Some scripts requires to be triggered from elevated powershell prompt based on what is being done in the script. In such cases, generally I use approaches like the one below. It uses a few dotnet classes to determine if the current shell is running in elevated mode or not.

$CurrentLogin = [System.Security.Principal.WindowsIdentity]::GetCurrent()            
 $secprincipal = New-Object System.Security.Principal.WindowsPrincipal($CurrentLogin)            
 $AdminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator            
 $IsAdmin=$secprincipal.IsInRole($AdminRole)            
 if(-not $IsAdmin) {            
    Write-Warning -Message "You are not running the script from 
    non elevated shell. You need elevated shell to complete the tasks in the script"            
    return            
 }            
 write-host "Staring the script execution"

While there is nothing wrong in using code like above, I came across a much nicer and easy way to do it. PowerShell has a key word called #requires which can be used to verify if the script is running from a elevated shell or not.

All you need to do is add the below line to starting of your script.

#requires -runasadministrator

So when such scripts are triggered from non elevated powershell prompt, you will see error message like below and your script execution will not start.

#requries has some more options using which we can verify if the shell is running a particular version of PowerShell or not and you can every verify if certain modules/snapins are imported or not.

You can get full help about requires statement by running command.

Get-Help About_requires

Thanks to PSTips from PowerShell.com for making me learn this. 🙂

Hope this help and happy learning.

In one of my previous posts(https://techibee.com/powershell/how-to-connect-iso-image-file-to-virtual-machine-in-hyper-v-remotely-using-powershell/2306), I showed how to connect a ISO file to Virtual Machine in Hyper-V using PowerShell. This post will help you to identify and remove ISO file from a virtual machine. This works for all versions of Hyper-V(Windows Server 2008 & Windows Server 2012).

If you are just worried about managing VMs in Windows Server 2012 based Hyper-V, then all you need is just a single line. Set-VMDVDDrive cmdlet helps you disconnect a ISO or connect a ISO file. If you are on Windows server 2008, then you need this script. This is actually stripped from my previous post where I am connecting ISO using powershell & WMI.

Windows Server 2012 Hyper-V

Import-Module Hyper-V            
Set-VMDvdDrive -Path $null -VMName Win8

In case if your multiple DVD drives and you want to clear only one of them, then you need to specify the controller ID. Controller number and Controller location you can get from VM properties in Hyper-V Console.

Set-VMDvdDrive -Path $null -ControllerNumber 1 -ControllerLocation 1 -VMName Win8

Windows Server 2008 Hyper-V & Windows Sever 2012 Hyper-V

[cmdletbinding()]            
Param(            
 [string]$VMName,            
 [string]$HyperVServer = $env:ComputerName            
)            
            
$VMMS = Get-WMIObject -Namespace root\virtualization `
      -Class Msvm_VirtualSystemManagementService `
      -ComputerName $HyperVServer `
      -EA Stop            
            
# Get the virtual machine object            
$VM = Get-WMIObject -Namespace root\virtualization `
     -Class MSVM_ComputerSystem `
     -Filter "ElementName='$VMName'"  `
     -ComputerName $HyperVServer `
     -EA Stop            
            
# SettingType = 3 ensures that we do not get snapshots            
$SystemSettingData = $VM.getRelated("Msvm_VirtualSystemSettingData") | where {$_.SettingType -eq 3}            
            
# Get the first DVD drive in the system            
$DVDDrive = $SystemSettingData.getRelated("Msvm_ResourceAllocationSettingData") | where{$_.ResourceType -eq 16} | select -first 1            
            
# Make sure the DVD actually exists            
if ($DVDDrive -eq $null) {            
   Write-Warning "No DVD drive exists on that virtual machine"            
   return            
}            
             
            
# Check to see if there is already media in the DVD drive            
$existingRASD = $SystemSettingData.getRelated("Msvm_ResourceAllocationSettingData") | where {$_.Parent -eq $DVDDrive.__Path}            
            
# If there is media in the drive - eject it            
if ($existingRASD) {            
   $result1 = $VMMS.RemoveVirtualSystemResources($VM, @($existingRASD))            
   if($result1.ReturnValue -eq 0) {            
  Write-Host "Successfully ejected the exiting ISO image"            
   }            
} else {            
 Write-Host "No ISO file is currently connected"            
}

Output:

Hope this helps and happy learning.

WMI Explorer is a very handy tool for understanding and exploring WMI classes & Name spaces in Windows environment. The good thing about this tool is its ability to display instances, properties and methods of a given class. You can explore the WMI classes and namespaces available in other computers as well using this tool.

You can download this tool from here

SAPIEN also has similar tool but its licensed. You can still try the trial version of it. You can download it from http://www.sapien.com/software/wmiexplorer

Last Saturday I attended Singapore PowerShell Saturday #009 event. This is my second PS event(read details of first event here) and what is special for me this time is, I presented on a topic.

“PowerShell and WMI” is the topic I chose since this is very useful for any Windows System administrator and they can straightway try this at work. You can get a copy of my presentation from the links given at the end of the article.

Matt Hitchcock presented on new features in Windows PowerShell V5 and a few PowerShell editors from SAPIEN. His PPT has lot of useful links about various new features in PowerShell V5, I stashed them in favorites for now and will read them soon.

Milton Goh presented on Managing Azure with PowerShell. It’s a kick start for me and will definitely explore this platform as this is the future for IT. I liked the videos she shared and the way he presented. Nice.

There was also a short presentation from Katherine Chen (SEA MVP Lead) overviewing Microsoft Most Valuable Professional Program(a.k.a MVP). It’s informative. Now I know how many MVPs are in Singapore J

After stomach full lunch, the hands-on session started. Below two challenges are given to the participants and they worked hard to show their version of code to complete the challenges. PowerShell script analyser is the judge for analyzing the participant’s code for best practices. It’s a cool tool, you should try it out as well.

1. Read the DHCP IP address, subnet, gateway, DNS servers details from all NICs in a remote server and convert these details to static
2. Write a script that can detect and shout when a USB is plugged or unplugged into the computer.

Overall, it’s a good learning experience. You can download all presentations from below link.

DOWNLOAD

Thanks to Srinivas Addagatla and Satish Manchana (my friends/senior) for being there in the session and their support and encouragement.

If you are in Singapore and would like to join this group, use one of the below handles to subscribe.

• Singapore PowerShell User Group EventBrite Page – follow our posted events
• Singapore PowerShell User Group Facebook Page – Like us to receive updates
• Singapore PowerShell User Group Twitter Page – follow us for updates

Happy learning..

The script posted in this article will help you to mount a ISO file to a Virtual Machine(VM) in Hyper-V running on Windows Server 2012 or Windows Server 2008 R2.

While building a VM in my test lab I was mounting ISO to start the installation. I thought why not mount the ISO using PowerShell and built this script. This script works based on WMI classes in root/Virtualization namespace. So it be used in all version of Hyper-V available in market.

Using this script you can connect ISO to DVD drive in a VM running on remote Hyper-V server as well. This script ejects if there is already a ISO connected via the DVD drive and mounts the ISO you specified.

This script is based on the article written at a MSDN blog from where I grabbed the code and polished it to suite my needs.

[cmdletbinding()]            
Param(            
 [string]$VMName,            
 [string]$HyperVServer = $env:ComputerName,            
 [string]$ISOPath            
)            
            
$VMMS = Get-WMIObject -Namespace root\virtualization `
      -Class Msvm_VirtualSystemManagementService `
      -ComputerName $HyperVServer `
      -EA Stop            
            
# Get the virtual machine object            
$VM = Get-WMIObject -Namespace root\virtualization `
     -Class MSVM_ComputerSystem `
     -Filter "ElementName='$VMName'"  `
     -ComputerName $HyperVServer `
     -EA Stop            
            
# SettingType = 3 ensures that we do not get snapshots            
$SystemSettingData = $VM.getRelated("Msvm_VirtualSystemSettingData") | where {$_.SettingType -eq 3}            
            
# Get the first DVD drive in the system            
$DVDDrive = $SystemSettingData.getRelated("Msvm_ResourceAllocationSettingData") | where{$_.ResourceType -eq 16} | select -first 1            
            
# Make sure the DVD actually exists            
if ($DVDDrive -eq $null) {            
   Write-Warning "No DVD drive exists on that virtual machine"            
   return            
}            
             
            
# Check to see if there is already media in the DVD drive            
$existingRASD = $SystemSettingData.getRelated("Msvm_ResourceAllocationSettingData") | where {$_.Parent -eq $DVDDrive.__Path}            
            
# If there is media in the drive - eject it            
if ($existingRASD) {            
   $result1 = $VMMS.RemoveVirtualSystemResources($VM, @($existingRASD))            
   if($result1.ReturnValue -eq 0) {            
  Write-Host "Successfully ejected the exiting ISO image"            
   }            
}            
            
# Create a new object for a DVD ISO, connected to the DVD drive            
            
$DVDAllocationCapabilities = Get-WMIObject -Class Msvm_AllocationCapabilities `
           -ComputerName $HyperVServer `
           -Namespace root\Virtualization `
           -Filter "ResourceType=21 and ResourceSubType='Microsoft Virtual CD/DVD Disk'" `
           -EA Stop            
                     
$DVDAllocationCapabilities = $DVDAllocationCapabilities.__Path.Replace('\', '\\')            
            
$DVDSettingsData = Get-WMIObject -Class Msvm_SettingsDefineCapabilities `
         -ComputerName $HyperVServer `
         -Namespace root\virtualization `
         -Filter "GroupComponent='$DVDAllocationCapabilities' and ValueRange=0" `
         -EA Stop            
            
$DVDSettingsData = [wmi]$DVDSettingsData.PartComponent            
$DVDSettingsData.Connection = @($ISOPath)            
$DVDSettingsData.Parent = $DVDDrive.__Path            
            
# Add the ISO to the virtual machine            
$result = $VMMS.AddVirtualSystemResources($VM, $DVDSettingsData.GetText(1))            
if($result.ReturnValue -eq 0) {            
 Write-Host "Successfully attached the ISO image $ISOPath to $VMName"            
} else {            
 Write-host "Failed to attach the ISO image $ISOPath to $VMName"            
}            
            
            

Hope this helps & happy learning..

I came across this free ebook while  exploring a few PS articles. It has some valuable information for Windows admins and a practical approach to learn few things.

Download it by clicking on the below link.

PoshNetworking.pdf

This post will help you with a few ESX commands that you can run from ESX console to find out details of storage connected to ESX host. ESX/ESXi can have multiple types of storage like locally connected storage, SAN, NFS, or USB. If you want to find out the size and other details of these storage, then you can use the below command based on your ESX version.

On ESXi 5.x

esxcli storage core device list

This will list all the storage devices attached to a ESX host. The size parameter for each storage drive gives you the storage size in MB.

On ESX/ESXi 4.x

esxcfg-scsidevs -l

This will list all the storage devices attached to a ESX/ESXi4.x host. The size parameter for each storage drive gives you the storage size in MB.

I found some more useful commands while searching for this. You may find these useful.

ESXi5.x

esxcli storage core path list

Generates list of LUN paths that are connected to ESX host. You will find storage device IDs, displayname, and several other information that you generally see in storage section of ESX Configuration tab in VC.

esxcli storage vmfs extent list

Provides list of extents and their details connected to ESX server.

You can refer to http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014953 for some more useful commands.

In this article I will cover a procedure that helps you to find out who has killed a process that you care about.

Often we get this problem. The process we care about closes abruptly and we are not quite sure whether it exited on its own or someone killed it via task manager or using kill (or stop-process). The procedure I am going to discuss will help you in finding out that.

A process in windows environment has 3 possible ways of exit.

1. Process terminating on its own after completion of its work
2. Someone terminating it from task manager or using kill.exe like utilities
3. Process is crashed by OS when it misbehaves

It is easy to determine #3 as we see an application error event in event log when a process crashes. But how to determine the #1 and #2 cases. Process doesn’t log any event in application log when exiting. Also you cannot determine it by using some process trackers like “PowerShell: Track process stop/termination” because it doesn’t tell you who killed the process or it terminated on its own. It just says process exited.

The solution

So what is the solution here? Debugging tool for windows has a nice utility called gflags.exe which can be used to find out this information. After you download and install the Debugging tool for windows, launch gflags.exe from the installation directory. It requires admin privileges to open so be sure to be administrator on the computer where you are launching this.

Follow the below instructions to configure Windows process exit monitoring.

1. Launch gflags.exe from Windows Debugging tool kit installation directory
2. Switch to “Silent Process Exit” tab
3. Type the name of the process that you want to monitor. In my case, I have given notepad.exe
4. Press tab and check the box “Enable silent process exit monitoring”
5. Click OK to complete.

Now open notepad application and close it gracefully (by clicking close button from right top corner) and you will see event log below in Application event log with event ID 3000 from source “Process Exit Monitor”

Now open a notepad application and this time kill the process via task manager. Now you will see a 3001 event ID in application log from the same source.

How to download Debugging tools for windows?

Just do a simple google search and you will be taken to a Microsoft download page. Please note that Debugging tools are part of Windows SDK & Windows Driver Kit download package as well. You need to select Debugging tools for windows during the installation.

How to disable the silent process exit monitoring?

Now that you know how enable silent process exit monitoring. You might also want to know how to disable it after the task is accomplished. It is very easy

1. Launch gflags.exe
2. Switch to “Silent Process Exit” tab
3. Type the name of the process for which you want to disable monitoring
4. Press tab and ensure “Enable silent process exit monitoring” box is unchecked
5. Click OK to disable the monitoring for that process

I showed you how to track process startup using PowerShell in my previous post. Now let us see how to track the process stop or termination using PowerShell.

PowerShell: How to track process startup/new processes

The approach we use for tracking process stop is similar to process startup where we rely on querying WMI class for process termination events. We need to query __InstanceDeletionEvent  WMI class to get details when a process is terminated. The process object returned via $event.SourceEventArgs.NewEvent.TargetInstance is not having process termination date time. I couldn’t find any other way to fetch process termination time so I decided to reduce the polling interval to 2 seconds so that I can rely on event generation time to get nearest value to actual termination time. So when you see the time of termination, expect it to be anywhere within last 2 seconds.

Code:

function Enable-ProcessStopTrace {            
[CmdLetBinding()]            
param(            
)             
$Query = "Select * From __InstanceDeletionEvent within 2 Where TargetInstance ISA 'Win32_Process'"            
$Identifier = "StopProcess"            
$ActionBlock = {            
 $e = $event.SourceEventArgs.NewEvent.TargetInstance            
 write-host ("Process {0} with PID {1} has stopped at {2}" -f $e.Name, $e.ProcessID, $event.TimeGenerated)            
}            
Register-WMIEvent -Query $Query -SourceIdentifier $Identifier -Action $ActionBlock            
            
            
}

Output:

Happy learning..