PowerShell for Windows Admins

February 28, 2011  3:11 PM

WMI and performance counters II

Richard Siddaway Richard Siddaway Profile: Richard Siddaway


In this post http://itknowledgeexchange.techtarget.com/powershell/wmi-and-performance-counters-i/ we looked at using WMI to retrieve performance counter information and looked at the


classes. We used the formatted data because the raw data needed some calculations performing.  The draw back to the formatted data is that it doesn’t contain the timestamp.  if we want the exact timestamp we need to work with the raw data.

If you run this

Get-WmiObject -Class Win32_PerfRawData_PerfOS_Processor -Filter "Name=’_Total’"

you will see similar results to the formatted data except that the numbers don’t seem to make sense – for instance I got

PercentProcessorTime  : 88950912194

Man that processor is busy!

OK we need to perform some calculations on this data.  We start by looking at the class documentation.  For each counter it will give something like this


Data type: uint64
Access type: Read-only
Qualifiers: DisplayName ( "% Processor Time") , PerfDefault, CounterType ( 558957824) , DefaultScale ( 0) , PerfDetail ( 100)

Percentage of time that the processor is executing a non-idle thread. This property was designed as a primary indicator of processor activity. It is calculated by measuring the time that the processor spends executing the thread of the idle process in each sample interval and subtracting that value from 100%. Each processor has an idle thread which consumes cycles when no other threads are ready to run. It can be viewed as the percentage of the sample interval spent doing useful work. This property displays the average percentage of busy time observed during the sample interval. It is calculated by monitoring the time the service was inactive, and then subtracing that value from 100%.

The important point is the counter type. The list of counter types can be found here


Our counter type translates as PERF_100NSEC_TIMER_INV

OK that means a lot. Now what do we do with it. If we look up the type we get this

This counter type shows the average percentage of active time observed during the sample interval. This is an inverse counter. Counters of this type calculate active time by measuring the time that the service was inactive and then subtracting the percentage of active time from 100 percent.

and a formula of (1- ((N1 - N0) / (D1 - D0))) x 100

This means we need two measurements

$count1 = Get-WmiObject -Class Win32_PerfRawData_PerfOS_Processor -Filter "Name=’_Total’"
Start-Sleep -Seconds 10
$count2 = Get-WmiObject -Class Win32_PerfRawData_PerfOS_Processor -Filter "Name=’_Total’"

$ppt = (($count2.PercentProcessorTme – $count1.PercentProcessorTme) / ($count2.TimeStamp_sys100NS – $count1.TimeStamp_sys100NS)) * 100

"Percent processor time is $ppt"


This doesn’t give sensible answers so need to go back and dig a bit deeper.  I’m beginning to think that using the raw counters is too hard

February 28, 2011  1:32 PM

WMI metadata

Richard Siddaway Richard Siddaway Profile: Richard Siddaway


We normally use WMI to either return information about our systems

Get-WmiObject -Class Win32_Process | sort KernelModeTime -desc | Format-Table Name, KernelModeTime –AutoSize

or to perform some action

Get-WmiObject -Class Win32_Process -Filter "Name=’notepad.exe’" | Remove-WmiObject

One hidden facet of WMI are the qualifiers. These contain the metadata about the class.

Get-WmiObject -List Win32_Process | select *

shows them tucked away near the end of the data

Get-WmiObject -List Win32_Process | select -ExpandProperty Qualifiers

shows them in more detail. Unfortunately this doesn’t give us the full set of information.  We need to add the –amended parameter

Get-WmiObject -List Win32_Process -amended | select -ExpandProperty Qualifiers

This enables us to see the description which in this case is

Get-WmiObject -List Win32_Process -amended | select -ExpandProperty Qualifiers | Where {$_.Name -eq "Description"}

We can then get the actual text of the description which is held in the Value property.

Get-WmiObject -List Win32_Process -amended | select -ExpandProperty Qualifiers | Where {$_.Name -eq "Description"} |  Format-Table value -wrap

The Win32_Process class represents a sequence of events on a Win32 system. Any sequence consisting of the interaction of one or more processors or interpreters, some executable code, and a set of inputs, is a descendent (or member) of this class.
Example: A client application running on a Win32 system.

We can simplify the code to

((Get-WmiObject -List Win32_Process -amended).Qualifiers | Where {$_.Name -eq "Description"}).Value

This is useful if you have a set of classes you want to investigate and need to know what they do

Get-WmiObject -List *print* | sort name |

foreach {


(( Get-WmiObject -List $_.Name -Amended ).Qualifiers | Where {$_.Name -eq "Description"}).Value


February 27, 2011  10:05 AM

DevConnections–Connections powered by Microsoft

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The conference is in London 14-15 June and includes a number of PowerShell related sessions. There is also a pre-conference PowerShell workshop on 13 June delivered by Don Jones. Details can be found here



I am hoping to arrange a PowerShell UG meeting with Don as the speaker while he is in London.  Details to follow.

February 27, 2011  4:30 AM

UK PowerShell Group–March 2011

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

March 22 we have Tome Tanasovski presenting on Regular Expressions.


Tome is a Windows engineer for a market-leading global financial services firm in New York City. He is a recipient of the PowerShell MVP award, the founder and leader of the New York City PowerShell User group, a blogger, and a regular contributor to Microsoft’s Windows PowerShell forum. He has been featured four times on Hey Scripting Guy, and he is currently working on the PowerShell Bible, which is due out in 2011 from Wiley. 




His session description:

Regular Expressions have been employed by every serious scripting language for the past 15 years. PowerShell’s adoption and implementation of Regular Expressions has ensured that it is taken seriously by serious scripters. The presentation will explore the history and syntax of regular expressions. It will give a deep dive into the PowerShell cmdlets that use Regular Expressions as well as the .NET native methods that can be invoked using PowerShell. It will give a detailed understanding of the internals of Microsoft’s implementation of Regular Expressions and how it differs from other languages. Real-world scenarios for using regular expressions will be explored.


Live Meeting Details:

When: Tuesday, Mar 22, 2011 7:30 PM (GMT)

Where: Live Meeting


Tome Tanasovski MVP presents on Regular Expressions


Richard Siddaway has invited you to attend an online meeting using Live Meeting.
Join the meeting.
Audio Information
Computer Audio
To use computer audio, you need speakers and microphone, or a headset.
First Time Users:
To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting.
Unable to join the meeting? Follow these steps:

  1. Copy this address and paste it into your web browser:
  2. Copy and paste the required information:
    Meeting ID: TRG55D
    Entry Code: Bd+;%:H8Z
    Location: https://www.livemeeting.com/cc/usergroups

If you still cannot enter the meeting, contact support

Microsoft Office Live Meeting can be used to record meetings. By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting.

February 26, 2011  8:18 AM

PowerCLI book

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Last May I posted a review of fellow PowerShell MVP Hal Rottenberg’s book on managing VMware through PowerShell – http://msmvps.com/blogs/richardsiddaway/archive/2010/05/09/book-review-managing-vmware-infrastructure-with-windows-powershell.aspx

My good friends from the UK PowerShell user group Jonathan Medd (also a PowerShell MVP) and Alan Renouf have collaborated with three other authors to bring you VMware vSphere PowerCLI Reference which is published at the end of March – ISBN 978-0470890790

I’ll be posting a review as soon as I can get hold of a copy

More details from http://www.jonathanmedd.net/2011/02/powercli-book-is-go.html#comments

February 25, 2011  1:24 PM

PowerShell Deep Dive

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

If you haven’t seen it already check out the PowerShell Deep Dive at this years “The Experts Conference”. http://www.theexpertsconference.com/us/2011/general-information/2011-powershell-deep-dive/

As well as total immersion in PowerShell you can dabble in some of the minor technologies associated with it – AD, Exchange, SharePoint, Virtualisation and the cloud.

I’ll be there with a bunch of other PowerShell MVPs. Hope to see you there.

February 23, 2011  1:18 PM

PowerShell and WMI–Chapter 5 MEAP

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Chapter 5 has been released for PowerShell and WMI. It is available through the Manning Early Access Program (MEAP) at http://www.manning.com/siddaway2/
The available chapters cover:

  1. Solving Administrative Challenges
  2. Using PowerShell
  3. WMI in Depth
  4. Best Practices
  5. System Documentation

Chapters 6 to 8 covering Disk Systems, Registry and the file system respectively are in the pipeline. I’m currently working on chapter 9 on processes and services. The code to accompany the MEAP chapters is also available for download from the URL above.

February 22, 2011  4:16 PM

WMI and Performance Counters: I

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

We are always worried about the performance of our systems for one reason or another. We usually turn to sysmon/perfmon to find out how the system is doing.

We can actually use WMI to retrieve this data!

CPU performance is always an issue. We can see what is available

PS> Get-WmiObject -List Win32_Perf*Processor | select name


The two classes do exactly what they say – they return the raw data or formatted data. You may think that returning the raw data is the best bet but you will need to perform a set of calculations on the data to get the results you expect. We’ll stick with the formatted data for now.

PS> Get-WmiObject -Class Win32_PerfFormattedData_PerfOS_Processor | select Name


I have two cores on my windows 7 system so this works. if we just look at the _Total data

__GENUS               : 2
__CLASS               : Win32_PerfFormattedData_PerfOS_Processor
__SUPERCLASS          : Win32_PerfFormattedData
__DYNASTY             : CIM_StatisticalInformation
__RELPATH             : Win32_PerfFormattedData_PerfOS_Processor.Name="_Total"
__PROPERTY_COUNT      : 24
__DERIVATION          : {Win32_PerfFormattedData, Win32_Perf, CIM_StatisticalInformation}
__SERVER              : RSLAPTOP01
__NAMESPACE           : root\cimv2
__PATH                : \\RSLAPTOP01\root\cimv2:Win32_PerfFormattedData_PerfOS_Processor.Name="_Total"
C1TransitionsPersec   : 307
C2TransitionsPersec   : 0
C3TransitionsPersec   : 0
Caption               :
Description           :
DPCRate               : 0
DPCsQueuedPersec      : 116
Frequency_Object      :
Frequency_PerfTime    :
Frequency_Sys100NS    :
InterruptsPersec      : 190
Name                  : _Total
PercentC1Time         : 96
PercentC2Time         : 0
PercentC3Time         : 0
PercentDPCTime        : 0
PercentIdleTime       : 100
PercentInterruptTime  : 0
PercentPrivilegedTime : 0
PercentProcessorTime  : 0
PercentUserTime       : 0
Timestamp_Object      :
Timestamp_PerfTime    :
Timestamp_Sys100NS    :

This dumps all of the counters for a set.  If you’ve looked the Processor counters before these should be familiar. The drawback to the formatted counters is that we lose the timestamp information.  Either we use the raw data and calculate all of the results or we add the timestamp ourselves. My vote goes to option 2.

public class CPUcounter
    public string Timestamp {get; set;}
    public string Name {get; set;}
    public ulong PercProcTime {get; set;}

Add-Type -TypeDefinition $source -Language CSharpversion3

$data = @()

1..3 | foreach {

$date = (Get-Date).ToString()

Get-WmiObject -Class Win32_PerfFormattedData_PerfOS_Processor | 
$value = New-Object -TypeName CPUCounter -Property
= $date
       Name = $_.
= $_.
$data += $value

Start-Sleep -Seconds 1

$data | Format-Table -AutoSize



We create our own object to hold the counter values and add the timestamp.  This can be the basis of a performance baseline as we will see next time

February 20, 2011  1:32 PM

Windows 7 SP1

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Installed the RTM version of SP1 today – its one download to cover Windows 7 and Windows 2008 R2.  Install is straight forward. No real issues seen.  I’ll report any problems that come up

February 12, 2011  5:04 AM

IT lemmings

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

IT seems to be in a continuous cycle of hype. We keep getting “new” technologies or ways of supplying IT that will solve all of your organisations problems at a stroke. Some examples of this phenomenon include:

  • outsourcing – IT isn’t a core activity for you business so hand over the running of your IT systems to a specialist company who have the experts to deliver what you need and the economy of scale to do it cheaper
  • virtualisation – You don’t need lots of physical servers. Virtualise so that you are running a number of big servers really hard and they host a bunch of virtual servers that are doing the work
  • web services – everything will be available as a web service. Don’t write your own code just string together a set of pre-supplied services and nirvana is reached
  • cloud computing – move everything to Internet access. Let the supplier host the application and you just use it (How is this different from the failed Application Service Provider idea of the late 1990’s?)

Now before you start jumping up and down calling me a luddite let me point out that I am currently working in a environment that utilises three out of these four concepts. I am actively designing new services that employ two of them.

My concern is the misinformation and hype that surrounds “new” technologies. I keep calling it “new” because a number of these are recycled. I’ve already mentioned ASP/Cloud computing. I was working with “virtualisation” technologies on mainframes back in the 1980’s. What goes around comes around.

Each wave of “new” technologies brings a bubble of hype that is totally out of proportion to the benefits to be gained. The IT analyst companies start the ball rolling and the IT press (who usually don’t understand what they are talking about) jump on the bandwagon. Suddenly, the only way your organisation can survive is to throw away everything that has gone before and embrace this new way of doing things.

Reality Check

How many organisations have completely virtualised their environment. I have applications that can’t be virtualised because the vendor won’t support it in a virtual environment?

How many external web services does you company really use?

Can you run your organisation in the cloud? Many can’t because of regulatory or commercial restrictions that prevent it. This is often due to access to the data.


All of the ideas that are bandied about need consideration. Just because its new doesn’t mean that it suits your organisation.

This is where the good architect earns their money. Separate out what will benefit your organisation and utilise it. Ignore the rest. ignore the analysts and IT press telling you what you should be doing when they don’t have a clue what your organisation really needs.

There are organisations that will benefit from cloud computing. There are others that it will harm. Virtualisation is delivering benefits to the organisation I work with – but don’t forget the overheads that come with it.

One of my favourite phrases when discussing technology is “so what”.  Meaning what does it actually do for us? Does the benefit of implementing out weigh the cost?

This continual jumping towards the next shiny toy is why many businesses hold their IT departments in such low regard? The planning should always be from business process to applications to infrastructure to support them. Leading with technology doesn’t work and will continue to cost businesses money they possibly can’t afford.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: