Category Archives: PowerShell

Friday Fun Send a Colorful Message

Next week is Pluralsight’s 10th anniversary. In preparing for that happy event, I wanted to send a special greeting. Of course, because my courses are on PowerShell it only seemed appropriate to use PowerShell to display my message. In fact, let’s jump right to the result.

HappyBirthdayPluralsight

Here’s how I did it.

The script takes a string, in this case a here string stored as $msg, and writes each character to the console using Write-Host. I’m using Write-Host so that I can take advantage of foreground and background colors. I get a random color for each from a list of possible console colors, skipping the color used for the current console background. My script uses a Do loop to get a random color for the background that is different than what is chosen for the foreground. I only use a color scheme if there is a non-space character. I suppose I could have turned things around and tested with -match against \S.

Anyway, a short and simple script that gets the message across in a colorful way. Enjoy and have a great weekend.

Configure Local User Account with DSC

talkbubble Yesterday I posted an article on how to use PowerShell and the [ADSI] type accelerator to set a local user account. However, if you are running PowerShell 4.0 you have another option: Desired State Configuration (DSC).

I’m going to assume you have some basic understanding of how DSC works. If not, head over to the Public OneDrive folder for PowerShell.org and grab a copy of the free DSC ebook.

DSC ships with a provider resource for user accounts.

dsc-userresource

Because of the account password, the official stance is to use a certificate to handle encrypting the password. You can read about that on the PowerShell team blog. But that’s more than I want to deal with right now, plus I trust the security of my local test network so my configurations will store the passwords as plain text in the resulting MOFs. I suppose I should show you the script I came up with.

This script is intended to define a set of MOFs for computers in my Globomantics domain that all start with “CHI”. The script takes an array of computernames. From there it defines the configuration, defines the necessary configuration data to allow plain text passwords and then executes the configuration. The configuration also has a Group resource to add the account to the local Administrators group. Note the DependsOn setting in the group configuration. This ensures that the account will be set up before adding it to the group.

To create the configurations I run my script specifying the computer names.
config-localpassword-dsc

PowerShell will prompt me for the credentials. When finished I am left with a MOF file for each computer under C:\Scripts\LocalUserAccounts, because I specified an output path. When I’m ready, I can push the configuration to the servers:

And that’s it! I can verify using the NET USER command in a remote session.

verify-dsc-user

DSC promises to change the way IT Pros get their work done, and in a positive way!

Set Local User Account with PowerShell

halfuser The other day I received an email from a student asking for some help in using PowerShell to take care of a user account on a local computer. He not only wanted to be able to set the password, which he had already figured out, but also how to enable or disable the account, which is not obvious or intuitive without experience using ADSI and the WinNT provider. I sent him some suggestions to get him started down the right path. But I realized, I should wrap up this functionality in a PowerShell tool since his task is something I assume many of you need and there are no cmdlets from Microsoft for managing local user accounts.

First, let me point out that it is actually quite easy to manage local user accounts on remote computers using PowerShell. All you need to do is learn how to use the NET USER command and execute it using Invoke-Command.

remote-net-user-1

remote-net-user-2

The LocalAdmin account on CHI-CORE01 is currently disabled (account active is equal to no). But it is pretty easy to enable and set a new password.

However, this doesn’t scale well and the capabilities of the NET USER command might vary by operating system. So here is a PowerShell function that utilizes ADSI to do the same thing.

This function should work in PowerShell 2.0 and later. The help content includes some usage examples. You can use this command to simply change the user password, or change the password while enabling or disabling the account. Enabling and disabling is accomplished with a bitwise operation with the userflags value and a constant flag that indicates the account is disabled.

There is probably more that could be added to the command such as setting the comment property and when the account expires. But I’ll leave those changes to you for now.