I run this command in my windows 10 powershell:
wmic path win32_physicalmedia get SerialNumber
get result with normal user permission:
SerialNumber
ACE4_2E81_7004_1B90.
get result with administrator permission:
SerialNumber
EJ82N176910102N4Q
I think EJ82N176910102N4Q is correct.
Why the two results are different?
Is there a way to convert ACE4_2E81_7004_1B90. to EJ82N176910102N4Q?
The command Get-WMIObject win32_physicalmedia|Format-List Tag,SerialNumber has the same problem.
Related
We have a windows service which is running under a account that is not part of local admin. With in the service we call a powershell file using processstartinfo. With in powershell file we call the WMI class
"$AVGCPU = Get-WmiObject win32_processor | Measure-Object -property LoadPercentage -Average | Select-object -expand Average"
The above code always returns 0. When i make the user as local admin then the cpu usage value is returned. Also when i run the same code in powershell launched under the same user account (without giving local admin privileges), i am able to get the value for CPU usage. Its only when the cmdlets is called from windows service i am getting this problem. Due to security restriction, i cannot make the user as local administrator. Any idea what rights should be given to the user that WMI class return value when called from windows service.
So I need to clear a user's run dialog history which I can do perfectly fine with "reg delete HKEY_CURRENT_USER\Software\Windows etc..." from an elevated powershell window on the logged in user's machine, but what I'm looking to do is that same command but from a SYSTEM powershell process. I have already used psexec to create a powershell window which runs as SYSTEM, but because you can't just use HKEY_CURRENT_USER as SYSTEM with the same results, I am finding it quite difficult. If I could just run that command but as username\Administrator then I wouldn't have this problem.
Also to note, if I can somehow grab the username of the logged on user (from SYSTEM still) in one line in plain text (with no other output in sight), then I can store the username in a variable and convert that to an SID and use HKEY_USERS instead.
P.S. Don't ask why I'm running powershell as SYSTEM, I know what I'm doing :D
you can use get-process under the system context powershell and filter where explorer.exe process is running, get the account it is running under then use to convert to SID and go through the registry.
something like this assuming only 1 explorer.exe process is running which is the norm on windows client OS.
$proc = Get-CimInstance Win32_Process -Filter "name = 'explorer.exe'"
$owner = Invoke-CimMethod -InputObject $proc -MethodName GetOwner
$username = $owner.user
$username will contain the user, $owner will also contain domain and a few other things.
to convert to sid
$objUser = New-Object System.Security.Principal.NTAccount($owner.Domain, $owner.User)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value
I have few Windows Server 2012 R2 with RDS installed and I need to have function which returns array or object with users and their session IDs on specified server. I need to run this function with non-admin permissions. On the session hosts I ran this command:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\group",2
...so the users have elevated permissions and now they can use RDS shadowing through command line. The ID which I need is the session ID which I can get for example from command "quser". The best solution will be if I will have function which returns array (with logged on users on the specific server) like this (or something similar, maybe object):
LOGIN ID
user1 -> 3
user2 -> 4
user3 -> 5
I don't know if this function or these commands will solve my problem, however I tried them and this was the result:
I tried this:
http://gallery.technet.microsoft.com/scriptcenter/Get-UserSessions-Parse-b4c97837
but the command returns nothing.
This command:
WMIC /NODE:<COMPUTERNAME> COMPUTERSYSTEM GET USERNAME
returns only "UserName" and this:
Get-WmiObject Win32_ComputerSystem | Select UserName
..returns only "UserName" with underlines. I tried a lot of variations of WMI commands, but with similar results.
There's probably a half dozen scripts in various repositories around the 'net to do that.
I use this one:
http://gallery.technet.microsoft.com/scriptcenter/0e43993a-895a-4afe-a2b2-045a5146048a
gwmi -query "Select * from Win32_LogonSession where LogonType = 2" |
% {
$user = $_
gwmi -query "Associators of {$user} Where AssocClass=Win32_LoggedOnUser" | select *
}
So I'm trying to use the PS script found at http://gallery.technet.microsoft.com/scriptcenter/Get-product-keys-of-local-83b4ce97#content to pull Windows product keys from my domain remotely. However, when it hits a host it returns Exception calling “OpenRemoteBaseKey” with “2″ argument(s): “The network path was not found” instead of the product key. It should also be noted that this works locally. After poking around at the internals of the script, it seems like the offending line is
$remoteReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,$Computer)
Research (because I'm totally new to PoSH) indicates that this type of error gets thrown when remote registry access isn't working. Trying to hook into the registry on my test target via regedit shows that I need to have Windows Firewall: Allow inbound remote administration exception set to enabled in Group Policy. I set it and then pulled the updated policy down to the same result. What other stuff might be getting in the way of my connection?
I would recommend using PSRemoting over using the remote registry. Assuming this is set up, all you would have to do is:
$computers = #('localhost')#list of computers
#unless you are currently logged in as a domain admin
# you will need to provide credentials
$cred = Get-Credential domain\administrator
Invoke-Command -Credential $cred -ComputerName $computers -ScriptBlock {
function Get-ProductKey{
#from http://gallery.technet.microsoft.com/scriptcenter/Get-product-keys-of-local-83b4ce97
}
get-ProductKey
}| ft Computername,OSDescription,OSVersion,ProductKey
This will print out the following output:
Computername OSDescription OSVersion ProductKey
------------ ------------- --------- ----------
%name% Microsoft Windows 8 Pro 6.2.9200 XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
I used the following command through powershell, ran it as admin:
wmic /user:jc1_admin /node:pc00202 os get "SerialNumber"
Alright, I've tried to figure this out, but figured it's time to ask the interwebs. I'm wondering if this is a bug or what.
I'm trying to start jobs against multiple computers to determine which database names reside on them.
My Computer1 system setup is: Powershell 2.0, Windows 2k3 Enterprise x64
On Computer1 I can run:
Start-Job -scriptblock {gwmi -query "select * from win32_computersystem" -ComputerName "Computer2"}
And the job will be stuck in a state of "Running" forever. But not if I run the same command outside the job's script block in the shell.
I've tried this exact setup here with a local admin's (vs my domain) credentials, but same result. It doesn't work for me for some reason.
I've tried building a custom WMI dotnet object that doesn't use gwmi, but I get the same result!
The -asjob parameter?:
This is not a solution.
When using this parameter, the powershell window crashes at around 2GB memory used on a 12GB system; Whereas I can use start-job all the way to 12GB without problems. I might as well run every query in serial fashion.
Also, memory is never reclaimed when using the -Asjob parameter on Gwmi, so no further jobs can continue; even after running "remove-job * -force" or "[GC]::Collect()", the memory consumption for powershell.exe stubbornly remains the same (again, unlike start-job).
Since SQL instance names vary, the wmi class names vary. So I need to run multiple query commands against multiple classes. While is technically doable, its more complex and, given the above memory requirements, limited to 2gb. I'm hoping someone will just know how to make start-job work like it should.
So about the only thing I haven't tried is maybe I have to specify the authority parameter?
I use Invoke-Command -asJob for this :
PS C:\> Invoke-Command -ComputerName "WM2008R2ENT" -ScriptBlock {gwmi -query "select * from win32_computesystem"} -AsJob
Id Name State HasMoreData Location Command
-- ---- ----- ----------- -------- -------
1 Job1 Running True wm2008r2ent gwmi -query "select * ...
PS C:\> Get-Job
Id Name State HasMoreData Location Command
-- ---- ----- ----------- -------- -------
1 Job1 Completed True wm2008r2ent gwmi -query "select * ...
PS C:\Développements> Receive-Job 1
Domain : dom.fr
Manufacturer : VMware, Inc.
Model : VMware Virtual Platform
Name : WM2008R2ENT
PrimaryOwnerName : Utilisateur Windows
TotalPhysicalMemory : 683139072
PSComputerName : wm2008r2ent
You can replace the machine name by a list of machines. Don't try to code again '-Computername in the CmdLets you are using in the script block.
(Edited)
I try you command line and it works for me from a client Windows Seven (64 Bits) to a W2K3 (32 bits)
My client is NOT in the domain of the server and I use domain admin credentials.
Have you made the test from a 32Bit Powershell or a 64 Bits Powershell ?
Do you try to stop WMI service on remote machine and clean the WMI database, it's sometime suitable when you made too much tests on a WMI server (with events for example).