How to Manage Azure from PowerShell on your PC…

2017-07-27T00:01:03+00:00 September 11th, 2013|Uncategorized|

If you use Azure day-to-day like I do…  and you use PowerShell day-to-day like I do…  then it’s time to put them together like chocolate and peanut butter!  What I mean is, let’s use the power of PowerShell to easily manage your Azure services.

I’ll assume that if you’re still reading this, you have an Azure account (if you don’t, you can get a free trial), and you have a Windows 7 or higher PC or server on which to run PowerShell. 

Install the Azure PowerShell modules
Go to the Azure download page, and at the bottom left, download the “Windows Azure PowerShell” bits and install.  Here’s the direct link to the bits, as of this writing.  It’s just a few clicks and a few minutes to let the web-installer do its thing. 

Once Azure PowerShell is installed, hit Start and type PowerShell to see that you now have another option for PowerShell, called “Windows Azure PowerShell”;  click it! 


Configure the “publishsettings” file

Next we need to link your Azure account with your PowerShell session.  We do this by getting your “publishsettings” file from Azure, and stuffing it into PowerShell.

Run the command: Get-AzurePublishSettingsFile


…This will launch a browser and you will be prompted to authenticate to Azure (if not already).  You will be prompted for download choices, and you should save file to local folder; something like c:tempAppsAzure that I use in the following example.

Next, we import the settings file with the following command: Import-AzurePublishSettingsFile


…of course it depends on what you named the file when you saved it, but this is a standard name format.

Finally, delete the “publishsettings” file — it contains a management certificate file that shouldn’t be left lying around once imported.


…and that’s about it!  You are now linked to your Azure account and can control your world by command.  Let’s start by taking a look at some of the relevant commands:
get-command *azure*

Mmmm…  Those look like fun commands!


Kick the tires

You know, as long as we have an active session, let’s see how I last left my testing lab with a Get-AzureVm command:


…Hmmm…  It looks like I left my Windows Server 2012 R2 “preview” VM shut off.  Let’s start it up with a Start-AzureVM command, specifying the VM name as well as the Service name:


Well, that was fun, but now lunch is over and it’s time to shut down the lab “preview” machine again.  But I just want to shut down the VM for later use, not to de-provision the VM and have to re-create it later.  So, I’ll use the Stop-AzureVM command with the -StayProvisioned flag.


…and so on, and so on.  Now that we’ve got you all set up and have stepped through some basic commands, you should be well on your way to chocolate and peanut butter goodness!

For more detail, make sure to see the Azure PowerShell “Get Started” tutorial:

And for even more detail, view the Azure PowerShell Cmdlet reference guide:

Now *you* go have some fun!




PowerShell v4, and Desired State Configuration…

2017-07-27T00:01:03+00:00 August 7th, 2013|Uncategorized|

For me, the most exiting thing to have come out of Microsoft’s TechEd this year is the new PowerShell v4 feature called Desired State Configuration (DSC).  Being able to deploy countless servers, and be assured that they all will have exactly the products you want installed, the way you want them installed, as soon as you want them installed — all with a few lines of scripting code — is priceless.  I know it’s been a couple months now since it was announced, but if you’re anything like me, you’re just really digging in to the Server 2012 R2 features as you get spare time…  and the power of these new features really start to sink in…

If you want to add a server configured like all the rest?  You add a line in an input file.  You want to add a product to hundreds of servers or change a configuration item?  You add a few lines in what is effectively a PowerShell function.  I just can’t help but think how PowerShell has come sooooo far in making a farm of Windows servers as easy as managing a farm of Linux servers has always been the shell and shell tools, or with certain management tools like Puppet and others!  And the Puppet and Chef folks are on board too, as their products start to make best use of these new capabilities.

For all the info you need to get started (if you haven’t already), make sure to check out the TechEd session, “Desired State Configuration in Windows Server 2012 R2 PowerShell”:

…And also catch up on the blog announcement.  Then, go download the Server 2012 R2 bits and get going!




NTFS Permissions – Copies, and Moves…

2013-07-24T22:37:13+00:00 July 24th, 2013|Uncategorized|

Did you know …

Per Microsoft:  “By default, an object inherits permissions from its parent object, either at the time of creation or when it is copied or moved to its parent folder. The only exception to this rule occurs when you move an object to a different folder on the same volume. In this case, the original permissions are retained.

Okay, so you knew that… but did you know this …?

Per Microsoft: “You can modify how Windows Explorer handles permissions when objects are moved in the same NTFS volume. However, if you want to modify this behavior so that the object inherits the permissions from the parent folder, modify the registry as follows: “


Value name: MoveSecurityAttributes
Data type: DWORD
Value data: 0

And maybe even you knew that….  but did you know it doesn’t always work …?

Actually, this registry value used to work natively with Windows XP (after a reboot).  But for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, you must install a Microsoft-supplied HOTFIX to make it work, found here: (

Install the hotfix and reboot.

Also, make sure that the user account that is used to move the object has the Change Permissions permission set.

For the entire knowledge base article, please see:



Publishing MS Word Viewer through Citrix XenApp 6.5…

2017-07-27T00:01:03+00:00 June 19th, 2013|Uncategorized|

Recently, I moved over to the Coretek virtualization team.  It’s a great opportunity to work with new technologies and implement them as part of our Virtual Clinical Workstation solution.  

Citrix is one of the technologies that plays a major part in the solution.  As part of a virtualization implementation we are working on, I was tasked with publishing the Microsoft Office viewers through Citrix XenApp 6.5.  Now, I have a pretty extensive background in software installation and configuration on Windows desktops; however, publishing them through Citrix was new to me.  

The way a published application’s files and registry keys interact with a desktop operating system are fundamentally different.  Therefore, I was surprised to find when I attempted to open a Word document in the published Word viewer by double clicking on the .doc file — the file itself would not open, but the Word viewer would only open up an “Open” dialog.



So, being pretty new to Citrix — and given that it’s a pretty complex application that is comprised of multiple policies, application configurations, and settings, which can redirect content and drive mappings — troubleshooting issues like this can be challenging (and of course, you must also consider all the AD policies applied as well).  In the end, the solution to this particular issue was pretty simple…

Fortunately, once I was able to rule out that content redirection or drive mappings might be the cause, I found a Citrix KB article that addressed the exact issue I was having.  You can read the article here:

In short, I had to add a special parameter (“%**”) at the end of the Word Viewer’s Command Line in the Citrix AppCenter (where published applications are stored).  The default parameter contains only one asterisk (“%*”). 




Hopefully this tip will help if you experience the same issue!




PowerShell – How To Discover and Set Permissions on a Folder…

2017-07-27T00:01:03+00:00 June 12th, 2013|Uncategorized|

I’ve written a few posts here in the past about how to use PowerShell to set NTFS permissions, in a couple different fashions.  But recently I was asked something like, “…okay, I know what permissions I’d like to assign in Windows Explorer, but how do I know what the PowerShell equivalent is?” 

The point of the question is that the description of the permission you see in the GUI is not necessarily what you’d actually put in your PowerShell command when you attempt to apply it.  So how do you know the difference and correlation?

There are tons of references out there for learning more about scripting setting permissions in PowerShell, but it’s not always easy to know *which* permission to set with PowerShell.  So let’s imagine the scenario where we need to add a “custom” permission to a folder via a PowerShell script or command (maybe part of a loop, etc.), and the requesting person has only described to you in the most GUI-like terms what is needed. Step1

In this case, what I usually do is:

1.) Ask the person to set the desired permission on an example folder (if it doesn’t exist already) to be sure that you are talking about the same thing, like this example:

…In this example case we are using the following:

Permission 1: Create File / Write Data
Permission 2: Create Folders / Append Data
Permission 3: List Folder / Read Data
At: Folder name “Bogus”
For: This folder, subfolders, and files
To: LABWorkgroup1


2.) Use PowerShell command Get-Acl .Bogus | Format-List to get a readable ACL from the example folder:


3.) Now, remove that permission from the folder, and run the above command again to see the difference (or just evaluate the SIDs):


…and now you can see — among the other permissions — that the above listed permissions translate to LABWorkgroup1 Allow  ReadData, CreateFiles, AppendData, Synchronize; and the Sddl, if you need it: (A;OICI;0x100007;;;S-1-5-21-2087276962-282213542-3505124996-1115)

4.) Finally, set the permission on the new folder:

$folder = "Bogus"
$myGroup = "LABWorkgroup1"
$acl = Get-Acl $folder
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$myGroup", "ReadData", "ContainerInherit, ObjectInherit", "None", "Allow")
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$myGroup", "CreateFiles", "ContainerInherit, ObjectInherit", "None", "Allow")
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$myGroup", "AppendData", "ContainerInherit, ObjectInherit", "None", "Allow")
Set-Acl $folder $acl

This is a simple example, of course, but it’s an easy way to get it done without chasing down reference documentation.  After a while and frequent use, you begin to kinda’ memorize the various PowerShell permissions options and recognize them — but you can sometimes forget them too, and this is a quick and easy way to figure it out at any time.



Powershell – Check for PS version and act accordingly…

2013-05-22T22:29:39+00:00 May 22nd, 2013|Uncategorized|

In recent posts, we’ve been outlining some important day-to-day differences in PowerShell CMDlets and features between v2 and v3.  And right now I’m working with a customer that is in the midst of transitioning between XP and Win7, and between Server 2003 and 2008/2012, where these differences really start to matter performance-wise. 

So, we’ve got lots of PowerShell tools we wrote in v2 that we are slowly getting around to updating to the new features in v3.  But the thing is, we still can’t be certain where these scripts will be run, and by whom.  So we’ve put together a little “version detector” to help run the correct version of the command and give the best performance possible, whenever possible.  And as a result, you — the reader — can apply this type of thing to any script that might be run in a mixed environment.

This example below features the new -Directory flag in the PowerShell v3 Get-ChildItem, though you could just as easily replace that line in each section with any other CMDlet that behaves differently between versions.  Just modify this section, and wrap it around your CMDlet with the updated v3 capability…


$hostVersionInfo = (get-host).Version.Major
if ( $hostVersionInfo -eq "2" )
  # For PowerShell v2
  write "We appear to be using PS version $hostVersionInfo... That's okay, but this script processes faster with PS v3!"
  write ""
  $containers = Get-ChildItem -path $MoLoPath$CurrentParent -recurse | ? {$_.psIscontainer -eq $true}
elseif ( $hostVersionInfo -eq "3" )
  # For PowerShell v3
  write "We appear to be using PS version $hostVersionInfo... Good!"
  write ""
  $containers = Get-ChildItem -Directory -path $MoLoPath -recurse
  write-host "Unknown/unapproved version of PowerShell. Exiting!"


Normally, I’d explain some of the functionality in the script; but it’s fairly simple, well-commented, and in general pretty descriptive.  It just detects which version of PowerShell you’re running, and runs one of the two version of the CMDlet.  So you should be able to figure it out quickly even if you’re new to this stuff. 

Of course, if you have a question (or have a better way of getting it done), feel free to comment. 

So that’s it, I hope it helps!




Powershell – How recursive directory searches got better with PSv3…

2017-07-27T00:01:04+00:00 April 17th, 2013|Uncategorized|

In the old days, we ate dirt for dinner, brushed our teeth with sticks, used PowerShell v2 — and we *liked* it! 

There, that’s my tribute to Dana Carvey as “Grumpy Old Man”.  Google it, kids.

Anyway, I’ve got an absolute ton of old PowerShell scriptlets that I have lying about that I regularly cannibalize or resuscitate back into production.  And since we are in that squishy transitional period between PowerShell v2 and v3, I don’t always bother to check them for compatibility with v3 or update features in the script to take advantage of new capabilities.  But I hit on one v3 improvement the other day that solved a problem has bugged me so much for so long that I wanted to shout from the mountaintops about it!  And since I live in mostly-mountainless Michigan, the blog is the best I can do…

Really it’s such a little thing.  But it’s so overdue.

In the past, if you wanted to recursively inspect a folder structure on a remote server — for instance while fishing for explicit NTFS permissions on folders — you were forced to inspect all folders *and* files, no matter if you only wanted folders.  Basically, you had to ask for everything (all children folders and files, recursively), then parse the result to extract the folders (check psIsContainer) from the listing.  Here’s an example of this, similar to what you might see all around the internet:

# For PowerShell v2
$containers = Get-ChildItem -path $TopPath$CurrentParent -recurse | ? {$_.psIscontainer -eq $true}

 Of course, this could be incredibly wasteful in processing, network bandwidth, time, etc…   All this time I’ve always wished there was a way in my loops to just ask for ONLY the folders, to save all of that waste.  Thankfully, this has arrived with v3.  Behold:

# For PowerShell v3
$containers = Get-ChildItem -Directory -path $TopPath$CurrentParent -recurse

 This has significantly sped up some of my analysis scripts that I run in a large enterprise, cutting as much as half a day off of some of my execution times (I did mention it was large).  So really what this means is that I have to start spending more spare time looking through the v2/v3 differences…  But I won’t have any spare time until I implement more v3 changes…  Quite a conundrum… 



A cool ‘Remote Desktop Connection Manager’ tip!

2017-07-27T00:01:04+00:00 April 3rd, 2013|Uncategorized|

I am constantly monitoring multiple Microsoft Windows Servers and XP workstations via Remote Desktop Connection Manager and having to switch between each console one at a time is a very user-intensive and time-consuming process.  Though, I have recently discovered a very useful and time-saving trick that I will share with you below…

First, by default, the Remote Desktop Connection Manager gives you a thumbnail view of all of your workstations when you click on any “group” of servers from the left server pane list.  I always thought this was a “gimmick” and never thought twice about using it for anything because the dimensions of the thumbnail views of the remote desktops were just way too small to be useful.

But after reviewing the program’s options I found that you can modify the size of the thumbnails (Tools > Options > Client Area > Thumbnail Size)!

But that isn’t all!

The thumbnails are actual “live” clickable Remote Desktop sessions; so if you set the pixel size of the thumbnails to 25%, 30% or 40% of your screen size, you can fit 4-12 active server connections into one very productive window (obviously depending on your monitor size and screen resolution!).  This screen cap should give you a good idea of what I mean:



I hope you find this tip as useful as I did!  Enjoy!



Installing HKCU keys using a Windows Installer repair, Pt. II

2017-07-27T00:01:04+00:00 March 27th, 2013|Uncategorized|

Previously, in Pt. I of this series, I wrote about how to install HKCU registry keys (which can also be used for installing data anywhere in a user profile).  Now I’ll go into more depth on how to do this using the popular application packaging product Wise Package Studio.

Though Wise Package Studio has been discontinued by Symantec, it’s still quite popular in many packaging environments.  The main tool used for creating and editing Windows Installer projects in Wise Package Studio is the “Windows Installer Editor”, which was previously available alone as “Wise for Windows Installer” (wfwi.exe). 

Most of the packaging work will be done in the “Installation Expert” view, which is a slightly more “user friendly” or “cleaner” project editor.  After creating my new project, I’ll add a couple files to it.  The files I added are Process Explorer (procexp.exe) from “SysInternals” and it’s help file (procexp.chm).  Process Explorer is one of several extremely useful utilities available (free!) in the Sysinternals Suite




Next, I’ll add an “Advertised” desktop shortcut to “procexp.exe” from the “Shortcuts” page.  By default, when you add a shortcut to point to a file in your installation the “Advertised” check box is marked. 




Note that “Complete” is listed in the “Current Feature” drop down list.  By default, Wise starts with a feature named “Complete” and puts all files, registry keys, shortcuts, etc. under the “Complete” feature, but we need a “hidden” parent feature.  So, from the Features page “Add” a new feature.  Give it a name, select “<None>” from the Parent drop down list, “Hidden” from the Display drop down, and check the “Required Feature” check box; the rest of the defaults can be left.  After adding the hidden parent feature, I go into the “Complete” feature to select the hidden feature from its “Parent” drop down list. 




Finally, I add an HKCU registry key to the new hidden feature.  Notice now that I’ve added a new feature, I can select it from the “Current Feature” drop down list from all the pages in Installation Expert. 




After the project is compiled, the .MSI can be run on any system “per machine” with the “ALLUSERS” value set to ‘1’.  When a new user logs onto the machine and clicks on the advertised shortcut, the HKCU key will be installed by the windows installer repair. 

 Next time, I’ll take a look at implementing self repair using InstallShield.  I hope you found this tutorial enlightening, instructive, and maybe even a little fun.  Well..uh..instructive and enlightening should be good enough! 




Powershell – Query Active Directory for Server Versions…

2013-03-20T22:45:57+00:00 March 20th, 2013|Uncategorized|

Today, I’m writing about a simple-but-useful command that just might help you get a better understanding of the quantity and variety of Windows servers you have in your environment, with just a few caveats.  The most accurate way to get such information, of course, is to query Active Directory in real-time to get the most current information possible.  And the easiest way to do that (in my opinion), is to use PowerShell.  So launch a console and let’s get to it…

But first, if you haven’t launched the pre-loaded Active-Directory PowerShell Module, then let’s do that now:

Import-Module ActiveDirectory

Here’s a first blush at how we can list all AD-based computers, grabbing only the interesting properties we need, formatting the output to a list, and redirecting the results to file (I’ve seen some things like this while ‘Googling):

Get-AdComputer -Filter * -Properties IPv4Address,OperatingSystem,OperatingSystemServicePack | Format-List Name, IPv4Address, OperatingSystem* > OutputServerList.txt

Now, let’s dig deeper, and perhaps refine the command a bit.  First, the filter is a wildcard, and retrieves all computers.  That might be fine in a small environment with few computers; but we’re really only after Servers here, and we might be working in a larger environment.  So, we will change the filter to use an LDAPFilter and get a bit more granular like this:

-LDAPFilter "(OperatingSystem=*Server*)"

Next, I think the results will actually look better if we output them to a CSV, so we’ll drop the redirect and list formatting, and replace it with a pipe like this:

| Export-Csv ExportCsvServerList.csv

Now a warning about the CSV export…  Unfortunately, Microsoft chose to include a “restricted” symbol (little r in a circle) in the Server 2008 (non-R2) name, like this:

Windows Server® 2008 Standard

…and, the CSV export operates only with the ASCII set by default.  Sheesh.  So, we use the UTF8 flag to make sure the wacky “restricted” mark is rendered correctly, like this:

| Export-Csv -Encoding UTF8 ExportCsvServerList.csv

So with all that, we end up with a command looking like this:

Get-AdComputer -LDAPFilter "(OperatingSystem=*Server*)" -Properties IPv4Address,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-Csv -Encoding UTF8 ExportCsvServerList.csv

And since it’s a spreadsheet you can further filter/format/manipulate the results how you see fit.

One more thing that causes confusion sometimes: 

Be aware that even though we are calling ActiveDirectory for these servers and their correlating properties, there’s one of these items that don’t come from there: the IP Address.  As you are likely aware, the IP address of a computer object is not stored in the directory; so what is actually happening is that the Get-AdComputer module is retrieving the FQDN of the computer, and doing a DNS query to resolve it to the address for you. 

Now, this can be good or bad, depending on your situation; for instance, it might slow down your 8000+ server export… or might also help alleviate the burden on your AD server as you make the query (while it delays the processing a tad to retrieve the name).  Also, you’d better be able to rely on your DNS to return valid values, or the results might be confusing/misleading! 

I hope that helps…  Thanks for reading, and by all means if you have additional tips, be sure to comment!




Load More Posts

Fatal error: Uncaught exception 'GuzzleHttp\Exception\ClientException' with message 'Client error: `POST` resulted in a `400 Invalid instrumentation key` response: {"itemsReceived":1,"itemsAccepted":0,"errors":[{"index":0,"statusCode":400,"message":"Invalid instrumentation key"}]} ' in /home/coretek/public_html/wp-content/plugins/application-insights/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113 Stack trace: #0 /home/coretek/public_html/wp-content/plugins/application-insights/vendor/guzzlehttp/guzzle/src/Middleware.php(66): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response)) #1 /home/coretek/public_html/wp-content/plugins/application-insights/vendor/guzzlehttp/promises/src/Promise.php(203): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response)) #2 /home/coretek/public_html/wp-content/plugins/application-insights/vendor/guzzlehttp/promises/src/Promise.php(156): GuzzleHttp\Promi in /home/coretek/public_html/wp-content/plugins/application-insights/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113