PowerShell for Windows Admins


November 14, 2010  4:46 AM

PowerShell and WMI book

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A few months ago I started work on a follow up to PowerShell in Practice – http://www.manning.com/siddaway/ .

This book will also be published by Manning. It covers PowerShell and WMI.  These two powerful technologies work well together to give a superb environment for managing your systems. WMI has had a bit of  a bad reputation over the years but PowerShell really does make it easy to work with. 

The first three chapters are available no through the Manning Early Access Program [MEAP] from http://www.manning.com/siddaway2/

Chapters 4 and 5 are in the pipeline and I’m currently working on chapter 6.

Please leave any comments on the author forum or here

Enjoy.

November 12, 2010  1:46 PM

PowerShell in Practice goes mobile

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

PowerShell in Practice is now available in mobi and epub formats for use on Kindle, iPhone, Sony Reader etc etc

If you have a copy of the book you should be getting emailed about the availability of these new formats.  Otherwise check out http://www.manning.com/catalog/mobile/


November 8, 2010  4:38 PM

Cache memory

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Security

 

Processors have cache memory as we saw when we looked at Win32_Processor. We can find more details about the cache memory using the Win32_CacheMemory class

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
$assoc = DATA {ConvertFrom-StringData -StringData @’
1 = Other
2 = Unknown
3 = Direct Mapped
4 = 2-way Set-Associative
5 = 4-way Set-Associative
6 = Fully Associative
7 = 8-way Set-Associative
8 = 16-way Set-Associative
‘@
$ct = DATA {ConvertFrom-StringData -StringData 

@’
1 = Other
2 = Unknown
3 = Instruction
4 = Data
5 = Unified
‘@
}
$wp = DATA {ConvertFrom-StringData -StringData 

@’
1 = Other
2 = Unknown
3 = Write Back
4 = Write Through
5 = Varies with Address
6 = Determination Per I/O
‘@
}
$sram = DATA {ConvertFrom-StringData -StringData 

@’
0 = Other
1 = Unknown
2 = Non-Burst
3 = Burst
4 = Pipeline Burst
5 = Synchronous
6 = Asynchronous
‘@
}
function ssram

 {
param ($supsram
)
$ret = “”
 $supsram | foreach
{
$ret += $sram["$($_)"] + “, “

}
$ret.TrimEnd(“, “
)

Get-WmiObject -Class Win32_CacheMemory | 
foreach
 {
$_ | select DeviceID, Purpose,

@{Name
=“Associativity”; Expression={$assoc["$($_.Associativity)"]}},
  BlockSize,
 @{Name=“Cache Type”; Expression={$ct["$($_.CacheType)"]}},

InstalledSize, NumberOfBlocks, MaxCacheSize,
 @{Name=“Current SRAM”; Expression={$sram["$($_.CurrentSRAM)"]}},

@{Name
=“Supported SRAM”; Expression={ssram $_.SupportedSRAM}},

@{Name
=“Write Policy”; Expression={$wp["$($_.WritePolicy)"]}}
}

 

 

 

 

 

 

Most of this should be familiar by now.  We create some hash tables as lookups. Then we use Win32_cachememory.  The replacement of integer codes by their meaning looked up from the hash table is straight forward. The trick in this is decoding the SupportedSRAM property. its an array of integers so I had to write a function to work through the array members, decode them and add the results to a string that we can then display.


November 7, 2010  4:00 PM

PowerShell PowerCamp

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Interested in PowerShell?  Want to learn it fast? Want to learn from an expert?

if so check out http://tfl09.blogspot.com/2010/11/weekend-powershell-camp-event-on-cards.html for info on a weekend event Thomas Lee is running in the UK.

Highly recommended. In fact he is the only PowerShell trainer in England I would recommend.


November 7, 2010  3:49 PM

Computer Bus

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I’ve been looking at computer hardware a lot recently.  The buses inside a system can be interesting

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
$bustype = DATA {
ConvertFrom-StringData -StringData 
@’
-1 = Undefined
0 = Internal
1 = ISA
2 = EISA
3 = MicroChannel
4 = TurboChannel
5 = PCI Bus
6 = VME Bus
7 = NuBus
8 = PCMCIA Bus
9 = C Bus
10 = MPI Bus
11 = MPSA Bus
12 = Internal Processor
13 = Internal Power Bus
14 = PNP ISA Bus
15 = PNP Bus
16 = Maximum Interface Type
‘@

} 

function get-bus {
[CmdletBinding()]
param
 (
 
[parameter(ValueFromPipeline=$true,
   ValueFromPipelineByPropertyName=$true)]
 [string]$computer="."
) 
Get-WmiObject -class Win32_Bus | sort BusType, Busnum |
select BusNum,
 
@{Name
="Bus type"; Expression={$bustype["$($_.BusType)"]}},
DeviceID, PNPDeviceID
}

 

 

 

 

This will form part of a new PAM module for system discovery/documentation


November 3, 2010  2:00 PM

WMI Settings

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I have been digging into WMI internals a lot recently and came across a class that shows me the WMI settings.

001
002
003
004
005
006
007
008
009
010
011
012
Get-WmiObject Win32_WMISetting | 
select ASPScriptDefaultNamespace, 
BuildVersion, DatabaseDirectory, 
EnableEvents, EnableStartupHeapPreallocation,
HighThresholdOnClientObjects,
InstallationDirectory, 
LoggingDirectory, LoggingLevel,
LowThresholdOnEvents, MaxLogFileSize,
MaxWaitOnEvents

Get-WmiObject Win32_WMISetting | 
select -ExpandProperty AutorecoverMofs

I have to call it twice because I want to expand the list of MOF files


October 31, 2010  4:29 AM

Daylight Saving Time?

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

 

We’ve finished daylight saving time in the UK.  How can we tell which time zone (and if daylight saving is enabled)?

001
002
003
004
$tz = Get-WmiObject Win32_TimeZone
if ((Get-Date).
IsDayLightSavingTime()) {
 
"Time zone: $($tz.DayLightName)"}
else {"Time zone: $($tz.StandardName)"}

Use Win32_TimeZone.  The easiest way to test for daylight saving time is to use get-date as shown. depending on the results we show the relevant time zone


October 30, 2010  7:00 AM

OS Recovery Options

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

What  happens if your OS has a problem and crashes. You can easily check the configuration of the recovery options using WMI

001
002
003
004
005
006
007
008
Get-WmiObject Win32_OSRecoveryConfiguration |
select Name, AutoReboot, DebugFilePath,
DebugInfoType,
ExpandedDebugFilePath, ExpandedMiniDumpDirectory,
KernelDumpOnly, MiniDumpDirectory,
OverwriteExistingDebugFile,
SendAdminAlert, WriteDebugInfo,
WriteToSystemLog

Another simple tool for checking your system configuration


October 28, 2010  6:55 AM

On board devices

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

 

Many computer systems come with devices such as video controllers or network cards on the mother board.  Need to discover what those devices are?

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
$devtype = DATA {
ConvertFrom-StringData -StringData 
@’
1 = Other
2 = Unknown
3 = Video
4 = SCSI Controller
5 = Ethernet
6 = Token Ring
7 = Sound
‘@

} 

Get-WmiObject -Class Win32_OnBoardDevice |
 select Description,
 @{Name="Device"
; 
 Expression
={$devtype["$($_.DeviceType)"]}}

Use the Win32_OnBoardDevice class as shown.  On my Lenovo W510 I have some IBM embedded security hardware. That shows in the description even though that type of device isn’t covered in the standard list.


October 27, 2010  11:11 AM

PowerShell on Bing UK

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I’ve mentioned before that Bing US included an online reference to the PowerShell cmdlets under its Visual Search heading.

This is now also available on the UK version of Bing.  Navigate from the home page or jump straight in with

http://www.bing.com/visualsearch?g=uk_powershell_cmdlets&qpvt=Windows+PowerShell&FORM=Z9GE52#p=4


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: