Server 2012

PowerShell: Check for user accounts running Windows Services

Recently I worked with a client to validate that if a user account were to be disabled that it wasn’t going to break any of their currently running applications. You can be bitten by an accidental miss-configuration where an end-users account is running a Windows Service or possibly at a lower level in a specific application such as SQL Server jobs. Luckily with the Power of PowerShell, we can conquer the Windows Services! It is also possible to create a SQL Query or even PowerShell scripts to query SQL, but we are not covering that in this article.

Checking Windows Services:

The biggest concern I had was the Windows Services. It is easy enough for a junior admin to install SQL and specify their account as the Service Account, THIS IS BAD! However, with some pure PowerShell, we can perform a visual inspection, or with some minor adjustments, we could look for a service running with a specific user.

Get-CimInstance -ComputerName (Get-ADComputer -Filter 'OperatingSystem -like "Windows Server*"' | Select -ExpandProperty Name) -Query "SELECT Name, StartName FROM Win32_Service WHERE StartName <> 'LocalSystem'" | ? { $_.StartName -notlike 'NT AUTHORITY*' -and $_.StartName -notlike 'NT SERVICE*' } | Select Name, StartName, PSComputerName

In the above example, we are using a parenthetical command along with the Get-CimInstance Cmdlet. The command that executes first is the Get-ADComputer. This command requires the ActiveDirectory module is available on your computer system. It uses the filter parameter to look for any computer that is running Windows Server (any version).

Then it passes those values to the Get-CimInstance, which performs an initial WQL Query, which doesn’t allow and statements. Therefore, we have to pipe it’s returned values to a where statement which continues filtering for us. The end of the command provides the service name, the user account running it, and the computer this service is on.

I was able to run this against the client’s environment, and within a few minutes, we knew it was safe to disable the account.

New Year New Changes

It’s been quite a bit of time since I’ve made a true blog post. Things have been very exciting in my life lately and I’ve been chugging along to keep up with it.

The first thing I’d like to talk about is the first thing that happened this year. Starting January 1st 2014 I became a Technical Team Lead at Apparatus. I oversee 5 technical resources while maintaining myself as a technical resource also. It is a new challenge and one I am very eager to execute on. This position has given me the ability not only to expand my technical knowledge across multiple technologies but also to gain experience in management. I am one of the first 7 people in this role at Apparatus and I get to be part of the formation of this new level of management and it is a fantastic opportunity for me to grow.

The next thing that happened this year is the first time I’ve taught a Microsoft Official Course (MOC) which was the 20410, Installing and Configuring Windows Server 2012. It was a lot of work to prepare for this course; however it was well worth every minute of prep work as this was an extremely exciting course to teach. I had 12 people in attendance and I received lots of positive feedback on my teaching technique. The best part of that week was not the experience, or how much fun it was to present. It was the fact that one of the students in the course decided to sketch a picture of me while I was talking about IPv4 Sub-netting which I’ve included below.

Sketch223134341

Starting My Journey through #90Days2MCSA

Hello Everyone! I apologize for my months disappearance from blogging, it’s been a busy March and will continue to be busy throughout TechEd! That is not a bad thing, and I will strive to increase my blogging. One thing that is going to help me in the interim is my Journey to my Server 2012 MCSA!

Michael Bender along with MS Learning has made a push for people to obtain their MCSA with the #90Days2MCSA Challenge, this is a fantastic idea is a great way as a community for everyone to improve their skills.

I’d like to start off by saying I may be a featured certification success story on the 90Days2MCSA site; however I do not have my Server 2012 MCSA yet and that means I get to participate! I’ve been hiding in the shadows and doing some studying with the official Microsoft Press 70-417 Upgrading Your Skills to MCSA Windows Server 2012.

Storage Space Virtual Disk Disconnected on Restart

So I recently had to rebuild my Server 2012 virtual server. I had storage spaces setup and after I finished the install the Virtual Disk was not mounted. I realized that I was able to bring it all back online, but every restart it had to remount the VHD.

I had decided there must be a way to fix it and decided to see what the properties were within PowerShell. I ran a Get-VirtualDisk which showed me my single VHD (pictured below)

I was thrilled when I saw the IsManualAttach property, with a simple execution of Set-VirtualDisk Data -IsManualAttach 0, I executed a Get-VirtualDisk and verified it took the settings change. After a restart the VirtualDisk was already mounted and resolved my problem with only two PowerShell commands.