You Should Be Using PowerShell Aaron Kaiser S e n i o r Te c h n o l o g y S u p p o r t S p e c i a l i s t P a r k w a y S c h o o l D i s t r i c t Why PowerShell? • Most modern Microsoft GUI’s are built upon PowerShell • A number of third party applications are either built on PowerShell or have snap‐ins that leverage PowerShell • VMware vSphere PowerCLI • Citrix Studio • Fairly straightforward syntax • Absolute Power! PowerShell vs VB Script Po w e r S he l l V B S c r i p t Get‐ChildItem ‐Path C:\ ‐File | Select‐Object Directory,Name,Length | Export‐Csv C:\Files.csv ‐ Append ‐NoTypeInformation Set objFs = CreateObject("Scripting.FileSystemObject") Set objFile = objFs.CreateTextFile(“C:\Files.csv”) Wscript.sleep(2000) 'Pause while file is being created Set objFile = objFs.GetFile(“C:\Files.csv”) Const ForWriting = 2 Set outputFile = objFs.OpenTextFile(“C:\Files.csv”, ForWriting) Set objFolder = objFs.GetFolder(“C:\”) Set colFiles = objFolder.Files For Each objFile in colFiles OutputFile.Write “C:\,” & objFile.Name & “,” & objFile.Size Wscript.Echo “C:\,” & objFile.Name & “,” & objFile.Size Next OutputFile.Close Before You Begin • Update PowerShell to version 4.0 • $PSVersiontable – use to determine version currently installed • Improved performance and functionality • Auto‐load modules • Execution Policy • Set to Restricted by default • RemoteSigned if you wish to be fairly safe • Unrestricted if you are confident and/or crazy • PS1 extension • Setting up the Console Window • Launching as Administrator PowerShell Tools • Console • Basic interface • Limited editing capabilities • Copy and paste are not easy • ISE (Integrated Scripting Engine) • Best used for scripting • Uses normal copy and paste commands • Helpful features • Third Party Tools • Various paid and free tools • PowerGUI • Compile script into an EXE Cmdlets • Uses verb‐noun naming convention • Simple Starters • Get‐Process • Get‐Service • Get‐Date • Get‐Command • ‐Verb or ‐Noun • Wildcards • Parameters Get‐Help • Very Important/Helpful • Provides Description, Syntax, and Even Examples • ShowWindow Parameter • Online Parameter • Wild Card Search The Pipeline • Used to connect commands together • Provides a way to pass output to another command • Uses the pipe symbol “|” • Example: Get‐Process | Out‐File c:\process.txt $Variables • Where the true scripting power of PowerShell lies • Always starts with a $ • Can hold a variety of information • Text • Numbers • Lists Punctuation • Backtick ` • Escape character • Single Quotes ‘ ’ • Contains string values • Does not look for escape character or variables • Double Quotes “ ” • Contains string values • Looks for escape character or variables • Curly Braces { } • Contain script blocks • Variable name that contains spaces or illegal characters • Parentheses ( ) • Like in math, defines order of execution • Hashtag # • Comment character • Any characters following # are ignored • Similar to REM in DOS Parkway Example #1 H o w D o Yo u D e l e t e O v e r 17 , 00 0 U s e r F o l d e r s ? $schools = @("chs", "cms", "sms") foreach ($school in $schools) { Remove-Item "\\student1\$school\*[0-9][0-9][0-9][0-9]" -force -recurse } Parkway Example #2 H o w D o Yo u A d d A l l T h e s e M AC A d d r e s s e s A s A c t i v e D i r e c t o r y Users? import-module activedirectory import-csv c:\ADImport.csv | % {New-ADUser -GivenName $_.Name.ToLower() -Name $_.Name.ToLower() -DisplayName $_.Name.ToLower() -SamAccountName $_.Name.ToLower() -UserPrincipalName ($_.Name.ToLower() + "@local.com") -Description $_.Description -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Name.ToLower() -AsPlainText -force) -PasswordNeverExpires $True} import-csv c:\ADImport.csv | % {Add-ADGroupMember -Identity Wireless-MAC -Member $_.Name.ToLower()} # Script to create Active Directory accounts Import-Module ActiveDirectory $Mac = Read-Host -Prompt "Enter The MAC Address" $Name = $Mac.ToLower() $Desc = Read-Host -Prompt "Enter The Machine Name. It Must Start With The School's Three Digit Code." $OU = $Desc.Substring(0,3) #$OU = Read-Host -Prompt "Enter The School's Three Digit Code" If ([adsi]::Exists("LDAP://OU=$OU,OU=ws-macaddr,DC=local,DC=com") -eq $False){ write-warning "The School Code is incorrect"} Elseif (Get-ADUser -Filter {sAMAccountName -eq $Name}){ write-warning "The User already exists"} Elseif ($Name -notlike '????????????'){ write-warning "The MAC address is the wrong length"} Else{ New-ADuser -GivenName $Name -Name $Name -DisplayName $Name -SamAccountName $Name -UserPrincipalName ($Name + "@local.com") -Description $Desc -Path ("OU=" + $OU + ",OU=ws-macaddr,DC=local,DC=com") -Enabled $True -AccountPassword (ConvertTo-SecureString $Name -AsPlainText -force) -PasswordNeverExpires $True Add-ADGroupMember -Identity Wireless-MAC -Member $Name write-host "The account has been created."} Read-Host -Prompt "Press Enter to exit" Parkway Example #3 H o w D o Yo u M o v e F r o m N o v e l l S h a r e s To M i c r o s o f t S h a r e s W i t h o u t L o s i n g Yo u r M i n d ? $letters = @("a*", "b*", "c*", "d*", "e*", "f*") Foreach ($letter in $letters) { $users = get-aduser -Filter {Surname -like $letter} -SearchBase "OU=staff,DC=local,DC=com" | Select-Object -ExpandProperty SamAccountName Foreach ($user in $users) { If ($user -like "a*") {$path = "\\staff1\AC\a"} Elseif ($user -like "b*") {$path = "\\staff1\AC\b"} Elseif ($user -like "c*") {$path = "\\staff1\AC\c"} Elseif ($user -like "d*") {$path = "\\staff2\DF\d"} Elseif ($user -like "e*") {$path = "\\staff2\DF\e"} Elseif ($user -like "f*") {$path = "\\staff2\DF\f"} Elseif ($user -like "g*") {$path = "\\staff3\GJ\g"} Elseif ($user -like "h*") {$path = "\\staff3\GJ\h"} Elseif ($user -like "i*") {$path = "\\staff3\GJ\i"} Elseif ($user -like "j*") {$path = "\\staff3\GJ\j"} Elseif ($user -like "k*") {$path = "\\staff1\KM\k"} Elseif ($user -like "l*") {$path = "\\staff1\KM\l"} Elseif ($user -like "m*") {$path = "\\staff1\KM\m"} Elseif ($user -like "n*") {$path = "\\staff2\NR\n"} Elseif ($user -like "o*") {$path = "\\staff2\NR\o"} Elseif ($user -like "p*") {$path = "\\staff2\NR\p"} Elseif ($user -like "q*") {$path = "\\staff2\NR\q"} Elseif ($user -like "r*") {$path = "\\staff2\NR\r"} Elseif ($user -like "s*") {$path = "\\staff3\SZ\s"} Elseif ($user -like "t*") {$path = "\\staff3\SZ\t"} Elseif ($user -like "u*") {$path = "\\staff3\SZ\u"} Elseif ($user -like "v*") {$path = "\\staff3\SZ\v"} Elseif ($user -like "w*") {$path = "\\staff3\SZ\w"} Elseif ($user -like "x*") {$path = "\\staff3\SZ\x"} Elseif ($user -like "y*") {$path = "\\staff3\SZ\y"} Elseif ($user -like "z*") {$path = "\\staff3\SZ\z"} Else {continue} $newPath = Join-Path \\staffaf\af -childpath $user new-item $newpath -type directory $acl = Get-Acl $newpath $permission = "Local\$user","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow" $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $acl.SetAccessRule($accessRule) $acl | Set-Acl $newpath robocopy $path\$user \\staffaf\af\$user /copy:dat /e /mir /fft /mt:8 /zb /nfl /ndl /ns /nc /np /r:5 /w:5 /log+:c:\aflog.txt }} cmd /c dir "\\staff3\SZ\SSD\*" /b /a:d > c:\ssd.txt $Users = Get-Content c:\ssd.txt ForEach ($user in $users) { $t = Get-ADUser -Filter 'SamAccountName -eq $user' -SearchBase "OU=staff,DC=local,DC=com" | Select-Object -ExpandProperty Surname If ($t -like "a*") {$mpath = "\\staffaf\af"} Elseif ($t -like "b*") {$mpath = "\\staffaf\af"} Elseif ($t -like "c*") {$mpath = "\\staffaf\af"} Elseif ($t -like "d*") {$mpath = "\\staffaf\af"} Elseif ($t -like "e*") {$mpath = "\\staffaf\af"} Elseif ($t -like "f*") {$mpath = "\\staffaf\af"} Elseif ($t -like "g*") {$mpath = "\\staffgl\gl"} Elseif ($t -like "h*") {$mpath = "\\staffgl\gl"} Elseif ($t -like "i*") {$mpath = "\\staffgl\gl"} Elseif ($t -like "j*") {$mpath = "\\staffgl\gl"} Elseif ($t -like "k*") {$mpath = "\\staffgl\gl"} Elseif ($t -like "l*") {$mpath = "\\staffgl\gl"} Elseif ($t -like "m*") {$mpath = "\\staffmr\mr"} Elseif ($t -like "n*") {$mpath = "\\staffmr\mr"} Elseif ($t -like "o*") {$mpath = "\\staffmr\mr"} Elseif ($t -like "p*") {$mpath = "\\staffmr\mr"} Elseif ($t -like "q*") {$mpath = "\\staffmr\mr"} Elseif ($t -like "r*") {$mpath = "\\staffmr\mr"} Elseif ($t -like "s*") {$mpath = "\\staffsz\sz"} Elseif ($t -like "t*") {$mpath = "\\staffsz\sz"} Elseif ($t -like "u*") {$mpath = "\\staffsz\sz"} Elseif ($t -like "v*") {$mpath = "\\staffsz\sz"} Elseif ($t -like "w*") {$mpath = "\\staffsz\sz"} Elseif ($t -like "x*") {$mpath = "\\staffsz\sz"} Elseif ($t -like "y*") {$mpath = "\\staffsz\sz"} Elseif ($t -like "z*") {$mpath = "\\staffsz\sz"} Else {continue} $newPath = Join-Path $mpath -childpath $user new-item $newpath -type directory $acl = Get-Acl $newpath $permission = "Local\$user","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow" $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $acl.SetAccessRule($accessRule) $acl | Set-Acl $newpath robocopy \\staff3\SZ\SSD\$user $mpath\$user /copy:dat /e /mir /fft /mt:8 /zb /nfl /ndl /ns /nc /np /r:5 /w:5 /log+:c:\ssdlog.txt } Parkway Example #4 H o w d o y o u c h a ng e p e r m i s s i o n s t o a l l t h e p r i n t e r s o n y o u r M i c r o s o f t P r i n t S e r v e r ? $security = get-printer -computer printsvr "HPTEST" -full get-printer * -computer printsvr | Foreach-Object {set-printer $_.name -computer printsvr -PermissionSDDL $security.PermissionSDDL} Parkway Example #5 H o w d o y o u c h e c k t o s e e i f y o u r u s e r s h a v e a n a c t u a l h o m e d i r e c t o r y a n d f i x i t i f they d o n o t ? $OUs = @("OU=Grade06,OU=mid,OU=students,DC=local,DC=com", "OU=Grade07,OU=mid,OU=students,DC=local,DC=com", "OU=Grade08,OU=mid,OU=students,DC=local,DC=com") Foreach ($OU in $OUs){ $users = Get-ADUser -Filter * -SearchBase $OU -Properties * | Select-Object sAMAccountName, HomeDirectory Foreach ($user in $users) { $u = $user.sAMAccountName $h = $user.HomeDirectory if(-not(Test-Path -Path $h)) { $u | out-file c:\midmissing.txt -Append new-item -Path $h –type directory $acl = Get-Acl $h $permission = "Local\$u","Modify", "ContainerInherit, ObjectInherit", "None", "Allow" $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission $acl.SetAccessRule($accessRule) $acl | Set-Acl $h } else {continue}}} Additional Resources • Microsoft Virtual Academy • Getting Started with PowerShell 3.0 Jump Start • Advanced Tools & Scripting with PowerShell 3.0 Jump Start • Using PowerShell for Active Directory • Powershell.org • Learn Windows PowerShell In A Month Of Lunches • Saint Louis University Workforce Center • Automating Administration with Windows PowerShell