I'm trying to utilize WMI via PowerShell to run through SAN storage on remote servers to grab the Windows disk management volume label.
The only way I've found to do this is to correlate the volume device id (\\?\Volume{34243...} with the physical disk device ID (\\.\PHYSICALDRIVE01).
However, I haven't been able to find out how to link those two fields together. Is this possible with WMI?
For volumes that were assigned a drive letter you can correlate disks and volumes like this:
Get-WmiObject Win32_DiskDrive | ForEach-Object {
$disk = $_
$partitions = "ASSOCIATORS OF " +
"{Win32_DiskDrive.DeviceID='$($disk.DeviceID)'} " +
"WHERE AssocClass = Win32_DiskDriveToDiskPartition"
Get-WmiObject -Query $partitions | ForEach-Object {
$partition = $_
$drives = "ASSOCIATORS OF " +
"{Win32_DiskPartition.DeviceID='$($partition.DeviceID)'} " +
"WHERE AssocClass = Win32_LogicalDiskToPartition"
Get-WmiObject -Query $drives | ForEach-Object {
$driveLetter = $_.DeviceID
$fltr = "DriveLetter='$driveLetter'"
New-Object -Type PSCustomObject -Property #{
Disk = $disk.DeviceID
DriveLetter = $driveLetter
VolumeName = $_.VolumeName
VolumeID = Get-WmiObject -Class Win32_Volume -Filter $fltr |
Select-Object -Expand DeviceID
}
}
}
}
Otherwise it doesn't seem possible with WMI.
On Windows 8/Server 2012 or newer you could use the Get-Partition cmdlet, though:
Get-Partition | Select-Object DiskNumber, DriveLetter, #{n='VolumeID';e={
$_.AccessPaths | Where-Object { $_ -like '\\?\volume*' }
}}
I have done a script that collects the most important stuff from volume and disk WMI. its used with getting information from a Remote Desktop server where a lot of disks are mounted but can be hard to find who is using which disk. its using AD to query the user and connect it with the SID to find the file path. so its a matter of first collecting all the data from the different disk commands and then combine the outputs. the most important command to bind disk data with volume data is the get-partition that shows deviceid
Function Get-VHDMount {
[cmdletbinding()]
Param(
[Parameter(Position=0,ValueFromPipeline=$True)]
[ValidateNotNullorEmpty()]
[OBJECT[]]$Computername,
[STRING]$RDSPATH = '\\rdsprofiles'
)
foreach ($computer in $Computername) {
$RDSItems = (Get-ChildItem $RDSPATH -Recurse -Filter *.vhdx)
$VolumeInfo = invoke-command -ComputerName $computer -scriptblock {Get-Volume | select *}
$VHDMountInfo = Get-WmiObject Win32_Volume -ComputerName $computer |where Label -eq 'user Disk'
$partitioninfo = invoke-command -ComputerName $computer -scriptblock {Get-Partition | Select-Object DiskNumber, #{n='VolumeID';e={$_.AccessPaths | Where-Object { $_ -like '\\?\volume*' }}}}
foreach ($VHDmount in $VHDMountInfo) {
$adinfo = Get-ADUser ($VHDmount.name | Split-Path -Leaf)
[PSCUSTOMOBJECT]#{
Computername = $computer
username = $VHDmount.name | Split-Path -Leaf
displayname = $adinfo.name
SID = $adinfo.SID
deviceid = $VHDmount.deviceid
capacity = ([MATH]::ROUND(($VHDmount.capacity) / 1gb))
HealthStatus = ($VolumeInfo | where ObjectId -eq ($VHDmount.deviceid)).HealthStatus
DiskNumber = ($partitioninfo | where Volumeid -eq ($VHDmount.deviceid)).DiskNumber
Path = ($RDSItems | where fullname -like "*$($adinfo.SID)*").FullName
}
}
}
}
Related
I am creating a menu and have a option that displays the computer name and os version and a option that displays the disk space. I need to have the options to be done on a local or a remote machine. It works on the local machine but I am not sure how to allow the options to be done on a remote machine
'1' {
cls
Write-Host -NoNewLine "OS Version: "
Get-CimInstance Win32_OperatingSystem | Select-Object Caption | ForEach{ $_.Caption }
Write-Host ""
Write-Host -NoNewLine "Computer Name: "
Get-CimInstance Win32_OperatingSystem | Select-Object CSName | ForEach{ $_.CSName }
Write-Host ""
} '2' {
cls
gwmi win32_logicaldisk | Format-Table DeviceId, MediaType, #{n="Size";e={[math]::Round($_.Size/1GB,2)}},#{n="FreeSpace";e={[math]::Round($_.FreeSpace/1GB,2)}}
Since you have already mentioned that it is working in your local, I am not touching that part. Just wrap that entire code as a Function with $ComputerName as Parameters.
If you are in a domain admin or if you do not have any permission issue, then with the same credentials you can fetch the information remotely.
Use like this:
function Get-DiskInfo($drive,$computername)
{
##-- Local system Validation
if((gwmi win32_computersystem).Name -eq $computername)
{
$diskReport = Get-WmiObject Win32_logicaldisk
$drive = $diskReport | Where-Object { $_.DeviceID -eq $drive}
$result = #{
Size = $drive.Size
FreeSpace = $drive.Freespace
}
return $result
}
else
{
$diskReport = Get-WmiObject Win32_logicaldisk -ComputerName $ComputerName
$drive = $diskReport | Where-Object { $_.DeviceID -eq $drive}
$result = #{
Size = $drive.Size
FreeSpace = $drive.Freespace
}
return $result
}
}
Call the function:
Get-DiskInfo C: localhost
Since you are using all WMI calls , you do not need to use Invoke-Command.
You can directly use the -ComputerName switch present in the get-wmiobject to fetch all the details remotely and you can pass the specific credentials also as -credential
Hope it helps you understand the logic.
I am using Invoke-WMIMethod to identify all SIDS beginning with S-1-5-21, like so (thanks to Mathias R. Jessen):
$Keys = Invoke-WmiMethod -Path $ClassPath -Name EnumKey -ArgumentList 2147483651,''
| Select-Object -ExpandProperty sNames | Where-Object {$_ -match 'S-1-5-21-[\d\-]+$'}
I want to convert these SIDs from the remote system to usernames on the remote system using WMI. Is this possible through WMI or Invoke-WmiMethod?
You can use the Win32_SID class to obtain the account name:
foreach($Key in $Keys)
{
$SID = [wmi]"\\$RemoteComputer\root\cimv2:Win32_SID.SID=$Key"
New-Object psobject -Property #{
SID = $Key
Username = $SID.ReferencedDomainName,$SID.AccountName -join '\'
}
}
Rather than grabbing from the registry you could get the same information from the Win32_UserProfile provider. Then if folder name is good enough, consider something like this:
$Computer = "ExampleComputer"
Get-WMIObject Win32_UserProfile -Filter "SID like 'S-1-5-21-*'" -ComputerName $Computer |
select SID,#{name=LocalPath;Expression={Split-Path -leaf $_.LocalPath}}
Otherwise Win32_UserAccount exists but can be really slow with a large domain.
$Computer = "ExampleComputer"
$SIDs = Get-WMIObject Win32_UserProfile -Filter "SID like 'S-1-5-21-*'" -ComputerName $Computer | select -ExpandProperty SID
$UserAccounts = Get-WMIObject Win32_UserAccount -ComputerName $Computer
foreach ($SID in $SIDs) {
foreach ($Account in $UserAccounts) {
If ($SID -eq $Account.SID) {
$Account
}
}
}
First Post here. First off, I really have little experience with scripting, so thank you for your kindness.
I have a script I found that can somewhat get the drive letters that have shares on it
Push-Location
Set-Location 'HKLM:\SYSTEM\CurrentControlSet\services\LanmanServer\Shares'
Get-Item . |
Select-Object -ExpandProperty property |
ForEach-Object {
New-Object psobject -Property #{"property"=$_;"Value" = (Get-ItemProperty -Path . -Name $_).$_}
} |
Format-Table property, value -AutoSize
Pop-Location
The "value" results are long:
{CSCFlags=0, MaxUses=4294967295, Path=C:\location, Permissions=x...}
Ideally, all I need is the drive letter. Then I would like to use the drive letter found to see if Volume Shadow Copy is enabled on said drive.
The following will create an array of all drive letters on a target server and then check each using wmi to see if volume shadow storage is present.
# Specify host to check
$serverName = "localhost"
# Create an empty array to hold our drive letters
$driveLetterArray = #()
# Use wmi to get all share paths
(get-wmiobject win32_share -computername $serverName).path | foreach {
# Get just the drive letter of the share path
$driveLetter = $_.split(":")[0]
# Send drive letter to array if it doesn't already exist in that array
if (($driveLetter) -and ($driveLetterArray -notcontains $driveLetter)) {
$driveLetterArray += $driveLetter
}
}
# Check if that drive letter has shadowstorage
foreach ($letter in $driveLetterArray) {
# Clean up the letter variable so it will be able to match results from gwmi win32_volume
$letter = $letter + ":\"
$deviceID = (gwmi win32_volume -computername $serverName | Where-Object {$_.Name -eq $letter}).deviceID
# Clean up the deviceID variable so it will be able to match results from gwmi win32_shadowstorage
$deviceID = $deviceID.TrimStart("\\?\")
$deviceID = "Win32_Volume.DeviceID=`"\\\\?\\" + $deviceID + "\`""
$shadowQuery = gwmi win32_shadowstorage -computername $serverName | Where-Object {$_.Volume -eq $deviceID}
# Report findings to the user
if ($shadowQuery) {
"Volume shadow enabled on drive $letter"
} else {
"Volume shadow NOT enabled on drive $letter"
}
}
This is pretty horrible, and I'm sure there's a better way to address your problem, but the below effectively looks at your public shares, finds the drive letter, looks up the VolumeID for that drive letter and then checks to see if the VolumeID is present in the shadow copy config:
$paths = $(gwmi win32_share | ? {$_.name -notmatch '.*\$$' } | select -expandproperty path) -replace '([A-Z]:).*', '$1'
foreach($p in $($paths | sort-object -Unique)) {
$deviceId = gwmi win32_volume | ? { $_.driveletter -eq $p } | select -expandproperty deviceid
if( $(gwmi win32_shadowcopy | ? {$_.volumename -eq $deviceId }) ) {
Write-Host "$($p) Volume Shadow Copy enabled"
}
else {
Write-Host "$($p) No Volume Shadow Copy"
}
}
recently I took it upon myself to learn Powershell. It was a rough 2 weeks and a lot of reading but I'm getting better and better. I had some pressure at work to help with correcting our CMDB. We are about 7 months away from having a true Depolyment/Asset Management system in place. We have many reasons for relying on Powershell right now and we're trying to clean up a mess before we get the management system in. Anyway, I created a script that gets a lot of information for us. We have about 3000 objects/pcs and we need as much info as possible. Anyway, I created a script. So far it works well but I wanted some opinions from the experts or any advice. I feel like I did a decent job putting this together with only 2 weeks experiance but I really want to know what others think.
One thing I noticed: Windows 7 Boxes with IE9 and Up do not return a value for IE Version. Anyone know why?
Please see my code below:
Set-QADPSSnapinSettings -defaultSizeLimit 0
$FullPCList = (Get-QADComputer -SearchRoot $ou | Sort Name | select -expand name)
foreach ($computer in $FullPCList) {
ping -n 2 $computer >$null
if($lastexitcode -eq 0) { $Online = "Yes" } else { $Online = "No" }
$PCInfo = (Get-WmiObject -ComputerName $computer -Class Win32_ComputerSystem -ErrorAction SilentlyContinue)
$WinInfo = (Get-WmiObject -ComputerName $computer -Class Win32_OperatingSystem -ErrorAction SilentlyContinue)
$ram = ((Get-WmiObject -ComputerName $computer -Class Win32_PhysicalMemory -ErrorAction SilentlyContinue | Measure-Object Capacity -Sum).Sum / 1MB)
$bios = (Get-WmiObject -ComputerName $computer -Class Win32_Bios -ErrorAction SilentlyContinue)
$ie = (Get-Wmiobject -ComputerName $computer -namespace “root\CIMV2\Applications\MicrosoftIE” -query “select version from MicrosoftIE_Summary” -ErrorAction SilentlyContinue)
$freespace = ((Get-WmiObject -ComputerName $computer -Class Win32_LogicalDisk | Select Freespace | Measure-object Freespace -Sum).Sum / 1GB)
#Start uptime check
$LastBootUpTime = $WinInfo.ConvertToDateTime($WinInfo.LastBootUpTime)
$Time = (Get-Date) - $LastBootUpTime
$formattime = '{0:00}:{1:00}:{2:00}' -f $Time.Days, $Time.Hours, $Time.Minutes
#End Uptime Check
if ($WinInfo.Caption -match "Windows 7") {
$name = (Get-ChildItem -Path "\\$Computer\C$\Users" -Exclude "*Service*","*admin*","*Public*","*ffodero*","*jgalli*","*jwalters*","*frochet*" | Sort-Object LastAccessTime -Descending | Select-Object Name -First 1).Name
$loggedintime = (Get-ChildItem -Path "\\$Computer\C$\Users" -Exclude "*Service*","*admin*","*Public*","*ffodero*","*jgalli*" | Sort-Object LastAccessTime -Descending | Select-Object LastAccessTime -First 1).LastAccessTime
}
if ($WinInfo.Caption -match "Windows XP") {
$name = (Get-ChildItem -Path "\\$Computer\C$\Documents and Settings" -Exclude "*Service*","*admin*","*Public*" | Sort-Object LastAccessTime -Descending | Select-Object Name -First 1).Name
$loggedintime = (Get-ChildItem -Path "\\$Computer\C$\Documents and Settings" -Exclude "*Service*","*admin*","*Public*" | Sort-Object LastAccessTime -Descending | Select-Object LastAccessTime -First 1).LastAccessTime
}
$table = #{
Model = $PCInfo.Model
IEVersion = $ie.Version
Serial = $Bios.SerialNumber
Memory = $ram
DriveFreeSpaceGB = $freespace
Manufacturer = $PCInfo.Manufacturer
OSName = $WinInfo.Caption
Computer = $computer
Uptime = $formattime
LastloggedinUser = $name
LastLoggedinDate = $loggedintime
LoggedOnDuringScan = $PCInfo.Username
ServicePack = $WinInfo.ServicePackMajorVersion
Online = $Online
}
New-Object PSObject -Property $table | Export-Csv C:\logs\mother.csv -NoTypeInformation -Append
}
The namespace root\CIMV2\Applications\MicrosoftIE has been removed starting with Windows Vista (see note at the end of the blog post). You should be able to read the version number from the registry, though:
$hive = [UInt32]'0x80000002'
$key = 'SOFTWARE\Microsoft\Internet Explorer'
$reg = [WMIClass]"\\$computer\root\default:StdRegProv"
$ieVersion = $reg.GetStringValue($hive, $key, 'Version').sValue
I'm putting together a script that checks whether or not a logical drive is USB or an iSCSI target. And if it is ignore the drive letters associated.
Get-WmiObject win32_logicaldisk -Filter "DriveType='3'" |
where-object{$_.DeviceID -ne $usbletters -and $_.DeviceID -ne $iSCSIletters} | %
{$_.Name} | out-file $kreports\avail.txt
My issue is that when multiple drives are detected of the same type they are simply ignored by the not equal to option. I'm assuming I need to do some form of foreach loop?
If someone could point me in the right direction that would be fantastic!
Here's the full script.
#Variables and Arguments
$kreports = "C:\Kworking\reports"
# Create kworking Reports folder
if (!(Test-Path -path $kreports))
{New-Item $kreports -type directory}
# USB Drive check
$diskdrive = gwmi win32_diskdrive | ?{$_.interfacetype -eq "USB"}
$usbletters = $diskdrive | %{gwmi -Query "ASSOCIATORS OF
{Win32_DiskDrive.DeviceID=`"$($_.DeviceID.replace('\','\\'))`"} WHERE
AssocClass = Win32_DiskDriveToDiskPartition"} | %{gwmi -Query "ASSOCIATORS
OF {Win32_DiskPartition.DeviceID=`"$($_.DeviceID)`"} WHERE AssocClass =
Win32_LogicalDiskToPartition"} | %{$_.DeviceID}
# iSCSI Drive check
$iSCSIdrive = gwmi win32_diskdrive | ?{$_.model -match "iSCSI"}
$iSCSIletters = $iSCSIdrive | %{gwmi -Query "ASSOCIATORS OF
{Win32_DiskDrive.DeviceID=`"$($_.DeviceID.replace('\','\\'))`"} WHERE
AssocClass = Win32_DiskDriveToDiskPartition"} | %{gwmi -Query "ASSOCIATORS
OF {Win32_DiskPartition.DeviceID=`"$($_.DeviceID)`"} WHERE AssocClass =
Win32_LogicalDiskToPartition"} | %{$_.DeviceID}
# Disk Information
Get-WmiObject win32_logicaldisk -Filter "DriveType='3'" | where-object{$_.DeviceID -ne
$usbletters -and $_.DeviceID -ne $iSCSIletters} | %{$_.Name} | out-file
$kreports\avail.txt
# Fix Output Line Spacing
$InputFile = "$kreports\avail.txt"
$OutputFile = "$kreports\availdisks.txt"
$Writer = New-Object IO.StreamWriter "$OutputFile"
$Writer.Write( [String]::Join("`r`n", $(Get-Content $InputFile)) )
$Writer.Close()
The problem is that Win32_LogicalDisk's member DeviceID contains drive letter and colon. As the value is, say, C: and you test for equality against C, the where-object doesn't find anything.
Either include the colon on drive letters or use a regexp the Powershell way.
$disks = gwmi win32_logicaldisk -Filter "DriveType='3'"
# Select all devices that do not have deviceids a,b,c,k or l, followed by colon
$avail = $disks | ? { $_.DeviceID -notmatch "[abckl]:"}
# Do something with filtered results