More details on what we require:
We have a bunch of AD groups that may not be doing anything at all. What we would ideally like to do is somehow search SCCM for any usage of a particular AD group. Like if the group is used as part of a membership query anywhere.
For example I have tried the following in SCCM Powershell to look for any usage of the AD group sccm.minitablets :
Get-CMUserCollectionQueryMembershipRule | Where -Property RuleName -Like "%mini%"
I don't think the above command is of much use, as it has a required parameter that takes a specific collection name, whereas I need to search for any use of sccm.minitablets in any collection or any membership rule query across the board.
Is this even possible?
Was able to find a solution to this, for anyone else who might be interested:
Get-CMUserCollection | Get-CMUserCollectionQueryMembershipRule | Where -Property QueryExpression -Like "*mini*"
Get-CMDeviceCollection | Get-CMDeviceCollectionQueryMembershipRule | Where -Property QueryExpression -Like "*mini*"
Related
I've crafted the command below which listed out the members of a group:
gwmi win32_group -filter 'Name="Administrators"'|%{$_.GetRelated('Win32_UserAccount')} | select Name
The command above works, however, it takes ages to complete, is there a way of fine-tuning the command above so it runs faster?
Please note, I am limited to PowerShell 2.0.
Edit:
Seems like the command above is also querying all DC accounts. How do I only query local users?
Tuning
The slow part in your pipeline is the call of .GetRelated(), because this will evaluate the associations of WMI class instances, which may be huge lists. So you have to be careful and filter as much as possible. You can do it like this:
(Get-WmiObject -Class Win32_Group -Filter "LocalAccount = TRUE and SID = 'S-1-5-32-544'").GetRelated("Win32_Account", "Win32_GroupUser", "", "", "PartComponent", "GroupComponent", $false, $null) | Select-Object -Property Name
Note, that I used the well-known SID of the Administrators group to look for it, because its name may differ in other languages. I also queried for Win32_Account instead of Win32_UserAccount to really return ALL members of the Administrators group which may include other groups and not only user accounts. You may change this according to your needs of course. You can read more about this tuning in this article.
Different approaches
Another approach would be to define everything in one WMI query:
Get-WmiObject -Query "ASSOCIATORS OF {Win32_Group.Domain='$env:COMPUTERNAME',Name='Administrators'} WHERE AssocClass=Win32_GroupUser ResultRole=PartComponent" | Select-Object -Property Name
Further more, you can use the net tool to query the members of the Administrators group:
net localgroup Administrators
Drawback: You have to parse the textual output.
Powershell noob here. I'm trying to create a script that will take a list of users, a list of network shares, enumerate effective permissions for the user/share and output to CSV for audit purposes.
I've had success using GetPACEffectiveAccess from the PowerShellAccessControl Module on Technet gallery to do the enumeration, but am getting completely stuck on how to output this data to CSV how I want it.
The code I have is pretty simple:
$users=gc C:\scripts\users.txt
$shares=gc C:\scripts\shares.txt
foreach ($user in $users) {
foreach ($share in $shares) {
Get-PACEffectiveAccess -Path $share -Principal $user | select-object principal, accessmask, path | Export-Csv C:\scripts\EffectivePermissions\Audit.csv -append -NoTypeInformation}}
Since I have no idea how to do tables on StackOverflow (wow I am bad at this) I have attached a screenshot of the output I am getting from my simple script, and then the output I would like to get.
Any help would be much appreciated!
Thanks
After you gather the data, instead of outputting straight to the csv, you could add it to a two dimensional array, format it the way you'd like, and outfile it to a csv.
Is it possible to create a script that will find all the exchange distribution groups with a certain prefix (say "X_"), and find the users that can "edit" and "delete" this group?
I've managed to use the exchange console shell to return all the groups that start with "X_" with this script (look under this paragraph), and return who is listed as "managed by". But I still need to find the users that can "edit" and "delete" the group..
Get-DistributionGroup -Identity "X_*" |
Format-Table Name, ManagedBy -Auto |
Export-Csv -path "C:\Temp\Distribution Groups\New folder\Distribution Groups.csv" -Encoding ascii -NoTypeInformation
I'm quite new to powershell, but I've done a lot of batch scripting (yay for moving into the 'now!'). I'm trying to re-write my largest accomplishment in batch scripting into powershell, and right off the bat I'm hitting a bit of a wall.
What my original batch script did was install drivers for all of the detected system hardware. It did this by running devcon.exe and doing a search on the output, looking for VEN_ &DEV_ and trying to match it up with a comparison. This took a bit of time on slower computers (i3/Atom/slow AMD).
I stumbled across this command in powershell:
get-wmiobject -class CIM_VideoController PNPDeviceID
It spits out a list which contains just a few bits of info on the display adapter. The line in particular I'd like is the PNPDeviceID. I so far haven't had much luck in finding a way to manupulate the output to list just the VEN_ numbers.
Here's what I'd like to do: Run the command above, manipulate it so I get just the vendor number into one variable and the device number into another variable.
I tried doing this:
get-wmiobject -class CIM_VideoController PNPDeviceID | Select-String -Pattern "PNPDeviceID" -SimpleMatch
The problem I'm having is, it spits out nothing at all. I also have no clue on how to manipulate the output of that line further giving me only the 4 digit identifier of the 'VEN_' or the 'DEV_'.
Would anyone know how to do this?
I mean no disrespect, but this is pretty basic stuff. Have you considered finding a book (even an online one) and reading up on PowerShell? I've heard good things about Learning PowerShell In A Month Of Lunches.
As for your request, to get the four digit ID you could pipe that property's value to a regex match, and then output that match. It could be done like this:
$VidCardID = get-wmiobject -class CIM_VideoController PNPDeviceID | Where{$_.PNPDeviceID -match "VEN_(\d{4})"} | ForEach{$Matches[1]}
That will set $VidCardID to the 4 digit ID for the video card.
You can just do this:
$deviceID = (get-wmiobject -class CIM_VideoController).PNPDeviceID
the output of such objects are allways stored in a property which you can access by dot notation
I need to find TFS work items related to a certain topic in our project.
For that purpose, I tried querying the work items using the query builder in Visual Studio.
Since there are multiple terms I wish to search for, I imagined a query like this:
WHERE (
Priority > 300 AND
(Title.Contains('Dog') OR Title.Contains('Cat') OR Title.Contains('Hamster')))
Now, according to http://msdn.microsoft.com/en-us/library/dd286638.aspx (Section And/Or) one should be able to do that like so:
| Priority| > | 300
And | Title | Contains | Dog
Or | Title | Contains | Cat
Or | Title | Contains | Hamster
But... that does not work as described: as far as I can see, this is treated like
(Priority > 300 AND Title.Contains('Dog')) OR Title.Contains('Cat') OR Title.Contains('Hamster')))
Now that is a bit of a problem for me, because apart from a 'Priority' criterion I also have 8 additional criteria that need to apply to all the matches (Date, State, etc.). And I have not only three possible title matches, but around ten. So that multiplies and I would end up with a query that is terribly long and mostly redundant.
.. or, am I missing something here? Is there another way to express those statements? Or is there even another way to query TFS work items, like another tool?
Thanks!
You need to "Group" your Title clauses together to get the query you expect. Select the three "Title" clauses, Right Click and select "Group Clauses".
Here's a snip of a query I created in VS2012 to do this, but it's the same in 2010.
It will only find work items with a Priority >4 and a Title containing either Crash, Error or Working.