Specops Command Windows PowerShell cmdlets
Specops Command is built with scripting in mind and this also goes for the actual administration of Specops Command, not only the ability to execute scripts on the clients. All operations that you can perform from the administrative user interfaces you can perform from Windows PowerShell.
Specops Command includes several Windows PowerShell cmdlets.
Administration cmdlets
The cmdlets that are used to administrate Specops Command from PowerShell are:
- Get-ScriptAssignment
- New-ScriptAssignment
- New-ScriptAssignmentTarget
- New-ScriptAssignmentScript
- New-ScriptAssignmentSchedule
- Remove-ScriptAssignment
To get a list of all the Specops Command administration cmdlets from within PowerShell, use the following command:
Get-Command -Noun ScriptAssignment*
This will produce a list, similar to that above.
Examples
The New-, Get- and Remove-ScriptAssignment cmdlets all have the -Name, -GpoName, -GpoGuid, -GpoPart and -DomainName switches. If the GpoPart is not specified the Computer part of the GPO will be affected. If the DomainName is not specified the domain where the user is currently logged on will be used. If you use the -GpoName remember that multiple GPOs can be returned.
Note! One important thing to note is that the cmdlets will not create the Group Policy Objects for you. The GPOs to be used must exist and can be created and linked from the Group Policy Management Console (GPMC)
Create a new script assignment
To create a new script assignment in the computer part of a GPO, try the following command.
$sa = New-ScriptAssignment -Name 'My First Script Assignment' -GpoName 'My First GPO'
This creates a new script assignment object. If you instead want to add a new script assignment in the User part of the GPO try the following.
$sa = New-ScriptAssignment -Name 'My First Script Assignment' -GpoName 'My First GPO' -GpoPart User
Note! This does not add the script assignment to the GPO. In order to add the script assignment to the GPO the Save method has to be called.
Call the Save method to save the script assignment to the GPO.
Update an existing script assignment.
$sa = Get-ScriptAssignment -Name 'My First Script Assignment' -GpoName 'My First GPO'
$sa.Script.ScriptContent = 'get-process | Send-Feedback'
$sa.Save()
Remove all script assignments
This sample will remove all script assignments from a GPO.
Remove-ScriptAssignment -Name * -GpoName 'My First GPO'
Note! If you want to check which script assignments will be delete before you run Remove-ScriptAssignmnet add the -WhatIf flag to the parameterlist.
Create an undo script
Add a new PowerShell undo script to an existing script assignment.
$sa = Get-ScriptAssignment -Name 'My First Script Assignment' -GpoName 'My First GPO'
$script = New-ScriptAssignmentScript
$script.LoadFromFile("C:\MyFirstUndoScript.txt")
$sa.UndoScript = $script
$sa.Save()
Note! If you prefer to use VBScript use the -Language VBScript switch to the New-ScriptAssignment cmdlet.
Sign a script
Add a new signed PowerShell script to an existing script assignment.
$sa = Get-ScriptAssignment -Name 'My First Script Assignment' -GpoName 'My First GPO'
$script = New-ScriptAssignmentScript -ScriptFile 'C:\Script.txt' -CertificateFile 'C:\Certificate.pfx' -Password mypassword
$sa.UndoScript = $script
$sa.Save()
Another way to do the same thing is this.
$sa = Get-ScriptAssignment -Name 'My First Script Assignment' -GpoName 'My First GPO'
$script = New-ScriptAssignmentScript
$script.LoadFromFile("C:\Script.txt")
$script.Sign("C:\Certificate.pfx", "mypassword")
$sa.UndoScript = $script
$sa.Save()
Add a new schedule
Add a new weekly schedule, that is valid on mondays and tuesdays, to an existing script assignment.
$sa = Get-ScriptAssignment -Name 'My First Script Assignment' -GpoName 'My First GPO'
$schedule = New-ScriptAssignmentSchedule -DateInterval Weekly -SelectedDays 1,2
$sa.Schedule = $schedule
$sa.Save()
Add a new target
This sample adds a new file target to a specific script assignment in a GPO.
$sa = Get-ScriptAssignment -Name 'My First Script Assignment' -GpoName 'My First GPO'
$targetCriterion = New-ScriptAssignmentTarget -Type File
$targetCriterionItem = $targetCriterion.AddNewItem()
$targetCriterionItem.FileName = 'c:\temp\log.txt'
$sa.AddTargetCriterion($targetCriterion)
$sa.Save()
Add a new target to all script assignments
This sample adds a new file target to all script assignments in a GPO.
$sa = Get-ScriptAssignment -Name * -GpoName 'My First GPO'
$targetCriterion = New-ScriptAssignmentTarget -Type File
$targetCriterionItem = $targetCriterion.AddNewItem()
$targetCriterionItem.FileName = 'c:\temp\log.txt'
foreach($currentsa in $sa)
{
$currentsa.AddTargetCriterion($targetCriterion)
$currentsa.Save()
}
PDF