I've hit a little bit of a brick wall here. I have written a rather large PS script that requires the SQLServerProviderSnapin100 and this all works happily.
To run the script I have written a BAT file for the users to run so that they won't have to fiddle around with execuptionpolicy, so it sets it unrestricted calls the script and once the script completes it sets the executionpolicy back to restricted.
The problem I have is that I need the BAT file to detect if the user has the SqlServerProvider100 snapin registered to the 32Bit Powershell or the 64Bit powershell.
I know I could run something like this in powershell
$prov = get-pssnapin -registered | where-object{$_.Name -eq "Sqlserverprovidersnapin100"}
if($prov -eq $null){ <call powershell x86>}else{<call powershell 64Bit>}
But how do I do this in the BAT, or is what I am trying to do even possible?
I hope I making sense to someone who can help me get over this bump! :)
Try these 2 commands:
C:\Windows\Syswow64\WindowsPowerShell\v1.0\powershell.exe "if(Get-PSSnapin -registered "SqlServerCmdletSnapin100" -ea 0){ write-host "sql snapin present in 32bit shell"}"
for 64bit:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "if(Get-PSSnapin -registered "SqlServerCmdletSnapin100" -ea 0){ write-host "sql snapin present in 64bit shell"}"
They will return a pretty message if sql snapin is present.
Ok worked it out!
FOR /F "usebackq delims=" %%i IN (`powershell -command "get-pssnapin -registered | where-object { $_.Name -eq 'sqlserverprovidersnapin100' }"`) DO ( set snapin=%%i )
REM if /i {%snapin:~0,4%}=={%test:~0,4%} (goto :there)
if not defined snapin goto :notthere
(goto :there)
:there
echo %snapin%
pause
exit
:notthere
echo "Not loaded!"
pause
exit
This exercise has taught me two things now: apparently when I was testing against NULL within a BAT, if the value was NULL it would remove the variable and secondly how to pass a PS variable back to BAT.
Related
the below bat files are being called by PowerShell script, however only bat1.bat is executed the others bat2.bat and last.bat are not being called
#first bat
Start-Process "C:\bat1.bat" -Wait
#run second bat
Start-Process "C:\bat2.bat" -Wait
#run last bat
cmd.exe /c '\last.bat'
You r support is highly appreciated
Try using this:
Set-Location C:\temp
Start-Process .\bat1.bat -Wait
Write-Host "bat1.bat DONE"
Start-Process .\bat2.bat -Wait
Write-Host "bat2.bat DONE"
cmd /c .\last.bat
Write-Host "last.bat DONE"
I made the following .bat files:
bat1.bat
#ECHO OFF
ECHO bat1
PAUSE
bat2.bat
#ECHO OFF
ECHO bat2
PAUSE
final.bat
#ECHO OFF
ECHO final
When the PS script was ran, all 3 ran as one would expect.
Putting the Write-Host will show in the console if the previous process finished.
Edit:
I didn't give much explanation before, sorry.
Your issue is that one of the .bat files is not finishing.
The syntax you had should have run bat1.bat and bat2.bat. The "cmd.exe /c "\last.bat" would fail. You need the "c:\last.bat" if you aren't going to set the path to c:. If you did that, you would want ".\last.bat"
To make sure that your script would work, I made 3 basic .bat files whose functions were solely to log a string associated with them. Doing this guaranteed that if anything went wrong, it was with the PS code and not the .bat code.
After verifying your script would run, I made the one I provided. Using Set-location isn't necessary, but I think it makes the code look cleaner. The Write-Host after each process is logging in the PS console that the script is moving on to the next process.
Why not try
CALL "C:\bat1.bat"
CALL "C:\bat2.bat"
\last.bat
and avoid Powersmell altogether?
I would like to know how can I adjust the following code, to kill a specific process (there are multiple processes with the same name), based on its Private Working Set memory usage.
Get-Process myPROCESSNAME -ea 0 | where { $_.PM -le 10MB } | foreach {
$Path = $_.Path
if ($Path) {
Stop-Process $_ -Force
}
}
When I open Task Manager, I can clearly see that the processes that I want to automatically kill are using around 4 MB of RAM, while the ones that I don't want to kill use more than 20MB of RAM.
I've fiddled around with a C# console application, but I was not really able to get the same Memory reading, that I can see thru Task Manager.
Then I realised that Task Manager displays the Private Working Set memory (by default), so that's what I need to filter out the bad processes.
Can this be achieved via a batch/PowerShell script?
In batch you can do it as well.:
#echo off
for /f "tokens=2" %%i in ('tasklist /FI "memusage lt 10000" ^|findstr /i "myPROCESSNAME"') do echo taskkill /PID %%i
This will do a tasklist and get processes with memory usage less than 10000kb (10mb).
We then simply use findstr to fiter on your process (myPROCESSNAME) and then kill the process by its PID.
Note I added echo after do. This is for testing purpose so you can at least see what the command will do without actually perfoming the task. Once you are happy with the result, remove echo to actually perform the taskkill command.
I suggest you read up on some help for the above given commands:
for /?
findstr /?
tasklist /?
taskkill /?
If you really do want the Memory (Private Working Set) you could get that information using powershell with Get-WmiObject:
Get-WMIObject -Class Win32_PerfRawData_PerfProc_Process -Property IDProcess,Name,WorkingSetPrivate | `
Where-Object { $_.Name -Eq 'myPROCESSNAME' -And $_.WorkingSetPrivate -Lt 5242880 } | `
ForEach-Object { ( Get-Process -Id $_.IDProcess ).CloseMainWindow() }
Please note that you may need to check what your Name value is, it is usually the name of the executatble without its .exe extension. In this example, I have used 5MB (i.e. 5242880 bytes) as the minimum size to keep open. Additionally, I have for the purpose of this example used the 'friendly' CloseMainWindow instruction for closing the process, depending upon your process, you may need to change that to something more appropriate.
I have a text file of the format:
computername1 uninstallkey1
computername2 uninstallkey2
...
computername200 uninstallkey200
I am trying to write a startup script (batch file or powershell?) that generates a msiexec command that looks up and implants the correct key for each computer it executes on e.g.:
msiexec /x install.msi key=uninstallkey
If I have not made anything clear, please ask and any help is much appreciated!
#ECHO OFF
SETLOCAL
FOR /f "tokens=1*" %%i IN (yourtextfilename.txt) DO (
IF /i %%i==%COMPUTERNAME% ECHO MSIEXEC /x install.msi key=%%j
)
This should do as you require - yourtextfilename.txt contains the data, presumably on a shared drive; finds the line where the computername in column 1 is the same as the computername returned by %computername% in the target computer's environment.
(all case-insensitive EXCEPT %%i and %%j which must match and be the same case)
Command simply ECHOed - remove the ECHO keyword after verification to activate.
In PowerShell,
$comp = Import-CSV -Delimiter " " -Path C:\comp.txt -Header computername,uninstallkey
$comp | ForEach-Object {
if ($env:COMPUTERNAME -eq $_.Computername) {
Start-Process -FilePath "msiexec.exe" -ArgumentList "/x install.msi key=$_.uninstallkey"
}
}
From inside a batch file, I would like to test whether I'm running with Administrator/elevated privileges.
The username doesn't change when "Run as Administrator" is selected, so that doesn't work.
If there were a universally available command, which has no effect, but requires administrative privileges, then I could run that and check for an error code in order to test for privileges. So far, I haven't found such a command. The commands I have found seem to return a single, non-specific error code, which could indicate anything, and they're prone to failure for a variety of reasons.
I only care about Windows 7, though support of earlier operating systems would be nice.
This trick only requires one command: type net session into the command prompt.
If you are NOT an admin, you get an access is denied message.
System error 5 has occurred.
Access is denied.
If you ARE an admin, you get a different message, the most common being:
There are no entries in the list.
From MS Technet:
Used without parameters, net session displays information about all
sessions with the local computer.
ADDENDUM: For Windows 8 this will not work; see this excellent answer instead.
Found this solution here: http://www.robvanderwoude.com/clevertricks.php
AT > NUL
IF %ERRORLEVEL% EQU 0 (
ECHO you are Administrator
) ELSE (
ECHO you are NOT Administrator. Exiting...
PING 127.0.0.1 > NUL 2>&1
EXIT /B 1
)
Assuming that doesn't work and since we're talking Win7 you could use the following in Powershell if that's suitable:
$principal = new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())
$principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
If not (and probably not, since you explicitly proposed batch files) then you could write the above in .NET and return an exit code from an exe based on the result for your batch file to use.
I like Rushyo's suggestion of using AT, but this is another option:
whoami /groups | findstr /b BUILTIN\Administrators | findstr /c:"Enabled group" && goto :isadministrator
This approach would also allow you to distinguish between a non-administrator and a non-elevated administrator if you wanted to. Non-elevated administrators still have BUILTIN\Administrators in the group list but it is not enabled.
However, this will not work on some non-English language systems. Instead, try
whoami /groups | findstr /c:" S-1-5-32-544 " | findstr /c:" Enabled group" && goto :isadministrator
(This should work on Windows 7 but I'm not sure about earlier versions.)
Pretty much what others have put before, but as a one liner that can be put at the beginning of a batch command. (Well, usually after #echo off.)
net.exe session 1>NUL 2>NUL || (Echo This script requires elevated rights. & Exit /b 1)
The easiest way to do this on Vista, Win 7 and above is enumerating token groups and looking for the current integrity level (or the administrators sid, if only group memberhip is important):
Check if we are running elevated:
whoami /groups | find "S-1-16-12288" && Echo I am running elevated, so I must be an admin anyway ;-)
Check if we belong to local administrators:
whoami /groups | find "S-1-5-32-544" && Echo I am a local admin
Check if we belong to domain admins:
whoami /groups | find "-512 " && Echo I am a domain admin
The following article lists the integrity level SIDs windows uses: http://msdn.microsoft.com/en-us/library/bb625963.aspx
Here's a slight modification of Harry's answer that focuses on elevated status; I'm using this at the start of an install.bat file:
set IS_ELEVATED=0
whoami /groups | findstr /b /c:"Mandatory Label\High Mandatory Level" | findstr /c:"Enabled group" > nul: && set IS_ELEVATED=1
if %IS_ELEVATED%==0 (
echo You must run the command prompt as administrator to install.
exit /b 1
)
This definitely worked for me and the principle seems to be sound; from MSFT's Chris Jackson:
When you are running elevated, your token contains an ACE called Mandatory Label\High Mandatory Level.
the solution:
at >nul
if %ErrorLevel% equ 0 ( echo Administrator ) else ( echo NOT Administrator )
does not work under Windows 10
for all versions of Windows can be do so:
openfiles >nul 2>&1
if %ErrorLevel% equ 0 ( echo Administrator ) else ( echo NOT Administrator )
I read many (most?) of the responses, then developed a bat file that works for me in Win 8.1. Thought I'd share it.
setlocal
set runState=user
whoami /groups | findstr /b /c:"Mandatory Label\High Mandatory Level" > nul && set runState=admin
whoami /groups | findstr /b /c:"Mandatory Label\System Mandatory Level" > nul && set runState=system
echo Running in state: "%runState%"
if not "%runState%"=="user" goto notUser
echo Do user stuff...
goto end
:notUser
if not "%runState%"=="admin" goto notAdmin
echo Do admin stuff...
goto end
:notAdmin
if not "%runState%"=="system" goto notSystem
echo Do admin stuff...
goto end
:notSystem
echo Do common stuff...
:end
Hope someone finds this useful :)
A "not-a-one-liner" version of https://stackoverflow.com/a/38856823/2193477
#echo off
net.exe session 1>NUL 2>NUL || goto :not_admin
echo SUCCESS
goto :eof
:not_admin
echo ERROR: Please run as a local administrator.
exit /b 1
I know I'm really late to this party, but here's my one liner to determine admin-hood.
It doesn't rely on error level, just on systeminfo:
for /f "tokens=1-6" %%a in ('"net user "%username%" | find /i "Local Group Memberships""') do (set admin=yes & if not "%%d" == "*Administrators" (set admin=no) & echo %admin%)
It returns either yes or no, depending on the user's admin status...
It also sets the value of the variable "admin" to equal yes or no accordingly.
Here's a simple method I've used on Windows 7 through Windows 10. Basically, I simply use the "IF EXIST" command to check for the Windows\System32\WDI\LogFiles folder. The WDI folder exists on every install of Windows from at least 7 onward, and it requires admin privileges to access. The WDI folder always has a LogFiles folder inside it. So, running "IF EXIST" on the WDI\LogFiles folder will return true if run as admin, and false if not run as admin. This can be used in a batch file to check privilege level, and branch to whichever commands you desire based on that result.
Here's a brief snippet of example code:
IF EXIST %SYSTEMROOT%\SYSTEM32\WDI\LOGFILES GOTO GOTADMIN
(Commands for running with normal privileges)
:GOTADMIN
(Commands for running with admin privileges)
Keep in mind that this method assumes the default security permissions have not been modified on the WDI folder (which is unlikely to happen in most situations, but please see caveat #2 below). Even in that case, it's simply a matter of modifying the code to check for a different common file/folder that requires admin access (System32\config\SAM may be a good alternate candidate), or you could even create your own specifically for that purpose.
There are two caveats about this method though:
Disabling UAC will likely break it through the simple fact that everything would be run as admin anyway.
Attempting to open the WDI folder in Windows Explorer and then clicking "Continue" when prompted will add permanent access rights for that user account, thus breaking my method. If this happens, it can be fixed by removing the user account from the WDI folder security permissions. If for any reason the user MUST be able to access the WDI folder with Windows Explorer, then you'd have to modify the code to check a different folder (as mentioned above, creating your own specifically for this purpose may be a good choice).
So, admittedly my method isn't perfect since it can be broken, but it's a relatively quick method that's easy to implement, is equally compatible with all versions of Windows 7, 8 and 10, and provided I stay mindful of the mentioned caveats has been 100% effective for me.
Works for Win7 Enterprise and Win10 Enterprise
#if DEFINED SESSIONNAME (
#echo.
#echo You must right click to "Run as administrator"
#echo Try again
#echo.
#pause
#goto :EOF
)
If you are running as a user with administrator rights then environment variable SessionName will NOT be defined and you still don't have administrator rights when running a batch file.
You should use "net session" command and look for an error return code of "0" to verify administrator rights.
Example;
- the first echo statement is the bell character
net session >nul 2>&1
if not %errorlevel%==0 (echo
echo You need to start over and right-click on this file,
echo then select "Run as administrator" to be successfull.
echo.&pause&exit)
Unfortunately, "S-1-5-32-544" that others have suggested is not proof of elevation.
Windows 10 and higher, a language independent approach is:
whoami /groups | find "S-1-16-12288"
this is the "High Mandatory Level", which is actually escalated.
Regular command prompt:
C:\> whoami /groups | find "S-1-16-12288"
C:\>
Administrator command prompt:
C:\> whoami /groups | find "S-1-16-12288"
Mandatory Label\High Mandatory Level Label S-1-16-12288
C:\>
To use in a .bat file:
whoami /groups | find "S-1-16-12288" && set ELEVATED=true || set ELEVATED=false
You can also use this from powershell:
function is_elevated() {
Param( [String] $ToGroup = "S-1-16-12288" )
return [bool] ( whoami /groups | select-string $ToGroup )
}
for example:
PS> cd c:/temp
PS> set-content is-elevated.ps1 "return [bool] ( whoami /groups | sls S-1-16-12288 )"
PS> ./is-elevated.ps1
False
PS> start -verb runas powershell.exe
...
PS C:\Windows\system32> cd \temp
PS C:\temp> ./is-elevated.ps1
True
Thanks Torin Darkflight,
Your method is the only one that work for me on Windows 11.
Here's an example script expanding on your post:
IF EXIST %SYSTEMROOT%\SYSTEM32\WDI\LOGFILES GOTO :Running_As_An_Admin
ECHO You are NOT an Administrator. This command requires admin rights. & Echo: & Echo Quitting......
#TIMEOUT /T 10
goto :QUIT
:Running_As_An_Admin
Echo Do Admin stuff here!!!
:QUIT
I would like to be able to query whether or not a service is running from a windows batch file. I know I can use:
sc query "ServiceName"
but, this dumps out some text. What I really want is for it to set the errorlevel environment variable so that I can take action on that.
Do you know a simple way I can do this?
UPDATE
Thanks for the answers so far. I'm worried the solutions that parse the text may not work on non English operating systems. Does anybody know a way around this, or am I going to have to bite the bullet and write a console program to get this right.
sc query "ServiceName" | find "RUNNING"
Let's go back to the old school of batch programing on windows
net start | find "Service Name"
This will work everywhere...
if you don't mind to combine the net command with grep you can use the following script.
#echo off
net start | grep -x "Service"
if %ERRORLEVEL% == 2 goto trouble
if %ERRORLEVEL% == 1 goto stopped
if %ERRORLEVEL% == 0 goto started
echo unknown status
goto end
:trouble
echo trouble
goto end
:started
echo started
goto end
:stopped
echo stopped
goto end
:end
You could use wmic with the /locale option
call wmic /locale:ms_409 service where (name="wsearch") get state /value | findstr State=Running
if %ErrorLevel% EQU 0 (
echo Running
) else (
echo Not running
)
Thinking a little bit outside the box here I'm going to propose that powershell may be an answer on up-to-date XP/2003 machines and certainly on Vista/2008 and newer (instead of .bat/.cmd). Anyone who has some Perl in their background should feel at-home pretty quickly.
$serviceName = "ServiceName";
$serviceStatus = (get-service "$serviceName").Status;
if ($serviceStatus -eq "Running") {
echo "Service is Running";
}
else {
#Could be Stopped, Stopping, Paused, or even Starting...
echo "Service is $serviceStatus";
}
Another way, if you have significant investment in batch is to run the PS script as a one-liner, returning an exit code.
#ECHO off
SET PS=powershell -nologo -command
%PS% "& {if((get-service SvcName).Status -eq 'Running'){exit 1}}"
ECHO.%ERRORLEVEL%
Running as a one-liner also gets around the default PS code signing policy at the expense of messiness. To put the PS commands in a .ps1 file and run like powershell myCode.ps1 you may find signing your powershell scripts is neccessary to run them in an automated way (depends on your environment). See http://www.hanselman.com/blog/SigningPowerShellScripts.aspx for details
#ECHO OFF
REM testing at cmd : sc query "MSSQLSERVER" | findstr RUNNING
REM "MSSQLSERVER" is the name of Service for sample
sc query "MSSQLSERVER" %1 | findstr RUNNING
if %ERRORLEVEL% == 2 goto trouble
if %ERRORLEVEL% == 1 goto stopped
if %ERRORLEVEL% == 0 goto started
echo unknown status
goto end
:trouble
echo Oh noooo.. trouble mas bro
goto end
:started
echo "SQL Server (MSSQLSERVER)" is started
goto end
:stopped
echo "SQL Server (MSSQLSERVER)" is stopped
echo Starting service
net start "MSSQLSERVER"
goto end
:erro
echo Error please check your command.. mas bro
goto end
:end
I would suggest
WMIC Service WHERE "Name = 'SericeName'" GET Started
or WMIC Service WHERE "Name = 'ServiceName'" GET ProcessId (ProcessId will be zero if service isn't started)
You can set the error level based on whether the former returns "TRUE" or the latter returns nonzero
sc query "servicename" | findstr STATE
for example:
sc query "wuauserv" | findstr STATE
To report what the Windows update service is doing, running/paused etc.This is also for Windows 10. Thank me later.
Try
sc query state= all
for a list of services and whether they are running or not.
I've found this:
sc query "ServiceName" | findstr RUNNING
seems to do roughly the right thing. But, I'm worried that's not generalized enough to work on non-english operating systems.
Just to add on to the list if you are using Powershell.
sc.exe query "ServiceName" | findstr RUNNING
The command below does not work because sc is an alias to Set-Content within Powershell.
sc query "ServiceName" | findstr RUNNING
find also does not work on Powershell for some reason unknown to me.
sc.exe query "ServiceName" | find RUNNING
SERVICO.BAT
#echo off
echo Servico: %1
if "%1"=="" goto erro
sc query %1 | findstr RUNNING
if %ERRORLEVEL% == 2 goto trouble
if %ERRORLEVEL% == 1 goto stopped
if %ERRORLEVEL% == 0 goto started
echo unknown status
goto end
:trouble
echo trouble
goto end
:started
echo started
goto end
:stopped
echo stopped
goto end
:erro
echo sintaxe: servico NOMESERVICO
goto end
:end
I noticed no one mentioned the use of regular expressions when using find/findstr-based Answers. That can be problematic for similarly named services.
Lets say you have two services, CDPUserSvc and CDPUserSvc_54530
If you use most of the find/findstr-based Answers here so far, you'll get false-positives for CDPUserSvc queries when only CDPUserSvc_54530 is running.
The /r and /c switches for findstr can help us handle that use-case, as well as the special character that indicates the end of the line, $
This query will only verify the running of the CDPUserSvc service and ignore CDPUserSvc_54530
sc query|findstr /r /c:"CDPUserSvc$"
Use Cygwin Bash with:
sc query "SomeService" |grep -qo RUNNING && echo "SomeService is running." || echo "SomeService is not running!"
(Make sure you have sc.exe in your PATH.)
I have created one based from above but will show if the service is installed first then get whether it is running or not.
sc query "YourService" | find /i "failed" 2>&1>nul && echo.'YourService Not Installed' || (sc query "YourService"| find /i "running" 2>&1>nul && echo.Yes || echo.No)