Archive for the ‘Windows Administration’ Category

Get MAC Address from IP Address

Saturday, March 18th, 2017

I got a call last week from a member of one the other teams where I work.  He asked, “Do you have a script which will resolve a list of IP Addresses to MAC Addresses?” My answer was, “not yet”.  I did a search and found some very convoluted Pinvoke code. I wanted something easier.

When I automate a task, I begin with the manual steps for the task. To get a MAC address from an IP address, I ping the address, then look at the ARP cache. Get-MACFromIP.ps1 does the same thing,  using the inline script method to make the process run in parallel for speed.  It does not require any administrative rights to run, and is an advanced function.  A use example follows, others are in the code help:

I the use WMI ping method to enable name resolution and the return codes.  The script outputs the IP address, DNS Name (if it can be resolved), MAC address, and the verbose level ping reply.  Capture of the output of the ARP table is based on this post, by Joe Keohan.

Script Text

Update GPOs with Newer Version

Wednesday, March 1st, 2017

If you use GPOs to enforce baselines, you may find that your enterprise is moving from version 1.1 to version 1.2 of a GPO.  Unfortunately for you, version 1.1 linked in a dozen places.  Wouldn’t you rather just you search for version 1.1 and replace it with version 1.2?  Use Update-GPOLinks.ps1 to do just that.  The script not only finds all the original links and updates them to the new version, it also keeps the link order.

Script Text

Get All GPOs Linked to an OU

Wednesday, March 1st, 2017

Get-AllGPOsLinkedToOU.ps1 returns a unique list of all GPO’s linked to an OU. You can also run a onelevel or subtree search to get a unique list of linked OUs at or below the selected OU. You are prompted for the domain, and navigate to desired OU.
Script Text

Reset GPO Cache

Wednesday, March 1st, 2017

This script deletes the locally stored copies of GPOs and forces a GPUPdate on a computer. Reset-GPOCache.ps1 works by a remote connection to the registry provider to get the path to the Group Policy\History folder, then deletes the files beneath that path. This ensures a fresh application of group polices.

Script Text

Get Resultant Set of Polices (RSOP) with User Selection

Wednesday, March 1st, 2017

The Get-GPResultantSetOfPolicy cmdlet in the GroupPolicy module of PowerShell has a parameter for a user name.  Often I have no idea who has logged onto the computer.  Get-RSOP.ps1 uses WMI to give you a pick list of users on the remote computer and then passes that to the user parameter of Get-GPResultantSetOfPolicy.

Script Text

Remove Active Directory Delegations

Saturday, February 25th, 2017

Over time, Active Directory delegations tend to accumulate and drift from the standards in the enterprise.  Removing the delegations for a user or group can be slow, especially if you do it manually.  Microsoft has a good article about this process, but none of the methods I found did what I needed.  I wanted a script which could look at all or selected OUs in AD for a delegation, and then delete them all.

Remove-DelegatedOUPermissions.ps1 is an advanced function which can be used to report and remove assigned delegated permissions from OU objects and containers.  You can choose the domain and searchbase, and you can search for full name or partial matches.  For example, if you wanted to report on or delete the delegations for Site1PWAdmins and Site2PWAdmins, you could simply specify “PWAdmins”.  The search is case-insensitive, and you can search for more than one string by separating your search terms with a comma.

This function always creates a log file.  The default name is derived from the domain name, and the default location is the desktop.  The function requires the ActiveDirectory module, but unlike Set-ACL, it can be used to write permissions in another domain.  It supports WhatIf, and a confirmation is required before you commit changes.  Because it is an advanced function, you can use Get-Help for details about use.

Script Text

Get Downtime Using PowerShell

Saturday, February 25th, 2017

I have been having problem with a computer with random reboots, and hanging on restart.  I wanted to know how long the computer had been unavailable.   I decided to use System Event ID 12 as the startup event for the purposes of my calculations.  The script takes these steps: 1) connect to the remote system and get the oldest event from the System Log.  Use this as the earliest start date for queries.  2) Collect all the startup events from user selected date.  3) For each startup event, collect the event immediately previous by record number.  4) Calculate the difference.

Get-DownTime.ps1 is the advanced function which gets the information.  It is the first function I have written which includes A Dot Source Reminder for Advanced Functions.

Script Text

Fix User’s Home Directory Permissions with Take Ownership

Wednesday, February 15th, 2017

Fix-HomeDrivePerms.ps1 is a PowerShell script which attempts to reset folder security when the permissions are really hosed.  It uses a take ownership function, Set-Owner, by Boe Prox, instead of takeown.exe, but does shell out to iCacls.exe.  I wrote this to fix home directories where a user might be logged on with files open a the time, and so it doesn’t rip out the old permissions and replace.

This will require a some editing to run, and this code fragment is set up to do one user folder at a time.  But it might get you going in the right direction.

Script Text

Another User Folder Security Reset Script

Saturday, February 11th, 2017

This simple batch file resets the inheritance on users folders and then grants them “modify” using the builtin icacls.exe.   This script does not address issues which require you to take ownership — I will post one that does that soon.

I added the “echo” command so you can see what it is doing — remove “echo” when you are ready to run it.

Remember that the variable character for batch files is the percentage sign “%” which must be escaped with a second percentage sign inside a batch file. So if you intend to run this from a command line, you would need to use only a single percentage sign for each variable.

PushD does a temporary drive mapping and changes you to the folder. Popd is the undo for PushD. Both are available inside of PowerShell.

The “FOR” command reads like this: For each directory assign the variable %u.  Run iCacls  to reset security, traversing the folders and continuing  on errors.  The expression %~fu expands %u to a fully qualified path name. The semi-colon allows multiple commands to be stacked. The next iCacls command grants the user modify based on the assumption that the username and folder name are the same.  %~du expands %u to a drive letter only – here, the temporary drive you got from the pushd command.

Variable assignments in the batch for command are case sensitive. If you run “FOR /?” from a command line, you will see a long list of interesting things that the tilde modifier can do with a batch variable.

Set Share Folder Icon for Server 2012 and Windows 10

Sunday, February 5th, 2017

I like to look at a folder and know whether or not it is shared. In earlier Windows OS there was a hand overlay which shows you this information. In Server 2012, this indicator has been omitted. Set-SharedFolderIcons.ps1 lets you use the icon of your choosing to restore this hint that a folder is shared.   There is a bit at the bottom of the script which you may edit:

The icon is generated with the Icon Extractor, and is used to preview your choice like this:

Confirm Icon Dialog

The script will enumerate shares, skipping admin shares, and, on a domain controller, it skips Sysvol and NetLogon shares.  The list goes to Out-Gridview, and selected shares get the new icon by editing the desktop.ini file.

Script Text