CDXML: Module Manifest
Published November 30, 2013Last time we created a module using CDXML to wrap the Win32_Bios WMI class. This gave us a cmdlet – Get-Bios. As the intention is to create a number of modules that expose the WMI classes related to hardware we need a module manifest file (.psd1) to load them so that we can take advantage of module auto-loading in PowerShell 3 & 4
Remember – one WMI class per CDXML file and each CDXML file is treated as a module
I find the easiest way to create new manifest is run New-ModuleManifest and give it the full path to the psd1 file you want to create
New-ModuleManifest -Path C:\scripts\Modules\Hardware\Hardware.psd1 –PassThru
You can then open the file in ISE and edit to give this:
#
# Module manifest for module 'Hardware'
#
# Generated by: richard
#
# Generated on: 30/11/2013
#
@{
# Script module or binary module file associated with this manifest.
# RootModule = ''
# Version number of this module.
ModuleVersion = '1.0'
# ID used to uniquely identify this module
GUID = '55512ad7-c2aa-4678-818f-8f19b4f110dd'
# Author of this module
Author = 'Richard'
# Company or vendor of this module
CompanyName = 'Macdui'
# Copyright statement for this module
Copyright = '(c) 2013 Richard. All rights reserved.'
# Description of the functionality provided by this module
# Description = ''
# Minimum version of the Windows PowerShell engine required by this module
# PowerShellVersion = ''
# Name of the Windows PowerShell host required by this module
# PowerShellHostName = ''
# Minimum version of the Windows PowerShell host required by this module
# PowerShellHostVersion = ''
# Minimum version of Microsoft .NET Framework required by this module
# DotNetFrameworkVersion = ''
# Minimum version of the common language runtime (CLR) required by this module
# CLRVersion = ''
# Processor architecture (None, X86, Amd64) required by this module
# ProcessorArchitecture = ''
# Modules that must be imported into the global environment prior to importing this module
# RequiredModules = @()
# Assemblies that must be loaded prior to importing this module
# RequiredAssemblies = @()
# Script files (.ps1) that are run in the caller's environment prior to importing this module.
# ScriptsToProcess = @()
# Type files (.ps1xml) to be loaded when importing this module
# TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
# FormatsToProcess = @()
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
NestedModules = @('Win32_BIOS.cdxml')
# Functions to export from this module
FunctionsToExport = @('Get-Bios')
# Cmdlets to export from this module
CmdletsToExport = '*'
# Variables to export from this module
VariablesToExport = '*'
# Aliases to export from this module
AliasesToExport = '*'
# List of all modules packaged with this module
# ModuleList = @()
# List of all files packaged with this module
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess
# PrivateData = ''
# HelpInfo URI of this module
# HelpInfoURI = ''
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
}
You can cut out the items you don’t need but I prefer to leave them as reminders of the commands.
Once the file is modified – save it back as Hardware.psd1
Start a new PowerShell console and your new module is available for use immediately.
This also means that you can add new CDXML files and test them independently of the module. Once you’re happy with the new functionality you add the appropriate lines to the module manifest.
Posted in CDXML, Modules, PowerShell and CIM, PowerShell and WMI, PowerShell V3, PowerShell v4 | 
Leave a commentCDXML
Published November 30, 2013Its been stated many times that over 60% of the modules in PowerShell 3 & 4 are created using CDXML – objects-over-cmdlets.
This involves taking a WMI class and wrapping it in XML to create a PowerShell module. At this time many admins are running for the door but it really isn’t that difficult.
Most admins will have used the Win32_Bios class
£> Get-CimInstance -ClassName Win32_Bios
SMBIOSBIOSVersion : 090006
Manufacturer : American Megatrends Inc.
Name : BIOS Date: 05/23/12 17:15:53 Ver: 09.00.06
SerialNumber : 5518-5018-0990-2526-2313-2106-44
Version : VRTUAL – 5001223
To create a CDXML file type this in ISE:
<?xml version="1.0" encoding="utf-8"?>
<PowerShellMetadata xmlns="http://schemas.microsoft.com/cmdlets-over-objects/2009/11">
<Class ClassName="ROOT\cimv2\Win32_BIOS">
<Version>1.0</Version>
<DefaultNoun>Bios</DefaultNoun>
<InstanceCmdlets>
<GetCmdletParameters DefaultCmdletParameterSet="DefaultSet">
</GetCmdletParameters>
</InstanceCmdlets>
</Class>
</PowerShellMetadata>
Everything is boiler plate except two lines:
<Class ClassName="ROOT\cimv2\Win32_BIOS">
which shows the namespace and the class you are using
<DefaultNoun>Bios</DefaultNoun>
which sets the NOUN of the PowerShell cmdlet you are producing. The verb is automatically set to GET.
I keep all my scripts in a folder called c:\scripts – this has subfolders by category. I also amend my module path in my PowerShell profile
$env:PSModulePath = "C:\Scripts\Modules;" + $env:PSModulePath
to add the \scripts\modules folder. This folder has all of the module I develop to keep them separate from the Microsoft modules.
I’m creating a module called Hardware that will contain a suite of CDXML files for accessing WMI classes related to hardware.
I saved the XML above to C:\Scripts\Modules\Hardware\Win32_BIOS.cdxml
For testing I change directory the C:\Scripts\Modules\Hardware folder and I can test my new module.
£> Import-Module .\Win32_BIOS.cdxml
£> Get-Command -Module Win32_BIOS
CommandType Name ModuleName
----------- ---- ----------
Function Get-Bios Win32_BIOS
Running Get-Bios produces:
£> get-bios
SMBIOSBIOSVersion : 090006
Manufacturer : American Megatrends Inc.
Name : BIOS Date: 05/23/12 17:15:53 Ver: 09.00.06
SerialNumber : 5518-5018-0990-2526-2313-2106-44
Version : VRTUAL – 5001223
Exactly the same as using Get-CimInstance.
You also get a set of free functionality (meaning you don’t have to do anything)
£> Get-Command Get-Bios -Syntax
Get-Bios [-CimSession <CimSession[]>] [-ThrottleLimit <int>] [-AsJob] [<CommonParameters>]
£> $sess = New-CimSession -ComputerName server02
£> Get-Bios -CimSession $sess
SMBIOSBIOSVersion : 6NET61WW (1.24 )
Manufacturer : LENOVO
Name : Ver 1.00PARTTBLX
SerialNumber : R81BG3K
Version : LENOVO - 1240
PSComputerName : server02
The properties displayed are controlled by the PowerShell formatting system as with most WMI classes. You can display all data:
Get-Bios | Format-List *
Next time we’ll create a module manifest file to enable module auto-loading
Defender Module: Threat Catalog
Published November 30, 2013You can see the threats that defender is testing against
Get-MpThreatCatalog | select SeverityID, ThreatName
You get a long list like this
5 TrojanDownloader:Win32/Agent.A
4 TrojanDownloader:Win32/Holistyc
2 Dialer:Win32/EPlugin
5 Backdoor:Win32/Fxsvc
2 Adware:Win32/Networkone
This is the important one:
Get-MpThreatDetection
You want this to return nothing i.e. no threats found
You can start a scan like this:
Start-MpScan -ScanType QuickScan
A progress bar will show how things are going - again if your machine is clean you won’t get a return
Mac Address
Published November 29, 2013No not where you go for a burger!
I saw a post on the forum about getting the MAC address fro remote machines. The original post was using a fixed filter on NetConnectionID which assumes that all of your machines are configured equally. I think a better approach is to gather all the data
function get-macaddress {
[CmdletBinding()]
param(
[string]$computername = $env:COMPUTERNAME
)
Get-WmiObject -Class Win32_NetworkAdapter -ComputerName $computername -Filter "NetConnectionID LIKE '%'" |
select PSComputerName, Description, NetConnectionID, MACAddress
}
The WMI filter ensures that only adapters with a NetConnectionID are returned.
Once you have the data you can ensure your machines are configured the same
Clearing the Trusted Hosts list
Published November 29, 2013This post rounds out the remoting series and shows you how to clear the trusted hosts list http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/29/powertip-use-powershell-to-clear-the-trusted-hosts-file.aspx
Windows 8.1 Defender module
Published November 29, 2013Windows 8.1 includes a module – Defender for working with the anti-malware engine on the machine. I’m presuming this means Windows Defender only
The starting point is Get-MpComputerStatus
£> Get-MpComputerStatus
AMEngineVersion : 1.1.10100.0
AMProductVersion : 4.3.9600.16384
AMServiceEnabled : True
AMServiceVersion : 4.3.9600.16384
AntispywareEnabled : True
AntispywareSignatureAge : 2
AntispywareSignatureLastUpdated : 27/11/2013 11:14:50
AntispywareSignatureVersion : 1.163.737.0
AntivirusEnabled : True
AntivirusSignatureAge : 2
AntivirusSignatureLastUpdated : 27/11/2013 11:14:50
AntivirusSignatureVersion : 1.163.737.0
BehaviorMonitorEnabled : True
ComputerID : 10EEA25B-DB88-4238-BA5C-C500519F9C56
ComputerState : 0
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : False
NISEngineVersion : 2.1.10003.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 109.17.0.0
OnAccessProtectionEnabled : True
QuickScanAge : 1
QuickScanEndTime : 27/11/2013 21:48:57
QuickScanStartTime : 27/11/2013 21:47:16
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
PSComputerName :
which shows a lot of useful data.
The cmdlet has a CimSession parameter so you can work with remote Windows 8.1 machines. This module isn’t available on Windows 2012 R2.
Other cmdlets include:
Add-MpPreference
Get-MpComputerStatus
Get-MpPreference
Get-MpThreat
Get-MpThreatCatalog
Get-MpThreatDetection
Remove-MpPreference
Remove-MpThreat
Set-MpPreference
Start-MpScan
Update-MpSignature
If you think the output is reminiscent of a WMI class you’re right. The cmdlet is CDXML built from the ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus CIM class
Remoting series
Published November 29, 2013My remoting series on the Scripting Guy blog has finished. The full set of posts is:
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/29/remoting-week-non-domain-remoting.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/28/powertip-remove-powershell-web-access-authorization-rules.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/28/remoting-week-remoting-security.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/powertip-use-powershell-to-discover-certificate-thumbprints.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/remoting-week-configuring-remoting.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/powertip-determine-version-of-wsman-on-remote-computer.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/remoting-week-remoting-sessions-in-powershell.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/powertip-use-powershell-to-find-key-of-wmi-class.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/remoting-week-remoting-recap.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/powertip-use-powershell-to-discover-certificate-thumbprints.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/remoting-week-configuring-remoting.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/powertip-determine-version-of-wsman-on-remote-computer.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/remoting-week-remoting-sessions-in-powershell.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/powertip-use-powershell-to-find-key-of-wmi-class.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/remoting-week-remoting-recap.aspx
PowerShell on Windows RT
Published November 28, 2013PowerShell v4 contains a help file
get-help about_Windows_RT –showwindow
That explains the differences between PowerShell on a full Windows device and on a Windows RT device such as a Surface 2
Get-Process in PowerShell 4
Published November 28, 2013If you use Get-Process in PowerShell v3
£> Get-Process powershell
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
516 17 49436 59220 233 8.86 7100 powershell
PowerShell v4 enables you to see the user account associated with the process
£> Get-Process powershell -IncludeUserName
Handles WS(K) VM(M) CPU(s) Id UserName ProcessName
------- ----- ----- ------ -- -------- -----------
593 214888 823 17.27 2148 MANTICORE\richard powershell
Now we have an easy way to discover who started a process
Capacity planning series finished
Published November 27, 2013My capacity planning series on the Scripting Guy blog finished last week. Didn’t get chance to post about it as I was at Microsoft in Seattle.
Full series and associated powertip postings:
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/18/powertip-compare-the-contents-of-files-with-powershell.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/18/the-admin-s-first-steps-capacity-planning-part-3.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/powertip-use-powershell-to-format-dates.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/the-admin-s-first-steps-capacity-planning-part-2.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/powertip-view-network-statistics-with-powershell.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/the-admin-s-first-steps-capacity-planning.aspx
Enjoy