Quick Tip: Get All The Security Patches Installed On A Server Since A Specific Date

Recently, I needed to get a list of all the security patches I’d installed on a group of servers in the last year. It turns out that there’s a WMI class for this and it’s super easy to retrieve this info.

In the win32_quickfixengineering class, you’ll find all the security patches installed on a system. One of the properties is the InstalledOn attribute which more recent than a year ago.

If you have a list of servers to do this for, this is still really easy.

Just paste them into a here-string and execute this for each of them.


Using PowerShell To List All The Fonts In A Word Document

Recently I was challenged by a coworker to use PowerShell to list all the fonts in a Word document. It turned out to be easier than I thought it would be… but also slower than I thought it would be. Here’s what I came up with.

There could very well be a better way of doing this but this is what I came up with in a hurry. Line 1 declares a new instance of Word and line 2 opens the document we’re looking at. Then, for each word (which is handily a property of the open word document), we’re expanding the font property and selecting all the unique names of the fonts on line 3. Lines 4 and 5 close the document and quit Word.

So you can get something like this!

Get All The Fonts In A Word Document Via PowerShell


Quick Tip: Allow A Null Value For An Object That Doesn’t Normally Allow It

In the PowerShell Slack channel (powershell.slack.com) a question came up along the lines of “I have a script that needs to pass a datetime object, but sometimes I’d like that datetime object to be null”. Never mind that maybe the script could be re-architected. Let’s solve this problem.

The issue is, if you try to assign a null value to a datetime object, you get an error.

The solution is super easy. Just make the thing nullable.

This will return no output. So when you’re declaring the variable that will hold your datetime object, just make sure you make it nullable.

Just for more proof this works as advertised, try this.



Quick Tip: Copy The Output Of The Last PowerShell Command To Clipboard

I recently found myself poking around in PowerShell and going “oh, good now I want to copy and paste that output into an email/dialog box/tweet/notepad/another script/complaint box” and either trying to copy and paste it out of PowerShell or hitting the up arrow and piping whatever the last command was into Set-Clipboard. What a hassle.

So, I threw this small function into my profile.

You’ll need PowerShell 5.0 for this one (for Set-Clipboard). This just looks like gibberish though, what’s going on?

Well, clearly I’m defining a function named cc which is not a properly named PowerShell function but I’m being lazy. What does it do? Well it does r | scb.

r is an alias for Invoke-History which re-runs the last command you typed. Try it yourself.

scb is an alias for Set-Clipboard which means whatever came out of the last command will be the new contents of your clipboard.

The cool thing about this is it doesn’t just have to be text. Check out my other post about all the things Set-Clipboard can do.


Quick Tip: PowerShell Regex To Get Value Between Quotation Marks

If you’ve got a value like the following…

… that maybe came from the body of a file, was returned by some other part of a script, etc., and you just want the portions that are actually between the quotes, the quickest and easiest way to get it is through a regular expression match.

That’s right, forget splitting or trimming or doing other weird string manipulation stuff. Just use the [regex]::matches() feature of PowerShell to get your values.

Matches takes two parameters. 1. The value to look for matches in, in this case the here-string in my $s variable, and 2. The regular expression to be used for matching. Since Matches returns a few items, we are making sure to just select the value for each match.

So what is that regex doing? Let’s break it down into it’s parts.

  • (?<=\”) this part is a look behind as specified by the ?<= part. In this case, whatever we are matching will come right after a quote. Doing the look behind prevents the quotation mark itself from actually being part of the matched value. Notice I have to escape the quotation mark character.
  • .+? this part basically matches as many characters as it takes to get to whatever the next part of the regex is. Look into regex lazy mode vs greedy mode.
  • (?=\”) this part is a look ahead as specified by the ?= part. We’re looking ahead for a quotation mark because whatever comes after our match is done will be a quotation mark.

So basically what we’ve got is “whatever comes after a quotation mark, and as much of that as you need until you get to another quotation mark”. Easy, right? Don’t you love regex?


How To Send An Email Whenever A File Gets Changed

A little while ago, I fielded a question in the PowerShell Slack channel which was “How do I send an email automatically whenever a change is made to a specific file?”

Turns out it’s not too hard. You just need to set up a file watcher.

First, we create the watcher, which is just a FileSystemWatcher object. Technically the watcher watches the whole directory for changes (the path), which is why we add a filter.

Then we register an ObjectEvent, so that whenever the watcher sees a change event, it performs an action. In this case, I just have it writing output but it could easily be sending an email or performing some other task.

To get rid of the ObjectEvent, just run the following.

It’s just that easy!


Getting Started With Pester

If you don’t know what Pester is, it’s a framework for running unit tests and validating PowerShell code. Also, it’s awesome. In May I finally dipped my toe in the water with a pretty simple test for a REALLY simple function. I’m not going to go into a world of detail on how exactly all my Pester code works because there are tons of guides for that. What I’m going to do instead is provide a quick run down of what I came up with.

First things first, I need a function to validate.

I guess that will work. Write-SomeMath takes two integers and returns their sum. Hardly a breathtaking display of complexity and function but it will do just fine for this example.

Now I need to install Pester. The easiest way to do this is using the PSGet module in PowerShell 5.0 to get it from PowerShellGallery.com.

The next thing I need is a Describe block.

This Describe block will contain and – you guessed it – describe the tests (I just used my filename) and provide a unique TestDrive (check out the getting started link).

Now I need a Context block.

I’m further grouping my tests by creating a Context here for my Write-SomeMath function. This could have been named anything.

Now, I could start with a bunch of tests, but I want to show off a particular feature of Pester that allows you to pass an array of different test cases.

All I did was define an array called $testcases which holds an array of hash tables. It’s got the first number, second number, expected result and a name of what we’re testing. Now I can pass this entire array to a test rather than crafting different tests for all of them individually.

This is an It block which is what Pester calls a test. I’ve named it “Can add <test>” and it will pull the “test” value from the hashtable and fill it in. Cool! I’m using the -TestCases parameter to pass my array of test cases to the It block. Then I’ve got parameters inside the test for my first value, second value and expected outcome. I execute Write-SomeMath with the values pulled from my test cases and pipe the result to “Should Be” to compare the outcome to my expected outcome.

Now, just one more test for fun. What if I don’t pass an integer to my function?

Another It block for detecting wrong datatypes. I pipe the result into Should throw because my function should throw an error. For this to work properly, the code I’m testing has to be wrapped in a scriptblock, otherwise the thrown error will occur and be trapped in my function.

Here’s the outcome when I run this file!

Getting Started With Pester - Results

Pester Results

Pretty cool. My first test passes, the second one fails and tells me why, the third and fourth tests pass. The fourth one is especially interesting. The function FAILED but because the test said it SHOULD FAIL, the test itself passed.

So that’s my “dip my toes in the water” intro Pester test. Stay tuned for more complicated examples.


Using PowerShell To Add Groups To “AcceptMessagesOnlyFromDLMembers” Exchange Attribute

Here’s a bit of an obscure task. In Exchange you can configure the AcceptMessagesOnlyFromDLMembers attribute which does what it sounds like it does: it only allows the mail recipient to accept messages from members of specific distribution lists. The problem is, there’s no built in method for appending a distribution list (DL) to an existing list of DLs. If you set AcceptMessagesOnlyFromDLMembers equal to a value, it overwrites what was there before. So, I wrote a quick script to append a value instead of overwriting it. You’ll need a remote Exchange Management Shell and the AD management module for this.

First things first, I declare the function named Add-AcceptMessagesOnlyFromDLMembers which is a bit more verbose than I’d usually like to make it, but I’m also a fan of descriptive function and cmdlet names.

Second, I need some parameters. The mail recipient whose AcceptMessagesOnlyFromDLMembers value we’re appending something to, and the DL that we’re appending.

Line 11 is where we begin doing the real work. I’ve got to get the mail contact and select just the value currently in AcceptMessagesOnlyFromDLMembers so I can append something to it. I store that data in $arr.

On line 12, I’m retrieving the CanonicalName attribute for the DL I want to append to the list of DLs that can send mail to this contact. The AcceptMessagesOnlyFromDLMembers attribute is a bit weird in that it only appears to take Canonical Names, not Distinguished names, etc.. I’m appending that value to the end of $arr.

Line 13 is pretty straight forward. I’m setting the AcceptMessagesOnlyFromDLMembers attribute to the value of $arr determined in line 12.

That’s it! If this is a task you perform regularly, please take this script and apply it. If you make it more robust, I’d love to see what your modifications are.


Easily Restore A Deleted Active Directory User

If you have a modern version of Active Directory, you have the opportunity to enable the Active Directory Recycle Bin. Once enabled, you have a chance to recover a deleted item once it has been removed from Active Directory.

Here’s a quick and easy script to recover a user based on their username.

On the first line, we’re getting the DistinguishedName for the deleted user. The DN changes when a user gets deleted because it’s in the Recycle Bin now. Where’s your deleted objects container? Well it’s easily found with the (Get-ADDomain).DeletedObjectsContainer part of line 1. All we’re doing is searching for AD objects in the deleted objects container whose username matches the one we’re looking for. We need to make sure the -IncludeDeletedObjects flag is set or nothing that’s deleted will be returned.

On the second line, we’re just using the Restore-ADObject cmdlet to restore the object at the DN we found above.


Quick Script Share: Adding A Bunch Of Random Test Users To Active Directory

I recently had a need to add a bunch of random users to a specific OU in Active Directory to do some testing. I didn’t care what their names were, but, I wanted to be able to find all the users that belonged to each batch. Here’s the script I wrote to do this.