Expression={ $_.Name }},
        @{Name="Base Size(MB)"; Expression={$_.AllocatedBaseSize}},
        @{Name="Peak Size(MB)"; Expression={$_.PeakUsage}},
        @{Name="Install Date";Expression={ $_.ConvertToDateTime( $_.InstallDate) }},
        TempPageFile
  }

I’ve just modified the labels on the properties to emphasise the units of measurement for the sizes


July 16, 2010  6:59 AM

Uninstalling software



Posted by: Richard Siddaway
Automation, PowerShell v2, Software, WMI

The Win32_Product class can be used to list the installed software (what shows in Control panel Programmes and Featurs) on a machine.  it can also be used to uninstall software.

We can see the installed software

Get-WmiObject -Class Win32_Product

we can filter down to the results we need

Get-WmiObject -Class Win32_Product -Filter “Name LIKE ‘%TechNet%’”

The specific version to uninstall is selected

$t = Get-WmiObject -Class Win32_Product -Filter “Name = ‘TechNet Library – English DVD (March 2010)’”

and then we call the uninstall method

$t.Uninstall()

A return code of zero indicates a successful uninstall. Anything else and we have problems.

This method doesn’t delete items from the start menu – which is a job for another time


July 13, 2010  2:57 PM

PowerShell User Group Next Meetings



Posted by: Richard Siddaway
PowerShell v2, User Group

Next meetings are:

27 July 7.30 BST – Registry, Transactions, Provider, WMI

14 September 8.30 BST – Jonathan Medd MVP on Remoting – Note the time change


July 6, 2010  1:04 PM

Registry Size



Posted by: Richard Siddaway
PowerShell v2, Registry, WMI

 

Do you know how big your registry is?

001
002
003
Get-WmiObject -Class Win32_Registry | 
Select CurrentSize, ProposedSize, MaximumSize, Status,
@{Name="InstallationDate";Expression={$_.ConvertToDateTime($_.InstallDate)}}

The size parameters are in MB and the maximum size should be the same as the proposed size.  If the status is anything other than OK – it means there is a problem.


July 5, 2010  1:30 PM

Get Local Admins



Posted by: Richard Siddaway
PowerShell v2, Users, WMI

I’ve been experimenting with different ways of retrieving local group membership – specifically the members of the local admin group.

This is the quickest answer I’ve come up with

001
002
003
004
005
006
Get-WmiObject -Class Win32_GroupUser | 
where{$_.GroupComponent -like "*Administrators*"} | 
foreach {
    $data = $_.PartComponent -split "\,"
    $data[1].Remove(0,5).Replace(‘"’,) 
}

The Win32_Usergroup is one of the association classes. In the case it has all the information we need.  Use the GroupComponent to restrict the data to the admins groups.  Split the Part component and then clean up the second element to get the name.

For reference the two elements look like this:

GroupComponent : \\RSLAPTOP01\root\cimv2:Win32_Group.Domain="RSLAPTOP01",Name="Administrators"

PartComponent  : \\RSLAPTOP01\root\cimv2:Win32_UserAccount.Domain="RSLAPTOP01",Name="Administrator"

If you want to pick off the domain to show the difference between local and domain accounts then manipulate $data[0]  like this

001
002
003
004
005
006
007
008
009
010
Get-WmiObject -Class Win32_GroupUser | 
where{$_.GroupComponent -like "*Administrators*"} | 
foreach {
    $data = $_.PartComponent -split "\,"
   
    $domain = ($data[0] -split "=")[1].Replace(‘"’,) 
    $name = $data[1].Remove(0,5).Replace(‘"’,) 
   
    "$domain\$name"
}


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: