Get IP Data

I was doodling in PowerShell this morning and ended up with what I hope is a useful function to retrieve IP configuration information, sort of like IPCONFIG, but using WMI. The beauty is that I can connect to remote machines and the output is an object which leads to all sorts of possibilities.

My function is called Get-IPData.

The function takes computernames as a parameter, uses WMI to get the NetworkAdapterConfiguration for IP and DHCP enabled adapters.

The rest of the function simply selects key properties including another WMI query to get the associated adapater’s speed. Because some items like IP address are stored as arrays, I use a hash table expression to return the first item only.

I started to do my usual code polishing but then I realized this might be a good exercise for you. The function works as is with some limited error handling in a Try/Catch block. But there are several areas for improvement or enhancement. You might want to:

  • Add support for alternate credentials
  • Add comment based help
  • Add support for running as a background job
  • Create a graphical, WinForm/WPF version
  • Add IPv6 information
  • Add the average ping response time
  • Add more adapter information

I’ll leave the rest to you. This could be a nice warmup practice for the upcoming Scripting Games.

Download Get-IPData.ps1

New Event Report Revised

Last year I posted an update to an old Mr. Roboto script that was an update to an even older VBScript. Still with me? My last revision leveraged the new Get-WinEvent cmdlet to create an HTML report of recent error activity on one or more computers. The problem was that I didn’t account for older computers that don’t support Get-WinEvent. I finally have a version that does. Continue reading

Get Parent Process

parent-child Recently I helping out on a post in the forums at ScriptingAnswers.com. The question centered around identifying processes on a computer and their parent process. There are many ways you could slice and dice this problem using WMI and Get-WmiObject. Getting the parent process ID is pretty simple, but going backwards from there to identify the parent process takes a little PowerShell jujitsu.

Because I love objects (geeky, I know), one angle I pursued created a custom object for each parent process. The object included a few key (at least to me) properties as well as a property that held an array of all child processes.

Here’s an example.

ParentID          : 916
Children          : {@{ProcessID=4068; ProcessName=Moe.exe; Description=Moe.exe
; Created=5/19/2010 8:52:59 AM}, @{ProcessID=4716; ProcessN
ame=SkypeNames2.exe; Description=SkypeNames2.exe; Created=5
/20/2010 8:13:47 AM}, @{ProcessID=1600; ProcessName=VBoxSVC
.exe; Description=VBoxSVC.exe; Created=5/20/2010 11:59:31 A
M}, @{ProcessID=6828; ProcessName=WmiPrvSE.exe; Description
=WmiPrvSE.exe; Created=5/21/2010 7:57:22 AM}}
NumberofChildren  : 4
ParentCreated     : 5/19/2010 8:51:46 AM
ParentProcess     : svchost.exe
Computername      : SERENITY

To get here, I called a function I wrote called Get-ParentProcess.

}#Process
End {

$finish=Get-Date

This is an advanced function so it requires PowerShell 2.0. The actual function includes comment based help. I’ve omitted here.

The function takes a computername as a parameter, defaulting to the local computer. You can pipe names to the function as well. Here’s what happens when you connect to the remote computer using Get-WmiObject.  The collection of Win32_Process objects is sorted by the ParentProcessID and then piped to Group-Object. This created a GroupInfo object. The name property is the parent process ID and the corresponding group are all the child processes.

Each group is then parsed and processed pulling out process information and defining new properties. To get the parent process name I search the saved WMI results looking for a process id that matches the parent process ID I’m checking. If you look back at the Get-WmiObject expression you’ll see I’m taking advantage of the –OutVariable common parameter. The cmdlet’s result is not only passed down the pipeline but also stored in the variable. In this case, $data. When you use –OutVariable just specify the variable name you want to use. You don’t need the $.

For the child processes that are in the group I select a few key properties. $Children will be a collection of custom process objects. This value is used as a property value, among others, in New-Object.

When you run the function, you most likely will notice some parent processes with no name. More than likely this is because the parent process is no longer running.

PS C:\> $r=get-parentprocess

PS C:\Scripts> $r | where {-not $_.parentProcess} | select-object -ExpandProperty Children | Sort Created | format-table –autosize

ProcessID ProcessName               Created
——— ———–               ——-
596 csrss.exe                 5/19/2010 8:51:43 AM

676 wininit.exe               5/19/2010 8:51:44 AM

696 csrss.exe                 5/19/2010 8:51:44 AM

852 winlogon.exe              5/19/2010 8:51:45 AM

3396 explorer.exe              5/19/2010 8:52:39 AM

3988 ToshibaServiceStation.exe 5/19/2010 8:53:07 AM

3564 TWebCamera.exe            5/19/2010 8:53:12 AM

3792 TUSBSleepChargeSrv.exe    5/19/2010 8:53:12 AM

2208 VCDDaemon.exe             5/19/2010 8:53:12 AM

4112 jusched.exe               5/19/2010 8:53:13 AM

4164 vmware-tray.exe           5/19/2010 8:53:14 AM

3656 SWin.exe                  5/19/2010 9:03:57 AM

Even if you don’t have a use for the function, I hope you find some useful scripting techniques.

Update: I’ve been using the PowerShell ISE to create the script files on an x64 platform. The Unicode default can be problematic.  Here is an ANSI version of the file.  I’ll try to remember to stick to ANSI from now on.

Select WMI

I’ve been helping out on some WMI and PowerShell issues in the forums at ScriptingAnswers.com. As I was working on a problem I ended up taking a slight detour to address an issue that has always bugged me. When I run a command like this:

PowerShell wants to return system classes as well.

The work around has been to pipe the original expression to Select-Object and re-selecting the properties I want. This seems like an unnecessary step. Now, depending on the class I could simple return all WMI objects and then use Select-Object. But I should be able to take advantage of early filtering and use Get-WmiObject as it was intended. So I wrote a function called Select-WMI that will take any WMI-looking object and return the non system properties.

I assumed you would run it as part of a pipeline. Now, I can more easily get the information I’m after.
selectwmi

The function will also work to bypass PowerShell’s default formatting for WMI objects, making it easier to see all the properties.
selectwmi-2

But I took this one step further. There are times when all I want are properties that have a value. So Select-WMI has a –Populated parameter so that only populated properties are displayed.

selectwmi-3

Now, you’ll only really need this when using the WMI cmdlets. In PowerShell v3 and later you can use Get-CimInstance which by default does not display the system properties.

[updated March 15, 2014]

Drive Report Console Chart

In thinking about some of my recent posts, I realize I should make clear that these scripts and functions are not necessarily good PowerShell examples. They don’t take advantage of objects and the pipeline. They are single purpose and one-dimensional. Not that there’s anything wrong with that. My recent examples, and the one I have today, are experiments in exploiting the console and host itself. The script I worked up for today presents a colored bar “graph” showing disk utilization directly in the console.

Continue reading