my first real powershell script – forcing sessions closed past a certain idle time

I consider myself fairly decent at writing scripts for windows stuff. Mostly in batch where I would consider myself a 9/10, and in vbscript where I would consider myself a 6/10.  Of course the windows world is moving to powershell, and I have been slowly working on learning it. (It does help that my good buddy Hal is a powershell guru.) What usually happens though is I get in a hurry for something and can’t be slowed down to learn something new. Luckily since I have changed jobs, I have more time to actually learn things instead of putting out fires full time.

So anyway, until now, most of my powershell scripts were just copying and pasting various bits from others and putting them together just to make things work, but yesterday I found a bit of a challenge.

We have an application here at work that allows a limited number of user licenses, and strangely enough, it keeps a license open for a user as long as they have the windows share open. (Don’t ask me.. this is what I was told and I’m accepting it at face value.) There’s no way to expire the license if they have the share open, and it can stay open for a number of reasons. What happens is that over time we get these left open and run out of licenses. The business has agreed that anyone that’s idle more than 2 hours can be forcibly removed from the application by removing their session to the share.

We can see if these are actually in use by opening up the computer management MMC and going to shared folderssessions. Once we sort by idle time, we can see that there are a number of sessions with more than 2 hours of idle time. (Note: In the screenshot below I have hidden the usernames and computernames.)

You can also see the same bit of info by running “net session” from a command prompt.

After some googling, I decided that wmi would be the way to go, and I immediately found the Win32_ServerConnection class. This looked like it, but if you want to see the idle time.. guess what? While everything else is, this one is not exposed. So no dice.

After scratching my head for a bit, I decided that using net session would be the way to go, and we could manipulate the output in order to get what I was after. I messed with powershell doing this for a bit and I wasn’t making any progress. Hal was on vacation in Disney world, and my other script buddy Marcus was at the Microsoft MVP summit, so I couldn’t ask him either. So I got nowhere for a bit and had to resort back to batch.

What I did was take the output of net session and use logparser.exe with a custom input format. This was a pain because the fields aren’t delimited by anything other than spaces. When I set the idle time field to date, it thought a 00:00:00 was Jan 1, 1900, so basically I was looking for a date greater than 2AM on Jan 1, 1900. Using that I was able to get the list of computers and run “net session \%strcomputer /delete”. This worked, but it was ugly, and I’m not even going to bother posting the script, because this post is about powershell.

Yesterday I decided that I wanted to get this working in powershell as much as I can, and while searching, I ran across the Win32_ServerSession Class, and was surprised to find that it included IdleTime. Nice! (why isn’t this in with the others, Microsoft? And why couldn’t I find it by searching on their site? I ran across this on page 6 of a google search.) Of course there are no methods exposed here, so I was back to the drawing board on ending the session. Eventually I had to give up because there doesn’t seem to be an equivalent for “net” inside powershell.

Based on this, I went ahead with the script as it is now, here it is:

$strComputer = “%computername%”
$tool="net.exe"
$cmdLine = "session \$computer /delete"
$idleuser=get-WmiObject Win32_ServerSession -computername $strComputer | where-object {$_.IdleTime -gt 7200} | where-object {$_.UserName -ne "SERVICEACCOUNT"} |  format-table ComputerName -auto
$idleuser
foreach($computer in $idleuser) {invoke-expression "$tool $cmdLine"}
write-output BIG BANG

In the end this was a pretty easy script, all I am doing besides setting up the variables is grabbing the info via wmi, then looking for IdleTime being greater than 2 hours or 7200 seconds, and then excluding the service account. Output what’s left to a table. I then print that to screen for my own sanity, and run a for loop against the computername using the command line of net session that I set up earlier.

Now it’s done, the script works, I know a bit more about powershell, and life is good. Next!

Advertisement

telling if tcp offload is working or not

I made an earlier post about telling if the newer advanced tcp functionality included since sp2 in 2003 server, vista, w7, 2008r2, etc was working or not. The one that I neglected to include was whether or not TCP offloading was really working or not.

All you need to do is run this command while traffic is taking place:

netstat –nt

The output will look like this:

 

On the right hand side you can see that my connections on the example computer are in the host and not offloaded.

the vista snipping tool (where is it?)

I went to use the vista screenshot tool just now and couldn’t find it. After some investigation I realized that the snipping tool is included with the “tablet pc components” in vista and w7. So if you uninstall things that aren’t needed (like the tablet pc components), then you won’t have this.

Why this is included with the “tablet pc components”? I have no idea. This doesn’t make any sense to me.

deleting a partition during the w7 install

I had an issue tonight when reinstalling w7 where the install would not let me delete the partitions on one of the disks… they could be formatted, etc, but the delete button was grayed out for some reason. Why it did this, I can’t tell you. What I finally found to fix it was this:

• on the first welcome screen of the w7 install, hit shift-f10, this gives you a command prompt
• run diskpart
• list disks
• select disk 0 (if this is the disk you want)
• clean
• exit

Then you can continue with the install on a new fresh and clean drive.

jusched.exe #fail

I really dislike this stupid java update scheduler already for a whole lot of reasons, but with windows 7 it’s an extra hassle, at least for me. This is because that new systray icons are hidden by default, so you can not notice the (stupid) thing running. Just now I started to use my laptop and realized it was very slow. Here’s why:

 

Total and complete #fail.

computer upgrades

This past weekend I made a bunch of computer upgrades.

In my main machine, called TQM, it has been upgraded recently:

• in order to run more virtual machines, the upgrade from four 1 gb sticks of ram to four 2gb sticks was a no brainer, and relatively cheap right now. Made a nice difference when running a bunch of stuff but it wasn’t noticeable with regular, i.e. non power user type use.
• I needed an additional monitor output so I could drive my two desktop monitors and the occasional image on the projector in the basement, so I found this Nvidia 9600GSO on sale at newegg.com for $40. The price was right and it works as required. No complaints.
• I started with four 250gb sata drives in a raid0 setup and had 3 drives fail over a 6 month period. Luckily I have good backups so this was mostly just an annoyance. Because of the issues I have had with these older, e.g. out of warranty drives, I went with some Seagate 7200.8 450gb drives I had laying around and made them raid0.
• Then I came across a 160gb Intel SSD upgrade. What I did was take my existing w7 install that was running on the 7200.8 450gb drives, install the SSD, then mirror the OS drive to the SSD. This worked perfectly.. so I was able to reboot, choose the backup mirror to boot from, then boot, break the mirror, delete the old boos partition, and I’m done. Easy!

My upgrades are never limited to only one machine, so I also had some new goodies for my server, thor. 

• The primary new addition was a 3ware 9650SE SATA RAID controller card. This is a 4 port card basically because I was out of SATA ports and had resorted to taking apart some USB/sata adapters so I could hook up more drives. I left in the Highpoint RocketRaid 2300 and of course the stuff built onto the motherboard.
• Installed a new “Startech” 5 bay hot swap SATA disk device. It takes up only 3 slots but has room for 5 drives.. that’s pretty cool. Add that plus the power cable and data cable mess that I can give up now, built in fan, and even temperature monitoring and alerting, and this thing is an easy win. I already had one so this allows me to do 10 hot swap data drives in the server. There are 4 spots left, one has the DVD and 3 are open.
• Installed 3 Seagate 7200.11 SATA drives, 1.5tb/each, in a RAID5 hanging off the 3ware 9650SE RAID controller.
• Installed the western digital caviar “Green” 2.0tb drive attached to the 3ware controller. Basically I wanted the most space for the money and the slowest/least power consuming hard drive as well. That’s because this drive will be a backup drive, it will be swapped with an identical one (including the hot swap tray) with a friend of mine. There will be 2 partitions on the drive that are encrypted, one is his and the other is mine. Our backups will run there nightly and every month we’ll just swap disks. It’ll get us into a routine and get us offsite backups, which is something I feel like I need. (Only because I have a lot of digital camera pictures that I have taken over the years, and I would be very, very upset to lose all of them.)