Overview
Everyone should be aware by now that Windows PowerShell is the latest scripting environment for managing and maintaining Windows servers, workstations and applications. This cube note provides a brief introduction to PowerShell resources and a few commands to get started with.
Where to get Windows PowerShell
If you have Windows Server 2008, you can enable Windows PowerShell as an additional feature. For Windows XP, Windows Vista or Windows Server 2003 you can download it here. The documentation pack for Windows PowerShell is available here.
Providers
PowerShell providers allow the scripting environment to access the APIs of various components through a common interface, much like WMI providers do. A listing of the currently loaded providers can be found using the get-PSProvider command. The resource exposed by PowerShell providers can be accessed like a virtual drive. The get-PSDrive command will list the currently available drives. You can navigate to the drive with the cd <drive>: command (be sure to use the : at the end). You can list the contents of the current virtual drive path with the dir command.
Additional documentation about providers can be found with the command help about_Provider. Type help about_path_syntax for more information about the navigating PowerShell drives.
Cmdlets
PowerShell commands, called cmdlets, are written in a verb-object format. A list of the currently available commands can be found by typing the cmdlet: get-command. In addition to the default cmdlets, additional cmdlets can be added when a new provider is loaded. Custom cmdlets can be written and loaded as part of the user's personal profile.
Type help <any cmdlet name here> to get a description of the cmdlet and the available parameters. You can also type help <cmdlet name> -full to get detailed documentation about the cmdlet.
Aliases
The alias functionality in PowerShell allows users to avoid typing long cmdlets names for commonly used commands. A list of the default aliases can be found by typing get-alias. New, custom aliases can be written using the new-alias cmdlet
Pipelining
The output of most cmdlets is an array of objects that can be piped as the input of a second cmdlet. The | symbol is required to separate cmdlet expressions. The two most common cmdlets that output is piped to are the Where-Object (alias where) and Sort-Object (alias sort).
The Sort cmdlet takes an object's properties as parameters. If a collection of objects is piped to the sort cmdlet, the output can be sorted by one or more properties
Sort Cmdlet Example (try this yourself and note the differences)
· Get-Service
· Get-Service | sort status
· Get-Service | sort status, name
Where Cmdlet Example
The Where cmdlet will filter the output of the preceding cmdlet. It does not remove objects from the collection, but reduces the number of objects displayed. The syntax to filter the Get-Service cmdlet to display only running services would look like this:
Get-Service | Where-object {$_.status -like "running"}
The parameters for the where-object cmdlet is a code block contained by curly braces {}.
The $_ variable is a special built-in variable representing the collection of objects piped from the previous cmdlet.
The .status property of the piped objects is what we will be filtering on.
-like is the comparison operator we are using.
"Running" is the value we are using to filter the .status property.
In my next post we will explore variables, regular expressions, comparison operators and formatting output. The following example will explore code blocks and advanced topics.
Explore on your own:
· Install or enable PowerShell.
· Run the get-PSProvider cmdlet and the get-PSDrive cmdlet to see what is currently available.
· Use the dir and CD commands to navigate the PSDrives on your workstation.
· Type get-command to view the cmdlets currently available. Now type get-command new-* to just view the cmdlets starting with New. How is this different from get-command new*.
· Type help get-WMIObject -full. Observe the available parameters and usage examples. Practice using the cmdlet to explore the some common classes obtained by hardware inventory in SMS.
· What cmdlets are the following aliases for: dir, CD, help, where, sort?
· Pipe the results of the get-alias cmdlet to the sort-object cmdlet to sort by definition. Observe the various aliases for get-childitem and remove-item. Now pipe get-alias to the where-object cmdlet to filter by definitions ending with the string -object and then pipe that to the sort-object cmdlet.
Additional PowerShell resources
· Windows Powershell home page
· Scripting with Windows Powershell
· Sample Powershell Scripts for managing servers and applications
Richard Pesenko | Support Escalation Engineer
A question I get asked every now and then that doesn't seem to be particularly well documented is whether SMS 2003 supports renaming of the domain or domain migration. While technically two different things, the short answer is no, we do not support changing the domain name that SMS 2003 is installed into.
Page 235 of the Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment doc says:
Caution:
To change the domain name and the computer name after SMS is installed, you must remove your installation of SMS, change the names, and then reinstall SMS. To avoid this time-consuming task, consider this information carefully before you enter it.
For the long answer, see the notes below:
- If SMS primary or secondary sites exist in the domain that is being renamed, SMS will have to be uninstalled and then reinstalled with the new domain name. You will not be able to restore the existing SMS database after reinstallation - you will have to start with a clean database.
- If the domain being renamed is part of an SMS site but has no primary or secondary sites located in it (only logon servers and clients), the domain should be removed from the site prior to the name change and added back into the site after the change.
- If you are running Internet Information Server, you might need to change the account specified in virtual paths.
SMS client and SMS sever components pass only NetBIOS names to the operating system for resolution. SMS never uses fully qualified domain names. If a computer’s common name is the same as its NetBIOS name, and DNS is configured appropriately, you can manually resolve the common name to an IP address with the Net Use command. In this case, SMS will operate properly without WINS.
Hope this helps,
J.C. Hornbeck | Manageability Knowledge Engineer
We have received several customer reports describing problems with Wake on LAN – specifically the symptom of machines not waking up. There are two specific issues to be aware of that can contribute to this symptom (other than machines not being capable of or configured for Wake on LAN).
First, there is a recently diagnosed issue which results in only 31 machines receiving the Magic Packet. This affects both Unicast and Subnet Directed Wake on LAN traffic.
The tell-tale log entries can be seen in wolmgr.log on the site server:
//
Failed to add data record to message.
31 client network data processed.
//
Note that the ‘Failed to add…” message may be repeated multiple times, always ending with the “31 client…” entry.
Our Sustained Engineering team is currently working on a code change (hotfix) to address this for the RTM release. We’re also working to roll it into SP1 but as we’re very late in the development cycle, it could end up as a post-SP1 fix as well. Once the KB article associated with this is ready we’ll update this blog entry with the article ID and a link.
Second, there is a more general network limitation that we now expose with our Unicast implementation and machines on remote (from the site server) subnets. This is mentioned in other documentation but we wanted to review it here. This is not as prevalent with machines in the same subnet as the site server, and doesn’t occur with subnet directed broadcasts.
The issue is that a Unicast Magic Packet may have been sent, but the machine – again assuming all configurations are correct - still doesn’t wake up if powered off (S5 power state). This is because the MAC address of the target machine is no longer in the ARP cache of its local router. Without that data being present in the ARP cache, the router doesn’t know how to reach the machine. Since it is powered off, it won’t respond to the ARP request sent from that router. Even with a couple of retries from the site server, the machine still won’t wake up and the router will give up due to the target being unreachable.
The time to live (TTL) for data in the ARP cache of a router will vary depending on the network environment. The lower the TTL, the more prevalent this symptom will become. To avoid this issue, the TTL should be at least as large as the typical time interval between when a computer is powered off and when the WoL magic packet is sent for an off-hours update or other operation. If you want to lengthen the ARP cache life, check your router manufacturer documentation for instructions on how to increase the ARP TTL.
Within the confines of our architecture today this isn’t something that we can readily program around. In other words, there isn’t a ‘hotfix’ that could change this; it’s inherent in the networks themselves when combined with our approach to WoL.
There are larger scale changes that could be made to the product, and those are being investigated, however the time frame to release something of that scale would likely be the next version of the product (SCCM v5).
For machines that are in a Standby or Hibernate (S1/3/4) power state and have a fairly modern Network controller, they can be configured to wake on that ARP request from the router. Depending on the make/model of the NIC this could be seen as “Wake on ARP” or “Wake on Network Access” for example. To enable this may require additional configuration in the advanced properties of the NIC, as well as in its power management properties. More detailed documentation on this topic will be forthcoming this summer.
Brian Huneycutt | System Center Sustained Engineering
For a long time we've been trying to cover most System Center and WSUS related support news on the same blog (here) but since Windows Server Update Services is becoming such a large part of our business I think it's about time we spun it off on its own blog. My hope is that we can keep the ConfigMgr 2007, OpsMgr 2007, SMS 2003 and MOM 2005 stuff segregated here and keep all the WSUS stuff on the new blog so if you use both it may be a little more work keeping up with two separate feeds, but in the long run I think it'll allow us to get more information out and help you find what you're looking for easier and faster.
So regardless of the variety of WSUS you use, I invite you to subscribe to our new feed at http://blogs.technet.com/sus. It may be another week or two before we're able to get up to speed with the posts but be patient with us, and if you have any suggestions please feel free to pass them my way.
J.C. Hornbeck | Manageability Knowledge Engineer
One question that seems to pop up every now and then is how to create a query based collection based on Security or Distribution Group Membership. The bottom line is you need to use the domain name followed by double backslashes then the group name: DomainName\\Groupname. Note that the double backslashes not a typo but a requirement.
So basically if you create a new Collection and import this query statement it should work fine regardless of security or distribution group. Alter the below to match your domain and group name.
If you right click the computer that you want to add in All Systems you can see the values for SystemGroupName that are available, they are defined by SystemGroupName(0) through (WhateverNumber) but you do not need to add the (#) in the query.
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where SystemGroupName = "buzdo2k3\\DISTGRP1"
Below is the same for Users Distribution or Security Group:
select SMS_R_User.ResourceID,SMS_R_User.ResourceType,SMS_R_User.Name,SMS_R_User.UniqueUserName,SMS_R_User.WindowsNTDomain from SMS_R_User where UserGroupName = "buzdo2k3\\distgrp1"
More Information regarding AD System Group Discovery:
Active Directory System Group Discovery: The Active Directory System Group Discovery method polls an Active Directory domain controller to discover system groups for computer systems that are discovered by other discovery methods and
assigned to the SMS site. In this way, Active Directory System Group Discovery enhances the discovery data of other discovery methods. If a resource is not assigned to an SMS site, Active Directory System Group Discovery does not discover
system group information for that resource. The Active Directory System Group Discovery method gathers discovery
information about:
- Organizational unit
- Global groups
- Universal groups
- Nested groups
- Other non-security groups such as Windows distribution groups
The Active Directory domain can be in mixed mode or native mode. You specify the containers to be polled (such as specific domains, organizational units, or user groups), and SMS routinely polls the containers (and, optionally, their child containers) for the system groups. You can also adjust the schedule of the polling. SMS must have Read access to the containers that you specify for Active Directory System Group Discovery by using the SMS Service account or the site server computer account, depending on the security mode in which SMS is running.
Hope this helps,
Buz Brodin | Support Escalation Engineer
We recently released the System Center Essentials 2007 Technical Walkthrough CD which is an interactive self-paced learning tool that explains the process of installing and operating Essentials 2007.
If you ever thought about System Center Essentials and whether it fit the needs of your organization, this is a great place to start. To download the ISO and for more information see http://www.microsoft.com/downloads/details.aspx?FamilyID=ab5e0352-dd5a-4bb6-b24a-ea9d91804f4f&DisplayLang=en.
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
We recently released the very cool System Center Operations Manager 2007 SCW Roles and Security Hardening Guide for Windows Server 2003 and a brief description and download link is below. Check it out:
========
Brief Description: The Operations Manager 2007 SCW Roles and Hardening guide help protect and harden your Operations Manager 2007 environment.
Overview: The Operations Manager 2007 Security Configuration Wizard (SCW) Roles and Security Hardening guide can be used to help further protect and harden your Operations Manager 2007 environment in conjunction with the SCW on Windows Server 2003 by closing or disabling unnecessary ports and services reducing the overall attack surface.
Feature Bullet Summary:
The Operations Manager 2007 SCW Roles contain hardening definitions for:
- System Center Operations Manager 2007 Management Server
- System Center Operations Manager 2007 Root Management Server
- System Center Operations Manager 2007 Agent
It also contains additional hardening option for:
- System Center Operations Manager 2007 Audit Collector
- System Center Operations Manager 2007 Audit Forwarder
- System Center Operations Manager 2007 SysLog Reader
- System Center Operations Manager 2007 Agent Push Install And Repair
- System Center Operations Manager 2007 Agentless Exception Monitoring
- System Center Operations Manager 2007 CEIP
- System Center Operations Manager 2007 Connector Framework
For more information and to download see http://www.microsoft.com/downloads/details.aspx?FamilyID=244512ab-7419-4c93-8046-9c8e47e0f780&DisplayLang=en.
J.C. Hornbeck | Manageability Knowledge Engineer
We had a couple new Knowledge Base articles for the week, including one for System Center Configuration Manager 2007 and another for System Center Mobile Device Manager. Links and titles are below:
========
http://support.microsoft.com/?kbid=949767
When you use PXE to run a task sequence on a System Center Configuration Manager 2007 client computer, the task sequence does not run
Sys Center Config Manager 2007 AL
EN-US
http://support.microsoft.com/?kbid=952338
When you extract files from MDM 2008 Resource Kit Client Tools or from MDM 2008 Resource Kit Server Tools, you may no longer be able to start or restart the server
Sys Ctr Mobile Dvc Mgr 2008 EN
EN-US
========
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
Here's another common issue you might run into. This one causes the agent setup to fail due to a missing WMI class:
========
Issue: The installation of the Operations Manager 2007 Agent may fail and you may see the following in the
setup log on the client:
InstallMOF: Custom Action Data. C:\Program Files\System Center Operations Manager 2007\mom_tracing.mof
CompileMOF: CompileFile() failed. Error Code: 0x80041001. C:\Program Files\System Center Operations Manager 2007\mom_tracing.mof
MSI (s) (A4!24) [10:32:27:030]: Product: System Center Operations Manager 2007 Agent -- Error 25218.Failed to uninstall SDK MOF. Error Code: -2147217407 (IDispatch error #3585).
Error 25218.Failed to uninstall SDK MOF. Error Code: -2147217407 (IDispatch error #3585).
You may also see the following event logged:
Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 10005
Description: Product: System Center Operations Manager 2007 Agent -- Error 25205.Failed to uninstall SDK MOF. Error Code: -2147217407 (IDispatch error #3585).
Cause: This can occur if the EventTrace class is missing from the root\wmi namespace on the client.
Resolution: To resolve this issue, copy mom_tracing.mof from Program Files\System Center Operations Manager 2007 on a working machine to the same directory on the affected machine. Then on the affected machine run:
mofcomp mom_tracing.mof
This will most likely lead to an error looking for the EventTrace class in WMI which the mom_tracing.mof is dependent upon. This can be verified by running wbemtest and connecting to Root\WMI, then doing a recursive Enum of the classes and looking for EventTrace as a class.
To fix the error copy *.mof and *.mfl over from the windows\system32\wbem directory on a working machine to the same directory on the affected machine. Then open a command prompt, switch to the windows\system32\wbem dir and run the following command:
For /f %s in ('dir /b *.mof *.mfl') do mofcomp %s
Lastly, restart the WMI service and the agent should install successfully.
Hope this helps!
Adrian Doyle | Support Escalation Engineer
We have a couple updates to the old tried and true docs you might be interested in. The updated docs and what's new or added are below:
========
Security Guide (April Update) - http://www.microsoft.com/downloads/details.aspx?FamilyID=d826b836-59e5-4628-939e-2b852ed79859&DisplayLang=en
New topics in this release:
- Using a Firewall in Operations Manager 2007
- Setting up Communications Across a Domain – Workgroup Boundary
- How to Set the Action Account on Multiple Computers in Operations Manager 2007
Updated topics in this release:
- Security Considerations for Agentless Management in Operations Manager 2007
Report Authoring Guide (April Update) - http://www.microsoft.com/downloads/details.aspx?FamilyID=d826b836-59e5-4628-939e-2b852ed79859&DisplayLang=en
- Feb 29 - Corrected the syntax of the query to create a custom report
- Apr 11 - Clarified the procedures available in the scenario to create and publish a report.
Operations Guide (April Update) - http://www.microsoft.com/downloads/details.aspx?FamilyID=d826b836-59e5-4628-939e-2b852ed79859&DisplayLang=en
- Mar 15 - Updated the ‘How to Promote a Management Server to a Root Management Server Role in Operations Manager 2007’ topic in the ‘Updates to the Operations Manager 2007 Deployment’ section.
- Changed formatting in the ‘How to Move the Operations Manager Database in Operations Manager 2007’ topic.
- Apr 11 - Updated the ‘Configure Notifications’ section to address customer issues, as well as provide the procedure for an operator or advanced operator to create their own notification recipient and subscription.
We hope you all find these helpful so if you have any suggestions or feedback please be sure to send them to us using the email address in the beginning of each doc. Please include the name of the document and the publish date with your feedback.
J.C. Hornbeck | Manageability Knowledge Engineer
The Operations Manager 2007 Capacity Planning model has now been released to the Web. The download is available here:
https://www.microsoft.com/downloads/details.aspx?FamilyID=6fec1f12-a62c-4e8d-8a19-56879192adc3&DisplayLang=en
The Capacity Planner 2007 Model for Operations Manager 2007 is for planning deployments of Operations Manager 2007 and Operations Manager 2007 SP1.
Overview
The Capacity Planner 2007 Model for Operations Manager 2007 is the capacity planning model to use for planning deployments of Operations Manager 2007 with Capacity Planner 2007. Capacity Planner 2007 is a pre-deployment capacity planning and post-deployment change analysis solution that provides best-practice guidance and hardware-specific knowledge to help information technology professionals make solid architecture decisions when planning a new deployment or changes to an existing deployment for Microsoft server products.
Feature Bullet Summary:
- Simple installation and setup
- Provides knowledge of System Center Operations Manager 2007
- Recommended topology for Operations Manager 2007 deployments in a Graphical User Interface
- Export topology to Visio and corresponding server configuration to Excel
- Model server performance and end-user response time for Operations Manager 2007 deployments
- Hardware library includes popular configurations for Operations Manager 2007 deployments
- Create custom hardware for Operations Manager 2007 deployments
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
Last week at MMS 2008 we released the Operations Manager Public Beta (Cross Platform and Interop). This includes agents for Linux (SuSe Linux Enterprise Server, Red Hat Enterprise Server, Sun Solaris, HP-UX) and IBM AIX (Available at RTM). Also announced were connectors for Tivoli TEC and HP Openview, both of which are currently in the beta.
Beta Requirements:
- HP-UX 11iv3 (PA-RISC and IA64)
- Sun Solaris 10 (SPARC and x86)
- Red Hat Enterprise Linux 5 Server
- Novell SUSE Linux Enterprise Server 10 SP1
To download the beta, follow these steps:
- Go to Microsoft Connect, and log in.
- Click on Connection Directory at the top menu.
- Scroll down the list of categories to System Center TAP/Beta.
- Within this category you will see the Program, "Operations Manager Public Beta (Cross Platform and Interop)". Click Apply Now.
- Complete the survey, and then you're in and can download the Ops Mgr Cross Plat Beta!
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
We had four new Knowledge Base articles and all were on System Center Configuration Manager 2007. Titles and links below:
========
http://support.microsoft.com/?kbid=950527
Windows Vista SP1, Windows Server 2008, Windows Server 2003 SP2, and Windows XP SP3 are not listed as supported platforms for software distribution, update management, or desired configuration management in System Center Configuration Manager 2007
Sys Center Config Manager 2007 AL
EN-US
http://support.microsoft.com/?kbid=951579
Error message after the Pre-Boot Execution Environment restarts the System Center Configuration Manager 2007 client computer: "Cannot access the distribution folder. The network path was not found"
Sys Center Config Manager 2007 AL
EN-US
http://support.microsoft.com/?kbid=949209
After you use the Transfer Settings Wizard to transfer status filter rules from one site to another in System Center Configuration Manager 2007, the receiving site no longer processes status messages
Sys Center Config Manager 2007 AL
EN-US
http://support.microsoft.com/?kbid=949025
Users who have sufficient instance rights cannot delete a collection in System Center Configuration Manager 2007
Sys Center Config Manager 2007 AL
EN-US
========
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
We've seen this problem a couple times now so if you're getting HTTP 401 errors when checking events on the Monitoring tab of the System Center OpsMgr console then you'll want to take a look at this:
========
Issue: When using the Operations Manager 2007 console on a Windows XP or Windows Server 2003 computer, if an alert or event is highlighted on the Monitoring tab then no data may be returned in the lower details pane and eventually a HTTP 401 error will be displayed along with "This page cannot be displayed" or "This program cannot display the webpage".
Cause: This may happen for users that have an exclamation mark (!) at the beginning of their username. This is due to an inability to render items from a directory that starts with the "!" character.
Workarounds:
1. Use the Operations Manager console on a Windows Vista machine, as this issue only affects Windows XP/2003.
2. Use an account that does not start with the "!" character.
3. Rename the user profile directory for the affected user as follows:
a: Login with an account with local administrator rights to the machine where Operations Console is installed. Make sure you're not using the account beginning with the "!" character.
b: Rename the Documents and Settings folder for the user containing the "!" character. For example, rename “C:\Documents and Settings\!<user>” to “C:\Documents and Settings\<user>”
c: Open Registry Editor and browse to HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
d: Go through the subkeys and rename the directory for the affected user. For example, find the one with “%SystemDrive%:\Documents and Settings\!<user>” in “ProfileImagePath” and give it the new value of “%SystemDrive%:\Documents and Settings\<user>”.
Hope this helps!
Adrian Doyle | Support Escalation Engineer