|
Drumstick posted:Is it possible to check folder permissions and then print the folder names if the permissions includes a specific user/group using powershell? Yes, though it was actually more complicated then I thought. I may have overcomplicated a bit, so if anyone has a more elegant solution, I would love to see it. Here is the code: code:
code:
code:
code:
code:
code:
code:
[code Write-host $Identity has the right $access.AccessControlType $access.FileSystemRights to $ACL.path.substring(38) [/code] The substring part is to cut off the first 38 characters, because $ACL.path would just output Microsoft.PowerShell.Core\FileSystem:: before the string. Controltype tells us Allow or Deny, Filesystemrights the actual rights being allowed or denied. Or, if you want to see if the rights are inherited from a parent folder, add $access.isinherited to the output. You could clean this up, because some of the FileSystemRights are in the form of an integer, such as 268435456, which means full control on all FILES under the specified root directory, according to Here. You could rewrite the integers to human readable strings, if you knew which is which. Output will look like this: Jelmylicious has the right Allow 268435456 to C:\users\Jelmylicious Jelmylicious has the right Allow FullControl to C:\users\Jelmylicious Jelmylicious fucked around with this message at 10:04 on Oct 28, 2011 |
# ¿ Oct 28, 2011 09:55 |
|
|
# ¿ Apr 30, 2024 17:56 |
|
joe944 posted:Scripting noob here working on my first powershell script and I'm wondering if anyone would be able to help me out. Few questions/Comments: You put the old IP address into $oldip, but you never do anything with it. Do you want to log an event every time the IP changes, or (like you currently do) every time the script checks? You will never clean your iplog.txt (I assume you use a valid path in the path part). This will slowly grow, even though you are also putting this info in the IP check eventlog. First run fails on the $oldip line, because the first log isn't there. I will go practice my try/catches. Edit: Here's my take. I simplified it a bit:
code:
Jelmylicious fucked around with this message at 11:05 on Nov 10, 2011 |
# ¿ Nov 10, 2011 10:32 |
|
Since my script compares IP's when writing to the eventlog, you can have it output to a textfile in the same if-statement. If you want to add an eventlog for every check, we could do something like this (only relevant code shown). Note that, since I added an else statement, I removed the negatement in the if statements, for legibility purposes.code:
Edit: If you are running this on computers with other languages than english, it could be a good idea to force your tostring to use english, like this (replace "en-US" with whatever you want, like "nl-NL" for Dutch). code:
Jelmylicious fucked around with this message at 11:51 on Nov 10, 2011 |
# ¿ Nov 10, 2011 11:35 |
|
KS posted:I ran into so many things I need to learn along the way with the format of the data and breaking it up into useful chunks: system objects vs. arrays vs. strings and the tools you can use for each. For instance, you can write "select $a" to a file and it works, but you cannot write "select $a.substring(2,13)" Well, for the indertimenate size, you could use a foreach loop. Without adjusting your code too much: code:
code:
|
# ¿ Nov 11, 2011 01:34 |
|
My turn for a question: I will be giving my companies internal Introduction to Powershell course. It will be a two day course for anyone ranging from "never touched powershell" to seasoned sysadmins that know VB by heart, but want to get to know powershell better. (oh god, what am I getting myself into? ) The current iteration of the course is a bit to dry and doesn't allow for that much input from the students about what they want to learn. I am going to make this course more hands-on and practical. My question to you is: Is there anything that you ever ran into, while using powershell, where you thought to yourself: "If only I had known this when I started out, this would have saved so much time!" Help me make this course awesome, so my newly made minions can help answer questions in this thread.
|
# ¿ Nov 14, 2011 11:17 |
|
bluegoon posted:$a = get-childitem C:\Comps\complist.txt Get-Childitem is enumerating files in a folder, it is the new "dir". What you want is: code:
code:
e: Aparently Get-Eventlog System should work too, so your second line should work as intended. Apart from it not showing the full info in your text file. So, at least use the export-csv. Jelmylicious fucked around with this message at 16:13 on Nov 23, 2011 |
# ¿ Nov 23, 2011 15:59 |
|
My quick test showed a nice CSV cooming from this, so I figured it would fit here. I always try using it first, if it doesn't work, then I start looking at alternatives/fixing it.
|
# ¿ Nov 23, 2011 16:46 |
|
psylent posted:I'm incredibly new to Powershell, as a senior helpdesk monkey I can see how it's going to be incredibly helpful. Get-AdGroup will return security groups in a given OU. So this command seems to strip all members of the groups you get, except for computer accounts. I will dissect the command for you later. What you need, is a command that gets all the users in an OU and then strip their memberships.
|
# ¿ Dec 16, 2011 08:07 |
|
Moey posted:Looking for a quick pointer in the right direction. Had some success last night using powershell to do some bulk file renaming at home. Get into work today, now I actually get to try and use some of that! Well, when creating a folder manually in explorer with the same name as a file, it asks me if I want to overwrite. You could chop off the extension (or add a .dir extension or something) to differentiate the name.
|
# ¿ Dec 21, 2011 16:20 |
|
Wicaeed posted:Always returns "Drive backup does not exists". Is there some secret I'm missing to using variables and boolean operators in functions? This is a problem of scope, your Variable gets set inside the function, but doesn't exist outside it. You could try three things: you could move the Write-Host inside the function, you could not use a function, but have it in the main executing code, or you could have the function return it: code:
Also, since Test-Path already returns a boolean, you could omit the -ne $False, so, just write: if (Test-Path "C:\dell"). But, that is more of a style choice, just keep it readable for you and your colleagues. Jelmylicious fucked around with this message at 16:44 on Dec 21, 2011 |
# ¿ Dec 21, 2011 16:35 |
|
Wicaeed posted:Okay, thanks for that clarification. The reason the vbscript is run like it is, is because that the results are later send via email, and from what you said regarding functions, you can't actually store the results as a variable that exists outside the function? That is a fourth possibility, make it a global variable, by starting your variable with $global: code:
|
# ¿ Dec 21, 2011 16:48 |
|
Moey posted:Didn't know that name would grab the extension as well. I am still having a problem as $_ isn't pulling files from that directory. This script will just create a folder called .basement, then error out for the rest of the items. Are you running it from the folder? Otherwise use GCI C:\PS (don't forget to add it to the beginning of your new foldername to).
|
# ¿ Dec 21, 2011 16:55 |
|
Wicaeed posted:Sweet. HOWEVER, I have to be setting my function incorrectly, or something. Any ideas? You are not calling you function: code:
code:
|
# ¿ Dec 21, 2011 17:03 |
|
The {} are there, because a function can contain multiple lines, and PS needs a way to delimit this.code:
code:
code:
code:
code:
Jelmylicious fucked around with this message at 17:23 on Jan 5, 2012 |
# ¿ Jan 5, 2012 17:13 |
|
i barely GNU her! posted:
When you run this in januari, it will filter out anything made in december of any year. So this doesn't work as asked, when you span multiple years. Also, it doesnt filter out the current month (which I also needs to be filtered out). e: And that is exactly what he asked, but I already made this, so here you go, getting to first day of that month: code:
code:
code:
FirstOfMonth(1) will give you: donderdag 1 december 2011 0:00:00 (Locale is set to Dutch, but you get the gist). If anyone is interested in forcing the locale so you can read the date, no matter what language the server is set to, let me know. (Very important if you work with the currency object, because it would display as 100 dollars, or pounds, or Rupee depending on the locale, without converting the currency) Jelmylicious fucked around with this message at 17:01 on Jan 6, 2012 |
# ¿ Jan 6, 2012 09:56 |
|
Since you seem interested in finding stuff out for yourself, let met introduce you to get-command, get-help and get-memberWalter_Sobchak posted:1) Is there a way to specify a file by the Date Modified column? I basically want to have a script that auto-deletes the oldest file in a certain folder when I run it. You are working with files, command for that is get-childitem (or ls for short). Since you want to know what prperties you get with this, you pipe it to get-member (or gm for short): code:
CreationTime Property System.DateTime CreationTime {get;set;} So yes, it is possible. To get the oldest file, try something like this: code:
Walter_Sobchak posted:2) How do you check to see if a program is already running? I'm trying to write a script that checks to see if a couple different programs are running, and if not, to start them. For this, you are looking for a process that is running. Let's see if powershell has any functions with process in the name, using get-command (gcm for short) code:
code:
code:
get-process explorer returns: code:
returns a big red error. So I am not running, it seems. But we don't want that error. So, let's pipe to a filter: code:
code:
E: The sort option two posts before me is more elegant, I was too hung up on explaining how to find info... Jelmylicious fucked around with this message at 08:38 on Feb 3, 2012 |
# ¿ Feb 2, 2012 16:23 |
|
Also, if you remove all access rights first, you won't have any rights yourself. Which means you don't have rights to set accessrights.
|
# ¿ Feb 24, 2012 19:54 |
|
You can append strings with a simple + so: $Destinationfolder + $item.name should work.
|
# ¿ Feb 29, 2012 17:57 |
|
Wicaeed posted:Seriously, I've quite thoroughly enjoyed my time with Powershell thus far, I just wish I had more excuses to use it at work Is there anything you do semi-regularly that could be automated? Go on! Script yourself out of a job!
|
# ¿ Mar 7, 2012 16:23 |
|
Hmmm, that's an interesting one. The padding is harder than I thought, or at least, I couldn't find an option for it. (I tried cropping a negative amount of pixels, but that seems to error out.) Filtering is easy:code:
Only thing I could think of, is to have the script create an empty image, of $image.height * 500, and use the "stamp" filter to add the image over the blank one. See this MSDN page for an example in .NET.
|
# ¿ Mar 12, 2012 11:52 |
|
On the subject of really using .NET, I am only a noob at that, I think Adaz or someone else will be better suited to answer that. And Angrytech: what properties are you trying to get from the computer object? Have youtried simply calling $_.propertyname or used get-adcomputer with the -property flag? Have you checked the Technet page on get-adcomputer
|
# ¿ Mar 13, 2012 16:48 |
|
Could very well be a UAC error, since server 2008 doesn't like you putting things in the C:\ root. Either put it in a folder or elevate your powershell.
|
# ¿ Mar 15, 2012 18:30 |
|
Ooh, I really should try out that Beta! Thanks for the link.
|
# ¿ Mar 22, 2012 11:35 |
|
Sorry to double post, but this is just too awesome. The new ISE is way more usable! No more seperated input and output pane is good. But the best thing is the syntax checking. Forgot to close some parenthesis? It will highlight your dangling one: Woohoo! It does the same thing in the powershell pane in ISE. Try putting in the following (which just feels wrong to leave like this) code:
Jelmylicious fucked around with this message at 13:35 on Mar 22, 2012 |
# ¿ Mar 22, 2012 13:23 |
|
This seems to be in the wrong order:code:
|
# ¿ Mar 29, 2012 07:54 |
|
Dreadite posted:I just made a simpler script to copy the shortcut from a network location applied as a logon script at the group OU level in GP. Since 2008 you can add shortcuts directly through Group Policy Preferences. And you can put it all in one policy and have it select the right one through Item Level Targeting. Anyway, don't discount your hour fiddling with this, practice with powershell is always valuable! Even when it won't pan out. Part of the process is knowing when you should or shouldn't use PS.
|
# ¿ Mar 29, 2012 15:48 |
|
stubblyhead posted:Sorry to quote from so far back, but good lord you are not kidding about this cmdlet. I have a multi-line comma-delimited string, you stupid piece of poo poo! Why won't you let me just pipe it straight in! If it is already comma delimited, just pipe it to a text file with .csv as its extension.
|
# ¿ Mar 31, 2012 07:55 |
|
NaughtyHusky posted:I have a quick question, I am using the following in order to create a last written file output, however I want to format the date in UNIX time (e.g. UFormat %s) - any help or direction would be great. Do I need to go down the object route? This should work: code:
code:
|
# ¿ Apr 23, 2012 18:28 |
|
Drumstick posted:The folders are their user names. Could I create an array of the names, then use that to assign ownership of the proper folder? Or can I do a for each, read the name then assign that ownership without the array? I'm way to inexperienced at this. Yes, Basically you read Foldername, get the user from AD and use Set-ACL to set the new permissions. Be careful not to lock yourself out by overwriting admin permissions. I'll see if I can get you some code.
|
# ¿ May 2, 2012 15:09 |
|
Drumstick posted:Fantastic, thank you so much. Im glad i'm at least on the right track. I didnt even consider the possibility of locking myself... Im glad I didnt just wing it. Couldn't fully test, since I am away from my domain right now. This should work. Shouldn't have to tell you, but try it on a testfolder first: code:
|
# ¿ May 2, 2012 15:37 |
|
adaz posted:You need to set inheritance and propagation flags when you create your new access rule. Right. It's been a while since I did this and wasn't near my domain. Totally forgot.
|
# ¿ May 3, 2012 08:13 |
|
Korlac posted:Here's another diagnostic tool out there for any Exchange Administrators. Sometimes you need to look up Application events across several servers, this will let you determine which server role (including all Exchange Servers), which event logs you wish to parse, the event level, and finally the Event ID. Once all that data is selected through the Powershell menu, it will generate a Text file on your desktop with all the matching results. That looks really nice, but it doesn't account for fat fingering. You can easily change that by using the default switch and a recursive function: code:
|
# ¿ May 15, 2012 08:36 |
|
Alright, I had fun making it into a real cmdlet. I just wanted to explain autohelp and parameters. I just used your script as an excuse to do it. Feel free to ask about any of it of course. First the code, then I will explain what I did. I kept the functionality of your script the same.code:
code:
Apart from putting in the errorhandling I talked about in the previous post, I added in the following: PARAMETERS To make this script accept parameters, I included a param() block. I will explain using one parameter as an example: code:
code:
code:
You could do more fun stuff with parameters, like setting default values. A fun example for that is: code:
Other fun you could do with parameters would be to make them required, have them positioned (so you don't have to specify the parameter name) or make sets, because only certain combinations of parameters do something. There is more fun to be had, of course. Helpfile And now for the awesome part. get-help works for this script! The only thing you need to get that going, is to include that huge commentblock in the beginning in that syntax. I always use a base commentblock as a start for my scripts, where I just fill in the specifics as I go. I suggest anyone making big scripts to do the same! How awesome is it, if you can just tell your coworkers to RTFM in a windows environment! (NB: Man is an alias for get-help, for added fun) So, to break it down, this is part of my base script, an adaptation of this example: code:
|
# ¿ May 15, 2012 13:54 |
|
get-acl will do what you want, but you might have to parse the outcome a bit to make it readable.
|
# ¿ May 15, 2012 20:07 |
|
I just realized: I did not specify in my helpfile that this script requires the exchange modules. This would be one of the more important things to put in there. Whoops And for Walter_Sobchak: indeed, what is the exact thing you want to do. Do you want to check the share permissions also, in case those aren't good? How many levels deep will the permissions be unique? Do you need to inventory who is a member of the security groups as well? Want to output it in a pretty excel file for management to swoon over? Anyway, a simple option would be: code:
e: Why didn't I look at this earlier. If you convert it to HEX, it gets a lot more readable. 268435456 is GENERIC_ALL. 268435456 in hex is 0x10000000 Jelmylicious fucked around with this message at 11:20 on May 16, 2012 |
# ¿ May 16, 2012 10:45 |
|
Walter_Sobchak posted:So the decree came down from on high- The CEO wants a quarterly report of every single share on our network, along with their permissions. Now maintaining a list of the shares is easy, but not so much with the permissions. Is there a way to write a Powershell script to have it aggregate all this info? Another big post ahoy! First of, as you can see in the comment notes, there is a lot more you can do with this, that isn't implemented yet. I don't filter out admin shares, I do filter out the shares that are unreachable. I chose to output one access right per line, to keep things flat. The conversion-table for making shares human readable is definitely incomplete, but that is easy to append. I know this script might seem big and daunting for a firsttimer, but that is because I made it into a full script that includes a helpfile and can be run with parameters. Save it as Get-ShareRights.ps1 and you can run it from commandline, or run it as a scheduled job. Then have something compare previous results and you have a quick and dirty rights auditing! But I'm digressing. First the full script, after that, some explanation. code:
Let me start with the only function in this script. All it does is take a simple string as input, and either return a different string if it knows the conversion, or return the same string again if it doesn't. The global parameter $dontconvert is first polled to see if any conversion has to be done at all. code:
code:
code:
I also put in a small test, to see if the share is valid, so it wouldn't error out, but give you a small message saying a share doesn't exist: code:
And there you have it. If you need it adjusted, I can do so. I might make this script bigger for auditing purposes in my company. Jelmylicious fucked around with this message at 20:02 on May 18, 2012 |
# ¿ May 18, 2012 14:15 |
|
Phone posted:Ugh, this is gonna hurt: 800k+ files in 7 directories; delete all files older than 60 days. I know I saw something about Powershell performance tapering off before, but I can't remember where I saw it. I think this is what you are looking for: from: http://blogs.msdn.com/b/powershell/archive/2009/11/04/why-is-get-childitem-so-slow.aspx Since the sweet point seems to be around 300k files, why not specify the 7 directories, and do a simple gci without the recurse on them? I feel dirty for removing some automation, but sometimes, doing it yourself really is better. Or, to get all the directories automatically, either: - do a gci -directory (powershell 3 option) or - filter with gci -filter *. (to specify a native filesystem filter for files with no extension) Last option has the assumption that directories have no extension, and files do. Or,if you can distinguish by name, you could use a different filter. e: changed image host to imgur, even though msdn.com can probably handle the load from this thread... Jelmylicious fucked around with this message at 16:42 on Jun 1, 2012 |
# ¿ Jun 1, 2012 16:04 |
|
Scaramouche posted:This is a theoretical question I guess, but in cases like the above where performance degrades after x number of files, would something DOS based be faster? e.g. http://stackoverflow.com/questions/51054/batch-file-to-delete-files-older-than-n-days I would keep using PowerShell. The advantage of that, is that it returns objects, not plaintext. So, if you can filter it down with -Filter (native NTFS filter, like dir uses) or if you can break it up in chunks, I would keep using Get-ChildItem for flexibilities sake. For this example, the batch script would of course work, it's just that you can do so much more with the objects. If you'd ever want to expand on your script, the PowerShell one would be very easy to modify. Granted, the batch script will probably be a lot faster.
|
# ¿ Jun 9, 2012 08:29 |
|
Wicaeed posted:So I saw this posted on Reddit, give a really good overview of Powershell for those trying to learn it, and also gives a lot of good tips on script creation: https://www.youtube.com/watch?v=-Ya1dQ1Igkc Just gave the first day of our internal two day powershell course. Most important commands I taught were Get-Command (in conjunction with filters), Get-Help and Get-Member. With those three, you can find out almost all you need to know or at least find specific terms to google. e: Just watched most of that video, it is really good. I think I am going to change the structure of my course a bit, because of this. Jelmylicious fucked around with this message at 23:27 on Jun 11, 2012 |
# ¿ Jun 11, 2012 16:26 |
|
|
# ¿ Apr 30, 2024 17:56 |
|
Alright, I found something wierd, which is probably just sommething in the datetime format the WMI returns. First, let me lay a little background. To get a the installdate through WMI you can ask it like this: code:
Well, that was helpful. I think I see a 2012 at the beginning, but yeah.... How long is that thing anyway? code:
code:
code:
code:
code:
What I would expect to be 1999-12-31 23:50:12.12345678901 yields 1999-12-25 20:29:12. 4 days, 3 hours and 21 minutes difference! Let's timetravel! change the 1999 to 1899, 'cause I'm oldfashioned: monday 25 december 1899 20:29:12. Exact same difference! Anyone know what's up? Or should I ask in the .NET thread, since the datetime class is technically more their domain. I trust the conversion, I am just intrigued by this all.
|
# ¿ Jun 13, 2012 16:01 |