Skip to content

Create a list of operation system and build version from active directory clients with powershell

So the task was a result of a short question of "Do you know if each windows client got their upgrade?".

It turned out that it was easy to ask this question in powershell to the active directory.

Get-ADComputer -Filter { (Enabled -eq $true) -and (OperatingSystem -notlike "*server*") } -Properties Name,OperatingSystem,OperatingSystemVersion,SID | Format-Table

But, as usual, this results in to much information. Quickly some features where requested. We want to:

  • put this question into a script to ask it in a well defined way over and over again
  • we want to reduced the amount of information
  • we want to be able to filter against operation system
  • we want to filter against build version if more than one build version exists
  • we want to put it to a csv file

I was able to set all feature requests to "done" and more or less, you can find the result here.

Powershell - Compare file hash with existing hash file (checksum, SHA1) to validate binary file integrity

A quick win you should add to your power shell scripts whenever you execute a binary file by doing an integrity check based on checksums.

$pathToBinaryFile = "/your/file.path"
$pathToSha1File = $($pathToBinaryFile + ".sha1")

If (test-path $pathToBinaryFile) {
    $calculatedFileHash = Get-FileHash -LiteralPath $pathToBinaryFile -Algorithm SHA1
    $sha1FileContent = Get-Content $pathToSha1File 

    Write-Host ":: Checking file integrity."
    #we are expecting a sha1 file with one line of content.
    #   this one line should look like:<file name>\t<sha1 sum>
    #we are exploding the expected content by " "
    #   first array entry is <file name>
    #   second array entry is \t
    #   third array entry is <sha1 sum>
    $expectedFileHash = $sha1FileContent.Split(" ")[2]

    If ($expectedFileHash -ne $calculatedFileHash.HASH) {
        Write-Host $("   Binary file integrity check failed. Expected checksum >>" + $expectedFileHash + "<<, current checksum >>" + $calculatedFileHash.HASH + "<<.")
    }
}

A bit more advanced script can be found here in my examples collection.

Create and manage a shadow copy snapshot for windows with powershell

Following my essence about the topic of creating a shadow copy snapshot.

#bo:create shadow copy
$shadowSourceVolume = ($env:SystemDrive + "\")
$shadowDestinationLinkPath = ($env:SystemDrive + "\shadowed_test")

#@see: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/vsswmi/create-method-in-class-win32-shadowcopy#examples
$shadowCopyClass=[WMICLASS]"root\cimv2:win32_shadowcopy";

#create a shadow copy object
$shadowCopyObject = $shadowCopyClass.create($shadowSourceVolume, "ClientAccessible")
#fetch shadow object fron that
$shadowObject = Get-WmiObject Win32_ShadowCopy | Where-Object { $_.ID -eq $shadowCopyObject.ShadowID }
#fetch 
$shadowLinkPath = $shadowObject.DeviceObject + "\"
#eo:create shadow copy

#bo:create link
cmd /c mklink /d $shadowDestinationLinkPath $shadowLinkPath
#eo:create link

#bo: remove shadow link
cmd /c rmdir /S /Q $shadowDestinationLinkPath
#eo: remove shadow link

#bo: delete shadow copy
$shadowObject.Delete();
#Remove-CimInstance -InputObject $shadowObject
#eo: delete shadow copy

#bo: FTL
#list all available shadow copies
#Get-WmiObject Win32_Shadowcopy
#eo: FTL

Most important learned knowledge for me is that I only can create a snapshot of a whole volume.

Simple PowerShell Log Function

Just to share it somewhere with someone, following my powershell basic log function.

Function Log-Message {
    [cmdletbinding()]
    Param (
        [parameter(Mandatory=$true)] [string] $Message,
        [string] $LogLevel = "info"
    )

    $currentDate = Get-Date -Format "yyyyMMdd"
    $currentTime = Get-Date -Format "HHmmss"

    $logMessage = '{0} {1} [{2}]: {3}' -f $currentDate,$currentTime,$logLevel,$message

    $logMessage >> $logFile
}

Enjoy it.