My IT Resource Book

Monday, January 6, 2014

Microsoft Virtual Academy: PowerShell M06

Well it has been a hectic holiday period but back to work, I am behind on getting my notes converted into posts. We should be finishing up this series by the end of Jan.

To start your own learning check out Microsoft Virtual Academy:
(http://www.microsoftvirtualacademy.com/training-courses/getting-started-with-powershell-3-0-jump-start?o=3276#?fbid=aVs9FfAH2DJ)
(rewritten based on my notes available here: https://drive.google.com/file/d/0B1fwreWrAZioQ28xTmx0d29HUzQ/edit?usp=sharing)

Module 6 "The PowerShell in the shell: remoting" consists of 3 video segments totaling ≈ 55 minutes along with a PowerPoint of 11 slides.

Overview:

Remoting

Security
Enabling Remoting
Remoting

One-to-One
One-to-Many

PowerShell via web

Security

To start lets get the security stuff out of the way. PowerShell uses Kerboros to encrypt all transmissions from the terminal to the remote system. It can be further secured with the use of SSL. This allows for easier firewall management as it uses a single port.

Enable Remoting

Two ways to enable PowerShell remoting. First is to log on to each server/system and execute:

Enabling Remoting

This is time and energy consuming. The second way is more efficient and that is with use of GPOs. Check out the links below for more details:

How To Enable Powershell Remoting - Spiceworks - Martin9700
http://community.spiceworks.com/how_to/show/18512-how-to-enable-powershell-remoting

Enable and configure Windows PowerShell Remoting using Group Policy - blog.powershell.no
http://blog.powershell.no/2010/03/04/enable-and-configure-windows-powershell-remoting-using-group-policy/

Remoting

Once you have enabled PowerShell Remoting there are two ways to manage systems: one-to-one and one-to-many. As you may guess that is control system to remote systems. Depending on how many systems you are controlling will impact the way PowerShell interacts with them. Remember when remoting the work is completed on remote system and not on local/management system.

One-to-One
This process allows you to interact with the remote system similar to being directly logged on. To access remote system use:

Enter-PSSession -ComputerName [computername]

Example:

Enter-PSSession -ComputerName DC

Once you have access to the system you PowerShell prompt will change to resemble following: [computername]: PS C:\>. You can now run cmdlets as you would on local system. This is handy if you need full access to a system can't access directly.

One-to-Many
This process accesses multiple systems and returns results as objects. To execute use the following:

Invoke-Command -ComputerName [computernames seperated by comma] {cmdlet}

Example:

Invoke-Command -ComputerName dc,dc1 {Get-EventLog -LogName System  -new 3}

PowerShell via web

Want to or need the ability to access PowerShell via the web? How about from mobile devices? Well they thought of this and have provided a solution for version 3 and higher.

To accomplish this we will install Windows PowerShell Web Access (pswa). This consists of roughly three commands to complete. It will install IIS and .Net 4.5 if not already installed. To start we first run:

Install-WindowsFeature WindowsPowerShellWebAccess

(Installs IIS and .Net 4.5)

Install-PSWAWebApplication

(Sets up and cinfigures IIS for pswa)

Add-PSWAAuthrizationRule -ComputerName [name] -username [users] -configurations

(More details available here:http://technet.microsoft.com/en-us/library/jj592890.aspx)

Once completed you (and firewall configured correctly) you can browse to your new IIS site and access PowerShell through HTTPS.

Resources mentioned in module:
Secrets of PowerShell: Remoting

https://github.com/PowerShellOrg/ebooks/tree/master/Remoting

Monday, December 23, 2013

Microsoft Virtual Academy: PowerShell M05

ByValue
ByPropertyName
Customized properties
Parenthetical

First and most common use is through the ByValue. In order to use ByValue we need to know the following: type of object we sending and if the receiving cmdlet can accept it. To determine the type of our object we use get-member (gm). Know to validate the receiving cmdlet we run a get-help [cmdlet]. There are two (2) things we are looking for in the help file. First, if any parameters accept pipeline input and second if any parameters accept our object type.

Example: Get-Service | Stop-Service

Determine object type:

Get-Service | gm
Results: TypeName: System.ServiceProcess.ServiceController

Verify receive cmdlet will accept

Get-Help stop-service -full

If using v3 use -showWindow and utilize the search feature

Verify accept pipeline input: true (.., ByValue,..)
Verify input value is sending object type

-InputObject <ServiceController[]>

Hint: if the nouns match most likely will work.

Next we move to the ByPropertyName. Works very similar to ByValue but is more forgiving. We follow the same process of verify. This process works on the concept of a property of sending object matching a parameter in receiving cmdlet.

Example: Get-Service | Stop-Process

Determine object type:

Get-Service | gm
Results: TypeName: System.ServiceProcess.ServiceController

Verify receive cmdlet will accept

Get-Help stop-process -full
Verify accept pipeline input: true (.., ByValue,..)
Verify input value is sending object type

-InputObject <Process[]>

Not the same type so now we look for ByPropertyName

-Name <String[]>

Will accept input from sending object's property name and process based on that

So what if ByValue and ByPropertyName don't work? We can create a custom property. This is accomplished by creating a custom column (calculated property). With a custom property are goal is to meet the ByPropertyName process. In the example below and in segment we try to send ADComputer to Get-Service.

Command used: @{name=’[propertyname]’;expression={$_.[property]}}

Example: Get-ADComputer -filter * | Get-Service -name bits

Determine object type:

Get-ADComputer | gm
Results: TypeName: Microsoft.ActiveDirectory.Management.ADComputer

Verify receive cmdlet will accept

Get-Help Get-Service -full

ByValue: -InputObject <ServiceController[]> - No Go
ByPropertyName: -ComputerName (for systems), -Name (for services)

We want to use the -ComputerName and not -Name, this is where custom property comes in

Map ADComputer -Name to -ComputerName

@{name=’ComputerName’;expression={$_.name}}

Verify Object Property

Get-ADComputer | gm

Should now see a property called ComputerName

Finally we use Parenthetical when all else has failed us. Command process what is in parenthesis first.

For this example we want to pull all BIOS details for all ADComputers.

Example: Get-ADComputer –filter * | get-WMIObject –class win32bios

Determine object type:

Get-ADComputer | gm
Results: TypeName: Microsoft.ActiveDirectory.Management.ADComputer

Verify receive cmdlet will accept

Get-Help Get-WMIObject -full

Notice there is no pipeline support

As we see WMIObject does not support pipeline. To work around this we use -ExpandProperty. -ExpandProperty will expand a single property into a string object. There are two ways to accomplish this dependent on version you are running.

Command used: Get-adcomputer –filter * | select –ExpandProperty name

If we run this through gm we find object type is no a string.

v2 and v3

Get-wmiobject –class win32_bios –ComputerName (Get-adcomputer –filter * | select –ExpandProperty name)

v3 only

Get-wmiobject –class win32_bios –ComputerName (Get-adcomputer –filter *).name

That wraps up segment 5. I hope to have segment 6 up next week but dependent on the holidays and work it may not be up until Mid-January.

I hope everyone has Happy Holidays.

Friday, December 20, 2013

Holiday IT Poem

'Twas the week before Christmas
And all through SpiceWorks
There were plenty of tickets
Put in from dumb jerks.

Their computers weren't working
Or so they all said
But the IT folks knew
Users are brain-dead

Still every ticket was logged
Every problem looked at
Encountering every user
And pictures of their cats

There was a printer jam
And one with no ink
One had no paper
And someone clogged the sink

That shouldn't be IT
That we all know
But the ticket still came in
So a plumbing I will go

As the weekend draws near
I just impatiently wait
It's almost Saturday
And won't that be great!

My presents are bought
My shopping is done
Everything's even wrapped
So now I just get to have fun

A weekend of Xbox
Playstation and Wii
So now I might be at work
But soon I'll be free!

And then next week comes
And everyone will be merry
And they'll all call off work
So my tickets won't be scary

Plus a day off on Wednesday
Oh what a delight
So Merry Christmas to all!
Especially SpiceRex

Written by: Dean (AKA - The Awkward Gamer)

Available at: http://community.spiceworks.com/topic/423006-a-poem-for-the-holidays?page=1#entry-2825024

SharePoint 2010: Content Query and Announcement's Body

So recently was asked to make our homepage announcements more informational. As you can see from below not much in detail.

Currently the items above are pulled from each departments site using Content Query Webpart and SharePoint 2010: Aggregating Announcements (http://cleeit.blogspot.com/2013/08/sharepoint-2010-aggregating-annoucements.html).

So first thing I tried was just to display the Body of the announcement. Well as you can see below that didn't work.

Content Query does not understand HTML. So how to escape HTML in Content Query, well off to Google I went. It did not take long to locate Kappa Solutions Technology Blog (at the time rated number 3).

The exact article can be found at: http://blog.kappasolutions.ca/blog/post/2010/09/12/How-to-Display-HTML-in-Content-Query-Web-Part.aspx

Spiceworks How-To write up: http://community.spiceworks.com/how_to/show/62085-sharepoint-2010-content-query-and-announcement-s-body

As there write up is quite nice I will only link to them for now.

End Results

Monday, December 2, 2013

Microsoft Virtual Academy: PowerShell M04

Object

has properties

things we can view about the object

has methods

things we can do to the object

Now that we know what an object is how can we see what properties, methods, etc it has. Well this is where they give us a powerful cmdlet: get-member (gm). By using the pipeline to send an object through Get-Member PowerShell spits out data providing all the details. Some key areas to pay attention to are:

ObjectType

Tells us what type of object we are viewing, import in later modules

MemberType

Displays all the properties, methods, etc

An interesting segment of the module was importing third party xml file and showing how easily PowerShell can manipulate and pull data from it.

Demo of Romeo and Juliet XML play, truly a powerful example of PowerShell

Introduction to filtering and limiting within PowerShell with the use of Select and Where.

Select-Object (Select)

By piping a cmdlet to Select you can limit what is displayed

get-process | Select -Property name, ID

Where-Object (where)

2 version

Most powerful and versatile uses filterscript {} ({ })

assigns current object to variable ($_ or $PSItem)
evaluates the code (comparison operators)

More details on comparison operators or operators use get-help about_operators

acts on results

true passing it forward
false thrown away

Simpler is just the where

where property operator value
where name -like wmi*

During their responses to Q&A we learn that for the most part PowerShell v3 is case insensitive when it can, usually third party modules.

References mentioned in this module:

PowerShell.org

Forums, FREE eBOOKs, articles, podcasts, script repository

Learn Windows PowerShell 3 in a Month of Lunches

Don Jones
Chapter 9

Monday, November 25, 2013

Microsoft Virtual Academy: PowerShell M03

Today I continue forward on my goal of completing Microsoft's Virtual Academy's PowerShell 3.0 training.
(http://www.microsoftvirtualacademy.com/training-courses/getting-started-with-powershell-3-0-jump-start?o=3276#?fbid=aVs9FfAH2DJ)
(rewritten based on my notes available here:
https://drive.google.com/file/d/0B1fwreWrAZioQ0twZXB3b0J2eXM/edit?usp=sharing)

Module 3 "The Pipeline"consists of 3 video segments totaling ≈ 30 minutes along with two PowerPoints of 12 and 10 slides.

This module was short and sweet, teasing you with the power of Powershell while also showing you how to protect yourself from destroying your system OS.

To start of the module we learn what is the pipeline (|) which if you are wondering is the key above the enter on keyboard (shift + \). Now what is the benefit of the pipeline in Powershell, well is allows the connecting of cmdlets to accomplish a larger task. In the simplest form it passes the results of one cmdlet to an other to be processed.

get-service -name bits | stop-service is the same as stop-service -name bits

Now this is the simplest form and may be hard to see the benefit in above case but it is just for reference. Now as you notice with the above example couldn't I just send all services to stop and yes you could, though you would in essence be crippling/bricking your system as Powershell by default acts on all commands without questioning you. This is were the last part covered is important. Powershell provides ways to safeguard yourself with -whatif and -confirm.

-whatif can be added to almost every cmdlet statement to see output results of the cmdlet without actually executing it
-confirm will prompt you if you wish to execute (take note of Yes, Yes to all, No, Not to all)

One of the huge benefits brought to light in this module is auto loading of modules which was not possible pre-v3. In addition to PowerShell v3 auto loading modules for you it also has a complete understanding of the modules help (requirement is module must be installed on the system). In pre-v3 you had to mount a snap-in before you could use the cmdlets or even have help understand them. This is a huge time saver and will reduce frustration.

Lastly they touched on features of exporting, importing and some comparing. They didn't go into to much detail as they will be covering this later in the series.

Export to many popular formats

csv, xml

Import files back in for processing
Ability to compare file to running system

In the module they demonstrated making a known good xml file of system process and then comparing to another system
Great way to see what has changed from baseline of systems
I will be creating baselines for all system types when I re-image next time for future troubleshooting

Get-process | export-clixml –path C:\good.xml

creates the xml

Compare-Object -ReferenceObject (Import-Clixml C:\good.xml) -DifferenceObject (Get-Process) -Property name

compares the baseline created before to current running process names

Until next week.

Friday, November 22, 2013

Microsoft Virtual Academy: PowerShell M02

Today I continue forward on my goal of completing Microsoft's Virtual Academy's PowerShell 3.0 training.
(http://www.microsoftvirtualacademy.com/training-courses/getting-started-with-powershell-3-0-jump-start?o=3276#?fbid=aVs9FfAH2DJ)
(rewritten based on my notes available here:
https://drive.google.com/file/d/0B1fwreWrAZioNW5OZzFLTmFHTzA/edit?usp=sharing)

Module 2 "The Help System"consists of 3 video segments totaling ≈ 50 minutes along with a PowerPoint of 10 slides.

The first 13 minutes are more of an overview of help in PowerShell v3 and older systems. During this 13 minutes they cover how to update help, briefly explain the difference between get-help, help, and man and their biggest point learn to discover.

One of the biggest improvements to PowerShell v3 is the ability to update outside of product releases. By using the cmdlet update-help PowerShell v3 will download current update files from the internet. If your system is not internet connected you can use save-help from an internet connected system to save the help updates for offline update (http://technet.microsoft.com/en-us/library/hh849724.aspx). Now v2 doesn't support this feature but does have a way for you to ensure you view the most recent help information. Simply add the parameter -online to your PowerShell v2 get-help statement:

get-help get-service -online

will open a browser window to must current help for that cmdlet

Next, they explain the difference between get-help, help and man (well help and man are the same just aliases).

Get-help

partial help file displayed
focus is at the end of the file, requiring you to scroll up to see everything

help / man

displays full help file
allows paging through the file one screen at a time

Lastly the biggest point to take away from Module 2 is learn to discover not memorize. By learning how to use the help cmdlet you set yourself up to discover functions easier and quicker then trying to remember the thousands of cmdlets. There are over 96 verbs alone (get-verb | measure).

The remaining time is spent going over PowerShell syntax to include wildcards, how to navigate the CLI, reading a get-help and more. One of the features they don't mention until near the end is the use of tab completion. I feel this should be more towards the beginning as it is a huge time saver. As you are type cmdlets you can press tab to cycle forward through matching cmdlets or shift-tab to cycle backwards. In addition to tab completion they mention using semi-colon (;) as a cmdlet separator allowing more then one cmdlet statement to be written at a time. By now you may have already noticed some of the ways to navigate the CLI, such as moving left and right with the arrows but did you know you can recall past cmdlets by pressing up and cancel the current cmdlet by pressing ESC?

Now one of PowerShell's greatest features is the use of wildcards (*). Basically the asterisk (*) states allow anything before or after my location.

get-help *service*

returns all cmdlets with service anywhere in them

get-help g*service

returns any cmdlets the start with g and contain service within them

To further breakdown the help system they go into explaining the segments/sections of get-help: Name, Synopsis, Syntax, Description, Related links, and remarks. I will let you check out the video for their descriptions of these. Next they covered some of the parameters that can be used with get-help:

-detailed

more detail then just get-help
includes listing of cmdlet parameters and examples

-examples

displays just the cmdlets examples

-full

you guessed it this displays it all

-showwindow

new parameter in v3
opens a window displaying the cmdlet help information
can be configured to display only certain sections via the settings
great for copying and pasting syntax
over a find/search function to current displayed help file

Syntax explained?!?!
By now you have seen a few cmdlets using the get-help/help cmdlet. What does all the information after the cmdlet mean/do. Well they are call parameters and they allow the refining/altering of the cmdlet. Simple enough right. Well there is a certain format/order that these parameters may need to applied.

First there is the [ ] this one has two meanings depending on its placement

At its top most level it means optional parameter. This can be seen in most cmdlets as most parameters are enclosed in [ ]. But further review and you will find some cmdlets that over optional content within a parameter

[[-name] <string[]>]

This whole parameter is optional but if you choose to use it you can with out first calling -name and instead providing the string value

Deeper is the defining of multiple values separated by commas

[[-name] <string[]>]

for the string value we could define: bob, rob, *ob

(Yes you can include wildcards)

Next there is the use of < > as you may have already noticed this typically denotes format the parameter is looking for arguments/values

string = alphanumeric

That concludes module 2. If you stop here you will already have placed yourself ahead of many other users. Just remember to learn to discover.