Windows Powershell for the Windows 7 Enterprise Client

Ed Wilson, MCSE, MCSDMicrosoft Scripting Guy MicrosoftSession Code: WCL314

Objectives And Takeaways

ObjectivesShow how to use Windows PowerShell 2.0 remoting to manage DesktopsShow how to use Windows PowerShell 2.0 to troubleshoot Desktops

Key TakeawaysWindows PowerShell 2.0 remoting is as easy as typing the name of the computer Interactive sessions allow for more extensive remote scenarios

What is Windows PowerShell?

ConsoleInteractive commandsQuery and configure Run jobs

Scripting languageAutomate everything Sharable and reusable

PowerShell Remoting requirements

Not all remoting is the sameGet-Process Get-Service and others use .NET Framework methods

To use Local and remote computer need:Windows PowerShell 2.0 Microsoft .NET Framework 2.0 or later Windows Remote Management 2.0

To configure PowerShell remoting: start PowerShell as adminUse enable-psremoting cmdlet Configures firewall and Winrm Service

Windows PowerShell Remoting

Use the ComputerName parameter with select cmdlets

Get-Process –ComputerName BerlinRun a command on remote computer

Invoke-Command –ComputerName Berlin ` -ScriptBlock { HostName}

Open a PowerShell session on remote computerEnter-PSSession –ComputerName Berlin[berlin]: PS C:\> HostName[berlin]: PS C:\> Exit-PSSession

30 ComputerName cmdletsTROUBLESHOOTING

Restart-ComputerStop-ComputerTest-ConnectionGet-Counter

EVENTLOGShow-EventLogWrite-EventLogLimit-EventLogGet-EventLogRemove-EventLogNew-EventLogClear-EventLogGet-WinEvent

GENERALGet-HotFixReceive-JobGet-ProcessSet-ServiceGet-Service

WMIRegister-WmiEventSet-WmiInstnaceInvoke-WmiMethodGet-WmiObjectRemove-WmiObject

WSMANDisconnect-WSManTest-WSManConnect-WSManInvoke-WSManActionGet-WSManInstanceRemove-WSManInstanceSet-WSManInstanceNew-WSManInstance

REMOTINGRemove-PSSessionGet-PSSessionNew-PSSessionEnter-PSSessionInvoke-Command

Getting information remotely

The same syntax, and experience remotely as locallyUses credentials of current userExamples:

Get-Service –computername berlinGet-Process –computername berlinGet-HotFix –computername berlin

9 cmdlets Get-Counter Get-EventLog Get-HotFix Get-Process Get-Service Get-PSSessionGet-WinEvent Get-WmiObject Get-WSManInstance

Getting information remotelyEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Working with Services

Has a ComputerName Parameter. Use DirectlyGet-Service and Set-ServicePS C:\> Get-Service –ComputerName Berlin

No ComputerName parameter. Use Invoke-Command when working remotely

PS C:\> Invoke-Command -ComputerName berlin ` { Start-Service -Name bits }Start-Service Stop-ServiceRestart-ServiceSuspend-Service Resume-Service

Before making changes to servicesPS C:\> Checkpoint-Computer –Description “Before changed services”

Working with services remotelyEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Working with Processes

There are five process cmdletsGet-Process Debug-Process Start-ProcessStop-Process Wait-Process

Get-Process. Easy to use remotely and locallyPS C:\> Get-Process –comptuername Berlin –name calcPS C:\> Get-Process –computername Berlin –id 4072

Start-Process , Stop-Process no computernamePS C:\> Enter-PSSession –comptuername berlin[berlin]: PS C:\> Start-Process notepad[berlin]: PS C:\> Get-Process –name notepad[berlin]: PS C:\> Stop-Process –name notepad[berlin]: PS C:\> exit

Working with ProcessesEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Working with Hot Fixes

Use on Local ComputerPS C:\> Get-HotFix

On remote use computername parameterPS C:\> Get-HotFix -ComputerName berlin

To search for hot fixes by ID number use id PS C:\> Get-HotFix -Id KB950099

Search by description to find related hot fixesPS C:\> Get-HotFix -Description security*PS C:\> Get-HotFix -Description updatePS C:\> Get-HotFix -Description software*

Working with Hot fixesEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Working with Event logs

Two cmdlets. Both support computername Get-EventLog Get-WinEvent

Get-EventLogTraditional event logs. Easy to use syntaxPS C:\> Get-EventLog -LogName application ` -ComputerName berlin -Newest 1

Get-WinEventCan access diagnostic logsPS C:\> Get-WinEvent –logname Microsoft-Windows-WinRM/Operational –MaxEvents 1

Using Get-EventLog

Use to access classic event logs onlyUse LogName parameter to specify log

System, Application, Security etc. PS C:\> Get-EventLog –LogName Application

Use Source parameter filters where event fromPS C:\> Get-EventLog -LogName application -Source vss

Use Newest parameter to limit number recordsUse EntryType parameter to limit type records

Error, Warning, Information, Auditing

Use ComputerName parameter to remote

Using Get-WinEvent

Use the ListLog parameter to list logsUse wild cards to search for logs *winrm*

Use LogName parameter to query logsUse wild cards for log name as well *winrm*Use when have single match, only one with events

Use ListProvider parameter to display sourcesTo use the ETW diagnostic logs

Enable ETW diagnostic loggingETW logs can only be played Forward. An error is returned unless you use –oldest switch

More information in Advanced Scripting Talk by Dan Harmon

Working with Event logsEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Using WMI Events

Do not confuse with event logs. Easy to work with temporary short term events

Monitor for process creationMonitor for service stoppingMonitor for USB drive attached to system

Use Register-WmiEvent to create Uses intrinsic WMI event classes, or genericsCan be local or remote. Remote credentials if need

Retrieve by Get-Event and SourceIdentifierUnRegister-Event or Remove-Event when done

Working with WMI EventsEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Working with Hardware Inventory

Use the Get-WmiObject cmdlet to work with WMIBasic query uses Class and Computername

PS C:\> Get-WmiObject -Class Win32_Bios ` -ComputerName berlinPS C:\> gwmi win32_Bios -co berlin

Use Credential parameter for remote if needOther parameters allow full WMI

Amended Authentication AuthorityImpersonation EnableAllPrivileges

Working with hardware inventoryEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Working with Software

Uses Win32_Product WMI classUses MSIPROV

Installed by default on:Windows 7Windows Server 2008 R2Windows Server 2008 Windows Vista, and Windows XP

Need to Add on Windows Server 2003Use to inventory software installed via MSIInstall Method to install softwareUninstall Method to uninstall software

Working with softwareEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Setting security

Best to use ICACLS.exeInstalled on –Windows Vista and aboveAvailable on Windows Server 2003 SP2You need the hotfix 943043 to fix inheritance issuePS C:\> icacls test /Deny Everyone:`(R`)PS C:\> icacls test /Grant Everyone:`(F`)

Get-ACLRetrieves the security descriptor from item

Set-ACLSets the security descriptor on item

Setting SecurityEd WilsonMicrosoft Scripting GuyMicrosoft

demo

Stop by and see the Scripting Guys

What types of tasks do you need to automateWhat types of scripts would you like to seeWhat script do you wish you had nowWhat would you like to see in the Script RepositoryHow could we make it easier to navigateHow can we make your life easierWhat types of functions / modules do you wish you had

question & answer

www.microsoft.com/teched

Sessions On-Demand & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learningMicrosoft Certification and Training Resources

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources

Microsoft Technet Script Center

www.ScriptingGuys.com

Daily Hey Scripting Guy! Article

Script Center Script Repository

Resources

Microsoft Press Scripting Books

Microsoft Windows Powershell Step By Step

Windows PowerShell Scripting Guide

Advanced Windows PowerShell Scripting

Advanced Windows PowerShell Scripting HOL

Introduction to Windows PowerShell Fundamentals HOL

Windows PowerShell Programming HOL

Complete an evaluation on CommNet and enter to win!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.