Monthly Archive


Windows 10

Set active hours

Last time time you saw how to get the current active hours. This is how you set the active hours.

$sb = {
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Name ActiveHoursStart -Value 10 -PassThru
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings -Name ActiveHoursEnd -Value 22 -PassThru

Get-ADComputer -Filter * -Properties OperatingSystem |
where OperatingSystem -like "*Server*" |
select -ExpandProperty Name |
foreach {

Invoke-Command -ComputerName $psitem -ScriptBlock $sb -ArgumentList $psitem -HideComputerName |
select -Property * -ExcludeProperty RunSpaceId


The script block uses Set-ItemProperty to set the start and end of active hours. On Windows server 2016 you’re restricted to a 12 hour span for your active hours. Later Windows 10 builds allow up to 18 hours. I’ve used 10 for the start and 22 for the end to give me the best time spread that matches my activity – you can choose your own hours of course.


Getting the list of systems from AD and running the command remotely is as previously.

Get Active Hours

Windows 10 and Server 2016 (and later) have the concept of active hours. These are the hours you define as working hours in effect. This is how you get active hours for a system

$sb = {

$ahs = Get-Item -Path HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings

$props = [ordered]@{
ComputerName = $computerName
ActiveHoursStart = $ahs.GetValue('ActiveHoursStart')
ActiveHoursEnd = $ahs.GetValue('ActiveHoursEnd')

New-Object -TypeName PSobject -Property $props


Get-ADComputer -Filter * -Properties OperatingSystem |
where OperatingSystem -like "*Server*" |
select -ExpandProperty Name |
foreach {

Invoke-Command -ComputerName $psitem -ScriptBlock $sb -ArgumentList $psitem -HideComputerName |
select -Property * -ExcludeProperty RunSpaceId


The script block reads the registry key that contains the active hours information and outputs and object that contains the computer name, and start and end (in 24 hour clock) of the active hours.


I’m getting the information for all servers in the domain – use the OperatingSystem property on the computer to deselect non-servers. use Invoke-Command to run the command against the remote computer – hide the automatic computer name and runspaceid properties.

Windows update module

A Windows Update module is available on Windows versions 1709 and later. This includes Windows 10 Fall Creators Update, Windows Server 1709 and Windows Insider previews (Server and Client) post the 1709 release.

The module supplies the following cmdlets


The module is a CDXML module based on the root/Microsoft/Windows/WindowsUpdate/MSFT_WUOperations CIM class I discussed in a recent post.

If you’re working with these newer versions of Windows this module makes patching a good bit simpler. It shouldn’t be that much effort to backport the module using the MSFT_WUOperationsSession CIM class available on Windows Server 2016

Windows 10 Fall Creators Update

The Windows 10 fall Creators Update arrived this morning.


After the usual long download, install and then updating bits after I first log on (that last bit is really irritating – thought it was going away) I got into the machine.


First impression is that there are some minor cosmetic changes. Some icons (extensions) appear on the Edge menu bar that I didn’t have before and don’t want now so I have to waste my time undoing changes Microsoft, in their infinite wisdom, have imposed on me because they know better than I do how I want to work!  same with automatically adding the People icon to the taskbar. Stop changing my settings!


So what’s in FCU. Unless you’re a developer – on the surface there’s not a lot to be honest.


For Admins


For developers


Having feature updates every 6 months is a great idea but actually getting something useful would be better. Maybe some of the new features in PowerShell v6 being back ported would be a good one.

You have to laugh

Sometimes things just happen and you have to laugh.

So I decided I wanted to get back to working with the Windows 10 Insider previews (and Windows Server previews). This time I decided to use VMs rather than my working machine so that interruptions were minimised.

I created a new Windows 10 VM and as normal for VMs I set the initial memory to 512MB and used dynamic memory so that the machine could claim more RAM if required. Windows 10 installed with no problems. (Remember this).

I then went into Window Update and signed into the Windows Insider program. After triggering a scan fro updates build 16241 showed up and started downloading. Great.

It tried to install but failed with a message that 2GB of RAM was needed to perform the install!

So I can install from scratch with less than 2GB of RAM but I can’t update the build unless I have 2GB RAM.

Nice piece of joined up thinking there guys.

Sometimes you just have to laugh.

PowerShell Direct failure

PowerShell Direct is introduced with Server 2016/Windows 10. it enables you to create a remoting session from the Hyper-V host to a VM using the VM name or ID. I recent discovered a PowerShell Direct failure that I couldn’t explain until now.

Normally you do this:

PS> New-PSSession -VMName w16cn01 -Credential (Get-Credential w16cn01\administrator)

Id Name    ComputerName  ComputerType  State  ConfigurationName  Availability
-- ----     ------------  ------------    -----  -----------------  ------------
1 Session1       W16CN01  VirtualMachine  Opened                       Available

But on one particular machine I was getting this

PS> New-PSSession -VMName w16as01 -Credential (Get-Credential w16as01\administrator)
New-PSSession : [W16AS01] An error has occurred which Windows PowerShell cannot handle. A remote session might have ended.
At line:1 char:1
+ New-PSSession -VMName w16as01 -Credential (Get-Credential w16as01\adm ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
+ FullyQualifiedErrorId : PSSessionOpenFailed

I couldn’t find an explanation for this particular PowerShell Direct failure

I’ve been working with PowerShell v6 and OpenSSH the last few days and I noticed that the PowerShell directory had been removed from the system path by the installation of one of these pieces of software.

W16AS01 had been the first machine I experimented with PowerShell v6/OpenSSH and it was the first to experience this PowerShell direct failure.

I checked W16AS01 and sure enough the PowerShell folder was missing from the system path. Adding the Powershell folder back onto the path (and restarting the machine for luck) then retrying PowerShell Direct gives:

PS> New-PSSession -VMName W16AS01 -Credential (Get-Credential W16AS01\Administrator)

Id Name            ComputerName    ComputerType    State         ConfigurationName     Availability
-- ----            ------------    ------------    -----         -----------------     ------------
1 Session1        W16AS01         VirtualMachine  Opened                                 Available

Looks like I’ve found a solution for this particular PowerShell direct failure

Updating built in modules

Windows 10 and Server 2016 automatically install a module called Pester which is used for testing code. Its the foundation of Test Driven Development or Behaviour Driven Development using PowerShell.

The version  installed by default is 3.4.0.

Pester is originally an open source module that has been incorporated into Windows. The latest version from the PowerShell Gallery is 4.0.2

Normally you’d use Update-Module to install the new version BUT you didn’t install pester from the gallery using Install-Module so you’ll get a big fat error message.

The answer is to use

Install-Module pester –Force

You might still get an error message about the Pester module not being catalog signed. if you do and still want the latest version then use

Install-Module pester -Force -SkipPublisherCheck

Windows 10 uptime

One of the things that managers seem to be fascinated with is up time. For Windows server operating systems its a fairly simple calculation

PS>  (Get-Date) - (Get-CimInstance -ClassName Win32_OperatingSystem | select -ExpandProperty LastBootUpTime)
Days              : 0
Hours             : 3
Minutes           : 46
Seconds           : 45
Milliseconds      : 465
Ticks             : 136054659217
TotalDays         : 0.157470670390046
TotalHours        : 3.77929608936111
TotalMinutes      : 226.757765361667
TotalSeconds      : 13605.4659217
TotalMilliseconds : 13605465.9217

You can get a bit more precise by using the time the event log service is started as that’s early in the boot sequence while LastBootUpTime really records when the machine is ready to access. If you want to use the event log methodology see

With Windows 10 (actually with Windows 8 or 8.1 as well) this breaks down.

PS> (Get-Date) - (Get-CimInstance -ClassName Win32_OperatingSystem | select -ExpandProperty LastBootUpTime)
Days              : 23
Hours             : 6
Minutes           : 57
Seconds           : 55
Milliseconds      : 371
Ticks             : 20122753718697
TotalDays         : 23.2902242114549
TotalHours        : 558.965381074917
TotalMinutes      : 33537.922864495
TotalSeconds      : 2012275.3718697
TotalMilliseconds : 2012275371.8697

I use my computer a lot but 23 days is a bit excessive even for me.

If we look at the last boot time

PS> Get-CimInstance -ClassName Win32_OperatingSystem | select LastBootUpTime

11/02/2017 10:00:35

You can see the calculation is correct.

This happens because Windows 10 (and 8 and 8.1) don’t fully power down when you do a Shut Down. They enter an extreme sleep state. This is the reason that start up times shrunk so dramatically when Windows 8 was introduced.

So how can you determine when your Windows 10, 8.1 or 8 machine was used.

You might be tempted to look in the System event log – where you’ll find entries like this each time the Windows machine is woken up

PS> Get-EventLog -LogName system -InstanceId 2147489661 | select -First 1 | Format-List
Index              : 8668
EntryType          : Information
InstanceId         : 2147489661
Message            : The system uptime is 1995412 seconds.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {, , , ...}
Source             : EventLog
TimeGenerated      : 06/03/2017 12:17:24
TimeWritten        : 06/03/2017 12:17:24
UserName           :

Unfortunately this takes us back to out 23 days

PS> New-TimeSpan -Seconds 1995412
Days              : 23
Hours             : 2
Minutes           : 16
Seconds           : 52
Milliseconds      : 0
Ticks             : 19954120000000
TotalDays         : 23.0950462962963
TotalHours        : 554.281111111111
TotalMinutes      : 33256.8666666667
TotalSeconds      : 1995412
TotalMilliseconds : 1995412000

Using the event log service start up also gives us the hard power up date

PS> Get-EventLog -LogName system | where{(($_.EventId -eq 6005) -or ($_.EventId -eq 6006)) } | select -First 1 | Format-
Index              : 6275
EntryType          : Information
InstanceId         : 2147489653
Message            : The Event log service was started.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {}
Source             : EventLog
TimeGenerated      : 11/02/2017 10:00:30
TimeWritten        : 11/02/2017 10:00:30
UserName           :

There is an entry in the System event log for when the machine comes out of its power down mode:

PS> Get-EventLog -LogName system -InstanceId 1 | where Message -Like '*low power*' | select -First 1 | Format-List
Index              : 8683
EntryType          : Information
InstanceId         : 1
Message            : The system has returned from a low power state.

Sleep Time: 2017-03-05T22:00:54.261033400Z
Wake Time: 2017-03-06T12:17:26.089189400Z

Wake Source: 0
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {2017-03-05T22:00:54.261033400Z, 2017-03-06T12:17:26.089189400Z, 1245, 1590...}
Source             : Microsoft-Windows-Power-Troubleshooter
TimeGenerated      : 06/03/2017 12:17:28
TimeWritten        : 06/03/2017 12:17:28

so you could calculate uptime as

PS> (Get-Date) - (Get-EventLog -LogName system -InstanceId 1 | where Message -Like '*low power*' | select -First 1 | sel
ect -ExpandProperty TimeGenerated)
Days              : 0
Hours             : 4
Minutes           : 54
Seconds           : 9
Milliseconds      : 174
Ticks             : 176491748155
TotalDays         : 0.20427285666088
TotalHours        : 4.90254855986111
TotalMinutes      : 294.152913591667
TotalSeconds      : 17649.1748155
TotalMilliseconds : 17649174.8155

If you really wanted to you could dig into the log entries and use the sleep and wake times in the message block

PS> Get-EventLog -LogName system -InstanceId 1 | where Message -Like '*low power*' | select -First 1 | select -ExpandPro
perty ReplacementStrings


PS> $rs = Get-EventLog -LogName system -InstanceId 1 | where Message -Like '*low power*' | select -First 1 | select -ExpandProperty ReplacementStrings

From which you can calculate the time the machine was powered down (asleep)

PS> [datetime]$rs[1] - [datetime]$rs[0]
Days              : 0
Hours             : 14
Minutes           : 16
Seconds           : 31
Milliseconds      : 828
Ticks             : 513918281560
TotalDays         : 0.59481282587963
TotalHours        : 14.2755078211111
TotalMinutes      : 856.530469266667
TotalSeconds      : 51391.828156
TotalMilliseconds : 51391828.156

So how much have I been using the machine in the last week

$now = Get-Date
$start = $now.AddDays(-7)

$events = Get-EventLog -LogName system -InstanceId 1 -After $start  |
where Message -Like '*low power*'

$lastevt = $events.Count - 1

## time since last wake up
$usetime = $now - [datetime]$events[0].ReplacementStrings[1]

for ($i=0; $i -lt $lastevt; $i++){

$Sleep = [datetime]$events[$i].ReplacementStrings[0]
$Wake = [datetime]$events[$i+1].ReplacementStrings[1]

$tt = $sleep - $wake

$usetime += $tt



Days              : 2
Hours             : 15
Minutes           : 46
Seconds           : 20
Milliseconds      : 736
Ticks             : 2295807363007
TotalDays         : 2.65718444792477
TotalHours        : 63.7724267501944
TotalMinutes      : 3826.34560501167
TotalSeconds      : 229580.7363007
TotalMilliseconds : 229580736.3007

Calculating Windows 10 uptime isn’t simple but can be done with these techniques

Linux on the desktop

My sense of humour has some quirky moments – as my friends will tell you. Last night I had a lot of time to sit and think (why is a story for another time and place) and it one point a thought about Linux on the desktop struck me.


Back in the 1980s when I worked in seismic exploration and desktop computers were emerging I remember seeing articles at least once every year that “this is the year that Unix takes over the desktop”


This then morphed to “this is the year that Linux takes over the desktop”


Of course neither of these fantasies were actually likely to happen – and I’m deliberately ignoring the Mac OS which is unix based.


However, my thought yesterday was that *nix on the desktop is actually a reality. Windows 10 includes the Bash on Ubuntu on Windows option which brings the bash shell to Windows.

Bet this way of getting *nix on the desktop was ever envisaged. Smile

PowerShell finally the de facto shell

After 10 years PowerShell has become the de facto shell for Windows!


Windows Insider Preview build 14971 released yesterday uses PowerShell instead of cmd.exe as the default shell in Start Menu or File Explorer.



for this and other new features