powershell Get-Process with ComputerName is missing Path - powershell

I want to get a list of processes under specific folder on some remote machine and kill them. However, if I add -ComputerName, Get-Process does not return Path as desired, thus I cannot Where with Path. Is there a way to Get-Process / Stop-Process on remote machine under a specific path?
// Paths are filled
PS C:\> Get-Process | Format-Table Name, Path
Name Path
---- ----
firefox C:\Program Files (x86)\Mozilla Firefox\firefox.exe
// Paths are empty
PS C:\> Get-Process -ComputerName localhost | Format-Table Name, Path
Name Path
---- ----
firefox

You could use Invoke-Command if Remoting is enabled on the remote server, and perform your action in the scriptblock of the command:
Invoke-Command -ComputerName remoteComputer -Script { param($pathFilter) Get-Process | ?{$_.Path -like $pathFilter} | Format-Table Name, Path } -Args "somefilter*"

I had a similar case that I resolved by using x64 version of powershell.

Related

Using PowerShell Invoke-Command not providing same IIS info when commands ran locally trying to get SSLBinding

I can't for the life of me figure out how to get my code to work remotely to show the same information it's showing when ran locally.
For example, if I run the command locally on a web server:
Get-ChildItem IIS:SSLBindings
I get the following results:
But if I run the command remotely using the following code:
Invoke-command -computer $Computer { Import-Module WebAdministration; Get-Childitem -Path IIS:\SslBindings }
I get this result:
I don't understand why the Sites info is blank, or just showing '...'.
I've tried all sorts of different variations/scriptblocks, but the results are always the same.
Anyone have any idea as to what I'm doing wrong or how I can remotely pull this information correctly?
I feel like there may be a better way to do this because this feels a bit clunky, but regardless, it works...
Here's the command I am using to gather this info remotely:
$SSLCertInUseInfo = Invoke-command -computer $Computer {
Import-Module WebAdministration; Get-Childitem -Path IIS:\SslBindings | Select IPAddress, Host, Port, Store,
#{ Name = 'Site'; Expression = { $_ | select -property Sites -expandproperty Sites | Select-Object -ExpandProperty "Value" } }
} | Select -Property * -ExcludeProperty PSComputerName, RunSpaceID, PSShowComputerName
The result is:
Why this particular property is an issue: The cause for this is how the value for Sites is generated. This particular property happens to be a "ScriptProperty," which means it's pulled by a script defined in the WebAdministration module. That script is executed behind the scenes transparently. Unfortunately, ScriptProperties often don't survive the deserialization process when accessed through PSRemoting.
So, how do you find out if the property is a ScriptProperty? Check the member definitions by piping your command to Get-Member.
When run locally, you can see that the Sites member type is a ScriptProperty and the definition shows the start of the script it runs to fetch the data.
PS C:\> Get-Childitem -Path IIS:\SslBindings | Get-Member Sites
TypeName: System.Management.Automation.PSCustomObject
Name MemberType Definition
---- ---------- ----------
Sites ScriptProperty System.Object Sites {get=$ip = [string]::empty...
When run remotely, you can see the type changes to one prefixed with "Deserialized," the member type is now a NoteProperty, and the definition changes to a string with no value.
PS C:\> Invoke-Command -ComputerName $Computer { Import-Module WebAdministration;Get-Childitem -Path IIS:\SslBindings } | Get-Member Sites
TypeName: Deserialized.System.Management.Automation.PSCustomObject
Name MemberType Definition
---- ---------- ----------
Sites NoteProperty System.String Sites=
How to solve the problem: The easiest way to get the desired value is to use calculated properties to convert the output to something that can be sent back. Similar to this answer, but a little more compact:
Invoke-Command -ComputerName $Computer {
Import-Module WebAdministration; Get-Childitem -Path IIS:\SslBindings |
Select-Object IPAddress, Port, Host, Store, #{Name="Sites"; Expression={($_).Sites.Value}} } |
Select-Object * -ExcludeProperty PSComputerName, RunSpaceID, PSShowComputerName
Output:
IPAddress : ::
Port : 443
Host :
Store : MY
Sites :
IPAddress : 0.0.0.0
Port : 443
Host :
Store : My
Sites : Default Web Site

Saving Active Directory Configuration settings to a file

I'm using my machine to run a script on the Domain Controller server using Enter-PSSession. It all works except, I can't save the outputs from the script on my local machine.
I want to save the outputs from the script as objects in my local machine in a csv format (Not on the Domain Controller server).
What I'm trying to do is save results from running commands like Get-ADDomainController etc..
Can someone please help me with this?
As for this …
I can't save the outputs from the script on my local machine.
… sure you can. Just create a log file as part of your session and copy that file back to your workstation for review, or just use the *-Transcript cmdlets to that creates a file automatically that you can copy over. The transcript will record everything that happens in the sessions.
Get-Command -Name '*transcript*' | ft -a
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Start-Transcript 3.0.0.0 Microsoft.PowerShell.Host
Cmdlet Stop-Transcript 3.0.0.0 Microsoft.PowerShell.Host
# get function / cmdlet details
(Get-Command -Name Start-Transcript).Parameters
Get-help -Name Start-Transcript -Full
Get-help -Name Start-Transcript -Online
Get-help -Name Start-Transcript -Examples
Or, don't use the interactive Enter-PSSession (explicit PowerShell Remoting) that puts you directly on the DC. Use a Implicit PSRemoting session, using New-PSSession and proxy the AD cmdlets to your machine for use.
$SessionAD = New-PSSession -ComputerName ''dc01.contoso.com
Invoke-Command $SessionAD -Command {Import-Module ActiveDirectory}
Import-PSSession $SessionAD -Module ActiveDirectory | Out-Null
$ADUSers = Get-ADuser -Filter *
$var = $ADUSers | Select-Object -Property Name, SamaccountName | Out-GridView -OutputMode Single
$GroupsMember = Get-ADUser -Filter ('Name -eq "' + $var.Name + '"') -Property MemberOf |
Select -ExpandProperty MemberOf |
Get-ADGroup -Property MemberOf |
Select Name
$GroupsMember
Get-PSSession | Remove-PSSession
Then you can run ADDS cmdlets as if they are actually on your machine and results are on your machine, or if you are on Window 8 or higher, just download and install (Win 7 - 8) / enable the RSAT tools (Win 10) directly and use them.
Remoting the Implicit Way
PowerShell Implicit Remoting: Never Install a Module Again
Also, take a look and Invoke-Command for running command locally or remotely.

Get-WMIObject returning multiple responses in a script, only one when run alone

I'm trying to script powershell to reach out to all AD Computers and pull a list of shares. I'm seeing some strange behavior with Get-WMIObject.
The script:
Import-Module ActiveDirectory
$Computers = Get-ADComputer -Filter * -SearchBase "Some OU" |
Where-Object {
$_.Name -match "-LT$" -or
$_.Name -match "-PC$" -or
$_.Name -match "-VPC$"
} |
Select-Object Name -ExpandProperty Name |
Sort
$Computers | ForEach-Object {
Write-Host $_
Write-Host "========================="
Get-WMIObject -Class Win32_Share -Computer $_
}
Normally, the output from the gwmi command looks like this:
Name Path Description
---- ---- -----------
ADMIN$ C:\Windows Remote Admin
C$ C:\ Default share
IPC$ Remote IPC
But instead, for that same computer I get this output:
...
[Computername]
=========================
Name Path Description
---- ---- -----------
ADMIN$ C:\WINDOWS Remote Admin
C$ C:\ Default share
IPC$ Remote IPC
print$ C:\WINDOWS\system32\spool\drivers Printer Drivers
ADMIN$ C:\WINDOWS Remote Admin
C$ C:\ Default share
IPC$ Remote IPC
print$ C:\WINDOWS\system32\spool\drivers Printer Drivers
ADMIN$ C:\Windows Remote Admin
C$ C:\ Default share
IPC$ Remote IPC
...
These two outputs are from the same computer. I've also output the computer name list, and I'm not missing a computer, so I don't think that they were combined.
Any clues?

Finding path of process on remote machine

You can use the following in Powershell to obtain the full path to where a specific process is running:
Get-Process | where{$_.Name -like "*iexplore*"} | Select Path
If I want to find this path for a service on a remote machine, I thought I could just utilise the following:
Get-Process -ComputerName $MyServer | where{$_.Name -like "*iexplore*"} | Select Path
However, this doesn't return anything. I can see that I can find the service itself with some details on current usage etc. but I cannot find the path for where the .exe file is located. (I also noticed I cannot see how many CPUs the process is using either).
Is there a way to find the path for the process?
Get-Process missing this, but you can use WMI:
Get-WmiObject -Class win32_process -ComputerName $MyServer -Filter 'name like "%iexplore%"' | select path

Local path from shared path: Powershell

How to find the local path of a shared path.
My shared path is \\somemachine\shared\scripts\testing
Its local path is D:\myshares\scripts\testing
Thanks!
Using WMI, you can get a list of shares with their local path equivalents:
PS C:\> gwmi Win32_Share
Name Path Description
---- ---- -----------
ADMIN$ C:\Windows Remote Admin
C$ C:\ Default share
IPC$ Remote IPC
You would just need to match up the Name property to your share path, then replace it to get the local path on that server using the Path property of the results:
$name = "shared"
$share = (gwmi Win32_Share | ? { $_.Name -eq $name }
$path = $share.Path + "\scripts\testing"
Note: You can also pass the -ComputerName parameter to the gwmi cmdlet to run the command against another computer. You may also need to pass the -Credential parameter to supply valid credentials.
Just in case you don't have access to WMI, this can also be accomplished using the net command:
PS C:\> net share
Share name Resource Remark
------------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
The command completed successfully.