Build your own PowerShell universe

The PowerShell profile. In essence it’s nothing more than a personal script that runs each time you start PowerShell. But it’s possibilities are endless. But I’ll get to the possibilities later. Let’s first examine whether we have a profile.

 

Determining the location of your profile is easy. Just look at the value of the $profile variable:

PS D:\> $profile

C:\Documents and Settings\PeetersHJ\My Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

 

Now lets see whether this file exists:

PS D:\> Test-Path $profile

True

 

If it returns False, you can easily create it:

PS D:\> New-Item $profile -itemType file

 

 Directory: Microsoft.PowerShell.Core\FileSystem::C:\Documents and Settings\PeetersHJ\My Documents\WindowsPowerShell

 

Mode                LastWriteTime     Length Name

—-                ————-     —— —-

-a—         29-4-2008     10:10          0 Microsoft.PowerShell_profile.ps1

 

Now we can open the file and start editing it. We could browse to the location of the file and double-click it. But hey, we’ve got PowerShell. It makes life easy:

PS D:\> Invoke-Item $profile

 

What type of commands would you like to run each and every time you start PowerShell?

 

Maybe you would like to start at the root of your script directory:

Set-Location D:\scripts

 

How about storing some variables for use in your daily routines:

$weddingday = Get-Date -year 2006 -month 10 -day 13

 

But the real fun starts when using functions and filters.

A function is a command that optionally takes input and will generate output, while saving you from typing those same lines of code over and over again. A big advantage is that you can use this function in your scripts and only have to change one line of code instead of every occurrence in all your scripts when making modifications.

A filter has the same advantages. It allows you to replace complex scriptblocks and centralize them.

 

For example:

function Cred

{

$global:cred = Get-Credential $User

}

A simple function I use a lot. It asks for credentials and stores them in the $cred variable. It allows me to use -Credential $cred in all subsequent commands that need alternate credentials. The variable $user is defined earlier in my profile as “DOMAIN\adminuser”.

 

filter PRD

{

$_.Description -like “*@PRD*”

}

Filters like this one allow me to filter search results (in this case of AD computers) using the following syntax: |Where {PRD}.

 

PS: Did you notice the word global in the Cred function? $global:var turns the variable $var into a global variable, which allows it to be used throughout your PowerShell session. Without the global, the variable would only exist during the execution of the function. This can be handy when you need a temporary variable inside your function, instead of a variable that is the result of your function.

»crosslinked«

Quest can’t keep a secret?

Quest Software provides PowerShell users with the possibility to manage Active Directory quickly and easily through their free Active Directory cmdlets. I love using PowerShell to get the exact information I need, using a single line of code. The following oneliner for instance returns the description of a server:

 

(Get-QADComputer -Name TESTSERVER -Credential $(Get-Credential TESTDOMAIN\TESTUSER)).Description

 

Isn’t that way cooler then opening Active Directory Users and Computers, searching for the server and opening the properties dialog? It might not be faster of less work, but it does exactly what I want. I think it’s pretty elegant.

 

I found a strange flaw in the way the Quest cmdlets handle my credentials though.

 

The native PowerShell Get-Credential command allows you to supply network credentials, when connecting to remote computers for example. As a security precaution, your password is stored in a secure manner. Check this out:

 

PS D:\> $cred = Get-Credential TESTDOMAIN\TESTUSER (a dialog box pops up and asks me to supply my password)

PS D:\> $cred.password

System.Security.SecureString

 

As you can see, PowerShell does not allow me to read the contents of the password property.

The stored credentials allow me to authenticate against a remote server. So while this WMI query fails:

 

PS D:\> Get-WmiObject Win32_OperatingSystem -ComputerName TESTSERVER

Get-WmiObject : Access is denied. (Exception from HRESULT: 0×80070005 (E_ACCESSDENIED))

At line:1 char:14

+ Get-WmiObject  <<<< Win32_OperatingSystem -ComputerName TESTSERVER

 

This works like a charm:

 

PS D:\> Get-WmiObject Win32_OperatingSystem -ComputerName TESTSERVER -Credential $cred

SystemDirectory : C:\WINNT\system32

Organization    : TESTORG

BuildNumber     : 3790

RegisteredUser  : TESTORG

SerialNumber    : 12345-123-1234567-12345

Version         : 5.2.3790

 

The Quest Active Directory cmdlets also allow me to use these stored credentials to connect to Active Directory:

 

PS D:\> $computer = Get-QADComputer -Name testcomputer -Credential $cred

PS D:\>$computer

Name                      Type                    DN

—-                            —-                      

TESTSERVER          computer           CN=TESTSERVER,DC=TESTDOMAIN,DC=LOCAL

 

That’s just great! But I found out recently that the object returned by this command has a property called NetworkCredential:

 

PS D:\> $computer | Format-List -Property NetworkCredential

NetworkCredential : System.Net.NetworkCredential

 

Now let’s take a look at the value of this property:

 

PS D:\> $computer.NetworkCredential | Format-List -Property *

UserName : TESTUSER

Password : SecretPassword!

Domain   : TESTDOMAIN

 

Hey, what the hell!? That’s my password! I thought it was secret!

Spring Cleanup

Spring is here! Even though it is still freezing in the mornings and we had snow at Easter, the sun is shining a lot lately, and flowers are starting to grow everywhere. And you know what spring means, don’t you? White beers and girls in summer dresses? No, not yet, that’s summer. I mean cleaning up.

When you buy a new couch and remove the old one from your livingroom, you realize how much dirt is left behind. When you buy a new printer, or some other hardware for you computer, you might grab a duster and cleanup your desk. But did you ever cleanup your Operating System when replacing a device?

Here’s how you do it:

Device Management Nonpresent Devices

Oh, and don’t forget to click View, Show Hidden Devices. See all those devices with light icons? Those were installed once, but are not present now. So select them and press Delete. But better leave the RAS Async Adapter alone. That one is supposed to stay grey and is needed for remote access.

This trick is especially helpful when migrating fysical computers to VMware (socalled P2V). You are practically replacing all the computers hardware at once, so there’s a lot to clean up.

So there you have it. Your wife asks you to help cleaning up? Sure honey, I’ll cleanup the pc!

Virtual Jedi

When you first look at the official VMware website, it looks like any other website of any other company that wants to sell their product. It’s filled with “management-talk”, nice charts and graphs and so on and so forth. But there is more than meets the eye…

 When filling in a form on the VMware website to register for the upcoming Virtualization Forum 2008, I found the possibility to enter a prefix, such as Mr. or Prof. in front of my name. And although I could not find my titles ir. or MSCE, I did find the following list:

VMware Starwars Prefixes

My first thoughts? “Rogue Leader, this is Rogue Two. I’ve got a bogey on my tail. Get rid of it R2D2!”

It turns out that these are all official Airforce titles, but I can’t help but think about a real IT-nerd, sick off all the management-talk, starwars fan of course, having a chuckle while publishing this form. It is subtle proof of the fact that VMware products are made by real people after all.

UPDATE: Strangely, the registration page on the VMware Forum website, does not contain these prefixes, while the page I found after clicking a link in the invitation thay emailed me did…

Rescan-O-Death!

VMware is great! It offers wonderfull functionality, like vmotion, High Availability, Dynamic Resource Scheduling and much more, right from a Graphical User Interface that any 11 year-old can understand.

 I really mean that. But beware! This wonderful GUI allows you to destroy your Virtual Infrastructure without warning. So you’d better know what you are doing.

 I’d like to point you to a known issue from ESX version 3.0.1 that I found still to be present in version 3.5. It’s results are not End-Of-The-World-type mayhem, but will still make the most experienced administrator break a sweat.

I’m talking about the Rescan Storage dialog:

VMware Rescan Storage

Clicking OK while both checkboxes are checked is like playing Russian Roulette with your ESX server. Most of the times you’ll be able to have a cup of coffee while this is running. But sometimes… BANG! … your ESX host hangs and you’ll be the one doing the running. Because when ESX hangs, all vm’s hang. Which causes a lot of your users to want to call you. And they won’t want to discuss the weather.

The problem is caused by a deadlock situation on the HBA and can only be resolved by a hard reset of your server.

So how do we prevent this horrible event from ever occuring, you ask? Simple. Remember to never check more than one box at a time when using this dialog.

So, how’s the weather over there?