I need to determine the users/sessions accessing a shared folder on a Windows XP (SP2) machine using a PowerShell script (v 1.0). This is the information displayed using Computer Management | System Tools | Shared Folders | Sessions. Can anyone give me pointers on how to go about this?
I'm guessing it will require a WMI query, but my initial search online didn't reveal what the query details will be.
Thanks, MagicAndi
I came up with the following script:
$computer = "LocalHost"
$namespace = "root\CIMV2"
$userSessions = Get-WmiObject -class Win32_ServerConnection -computername $computer -namespace $namespace
if($userSessions -ne $null)
{
Write-Host "The following users are connected to your PC: "
foreach ($userSession in $userSessions)
{
$userDetails = [string]::Format("User {0} from machine {1} on share: {2}", $userSession.UserName, $userSession.ComputerName, $userSession.ShareName)
Write-Host $userDetails
}
Read-Host
}
The following articles were useful:
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/filesfolders/sharedfolders/
http://www.computerperformance.co.uk/powershell/powershell_wmi_shares.htm
http://www.codeproject.com/KB/cs/NetWorkSpy.aspx?msg=2384830
As always, if you can't find a way to do it in PowerShell, see if someone has done something similar in C#.
I've modified it a bit to show hostname instead of IP:
$computer = "LocalHost"
$namespace = "root\CIMV2"
$userSessions = Get-WmiObject -class Win32_ServerConnection -computername $computer -namespace $namespace
if($userSessions -ne $null)
{
Write-Host "The following users are connected to your PC: "
foreach ($userSession in $userSessions)
{
$ComputerName = [system.net.dns]::resolve($usersession.computername).hostname
$userDetails = [string]::Format("User {0} from machine {1} on share: {2}", $userSession.UserName, $ComputerName, $userSession.ShareName)
Write-Host $userDetails
}
Read-Host
}
Related
I've recently created a little script that allows me to get the disk size and free space of 2 servers at each school site when I provide the script with the schools 4 digit site code.
First it pulls the information on the sites from a .csv file, and then uses that information to put together a string for the DC FQDN hostname, and the .10 server.
Then it requests the password for my elevated access account used to get the information on the disks.
I am having an issue where when the script creates the script block and then uses Invoke-Command and sends the script block to the servers, and provides back the PowerShell object with the information.
The error provided is as per below:
[{ServerName}] Connecting to remote server {ServerName} failed with the
following error message : WinRM cannot process the request. The following
error with errorcode 0x80090311 occurred while using Kerberos authentication:
There are currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does
not exist.
-The client and remote computers are in different domains and there is no trust
between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM
TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command:
winrm help config. For more information, see the about_Remote_Troubleshooting
Help topic.
+ CategoryInfo : OpenError: ({ServerName}:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AuthenticationFailed,PSSessionStateBroken
Things I've tried:
Resetting my password
Altering the Authentication type to Basic
Getting others to try the same thing - some have the same issue, others do not
Other users on my workstations also have the same issue
I re-imaged my workstation and it worked for a bit, but then stopped again as it appeared to stop after the device installed software updates, so I'm in the middle of uninstalling those updates, however two of them won't allow me to uninstall, I assume they're forced installs by Microsoft and required to be installed (The uninstall button disappears when selected) - KB4019472 and KB4049065.
Device is running Windows 10 1607 v14393.1944, PowerShell v5.1.
There is a one-way trust between the domain I am in and the domains the DC1 and MS10 (.10) are in, the domains trust us, but we don't trust the domains.
The account I use is local admin on the device via a nested AD Group, across all domains.
I'm not very understanding of Kerberos, so any help would be amazing.
The script is below:
Note: I've had to remove some parts, so I've filled the area with what would be there (i.e. {String} where there would just be standard text, and {FQDNServerName} where there would be a FQDN server name written as text, or {Region} where I would have had the region written as text}).
$csvSchoolsLoc = "{FQDNServerName}\SharedReports$\SchoolsExport.csv"
$Schools = Import-Csv $csvSchoolsLoc -Delimiter "`t" -Header LocCode,SchoolName,SchoolAddress,SchoolPhoneNumber,SchoolFaxNumber,SchoolOfficerInCharge,DistrictCode,DistrictNumeric,RegionCode,RegionNumeric,LSD,WANLinkType,RouterName,RouterIP,RouterStatus,OneSchemaGraphUrl,OneSchemaSiteUrl,SCCMSiteID,SiteAdminNetwork,ProxyServerIP,PrimaryDcName,PrimaryDcIP,PrimaryDcOS,PrimaryDcVersion,PrimaryDcPatch,Style
#Gets the users credentials for their GBN ZZ account - this is used throughout the script for authentication
$username = "{Region}\zz-$env:USERNAME"
$mycreds = Get-Credential -UserName $username -Message "Enter your password for {region}\zz-$env:USERNAME"
Clear-Host
Write-Host "What is the schools 4 digit site code?" -ForegroundColor Magenta
$Global:SiteCode = Read-Host
Function Main {
Clear-Host
$SchoolName = $schools | Where-Object {$_.LocCode -eq $SiteCode} | ForEach-Object SchoolName
$Region = $schools | Where-Object {$_.LocCode -eq $SiteCode} | ForEach-Object RegionCode
Write-Host "Getting details for: " -ForegroundColor Gray -NoNewline; Write-Host "$SchoolName - $SiteCode - ($Region)"-ForegroundColor Yellow
$DC1 = "{String}$($Region)$($SiteCode)001.$region.{String}.{String}.{String}"
$MS10 = "{String}$($Region)$($SiteCode)010.$region.{String}.{String}.{String}"
if (Test-Connection -ComputerName $DC1 -Count 2 -Delay 1 -Quiet) {
$DC1Run = $true
} else {
$DC1Run = $false
}
if (Test-Connection -ComputerName $MS10 -Count 2 -Delay 1 -Quiet) {
$MS10Run = $true
} else {
$MS10Run = $false
}
$ScriptBlock = {
$DiskCTotal = Get-WmiObject -Class Win32_LogicalDisk -Filter "DeviceID='C:'" -Impersonation 3 | ForEach-Object {$_.size / 1GB}
$DiskCFree = Get-WmiObject -Class Win32_LogicalDisk -Filter "DeviceID='C:'" -Impersonation 3 | ForEach-Object {$_.freespace / 1GB}
$DiskZTotal = Get-WmiObject -Class Win32_LogicalDisk -Filter "DeviceID='Z:'" -Impersonation 3 | ForEach-Object {$_.size / 1GB}
$DiskZFree = Get-WmiObject -Class Win32_LogicalDisk -Filter "DeviceID='Z:'" -Impersonation 3 | ForEach-Object {$_.freespace / 1GB}
return #{
'ZFreeSpace' = $DiskZFree
'CFreeSpace' = $DiskCFree
'ZTotalSize' = $DiskZTotal
'CTotalSize' = $DiskCTotal
}
}
if (($DC1Run -eq $true) -and ($MS10Run -eq $true)) {
$ServerDC1 = Invoke-Command -ComputerName $DC1 -Credential $mycreds -ScriptBlock $ScriptBlock
$ServerMS10 = Invoke-Command -ComputerName $MS10 -Credential $mycreds -ScriptBlock $ScriptBlock
#Clear-Host
Write-Host -ForegroundColor Yellow "$SchoolName - $SiteCode - ($Region)"
Write-Host -ForegroundColor Cyan "Server $DC1 - Domain Controller"
Write-Host "$([math]::round($ServerDC1.CFreeSpace,2)) GB free on C Drive (Total Size $([math]::round($ServerDC1.CTotalSize,2)) GB)"
Write-Host "$([math]::round($ServerDC1.ZFreeSpace,2)) GB free on Z Drive (Total Size $([math]::round($ServerDC1.ZTotalSize,2)) GB)"
Write-Host ""
Write-Host -ForegroundColor Cyan "Server $MS10 - Distribution Point"
Write-Host "$([math]::round($ServerMS10.CFreeSpace,2)) GB free on C Drive (Total Size $([math]::round($ServerMS10.CTotalSize,2)) GB)"
Write-Host "$([math]::round($ServerMS10.ZFreeSpace,2)) GB free on Z Drive (Total Size $([math]::round($ServerMS10.ZTotalSize,2)) GB)"
} else {
#Clear-Host
Write-Host -ForegroundColor Yellow "$SchoolName - $SiteCode - ($Region)"
Write-Host -ForegroundColor Cyan "Server $DC1 - Domain Controller"
if ($DC1Run) {
Write-Host "DC1 connection status is running" -ForegroundColor Green
} else {
Write-Host "DC1 connection status is down" -ForegroundColor Red
}
Write-Host ""
Write-Host -ForegroundColor Cyan "Server $MS10 - Distribution Point"
if ($MS10Run) {
Write-Host "MS10 connection status is running" -ForegroundColor Green
} else {
Write-Host "MS10 connection status is down" -ForegroundColor Red
if ($DC1Run -eq $true) {
$RDP = Read-Host -Prompt "Would you like to RDP to $DC1 'Y'"
if ($RDP -eq "Y") {
Start-Process -FilePath "$env:windir\System32\mstsc.exe" -ArgumentList "/v:$DC1" -Wait -WindowStyle Maximized
}
}
}
}
Write-Host ""
Write-Host "What is the next schools 4 digit site code? -or- Press Enter to retry the above site again" -ForegroundColor Magenta
$Entry = Read-Host
if ($Entry -eq "") {
# Do nothing
} else {
$Global:SiteCode = $Entry
}
}
$x = 0
do {
Main
} until ($x -gt 0)
EDIT: The uninstall of the software updates did not fix the issue, so unless it's something to do with those 2 updates that I can't uninstall it doesn't appear to be Software Updates.
It turns out that the domains I am trying to reach were not in my TrustedHosts config for WinRM.
By using the following command, I was able to add the domains (of which I have numerous) to the TrustedHosts using the '*' wildcard.
NOTE: I have replaced part of the domain with {String} where it would normally have part of the domain name for confidentiality reasons.
winrm set winrm/config/client #{TrustedHosts="<local>,*.{string}.edu.au"}
I am trying to run the below mentioned command in Server 2012 & it's pulling users from Administrators user group. But in Server 2008R2, it's pulling from entire domain
Get-WmiObject -Class Win32_GroupUser `
| where{$_.GroupComponent -like "*Administrators*"} `
|foreach {
$data = $_.PartComponent -split "\,"
$data[1].Remove(0,5).Replace('"','')
}
As you have guessed the issue is that win2008R2 has only PS 2.0.x. I think this command where{$_.GroupComponent -like "*Administrators*"} is not available at that version so it queries the whole AD as a fallback (that is a guess).
From your description I did not understand if you want to query local server or domain so I will enter both (all are functional on win2008R2 (PS version 2.0.50727)):
To query local admins and
#get servers by AD OU
If (!(Get-Module ActiveDirectory)) {
Import-Module ActiveDirectory
}
function get-localadmins{
[cmdletbinding()]
Param(
[string]$server
)
$group = get-wmiobject win32_group -ComputerName $server -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
$query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($group.name)'`""
$list = Get-WmiObject win32_groupuser -ComputerName $server -Filter $query
$list | %{$_.PartComponent} | % {$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}
}
get-localadmins 'your_server_name'
If your goal is to query the whole AD then you can use:
On windows 2008 R2 SP1 it can produce an error: System.DirectoryServices.AccountManagement.PrincipalOperationException: An error (1301) occurred while enumerating the groups. The group's SID could not be resolved.
You have to install a hotfix by Microsoft at: https://support.microsoft.com/en-us/help/2830145/sid-s-1-18-1-and-sid-s-1-18-2-cannot-be-mapped-on-windows-based-computers-in-a-domain-environment?wa=wsignin1.0%3Fwa%3Dwsignin1.0
The following code was taken from here: https://stackoverflow.com/a/8057025/6059896 (all credit to the author) - only changed the names of variables to fig my coding style.
$Recurse = $true
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$context_type = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$group_principal_identity=[System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($ct,'Administrators')
$group.GetMembers($Recurse)
I'm writing a script on HYPER-V host for getting VMs guest informations. Is there a way to get VMs Operating System name from Hyper-V using powershell?
There are several examples using (Get-WmiObject Win32_OperatingSystem -ComputerName $vmName).name but i should get this information directly from Hyper-V because of domain restrictions.
Also i'm using hyper-v module of powershell but i couldn't see any cmdlets related to OS.
This could be retrieved from guest intrinsic exchange items.
# Filter for parsing XML data
filter Import-CimXml
{
# Create new XML object from input
$CimXml = [Xml]$_
$CimObj = New-Object -TypeName System.Object
# Iterate over the data and pull out just the value name and data for each entry
foreach ($CimProperty in $CimXml.SelectNodes("/INSTANCE/PROPERTY[#NAME='Name']"))
{
$CimObj | Add-Member -MemberType NoteProperty -Name $CimProperty.NAME -Value $CimProperty.VALUE
}
foreach ($CimProperty in $CimXml.SelectNodes("/INSTANCE/PROPERTY[#NAME='Data']"))
{
$CimObj | Add-Member -MemberType NoteProperty -Name $CimProperty.NAME -Value $CimProperty.VALUE
}
# Display output
$CimObj
}
# Prompt for the Hyper-V Server to use
$HyperVServer = Read-Host "Specify the Hyper-V Server to use (enter '.' for the local computer)"
# Prompt for the virtual machine to use
$VMName = Read-Host "Specify the name of the virtual machine"
# Get the virtual machine object
$query = "Select * From Msvm_ComputerSystem Where ElementName='" + $VMName + "'"
$Vm = gwmi -namespace root\virtualization\v2 -query $query -computername $HyperVServer
# Get the KVP Object
$query = "Associators of {$Vm} Where AssocClass=Msvm_SystemDevice ResultClass=Msvm_KvpExchangeComponent"
$Kvp = gwmi -namespace root\virtualization\v2 -query $query -computername $HyperVServer
Write-Host
Write-Host "Guest KVP information for" $VMName
# Filter the results
try {
$Kvp.GuestIntrinsicExchangeItems | Import-CimXml | where Name -eq "OSName"
}
catch {
Write-Host "Not found"
}
From Ben Armstrong’s Virtualization Blog.
Unless you're using SCVMM, Guest OS details are not available via Hyper-V PowerShell cmdlets.
You have to query the Guest itself like you've already found.
I couldn't run t1meless' script on PowerShell version 7.1, because gwmi is deprecated in 7.1, sources MS Docs and GitHub.
I rewrote the script for PS 7.1.
# Script for retrieving Hyper-V Guest Operating System.
# Tested on PowerShell 7.1
# Prompt for the Hyper-V Server to use
$hyper_v_server = Read-Host "Specify the Hyper-V Server to use (enter '.' for the local computer)"
# Prompt for the virtual machine to use
$vm_name = Read-Host "Specify the name of the virtual machine"
# Check if VM exists and is running. This script doesn't work if the VM is stopped.
# Capture error output, source: https://stackoverflow.com/a/66861283/3498768
$vm_not_found = $($vm_state = (Get-VM $vm_name).state) 2>&1
if ($vm_not_found -ne $null) {
Write-Host "$vm_name VM was not found."
exit
}
if ($vm_state -eq "Off") {
Write-Host "Cannot retrieve information of $vm_name. The VM is stopped. Only running VM information can be retrieved."
exit
}
# Get the virtual machine object
$query = "Select * From Msvm_ComputerSystem Where ElementName='" + $vm_name + "'"
$vm = Get-CimInstance -namespace root\virtualization\v2 -query $query -computername $hyper_v_server
# Get associated information
$vm_info = Get-CimAssociatedInstance -InputObject $vm
Write-Host "Guest information for" $vm_name
# Select only required information
$vm_info | Where GuestOperatingSystem |
Select -Property GuestOperatingSystem |
Format-List *
I have taken over some code from someone that has left and am wondering what the [0] means in the below code that the previous person wrote?
I mean, he wrote this:
$os = (Get-WmiObject -computername $hostfqdn -class Win32_OperatingSystem -credential $credential)
$ostitle = #($os)[0].Caption+" SP"+#($os)[0].ServicePackMajorVersion+"."+#($os)[0].ServicePackMinorVersion
But, if I try the below I get the same result as if I add a [0] in?
PS C:\> $os = (Get-WmiObject -computername SERVER-class Win32_OperatingSystem)
PS C:\> #($os)[0].Caption
Microsoft Windows Server 2008 R2 Enterprise
With a [0]:
PS C:\> #($os).Caption
Microsoft Windows Server 2008 R2 Enterprise
The entire function is:
function getoperatingsystem([string]$hostfqdn, [object]$credential, [int]$serverid)
{
try {
$os = (Get-WmiObject -computername $hostfqdn -class Win32_OperatingSystem -credential $credential)
$ostitle = #($os)[0].Caption+" SP"+#($os)[0].ServicePackMajorVersion+"."+#($os)[0].ServicePackMinorVersion
UpdateRecord "UPDATE t_server SET os='$ostitle' WHERE serverid=$serverid"
} catch [Exception] {
$errmsg = $error[0]
$currentuser = [Environment]::UserName
$datetimestamp = get-date
writelog "$datetimestamp,$currentuser,[getoperatingsystem],$hostfqdn,$errmsg"
$error.clear()
return $false
}
}
#($os)[0] Means he is creating an array on the fly, with one element, and he is accessing the array's first element with [0] (its index in the array).
He should just have used $os
I am trying to create a PowerShell script that creates a new IIS 6 web site and sets things like App Pool, Wildcard application maps, ASP.NET version, etc.
After extensive search on the Internet I found a script that allows me to create a new Web Site but not to modify all the properties I need.
$newWebsiteName = "WebSiteName"
$newWebsiteIpAddress = "192.168.1.100"
$newWebSiteDirPath = "c:\inetpub\wwwroot\WebSiteName"
$iisWebService = Get-WmiObject -namespace "root\MicrosoftIISv2"
-class "IIsWebService"
$bindingClass = [wmiclass]'root\MicrosoftIISv2:ServerBinding'
$bindings = $bindingClass.CreateInstance()
$bindings.IP = $newWebsiteIpAddress
$bindings.Port = "80"
$bindings.Hostname = ""
$result = $iisWebService.CreateNewSite
($newWebsiteName, $bindings, $newWebSiteDirPath)
Any help on how to expand example above is greatly appreciated.
First of all, big thanks to jrista for pointing me in the right direction.
I also found this article very useful.
What follows here is a powershell script to create Application pool, Website and a SelfSsl certificate:
function CreateAppPool ([string]$name, [string]$user, [string]$password)
{
# check if pool exists and delete it - for testing purposes
$tempPool = gwmi -namespace "root\MicrosoftIISv2" -class "IISApplicationPoolSetting" -filter "Name like '%$name%'"
if (!($tempPool -eq $NULL)) {$tempPool.delete()}
# create Application Pool
$appPoolSettings = [wmiclass] "root\MicrosoftIISv2:IISApplicationPoolSetting"
$newPool = $appPoolSettings.CreateInstance()
$newPool.Name = "W3SVC/AppPools/" + $name
$newPool.WAMUsername = $user
$newPool.WAMUserPass = $password
$newPool.PeriodicRestartTime = 1740
$newPool.IdleTimeout = 20
$newPool.MaxProcesses = 1
$newPool.AppPoolIdentityType = 3
$newPool.Put()
}
function CreateWebSite ([string]$name, [string]$ipAddress, [string]$localPath, [string] $appPoolName, [string] $applicationName)
{
# check if web site exists and delete it - for testing purposes
$tempWebsite = gwmi -namespace "root\MicrosoftIISv2" -class "IISWebServerSetting" -filter "ServerComment like '%$name%'"
if (!($tempWebsite -eq $NULL)) {$tempWebsite.delete()}
# Switch the Website to .NET 2.0
C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -sn W3SVC/
$iisWebService = gwmi -namespace "root\MicrosoftIISv2" -class "IIsWebService"
$bindingClass = [wmiclass]'root\MicrosoftIISv2:ServerBinding'
$bindings = $bindingClass.CreateInstance()
$bindings.IP = $ipAddress
$bindings.Port = "80"
$bindings.Hostname = ""
$iisWebService.CreateNewSite($name, $bindings, $localPath)
# Assign App Pool
$webServerSettings = gwmi -namespace "root\MicrosoftIISv2" -class "IISWebServerSetting" -filter "ServerComment like '%$name%'"
$webServerSettings.AppPoolId = $appPoolName
$webServerSettings.put()
# Add wildcard map
$wildcardMap = "*, c:\somewildcardfile.dll, 0, All"
$iis = [ADSI]"IIS://localhost/W3SVC"
$webServer = $iis.psbase.children | where { $_.keyType -eq "IIsWebServer" -AND $_.ServerComment -eq $name }
$webVirtualDir = $webServer.children | where { $_.keyType -eq "IIsWebVirtualDir" }
$webVirtualDir.ScriptMaps.Add($wildcardMap)
# Set Application name
$webVirtualDir.AppFriendlyName = $applicationName
# Save changes
$webVirtualDir.CommitChanges()
# Start the newly create web site
if (!($webServer -eq $NULL)) {$webServer.start()}
}
function AddSslCertificate ([string] $websiteName, [string] $certificateCommonName)
{
# This method requires for you to have selfssl on your machine
$selfSslPath = "\program files\iis resources\selfssl"
$certificateCommonName = "/N:cn=" + $certificateCommonName
$certificateValidityDays = "/V:3650"
$websitePort = "/P:443"
$addToTrusted = "/T"
$quietMode = "/Q"
$webServerSetting = gwmi -namespace "root\MicrosoftIISv2" -class "IISWebServerSetting" -filter "ServerComment like '$websiteName'"
$websiteId ="/S:" + $webServerSetting.name.substring($webServerSetting.name.lastindexof('/')+1)
cd -path $selfSslPath
.\selfssl.exe $addToTrusted $certificateCommonName $certificateValidityDays $websitePort $websiteId $quietMode
}
$myNewWebsiteName = "TestWebsite"
$myNewWebsiteIp = "192.168.0.1"
$myNewWebsiteLocalPath = "c:\inetpub\wwwroot\"+$myNewWebsiteName
$appPoolName = $myNewWebsiteName + "AppPool"
$myNewWebsiteApplicationName = "/"
$myNewWebsiteCertificateCommonName = "mynewwebsite.dev"
CreateAppPool $appPoolName "Administrator" "password"
CreateWebSite $myNewWebsiteName $myNewWebsiteIp $myNewWebsiteLocalPath $appPoolName $myNewWebsiteApplicationName
AddSslCertificate $myNewWebsiteName $myNewWebsiteCertificateCommonName
The $result object contains the path to the newly created IIsWebServer object. You can get access to the virtual directory, where you can configure more properties, by doing the following:
$w3svcID = $result.ReturnValue -replace "IIsWebServer=", ""
$w3svcID = $w3svcID -replace "'", ""
$vdirName = $w3svcID + "/ROOT";
$vdir = gwmi -namespace "root\MicrosoftIISv2"
-class "IISWebVirtualDir"
-filter "Name = '$vdirName'";
# do stuff with $vdir
$vdir.Put();
This is a useful PowerShell snippet.
I tried running this and I get problems with the delete tests. Delete does not work against the app pool when the site still exists. Surely you should run website delete test first.
# check if web site exists and delete it - for testing purposes
$tempWebsite = gwmi -namespace "root\MicrosoftIISv2"
-class "IISWebServerSetting"
-filter "ServerComment like '%$name%'"
if (!($tempWebsite -eq $NULL)) {$tempWebsite.delete()}
Run this first, then run the app pool deletion test.
I realise you have marked these as tests but surely it is useful to exit or delete if webs site exists.