When managing Local Groups through PowerShell, we can use the [ADSI] type adapter.
Starting off, We have to connect to the Local Group that we want to modify.
PS > $ComputerName = $env:COMPUTERNAME
PS > $Group = "Administrators"
PS > $LocalGroup = [adsi]"WinNT://$computerName/$Group,group"
PS > $LocalGroup
distinguishedName :
Path : WinNT://Computer01/Administrators,group
Now that we’re connected to the Local Group, we can start of by adding a user. First let’s add a Local User.
PS > $Domain = "powershell"
PS > $UserName = "nigo"
PS > $LocalGroup.Add("WinNT://$Domain/$userName")
This adds the Domain user powershell\nigo to the local Administrators Group. If we instead want to add a Local User, we just replace the Domain Name with the Local COmputer Name.
PS > $ComputerName = $env:COMPUTERNAME
PS > $LocalGroup.Add("WinNT://$ComputerName/$userName")
And if we want to remove a User from a local Group, we use the Remove() method.
PS > $Domain = "powershell"
PS > $UserName = "nigo"
PS > $LocalGroup.Remove("WinNT://$Domain/$userName")
Here’s a script that automates these tasks.
Click here to download the script.
Here are some examples on running the script.
PS > Set-LocalGroup.ps1 -UserName nigo -Add
PS > Set-LocalGroup.ps1 -UserName nigo -Remove
PS > Set-LocalGroup.ps1 -UserName nigo -Group "Guests" -Domain powershell -Add
PS > Set-LocalGroup.ps1 -help
When managing Local Accounts through PowerShell, it’s possible to use the [ADSI] type adapter.
Starting off, let’s look at how to connect to the Local Computer.
PS > $ComputerName = $env:COMPUTERNAME
PS > $Computer = [adsi]"WinNT://$ComputerName"
PS > $Computer
distinguishedName :
Path : WinNT://Computer01
Now that we have a variable holding the reference to our local computer, we can go ahead and add a Local User Account. This is done through the Create Method on the object. we’ll also add a Password for our User.
PS > $UserName = "NewUser"
PS > $Password = "Password1"
PS > $User = $Computer.Create("user",$UserName)
PS > $User.SetPassword($Password)
PS > $User.SetInfo()
And it’s as simple as that. If you’r running Windows 7 you have to start PowerShell with elevated rights in order to get it to work.
Removing the User is done by using the Delete() method.
PS > $Computer.Delete("user",$UserName)
Here’s a script i wrote that adds, removes or resets the password of a local User Account.
Click here to download the script
Examples on running the Script:
PS > Set-LocalAccount.ps1 -UserName NewUser -Password Password1 -Add
PS > Set-LocalAccount.ps1 -UserName NewUser -Password Password2 -ResetPassword
PS > Set-LocalAccount.ps1 -UserName NewUser -Remove
Gathering Printerinformation can be done through WMI. Win32_Printer contains information about printers that are used by a computer and Win32_PrinterDriver contains information about the printer drivers. We can combine these 2 WMI classes and retrieve information about both the printer and it’s drivers. This script checks for the following properties:
Computer : Client1
Name : \\SERVER\SRV-FLOOR1-SV01
DefaultPrinter : True
DriverName : HP LaserJet 4250 PCL 6
DriverPath : C:\Windows\system32\spo...
Driverdll : UNIDRV.DLL
HorizontalResolution : 600
VerticalResolution : 600
LocalPrinter : False
PrintProcessor : HPZPP4wm
Location : GOT
Comment : Company Printer
Description : Printer on Floor 1
I’ve included a switch that let’s you pipe the information to a csv instead of displaying it to the host, and if you pipe an array of computer names to the script you can retrieve information from multiple computers.
Running the Script:
PS > .\Get-PrinterInformation.ps1 -Computer Client1 -ToCsv
PS > "Client1","Client2","Client3" |
>> ForEach { .\Get-PrinterInformation.ps1 -Computer $_ }
Here’s a link to the script.
Get-PrinterInformation.ps1
A common Admin task is Setting permissions on folders for new Users or Groups. doing this manually can be pretty boring and timeconsuming. This script automates these steps through PowerShell.
The parameters that I’ve added to the script are:
- -Path Folder to Create (Required)
- -User User who should have access (Required)
- -Permission Specify Permission for User, Default set to Modify (Optional)
- -help Prints the HelpFile (Optional)
The script sets the folderpermissions for a User or a group on a folder and if the folder doesn’t exist, it creates the folder and adds the specified permissions.
Running the Script on one folder gives the user or group permissions on the folder and on child folders. If you run the script recurse, it will break the inheritance for the specified User/Group and set the permissions specified on each folder.
Here are 2 examples on running the script.
./SetFolderPermission.ps1 -path C:\User -Access APA\MyGroup -Permission Write
Get-ChildItem -path C:\User -recurse |
Where { $_.Attributes -match "d"} |
ForEach {
./SetFolderPermission.ps1 -path $_.Fullname -Access APA\MyGroup -Permission Read
}
If you want to display the HelpText simply type:
./SetFolderPermission.ps1 -help
Here’s a link to the script
There are numerous ways of doing a Client Inventory in the Windows environment. You can use various Microsoft technologies to accomplish this, you can collect information stored in the registry or you can retrieve information through WMI.
In this post, I’m going to show how to do this through WMI and PowerShell. WMI is a versatile extension to the Windows Driver Model that provides an OS interface which components can provide information through. Both PowerShell and Vbs can retrieve information from WMI in a flexible way.
Starting off, lets look at information from the OperatingSystem, this can be retrieved through the Win32_OperatingSystem class.
PS > Get-WmiObject Win32_OperatingSystem
SystemDirectory : C:\Windows\system32
Organization :
BuildNumber : 7000
RegisteredUser : nigo
SerialNumber : 00447-321-7001114-70264
Version : 6.1.7000
To get even more information we can pipe it to
Format-List *,which displays all information retrieved.
I’ve put togheter a Script that retrieves Client Information from your computer or a remote computer and returns the information in a PsObject. If you are running the script on Remote clients, make sure that the Firewall allows remote administration, otherwise the script won’t work.
The Network Inventory in this script only takes the first NetworkAdapter found and retrieves the information. if you have multiple NetworkAdapters you have to modify the script.
PS > .\Get-Inventory.ps1 .
Gathering Client Information From: .
UserName : GOT-ZIP-NIGO\nigo
ComputerName : GOT-ZIP-NIGO
ScreenModel : NVIDIA Quadro FX 570M (Prerelease - WDDM 1.1)
ChassisType : Notebook
ComputerManufacturer : Hewlett-Packard
ComputerModel : HP Compaq 8510w
SerialNumber : 00447-321-7001114-70264
RAM : 3054 MB
CPU : Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
HDDTotal : 114471 MB
HDDFreeSpace : 78976 MB
OperatingSystem : Microsoft Windows 7 Ultimate
Language : 1033
Domain : WORKGROUP
IPAdress : 192.168.0.195
SubNet : 255.255.255.0
MACAddress : 00:76:E4:EE:49:00
Click Here to download the script.
