Post on 14-Jan-2016
Windows Powershell for the Windows 7 Enterprise Client
Ed Wilson, MCSE, MCSDMicrosoft Scripting Guy MicrosoftSession Code: WCL314
Objectives And Takeaways
ObjectivesShow how to use Windows PowerShell 2.0 remoting to manage DesktopsShow how to use Windows PowerShell 2.0 to troubleshoot Desktops
Key TakeawaysWindows PowerShell 2.0 remoting is as easy as typing the name of the computer Interactive sessions allow for more extensive remote scenarios
What is Windows PowerShell?
ConsoleInteractive commandsQuery and configure Run jobs
Scripting languageAutomate everything Sharable and reusable
PowerShell Remoting requirements
Not all remoting is the sameGet-Process Get-Service and others use .NET Framework methods
To use Local and remote computer need:Windows PowerShell 2.0 Microsoft .NET Framework 2.0 or later Windows Remote Management 2.0
To configure PowerShell remoting: start PowerShell as adminUse enable-psremoting cmdlet Configures firewall and Winrm Service
Windows PowerShell Remoting
Use the ComputerName parameter with select cmdlets
Get-Process –ComputerName BerlinRun a command on remote computer
Invoke-Command –ComputerName Berlin ` -ScriptBlock { HostName}
Open a PowerShell session on remote computerEnter-PSSession –ComputerName Berlin[berlin]: PS C:\> HostName[berlin]: PS C:\> Exit-PSSession
30 ComputerName cmdletsTROUBLESHOOTING
Restart-ComputerStop-ComputerTest-ConnectionGet-Counter
EVENTLOGShow-EventLogWrite-EventLogLimit-EventLogGet-EventLogRemove-EventLogNew-EventLogClear-EventLogGet-WinEvent
GENERALGet-HotFixReceive-JobGet-ProcessSet-ServiceGet-Service
WMIRegister-WmiEventSet-WmiInstnaceInvoke-WmiMethodGet-WmiObjectRemove-WmiObject
WSMANDisconnect-WSManTest-WSManConnect-WSManInvoke-WSManActionGet-WSManInstanceRemove-WSManInstanceSet-WSManInstanceNew-WSManInstance
REMOTINGRemove-PSSessionGet-PSSessionNew-PSSessionEnter-PSSessionInvoke-Command
Getting information remotely
The same syntax, and experience remotely as locallyUses credentials of current userExamples:
Get-Service –computername berlinGet-Process –computername berlinGet-HotFix –computername berlin
9 cmdlets Get-Counter Get-EventLog Get-HotFix Get-Process Get-Service Get-PSSessionGet-WinEvent Get-WmiObject Get-WSManInstance
Getting information remotelyEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Working with Services
Has a ComputerName Parameter. Use DirectlyGet-Service and Set-ServicePS C:\> Get-Service –ComputerName Berlin
No ComputerName parameter. Use Invoke-Command when working remotely
PS C:\> Invoke-Command -ComputerName berlin ` { Start-Service -Name bits }Start-Service Stop-ServiceRestart-ServiceSuspend-Service Resume-Service
Before making changes to servicesPS C:\> Checkpoint-Computer –Description “Before changed services”
Working with services remotelyEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Working with Processes
There are five process cmdletsGet-Process Debug-Process Start-ProcessStop-Process Wait-Process
Get-Process. Easy to use remotely and locallyPS C:\> Get-Process –comptuername Berlin –name calcPS C:\> Get-Process –computername Berlin –id 4072
Start-Process , Stop-Process no computernamePS C:\> Enter-PSSession –comptuername berlin[berlin]: PS C:\> Start-Process notepad[berlin]: PS C:\> Get-Process –name notepad[berlin]: PS C:\> Stop-Process –name notepad[berlin]: PS C:\> exit
Working with ProcessesEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Working with Hot Fixes
Use on Local ComputerPS C:\> Get-HotFix
On remote use computername parameterPS C:\> Get-HotFix -ComputerName berlin
To search for hot fixes by ID number use id PS C:\> Get-HotFix -Id KB950099
Search by description to find related hot fixesPS C:\> Get-HotFix -Description security*PS C:\> Get-HotFix -Description updatePS C:\> Get-HotFix -Description software*
Working with Hot fixesEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Working with Event logs
Two cmdlets. Both support computername Get-EventLog Get-WinEvent
Get-EventLogTraditional event logs. Easy to use syntaxPS C:\> Get-EventLog -LogName application ` -ComputerName berlin -Newest 1
Get-WinEventCan access diagnostic logsPS C:\> Get-WinEvent –logname Microsoft-Windows-WinRM/Operational –MaxEvents 1
Using Get-EventLog
Use to access classic event logs onlyUse LogName parameter to specify log
System, Application, Security etc. PS C:\> Get-EventLog –LogName Application
Use Source parameter filters where event fromPS C:\> Get-EventLog -LogName application -Source vss
Use Newest parameter to limit number recordsUse EntryType parameter to limit type records
Error, Warning, Information, Auditing
Use ComputerName parameter to remote
Using Get-WinEvent
Use the ListLog parameter to list logsUse wild cards to search for logs *winrm*
Use LogName parameter to query logsUse wild cards for log name as well *winrm*Use when have single match, only one with events
Use ListProvider parameter to display sourcesTo use the ETW diagnostic logs
Enable ETW diagnostic loggingETW logs can only be played Forward. An error is returned unless you use –oldest switch
More information in Advanced Scripting Talk by Dan Harmon
Working with Event logsEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Using WMI Events
Do not confuse with event logs. Easy to work with temporary short term events
Monitor for process creationMonitor for service stoppingMonitor for USB drive attached to system
Use Register-WmiEvent to create Uses intrinsic WMI event classes, or genericsCan be local or remote. Remote credentials if need
Retrieve by Get-Event and SourceIdentifierUnRegister-Event or Remove-Event when done
Working with WMI EventsEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Working with Hardware Inventory
Use the Get-WmiObject cmdlet to work with WMIBasic query uses Class and Computername
PS C:\> Get-WmiObject -Class Win32_Bios ` -ComputerName berlinPS C:\> gwmi win32_Bios -co berlin
Use Credential parameter for remote if needOther parameters allow full WMI
Amended Authentication AuthorityImpersonation EnableAllPrivileges
Working with hardware inventoryEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Working with Software
Uses Win32_Product WMI classUses MSIPROV
Installed by default on:Windows 7Windows Server 2008 R2Windows Server 2008 Windows Vista, and Windows XP
Need to Add on Windows Server 2003Use to inventory software installed via MSIInstall Method to install softwareUninstall Method to uninstall software
Working with softwareEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Setting security
Best to use ICACLS.exeInstalled on –Windows Vista and aboveAvailable on Windows Server 2003 SP2You need the hotfix 943043 to fix inheritance issuePS C:\> icacls test /Deny Everyone:`(R`)PS C:\> icacls test /Grant Everyone:`(F`)
Get-ACLRetrieves the security descriptor from item
Set-ACLSets the security descriptor on item
Setting SecurityEd WilsonMicrosoft Scripting GuyMicrosoft
demo
Stop by and see the Scripting Guys
What types of tasks do you need to automateWhat types of scripts would you like to seeWhat script do you wish you had nowWhat would you like to see in the Script RepositoryHow could we make it easier to navigateHow can we make your life easierWhat types of functions / modules do you wish you had
question & answer
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learningMicrosoft Certification and Training Resources
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
Microsoft Technet Script Center
www.ScriptingGuys.com
Daily Hey Scripting Guy! Article
Script Center Script Repository
Resources
Microsoft Press Scripting Books
Microsoft Windows Powershell Step By Step
Windows PowerShell Scripting Guide
Advanced Windows PowerShell Scripting
Advanced Windows PowerShell Scripting HOL
Introduction to Windows PowerShell Fundamentals HOL
Windows PowerShell Programming HOL
Complete an evaluation on CommNet and enter to win!
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.