Windows/powershell: Unterschied zwischen den Versionen
Cbs (Diskussion | Beiträge) |
Cbs (Diskussion | Beiträge) |
||
(10 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 29: | Zeile 29: | ||
Get-Module -ListAvailable | Get-Module -ListAvailable | ||
+ | |||
+ | |||
+ | == import system modules == | ||
+ | |||
+ | ImportSystemModules | ||
+ | |||
+ | |||
+ | == get/set netconnectionprofile == | ||
+ | |||
+ | <pre> | ||
+ | PS C:\> Get-NetConnectionProfile | ||
+ | |||
+ | Name : arifleet.com | ||
+ | InterfaceAlias : Internal | ||
+ | InterfaceIndex : 1 | ||
+ | NetworkCategory : DomainAuthenticated | ||
+ | IPv4Connectivity : LocalNetwork | ||
+ | IPv6Connectivity : LocalNetwork | ||
+ | |||
+ | Name : Network | ||
+ | InterfaceAlias : Internet | ||
+ | InterfaceIndex : 3 | ||
+ | NetworkCategory : Public | ||
+ | IPv4Connectivity : LocalNetwork | ||
+ | IPv6Connectivity : LocalNetwork | ||
+ | |||
+ | PS C:\> Set-NetConnectionProfile -InterfaceIndex 3 -NetworkCategory Private | ||
+ | </pre> | ||
Zeile 52: | Zeile 80: | ||
</pre> | </pre> | ||
+ | Without stopping w32time: | ||
+ | |||
+ | w32tm /config /syncfromflags:manual /manualpeerlist:"time.domain.tld time2.domain.tld" /reliable:yes /update | ||
+ | |||
+ | Sync with timeservers: | ||
+ | |||
+ | w32tm /resync /force | ||
== Get Service names == | == Get Service names == | ||
Zeile 96: | Zeile 131: | ||
Get-ADComputer -SearchBase 'OU=Build,OU=MemberServers,dc=europe,dc=arifleet,dc=com' -Filter '*' | Get-ADComputer -SearchBase 'OU=Build,OU=MemberServers,dc=europe,dc=arifleet,dc=com' -Filter '*' | ||
+ | |||
+ | == DNS == | ||
+ | |||
+ | === set secure zone transfer servers === | ||
+ | |||
+ | For all Zones: | ||
+ | |||
+ | Get-DnsServerZone | Select-Object zonename | Set-DnsServerPrimaryZone -SecureSecondaries TransferToSecureServers -SecondaryServers <IP-1>,<IP-2>,<IP-n> | ||
Zeile 123: | Zeile 166: | ||
$photo = [byte[]](Get-Content path of pic -Encoding byte) | $photo = [byte[]](Get-Content path of pic -Encoding byte) | ||
Set-ADUser username -Replace @{thumbnailPhoto=$photo} | Set-ADUser username -Replace @{thumbnailPhoto=$photo} | ||
+ | |||
+ | |||
+ | |||
+ | == get .Net Version installed == | ||
+ | |||
+ | wmic /namespace:\\root\cimv2 path win32_product where "name like '%%.NET%%'" get name,version | ||
+ | |||
+ | == get ACL folder permissions == | ||
+ | |||
+ | get-acl C:\folder | Format-List | ||
+ | |||
+ | |||
+ | |||
+ | == get/set/copy NTFS permissions == | ||
+ | |||
+ | Copy some folder eg. E:\Data to F:\DataNew <br/> | ||
+ | <br/> | ||
+ | Since the old and new foldernames differ, we'll have to get the permissions of the root folder: | ||
+ | |||
+ | cd E:\data | ||
+ | icacls . /save ..\DATA-root_perms.txt /c | ||
+ | |||
+ | now we tell icacls that it should get the content of our root folder and traverse (/t) through folder-structure: | ||
+ | |||
+ | icacls .\ /save ..\DATA_perms.txt /c /t | ||
+ | |||
+ | now we have 2 permission files which we can restore on the new folder: | ||
+ | |||
+ | cd F:\DataNew | ||
+ | icacls . /restore E:\DATA-root_perms.txt /c | ||
+ | icacls .\ /restore E:\DATA_perms.txt /c | ||
+ | |||
+ | If you have the same folder name, e.g. you copy from E:\data to F:\data you can do this: | ||
+ | |||
+ | cd e: | ||
+ | icacls .\Data /save .\DATA_perms.txt /c /t | ||
+ | icacls F: /restore E:\DATA_perms.txt /c | ||
+ | |||
+ | where: | ||
+ | |||
+ | /t Traverse through folders | ||
+ | /c Continue on errors | ||
+ | |||
+ | |||
+ | |||
+ | == SCCM Related == | ||
+ | |||
+ | === Pull pending updates and install === | ||
+ | |||
+ | <pre> | ||
+ | function Get-CMMissingUpdate { | ||
+ | |||
+ | param ( | ||
+ | $computer = "localhost" | ||
+ | ) | ||
+ | |||
+ | Get-WmiObject -Query "SELECT * FROM CCM_SoftwareUpdate" -Namespace "ROOT\ccm\ClientSDK" -ComputerName $computer | ||
+ | |||
+ | } | ||
+ | |||
+ | |||
+ | function Install-CMMissingUpdate { | ||
+ | |||
+ | param ( | ||
+ | $computer = "localhost" | ||
+ | ) | ||
+ | |||
+ | ([wmiclass]'ROOT\ccm\ClientSDK:CCM_SoftwareUpdatesManager').InstallUpdates([System.Management.ManagementObject[]] ( | ||
+ | Get-WmiObject -Query 'SELECT * FROM CCM_SoftwareUpdate' -namespace 'ROOT\ccm\ClientSDK')) | ||
+ | |||
+ | } | ||
+ | </pre> |
Version vom 5. Oktober 2018, 12:18 Uhr
Snippets for powershell
Note that Exchange-related powershell commands should be listed here
Inhaltsverzeichnis
- 1 execution policy
- 2 external AD-snapin
- 3 get loadable modules
- 4 import system modules
- 5 get/set netconnectionprofile
- 6 get primary DC (PDC)
- 7 timeserver settings
- 8 Get Service names
- 9 Get Group Memberships of AD-Object
- 10 Search/Filter Users
- 11 Search/Filter Computers
- 12 DNS
- 13 robocopy
- 14 set thumbnail-image
- 15 get .Net Version installed
- 16 get ACL folder permissions
- 17 get/set/copy NTFS permissions
- 18 SCCM Related
execution policy
Set-ExecutionPolicy Unrestricted
possible values:
help about_Execution_Policies
external AD-snapin
http://software.dell.com/products/active-roles/powershell.aspx
Nach der Installation dann mit folgendem command einbinden:
Add-PSSnapin Quest.ActiveRoles.ADManagement
Und damit kannst du dann tolle Sachen machen wie:
Get-QADGroup -ContainsMember username
get loadable modules
Get-Module -ListAvailable
import system modules
ImportSystemModules
get/set netconnectionprofile
PS C:\> Get-NetConnectionProfile Name : arifleet.com InterfaceAlias : Internal InterfaceIndex : 1 NetworkCategory : DomainAuthenticated IPv4Connectivity : LocalNetwork IPv6Connectivity : LocalNetwork Name : Network InterfaceAlias : Internet InterfaceIndex : 3 NetworkCategory : Public IPv4Connectivity : LocalNetwork IPv6Connectivity : LocalNetwork PS C:\> Set-NetConnectionProfile -InterfaceIndex 3 -NetworkCategory Private
get primary DC (PDC)
Netdom Query Fsmo
timeserver settings
query source servers:
w32tm /query /source
set source servers:
net stop w32time; w32tm /config /syncfromflags:manual /manualpeerlist:10.2.8.3; w32tm /config /reliable:yes; net start w32time;
Without stopping w32time:
w32tm /config /syncfromflags:manual /manualpeerlist:"time.domain.tld time2.domain.tld" /reliable:yes /update
Sync with timeservers:
w32tm /resync /force
Get Service names
Get-Service | Where-Object {$_.displayName.StartsWith("watch")} | Select name
get services and run state:
Get-Service | Where-Object {$_.displayName.contains("smartFIX ")}
get list of services that start with watch* (case sensitive)
Get-Service | Where-Object {$_.displayName.StartsWith("watch")} | Start-Service Get-Service | Where-Object {$_.displayName.StartsWith("watch")} | Stop-Service Get-Service | Where-Object {$_.displayName.StartsWith("watch")} | Restart-Service
Get Group Memberships of AD-Object
Get-ADPrincipalGroupMembership -identity <USER>
Search/Filter Users
Get-ADUser reference: @M$
Get-ADUser -Filter * -Properties DisplayName, EmailAddress, Title -SearchBase 'OU=Fleetservices User,DC=fleetservices,DC=intra' \ -Server 'Fleetservices.intra'
or export result to CSV-File
Get-ADUser -Filter * -Properties DisplayName, EmailAddress, Title -SearchBase 'OU=HPI,DC=fleet,DC=int' \ -Server 'Fleet.int' | Export-CSV c:\temp\FleetInt.csv
get logon scripts of ad-users:
Get-ADUser -filter * -SearchBase "OU=Eschborn,OU=UserAccounts,OU=Accounts,DC=europe,DC=arifleet,DC=com" \ -properties name,scriptpath | select name,scriptpath
Search/Filter Computers
Get-ADComputer -SearchBase 'OU=Build,OU=MemberServers,dc=europe,dc=arifleet,dc=com' -Filter '*'
DNS
set secure zone transfer servers
For all Zones:
Get-DnsServerZone | Select-Object zonename | Set-DnsServerPrimaryZone -SecureSecondaries TransferToSecureServers -SecondaryServers <IP-1>,<IP-2>,<IP-n>
robocopy
robocopy F:\SOURCE D:\DESTINATION\ /MIR /FFT /Z /W:5 /tee /log:RobocopySync.log
- /MIR specifies that robocopy should mirror the source directory and the destination directory. Beware that this may delete files at the destination.
- /FFT uses fat file timing instead of NTFS. This means the granularity is a bit less precise.
- /W:5 reduces the wait time between failures to 5 seconds instead of the 30 second default.
- /Z ensures robocopy can resume the transfer of a large file in mid-file instead of restarting.
- /XA:H makes robocopy ignore hidden files, usually these will be system files that we’re not interested in.
- /log:RobocopySync.log write output into logfile instead stdout. Use in combination with /tee to get output to stdout AND logfile
- /COPY:copyflag[s] what to COPY for files (default is /COPY:DAT). (copyflags : D=Data, A=Attributes, T=Timestamps). (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).
set thumbnail-image
from an exchange server
Import-RecipientDataProperty -Identity dSchlenzig -Picture -FileData \ ([Byte[]]$(Get-Content -path ".\thumb-DOMARI.jpg" -Encoding Byte -ReadCount 0))
from an AD
$photo = [byte[]](Get-Content path of pic -Encoding byte) Set-ADUser username -Replace @{thumbnailPhoto=$photo}
get .Net Version installed
wmic /namespace:\\root\cimv2 path win32_product where "name like '%%.NET%%'" get name,version
get ACL folder permissions
get-acl C:\folder | Format-List
get/set/copy NTFS permissions
Copy some folder eg. E:\Data to F:\DataNew
Since the old and new foldernames differ, we'll have to get the permissions of the root folder:
cd E:\data icacls . /save ..\DATA-root_perms.txt /c
now we tell icacls that it should get the content of our root folder and traverse (/t) through folder-structure:
icacls .\ /save ..\DATA_perms.txt /c /t
now we have 2 permission files which we can restore on the new folder:
cd F:\DataNew icacls . /restore E:\DATA-root_perms.txt /c icacls .\ /restore E:\DATA_perms.txt /c
If you have the same folder name, e.g. you copy from E:\data to F:\data you can do this:
cd e: icacls .\Data /save .\DATA_perms.txt /c /t icacls F: /restore E:\DATA_perms.txt /c
where:
/t Traverse through folders /c Continue on errors
SCCM Related
Pull pending updates and install
function Get-CMMissingUpdate { param ( $computer = "localhost" ) Get-WmiObject -Query "SELECT * FROM CCM_SoftwareUpdate" -Namespace "ROOT\ccm\ClientSDK" -ComputerName $computer } function Install-CMMissingUpdate { param ( $computer = "localhost" ) ([wmiclass]'ROOT\ccm\ClientSDK:CCM_SoftwareUpdatesManager').InstallUpdates([System.Management.ManagementObject[]] ( Get-WmiObject -Query 'SELECT * FROM CCM_SoftwareUpdate' -namespace 'ROOT\ccm\ClientSDK')) }