I wrote a script to check the remote registry time server parameters:
(System\CurrentControlSet\Services\W32TIME\Parameters)
Started the script around 5:00PM and went home. I wasn’t going to wait around for 5000+ machines to be enumerated. In the morning my results were completed and I shipped the Excel report to the boss.

Couple of days later is when I was asked what I was doing on his machine. I said, “show me what you are talking about.” He opened documents and settings and there was my profile. It had a modified date of (pick a date) at 7:00PM. I put two-an-two together and realized that the mod date stamp reflected the same time I ran the script. I had him delete the profile and I re-ran the script pointing to his machine. Sure enough, my profile appeared again. I had no idea that running a script that connects to the remote registry will create a user profile on the remote machine. So that got me out of hot water but know I have a profile on every machine in the company, oh boy!

I have not done any research on why this happens, thought I would warn you that it can happen, and am curious to know why? – If anyone wants to chime in…

Here is the link to the script file I used

Note: There is an email link embedded within this post, please visit this post to email it.

This list was in excel format and contained columns for Last name, First name, and email address. Since I required a property that would be unique to each user, I extracted the email addresses to a text file calledDistEmails.txt. My first step was to write a script that would locate each user in Active Directory and add them as a member to the Distribution list.

The code above takes my list of email addresses, uses an LDAP filter to get the DN of each user, then adds each user to the Distribution Group. So here is when the fun began, remember what the boss said? Of utmostimportance that each person receives the email. First, I verified that the list did have 1000 user entries in it (counted excel spread sheet rows). Second, I needed to verify that there are 1000 members in the Distribution Group. How did I do this???

Wrote a script of course…

Code uses an LDAP filter to search for members of the Distribution Group, saves the results to the $objUsers array, then I just use the count property for the number of entries in the array. Note: the array count starts with 0 not 1.

If my count property would have came out to 999 then I would have been home free, nothing is easy as my count was 989. Oh boy! How to I find Ten needles in a hay stack of 1000 users? Any thought of doing this manually by referencing the excel file and ‘Active Directory Users and Computers’ is out-of-the-question.

I remembered posting one of Ying Li scripts in the script library that should do the trick. All I needed where two files to do a comparison on. One file I already had which was the DistEmails.txt file I used in the script to add group membership. The second file had to be a list of the email addresses of the current 990 members of the Distribution list. Time for some more code…

Now I have a text file Called GroupEmail.txt. The next step I had to do with the file was open it in WordPad and use “replace” to remove the “SMTP:” portion of the email address so that the entries match the addresses in the DistEmail.txt file.

Time to compare the files to see which email addresses are missing.

Each file is placed in an array. We then create two new text files. We compare the two arrays and depending on the result we write the array entry in either the FirstInSecond.txt or the FirstNOTinSecond.txt file. Opening the FirstNOTinSecond.txt yields the results of our ten missing email addresses. Investigating the issue I found that the user accounts were still valid, just their email address had changed format. I added the missing ten users to the distribution group (yes, I did it manually via ADUC) and provided the boss with a list of users that are members of the group, all 1000 of them…

What makes scripting this a difficult task is that amount of variables that are present or not present:

1. Different Operating Systems
2. Service Pack Levels
3. Not knowing what patches are available for each circumstance
4. The list can go on…

Is PowerShell really the best tool for the job? Again my answer is no or not until someone builds a cmdlet that can do the job (it will happen). So, what is the best tool for the Job! Windows Update, SUS, MBSA, …? In my opinion it’s MBSA(Microsoft Baseline Security Analyzer).

The command line will give me all the information I need with regards to missing patches on workstations and servers. This simple command looks like this:

‘Quick and dirty’ and you have all the security information. If you want only the update information without all the other security information, you would modify the command as such:

With the /n options you are telling MBSA NOT to gather OS, SQL, IIS, and Password security settings, the only thing left to gather is “Updates” which is what we want. Check out mbsacli /? for more help.

So what would PowerShell be used for? I use PowerShell to organize the data and to show you how to call .exe’s from a PowerShell Script. The code below gathers the Update information using MBSA, outputs the results to a temp file. PowerShell reads the temp file and strips out all the entries that match the term “missing” and places each entry into an Excel spreadsheet. Not rocket-surgery but you end up with a clean report.

To run the code below make sure your computer has Excel and MBSA installed. Also, MBSA synchronizes with Microsoft Update, so it can take a little time to find which updates are missing from the machine.  Be patient the results are worth it!

There is one formating issues with the code above, the line:
$cmd = “cmd /c mbsacli.exe /Target $strDomain\$strComputer /n OS+SQL+IIS+Password >C:\MBSA$strComputer.txt”
Should be one continuous line, if you just copy the code into Notepad the formatting will be correct.

Also, notice in the line I am using cmd /c mbsacli.exe to run a Windows Command Prompt as a child of the PowerShell comand prompt. I do this regularly when I need to run command line utililities from a PowerShell script. To get more information on how to run a Windows Command Prompt from within a PowerShell session just type cmd /? at the PowerShell command prompt.

Happy scripting…

Computer Inventory

I picked up a side job at the beginning of the year documenting the infrastructure for a company that will remain anonymous at this time. It doesn’t surprise me that many companies still do not maintain up-to-date documentation if any.  What is the “BIG DEAL” about documenting a system, is it really a “time factor” problem or “lack of resources” to do the job? I, like many of my peers, just think documenting SUCKS!!! So I set out to make my life and hopefully yours a little easier.

The Computer Inventory Script enumerates Hardware, OS, System, Processor, Memory, Disk, and Network information and neatly organizes it in an Excel file. I’ve provided Version 2 of the script that allows you to choose a number of computer resources; all computers in the domain, all servers in the domain, computers from a list maintained in a text file, and the ability manually pick a computer. Version 2 of the PowerShell script also allows you to send credential information should you wish to logon the remote computer with an alternative user account. This is helpful for DMZ servers as well as stand alone servers that are not members of your domain.

Please feel free to customize this script to fit your environment. I’m not going into any detail about the script as I am reserving that information for a new PowerShell tutorial that I am writing about COM objects. So check the tutorial section to for more information.

Download Script file here.

Here is the code so that you can view it before downloading. I would suggest downloading this file as format issues with copying the code below may occur.

View Script code here.

The two ways to protect your systems are to make sure that you have the Microsoft Hot Fix KB958644 from Microsoft Security Bulletin MS08-067 installed on your systems and to update your virus definitions.

I was asked to write a PowerShell script that would check all machines on the domain for the installation of the hot fix. I am sharing the code with you in hopes that this will assist in your defenses against the Confiker worm.

Take note of the filter section. You can choose to enumerate all computers (workstations and servers) or just servers by commenting out code. By default I have the filter set to enumerate all computers in the domain.
# Uncomment to search all computers
$objSearcher.Filter = (“(objectCategory=$strCategory)”)
# Uncomment to seach only Servers
# $objSearcher.Filter = (“(&(objectCategory=$strCategory)(OperatingSystem=$strOS))”)

Code:

One of my favorite things to do as an administrator is to open Domain Controller Security Event Logs and manually thumb through them looking for evil doers… NOT! Opening, filtering, and sorting entries is as exciting as watching paint dry, well actually paint dries quicker…

PowerShell introduced a cool cmdlet called Get-EventLog… Hold on I know what you are thinking! You’ve used Get-EventLog and it only gathers information from the local computer, and your right! Because of this limitation some of you have opted to use WMI to connect to remote logs. Since PowerShell utilizes .NET, how do we use .NET to gather Event log info from a remote computer? If you would like to learn how to use PowerShell and .NET to remotely connect to your Domain Controller and gather information from the security log keep reading on…

Discover the .NET Class

First thing we want to do is discover which .NET class we will be working with. This is a simple step that you can do the “Get-Member” cmdlet.

The command above produces and table of Methods and Properties. Just above the table you should see an entry called TypeName : This is the .NET object we will be working with. In this example the .NET object is System.Diagnostics.EventLog.

Connecting to a remote computer using the .NET class

Run the command above, don’t forget to place your computer name within the quotes (string). Your output should be similar to this, a listing of all the Event Logs on the remote computer.

If you havent worked with .NET and PowerShell you may be wondering where I got the command above? There is no magic bullet for learning .NET. The best way is to download the Microsoft .NET Framework 2.0 SDK and go through the .NET Class Library documentation. What I did was look up Systems.Diagnostics -> EventLog Class. I found a method called GetEventLogs which “searches for all event logs on the given computer and creates an array of Event Log objects.”

Now that I know that i am working will an array I am going to run the command above and save the array to a variable called $Logs.

Verify the array entries in the $logs variable

Further investigating the System.Diagnostics.EventLog there is a property called Entries which “Gets the contents of the event log.”

Note: Here is the trick, we are working with an array, arrays index items begining with 0 (Zero). Remember that and the next example on which log to enumerate will make sense.

In the example I posted, my array index values would look like this:

0 – Application
1 – Directory Services
2 – DNS Server
3 – File Replication Service
4 – Internet Explorer
5 – Security
6 – System

Knowing that I want to work with the security log I use the following code to get all Security Log entries.

If there are a lot of entries then you are currently starting at a PowerShell console with information whizzing by!!! Use “Ctrl + C” to stop the execution.

That is the gist of how to use .NET to connect to a remote computer and enumerate Event Log files. If you want to enumerate the System log just change the code to $logs[6].entries (6 being the index number for the System log).

Script it and Filter it…

So now that you have a big amount of data its sill an administrative nightmare. I’m going to share a script with you that uses the foreach loop and the if conditional statement to enumerate the security log and only output events of interest.

Remember to input your computer name within “YourComputerName”

Cool… now we only get the information we want. Experiment with different EventIDs or other properties. To find which properties you can use, enter the trusty Get-Member cmdlet. Here’s how I found the EventID property:

Bonus Script (Email Results)

Next… I’m going to take the script above and convert it to a function. Then I’m going to insert the function into the body section of the email template in introduced in another article called “How to Send Alters to Your Mailbox using .NET.”

How the script works:

1. Converted EvtLogReader.ps1 into a function called EvtReader.
2. Added an option to clear event log when completed $logs[].Clear(). This is an option, the comment needs to be removed to use it. I use it only on the security log due to its rapid growth. Clearing the log allows for faster run times when running the script again.
3. Call the function from the message body portion of the Email Template.

Important things to do:

1. Add Computer name you wish to enumerate
2. Make sure to verify array index numbers (basically make sure your getting the entries for the correct log).
3. Go through the Mail portion of the script and add appropriate entries

Here is the script:

After configuring the script for you environment it will email the results. I use the script to send reports each hour. The email sizes are arount 7k (with the clear option enabled). To run the script every hour I use the Task Scheduler.

Happy Scripting…

While putting together my schedule for VMworld there it was, "Managing VMware with PowerShell." I didn't know what to expect? How well is PowerShell being received as a management tool for VM? Seems kind of strange that a Microsoft technology is utilized to manage a non-Microsoft environment, but that is exactly what's happening here. I got to the break-out session early and was able to get a good seat. By the time the presentation began it was a packed house, they were turning folks away at the door. Clearly those working with VMware were interested in how PowerShell was going to make administration eaiser and I was one of them…

The presenters were:

• Carter Shanklin – Product Manager, VMware
• Andrey Anastasov – PowerShell Architect, VMware
• Dmitry Sotnikov – Manager and Microsoft MVP, Quest Software

Questions
What is the VI Toolkit?
It is a scripting tool based on PowerShell. Since it's based on powershell there are over 125 cmdlets available, many useful actions that can be done at the command line(without scriting).

How much is it?
It's Free!

How does it make my life eaiser?
Save time by automating repetitive tasks and automating time consuming tasks.

Examples
Because VMotion doesn't support moving Virtual Machines that contain a snapshot, how do I find which VMs have a snapshot?

• Get-VM | Get-Snapshot

Find all snapshots older than one month:

• Get-VM | Get-Snapshot | Where{$_.Created -lt (Get-Date).addMonths(-1)

I'm Migrating all VMs from Network A to Network B:

• Get-VM | Get-NetworkAdapter | Where{$_.NetworkName -eq "Network A"} |
  Set-NetworkAdapter -NetworkName B

Ensure all VMs have at least 1GB of RAM:

• Get-VM | Where {$_.MemoryMB -lt 1024} | Set-VM -MemoryMB 1024

Update VMware Tools on all VMs in the corporate datacenter:

• Get-Datacenter "corporate" | Get-VM | Update-Tools

Restart an unresponsive VitrualCenter agent:

• Get-VMHost ESXProd1 | Get-VMHostService | Where {$_.key -eq "vmware-vpxa"} |
  Restart-VMHostService

Every time you add new LUNS to your environment you have to scan each HBA on all ESX servers. Manually a PITA. Here is how to do it with the VI Toolkit:

• Get-VMHost | Get-VMHostStorage -RescanAllHba

Available Resources:

The VI Toolkit Community, Vi Tookit FAQ, and the VI Tookit Blog are all available here.

The VI Toolkit Community Extensions:

• Modules that can be loaded into your scrpits
• Open Source
• Forums
• Script contibutions

Download it here.

Administrative Tasks made simple

These are some of the tasks that I've started using which has streamlined my job. I've been able to change the VMware tools upgrade policy as every time I update ESX the tools become out-of-date. I've used a number of cmdlets to create reports from Disk space usage to enumerating world wide names. I've also executed scripts in response to VirtualCenter alarms. Check out the available resources above, there are so many ideas out there that will help you in managing your ESX environment using PowerShell.

My reaction was wow! What happens when the file grows larger than 2k(yes you are reading this correctly, 2k)? My colleague replied, "The app slows down, sometimes locks up, and users start to complain. Our course of action is to delete the file, the application regenerates it and we start all over again. Attempting to be pro-active, we periodically check the file size by manually browsing the file properties. Most of the time we are able to catch and fix the problem before the users are affected. It's just the times we miss all hell breaks loose." I said, "I can help you with that issue…"

Let's create an early warning system so that we are compliant with the famous buzz word "Pro-Active!"

First, the email template:

Now that we have our template, let me explain how I provided a solution. Basically I created a script (shown below) that uses the email template as a function. When the script runs it enumerates the file size and based on the condition it either calls the mail function to send a warning or it does nothing. I set up a Windows task schedule to run the script every 15 minutes, times may vary depending on the situation.

AlertMe.ps1

The template can also be used to send warnings for:

• Disk Space Issues
• CPU usage
• Memory consumption
• Runaway processes
• Event Log monitoring

Just to name a few, the possibilities are limitless…

Note: There is an email link embedded within this post, please visit this post to email it. 

PowerShell Tools PowerGui

I’ve been searching for a PowerShell editor to free me from writing my code in notepad. I’ve tried a number of them on the market, Primal Script by far was the best! Yet, my 45-day trial was over and my boss is dragging his feet with a purchase. So where do I turn?

Shell Tools was nice, yet another 45-day trial (they extended it another 45-days) yet eventually leading to a purchase. Don’t get me wrong I’m not a tight-wad I’m a Tech (o.k. same thing…). I just wanted a simple editor which I found in the last place I thought I would ever look… A GUI Tool for PowerShell.

PowerShell Pro! adopted the philosophy of “teach an man person to fish…” so you would think that promoting a tool that “does the work for you” would be sacrilegious. Not being close minded, I ventured a download and began working with the tool. There were two major findings that prompted me to write this article…

1. A Free PowerShell Script Editor

This was actually found by mistake. I started exploring the PowerGUI interface and under the “Tools” menu there it was! It may not be as elegant as PrimalScript or other script editors designed for PowerShell but, it sure beats the heck out of notepad. Did I mention the cost? Free, nill, nada, null, zero, etc…

Some of the feature of the PowerGUI Script Editor:

• Debug code
• Run code without debugging
• Execute selected code
• Run code to cursor

2. PowerGUI is a great learning Tool

Don’t get me wrong, I love GUI tools but I don’t like to introduce them to those who are beginning to learn PowerShell. I prefer that you get your hands dirty under the hood, which PowerGUI allows you to do. Sure it writes code for you, it also enables you to view the script code written. This is a great way to study code; how it’s written and what it’s accomplishing.

There is actually another good reason to add PowerGUI to your PowerShell Scripting Tool set. The tool is free, no need to register, no 45-day trial period, and a library of functions you can download to extend PowerGUI’s capabilities.

You can check it all out here.

Something to take note of:
I have gotten a lot a flack about the article and tutorial I wrote regarding “Organizing Script Code” using modular scripting. The geeks flamed me for teaching the method of maintaining a Function Library and pasting the functions into a script file. They are all about Dot-Sourcing (which I am too…); for the right situation! Since the PowerGUI tools create one script based on your choices, notice that the code is built using the Modular approach that I taught…

I was going through the mail-bag the other day and noticed the same question kept popping up. "How do I know how much memory is in my system?" I thought to myself, that question is too easy to answer and the PowerShell solution has to be available on at least a few thousand websites. But, in my haste to get through the mail the actual question was not sinking into my thick skull…

I was reading "How much memory" not "How much memory is installed in my system and how many DIMM slots do I have available?" Great question! Wouldn't it be nice to run a PowerShell Script that would give you the amount of RAM installed and the available slots in the system. How many of you still shut the server down, open the box, and inventory the DIMM count? Well those days are over…

Here is a simple script that will Inventory the total number of physical memory slots, the slots populated, and the size of each DIMM installed:

Use this simple little script to check under the hood without actually shutting down the server to open the hood.

-Enjoy

Note: There is an email link embedded within this post, please visit this post to email it.