Category Archives: Powershell

Generate List of RDS Logon and Logoff Events

A powershell script to list:

Date/Time , logon or logoff, Event ID, Username, SessionID, Source IPAddress, Computer user logged onto.
Eg:
2015-04-28T15:38:22,23,logoff,andrewst,6,,Server08
2015-04-28T15:36:37,23,logoff,sheffieldd,3,,Server10
2015-04-28T15:30:40,21,logon,ryank,4,172.16.0.122,Server08
2015-04-28T15:21:13,23,logoff,powelll,8,,Server09
2015-04-28T15:12:35,21,logon,sheffieldd,3,172.16.0.138,Server10
 You can get the script here:  http://pastebin.com/4vhqVCQE

Set-ADForestMode Fails – referral was returned from the server

Attempting to upgrade the forest mode from 2003 to 2008R2, using the command:

Set-ADForestMode –identity %FOREST% –ForestMode Windows2008R2Forest

This was failing with the error:

Set-ADForestMode : A referral was returned from the server

I found the Active Directory Web Services Service hadn’t started.

After starting this service, the Set-ADForestMode command worked fine.

Setup Powershell Remoting … Remotely

You can use Sysinternals psexec to setup powershell remoting … remotely.

Get psexec.exe from here: https://technet.microsoft.com/en-gb/sysinternals/bb897553 

The command to install it is:

psexec \%PCNAME% -h c:windowssystem32winrm.cmd quickconfig –quiet

Where %PCNAME% is the name of the PC you wish to install it on.

eg:
psexec \WA_P_023 –h:windowssystem32winrm.cmd quickconfig -quiet

Using Powershell to log Processor Temperature

I needed to log the temperature of the processor.  I found a Powershell function that could be used, but listed more information than I needed, so I modified it.  The original function can be found here. (new window).  I modified the function to only grab the temperature in Celsius, and added a log to file with Date/Time detail, as well as allow multiple processor sensors to be recorded.
This is also an example of using New-Object and Add-Member
The script can be found on pastebin here. (new window)

Ping Monitor in Powershell


I wanted a basic ping monitor that could be used with Powershell, and found the following:
This function can be Dot Sourced, see my article here.
You will need to unblock the script if you downloaded it, see my article here.
You can set the notification to trigger on ping down (-NotifyOnServerDown), ping up (-NotifyOnServerBackOnline), or both (-NotifyAll).
You can set the timeout on the ping using -sleeptimeout
An example usage would be:
start-monitor -computername QLD_CPS_24 -NotifyAll -smtpserver smtp -tonotification alerts@anonit.net -fromnotification alerts@anonit.net
 You can take a list from a file (1 name / ip per line) using the pipeline:
get-content Monitorlist.txt | start-monitor -NotifyAll -smtpserver smtp -tonotification alerts@anonit.net -fromnotification alerts@anonit.net
 When the script is running, it looks like:
The up / down notifications look like:

Dot Sourcing variable and functions in Powershell

What I sometimes have trouble with is dot sourcing the ps1 files.  Dot sourcing a file allows the variables and functions to be available after the script has run.

A simple demo of this is to create a .ps1 file containing the following:
$a=dir

We then run this .ps1 file within powershell.  When we then try to use the variable $a, nothing happens, as the variable is removed when the script finishes.

To dot Source the file, use the command:
. .Test-DotSourcing.ps1
Notice the dot space dot backslash syntax.

The variable $a is now available within that session.

To use Dot sourcing with a function, consider the following function:

function test-DotSourcing2 {
    dir
}

We can use this by firstly Dot sourcing the .ps1 file as normal, then calling the function name directly (remove the .ps1 extension). 

The function name will also be available in tab completion.

Modify Send As Permission Exchange 2010

Open Exchange Management Console

 

Click Yes on the User Account Control Dialog if it appears

On the left hand side of the screen, navigate to Microsoft Exchange -> Microsoft Exchange On-Premises -> Recipient Configuration

 

Select Mailbox


Right click on the users mailbox you wish to send on behalf, and select Manage Send As Permission…

Click Add…

 

Select the name of the user you wish to give access to, and click OK
 

Click Manage
 

Click Finish   You can also accomplish this by using Powershell.  In this example, Andrew will be given Send As permission on Craig’s mailbox:

Add-ADPermission Craig -User Andrew -ExtendedRights “Send As”

You can also use groups.  In the example below, the group called Sales Users will be given Send As
permission on Craig’s mailbox:

Add-ADPermission Craig -User “Sales Users” -ExtendedRights “Send 
As”

To removing Send As:

Remove-ADPermission Craig -User Andrew -ExtendedRights “Send As”

This will prompt for confirmation, and the confirmation warning is a bit counter intuitive:

Confirm
Are you sure you want to perform this action?
Removing Active Directory permission “Craig” for user “Andrew” with access rights “‘Send As'”.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is “Y”): y

This means that this will remove Andrew’s send as permission on Craig’s mailbox.

Deleting Metro Apps for all users in Windows 8.1

If you get OEM machines, you may get a bunch of applications preinstalled.  The normal applications can be removed from Add/Remove programs.  Some, specifically from the store or ‘Metro Apps’ can only be uninstalled per user.  Creating a new user will reinstall the applications.  To delete these, you will need to user Powershell.
The following code will remove the any provisioned application that has the name *evernote*, so it will no longer be installed for any new user.  It will also uninstall it for the current logged on user.  It will NOT uninstall it for any other user accounts.  This will need to be run as administrator:

$AppsToDelete=”*evernote*” 
Foreach ($AppName in $AppsToDelete)
{
    get-appxprovisionedpackage -online | where packagename -like $AppName | remove-appxprovisionedpackage -Online
    Get-AppxPackage -name $AppName -allusers | Remove-AppxPackage
}

You can also use the variable $AppsToDelete as an array, and delete multiple (This will delete applcations with the following in the name:  Evernote, Accuweather, Kindle, Companion, Quickcast, LenonoSupport, LenovoSettings, Symantec, YouSendIt, Zinio:

$AppsToDelete=”*evernote*”,”*accuweather*”,”*Kindle*”,”*companion*”,”*Quickcast*”,”*LenovoSupport*”,”*LenovoSettings*”,”*Symantec*”,”*YouSendIt*”,”*Zinio*”
Foreach ($AppName in $AppsToDelete)
{
    get-appxprovisionedpackage -online | where packagename -like $AppName | remove-appxprovisionedpackage -Online
    Get-AppxPackage -name $AppName -allusers | Remove-AppxPackage
}

Once major problem is it wont uninstall the application for users that have already had a profile created, and the application installed for them.  They will need to uninstall the application individually.

Source:
http://www.softwareok.com/?seite=faq-Windows-8&faq=60