Richard Siddaway's Blog

Last time we created a module using CDXML to wrap the Win32_Bios WMI class. This gave us a cmdlet – Get-Bios.  As the intention is to create a number of modules that expose the WMI classes related to hardware we need a module manifest file (.psd1) to load them so that we can take advantage […]

Its been stated many times that over 60% of the modules in PowerShell 3 & 4 are created using CDXML – objects-over-cmdlets. This involves taking a WMI class and wrapping it in XML to create a PowerShell module. At this time many admins are running for the door but it really isn’t that difficult. Most […]

You can see the threats that defender is testing against Get-MpThreatCatalog | select SeverityID, ThreatName You get a long list like this 5 TrojanDownloader:Win32/Agent.A 4 TrojanDownloader:Win32/Holistyc 2 Dialer:Win32/EPlugin 5 Backdoor:Win32/Fxsvc 2 Adware:Win32/Networkone This is the important one: Get-MpThreatDetection You want this to return nothing i.e. no threats found You can start a scan like this: […]

No not where you go for a burger! I saw a post on the forum about getting the MAC address fro remote machines. The original post was using a fixed filter on NetConnectionID which assumes that all of your machines are configured equally. I think a better approach is to gather all the data function […]

This post rounds out the remoting series and shows you how to clear the trusted hosts list http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/29/powertip-use-powershell-to-clear-the-trusted-hosts-file.aspx

Windows 8.1 includes a module – Defender for working with the anti-malware engine on the machine.  I’m presuming this means Windows Defender only The starting point is Get-MpComputerStatus £> Get-MpComputerStatus AMEngineVersion                 : 1.1.10100.0 AMProductVersion                : 4.3.9600.16384 AMServiceEnabled                : True AMServiceVersion                : 4.3.9600.16384 AntispywareEnabled              : True AntispywareSignatureAge         : 2 AntispywareSignatureLastUpdated : 27/11/2013 11:14:50 AntispywareSignatureVersion     : 1.163.737.0 […]

My remoting series on the Scripting Guy blog has finished.  The full set of posts is: http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/29/remoting-week-non-domain-remoting.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/28/powertip-remove-powershell-web-access-authorization-rules.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/28/remoting-week-remoting-security.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/powertip-use-powershell-to-discover-certificate-thumbprints.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/remoting-week-configuring-remoting.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/powertip-determine-version-of-wsman-on-remote-computer.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/remoting-week-remoting-sessions-in-powershell.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/powertip-use-powershell-to-find-key-of-wmi-class.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/remoting-week-remoting-recap.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/powertip-use-powershell-to-discover-certificate-thumbprints.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/27/remoting-week-configuring-remoting.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/powertip-determine-version-of-wsman-on-remote-computer.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/26/remoting-week-remoting-sessions-in-powershell.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/powertip-use-powershell-to-find-key-of-wmi-class.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/25/remoting-week-remoting-recap.aspx

PowerShell v4 contains a help file get-help about_Windows_RT –showwindow That explains the differences between PowerShell on a full Windows device and on a Windows RT device such as a Surface 2

If you use Get-Process in PowerShell v3 £> Get-Process powershell Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName ——-  ——    —–      —– —–   ——     — ———–     516      17    49436      59220   233     8.86   7100 powershell   PowerShell v4 enables you to see the user account associated with the process £> Get-Process powershell -IncludeUserName Handles      WS(K) […]

My capacity planning series on the Scripting Guy blog finished last week. Didn’t get chance to post about it as I was at Microsoft in Seattle. Full series and associated powertip postings: http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/18/powertip-compare-the-contents-of-files-with-powershell.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/18/the-admin-s-first-steps-capacity-planning-part-3.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/powertip-use-powershell-to-format-dates.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/11/the-admin-s-first-steps-capacity-planning-part-2.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/powertip-view-network-statistics-with-powershell.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/the-admin-s-first-steps-capacity-planning.aspx Enjoy