Pablo's Powershell Pow-Wow

Discussion in 'Business & Enterprise Computing' started by PabloEscobar, Sep 18, 2014.

  1. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,669
    That what I've been working on for where I work.
    A script to onboard and a script to exit.
     
  2. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,172
    Location:
    Brisbane
  3. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,669
    I'd be staggered if they did.

    But I'll check that link out anyway because I know IT management is keen to hand off account creation to HR.
     
  4. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,172
    Location:
    Brisbane
    Right where it belongs.

    If you've got RBAC configured you could create a table of Role to Group Membership mappings, and then any access issues are also all HRs problem.
     
    randomman likes this.
  5. sic_vl2000

    sic_vl2000 Member

    Joined:
    Dec 13, 2004
    Messages:
    998
    Are you able to share what your script looks like at all?
     
  6. sic_vl2000

    sic_vl2000 Member

    Joined:
    Dec 13, 2004
    Messages:
    998
    Has anyone used a script to logoff disconnected sessions from Citrix app centre?
     
  7. karmic

    karmic Member

    Joined:
    Jun 28, 2001
    Messages:
    129
    Location:
    Perth
    Whats the use case here? Normally you would have GPO's managing both idle the time before disconnecting a users session, and how long before a disconnected session is logged off.
     
  8. sic_vl2000

    sic_vl2000 Member

    Joined:
    Dec 13, 2004
    Messages:
    998
    It's part of the calls that support desk get at the moment from staff while wfh. If someone's connection drops out then their session gets cleared and they can login again. Probably get around 10-15 a day on average.
     
  9. richard0296

    richard0296 Member

    Joined:
    Jul 28, 2009
    Messages:
    2,567
    Location:
    sydney
    would powershell really add any efficiency vs having director/app centre open each morning? if 7 and > i've had good experiences with ctx ps broker cmdlets and get-brokersession/disconnect-brokersession -username -sessionstate etc however i still don't see this adding any benefit unless you are trying to take service desk/help desk out of the equation and just straight up disconnecting all stale sessions on an X minutes basis
     
  10. miicah

    miicah Member

    Joined:
    Jun 3, 2010
    Messages:
    7,508
    Location:
    Mount Cotton, QLD
    Code:
    Get-ADComputer WS123456789 | Select -ExpandProperty DistinguishedName.Split(",")
    Get-ADComputer WS123456789 | Select -ExpandProperty DistinguishedName {$_.split(",")}
    
    Trying to get a specific OU out of the DistinguishedName, how the hell do I do this in a one liner? Managed to get it to work by doing it this way:

    Code:
    $fullOU = Get-ADComputer WS123456789 | Select DistinguishedName
    $splitOU = $fullOU.DistinguishedName.Split(",")
    $splitOU[1]
    But surely there is a clean way to do this in one line?

    EDIT: Got it :)

    Code:
    Get-ADComputer $computer | Select {$_.DistinguishedName.Split(",")[1]}
     
    Last edited: Aug 4, 2021
    colmaz likes this.
  11. gav1ski

    gav1ski Member

    Joined:
    Aug 9, 2001
    Messages:
    163
    Location:
    Sydney
    You could also try a combination of indexof and substring to pull it out if you don't want to use an array position
     
  12. miicah

    miicah Member

    Joined:
    Jun 3, 2010
    Messages:
    7,508
    Location:
    Mount Cotton, QLD
    I suspect this is a sort of "do it how you want" type of thing, but is there any general layout or way to get something like this done in a script?

    Code:
    $envVariables = Get-CimInstance -ClassName Win32_Environment
    $usrGroups = ($envVariables | Where-Object {$_.Name -eq 'USERGROUPS'}).VariableValue
    Like there are a few ways I can think of doing this, but is there a more correct way?
     
  13. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    https://xyproblem.info/ :).

    What are you actually trying to do?
     
    looktall likes this.
  14. miicah

    miicah Member

    Joined:
    Jun 3, 2010
    Messages:
    7,508
    Location:
    Mount Cotton, QLD
    I want to run certain PowerShell functions based on the logging in users OU, the computer OU as well as the groups that a user is a member of.

    Our login script (which is a VBS script written by the department and applied state-wide, I cannot modify it) writes the environment variables to the registry on login. Through testing I have found that when a user logs on to the device for the first time, using the PowerShell $env: drive pulls up some generic environment variables and not the custom ones written to the registry (side note, they work fine on second login).

    So I found the Get-CimInstance command, used that and pulled the data, it works.

    It returns an object of Microsoft.Management.Infrastructure.CimInstance#root/cimv2/Win32_Environment, with 3 columns and I figured out a way of returning certain values based on the 'Name' property as above.

    I was just wondering if there is a more correct way to do this in a written script, vs a one-liner in a PowerShell window.
     
  15. randomman

    randomman Member

    Joined:
    Oct 21, 2007
    Messages:
    5,166
    Location:
    Vancouver, BC
    No need for select, just call the property directly
     
    Last edited: Sep 10, 2021
    miicah likes this.
  16. Ogre

    Ogre Member

    Joined:
    Aug 13, 2003
    Messages:
    2,447
    Location:
    Sydney, Australia
    So the end goal is to have two login scripts?

    If the variables you want are written to the registry why not pull from there or if they are based on Active Directory, just pull directly from Active Directory?
     
  17. miicah

    miicah Member

    Joined:
    Jun 3, 2010
    Messages:
    7,508
    Location:
    Mount Cotton, QLD
    Yes essentially, since the department is dragging their feet on changing the logon.vbs over to PowerShell. So in their script I am able to add a line to call my own PowerShell script.

    I am pulling from the registry, it works as I expected, I'm just wondering if there are conventions for writing script blocks over one-liners, or if it's "if it works it works" kinda thing.
     
  18. Ogre

    Ogre Member

    Joined:
    Aug 13, 2003
    Messages:
    2,447
    Location:
    Sydney, Australia
    Something like this might help https://github.com/PoshCode/PowerShellPracticeAndStyle

    Think commenting, readability, logging and error handling
     
    miicah likes this.
  19. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,638
    For me and mine.

    Anything that is going to live longer than the PS Session its in, won't use Aliases or one-liners
    Readability and supportability are king when it comes time for future me to look at how/why something is being done.
     
    randomman likes this.
  20. leighr

    leighr Member

    Joined:
    Feb 28, 2002
    Messages:
    602
    Location:
    Richmond, Melbourne
    More often than not, past me is an absolute arsehole. :Paranoid:
     

Share This Page

Advertisement: