PowerShell for Windows Admins


August 26, 2010  1:09 PM

WMI and Network Adapters: 1

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Network adapters are a fundamental part of our system – without them our networks grind to a halt because the machines can’t communicate. We have a good tool in ipconfig for looking at NIC information but we can extend this using PowerShell and WMI.

Let’s start by seeing what is available.

Get-WmiObject -List *network*

returns a bunch of classes

Win32_NetworkLoginProfile
Win32_NetworkAdapterConfiguration
Win32_NetworkAdapterSetting
CIM_NetworkAdapter
Win32_NetworkAdapter
Win32_NetworkConnection
Win32_NetworkProtocol
Win32_NetworkClient
Win32_SystemNetworkConnections

plus some classes that give us performance counters – we’ll leave them for later.

Looking at the list of classes we’ll start with Win32_NetworkAdapter

On my Windows 7 machine I get a total of 14 adapters returned – that’s not bad for a machine with one Ethernet port and one wireless NIC!!  Each adapter returns some of the following information

ServiceName
MACAddress
AdapterType
DeviceID
Name
NetworkAddresses
Speed

This is the default data.  We can see what else might be available

Get-WmiObject -Class Win32_NetworkAdapter | Get-Member

gives us the following properties

AdapterType
AdapterTypeId
AutoSense
Availability
Caption
ConfigManagerErrorCode
ConfigManagerUserConfig
CreationClassName
Description
DeviceID
ErrorCleared
ErrorDescription
GUID
Index
InstallDate
Installed
InterfaceIndex
LastErrorCode
MACAddress
Manufacturer
MaxNumberControlled
MaxSpeed
Name
NetConnectionID
NetConnectionStatus
NetEnabled
NetworkAddresses
PermanentAddress
PhysicalAdapter
PNPDeviceID
PowerManagementCapabilities
PowerManagementSupported
ProductName
ServiceName
Speed
Status
StatusInfo
SystemCreationClassName
SystemName
TimeOfLastReset

if we look at the NICs that have the NetEnabled property set to true we get

PS> Get-WmiObject -Class Win32_NetworkAdapter -Filter “NetEnabled=’$true’”

ServiceName      : NVENETFD
MACAddress       : 00:1F:16:63:F5:DF
AdapterType      : Ethernet 802.3
DeviceID         : 7
Name             : NVIDIA nForce 10/100/1000 Mbps Networking Controller
NetworkAddresses :
Speed            : 10000000

ServiceName      : athr
MACAddress       : 00:24:2B:2F:9C:A5
AdapterType      : Ethernet 802.3
DeviceID         : 11
Name             : Atheros AR5007 802.11b/g WiFi Adapter
NetworkAddresses :
Speed            : 54000000

Comparing this to ipconfig

PS> ipconfig

Windows IP Configuration

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::6d95:b824:6a72:a0a9%12
   IPv4 Address. . . . . . . . . . . : 192.168.196.139
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.196.1

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4547:ee51:7aac:521e%11
   IPv4 Address. . . . . . . . . . . : 10.10.54.202
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{01F4E3B7-5F1F-40BD-8252-DCC3331891C1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{4DFBBD42-D7E9-49B8-9AD0-F5A644A94173}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

I’m going to leave the tunnel adapters for now and just concentrate on the enabled NICs. To get the full set of information for these NICs we use

Get-WmiObject -Class Win32_NetworkAdapter -Filter “NetEnabled=’$true’” | fl *

I’ll leave you to look at what we get from this command. Next time we’ll look at what we need from this to populate of ipconfig type report.

August 23, 2010  12:39 PM

WMI date issue

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

 

Working with WMI dates can be awkward sometimes. For instance if we look at the last boot up time of our system

$machine = Get-WmiObject -Class Win32_OperatingSystem

PS> $machine.LastBootUpTime
20100823183135.359600+060

We get a non-intuitive result

The ConvertToDateTime method can rescue us from this problem

PS> $machine.ConvertToDateTime($machine.LastBootUpTime)

23 August 2010 18:31:35

 

And we can even use it with write-host

PS> Write-Host $machine.ConvertToDateTime($machine.LastBootUpTime)
23/08/2010 18:31:35

 

However if we want to make the boot time part of a larger string we get a problem

PS> Write-Host "$machine.ConvertToDateTime($machine.LastBootUpTime)"
\\RSLAPTOP01\root\cimv2:Win32_OperatingSystem=@.ConvertToDateTime(\\RSLAPTOP01\root\cimv2:Win32_OperatingSystem=@.LastBootUpTime)

 

so we can use a sub-expression

PS> Write-Host "Boot up Time $($machine.ConvertToDateTime($machine.LastBootUpTime))"
Boot up Time 08/23/2010 18:31:35

 

but we end up with date that has changed format and is confusing if you are used to DD/MM/YYYY as we use in the UK. We can then use the DateTime property to get back to the format we need

PS> Write-Host ($machine.ConvertToDateTime($machine.LastBootUpTime)).DateTime
23 August 2010 18:31:35

PS> Write-Host "Boot up Time $($machine.ConvertToDateTime($machine.LastBootUpTime).DateTime)"
Boot up Time 23 August 2010 18:31:35

Done.


August 11, 2010  1:05 PM

Memory configuration

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

 

We have seen how to discover the total physical memory in a system but how is that memory arranged.

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
$form = DATA {
ConvertFrom-StringData -StringData @’
7 = SIMM
8 = DIMM
‘@

}

$type = DATA {
ConvertFrom-StringData -StringData @’
0 = Unknown
1 = Other
2 = DRAM
3 = Synchronous DRAM
4 = Cache DRAM
5 = EDO
6 = EDRAM
7 = VRAM
8 = SRAM
9 = RAM
10 = ROM
11 = Flash
12 = EEPROM
13 = FEPROM
14 = EPROM
15 = CDRAM
16 = 3DRAM
17 = SDRAM
18 = SGRAM
19 = RDRAM
20 = DDR
21 = DDR-2
‘@

}

Get-WmiObject -Class Win32_PhysicalMemory |
Format-Table BankLabel, PositionInRow, 
@{Name="Size GB"; Expression={[math]::round($($_.Capacity/1GB), 2)}}, 
DataWidth, DeviceLocator, 
@{Name="Form factor"; Expression={$form["$($_.FormFactor)"]}},
@{Name="Memory type"; Expression={$type["$($_.MemoryType)"]}}, 
Speed, TotalWidth -autosize

We can turn to the Win32_PhysicalMemory class. It will show us each memory module, the size, which bank it is in, the speed and the data width


August 10, 2010  1:13 PM

WMI and office 2

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

it seems that the WMI provider I mentioned last time is effectively discontinued in Office 2010.

I’ll see if I can get a machine set up with Office 2007 to investigate further


August 9, 2010  1:55 PM

WMI at the Office

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

If you have Office 2010 installed you should find an msapps12 namespace on your machine.

The classes exposed by this namespace can be found with

Get-WmiObject -Namespace root\msapps12 –List

There are a lot of them! The classes seem to be broken down by Office application  for instance to see the classes for dealing with Word documents

Get-WmiObject -Namespace root\msapps12 -List *word*

I can’t seem to find any documentation for these classes so a bit of trial and error is involved


August 8, 2010  12:51 PM

How big’s my dit

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The ntds.dit file is used to store Active Directory data on a domain controller. Knowing how big this file is getting is a useful piece if information. One way is to log on to each domain controller and test the size using Windows explorer.

A better way is to use WMI

PS> “server02″, “dc02″ | foreach {Get-WmiObject -Class CIM_LogicalFile `

-Filter “Name=’c:\\Windows\\NTDS\\ntds.dit’” -computername $_ }  |

Format-table CSname, FileSize  -AutoSize

CSname        FileSize
——                 ——–
SERVER02   41959424
DC02             41959424

If the file is in different places on different machines then put the server name and the location into a csv file.


August 6, 2010  12:29 PM

Adding permissions

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

 

In a recent post http://itknowledgeexchange.techtarget.com/powershell/setting-permissions/ I showed how to set the permissions on a folder. Some times we just want to add permissions.

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
$trustee = ([wmiclass]‘Win32_trustee’).psbase.CreateInstance()
$trustee.Domain = "RSLAPTOP01"
$trustee.Name = "Test"

$fullcontrol = 2032127

$aces = @()
$ace = ([wmiclass]‘Win32_ACE’).psbase.CreateInstance()
$ace.AccessMask = $fullcontrol
$ace.AceFlags = 19
$ace.AceType = 0
$ace.Trustee = $trustee

$sd = ([wmiclass]‘Win32_SecurityDescriptor’).psbase.CreateInstance()
$sd.ControlFlags = 4
$sd.DACL = $ace
$sd.group = $trustee
$sd.owner = $trustee

$sec = Get-WmiObject -Class Win32_LogicalFileSecuritySetting `
  -Filter "Path=’c:\\test\\test1\\special’"

$osd = $sec.GetSecurityDescriptor()

foreach ($acl in $osd.Descriptor.DACL){
    $ace = ([wmiclass]‘Win32_ACE’).psbase.CreateInstance()
    $ace.AccessMask = $acl.AccessMask
    $ace.AceFlags = $acl.AceFlags
    $ace.AceType = $acl.AceType
    $ace.Trustee = $acl.Trustee

    $sd.DACL += $ace.psobject.baseobject
}

$sec.SetSecurityDescriptor($sd)

We start by creating a trustee – this is a user or group that we can assign permissions to. As before we define the permissions flag as full control.  This allows us to create an ACE and a Security Descriptor.

We can then get the security settings of our folder. Read the acls and create an ACE for each one.  We then add them to the security descriptor.

Final action is to replace the permissions on the folder with our new security descriptor which includes the additional permissions.

One draw back to this approach is that WMI won’t work with UNC paths.


August 6, 2010  12:13 PM

Lenovo W510, Hyper-V and BSOD

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Beginning of the week I took delivery of a Lenovo W510 – i7 quad core with Hyper-Threading (Windows sees 8 cores) and 16GB of RAM.  From reviews I’d seen it seemed to run Hyper-V OK so it fitted the bill for a mobile lab.

Partitioned the disk OK and got Windows 2008 R2 installed.  Had to download a few drivers from the Lenovo (IBM) site but everything I needed was there or on the box already.  I’d ordered it with Windows 7 64bit so most of the drivers were available.

Installed Hyper-V and joined it to the domain.

Started moving Virtual Machines on to it and it started crash with a Blue Screen of Death.  Not good & I’m not amused at this point. Eventually got to the point where it wouldn’t start – continual BSOD.  Very not good – my new toy is going back if this continues!

Did some research and it seems there can be a conflict between core parking and Hyper-V.  Core parking is a power saving technology that puts cores to sleep if they are not being used. Hyper-V expects them to be there = BANG.

I booted into the BIOS screen and disabled the power management features on the CPU (and PCI bus for good measure) that enable core parking.  Restarted and everything now seems OK.

I can comfortably run a bunch of VMs and have a reasonable performance. 

Then I discovered that I had to reactivate Windows on all the VMs.  They’d been originally been running on a machine with AMD processor. New processor is Intel.  Its enough of a change to trigger reactivation.

All done and everything seems to work fine.

Time to get Virtual Machine Manager installed and see what that actually does.


July 27, 2010  2:00 PM

Recording and slides for July 2010 UG meeting

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

This months meeting covered working with the registry.

The slides and the demo script are available from

http://cid-43cfa46a74cf3e96.office.live.com/browse.aspx/PowerShell%20User%20Group/2010%20July

 

The recording is available

Richard Siddaway has invited you to view a Microsoft Office Live Meeting recording.
View Recording
Recording Details
    Subject: PowerShell and the Registry
    Recording URL: https://www.livemeeting.com/cc/usergroups/view
    Recording ID: CB99JS
    Attendee Key: mm$2!",$G


July 26, 2010  12:41 PM

Tomorrow – July UG meeting

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Tomorrow is the PowerShell UG Live Meeting on the Registry, PowerShell, .NET and WMI.

Full details from

http://msmvps.com/blogs/richardsiddaway/archive/2010/07/20/july-2010-ug-meeting-registry.aspx


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: