Monthly Archives: April 2013

Everything you need to get started with Group Policy – Goatee PFE – Site Home – TechNet Blogs

Everything you need to get started with Group Policy – Goatee PFE – Site Home – TechNet Blogs.

Advertisements

AD Group History Mystery: PowerShell v3 REPADMIN – Goatee PFE – Site Home – TechNet Blogs

AD Group History Mystery: PowerShell v3 REPADMIN – Goatee PFE – Site Home – TechNet Blogs.

Get-QADUser and LastLogonTimeStamp

easy as pie:

Get-QADComputer -IncludedProperties lastlogontimestamp | select computername, description,osname,canonicalname,lastlogontimestamp | fl *

Test GPO WMI filter using Powershell

GPO WMI filters can get screwed up when edited. Quick way of testing a WMI filter is available using Powershell:

  1. Grab the GPO WMI filter from GPMC and put it into clipboard
  2. in Powershell console:
    gwmi -Query ‘Paste your WMI filter here’
    in words:
    write gwmi -Query ‘ (single qoute)
    paste in your wmi filter
    ‘ (single qoute) 

Result could look like this:
gwmi -Query ‘SELECT ProductType, CSName FROM Win32_OperatingSystem WHERE (ProductType = “1”) AND Not CSName = “CB002021”)

When any results are returned WMI filter evaluates to $true (GPO applies), else $false (GPO does not aplly)

Don’t forget that you get the luxury to test against multiple computer just by adding the -Computername parameter:

gwmi -Query ‘SELECT ProductType, CSName FROM Win32_OperatingSystem WHERE (ProductType = “1”) AND Not CSName = “CB002021”)‘ -Computername PC01,PC02

Show and Remove Permanent WMI Event Registrations

Show Filter to consumer bindings
gwmi -Namespace "root/subscription" -Class __FilterToConsumerBinding

Remove filter to consumer bindings
Mind you – there are two bindings/filters/consumers built-in (at least on my W7 Ent 32b) so don’t delete them. Update: you might as well delete one of the default filters/consumers/bindings which does not work to get rid of annoying errors in application eventlog http://pcsxcetrasupport3.wordpress.com/2011/10/23/event-10-mystery-solved/
gwmi -Namespace "root/subscription" -Class __FilterToConsumerBinding | Remove-WmiObject -WhatIf

Show permanent WMI filters
gwmi -Namespace "root/subscription" -Class __EventFilter | where name -eq "ef1"

Remove permanent WMI filters
gwmi -Namespace "root/subscription" -Class __EventFilter | where name -eq "ef1" | Remove-WmiObject -WhatIf

Show all permanent event consumers
gwmi -Namespace "root/subscription" -Class __EventConsumer

Show permanent event consumers for particular consumer

gwmi -Namespace "root/subscription" -Class LogFileEventConsumer

list of the standard consumers:

  • ActiveScriptEventConsumer Executes a predefined script in an arbitrary scripting language when an event is delivered to it. This consumer is available on Windows XP and Windows 2000.
    Example: Running a Script Based on an Event
  • CommandLineEventConsumer Launches an arbitrary process in the local system context when an event is delivered to it. This consumer is available on Windows XP.
    Example: Running a Program from the Command Line Based on an Event
  • LogFileEventConsumer Writes customized strings to a text log file when events are delivered to it. This consumer is available on Windows XP.
    Example: Writing to a Log File Based on an Event
  • NTEventLogEventConsumer Logs a specific message to the Windows NT event log when an event is delivered to it. This consumer is available on Windows XP.
    Example: Logging to NT Event Log Based on an Event
  • ScriptingStandardConsumerSetting Provides registration data common to all instances of the ActiveScriptEventConsumer class.
    SMTPEventConsumer Sends an email message using SMTP each time an event is delivered to it. This consumer is available on Windows XP and Windows 2000.
    Example: Sending Email Based on an Event

Remove permanent event consumers
gwmi -Namespace "root/subscription" -Class LogFileEventConsumer | where name -EQ "ec1" | Remove-WmiObject -WhatIf

Removing Permanent WMI Event Registrations | Trevor Sullivans Tech Room.

Windows PowerShell 3.0 SDK Sample Pack in C#

Windows PowerShell 3.0 SDK Sample Pack in C#.

Writing a Windows PowerShell Formatting File

Writing a Windows PowerShell Formatting File.

smsagent

Tips, tricks and time-savers for the Windows and ConfigMgr administrator

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?