I was excited about the Windows 8 developer preview that was released earlier tonight, so I fired up Virtual PC to start playing around with it.  I ended up with an error when it was loading so I thought maybe I had a bad copy of the ISO so I thought "I know, I'll do a checksum test."  Unfortunately, I don't have a tool to take a checksum on my current machine so naturally I wrote a simple function in PowerShell to do the checksum test for me.

It has only a few simple parameters that you can enter, file and algorithm.  "File" is for the actual file you want to checksum.  "Algorithm" is either "sha1" or "md5" and will let you get both an MD5 and a SHA1 checksum of the specified file.

Update: If you came here looking for the SHA1/MD5 hashes for the Windows 8 CTP iso’s, here you go.

Windows Developer Preview with developer tools English, 64-bit (x64)
SHA1: 6FE9352FB59F6D0789AF35D1001BD4E4E81E42AF
MD5: 116EB08542BB48FE4314BB6DEA39335E

Windows Developer Preview English, 64-bit (x64)
SHA1: 79DBF235FD49F5C1C8F8C04E24BDE6E1D04DA1E9
MD5: DFCB53C7B32351784C37E5DE0A7B1167

Windows Developer Preview English, 32-bit (x86)
SHA1: 4E0698BBABE01ED27582C9FC16AD21C4422913CC
MD5: 9B7798438FA694ECFA465C93A4C23C97

You can download the full script after the jump.

function Get-Checksum
{
    Param (
        [string]$File=$(throw("You must specify a filename to get the checksum of.")),
        [ValidateSet("sha1","md5")]
        [string]$Algorithm="sha1"
    )

    $fs = new-object System.IO.FileStream $File, "Open"
    $algo = [type]"System.Security.Cryptography.$Algorithm"
	$crypto = $algo::Create()
    $hash = [BitConverter]::ToString($crypto.ComputeHash($fs)).Replace("-", "")
    $fs.Close()
    $hash
}

As a Premier Field Engineer for Microsoft, I'm often presenting workshops to classrooms of people on various technologies.  During these workshops we take breaks and work on labs and it's nice to have some kind of countdown timer to show the attendees how much time is left in a break or until we begin the next module for example.

Sysinternals has a very useful tool called ZoomIt which allows presenters to zoom in, draw, and even display a countdown timer on the screen.  While this tool is well designed and is even used by many PFE’s around the world, including myself, and while it includes useful features such as playing a sound when the timer has completed and even displaying a background image, it left me wanting more.  I just wanted something basic that I could use when presenting PowerShell material that would allow me to simply specify a time and a message… so I made my own.

Head after the jump to download the script.

I wrote a script that would allow me to display a popup countdown timer from within the PowerShell console.  The script I wrote is provides two different countdown timers: one is very basic and just displays a simple two line countdown, the other is a bit more advanced and displays an “F7 style” popup window like in the screenshot above.  It looks pretty nice even though you're still limited to the font size of your shell (I always have mine set high (12×16) for projection screens anyway).  You can use the built-in Windows magnifier to enlarge it even more if you really want.

Here are a few usage examples, but you can see everything by looking at the comment-based help by running get-help .\display-countdown.ps1 -full

Usage examples:

————————– EXAMPLE 1 ————————–

C:\PS>.\display-countdown.ps1 -Minutes 15 -Message "Time until break is over"

This will display a simple text-based countdown that will expire 15 minutes from the time it was called, displaying the specified message as a header.

 

————————– EXAMPLE 2 ————————–

C:\PS>.\display-countdown.ps1 -Until (get-date).AddHours(1) -Message "Lunch break" -Popup

This will display a countdown timer that will expire in one hour from the time it was called, displayed "Lunch break" as the caption.  This example displays in the more user friendly popup mode.

 

————————– EXAMPLE 3 ————————–

C:\PS>.\display-countdown.ps1 -Countdown ([TimeSpan]::FromMinutes(10)) -Message "Bio Break" -NoClear

This will display a simple text-based countdown that will expire 10 minutes from the time it was called, displaying "Bio Break" as the header.  This call does not clear the screen of its contents before running. 

Download display-countdown.ps1

An interesting situation came up recently that involved having to execute a PowerShell script through the cmd.exe command prompt. It sounds pretty simple, after all you can simply run powershell.exe –file “<path_to_script>” and call it a day. That wasn’t the case here though because the –File parameter is only available in PowerShell V2 and this situation was dealing with V1. The only option then is to use the -command argument of powershell.exe and to execute the necessary code. This works great, but if you need to include a string with quotes, you may have some trouble.

Scroll to the end for the summary if you just want to see how to properly get quotes into your powershell.exe -command argument.

Within PowerShell, it is incredibly simple to execute a script (assuming your script is signed or you have the execution policy set appropriately). There are a few gotchas that people get caught up on when they are starting out with PowerShell so I’ll quickly cover them first.

We want to execute the script, so we just provide the full path to the script and hit enter, right?

That didn’t work because of the spaces in the path. Ok, then we just proceed like we would in a command prompt and put the path in quotes, right?

Unfortunately that doesn’t work either because now you are just telling PowerShell “Hey, here is a string” and it simply spits it back out to you. The correct procedure is to use the Call operator with the entire path in quotes and it should work out fine.

Then, if we want to use the environment variable for the program files directory, we can just do the following:

Now that we know the proper command syntax, we need to switch over to a command prompt, since this script has to be executed from there. We know that powershell.exe can accept a –Command parameter which should allow us to execute the same command we just figured out within the PowerShell prompt.

That doesn’t work, but what exactly is going on here? Based on the output of the error, we can see that the environment variable is being expanded appropriately, but it looks like everything past “script” is being interpreted as an additional parameter. With this in mind, it seems like it’s a simple matter of having to escape the quotation marks around the path of the script to make sure it’s interpreted as a single value. Because we are in a dos prompt though, the first thought might be to use a caret (^) to escape the quotes, which is something we do all the time in batch files.

That doesn’t work either, but the error is slightly different this time. Instead of the intended result of having a quotation mark, the quotes are actually dropped and the caret is inserted. So clearly the caret didn’t help, so next we try the PowerShell escape character, the grave accent (`). This may make more sense because the logic is that whatever is inside the outer quotes, gets passed into the PowerShell executable, then the rest of it gets interpreted. Therefore we need PowerShell to be aware of what we are doing.

Interestingly, the environment variable isn’t being expanded now; additionally the grave accent isn’t being passed at all. It’s as if PowerShell is completely disregarding the text we are inputting.

So what is actually going on here? As it turns out, we aren’t dealing with an issue with choosing the right escape character for DOS, or the right escape character for PowerShell. The problem is that we need to use an escape character that the PowerShell argument parser can understand. The powershell.exe binary isn’t a batch file or powershell script, it is an actual compiled program and as such has to actually parse the arguments that are given to it. With that in mind, we need to use the appropriate escape character, the backslash (\).

So what is the conclusion here? When trying to execute a command in PowerShell via the -Command argument of powershell.exe, be sure to escape your quotes with the C style back slash.

This behavior is by design, there is no doubt there. Ultimately, it all comes down to how the application (powershell.exe in our case) parses the command line arguments. PowerShell handles it this way whereas another app could in theory have it’s own, completely made-up, set of escape characters for arguments that are enclosed in quotes. While it may be confusing when trying to execute commands via the PowerShell binary, this actually is logical behavior when you think about it, and once you are aware of how it works, you will likely never forget.

The modified certutil command looks a bit like this:

certutil -view -restrict "NotAfter>=8/9/2010,NotAfter<=9/9/2010" -out "Request ID, Request Submission Date, Request Common Name, Requester Name, Request Email Address, Request Distinguished Name, CertificateTemplate, NotAfter" -config "<CA_SERVER_NAME>\<CA_NAME>"

This will return to you all of the certificates that are scheduled to expire between today (August 9th, 2010) and 30 days from now (September 9th, 2010)

You can download the new script here: Download monitor_ca_expiry.ps1

Update: Thanks to Aaron (from New Mexico? the original reader) who noticed I forgot one really useful bit of information from the status report that displays when you run the command: the date of expiration for the certificate.  I have updated the script and the sample above to reflect the change.

One thing that is a bit frustrating is that even when you have the logging options fully enabled for the CA, events aren’t logged for new certificate requests so you have to manually check the server on a regular basis for outstanding requests. Usually this is a low priority kind of service in your enterprise and can get neglected, which has happened in my case a few times.

This neglect prompted me to write the following Powershell script which very simply uses certutil to check if there are any pending requests, and then fire off an email to a list of users if there are. This script could also be easily modified to check for revoked certificates or to generate a weekly report on existing certificates to monitor expiration dates, among a bunch of other things, however I really only needed this for requests so that’s all it does for right now. If anyone has any interest in something else, let me know and I’ll see about updating the script to include additional features.

To use this script, all you need to do is ensure you have a copy of certutil on the machine running this, update the configurable pieces of the script, then create a scheduled task to run it every hour or so, or whatever time-frame is appropriate for you and your organization.

More information and a download link is after the break…

The script uses a very simple function of certutil to check for pending requests. You can execute the following code from a command prompt or powershell prompt to see a list of existing pending requests.

certutil -view -out "Request ID, Request Submission Date, Request Common Name, Requester Name, Request Email Address, Request Distinguished Name, CertificateTemplate, Request Disposition" -Restrict "Request Disposition=9" -config "<CA_SERVER_NAME>\<CA_NAME>"

Basically what this is doing is it is telling certutil to check for any certificates where the request dispoition is 9, in other words, any pending certificate requests. It then outputs a few usefull properties related to the certificates. All you need to change is the part with “\” to include the valid server and name.

Note: You can omit the entire “-config “<CA_SERVER_NAME>\<CA_NAME>”" piece if you are running this locally from the CA server and only want to retrieve the local information.

For the full powershell script, click the download link here: Download monitor_ca_requests.ps1

Update 2010-03-03: Keep in mind that this was fixed in vSphere 4 Update 1. Although if you can’t move to Update 1 for some reason, this will still work.

Update 2009-09-08: I just updated the script because I received a report from wohali (Joan) over at VMware communities that they had a problem when the vSphere client was installed on a different drive and I have now fixed that problem.  I also added in support for making the host update utility work as well.  Lastly, I added a few output messages so you can see what’s going on and know what is getting done.

The past few months I have been enjoying Windows 7 quite a bit (both the RC and now the RTM), but at the office we use VMware for many of our clients and the vSphere Client unfortunately has an issue with Windows 7 due to an incompatibility with a .Net 2.0 library dll that comes installed on Windows 7.  When you install the vSphere client, you will be able to get through the install without an issue usually (If you have J# already installed you may encounter issues installing the vSphere client), but once you try to connect to your vSphere server you get an error stating “Error parsing <server> clients.xml file  Login will continue contact your system administrator” followed immediately by another error “The type initializer for “VirtualInfrastrcture.Utils.HttpWebRequestProxy” threw an exception” which then brings you back to the login screen and you are unable to connect in.

There’s big thread over at VMware Communities that discusses this problem and ways to fix it.  Unfortunately, it’s a manual process and deploying this out to all of our Windows 7 employee workstations is a bit of a hassle, so I have created a Powershell script that will do the necessary work for you, and create a shortcut on your desktop as well.

By default, powershell security options may prevent you from executing the script, so you may have to change a setting temporarily to get it to work.  If you type “Get-ExecutionPolicy” from a powershell window you will most likely see “Restricted” but there are a few others as well which will all prevent you from executing the script.  You can read more about this over at dotnetvj.com where he goes into a little more detail about these execution policies and what they mean.  All you need to do though is type “Set-ExecutionPolicy Unrestricted”  Just remember that you should probably set the execution policy back to its previous value after you run the script for security purposes.  Lastly, you will also need to run powershell as an administrator if you have UAC turned on because this script has to add files to the installation folder of your vSphere client.

Launch Powershell as Administrator

Once you have powershell running as an administrator and change the execution policy, it is a simple process to run this script, simply CD to the folder that you have extracted the script, and run it by typing “.Windows7vSphere.ps1” and it will do the work of copying over the System.dll and creating the necessary files to launch vSphere client in development mode so it can use the System.dll.

Change execution policy and execute Windows7vSphere.ps1

You should now have an icon on your desktop called “VMware vSphere Client (Windows 7)” which you then simply run as administrator to launch the vSphere client.  The reason you have to launch it as administrator is because it creates an environment variable that lets the vSphere client know that you are giving it a different System.dll to work with.  This is something also discussed in detail in the thread over at VMware Communities.

For anyone interested in powershell, this script also shows a few cool things such as reading from the registry, writing to an xml document, as well as creating a windows shortcut using pretty simple commands.

Hopefully this will help a few people streamline the process of getting the vSphere client installed on your Windows 7 machines.  If you notice any problems with the script, feel free to comment and let me know and I’ll try to fix it as soon as possible.

Download the script and the dll needed here: Download Windows7vSphere.zip

If you encounter a situation where you need to enumerate members of a group that my validation does not allow, you can scroll down to line 271 in the script and change the $rx variable to “.+” to make it simple which will allow you to pass any characters.  If you pass invalid characters you will get some funny errors happening, but it should work.  You may have to use quotes around the name if you are looking to use spaces or other allowed special characters.

Taking another look at the code, I also found a small bug that was causing the display of notes associated with a group to print out an error about null strings.  This should be fixed now.  If anyone notices any other problems, feel free to comment and let me know and I will try to fix it or add in the change as soon as possible.  I’ll be posting another update soon that goes the other direction of this script, one that enumerates group membership for a specific user.

Thanks again to Darren from Brisbane(?), Australia for pointing this out.

Here is the updated script download link: Download enumerate_groups.ps1

In my organization, we make use of many different groups to separate departments and sub-groups of each department, and many groups build off of this. We also make use of Dynamic Distribution Groups to make things a bit easier on the admin side of things. When tasked with cleaning up these distribution groups and making them easier to manage, it was a bit difficult determining who was supposed to receive mail for what group.

This is because the Get-DistributionGroupMember cmdlet doesn’t have a parameter like –expand which will give you all of the child groups and their members as well. If you have a group called “Engineering” which then has 4 child groups for each department and then each of those groups has each individual mailbox, when you perform “Get-DistributionGroupMember -Identity Engineering”, you will only see the four child groups, not each member of those as well. This became a big issue because of how much we rely on sub-groups in our organization, and after a lot of investigation it turned out there was no way to do this built in directly to any cmdlet, so I wrote a script that would do this for me.  If you need to recursively enumerate distribution group members you are unfortunately out of luck with built in cmdlets.

There are a number of scripts out there that serve a similar purpose as the one I have created, but most do not handle mail contacts or dynamic distribution groups, so I figured if I am going to have to add functionality, I might as well write it myself from the ground up. So now, if you are ever in need of getting child members of a distribution group you can use this script to help you out.

One nice feature here is if you specify “-showTree” as a parameter, it will display a treeview of all the groups. Without -showtree it will just grab all child members and display them in a flat view. The script is pretty long because I included help text that displays if you run the script without any parameters, and for that reason I am just posting it as a download link. Hope this helps a few people out there who went through the same trouble I did finding out that there is no built in way to do this!

Download Link: Download enumerate_groups.ps1