Is there a way to get the list of installed applications from Regestry without interacting with the PC directly via WMI?
I have a promoted to RW user on a Domain Controller and a bunch of PCs. I want to write an automation PS-script which will grab strings from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
You can use the WMI:
Get-WmiObject win32_product
But not recommended to use that cause it's broken. You should use the registry approach only like:
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize
Related
I am working on Devops project to run QA powershell codes as custom script extensions . I need to run it on multiple Virtual machines (minimum 10). I figured out how to install custom script extension parallelly in VMs. But I did not find a solution uninstall custom script extensions parallelly in Vms . Please help. I am ok with ARM template or using Azure CLI .
one way would be to use jobs, something like this (rough sketch):
"vm1","vm2","vm3" | Foreach-Object {
Start-Job -ScriptBlock {
Remove-AzureRMVMCustomScriptExtension -ResourceGroupName xxx -VmName $using:PSItem -Name extensionname -Force
}
}
the above will work if you have azurermcontextautosave enabled. ARM Templates are not capable of removing custom script extension, you might experiment with Complete mode, but its a bit dangerous.
But honestly you just need to use forceUpdateTag to just force extension to rerun, without removing it
I want to create shadow storage for one drive on another using Windows 10.
For server windows editions, there is:
vssadmin add shadowstorage /for=<ForVolumeSpec> /on=<OnVolumeSpec> [/maxsize=<MaxSizeSpec>]
The add command is missing in Windows 10, how would one go about it?
There are some Powershell commands available, but I could not make them work.
(Get-WmiObject -list win32_ShadowStorage).Create('C:\','D:\','3000000000')
VSSAdmin only has the "create" option on a Windows Server. Instead, you will have to make use of a PowerShell script to create the shadow.
powershell.exe -Command (gwmi -list win32_shadowcopy).Create('E:\','ClientAccessible')
Since this just makes use of the Win32_ShadowCopy class in WMI, you can use other methods to create the shadow. This includes the "wmic" utility.
wmic shadowcopy call create Volume='E:\'
when i'm running the command "tasklist.exe" in the Kudu Web Frontend CMD it returns nothing, it seems that the process is hanging.
We need this command in our web application. Does anyone can confirm this or has a resolution ?
Our application runs on node.js (for information)
Image: http://i.stack.imgur.com/ffPIS.png
Thanks!
Same here. I have no resolution, but maybe a workaround.
Use the PowerShell console instead (same menu as the cmd) and the command Get-Process.
If you're missing properties in the default output, select the ones you need.
To see a complete output use Get-Process | select *. Look there for properties you need. The output could be a little bit confusing because there are so many properties.
If you know what properties you need, you could create a nice output. For example: Get-Process | Format-Table Name, Handles, StartTime, Path -AutoSize
On windows, I can use runas to run an application as another account (not the one your are logged in at the moment) like this:
runas /netonly /user:some_domain\account "utility.exe"
How can I get this some_domain\account from PowerShell? I've checked Get-Process and win32_process WMI class but didn't find anything useful.
Update
Re #briantist's answer:
I'm a little confused about the result from #briantist's answer. I logged on to my computer using a local account (my computer is not in a domain) and runas the utility (SQL Server management studio aka SSMS here) as a domain account. When I run the script that #briantist provided, the result just shows me that SSMS is running on my local account not the domain account. But in SSMS I can use a function suser_sname() to ask the server who am i and the result is some_domain\account. It's a little weird to me. Is this by design or am I wrong some where?
Get-process has an -IncludeUserName switch:
get-process -IncludeUserName
Specifically for utility.exe:
get-process utility -IncludeUserName
Tony Hinkle's answer (+1) is great, and very simple, but it does require elevation.
To do this as a non-privileged user, you can use CIM:
Get-CimInstance Win32_Process -Filter "name='utility.exe'" | Invoke-CimMethod -MethodName GetOwner
If you can elevate, I do recommend the other answer.
I am developing a Linux auditing application that, among other things, has to retrieve installed software and licenses from a Windows machine. The application MUST be agent-free.
wmi-client actually does implement what I want, I tryed to query applications and it worked just fine:
# LAUNCHING WMIC PLUGIN
my $cmd = "wmic -U ".$username."%".$password." //".$hostname." \"select Name, Version from Win32_Product\"";
my $output = `$cmd`;
print "INSTALLED SOFTWARE:\n";
print "$output";
Now my question is, how can I retrieve the Product Key for certain applications? I know that sometimes they are stored in the Registry Key, can I query them through WMI?
EDIT: Just found that on a website:
http://social.technet.microsoft.com/Forums/en/winserverGP/thread/5cd1b80a-2f90-4d46-bf65-dba52dcf0c56
WQL queries are based on certain WMI classes which offer a set of properties.
The WMI registry actions instead are based on the "StdRegProv" in the "Default" namespace and certain methods have to be called to get a result. That means a registry query bases WMI filter is not possible.
So it looks like WQL cannot interrogate Registry Keys, what can I do then? Any ideas?
I do not have any experience using it on non-Windows clients, but there is DBD::WMI.