Is there a way to find or list if a specific process is runing in all servers in my domain using powershell?
For exemple, I would like to list all servers in my domain that is running "abc.exe"?
the CIM/WMI cmdlets can get the process list from remote systems [unless they are blocked]. i've only the one system to test with, but this will work with multiple systems listed in the ComputerName parameter.
if you have an older version of PoSh [pre-v-3, i think] you may need to use WMI instead of CIM.
$GCIMI_Params = #{
ClassName = 'CIM_process'
Filter = "Name = 'Firefox.exe'"
ComputerName = 'LocalHost'
}
Get-CimInstance #GCIMI_Params
that returned 7 firefox.exe processes - roughly the number of tabs i have open at the moment.
Related
i'm trying to develop a script that remove a domain user from local administrators group (i can use computer management from ad but its a graphical interface i need to do it with commands) for now i'm using invoke command to remotely connect to machines and remove their users from local admins group .
im using this command : Invoke-Command -ComputerName $line2.split(";")[0] -ScriptBlock { net localgroup "administrators" $using:notadmin /DELETE } -Credential $Cred
the problem here if a the machine is not online i need to wait until it will be online , i'm searching how to remove users from local group (administrators for example ) through ad
is there a command to do that ?
I see two approaches:
If you would like to use Group Policy, you may check for: Restricted groups.
https://www.petri.com/manage-local-active-directory-groups-using-group-policy-restricted-groups
Another option would be to incoroporate Test-Connection in your script, validating if computer is online. If it is - execute the script, if it is not, store it in another list with offline machines.
Then later run the script against the offline machine list ... and so on until all the computers are being covered.
P.S. And yes, as suggested in the commments, consider using remove-localgroupmember, if your powershell version support it.
Again, depends of the case.
Hope it helps!
$RemoteComputer = "yourComputer"
$Computer = [ADSI]("WinNT://$RemoteComputer,computer")
$Group = $Computer.PSBase.Children.Find("Administrators")
ForEach ($User in (Get-Content
"c:\users\administrator.domain\desktop\localadmin.txt"))
{ $Group.Remove("WinNT://$User")
}
i tired this code and it really helped me thnx for help
I can use Get-AppvClientPackage -all [| select name] or Get-WmiObject -Namespace root\appv -Class AppvClientPackage [|select name] to list all installed AppV packages installed on my own machine. It doesn't appear to be possible to use this cmdlet to get the AppV packages installed on another machine, without remote execution.
I am asking this question in hopes of finding something that works (see purpose) or get a definitive answer that it's not possible. There may be better options available (other than PS), but my question is simply if it is possible or not, so that if the latter is the case, we can push to develop a script (which could be run by someone with elevated privileges) to gather information needed.
Purpose: Our team doesn't have visibility into SCCM (that's another option is to have that team report on what is installed where, though sometimes we need answers quickly) and remote PS execution is restricted to one security team (which is understandable), but at times (for support or decommission purposes) we need to check to see if a specific client machine has a package installed, check what AppV packages a specific client has installed, as well as check to see which machines have a particular package installed.
If there is another module or cmdlet (or even something other than powershell or WMI) that might be able to yield the same information, suggestions are welcome.
Get-WmiObject utilizes RPC to connect to remote PCs and does not require PSRemoting. In this effort, all you need to do is add the -ComputerName parameter.
#Requires -Version 3
$Target = 'localhost'
$Params=#{
Namespace = 'root\appv'
Class = 'AppvClientPackage'
Property = 'Name'
ComputerName = $Target
}
Get-WmiObject #Params
PS C:\> Get-Help -Name 'Get-WmiObject' -Parameter 'ComputerName'
-ComputerName <String[]>
Specifies the target computer for the management operation. Enter a fully
qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote
computer is in a different domain than the local computer, the fully qualified
domain name is required.
The default is the local computer. To specify the local computer, such as in a
list of computer names, use "localhost", the local computer name, or a dot (.).
This parameter does not rely on Windows PowerShell remoting, which uses
WS-Management. You can use the ComputerName parameter of Get-WmiObject even if
your computer is not configured to run WS-Management remote commands.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
On XenApp 6.x servers, there was a cmdlet like this:
GET-XAApplication -ServerName servername
I used to open a PSSession on the adminserver, then got all servers with GET-XAServer and then I simply did the Application command in a foreach loop, where the ServerName parameter was the servername from XAServer. Now I want to do the same on Version 7, but I can't figure out how it works.
I installed all new cmdlets for the newer Version. I found out I can get the Applications with GET-Brokerapplication - but I can't pass a parameter to tell the command from which server I want to grab them, so I can only grab them from my admin server.
Maybe someone can help me? I've already looked at the documentation (https://docs.citrix.com/de-de/xenapp-and-xendesktop/7-6/cds-sdk-wrapper-rho/xad-commands/citrix-broker-admin-v2-wrapper-xd76/get-brokerapplication-xd76.html) but I can't find a parameter who allows me to do what I want. MaybeI'm looking at the wrong cmdlet?
I would be really happy if someone has a advise for me.
In XenApp 6.x there were Worker Groups and you should have been publishing applications for Worker Groups instead of individual servers. Then you can enumerate Worker Groups and Applications:
$wgs = Get-XAWorkerGroup
foreach ($group in $wgs) {
$apps = Get-XAApplication -WorkerGroupName $group
}
In XenApp 7.x WorkerGroups are replaced by Delivery Groups and you can enumerate them and associated applications:
$groups = Get-BrokerDesktopGroup
foreach ($group in $groups) {
$apps = Get-BrokerApplication -AssociatedDesktopGroupUid $group.UID
}
When I query WMI (by any method so far) for printers:
select * from Win32_Printer
I get normal results. When I try to query for ports:
select * from Win32_TCPIPPrinterPort
the query "succeeds" but I get no results. There are over 100 ports on this server, but neither prnport.vbs, wbemtest, powershell, or my own code are getting any results.
Operating system in 2003R2 and the user has admin privs.
Turns out that local ports (and consequently redirected locals like ghostscript etc) are NOT listed by this WMI query. They are stored directly in the registry. This means that normal scripting to migrate these printer parameters will get the printers but not the port information.
They are stored in:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Redirected Port\Ports
Live and learn.
I have a couple print servers with many queues on them and they are running on MS Windows 2003. I required the port configuration as well. Namely queue and protocol. I nested the following commands in my foreach loop and I was able to get the data I needed:
$PrintQueue = (Get-ItemProperty -Path Registry::"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\$Queue" -Name Queue).Queue
$Protocol = (Get-ItemProperty -Path Registry::"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\$Queue" -Name Protocol).Protocol
$Queue variable in the path string above is the print queue variable in my foreach loop. Change it to the Print Queue name as needed or set the variable earlier in the code.
I also ran into print queues that did not have a Queue value set so I added a if statement to set one, which I required in order to feed this data to another script that installs the print queue on a 2012R2 server.
if($PrintQueue = $null){
$PrintQueue = 'Print'
}#if
Hope this helps.
So I'm trying to use the PS script found at http://gallery.technet.microsoft.com/scriptcenter/Get-product-keys-of-local-83b4ce97#content to pull Windows product keys from my domain remotely. However, when it hits a host it returns Exception calling “OpenRemoteBaseKey” with “2″ argument(s): “The network path was not found” instead of the product key. It should also be noted that this works locally. After poking around at the internals of the script, it seems like the offending line is
$remoteReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,$Computer)
Research (because I'm totally new to PoSH) indicates that this type of error gets thrown when remote registry access isn't working. Trying to hook into the registry on my test target via regedit shows that I need to have Windows Firewall: Allow inbound remote administration exception set to enabled in Group Policy. I set it and then pulled the updated policy down to the same result. What other stuff might be getting in the way of my connection?
I would recommend using PSRemoting over using the remote registry. Assuming this is set up, all you would have to do is:
$computers = #('localhost')#list of computers
#unless you are currently logged in as a domain admin
# you will need to provide credentials
$cred = Get-Credential domain\administrator
Invoke-Command -Credential $cred -ComputerName $computers -ScriptBlock {
function Get-ProductKey{
#from http://gallery.technet.microsoft.com/scriptcenter/Get-product-keys-of-local-83b4ce97
}
get-ProductKey
}| ft Computername,OSDescription,OSVersion,ProductKey
This will print out the following output:
Computername OSDescription OSVersion ProductKey
------------ ------------- --------- ----------
%name% Microsoft Windows 8 Pro 6.2.9200 XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
I used the following command through powershell, ran it as admin:
wmic /user:jc1_admin /node:pc00202 os get "SerialNumber"