Windows 7 & RSAT

I finally found some time today to upgrade my primary work machine to Windows 7 RTM (Yeah). Since I do a lot of system administration one of the first things I put on there was my Powershell tools and RSAT. I went and got the RSAT tools from the MS website, I install it, go into “turn on/off Windows features” menu and click the to level check for RemoteAdministrationTools, in the hope that it would select all the admin tools, but no!
I have to check each and everyone..

Then I remembered a while back on the Minasi forum, it was discussed if there was an easier way, and Mark said: “There is probably a one line DISM command for that”, so I took a look at DISM, and found that to my (albeit limited) knowledge there was no way to install all the tools at once.

So I thought to myself, well I guess I have to do it in powershell then, so I started out writing a small script to enable all the admin tools one by one.

Then suddenly Marks words sprung to mind again, “there is probably a DISM oneliner to do this), so I rewrote my little script to a oneliner, here is what I ended up with:
[ps]
#
#Enable RSAT features
dism /online /get-features | Select-String -Pattern remote* | %{$Exec = "dism.exe /online /enable-feature /featurename:RemoteServerAdministrationTools /featurename:" + ($_).ToString().Replace(‘Feature Name : ‘,”); Invoke-expression $Exec}
[/ps]
Dism requires admin permissions, so you need to run this elevated.

Here is what it does:
[ps]
dism /online /get-features
[/ps]
Uses DISM to retrieve a list of available “features”
That list is then piped into a Select-string statement, that selects all that contain the string “Remote*”, which luckily all the admin tools does :)

Each of the selected strings are then “piped along the pipeline” in the next command, which is a bit more complicated:

[ps]
%{$Exec = "dism.exe /online /enable-feature /featurename:RemoteServerAdministrationTools /featurename:" + ($_).ToString().Replace(‘Feature Name : ‘,”); Invoke-expression $Exec}
[/ps]
% = foreach, so foreach string the Select-String returns, I start to build the $exec variable, the first part of the variable is just text "dism.exe /online /enable-feature /featurename:RemoteServerAdministrationTools /featurename:" this next part is where the feature name is extracted: ($_).ToString().Replace(‘Feature Name : ‘,”). What it does is it converts the output from Select_String ($_) into a string, on that string it replaces “‘Feature Name : “, with nothing “”, so that the $exec variable will end up containing the the initial string, plus the name of the “current” “feature” in the pipeline, giving a full command that can be executed, something like this dism.exe /online /enable-feature /featurename:RemoteServerAdministrationTools /featurename:RemoteServerAdministrationTools-Roles-AD. Then it is “executed” by the Invoke-expression $exec.

So since what I do is just creating a regular commandline expression and executing it, there is not reason why I cannot just export the result to a batch file, which I can edit and run.
[ps]
#
#Output DISM RSAT commands to file
dism /online /get-features | Select-String -Pattern remote* | %{$Exec = "dism.exe /online /enable-feature /featurename:RemoteServerAdministrationTools /featurename:" + ($_).ToString().Replace(‘Feature Name : ‘,”);Out-File -InputObject $Exec -FilePath c:\test.bat}
[/ps]

Hope this was usefull

Read More

Playing around with profiles.

In PowerShell you have the option create custom profiles that you can use, in the profiles you can create different aliases, change the prompt and a lot of other things, today we will look at adding some info to prompt. First we need to open profiles.ps1 , this file can be put in the WindowsPowershell folder under System32, or in the users \My Documents\WindowsPowerShell. If you are running vista, and want to play around with your profiles.ps1 file, I would put it in the \My Documents\WindowsPowerShell folder, since you have permission to write to files in that dir. (You can read more about profiles here
Well ok… on with the coding.. Lets say you want to add some basic info to your prompt.
When you start up powershell for the first time, your prompt will be defined as

 “PS “ + $(get-location) + ">”

When you open your profile.ps1 file (There is a template in C:\Windows\System32\WindowsPowerShell\v1.0\Examples\profile.ps1) you will find a function called
“ prompt”, this is where you will make the following changes.
The simplest alteration you can make is changing PS to your name

“Xenophane “ + $(get-location) + ">”
Will give a prompt like this “Xenophane C:\Users\xen\_”

What if you want to know something about the system at the prompt, is that possible…. Of course it is…
Let say you want to know how many processes you are running


function prompt
{
"Processes " + (Get-Process).Count+ " " + $(get-location) + "> "
}

Will give you a prompt like this: “ Processes 71 C:\Users\ctn\_”

But it is very annoying to see that info on the same line as your cursor, so lets add the info on the line over the cursor, and add some more information.


function prompt
{
[wmi]$Global:Cdrive=Get-WmiObject -query "Select * from win32_logicaldisk where deviceid='c:'"
#Define Cdrive as global variable, which is type cast as a wmi
$processcount=(Get-Process).Count
#Define variable processcount as number of processes running
$cpuload=(Get-WmiObject win32_processor).loadpercentage
#cpuload is defined as a variable
$diskinfoC=" Free C: "+"{0:N2}" -f (($global:Cdrive.freespace/1gb)/($global:cdrive.size/1gb)*100)+"%"
#diskinfoC is defined, {0:N2} is .NET for 2 decimal places, -f is a the "format" property of the string object.
# Then the amount of free space on drive C is divided by the size of drive C multiplies by 100 to get
#the percentage of free space.
$time=Get-WmiObject -class Win32_OperatingSystem
#Define $time is object Win32_OperatingSystem
$t=$time.ConvertToDateTime($time.Lastbootuptime)
#Define #t as the result of the convertion of LastBootuptime into a readable dateTime format.
[TimeSpan]$uptime=New-TimeSpan $t $(get-date)
#Typecast the variable $uptime as a [timespan], the timespan cmdlet in powershell is a way to do date arithmetic in ps
#This way we can compare our variable $t (Which was Lastbootuptime) and the current time Get-date cmdlet
$up="$($uptime.days)d $($uptime.hours)h $($uptime.minutes)m $($uptime.seconds)s"
#define variable $up to display the uptime in days/hours/minuted/seconds
$TextToDisplay="CPU:"+$cpuload+"% Processes:" + $processcount + $diskinfoC+ " " + $diskinfoG+ " "+ ([char]0x25b2)+$up +" "+(Get-Date -format g)
#define one variable that contains all the data we collected so far.
Write-Host -fore red $TextToDisplay
#Write the information to the screen in red
Write-Host "My PoSh:" $(get-location) -nonewline
#Display the regular prompt.
}

One other thing to be aware of is that PowerShell by default will not let you run scripts, so in order to run scripts like profile.ps1 you need to loosen up the security, to get help you can type the command “get-help about_signing” in a powershell command prompt. I have chosen to use RemotedSigned which will let me run scripts locally on the machine. But you can read about the different security levels in the help file.

Profile txt file

Read More

Getting info from the eventlog with PowerShell

Started playing around with PowerShell, so I thought I would post a few simple things on the blog, maybe you won’t find it interesting, but it is a good way for me to remember, so BLAH!.

First in order to get information from the eventlog you call the cmdlet called:
get-eventlog

Then you need to tell it what you want to get.
get-eventlog -logname Application

Which will get you the Application log on the local machine.

That will list the entire Application eventlog to the screen, which is usually a lot of data. So we want to be able to pick specific data out of the eventlog, and here is a way to do it.

get-eventlog -logname Application -newest 50 | where {$_.EventID -eq "1"}

What this does is, it gets the Application eventlog, and gives me an object with the newest 50 entries, i pipe this object into another function called “where”,  I tell “where” to show me all objects where EventID is equal to 1. I this case you see I use $_.EventID, the $_ in powershell represents the object the as being passed into the new function, so in this case $_ represents the newest 50 values in the Application Eventlog.

Read More