Harold's Admin Blog

Even if this isn’t required when configuring non-core Windows Server, it can be painless to implement a list of NTP servers to query using the command line.

To set both “www.nist.gov” and “time.nist.gov” as the NTP servers and to immediately update your server’s time, run this command:

w32tm /config /manualpeerlist:"wwv.nist.gov time.nist.gov" /syncfromflags:manual /update

You can add as many time servers as you want, space-delimited. You can use this same command to point workstations and servers to one or more internal NTP servers, replacing the domain names above with the FQDN of the NTP servers.

There are many applications for generating a unique autonumber for each row in an array. This isn’t something automated by Powershell, however.

I’m naming the property “indexnumber” – this is superficial and can be changed to whatever is preferred. Here, I’ll be generating the previously non-existent property of “indexnumber” in a select statement piped from a directory listing:

$dirs = (dir "C:\" |
select @{name='indexnumber';expression={}},name,attributes) |
where {$_.attributes -match "Directory"}

Now, if you were to echo $dirs to the console, you will see that the $indexnumber property is blank.

To populate the property of each item, we’ll use a simple foreach-object loop:

# null the $x variable
$x = $null

#populate the indexnumber column in the $dirs array
$x = 0

foreach ($_.indexnumber in $dirs){

$_.indexnumber = $x

$x++

}

The real trick to this is the generation of a blank property that can be filled by a custom expression.

Accomplishing a task in PowerShell without writing a script can be a unique challenge, depending on the task at hand. I typically utilize variables for storing input data prior to manipulating or parsing it, but you can use cmdlets like “get-content” to obtain data from a file and pass it to other cmdlets with a pipe.

The following line imports the file “C:\folder\report.nmap” and searches each line for the string “LDAP” located anywhere within the line. Each time a match is found, the line is output to the console.

get-content C:\folder\report.nmap | ForEach-Object{if($_ -like '*LDAP*'){write-host $_}}

This example is very simple – you can get much more complex using multiple pipelines, or defining a variable and using it repeatedly to parse for different results.

Both HP and Dell systems store their serial number / service tag information in a way that data is populated in the Windows WMI database. Powershell can be used to extract this data easily over the network, and display both the hostname of the comptuter queried in addition to the serial number or service tag.

First, define the computer name:

$computername = read-host "Enter Computer Name or IP Address"

Then, define your account with admin credentials on the target machine:

$username = read-host "Enter admin account. Example: domain\user"

Then, for HP Systems:

gwmi win32_systemenclosure -computer "$computername" -credential $username |
select __SERVER,SMBIOSAssetTag

And for Dell systems:

gwmi win32_systemenclosure -computer "$computername" -credential $username |
select __SERVER,serialnumber

You can integrate scripts like this into a foreach-object loop to query a large list of systems for their serial numbers or service tags, which can be very useful when inventorying.

BITS is a great way to transfer large files if you have access to Powershell. It’s relatively easy to start a transfer, and using BITS has the added benefit of not negatively impacting your other tasks.

BITS will only use bandwidth that’s idle, making it great for file transfers that would normally saturate your system’s network utilization.

First, you need to import a the bitstransfer module:

import-module bitstransfer

To see all available commands available from this module, type:

get-help -name *-bitstransfer

Then, you can use the get-help cmdlet on a specific cmdlet to see the full details of syntax and usage. To start a simple BITS transfer, for example:

start-bitstransfer -source "\\server\share\Office2007.iso" -destination "C:\folder\"

You’ll notice as well, if you use get-help on the start-bitstransfer cmdlet that it offers options like “-authentication” and “-credential”, meaning you can pass credentials to initiate your transfers as opposed to running the shell as an account authorized to access the share. This can be an huge benefit if you need to transfer files from an administrative or highly secured share on a remote system.

Unfortunately, BITS does not support wildcards to transfer multiple files. For instance, the following does not work:

start-bitstransfer -source "\\server\share\*.iso" -destination "C:\folder\"

In order to utilize BITS on multiple files based on wildcards or other specific properties, you can use the get-childitem cmdlet (or its aliases ls or dir):

get-childitem "\\server\share\*.iso" |
select fullname |
foreach ($_.fullname){start-bitstransfer -source $_.fullname -destination "C:\folder\"

Since you’re utilizing pipelines, you can also add a “where-object” cmdlet between the select and foreach that will allow even more granularity in your filtering of files to transfer. An example would be:

get-childitem "\\server\share\*.iso" |
select fullname,isreadonly |
where-object{$_.isreadonly -eq $false} |
foreach ($_.fullname){start-bitstransfer -source $_.fullname -destination "C:\folder\"}

Please note: BITS is specifically designed for intelligent downloading, and is not a strong technology for uploading of one, or multiple files simultaneously.

Certain data returned from WMI displays fine in the Powershell console or the ISE, but doesn’t play well with export-csv or convertto-html, among other exports. This isn’t a problem early on when you’re exploring the functionality of Powershell and feeling around for what some useful WMI calls are for, but it creates a major snag once you begin exporting data to CSVs, HTML or any other method of export other than text.

Here’s an example (make sure you have a folder named ‘misc’ on your C: drive, or change the script to reflect an existing folder) :

gwmi win32_networkadapterconfiguration |
select dnshostname,ipaddress,macaddress,description |
export-csv C:\misc\test1.csv

invoke-expression "C:\misc\test1.csv"

The above wmi call works wonders in assisting in the documentation of systems hostnames, ip, mac address, and the description of each adapter being displayed. However, when exported to a csv, you’ll notice the IP address doesn’t display and instead all you see is System.String[]. This is because the data isn’t in a format compatible with being displayed as a string, so it needs to be converted.

Let’s define the result of the above script as a variable, then we can run a foreach against the variable once the data has been populated. We’ll have the foreach hit every $_.ipaddress and replace it with [string]$_.ipaddress. Here we go:

$data = (gwmi win32_networkadapterconfiguration |
select dnshostname,ipaddress,macaddress,description)

$data | foreach{$_.ipaddress = [string]$_.ipaddress}

$data | export-csv C:\misc\test1.csv

invoke-expression "C:\misc\test1.csv"

Powershell has been a boon to me for documenting system resources and statistics. One-off scripts that query a remote system’s WMI is useful in many situations, but I wanted a less involved way to scan an entire network’s WMI for specific information.

To accomplish this, I wrote a script that parses a Net View, then executes a WMI call on each item in the parsed result. The result is a csv containing the information related to each system name from the Net View.

The following Powershell code executes a net view and parses out the junk, making it a set of data containing each system name retrieved from the Net View but without the “\\”, etc.

$netview = (net view)

$ErrorActionPreference = “SilentlyContinue”

$output = ($netview | foreach-object{

$_.split(” “)[0] |

Foreach-Object {$_ -replace “the”, “”} |

Foreach-Object {$_ -replace “\\”, “”} 

})

$f=$output
$f[0]=$null
$f[1]=$null
$f[2]=$null
$output=$f

Then, to use this information, execute a foreach using each name in the output:

$wmidata = foreach ($name in $output){

gwmi win32_systemusers -computer $name | select partcomponent,__server

}

$wmidata | set-content "C:\powershell\systemusers.csv"

• IMPORTANT: Before you get started on removing Cyber Security, please download the following (3) tools:

1. rKill – Please click here to download rKill
2. ProcessExplorer- Please click here to download Microsoft’s Process Explorer
3. Malware Bytes- Please click here to download Malware Bytes
   

• IF YOU ARE WORKING ON THE AFFECTED COMPUTER DIRECTLY: Print out these instructions as we will need to close every window that is open later in the fix. Due to this malware infecting Internet Explorer, it is suggested that you use Firefox or another browser when following these instructions.
• Before we can do anything we must first end the Cyber Security process so that it does not interfere with the cleaning process. You will first need to Execute rkill.exe in order to automatically attempt to stop any processes associated with Cyber Security and other Rogue programs. Please be patient while the programs looks for various programs and closes them. When it has finished, the black window will automatically close. Do not reboot your computer at this point, or the programs will start again.
• Just to be sure, we will use another program to verify that the processes are indeed terminated.  Execute Procexp.exe file on your desktop. You now need to rename that file to iexplore.exe. To do this, right-click on the Procexp.exe and select Rename. You can now edit the name of the file and should name it to iexplore.exe. Once it is renamed you should double-click on the file to launch it.
• Once the program is running, you should be presented with a screen similar to the one below.
  

• Scroll through the list of running programs until you see a process named tsc.exe. When you see this process, select the tsc.exe process by left-clicking on it once so it becomes highlighted. Then click on the red X button as shown in the image below. Newer versions of this executable may be using names consisting of random numbers or characters. If you see a process that is composed of random numbers or characters and has a shield icon or a padlock icon next to it, then you have found the process you need to terminate. If you do not see any processes using random characters or with the name tsc.exe, please continue to step 9.
  

• When you click on the red X to kill the process, Process Explorer will ask you to confirm if you are sure you want to terminate it. At this point you should press the Yes button in order to kill the process.

Read more…

Running managed tasks or executing powershell scripts from the command line normally isn’t a difficult task, but when interfacing with Exchange it is a little more complex. Exchange uses an exported Microsoft Powershell Console (.psc1) – using Exchange specific cmdlets won’t work in PowerShell unless you’re using this exported .psc1.

If you right-click on the Exchange Management Shell shortcut, you can find the command being used to execute Powershell using this .psc1 console, followed by the command to run. Mine looks like this:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -PSConsoleFile "D:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1" -noexit -command ". 'D:\Program Files\Microsoft\Exchange Server\bin\Exchange.ps1'"

Modify the entry in the final set of quotes, and remove the “-noexit” switch. The -noexit switch is used to keep PowerShell open after the command runs – if you’re running this as a scheduled task, or as a single scripted task, you don’t want PowerShell to remain open. After modification, my entry now looks like this:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -PSConsoleFile "D:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1" -command "C:\ps_scripts\script.ps1"

This executes “C:\ps_scripts\script.ps1″ inside the Exchange Management Shell.

Update 01/22/10 – You can also put the following line in the first part of your powershell script, and you can execute the script without the -psconsolefile command:

Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue

Many of the initial configuration tasks have added complexity with Server Core – OS Activation is one of them. I’ve included some points to consider, and the required commands to activate your Server 2008 Core Edition.

• Configure your IP settings! If you can’t ping an outside web site (assuming you are allowing echo requests from this system), you won’t be able to activate using online activation.
• Check your time zone. A mismatch of your configured time zone and IP, in my experience, can cause problems.
  • From anywhere in the command prompt, or C:\windows\system32 if you choose – run “timedate.cpl” to change your time and date settings.

The first step is to input your key. To do so, use the following command:

slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

It’s important that you DO enter the dashes along with your key. Failure to use the dashes means your system will not properly recognize the key.

Then, once the key is input, activate online using the following command:

slmgr.vbs /ato

If you are looking for additional slmgr.vbs options, use the /? switch and it will display a pop-up with all available switches.