We use powersell command-let invoke-command to execute the command in the remote systems. Invoke-Command is the most used command-let to execute scripts remotely.

To use Invoke-Command, powershell remoting has to be enabled in the remote system. Group policy can be used to deploy this feature in the organization.

One liner to fetch local administrator group details

Invoke-Command -ScriptBlock { Get-LocalGroupMember administrators } -ComputerName pc1, pc2, pc3 | select PSComputerName, Name, SID, PrincipalSource

Result:

PSComputerName Name                 SID                                            PrincipalSource
 -------------- ----                 ---                                            ---------------
 pc1            pc1\Administrator    S-1-5-21-1644265705-1531034170-3899888674-500  Local          
 pc1            pc1\user             S-1-5-21-1644265705-1531034170-3899888674-1002 Local          
 pc2            pc2\Administrator    S-1-5-21-1644265705-1531034170-3899899674-500  Local          
 pc3            pc3\Administrator    S-1-5-21-1644265705-1531034170-3899875674-500  Local  

This one liner will connect to the respective computers mentioned in the ComputerName parameter and lists out the member details. The PrincipalSource shows whether the object belongs to local or domain.

Note: As the script will connect to the remote computers, we need to run it with a user account which has access to these machines.

Get-LocalGroupMember command-let is part of Microsoft.PowerShell.LocalAccounts and was made available from the version Powershell 5.1.

Further details of al commands are documented at https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/?view=powershell-5.1

Script to fetch the local administrator group details

We will now wrap the above one liner to a function with the necessary checks to ensure that the computers are online by checking with a ping request.

function Fetch-LocalAdminMembers
 {
     [CmdletBinding()]
     [Alias()]
     Param
     (
         [Parameter(Mandatory=$true)]
         [String[]]$Computers,
         [Parameter()]
         [pscredential]$Credential
     )
     begin
     {
         #Checking whether the systems are online
         #OnlineComputers variable will have all the computers which responded to ping
         $OnlineComputers = @()
         $Computers | ForEach-Object {
             if(Test-Connection $_ -Count 1 -ErrorAction SilentlyContinue) {
                 $OnlineComputers += $_
             }
         }

     }

     process
     {
         #If credentials are not passed, the script runs in current user context
         if($Credential -eq $null)
         {
             Invoke-Command -ScriptBlock {Get-LocalGroupMember administrators; Start-Sleep -Seconds 2} -ComputerName $OnlineComputers   | select PSComputerName, Name, SID, PrincipalSource
         }
         else
         {
             Invoke-Command -ScriptBlock {Get-LocalGroupMember administrators; Start-Sleep -Seconds 2} -ComputerName $OnlineComputers -Credential $Credential  | select PSComputerName, Name, SID, PrincipalSource
         }
     }

     end
     {
         $OnlineComputers = $Credential = $null
     }
 }

Executing the function

Fetch-LocalAdminMembers -Computers pc1, pc2

Result:

PSComputerName Name                 SID                                            PrincipalSource
 -------------- ----                 ---                                            ---------------
 pc1           pc1\Administrator    S-1-5-21-1644265705-1531034170-3899888674-500  Local          
 pc1           pc1\user             S-1-5-21-1644265705-1531034170-3899888674-1002 Local          
 pc2           pc2\Administrator    S-1-5-21-1644265705-1531034170-3894649674-500  Local          
 pc2           pc2\user2            S-1-5-21-1644265705-1531034170-3894649674-1002 Local  

We can refine the script further for faster execution, If you can identify it, I highly recommend you to comment it with the code snippet.

This will be helpful for the readers and will make this more interactive.

Hope you liked the article and thank you for reading

Last Windows Update Information

We use the com object Microsoft.Update.Session to get the update results.

Below one liner will tell us the previous update search and the last update installation date.

(New-Object -com "Microsoft.Update.AutoUpdate").Results

Output:

LastSearchSuccessDate LastInstallationSuccessDate
--------------------- --------------------------- 
 6/17/2021 3:54:31 AM  6/16/2021 3:57:34 AM

New Windows Update Count

Furthermore, to get the number of updates which are yet to be installed.

$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateupdateSearcher()
$Updates = @($UpdateSearcher.Search("IsInstalled=0").Updates)

#This will give the number of updates yet to install.
$Updates.Title.count 

Pending Operating System Restart

Any pending restart because of previous update can be identified through the registry “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired”

The entry will have a value “true” if the operating system is waiting for a restart which is needed to complete an update.

Windows Update Status

Above codes can be combined to get following information about a computer.

1. LastSearchSuccessDate
2. LastInstallationSuccessDate
3. NewUpdateCount
4. PendingReboot

We can now wrap the script with invoke-command to remote execute in multiple systems

function Get-WindowsUpdateInformation()
 {
     param
     (
         [Parameter()]
         [string[]]
         $ComputerName="localhost"
     )


     $Results = Invoke-Command -ScriptBlock  {     
         $result = (New-Object -com "Microsoft.Update.AutoUpdate").Results     
         $UpdateSession = New-Object -ComObject Microsoft.Update.Session     
         $UpdateSearcher = $UpdateSession.CreateupdateSearcher()     
         $Updates = @($UpdateSearcher.Search("IsInstalled=0").Updates)     
         $PendingReboot = $false     
    
         #Checking pending reboot
         if (Get-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -EA Ignore) { $PendingReboot=$true }     
   
         #Framing the result to a list
         New-Object psobject -Property @{         
              LastSearchSuccessDate = $result.LastSearchSuccessDate         
              LastInstallationSuccessDate = $result.LastInstallationSuccessDate         
              NewUpdateCount = $Updates.Title.count         
              PendingReboot = $PendingReboot     
         } 
     } -ComputerName $ComputerName 

     $Results | Select-Object @{Name="ServerName"; Expression={$_.PSComputerName}}, LastSearchSuccessDate, LastInstallationSuccessDate, NewUpdateCount, PendingReboot
 }
 

Multiple server/computer names can be passed as an array to get the update information, or the server name can also be read from a text file and passed as parameter.

Get-WindowsUpdateInformation -ComputerName testhost1, testhost2

Output:

ServerName LastSearchSuccessDate LastInstallationSuccessDate NewUpdateCount PendingReboot
---------- --------------------- --------------------------- -------------- -------------
 testhost1  6/17/2021 5:31:12 PM  5/16/2021 2:56:21 PM                     1         False
 testhost2  6/16/2021 6:33:22 PM  5/21/2021 4:22:34 AM                     1         False

If you have some better ideas or know other ways of doing this, please comment it. It will be informative for me and for the readers.

Hope you liked this article and thank you for reading

We can leverage the pnputil.exe tool to perform the installation fast and easy.

Consider a scenario of a multiple drivers packed to an iso image. Below script will install all the required drivers.

# Mount the driver iso image
Mount-DiskImage D:\Driver\drivers-windows.iso

# Get the mount point/drive letter, considering that the above one is the only disk mounted
$isoMount = (Get-DiskImage -DevicePath \\.\CDROM0  | Get-Volume).DriveLetter

# Find the inf files and install
Get-ChildItem "$($isoMount):\" -Recurse -Include *.inf | ForEach-Object {
     $_.FullName
     pnputil /add-driver $_.FullName /install 
}

Running the script would update all the drivers which are meant for your system hardware.

Hope you like this article and thank you for reading.

In this article, we will see how to get windows device driver details using PowerShell. Finding driver information is necessary as information gathering prior to software or system upgrades.

WMI class Win32_PnPSignedDriver is used to get the device driver information

#Fetch all properties
Get-CimObject Win32_PnPSignedDriver | fl *

Get-CimInstance Win32_PnPSignedDriver | `
    Select DeviceClass, DeviceID, DeviceName, InfName, DriverVersion, FriendlyName, IsSigned

This would enumerate complete information in the local system.

To get information from multiple systems, the command has to be executed against the respective servers. The server names can be either fetched from active directory or from text file.

The code below will query for IBM SDDDSM driver information from a list of servers in a text file.

$servers = Get-Content "D:\server.txt"

foreach($server in $servers)
{
  
    Get-CimInstance Win32_PnPSignedDriver -ComputerName $server -ErrorAction SilentlyContinue | `
        where {$_.devicename -like "*IBM SDDDSM*"} | `
        select PSComputerName, DeviceClass, DeviceID, DeviceName, InfName, DriverVersion, FriendlyName, IsSigned
    if($Error)
    {
        #Display error if any server fails
        $server + " Error"
        $Error.Clear()
    }
}

Hope this is helpful and thank you for reading.

This article is to demonstrate how to set firewall rule in Windows Operating System using PowerShell.

Windows Firewall has three profiles:

• Domain Profile: Applies to networks where the host system can authenticate to a domain controller
• Private Profile: User assigned profile used to designate private or home networks
• Public Profile: Used to designate public networks, Wi-Fi hotspots etc.

Requirement: Block web access to ADSL modem portal

The requirement is to block ADSL modem web portal for the user. For that we need to create an outbound firewall rule to the modem IP address to port 80 (i.e. to block http traffic)

Step 1: Create a Firewall Rule

New-NetFirewallRule -Name BlockModem_Rule -DisplayName BlockModem_Rule

This will create a rule “BlockModem_Rule” in the inbound rules(default as we have not mentioned the direction)

Step 2: Set the direction

Get-NetFirewallRule -DisplayName BlockModem_Rule | Set-NetFirewallRule -Direction Outbound

This will set the rule as outbound rule

Step 3: Set destination IP address to the rule

Get-NetFirewallRule -DisplayName BlockModem_Rule | Set-NetFirewallRule -RemoteAddress 192.168.1.1

Step 4: Set protocol and destination port

Get-NetFirewallRule -DisplayName BlockModem_Rule | Set-NetFirewallRule -Protocol tcp -RemotePort 80

Step 5: Set the rule action to block the traffic

Get-NetFirewallRule -DisplayName BlockModem_Rule | Set-NetFirewallRule  -Action Block

This will block the traffic which matches to the firewall rule “BlockModem_Rule”

Result:

After setting the firewall rule, we will not be able to browse the modem web portal @ http://192.168.1.1/

Firewall Rule in one line

The same firewall rule as one-liner

New-NetFirewallRule -Name BlockModem_Rule -DisplayName BlockModem_Rule `
-Enabled True -Direction Outbound -Profile Any -Action Block `
-RemoteAddress 192.168.1.1 -Protocol tcp -RemotePort 80

Disable Firewall rule

Get-NetFirewallRule -DisplayName BlockModem_Rule | Set-NetFirewallRule -Enabled False

Delete Firewall rule

Find and remove the firewall rule: BlockModem_Rule

Get-NetFirewallRule -DisplayName BlockModem_Rule | Remove-NetFirewallRule

Thank you for reading this article. Hope this is helpful to you.