PowerShell for Windows Admins


October 23, 2011  11:08 AM

Reading the hosts file

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Normally I ignore the Hosts file but my development laptop isn’t a member of my test domain – a number of reasons for this which I won’t go into.

This means that when I want to RDP to a machine in the test domain I have to use the IP address. A bit awkward but not too bad until I start changing the machines and I need to remember more IP addresses. Time to use the Hosts file then I can just refer to machine name.  First off need to be able to read the hosts file.

Could just use

Get-Content -Path C:\Windows\system32\drivers\etc\hosts

but that’s no fun.  Lets identify the bits of the file we need and junk the rest.

function get-hostfilecontent {            
 $file = Join-Path -Path $($env:windir) -ChildPath "system32\drivers\etc\hosts"            
 if (-not (Test-Path -Path $file)){            
   Throw "Hosts file not found"            
 }            
 Get-Content -Path $file |             
 where {!$_.StartsWith("#")} |            
 foreach {            
  if ($_ -ne ""){            
  $data = $_ -split " ",2            
   New-Object -TypeName PSObject -Property @{            
     Server = $data[1].Trim()            
     IPAddress = $data[0].Trim()            
   }            
  }            
 }            
}

Create the path to the file and test it exists.  I’ve used the windir environmental variable just to be sure I can find it.

Run get-content on the file and filter out the comments (start with #). For each remaining record split it in 2 based on the first space. Only allow two substrings from the split in case multiple spaces were used. Take the resultant data and output as an object with 2 properties – server name and IPAddress.

October 19, 2011  2:08 PM

Discovering NIC that has a specific IP Address

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

One question (of many) that came up at that European Deep Dive (more on that later) was finding the particular network adapter associated with an IP Address.  The problem is that IP Address (in the later versions of Windows) is a string array in WMI

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "Index=7"

returns this for the IP Address

IPAddress        : {10.10.54.202, fe80::4547:ee51:7aac:521e}

So we need a bit of magic. How can we test if an array contains a particular value?

function get-nicfromIP {            
 [CmdletBinding()]            
 param (            
  [parameter(Mandatory=$true)]            
  [ValidatePattern("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")]            
  [string]$ipaddress,            
              
  [string]$computername="$env:COMPUTERNAME"            
 )            
Write-Verbose $ipaddress            
             
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -ComputerName $computername |            
foreach {            
 Write-Verbose "$($_.Description)"            
 if ($($_.IPAddress) -contains $ipaddress){            
  Write-Debug "getting adapter"            
              
  Get-WmiObject -Class Win32_NetworkAdapter -Filter "DeviceID=$($_.Index)" -ComputerName $computername             
 }            
}             
}

Create a function that takes an IP Address as a parameter  (thanks to Tobias for the regex – one day I’ll learn to do them)

Use the Win32_NetworkAdapterConfiguration class to retrieve the configurations. Foreach configuration test if the IPAddress array contains the IPAddress.

The –contains operator is made for this work

If our test is true then we get the Win32_NetworkAdapter that is associated with the configuration.  I’ve just used the fact that DeviceId=Index to perform the link.

Contrary to my thinking at the Deep Dive (why didn’t we test it instead of just talking about it Sad smile) there is a WMI association between the Win32_NetworkAdapterConfiguration and the Win32_NetworkAdapter  class so we could rewrite the if statement as

function get-nicfromIP {            
 [CmdletBinding()]            
 param (            
  [parameter(Mandatory=$true)]            
  [ValidatePattern("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")]            
  [string]$ipaddress,            
              
  [string]$computername="$env:COMPUTERNAME"            
 )            
Write-Verbose $ipaddress            
             
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -ComputerName $computername |            
foreach {            
 Write-Verbose "$($_.Description)"            
 if ($($_.IPAddress) -contains $ipaddress){            
  Write-Debug "getting adapter"            
  $q = "ASSOCIATORS OF {Win32_NetworkAdapterConfiguration.Index=$($_.Index)}"            
  Get-WmiObject -ComputerName $computername -Query $q            
 }            
}             
}


October 12, 2011  1:15 PM

European Deep dive approaching

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Next Monday & Tuesday sees the first European Deep Dive  – if you are a PowerShell fan its where you need to be.

 

The speaker line up is available from

 

http://blogs.msdn.com/b/powershell/archive/2011/10/06/powershell-deep-dive-lineup.aspx

 

See you there


October 6, 2011  12:25 PM

Deep Dive line up

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The line up for this months Deep Dive has been announced

http://blogs.msdn.com/b/powershell/archive/2011/10/06/powershell-deep-dive-lineup.aspx

 

Looks good


October 4, 2011  1:27 PM

Win32_OSRecoveryConfiguration class

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The Win32_OSRecoveryConfiguration class represents the types of information that will be gathered from memory when the operating system fails. This includes boot failures and system crashes.

One very important parameter is DebugInfoType  which sets the type of debugging information written to the log file.

Possible values are:

Value Meaning

0

None

1

Complete Memory Dump

2

Kernel Memory Dump

3

Small Memory Dump

If we try and change the setting like this

Set-WmiInstance -Class Win32_OSRecoveryConfiguration -Arguments @{DebugInfoType=1}

we get this error

Set-WmiInstance : Unsupported parameter

Lets try running in an elevated prompt. Nope same error

Last chance we EnableAllPrivileges while in an elevated prompt

Nope still get same error

very last chance

Get-WmiObject -Class Win32_OSRecoveryConfiguration -EnableAllPrivileges |
Set-WmiInstance -Arguments @{DebugInfoType=1}

Now that works!!

We have to enable all privileges on the object BEFORE we try and modify it.

If you have a WMI class where you are trying to modify a property and get these errors:

  1. Try elevated prompt
  2. Try –EnableAllPrivileges in elevated prompt
  3. Try Get-WmiObject with –EnableAllPrivileges  piped into Set-WmiInstance in an elevated prompt


October 2, 2011  1:21 PM

PowerShell 3 and DHCP: scope options

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

In this post – http://msmvps.com/blogs/richardsiddaway/archive/2011/09/23/powershell-3-and-dhcp-2-scopes.aspx – we created a new DHCP scope.

Now we need to set some options on the scope. One of the main options we need to set is the DNS server

We can see the available options using

Get-DhcpServerv4OptionDefinition -ComputerName server02

This displays a list of the available options – remember that we can add our own so this isn’t necessarily a static list

The options that are set for the test scope are

PS> Get-DhcpServerv4OptionValue -ComputerName server02 -ScopeId 192.168.100.0

OptionId   Name            Type       Value                VendorClass     UserClass       PolicyName
——–   —-            —-       —–                ———–     ———       ———-
51         Lease           DWord      {86400}

The DNS server for this scope can be set like this

PS> Set-DhcpServerv4OptionValue -ComputerName server02 -ScopeId 192.168.100.0 `
-DnsServer 10.10.54.201

OptionId   Name            Type       Value                VendorClass     UserClass       PolicyName
——–   —-            —-       —–                ———–     ———       ———-
6          DNS Servers     IPv4Add… {10.10.54.201}


September 27, 2011  1:49 PM

WMI provider and MOF file

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

WMI is installed as a series of providers. The information on creating the classes comes from MOF files. I was recently asked about a problem with a specific class & could it be restored – in this case it was easier to rebuild WMI as the provider created a large part of the root\cimv2 namespace (namespaces can require multiple namespaces to complete their creation).

That got me thinking about how you discover the mof file associated with a class. Which leads to

$ns = "root\cimv2"            
$class = "Win32_Logicaldisk"            
            
            
$p = Get-WmiObject -Namespace $ns -Class $class |             
select -f 1 |             
select -ExpandProperty qualifiers |             
where {$_.Name -eq 'provider'}            
            
$class            
$p            
            
Get-ChildItem -Path C:\Windows\System32\wbem -Filter "*$($p.Value)*"

Get the first instance of a class, expand the qualifiers and select the qualifier with a name of provider.

Then perform a dir on the wbem folder to find the appropriate files. This isn’t infallible due to files names not necessarily being consistent but its a good starting point for the standard classes


September 25, 2011  1:35 PM

Proxy function for Get-WmiObject

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

There are many people who don’t like to see the WMI system properties

PS> Get-WmiObject -Class Win32_OperatingSystem | select __*

__GENUS          : 2
__CLASS          : Win32_OperatingSystem
__SUPERCLASS     : CIM_OperatingSystem
__DYNASTY        : CIM_ManagedSystemElement
__RELPATH        : Win32_OperatingSystem=@
__PROPERTY_COUNT : 63
__DERIVATION     : {CIM_OperatingSystem, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER         : RSLAPTOP01
__NAMESPACE      : root\cimv2
__PATH           :
\\RSLAPTOP01\root\cimv2:Win32_OperatingSystem=@

Now one day we may get a version of Get-WmiObject that allows us to block their display but in the mean time we can create a proxy function.

Using the metaprogramming module from

http://blogs.msdn.com/powershell/archive/2009/01/04/extending-and-or-modifing-commands-with-proxies.aspx

I created a proxy function

New-ProxyCommand Get-WmiObject -CommandType All
-AddParameter NoSystemProperties > Get-WmiObject.ps1

This adds a parameter NoSystemProperties and outputs everything to a .ps1 file.

The details need to be added:

  1. turn the script into a function
  2. add the [switch] type to the property
  3. add the code to deal with the new parameter

 

if ($NoSystemProperties) {
[Void]$PSBoundParameters.Remove("NoSystemProperties")
$scriptCmd = {& $wrappedCmd @PSBoundParameters |
Select-Object -ExcludeProperty __*  -Property *|
Select-Object -ExcludeProperty Scope, Path, Options, ClassPath,
Properties, SystemProperties, Qualifiers, Site, Container -Property * }
}
else {
$scriptCmd = {& $wrappedCmd @PSBoundParameters }
}

If the NoSystemProperties parameter is given then remove it from the bound parameters and then run get-wmiobject, exclude the system properties and then exclude the other related properties

If the NoSystemProperties isn’t set then run as normal

function Get-WmiObject {            
            
[CmdletBinding(DefaultParameterSetName='query')]            
param(            
    [Parameter(ParameterSetName='query', Mandatory=$true, Position=0)]            
    [Parameter(ParameterSetName='list', Position=1)]            
    [System.String]            
    ${Class},            
            
    [Parameter(ParameterSetName='list')]            
    [Switch]            
    ${Recurse},            
            
    [Parameter(ParameterSetName='query', Position=1)]            
    [System.String[]]            
    ${Property},            
            
    [Parameter(ParameterSetName='query')]            
    [System.String]            
    ${Filter},            
            
    [Switch]            
    ${Amended},            
            
    [Parameter(ParameterSetName='query')]            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Switch]            
    ${DirectRead},            
            
    [Parameter(ParameterSetName='list')]            
    [Switch]            
    ${List},            
            
    [Parameter(ParameterSetName='WQLQuery', Mandatory=$true)]            
    [System.String]            
    ${Query},            
            
    [Switch]            
    ${AsJob},            
            
    [Parameter(ParameterSetName='class')]            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Parameter(ParameterSetName='query')]            
    [Parameter(ParameterSetName='list')]            
    [Parameter(ParameterSetName='path')]            
    [System.Management.ImpersonationLevel]            
    ${Impersonation},            
            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Parameter(ParameterSetName='class')]            
    [Parameter(ParameterSetName='path')]            
    [Parameter(ParameterSetName='query')]            
    [Parameter(ParameterSetName='list')]            
    [System.Management.AuthenticationLevel]            
    ${Authentication},            
            
    [Parameter(ParameterSetName='class')]            
    [Parameter(ParameterSetName='list')]            
    [Parameter(ParameterSetName='path')]            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Parameter(ParameterSetName='query')]            
    [System.String]            
    ${Locale},            
            
    [Parameter(ParameterSetName='query')]            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Parameter(ParameterSetName='list')]            
    [Parameter(ParameterSetName='path')]            
    [Parameter(ParameterSetName='class')]            
    [Switch]            
    ${EnableAllPrivileges},            
            
    [Parameter(ParameterSetName='list')]            
    [Parameter(ParameterSetName='class')]            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Parameter(ParameterSetName='path')]            
    [Parameter(ParameterSetName='query')]            
    [System.String]            
    ${Authority},            
            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Parameter(ParameterSetName='path')]            
    [Parameter(ParameterSetName='class')]            
    [Parameter(ParameterSetName='query')]            
    [Parameter(ParameterSetName='list')]            
    [System.Management.Automation.PSCredential]            
    ${Credential},            
            
    [System.Int32]            
    ${ThrottleLimit},            
            
    [Parameter(ParameterSetName='list')]            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Parameter(ParameterSetName='path')]            
    [Parameter(ParameterSetName='class')]            
    [Parameter(ParameterSetName='query')]            
    [Alias('Cn')]            
    [ValidateNotNullOrEmpty()]            
    [System.String[]]            
    ${ComputerName},            
            
    [Parameter(ParameterSetName='list')]            
    [Parameter(ParameterSetName='path')]            
    [Parameter(ParameterSetName='class')]            
    [Parameter(ParameterSetName='WQLQuery')]            
    [Parameter(ParameterSetName='query')]            
    [Alias('NS')]            
    [System.String]            
    ${Namespace},            
                
    [Switch]            
    ${NoSystemProperties})            
            
begin            
{            
    try {            
        $outBuffer = $null            
        if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer))            
        {            
            $PSBoundParameters['OutBuffer'] = 1            
        }            
        $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Get-WmiObject', [System.Management.Automation.CommandTypes]::Cmdlet)            
        if ($NoSystemProperties) {            
          [Void]$PSBoundParameters.Remove("NoSystemProperties")            
          $scriptCmd = {& $wrappedCmd @PSBoundParameters |             
             Select-Object -ExcludeProperty __*  -Property *|             
             Select-Object -ExcludeProperty Scope, Path, Options, ClassPath, Properties, SystemProperties, Qualifiers, Site, Container -Property * }            
        }            
        else {            
          $scriptCmd = {& $wrappedCmd @PSBoundParameters }            
        }              
        $steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)            
        $steppablePipeline.Begin($PSCmdlet)            
    } catch {            
        throw            
    }            
}            
            
process            
{            
    try {            
        $steppablePipeline.Process($_)            
    } catch {            
        throw            
    }            
}            
            
end            
{            
    try {            
        $steppablePipeline.End()            
    } catch {            
        throw            
    }            
}            
            
<#

.ForwardHelpTargetName Get-WmiObject
.ForwardHelpCategory Cmdlet

#>            
            
}

The new function can be dot sourced or loaded from a module and because PowerShell runs functions before cmdlets it intercepts the cmdlet.

Get-WmiObject -Class Win32_OperatingSystem

Get-WmiObject -Class Win32_OperatingSystem –NoSystemProperties

then give us what we want.

The drawback is that using –NoSystemProperties we lose the methods but if you want them then you are either putting the results into an object or onto the pipeline in which case the system properties won’t be displayed.

Until we get a change to the cmdlet this will work.

Enjoy.


September 22, 2011  12:29 PM

PowerShell remoting and the customisation of remoting end points–recording

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The recording of Aleksandar’s session for the UK user group

http://msmvps.com/blogs/richardsiddaway/archive/2011/09/08/powershell-user-group-20-september-2011.aspx

entitled

PowerShell remoting and the customisation of remoting end points

Is available from

https://skydrive.live.com/?cid=43cfa46a74cf3e96#!/?cid=43cfa46a74cf3e96&sc=documents&uc=1&id=43CFA46A74CF3E96%212927

 

The slides and demo scripts are included in the zip file.

The next meeting will be 25 Oct  2011 on WSMAN and WMI.  It is an extended version of the recent session I did for the pre-TechEd Australia PowerShell conference. As well as WMI and WSMAN we will have a look at the new remoting access methods in PowerShell v3. Details to follow.


September 21, 2011  2:20 PM

select-object quirk

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I was working with the new CIM cmdlets in PowerShell 3 CTP and mistyped a command (as I thought)

Get-Cimclass win32_operatingsystem | select -ExpandProperty methods | select -f 1 select -ExpandProperty Qualifiers

 

My surprise was because of the two uses of select without a pipe between them.  It works, I don’t know why – but I don’t recommend it Smile


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: