Credentials in the Console

A while back on the Windows PowerShell Team blog, there was a post that describes how to force Get-Credential to prompt for a username and password in the console itself rather than popping up a Windows dialog box asking for a username and password.

The change is a key in the registry, and is permanent, unless of course you change it back to the original setting. The other minor complaint was that the there was no space between where the user needs to type a username and password, and the text prompting for the text.

   1: 119 >  $c = Get-Credential
   3: cmdlet Get-Credential at command pipeline position 1
   4: Supply values for the following parameters:
   5: Credential
   6: PromptForCredential_UserAndy
   7: PromptForCredential_Password********
   9: 120 >

You can see that the "PromptForCredential" and my username - "Andy" just run together. 

You can accomplish this another way with much more control over the user experience and you don't have to hack the registry.

So here is my quick and dirty function. I put in a very basic check to see if someone added their domain or not, and added it if necessary.

   1: function Get-Cred {
   2:     Write-Host "";
   3:     $username = Read-Host "Enter username to access some resource (no domain required)"
   4:     if ($username -notlike "MYDOMAIN\*"){$username = "MYDOMAIN\$username"}
   6:     Write-Host ""
   7:     $password = Read-Host  -AsSecureString "Password to access some resource"
   9:     $credential = New-Object System.Management.Automation.PSCredential($username,$password)
  10:     return $credential
  11: }

And here it is in action:

   1: 130 >  $cred = Get-Cred
   3: Enter username to access some resource (no domain required): andy
   5: Password to access some resource: **************
   6: 131 >
   7: 131 >  $cred.GetNetworkCredential() | fl *
  10: UserName : andy
  11: Password : secretpassword
  12: Domain   : MYDOMAIN

Check a file into Team Foundation Server with PowerShell

We have recently started using Microsoft's Team Foundation Server for our projects. We are using SCRUM for our infrastructure projects (which has been an interesting learning endeavor and quite possibly deserves a blog post of its own sometime in the future)

Anyway, on the infra side, we typically don't use source control.  We use TFS mostly to manage our tasks for each sprint and our backlog items. However, we are starting to use PowerShell more and more in our build guides and giving our ops team PowerShell Scripts for deployments. Its only a matter of time until we will become just as dependent on Source Control as our development team is.

So I figured I would check into this. TFS actually has quite a nice little API that you can use with any .NET language, and so I started looking to see if I could use PowerShell to check in a script. Looks like its not that hard.

You need to install the Visual Studio 2008 SDK to get at the TFS assemblies, but that is not too hard.

In the SDK there are a few example solutions written in C# that show you how the basics for interacting with the API. I used the "VersionControlExample.cs" file and worked on re-writing some of it in PowerShell.

So here is my first crack at New-TFSItem

   1: param (
   2:     [string]$tfsServer = "TFSServerName",
   3:     [string]$tfsLocation = "$/TFS/Project",
   4:     [string]$localFolder ="c:\scripts",
   5:     [string]$file,
   6:     [string]$checkInComments = "Checked in from PowerShell"
   7: )
   8: $clientDll = "C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.TeamFoundation.Client.dll"
   9: $versionControlClientDll = "C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.TeamFoundation.VersionControl.Client.dll"
  10: $versionControlCommonDll = "C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.TeamFoundation.VersionControl.Common.dll"
  12: #Load the Assemblies
  13: [Reflection.Assembly]::LoadFrom($clientDll)
  14: [Reflection.Assembly]::LoadFrom($versionControlClientDll)
  15: [Reflection.Assembly]::LoadFrom($versionControlCommonDll)
  17: #Set up connection to TFS Server and get version control
  18: $tfs = [Microsoft.TeamFoundation.Client.TeamFoundationServerFactory]::GetServer($tfsServer)
  19: $versionControlType = [Microsoft.TeamFoundation.VersionControl.Client.VersionControlServer]
  20: $versionControlServer = $tfs.GetService($versionControlType)
  22: #Create a "workspace" and map a local folder to a TFS location
  23: $workspace = $versionControlServer.CreateWorkspace("PowerShell Workspace",$versionControlServer.AuthenticatedUser)
  24: $workingfolder = New-Object Microsoft.TeamFoundation.VersionControl.Client.WorkingFolder($tfsLocation,$localFolder)
  25: $workspace.CreateMapping($workingFolder)
  26: $filePath = $localFolder + "\" + $file
  28: #Submit file as a Pending Change and submit the change
  29: $workspace.PendAdd($filePath)
  30: $pendingChanges = $workspace.GetPendingChanges()
  31: $workspace.CheckIn($pendingChanges,$checkInComments)
  33: #Delete the temp workspace
  34: $workspace.Delete()

There's probably a cool way to programmatically figure out where the dll's that need to be registered are, but I leave that as an exercise to the reader :)

Stuffing the output of the last command into an automatic variable


/\/\o\/\/ and Joel Bennet both chimed in and provided a much more elegant solution, just override out-default. This is really what I had wanted to do, but didn't know how. Thanks to both /\/\o\/\/ and Joel for your input. Please do check out their comments on this post. But here is the code they provided:

   1: # From /\/\o\/\/
   3: function out-default {
   4:     $input | Tee-Object -var global:lastobject | 
   5:     Microsoft.PowerShell.Utility\out-default
   6: }
   8: # And from Joel 
   9: # In case you are using custom formatting
  10: # You will need to override the format-* cmdlets and then
  11: # add this to your prompt function
  13: if($LastFormat){$LastOut=$LastFormat; $LastFormat=$Null }

A couple of days ago, an intern that is working for us, was helping me with a Powershell script to manage our Hyper V Cluster. The script ran fine but we were querying 7 different computers and then rolling up all the output into a custom object, so the thing took a while to run. It was just long enough to be annoying. During this process, he asked if there was a way to have PowerShell automatically store the output of the last command in a variable automatically.

I first went down the road of using Tee-object,  According to the built-in help,

The Tee-Object cmdlet send the output of a command in two directions (like the letter T). It stores the output in a file or variable, and also sends it down the pipeline. If Tee-Object is the last command in the pipeline, the command output is displayed in the console.

Here's Tee-Object in action

PS C:\> get-process notepad | tee-object -variable note

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
     50       2     1264       6596    60     0.06   6984 notepad

PS C:\> $note

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
     50       2     1264       6596    60     0.06   6984 notepad

PS C:\>

But of course, my Intern (rightfully so) declares this to be unsatisfactory. He wants it to just happen automagically. Picky intern, huh?

Then on the bus ride home this afternoon, I was thinking about Jeffrey's post on Push-Noun. He basically shows us how to set up a loop that goes forever, taking input and executing it only for a specific noun in Powershell.

Considering this, I realized I could do something similar for my issue. So here's the code, stolen from Push-Noun.

function Set-LastObjectAvailable {
while ($TRUE)
    Write-Host "[LASTOBJECT]> " -NoNewLine
    $line = $Host.UI.ReadLine().trim()
    switch ($line)
    "exit"   {return}
    "quit"   {return}
    "?"      {"Just type a command and the output will be displayed and stored in `$lastobject" }
                $Cmd = $_.SubString(1)
                Invoke-Expression $line |Tee-Object -varialbe lastobject | Out-Host
    default  {

                Invoke-Expression $line |Tee-Object -Variable lastobject | out-host

And here it is in action:

PS C:\> Set-LastObjectAvailable
[LASTOBJECT]> get-process notepad

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
     50       2     1264       6600    60            6984 notepad
     52       2     1256       4412    58     0.06  10152 notepad

[LASTOBJECT]> $lastobject

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
     50       2     1264       6600    60            6984 notepad
     52       2     1256       4412    58     0.06  10152 notepad

Just type a command and the output will be displayed and stored in $lastobject
[LASTOBJECT]> gps notepad

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
     50       2     1264       6600    60            6984 notepad
     52       2     1256       4412    58     0.06  10152 notepad

[LASTOBJECT]> $lastobject.count
PS C:\>

This isn't exactly bulletproof. I think I would like to have an automatic variable that stores the output of the last command that was executed, just in case you want to mess with it and you don't want to have to run it again. Basically just override out-host to use a Tee-Object -variable lastcommandoutput or something along those lines.

Sysadmin Meme

Shay Levi called me out with a blog post that was started by Mind of Root.  Just to summarize:

A meme  consists of any unit of cultural information, such as a practice or idea, that gets transmitted verbally or by repeated action from one mind to another.

So here it goes:

How old were you when you started using computers?


What was  your first machine?

The first machine I got to use was an Apple IIE. Later on, my family purchased a Mac IIsi.

What was the first real script you wrote?

This really isn't scripting, but my first introduction to any type of programming was on a Mac in Junior High School where we learned to use Hyper Card. It was basically a computerized flip book, and I had  a guy walk across the screen and open a door.

The first real script was a batch file that ran a bunch of installers silently for a workstation build for our EE building's computer lab in college.

What languages have you used?

  • Powershell
  • VBScript
  • Ruby
  • C# (I'm calling this scripting since you can use inline C# with the new Add-Type Cmdlet in the Powershell V2 CTP2 :) )

What was your first professional Sysadmin gig?

I worked for a small consulting firm called Starr Technologies and we did IT for several Venture Capital firms in Menlo Park, CA.

If you knew then what you know now, would you have started in IT?

Absolutely! I studied Electrical Engineering in college, but transistors, resistors, and capacitors just never really did it for me. My senior year I took a class on Internet communications and haven't turned back sense. Looking back though, I wish I had taken more CS classes though.]

If there is one thing you learned along the way that you would tell new Sysadmins, what would it be?

Two things.

Get involved in the community. This is something I am learning about now. The Powershell community is really the first "online" community I have actively participated in and I am loving it. It is so much easier to learn with people who are passionate about the same things as you are.

Second is find a great mentor whom you can trust. This probably is not your manager, and may not be someone you work with directly. Buy him/her lunch. People rarely turn down free food, even if they are crazy busy. If people like what they do, they would love the opportunity to teach people. I have a mentor for my professional career as well as for my personal life. I also love to teach younger people as well. It's a two way street: always teach, and always be willing to be taught.

What is the most fun you have had scripting?

The best part of scripting is when someone asks you if you can do x, y, or z and you come back to them and say, "Hey, I wrote this little script for you." I love watching their jaw drop after I show them the one or two lines of Powershell I used to make it happen.

Who Am I calling out ?

/\/\o\/\/ - the PowerShell Guy

Marco Shaw

Kirk Munro

Jeffrey Snover

Building Script Cmdlets as objects

I have been using CTP2 on my computers for sometime and I recently came across a situation where I needed a function that would easily accept parameters from the pipeline and also as a standard parameter. This was the perfect excuse to start playing with Script Cmdlets. These things have all kinds of cool attributes that you can use to make your scripts easier to use, which is all wonderfulness.

So I cracked open Powershell and started playing. It took me a little while but I figured out how to convert my function over to a ScriptCmdlet.

But there was a problem. I had to read lots of documentation to figure it out. What I love about Powershell is how it is so discoverable with use of get-member.

Buried in Powershell is something called a CommandInfo object. This object describes a command and what it can do. Wouldn't it be cool if these objects had information about the parameters, whether or not they accepted values from the pipeline, and what position they were in. The list of options goes on and on.

I think the best way to explain is to show some code that could exist.

   1: # Build Up A parameter object
   2: $param.Name = "File"
   3: $param.HelpMessage = "Please Enter a file name"
   4: $param.acceptsValueFromPipeline = $TRUE
   6: # Build a block that will go into the processBlock of the ScriptCmdlet
   7: $scriptblock = "Get-Content `$File"
   9: #Build The CmdLet
  10: $cmdlet.verb = "Get"
  11: $cmdlet.noun = "DemoTextFile"
  12: $cmdlet.p1 = $param # p1 is short for parameter1 in the scriptCmdlet
  13: $cmdlet.beginBlock = "write-host `"Beginning`""
  14: $cmdlet.processBlock = $scriptblock
  15: $cmdlet.endBlock = "write-host `"Ending`""
  16: $cmdlet.Write()

At the very end, the $cmdlet.write() method would write the code for you.

Well, now here comes the fun part (With warnings)

This code was written hacked together and is absolutely not guaranteed to work and I cannot be held liable if it eats your cat or kills your computer. The purpose here is to really see if there would be any interest in furthering this. Eventually i would like to see these properties get added to the System.Management.Automation.FunctionInfo class, or create a new class that inherits from FunctionInfo.

First, we can use Add-Type to create new types with inline C#

   1: Add-Type @"
   2: namespace Getpowershell {
   3:     public class Scriptcmdlet {
   4:         public string noun;
   5:         public string verb;
   6:         public string processBlock;
   7:         public string beginBlock;
   8:         public string endBlock;
   9:         public Getpowershell.Parameter p1;
  10:         public Getpowershell.Parameter p2;
  12:         public string Write() {
  14:             System.Text.StringBuilder sb = new System.Text.StringBuilder();
  15:             sb.Append("Cmdlet " + this.verb + "-" + this.noun + " { \n");
  16:             sb.Append("param (\n");
  17:             sb.Append("[Parameter(\n");
  18:             if (this.p1.acceptsValueFromPipeline == true) { sb.Append("ValueFromPipeline=`$true," +"\n"); }
  19:             if (this.p1.Mandatory == true) { sb.Append("Mandatory,\n"); }
  20:             sb.Append("HelpMessage=\"" + this.p1.HelpMessage + "\"]\n");
  21:             sb.Append("$" + this.p1.Name);
  22:             sb.Append(")\n");
  23:             sb.Append("Begin { \n" + this.beginBlock + "\n}\n");
  24:             sb.Append("Process { \n" + this.processBlock + "\n}\n");
  25:             sb.Append("End { \n" + this.endBlock + "\n}\n}\n");
  26:             return sb.ToString();
  27:         }
  28:     }
  29:     public class Parameter {
  30:             public string Name;
  31:             public bool acceptsValueFromPipeline;
  32:             public string HelpMessage;
  33:             public bool Mandatory;
  34:         }
  36: }
  37: "@

Now I can do this code over again but I need to set up some objects with my new types first.

   1: $cmdlet = New-Object Getpowershell.Scriptcmdlet
   2: $param = New-Object Getpowershell.Parameter
   4: # Build Up A parameter object
   5: $param.Name = "File"
   6: $param.HelpMessage = "Please Enter a file name"
   7: $param.acceptsValueFromPipeline = $TRUE
   9: # Build a block that will go into the processBlock of the ScriptCmdlet
  10: $scriptblock = "Get-Content `$File"
  12: #Build The CmdLet
  13: $cmdlet.verb = "Get"
  14: $cmdlet.noun = "DemoTextFile"
  15: $cmdlet.p1 = $param # p1 is short for parameter1 in the scriptCmdlet
  16: $cmdlet.beginBlock = "write-host `"Beginning`""
  17: $cmdlet.processBlock = $scriptblock
  18: $cmdlet.endBlock = "write-host `"Ending`""
  19: $cmdlet.Write()

In theory, you can run $cmdlet.write() and it will echo out the text for a new Script Cmdlet..

Here is some output from get-member on $cmdlet and $param

   1: PS C:\Users\andys\Desktop> $cmdlet | fl *
   4: noun         : DemoTextFile
   5: verb         : Get
   6: processBlock : Get-Content $File
   7: beginBlock   : write-host "Beginning"
   8: endBlock     : write-host "Ending"
   9: p1           : Getpowershell.Parameter
  10: p2           :
  14: PS C:\Users\andys\Desktop> $param | fl *
  17: Name                     : File
  18: acceptsValueFromPipeline : True
  19: HelpMessage              : Please Enter a file name
  20: Mandatory                : False
  24: PS C:\Users\andys\Desktop> $cmdlet.Write()
  25: Cmdlet Get-DemoTextFile {
  26: param (
  27: [Parameter(
  28: ValueFromPipeline=$true,
  29: HelpMe
ssage="Please Enter a file name"]
  30: $File)
  31: Begin {
  32: write-host "Beginning"
  33: }
  34: Process {
  35: Get-Content $File
  36: }
  37: End {
  38: write-host "Ending"
  39: }
  40: }
  43: PS C:\Users\andys\Desktop>

Known issues:

I have no idea if the Mandatory option will produce proper code for the Cmdlet

Right now it will only support adding one parameter which is the p1 property of the $cmdlet object

Managing Hyper-V with WMI

Dung K Hoang has an excellent series of blog posts on how to manage Hyper-V with WMI.

I have taken a couple of his scripts and built a function that takes input from the pipeline and gives me an object that has three properties, a HostServer, VirtualMachine, and a Switch.

   1: function Get-HyperVInfo {
   2:     begin {
   3:         $VmSwitchinfo = @();
   4:     }
   5:     process {
   6:         $computer = $_
   7:         $ListofVMs = gwmi -namespace root\virtualization Msvm_ComputerSystem -filter "ElementName <> Name" -computer $computer
   8:         $ListofSwitches = gwmi -namespace root\virtualization Msvm_VirtualSwitch -computer $computer
   9:         $ListofSwitchPorts = gwmi -namespace root\virtualization Msvm_SwitchPort  -computer $computer
  10:         foreach ($Switch in $ListofSwitches)
  11: {
  12:             $SwitchGUID = $Switch.Name
  13:             $SwitchDisplayName = $Switch.ElementName
  14:             $PortsOnSwitch = $ListofSwitchPorts | where {$_.SystemName -match $SwitchGUID} 
  16:             foreach ($Port in $PortsOnSwitch)
  17: {
  18:                 $PortPath = $Port.__PATH
  19:                 $ListofConnections = gwmi -namespace root\virtualization Msvm_ActiveConnection -computer $computer
  20:                 $a = $ListofConnections | where {$_.Antecedent -like $PortPath}
  21:                 if ($a -ne $NULL)
  22: {
  23:                     $LANEndPoint = $a.Dependent 
  24:                     foreach ($VM in $ListofVMs)
  25: {
  26:                         $VMGUID = $VM.Name
  27:                         $VMDisplayName = $VM.ElementName
  28:                         if ($LanEndPoint -like "*$VMGUID*")
  29: {
  31:                             $vminfo = "" |Select-Object VirtualMachine ,HostServer, switch
  32:                             $vminfo.Switch = $SwitchDisplayName
  33:                             $vminfo.VirtualMachine = $VMDisplayName
  34:                             $vminfo.HostServer = $_
  35:                             $vmswitchinfo += $vminfo
  37:                         }
  38:                     }
  39:                 }
  40:             }
  41:         } 
  44:     }
  45:     end {
  46:     $vmswitchinfo
  47:     }
  48: }

To use this function you can just do something like this


I have used this script to get a bunch of information on all the VM's in my Hyper V Cluster. Note that this is just using WMI so I can query my Server Core machines that are running Hyper V.

Many Many thanks to Dung for this info. I would not have even been able to get started without his help.

CTP2, Running Console Apps against multiple computers


With CTP2, one of the biggest features is remoting. This works really well when you are running native cmdlets and scriptblocks in runspaces with multiple computers.

For example

function q {$args}
$rs = New-Runspace (q powershell-dev1 powershell-dev2 powershell-dev3)
Invoke-Command -ScriptBlock {hostname} -Runspace $rs

# This will create the following output
PS C:\Users\andys> Invoke-Command -ScriptBlock {hostname} -Runspace $rs

Pretty cool, and you can use the computername property to find out which computer returned which object.

But with commands like ipconfig or netsh that are not native to Powershell, just tacking on the computername property is a little difficult. When you pipe everthing to select-object, format-table, or format-list, which properties do you select.

Under normal circumstances, with say something like Get-Process, you could pipe it to Format-Table Id, Name, WorkingSet.

But with native commands, there are no properties. So here's what you can do.

You can pipe it to select-object and select the whole object using $_ and then also select  $_.ComputerName. The only trick is you have to pass the properties in as scriptblocks,

PS C:\Users\andys> Invoke-Command -ScriptBlock {ipconfig} -Runspace $rs |

select {$_} ,{$_.ComputerName} $_ $_.ComputerName -- --------------- powershell-dev3 Windows IP Configuration powershell-dev3 powershell-dev3 powershell-dev3 Ethernet adapter Local Area Connection: powershell-dev3 powershell-dev3 Connection-specific DNS Suffix . : powershell-dev3 Link-local IPv6 Address . . . . . : fe80::4c04:b... powershell-dev3 IPv4 Address. . . . . . . . . . . : powershell-dev3 Subnet Mask . . . . . . . . . . . : powershell-dev3 Default Gateway . . . . . . . . . : powershell-dev3 powershell-dev3 Tunnel adapter Local Area Connection* 8: powershell-dev3 powershell-dev3 Media State . . . . . . . . . . . : Media discon... powershell-dev3 Connection-specific DNS Suffix . : corp.avanade... powershell-dev3 powershell-dev2 Windows IP Configuration powershell-dev2 powershell-dev2 powershell-dev2 Ethernet adapter Local Area Connection: powershell-dev2

The output is not incredibly wonderful but you can at least easily know which remote computer returned which line of text from the command you executed.

Ping an Array of Computers

I have found on occasion the need to ping a list of computers, whether they be in a text file, an array in Powershell, or a CSV file. It turns out building commands as a string and then executing that string as a command in Powershell is not exactly intuitive.

You need to use invoke-expression -command $cmd where $cmd is the string you want to execute.

So, we can do the following, using my New-Array Function

   1: function new-array {$args}
   2: $servers = new-array powershell-dev1 powershell-dev2 powershell-dev3
   3: $servers | foreach-object {invoke-expression -command "ping -n 1 $_"} 

Using invoke-expression -command you can have an executable and arguments and everything just works. There are situations where you will need to use the back tick character " `" to escape characters.

You can use this technique to execute just about any string that you build using Powershell and variables.

Powershell, WPF, and the Science of Great User Experience

There has been a lot of talk in the last couple weeks about using WPF to build UI's for Powershell. Just to name a few

Powershell Team's Series on WPF

Joel Bennet's Huddled Masses Series on WPF

I think this is great and I can't wait to see what we all come up with.

As we begin to build these graphical tools on top of Powershell, UI and user experience is going to be more and more important.

There is a great presentation over on dnrTV (Dot Net Rocks TV) where Mark Miller and Carl Franklin discuss the Science of Great User Experience. There are some really good nuggets in here that even as Powershell Scripters tweaking WPF, we can think about and use.

Also, if you are developer and use Visual Studio, you really should check out Dev Express's CodeRush. This is the company that Mark works for and they really take User Experience for Visual Studio to the next level. It's awesome.

The intern gets it !

A couple weeks ago we hired an intern. I recently gave him a task to create a bunch of DSN's on some servers. I told him to take some extra time and maybe figure out how to script it, and also let him know that I thought all the info was stored in the registry.

He came back into my office  later on in the day with a big smile exclaiming "This is awesome! Did you know you can navigate the registry just like a file system in Powershell ?"

I just love being there in the moment when the light bulb goes on and someone new "gets" Powershell. Its a beautiful thing!