It is a common requirement to implement some logging into scripts. Imagine the scripted processesing of hundreds of items like user directories or whatever. If you later need to investigate the facts that led to issues a log file of that script could help to identify the cause of the problem.

PowerShell has a built-in recording feature which can be turned on and off with the cmdlets Start-Transcript and Stop-Transcript. When in script mode, Start-Transcript records all output that appears on the console in a text file as long as recording is stopped with Stop-Transcript.

As Start-Transcript creates a record of a PowerShell session in a text file it can be considered as a tee command that is working in the background. Once turned on all the console output will automatically recorded in the transcript file.

If your script is already designed to display information, warning, errors, etc. on the console you only need to turn on/off the recording in a text file as follows:

# turn on logging to fullpath\scriptname.log
$ScriptFullName = & {$MyInvocation.ScriptName}
$TranscriptFile = $($ScriptFullName.Replace(".ps1",".log"))
Start-Transcript -Path $TranscriptFile

# ...

# turn off logging
Stop-Transcript

Ever needed to test something using the system account? There are a number of ways to get a command prompt running in the system account context. My favorite has always been the sethc hack because I could use it even without logging on to the system. Until today, however I never tested my favorite hack on Windows 2008. Guess what… it still works

Here’s what you need to do. I left UAC enabled and went into the system32 directory and located the file called sethc.exe. Right click, take ownership and set the security for your admin account modify.

Now overwrite sethc.exe with cmd.exe (copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe) and logoff.

When back on the WinLogon Desktop press <SHIFT> five times; a command box should now popup.

Now, you can do all sorts of fun things but more importantly you can for instance test if some security setting somewhere isn’t blocking your computer from connecting to a share or some other resource.

Happy testing!

Check if the current user is member of a certain group:

“*\domain users” | %{$grp = $_ ;  ([security.principal.WindowsIdentity]::GetCurrent()).Groups | %{$_.Translate([System.Security.Principal.NTAccount])} | where-object {$_ -like $grp} } | %{$true}

“builtin\users” | %{$grp = $_ ; ([security.principal.WindowsIdentity]::GetCurrent()).Groups | %{$_.Translate([System.Security.Principal.NTAccount])} | where-object {$_ -like $grp} } | %{$true}

“NT AUTHORITY\Authenticated Users” | %{$grp = $_ ; ([security.principal.WindowsIdentity]::GetCurrent()).Groups | %{$_.Translate([System.Security.Principal.NTAccount])} | where-object {$_ -like $grp} } | %{$true}

What’s the first thing you do when you install a product like Hyper-V? Exactly! Install an unsupported Guest OS

I downloaded the latest version of PC-BSD just to have a look-see. (I like to play around with operating systems other than Windows but after a while I always return to Windows; I actually need to get some work done too )

So, I booted the PCBSD DVD and I was surprised how smooth the PCBSD installer was running.

But when I was done playing around with BSD I wanted to shut down the virtual machine. This proved to be a little harder than I expected.

The virtual machine just wouldn’t shutdown and all the menu items were grayed out. After some trial and error I found out that this behavior was caused by the Legacy Network adapter.

Well, at least I learned one thing: don’t set your virtual machine to auto-start after a server reboot when your are playing with an unsupported OS!

Last week I installed the free Hyper-V server from Microsoft and I LOVE IT. I installed it on a home made box with 4 250GB HDD’s in RAID-0. And with RAID-0 I mean the cheap-ass Intel Fake-RAID stuff. I upgraded my CPU to a Core2 Quad and upped my RAM to 8GB.

After downloading the DVD I inserted it, clicked through the Windows 2008 setup (all my hardware was identified immediately) waited for about 15 minutes and I was… uuuh… wait… where do I start the management console? Ok, this might be a good time to RTFM.

Turned out, you need to install the management console on a Vista box. No problem, my company laptop comes with Vista . Getting the management console to run was kinda tricky but I got it running using this step-by-step guide.

<whisper> not having the Explorer installed doesn’t mean you cannot install something like FreeCommander </whisper>

Creating MD5 hashes of strings can be useful for example when storing passwords. There is only one gotcha when trying to store the generated MD5 hash to a text file. During conversion from an MD5 hash, which is a byte array, to a string some crucial information might get lost.

Check out the following example, it will create an MD5 hash of a string and then display the hash as a hex value:

$inputString1 = “Hello World”
$inputString2 = “PowerShell is kinda cool ”

$cryptoServiceProvider = [System.Security.Cryptography.MD5CryptoServiceProvider];
$hashAlgorithm = new-object $cryptoServiceProvider
$hashByteArray1 = $hashAlgorithm.ComputeHash($([Char[]]$inputString1));
$hashByteArray2 = $hashAlgorithm.ComputeHash($([Char[]]$inputString2));

foreach ($byte in $hashByteArray1) { $result1 += “{0:X}” -f $byte }
foreach ($byte in $hashByteArray2) { $result2 += “{0:X}” -f $byte }

Write-Host $result1
Write-Host $result2

When you run the script above you will see that is has generated two MD5 hashes with different lengths:

B1A8DB164E075415B7A99BE72E3FE5
D7E0714B5CE93382EBDD80E02C375

As long as you keep comparing the MD5 hashes using the same script, you will probably never run into any problems. However, when you want to compare these hashes to MD5 hashes generated by another tool you will definitely get false negatives and you may even get false positives (oops).

A simple solution to this problem is shown below:

$inputString1 = “Hello World”
$inputString2 = “PowerShell is kinda cool ”

$cryptoServiceProvider = [System.Security.Cryptography.MD5CryptoServiceProvider];
$hashAlgorithm = new-object $cryptoServiceProvider
$hashByteArray1 = $hashAlgorithm.ComputeHash($([Char[]]$inputString1));
$hashByteArray2 = $hashAlgorithm.ComputeHash($([Char[]]$inputString2));

foreach ($byte in $hashByteArray1) { if ($byte -lt 16) {$result1 += “0{0:X}” -f $byte } else { $result1 += “{0:X}” -f $byte }}
foreach ($byte in $hashByteArray2) { if ($byte -lt 16) {$result2 += “0{0:X}” -f $byte } else { $result2 += “{0:X}” -f $byte }}

Write-Host $result1
Write-Host $result2

This script adds a “0″ in front of each byte with a value less than 16 (0x0F). The result is:

B10A8DB164E0754105B7A99BE72E3FE5
D7E0714B5CE933820EBD0D80E002C375

As you can see, this second script result in two MD5 hashes of equal length. When comparing the first script(blue) to the second(red) it becomes more clear:

UPDATE (Thanks Arnout):

$inputString1 = “Hello World”
$inputString2 = “PowerShell is kinda cool ”

$cryptoServiceProvider = [System.Security.Cryptography.MD5CryptoServiceProvider];
$hashAlgorithm = new-object $cryptoServiceProvider
$hashByteArray1 = $hashAlgorithm.ComputeHash([Char[]]$inputString1);
$hashByteArray2 = $hashAlgorithm.ComputeHash([Char[]]$inputString2);

foreach ($byte in $hashByteArray1) { $result1 += “{0:X2}” -f $byte}
foreach ($byte in $hashByteArray2) { $result2 += “{0:X2}” -f $byte }

Write-Host $result1
Write-Host $result2

Immidio made Immidio Flex Profiles 6.0 available for free. Immidio Flex Profiles is largely based on the famous Flex Profile Kit by Jeroen van de Kamp and others. However, Immidio Flex Profiles no longer uses the Microsoft Office Profile Wizard or other “third party” tools.

Upgrading your Flex Profile Kit installation to Immidio Flex Profiles is very easy since it still supports the existing Flex Profile Kit .ops files. Also, the ini files which have probably taken you a lot of time to configure are fully supported.

On a technical level the new FlexEngine, the executable which replaces the Microsoft Office Profile Wizard, is noticeably faster and it uses a zip-archive format to store files and settings. These zip files can simply be opened using the windows explorer for editing and/or troubleshooting.

Besides the technical advantages, Immidio now also offers official support for their solution. This was not really possible for the Flex Profile Kit since it depends on third party tools.

Go and check it out here: Immidio Flex Profiles