Monthly Archives: January 2014

When did Windows update last run

A question came up on the forum regarding when Windows Update last run and when an update was last installed.  Get-Hotfix shows the date of installation for most BUT not all patches.

The registry holds values showing last successful detection and install:

$props = [ordered]@{
LastDetect = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect' -Name LastSuccessTime |
select -ExpandProperty LastSuccessTime

LastInstall = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install' -Name LastSuccessTime |
select -ExpandProperty LastSuccessTime
}

New-Object -TypeName psobject -Property $props

Win32_OperatingSystem examples

The Win32_ComputerOperatingSystem class can provide a good deal of information about the OS installed on your machines. These examples are converted from those presented here: http://msdn.microsoft.com/en-us/library/aa394596%28v=vs.85%29.aspx

 

# ServicePack version
Get-CimInstance -ClassName Win32_OperatingSystem |
select ServicePackMajorVersion, ServicePackMinorVersion

# install date of OS
Get-CimInstance -ClassName Win32_OperatingSystem |
select Installdate

# Windows version
Get-CimInstance -ClassName Win32_OperatingSystem |
select Caption, Version

# windows folder
Get-CimInstance -ClassName Win32_OperatingSystem |
select WindowsDirectory

# all
Get-CimInstance -ClassName Win32_OperatingSystem |
select Caption, Version, ServicePackMajorVersion,
ServicePackMinorVersion, Installdate, WindowsDirectory

 

You could create a function:

function get-OS {
[CmdletBinding()]
param(
[string]$computername = $env:COMPUTERNAME
)

Get-CimInstance -ClassName Win32_OperatingSystem  -ComputerName $computername|
select Caption, Version, ServicePackMajorVersion,
ServicePackMinorVersion, Installdate, WindowsDirectory

}

 

and then choose properties if required:

£> get-OS | Format-Table Caption, Installdate

Caption                                    Installdate                              
-------                                    -----------                              
Microsoft Windows 8.1 Pro                  05/12/2013 10:16:49                      

£> get-OS


Caption                 : Microsoft Windows 8.1 Pro
Version                 : 6.3.9600
ServicePackMajorVersion : 0
ServicePackMinorVersion : 0
Installdate             : 05/12/2013 10:16:49
WindowsDirectory        : C:\windows


£> get-OS | Format-Table Caption, Service* -AutoSize

Caption                   ServicePackMajorVersion ServicePackMinorVersion
-------                   ----------------------- -----------------------
Microsoft Windows 8.1 Pro                       0                       0

£> get-OS | Format-Table Caption, Installdate -AutoSize

Caption                   Installdate       
-------                   -----------       
Microsoft Windows 8.1 Pro 05/12/2013 10:16:49

Win32_Process examples–running applications

You can see the running processes on a local or remote machine using Get-Process. Alternatively you can use Win32_Process:

Get-CimInstance -ClassName Win32_Process |
select Name, ProcessID, Threadcount, PageFileUsage, PageFaults, WorkingSetSize |
Format-Table –AutoSize

You can use the –ComputerName or –CimSession properties to access the processes on a remote machine.

Other properties are available:

Get-CimClass -ClassName Win32_Process |
select -ExpandProperty CimClassProperties |
Format-Table -AutoSize

Win32_Process examples–test command line

To see the command lines that have been used when processes are started is simple one liner:

Get-CimInstance -ClassName Win32_Process | select Name, CommandLine

If you want to investigate specific processes use the –Filter parameter to restrict the processes

Win32_Examples–start application in hidden window

This one is interesting as I’d tried doing this a while back and failed.  Starting a process with Win32_Process is straightforward but controlling the process – such as starting in a hidden window wasn’t working. This is how you do it:

function start-hiddenproc {
[CmdletBinding()]
param (
[string]$processname = 'notepad.exe'
)

$startclass = Get-CimClass -ClassName Win32_ProcessStartup
$startinfo = New-CimInstance -CimClass $startclass -Property @{ShowWindow = 0} -ClientOnly

$class = Get-CimClass -ClassName Win32_Process
Invoke-CimMethod -CimClass $class -MethodName Create -Arguments @{Commandline = $processname; ProcessStartupInformation = [CimInstance]$startinfo}
}

 

The function takes a path to the process executable as a parameter – would be a good place for a validation script parameter to test the path to the executable.

 

Get the Win32_ProcessStartup class and use it with New-CimInstance to create the start up information. The New-CimInstance parameter –ClientOnly can be aliased to –Local.  I always prefer to use the master parameter name rather than aliases – makes it easier for people to look things up in the documentation.

 

Get the Win32_Process class and use it with Invoke-CimMethod to invoke the Create method with the arguments passed as shown

Winter Scripting Games 2014–event 1 available

The event instructions for event 1 are available for download. Entries will be accepted starting tomorrow. Event will close 26 January 00:00:00 UTC

Win32_Process examples–running scripts

Back in the day when all we had was VBScript you could run scripts through the command line (cscript) or you would get a more graphical interface (wscript).  One of the examples at http://msdn.microsoft.com/en-us/library/aa394599(v=vs.85).aspx shows how to detect running scripts.

I don’t imagine much call for that technique but if you need it – here it is:

Get-CimInstance -ClassName Win32_Process -Filter "Name = 'cscript.exe' OR Name = 'wscript.exe'" |
Format-Table Name, Commandline

You could use a variation to test the command line input to other processes if you need to

Winter Scripting Games 2014–tips

Event 1 is available for download in just over 6 hours

In the mean time head over to powershell.org and look at the fantastic set of tips that the coaches are putting out

Kindle app for Windows 8

I’ve written unfavourably on the Kindle app in the past but I stumbled on an piece of functionality in the app that makes me take a lot of my comments back – search.

If you are in the Kindle app and bring up the charms you can get into search. This means you can search for books within your cloud store – this is especially useful fro me when I have hundreds of books most of which aren’t downloaded onto my Windows device at any one time.

Win32_Process examples

In case you were wondering where the examples came that inspired the code in this series from its here - http://msdn.microsoft.com/en-us/library/aa394599(v=vs.85).aspx

I’m providing PowerShell examples

In some cases it would be easier to use the *Process cmdlets but I want to demonstrate how to use the WMI class