Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Monday, November 30, 2009

How to configure TS Gateway and AD in a DMZ?

Remember from class that there are scenarios when the Remote Desktop Gateway server needs to be a member of the Active Directory environment:

· If you configure a TS Gateway authorization policy that requires that users be domain members to connect to the TS Gateway server.

· If you configure a TS Gateway authorization policy that requires that client computers be domain members to connect to the TS Gateway server.

· If you are deploying a load-balanced TS Gateway server farm.

The article below gives detailed information on what DMZ sceneries will work with Active Directory and Remote Desktop Gateway.

Wednesday, November 25, 2009

Shutdown switches for Server Core.

Below is a copy of the help file for the Shutdown Command.

Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f]

[/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]

No args Display help. This is the same as typing /?.

/? Display help. This is the same as not typing any options.

/i Display the graphical user interface (GUI).

This must be the first option.

/l Log off. This cannot be used with /m or /d options.

/s Shutdown the computer.

/r Shutdown and restart the computer.

/g Shutdown and restart the computer. After the system is

rebooted, restart any registered applications.

/a Abort a system shutdown.

This can only be used during the time-out period.

/p Turn off the local computer with no time-out or warning.

Can be used with /d and /f options.

/h Hibernate the local computer.

Can be used with the /f option.

/e Document the reason for an unexpected shutdown of a computer.

/m \\computer Specify the target computer.

/t xxx Set the time-out period before shutdown to xxx seconds.

The valid range is 0-600, with a default of 30.

Using /t xxx implies the /f option.

/c "comment" Comment on the reason for the restart or shutdown.

Maximum of 512 characters allowed.

/f Force running applications to close without forewarning users.

/f is automatically set when used in conjunction with /t xxx.

/d [p|u:]xx:yy Provide the reason for the restart or shutdown.

p indicates that the restart or shutdown is planned.

u indicates that the reason is user defined.

if neither p nor u is specified the restart or shutdown is unpl


xx is the major reason number (positive integer less than 256).

yy is the minor reason number (positive integer less than 65536).

Reasons on this computer:

(E = Expected U = Unexpected P = planned, C = customer defined)

Type Major Minor Title

U 0 0 Other (Unplanned)

E 0 0 Other (Unplanned)

E P 0 0 Other (Planned)

U 0 5 Other Failure: System Unresponsive

E 1 1 Hardware: Maintenance (Unplanned)

E P 1 1 Hardware: Maintenance (Planned)

E 1 2 Hardware: Installation (Unplanned)

E P 1 2 Hardware: Installation (Planned)

P 2 3 Operating System: Upgrade (Planned)

E 2 4 Operating System: Reconfiguration (Unplanned)

E P 2 4 Operating System: Reconfiguration (Planned)

P 2 16 Operating System: Service pack (Planned)

2 17 Operating System: Hot fix (Unplanned)

P 2 17 Operating System: Hot fix (Planned)

2 18 Operating System: Security fix (Unplanned)

P 2 18 Operating System: Security fix (Planned)

E 4 1 Application: Maintenance (Unplanned)

E P 4 1 Application: Maintenance (Planned)

E P 4 2 Application: Installation (Planned)

E 4 5 Application: Unresponsive

E 4 6 Application: Unstable

U 5 15 System Failure: Stop error

E 5 19 Security issue

U 5 19 Security issue

E P 5 19 Security issue

E 5 20 Loss of network connectivity (Unplanned)

U 6 11 Power Failure: Cord Unplugged

U 6 12 Power Failure: Environment

P 7 0 Legacy API shutdown

Tuesday, November 24, 2009

Is there an ESCAPE key in Powershell?

Yes there is. In other programming languages, you may have encountered the backslash ( \ ) and the start of an escape sequence. It is a little different in PowerShell. We use the backtick character ( ` ). It is usually found on the key to the left of the number ( 1 ) key and shares the key with the tilde ( ~ ). Here are a few examples

Character Escape Code

Null `0

Alert `a

Backspace `b

Form Feed `f

New Line `n

Carriage Return `r

Tab `t

Vertical quote `v

Below is a script the will demonstrate a few of these.

# ======================================

# Script Name: EscapeCodeDemo.PS1

# Author: Jason A.Yoder, MCT

# Company: MCTExpert, Inc.

# Website:

# Blog:

# Version: 1.0

# Created: September 14, 2009

# Purpose: To demonstrate the different

# escape sequences in PowerShell.

# ======================================

# ======================================

# Script Body

# --------------------------------------


Write-Host " Each of the following" `

"lines will demonstrate a different" `

"Escape Code"

Write-Host " "

Write-Host "Demonstration of TAB and " `

Write-Host "Form Feed"

Write-host "Name `t IPAddress `t Location `n"

Write-host "Apple `t `t Indianapolis" `n

Write-Host "Orange `t `t Tampa"

Write-host "Banana `t `t Ancorage"

Write-host "Pear `t `t London `f"

Write-host "Peach `t `t Paris"

# ======================================

# End of Script Body

# ======================================

Should you need to use the backtick for something else, I suggest you read the following article from Lee Desmond

Monday, November 23, 2009

Can you specify the connection to reconnect to in Terminal Server?

You can utilize the TSCON command to connect to a active or disconnected session.


I did find a warning about consoles being unlocked from this command so you may also want to look at this article:

I did notice that in testing, this transfers the connection to your console and ends the connection with the client that the user in logged in on.

Wednesday, November 18, 2009

Does MCP Certifications Expire?

Microsoft Certifications do not expire. They simple lose value with time. For example, an MCSE on Windows NT 4 was all the rage in 1998. In 2009, that certification will not go far in a job interview. Microsoft publishes "upgrade" exams to help keep you up to date in your certification. The upgrade exams test you thoroughly on the new features of the OS. If you were starting for scratch or with a very outdated MCSE, you will have to take all the exams. This will not only test your knowledge of the new features, but also the basics that the certification requires.

Here is a little Q and A I pulled from a Microsoft site:

Q. How long will the certification be valid?


For our newest credentials, such as Microsoft Certified Technical Specialist (MCTS), Microsoft Certified IT Professional (MCITP), and Microsoft Certified Professional Developer (MCPD), the credential retires along with the product support for the technology being tested. The credential will still appear on your transcript but will be listed as retired. In most cases, an upgrade path (usually one exam) will be available for individuals who have that credential so that they can demonstrate their skills on the newest version of the technology without completing all exams associated with the new credential.

The legacy Microsoft credentials, such as Microsoft Certified Systems Engineer (MCSE) and Microsoft Certified Systems Administrator (MCSA) do not expire, but as Microsoft releases new versions of the associated technology, these credentials are likely to be valued less by the industry.

Q. Do hiring managers really value certification?


During a recent poll of IT hiring managers, 55 percent said that they consider employee certification as a criterion for hiring, and 63 percent of hiring managers said that they believe certified employees are more productive than noncertified employees.

Tuesday, November 17, 2009

Are there any SQL Snapins for PowerShell?

Yes there SQL SanpIns for PowerShell. SQL is not my cup of tea so here is a link to a blog article by Rob Farley, owner of LobsterPot Solutions.

Monday, November 16, 2009

Control user experience through GPO in Terminal Services.

The users experience in Remote Desktop is going to be controlled by one of three ways.

1) You can configure the options on the Remote Desktop Connection on each workstation. That is not ideal in any environment beyond one or two clients. You can control

2) You can open Terminal Services Configuration. Right click RDP and select Properties. Then under the Client Settings tab, you can control the color depth and device redirection for that Terminal Server.

3) You can utilize GPOs at Computer Configuration à Policies à Administrative Templates à Windows Components à Terminal Services à Terminal Server

Remember to test your users experience across the slowest network connection that will be used. Latency will drive up cost due to lost productivity, not to mention your users tempers. Easy ways to decrease latency is to limit the maximum color depth. Many application will work well in 8 or 15 bit color. Restricting device redirection may also help prevent non business devices from consuming precious bandwidth.

Wednesday, November 11, 2009

If you name a computer and then prestage it, will it change the name?

For prestaging to work in Windows Server 2008, you need to have WDS (Windows Deployment Services) installed. This is a role and can be installed from the Server Manager. Once WDS is installed, it makes a change to Active Directory Users and Computers. Before this change, when you create a computer name, it would not give you the option to set This is a managed computer. You would simply click OK and be done. After the change, you would enter the computers name and click Next. At this point you can provide the GUID for the new computer. You will find the GUID on the computer or on the shipping material. Now the computer is ready for installation utilizing WDS. The name will then be changed to what you set it to.

Tuesday, November 10, 2009

How to access remote computers with PowerShell?

Windows PowerShell V2 allows you to access remote computers and execute PowerShell commands on those remote clients. The following steps illustrate how to create a session with a single client.

For every client that we will be remotely accessing, we need to run the command:

  • Winrm quickconfig
  • Press Y at all prompts.

This will open the ports on the firewall that we need open for remote management.

Now, on the copmuter that will be making the remote connection, type:

  • Enter-PSSession –computerName ComputerName

In my case, the ComputerName parameter is MCT-1. Once the session is established, your prompt will look like this:

[MCT-1]: PS C:\Users\Administrator\Documentss>

Go ahead and type Get-Service. You should notice that what is returned is the services from the remote client.

Type Exit to return to your local client.

Now what about multiple sessions?

Once you have run WinRM QuickConfig on multiple clients, you can set up multiple sessions.

My current setup has me on a computer named MCT-Win7-1 I want to set up a session to two other clients, MCT-1 and MCT-Win7-2. I type in this command:

New-PSSession MCT1, MCT-Win7-2

What comes back are the session numbers. With this method, you can only have on session open at a time. To access one one of the sessions, type Enter-PSSession –ID and then the session number.

Once you have comleted your work with that client, type Exit.

You can get a list of all open sessions by typing Get-PSSession.

So how do you run a command in all sessions? First lets save the current sessions in a variable.

$PSList = Get-PSSession

Now, we are going to use the Invoke-Command commandlet.

Invoke-Command –session $PSList –scriptblock {Get-Service}

From here you will receive a list of the data returned.

You can close the sessions in one of two ways.

Remove-PSSession – ID SessionNumber


Remove-PSSession –session $PSList

Monday, November 9, 2009

What does the Delegate default credentials in lab 1 of MOC 6428 do?

In lab 1, Exercise 1, Task 4, we were asked to set a GPO policy to Allow Delegating Default Credentials. We set this delegation to NYC-TS-01 which was our terminal server. The reason that we did this was to support the SSO (Single Sign On) capability in Windows Vista and Windows 7. You may notice that when credentials are required, the client goes into the secure desktop mode. Not even the client software knows what you have typed. This is a security enhancement for you Windows Vista, Win7 and Win2008 environments.


Wednesday, November 4, 2009

When executing MSTSC /Admin, is it really the console you are on?

Testing shows that the Session ID is and RDP Session and not console when launching a remote session with the command MSTSC /admin. The purpose behind this is to allow you to connect to a terminal server without consuming a TS CAL.


Tuesday, November 3, 2009

How to parse data in an XML file.

PowerShell gives us many options for working with different types of data. One of the questions from class was how to parse through data in an XML file. Before we explore parsing through an XML file, we need to first create one.

Get-Process | Export-Clixml C:\xmlfile.xml

If you double click the xmiFile.xml, it will open to show you the contents of the file in XML.

Now we need to import this file into a variable so we can work with it.

$a = import-Clixml c:\xmlfile.xml

We can view the contents of the file by typing $a.

Since we exported an object to the XML, the import will have properties. Go ahead and type $a | gm. The data was also entered into the variable $a as an array. Type $a.count to get the number of cells in the array. Since the variable is an array with properties, we can enumerate the values of each item. For example, type $a[0].name. Using this information we can parse the data for what we are looking for.

Let's filter the data:

$a | where {$_.cpu -gt 20}

By filtering, you can isolate the information that you are interested in. For Example, $A | FL Name, CPU. To find out all the properties that you can call up, type: $A | gm - MemberType Property

Monday, November 2, 2009

When you remove the Run command from the start menu in a GPO, does it also remove it from the task manager?

Years back during the NT4/Win95 days, you were able to remove the users ability to run programs using the Windows NT4 system policies. The problem was that there were multiple ways to execute a program that the system policies did not address. Flash forward to Windows Sever 2008. By setting the Group Policy setting of User Configuration\Administrative Templates\Start Menu and Taskbar\

Remove Run menu from Start Menu to Enable, you will do the following.

· The Run command is removed from the Start menu.

· The New Task (Run) comm.

· and is removed from Task Manager.

· The user will be blocked from entering the following into the Internet

· Explorer Address Bar:

o A UNC path: \\\

o Accessing local drives: e.g., C:

o Accessing local folders: e.g., \temp>

David discovered that you can still get to the CMD window with this procedure:

· [Window Key] E will open Windows Explorer.

· Browse to C:\Windows\System32

· Launch CMD.exe.

To help curve any “work arounds”, set the following group policy objects in the appropriet place for your organization:

· User Config \ Admin Templates\ System\ Prevent access to the command prompt

· User Config \ Admin Templates\ System\ Ctrl+Alt+Del Options! Remove Task Manager

That prevents CMD.EXE but worked. OK, now we must set a software restriction policy to prevent for executing, no matter where the user moves it. For that, we will use the Hash software restriction policy:

In your Group Policy:

· Copy COMMAND.COM to your server at c:\Windows\System32.

· Computer Configuration à Policies à Windows Settings

· Right click Software Restriction Policy and click New Software Restriction Policies.

· Right click Additional Rules à New Hash Rule.

· Click Browse to C:\Windows\System32\

· Click OK

· To allow administrators to still be able to use the software that you have restricted:

o IN the Software Restriction GPO.

o Double click Enforcement

o Select All users except local administrators.

Since we used a Hash rule, moving or even renaming the file will not allow it to run.