Windows/powershell: Unterschied zwischen den Versionen

Aus SchnallIchNet
Wechseln zu: Navigation, Suche
(5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 36: Zeile 36:
  
  
== get/set netconn
+
== get/set netconnectionprofile ==
  
 
<pre>
 
<pre>
Zeile 62: Zeile 62:
  
 
  Netdom Query Fsmo
 
  Netdom Query Fsmo
 +
 +
 +
 +
== get last logon user ==
 +
 +
RPC-Call:
 +
 +
(Get-WmiObject -Class win32_process -ComputerName $c | Where-Object name -Match explorer).getowner().user
 +
  
  
Zeile 83: Zeile 92:
  
 
  w32tm /config /syncfromflags:manual /manualpeerlist:"time.domain.tld time2.domain.tld" /reliable:yes /update
 
  w32tm /config /syncfromflags:manual /manualpeerlist:"time.domain.tld time2.domain.tld" /reliable:yes /update
 +
 +
Sync with timeservers:
 +
 +
w32tm /resync /force
  
 
== Get Service names ==
 
== Get Service names ==
Zeile 127: Zeile 140:
 
  Get-ADComputer -SearchBase 'OU=Build,OU=MemberServers,dc=europe,dc=arifleet,dc=com' -Filter '*'
 
  Get-ADComputer -SearchBase 'OU=Build,OU=MemberServers,dc=europe,dc=arifleet,dc=com' -Filter '*'
  
 +
 +
== DNS ==
 +
 +
=== set secure zone transfer servers ===
 +
 +
For all Zones:
 +
 +
Get-DnsServerZone | Select-Object zonename | Set-DnsServerPrimaryZone -SecureSecondaries TransferToSecureServers  -SecondaryServers <IP-1>,<IP-2>,<IP-n>
  
  
Zeile 159: Zeile 180:
 
== get .Net Version installed ==
 
== get .Net Version installed ==
  
  wmic /namespace:\\root\cimv2 path win32_product where "name like '%%.NET%%'" get version
+
  wmic /namespace:\\root\cimv2 path win32_product where "name like '%%.NET%%'" get name,version
 
+
  
 
== get ACL folder permissions ==
 
== get ACL folder permissions ==
  
 
  get-acl C:\folder | Format-List
 
  get-acl C:\folder | Format-List
 +
 +
 +
 +
== get/set/copy NTFS permissions ==
 +
 +
Copy some folder eg. E:\Data to F:\DataNew <br/>
 +
<br/>
 +
Since the old and new foldernames differ, we'll have to get the permissions of the root folder:
 +
 +
cd E:\data
 +
icacls . /save ..\DATA-root_perms.txt /c
 +
 +
now we tell icacls that it should get the content of our root folder and traverse (/t) through folder-structure:
 +
 +
icacls .\ /save ..\DATA_perms.txt /c /t
 +
 +
now we have 2 permission files which we can restore on the new folder:
 +
 +
cd F:\DataNew
 +
icacls . /restore E:\DATA-root_perms.txt /c
 +
icacls .\ /restore E:\DATA_perms.txt /c
 +
 +
If you have the same folder name, e.g. you copy from E:\data to F:\data you can do this:
 +
 +
cd e:
 +
icacls .\Data /save .\DATA_perms.txt /c /t
 +
icacls F: /restore E:\DATA_perms.txt /c
 +
 +
where:
 +
 +
/t    Traverse through folders
 +
/c    Continue on errors
  
  

Version vom 7. Dezember 2018, 08:54 Uhr

Snippets for powershell
Note that Exchange-related powershell commands should be listed here

execution policy

Set-ExecutionPolicy Unrestricted

possible values:

help about_Execution_Policies


external AD-snapin

http://software.dell.com/products/active-roles/powershell.aspx

Nach der Installation dann mit folgendem command einbinden:

Add-PSSnapin Quest.ActiveRoles.ADManagement

Und damit kannst du dann tolle Sachen machen wie:

Get-QADGroup -ContainsMember username


get loadable modules

Get-Module -ListAvailable


import system modules

ImportSystemModules


get/set netconnectionprofile

PS C:\> Get-NetConnectionProfile

Name : arifleet.com
InterfaceAlias : Internal
InterfaceIndex : 1
NetworkCategory : DomainAuthenticated
IPv4Connectivity : LocalNetwork
IPv6Connectivity : LocalNetwork

Name : Network
InterfaceAlias : Internet
InterfaceIndex : 3
NetworkCategory : Public
IPv4Connectivity : LocalNetwork
IPv6Connectivity : LocalNetwork

PS C:\> Set-NetConnectionProfile -InterfaceIndex 3 -NetworkCategory Private


get primary DC (PDC)

Netdom Query Fsmo


get last logon user

RPC-Call:

(Get-WmiObject -Class win32_process -ComputerName $c | Where-Object name -Match explorer).getowner().user


timeserver settings

query source servers:

w32tm /query /source


set source servers:

net stop w32time; 
w32tm /config /syncfromflags:manual /manualpeerlist:10.2.8.3;
w32tm /config /reliable:yes;
net start w32time;

Without stopping w32time:

w32tm /config /syncfromflags:manual /manualpeerlist:"time.domain.tld time2.domain.tld" /reliable:yes /update

Sync with timeservers:

w32tm /resync /force

Get Service names

Get-Service | Where-Object {$_.displayName.StartsWith("watch")} | Select name


get services and run state:

Get-Service | Where-Object {$_.displayName.contains("smartFIX ")}


get list of services that start with watch* (case sensitive)

Get-Service | Where-Object {$_.displayName.StartsWith("watch")} | Start-Service
Get-Service | Where-Object {$_.displayName.StartsWith("watch")} | Stop-Service
Get-Service | Where-Object {$_.displayName.StartsWith("watch")} | Restart-Service


Get Group Memberships of AD-Object

Get-ADPrincipalGroupMembership -identity <USER>


Search/Filter Users

Get-ADUser reference: @M$

Get-ADUser -Filter * -Properties DisplayName, EmailAddress, Title -SearchBase 'OU=Fleetservices User,DC=fleetservices,DC=intra' \
-Server 'Fleetservices.intra'

or export result to CSV-File

Get-ADUser -Filter * -Properties DisplayName, EmailAddress, Title -SearchBase 'OU=HPI,DC=fleet,DC=int' \
-Server 'Fleet.int' | Export-CSV c:\temp\FleetInt.csv

get logon scripts of ad-users:

Get-ADUser -filter * -SearchBase "OU=Eschborn,OU=UserAccounts,OU=Accounts,DC=europe,DC=arifleet,DC=com" \
-properties name,scriptpath | select name,scriptpath

Search/Filter Computers

Get-ADComputer -SearchBase 'OU=Build,OU=MemberServers,dc=europe,dc=arifleet,dc=com' -Filter '*'


DNS

set secure zone transfer servers

For all Zones:

Get-DnsServerZone | Select-Object zonename | Set-DnsServerPrimaryZone -SecureSecondaries TransferToSecureServers  -SecondaryServers <IP-1>,<IP-2>,<IP-n>


robocopy

robocopy F:\SOURCE D:\DESTINATION\ /MIR /FFT /Z /W:5 /tee /log:RobocopySync.log
  1. /MIR specifies that robocopy should mirror the source directory and the destination directory. Beware that this may delete files at the destination.
  2. /FFT uses fat file timing instead of NTFS. This means the granularity is a bit less precise.
  3. /W:5 reduces the wait time between failures to 5 seconds instead of the 30 second default.
  4. /Z ensures robocopy can resume the transfer of a large file in mid-file instead of restarting.
  5. /XA:H makes robocopy ignore hidden files, usually these will be system files that we’re not interested in.
  6. /log:RobocopySync.log write output into logfile instead stdout. Use in combination with /tee to get output to stdout AND logfile
  7. /COPY:copyflag[s] what to COPY for files (default is /COPY:DAT). (copyflags : D=Data, A=Attributes, T=Timestamps). (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).


set thumbnail-image

from an exchange server

Import-RecipientDataProperty -Identity dSchlenzig -Picture -FileData \
([Byte[]]$(Get-Content -path ".\thumb-DOMARI.jpg"  -Encoding Byte -ReadCount 0))


from an AD

$photo = [byte[]](Get-Content path of pic -Encoding byte)
Set-ADUser username -Replace @{thumbnailPhoto=$photo}


get .Net Version installed

wmic /namespace:\\root\cimv2 path win32_product where "name like '%%.NET%%'" get name,version

get ACL folder permissions

get-acl C:\folder | Format-List


get/set/copy NTFS permissions

Copy some folder eg. E:\Data to F:\DataNew

Since the old and new foldernames differ, we'll have to get the permissions of the root folder:

cd E:\data
icacls . /save ..\DATA-root_perms.txt /c

now we tell icacls that it should get the content of our root folder and traverse (/t) through folder-structure:

icacls .\ /save ..\DATA_perms.txt /c /t

now we have 2 permission files which we can restore on the new folder:

cd F:\DataNew
icacls . /restore E:\DATA-root_perms.txt /c
icacls .\ /restore E:\DATA_perms.txt /c

If you have the same folder name, e.g. you copy from E:\data to F:\data you can do this:

cd e:
icacls .\Data /save .\DATA_perms.txt /c /t
icacls F: /restore E:\DATA_perms.txt /c

where:

/t     Traverse through folders
/c     Continue on errors


SCCM Related

Pull pending updates and install

function Get-CMMissingUpdate {

param (
$computer = "localhost"
)

    Get-WmiObject -Query "SELECT * FROM CCM_SoftwareUpdate" -Namespace "ROOT\ccm\ClientSDK" -ComputerName $computer

}


function Install-CMMissingUpdate {

param (
$computer = "localhost"
)

    ([wmiclass]'ROOT\ccm\ClientSDK:CCM_SoftwareUpdatesManager').InstallUpdates([System.Management.ManagementObject[]] (
     Get-WmiObject -Query 'SELECT * FROM CCM_SoftwareUpdate' -namespace 'ROOT\ccm\ClientSDK'))

}