Tag Archives: PowerShell

Get Local Group Members Revisited

The other day I posted an article and function that used ADSI and PowerShell to list members of a local group. I had a few people report an unusual error that I couldn’t replicate. During the course of troubleshooting, I made a few changes to the original function to at least better handle the mysterious error. Those changes were updated to GitHub and as version 1.5 of the function.

But during testing and revising, I decided I might as well really improve this command and incorporate an option to use PowerShell remoting, without having to jump through all the hoops in the previous version.

Version 2 of the function includes a few parameters for remoting. This meant defining a few parameter sets. I also turned the bulk of the ADSI code into a scriptblock which can by invoked normally using the & operator. Or run remotely with Invoke-Command. One tricky thing with scriptblocks is being able to flip on Verbose output.  My solution is to add a parameter to the scriptblock that essentially inherits the VerbosePreference of the local machine.

image

I also realized it might be helpful to include the group name in the results in case you want to export the information.

You can still use the command without remoting, which assumes you can create a legacy connection to the computer.

image

But I think you’ll find the remoting option better performing.

image

You can also use alternate credentials and SSL, although I haven’t tested using SSL or certificates since I don’t have that setup on my network.

Version 2 and later of the function can be found on Github:

Let me know if this works better for you.

Get Local Group Members with PowerShell

Recently I posted a function to get information about local user accounts. I received a lot of positive feedback so it seemed natural to take this the next step and create a similar function to enumerate or list members of a local group, such as Administrators.

The function, Get-LocalGroupMember, also relies on ADSI and is similar to my local user function so I won’t repeat the details.  Since I assume most of the time the only local group that matters is Administrators I made that the default.  I also set the computer default to the local host. But it is simple enough to query another computer.

image

You can pipe in computer names and use the object properties to do additional filtering, sorting or grouping.

image

In this example I wanted to search a group of computers and identify local members of Administrators that were not the Administrator account.

As with my previous function, I think you’ll find it better to use PowerShell remoting if you plan on querying multiple remote servers or need to use alternate credentials. You can read function help for more details.

You can always find the most current version of the function in my Github library.

I hope you find this useful. Comments are welcome here, but please post bugs or suggestions on GitHub.

Friday Fun: A SysInternals PowerShell Workflow

Over the years I’ve come up with a number of PowerShell tools to download the SysInternals tools to my desktop. And yes, I know that with PowerShell 5 and PowerShellGet I could download and install a SysInternals package. But that assumes the package is current.  But that’s not really the point. Instead I want to use today’s Friday Fun to offer you an example of using a workflow as a scripting tool. In this case, the goal is to download the SysInternals files from the Internet.

First, you’ll need to get a copy of the workflow from GitHub.

A workflow command is like a function, in that you need to load it into your PowerShell session such as dot sourcing the file.

. c:\scripts\Update-SysinternalsWorkflow.ps1

This will give you a new command.

image

The workflow can now be executed like any other command.

image

The workflow’s main advantage is that it can process items in parallel and you can throttle the activity. In my workflow, I am processing 8 files at once.

One thing to be careful of in a workflow is scope.  You shouldn’t assume that variables can be accessed across the entire workflow. That’s why I am specifically scoping some variables so that they will persist across sequences.

I really hope that one day the parallel processing will make its way into the language because frankly, that is the only reason I am using a workflow. And it’s quick. I downloaded the entire directory in little over a minute on my FiOS connection. The workflow will also only download files that are either newer online or not in the specified directory.

If you are looking to learn more about workflows, there is material in PowerShell in Depth.

I hope you find this useful. Consider it my Valentine to you.

NOTE: Because the script is on GitHub, it will always be the latest version, including what you see embedded in this post. Since this article was posted I have made a few changes which may not always be reflected in this article.