When did Windows update last run
Published January 22, 2014A question came up on the forum regarding when Windows Update last run and when an update was last installed. Get-Hotfix shows the date of installation for most BUT not all patches.
The registry holds values showing last successful detection and install:
$props = [ordered]@{
LastDetect = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect' -Name LastSuccessTime |
select -ExpandProperty LastSuccessTime
LastInstall = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install' -Name LastSuccessTime |
select -ExpandProperty LastSuccessTime
}
New-Object -TypeName psobject -Property $props
Win32_OperatingSystem examples
Published January 22, 2014The Win32_ComputerOperatingSystem class can provide a good deal of information about the OS installed on your machines. These examples are converted from those presented here: http://msdn.microsoft.com/en-us/library/aa394596%28v=vs.85%29.aspx
# ServicePack version
Get-CimInstance -ClassName Win32_OperatingSystem |
select ServicePackMajorVersion, ServicePackMinorVersion
# install date of OS
Get-CimInstance -ClassName Win32_OperatingSystem |
select Installdate
# Windows version
Get-CimInstance -ClassName Win32_OperatingSystem |
select Caption, Version
# windows folder
Get-CimInstance -ClassName Win32_OperatingSystem |
select WindowsDirectory
# all
Get-CimInstance -ClassName Win32_OperatingSystem |
select Caption, Version, ServicePackMajorVersion,
ServicePackMinorVersion, Installdate, WindowsDirectory
You could create a function:
function get-OS {
[CmdletBinding()]
param(
[string]$computername = $env:COMPUTERNAME
)
Get-CimInstance -ClassName Win32_OperatingSystem -ComputerName $computername|
select Caption, Version, ServicePackMajorVersion,
ServicePackMinorVersion, Installdate, WindowsDirectory
}
and then choose properties if required:
£> get-OS | Format-Table Caption, Installdate
Caption Installdate
------- -----------
Microsoft Windows 8.1 Pro 05/12/2013 10:16:49
£> get-OS
Caption : Microsoft Windows 8.1 Pro
Version : 6.3.9600
ServicePackMajorVersion : 0
ServicePackMinorVersion : 0
Installdate : 05/12/2013 10:16:49
WindowsDirectory : C:\windows
£> get-OS | Format-Table Caption, Service* -AutoSize
Caption ServicePackMajorVersion ServicePackMinorVersion
------- ----------------------- -----------------------
Microsoft Windows 8.1 Pro 0 0
£> get-OS | Format-Table Caption, Installdate -AutoSize
Caption Installdate
------- -----------
Microsoft Windows 8.1 Pro 05/12/2013 10:16:49
Win32_Process examples–running applications
Published January 20, 2014You can see the running processes on a local or remote machine using Get-Process. Alternatively you can use Win32_Process:
Get-CimInstance -ClassName Win32_Process |
select Name, ProcessID, Threadcount, PageFileUsage, PageFaults, WorkingSetSize |
Format-Table –AutoSize
You can use the –ComputerName or –CimSession properties to access the processes on a remote machine.
Other properties are available:
Get-CimClass -ClassName Win32_Process |
select -ExpandProperty CimClassProperties |
Format-Table -AutoSize
Win32_Process examples–test command line
Published January 20, 2014To see the command lines that have been used when processes are started is simple one liner:
Get-CimInstance -ClassName Win32_Process | select Name, CommandLine
If you want to investigate specific processes use the –Filter parameter to restrict the processes
Win32_Examples–start application in hidden window
Published January 20, 2014This one is interesting as I’d tried doing this a while back and failed. Starting a process with Win32_Process is straightforward but controlling the process – such as starting in a hidden window wasn’t working. This is how you do it:
function start-hiddenproc {
[CmdletBinding()]
param (
[string]$processname = 'notepad.exe'
)
$startclass = Get-CimClass -ClassName Win32_ProcessStartup
$startinfo = New-CimInstance -CimClass $startclass -Property @{ShowWindow = 0} -ClientOnly
$class = Get-CimClass -ClassName Win32_Process
Invoke-CimMethod -CimClass $class -MethodName Create -Arguments @{Commandline = $processname; ProcessStartupInformation = [CimInstance]$startinfo}
}
The function takes a path to the process executable as a parameter – would be a good place for a validation script parameter to test the path to the executable.
Get the Win32_ProcessStartup class and use it with New-CimInstance to create the start up information. The New-CimInstance parameter –ClientOnly can be aliased to –Local. I always prefer to use the master parameter name rather than aliases – makes it easier for people to look things up in the documentation.
Get the Win32_Process class and use it with Invoke-CimMethod to invoke the Create method with the arguments passed as shown
Winter Scripting Games 2014–event 1 available
Published January 18, 2014The event instructions for event 1 are available for download. Entries will be accepted starting tomorrow. Event will close 26 January 00:00:00 UTC
Win32_Process examples–running scripts
Published January 17, 2014Back in the day when all we had was VBScript you could run scripts through the command line (cscript) or you would get a more graphical interface (wscript). One of the examples at http://msdn.microsoft.com/en-us/library/aa394599(v=vs.85).aspx shows how to detect running scripts.
I don’t imagine much call for that technique but if you need it – here it is:
Get-CimInstance -ClassName Win32_Process -Filter "Name = 'cscript.exe' OR Name = 'wscript.exe'" |
Format-Table Name, Commandline
You could use a variation to test the command line input to other processes if you need to
Winter Scripting Games 2014–tips
Published January 17, 2014Event 1 is available for download in just over 6 hours
In the mean time head over to powershell.org and look at the fantastic set of tips that the coaches are putting out
Kindle app for Windows 8
Published January 17, 2014I’ve written unfavourably on the Kindle app in the past but I stumbled on an piece of functionality in the app that makes me take a lot of my comments back – search.
If you are in the Kindle app and bring up the charms you can get into search. This means you can search for books within your cloud store – this is especially useful fro me when I have hundreds of books most of which aren’t downloaded onto my Windows device at any one time.
Win32_Process examples
Published January 17, 2014In case you were wondering where the examples came that inspired the code in this series from its here - http://msdn.microsoft.com/en-us/library/aa394599(v=vs.85).aspx
I’m providing PowerShell examples
In some cases it would be easier to use the *Process cmdlets but I want to demonstrate how to use the WMI class