Reference Material | Available Commands

Below is a list of all of the commands available in Specops Gpupdate Professional.

Gpupdate

Refreshes local and Active Directory based Group Policy settings, including security settings on a remote computer.

Prerequisites

To successfully execute the Gpupdate command all affected computers must have the Windows Firewall Remote Administration exception enabled.

PowerShell cmdlet

Update-SpecopsGroupPolicy [-ADComputer] <ADComputer[]> [-Force] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# Run GPUpdate on all computers in the webservers security group Get-SpecopsADComputer -group:webservers | Update-SpecopsGroupPolicy # Run GPUpdate on all servers that are not webservers $servers = Get-SpecopsADComputer -group:servers
$webservers = Get-SpecopsADComputer -group:webservers
$servers | where {$webservers -notcontains $_} |
 Update-SpecopsGroupPolicy

Windows update

The Windows Update command forces the Windows Update Client on remote computers to check if the Windows Server Update Services (WSUS) or Windows Update have new patches.

Prerequisites

To successfully execute the Windows Update command all affected computers must have the Windows Firewall Remote Administration exception enabled.

PowerShell cmdlet

Update-SpecopsGroupPolicy [-ADComputer] <ADComputer[]> [-Force] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Sample

# trigger windows update on all computers in the domain Get-SpecopsADComputer | Update-SpecopsWsus

Start computer

Sends a Wake On Lan magic network packet to a remote computer.

Using the Custom Property File to support non Microsoft DHCP clients.

Prerequisites

The following prerequisites need to be met to successfully execute the command:

  • Firewall exception: The port number specified when executing the command must be allowed through any network peripherals, like firewalls and routers.
  • DHCP Server permissions: To query for computers on a DHCP server, the caller needs to be at least member of the DHCP Users group. Other valid groups are the local administrators or the DHCP Administrators.

PowerShell cmdlet

Start-SpecopsComputer [[-ADComputer] <ADComputer[]>] [-DhcpServer <String[]>] [-Port <Int32>] [-WaitForStart] [-WaitForStartSeconds <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Start-SpecopsComputer [[-ADComputer] <ADComputer[]>] [-Port <Int32>] [-WaitForStart] [-WaitForStartSeconds <Int32>] -IPAddress <String> -MacAddress <String> -SubnetMask <String> [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# send Wake On Lan request to all workstations Get-SpecopsADComputer -Name:WorkStation* | Start-SpecopsComputer # send Wake On Lan request to all workstations # and wait for them to start Get-SpecopsADComputer -Name:WorkStation* |
 Start-SpecopsComputer -WaitForStart `
 -WaitForStartSeconds:60 `
 -ErrorVariable:notStarted

# if there where errors, this gives us the failing computers $notStartedComputers = $notStarted | foreach {$_.TargetObject}

# if we later on will check if the non-started computers has started, # we can run $notStartedComputers | Ping-SpecopsComputer # Skip DHCP lookup for all computers that have entries in the # NetworkInfo.csv file on the format # Name,IPAddress,MacAddress,SubnetMask # Computer1,192.168.0.5,aabbccddeeff,255.255.255.0 # ... Set-Alias gsac Get-SpecopsADComputer gsac Computer* -CustomPropertyFile:c:\data\NetworkInfo.csv |
 Start-SpecopsComputer

Shutdown computer

Shuts down a remote computer. A message is displayed to the user during a specified ‘WarningTime’. If a user has unsaved work, the shutdown will be aborted, unless the ‘ForceCloseApplications’ options is specified.

Prerequisites

The following prerequisites need to be met to successfully execute the command:

  • Firewall exception: To successfully execute the Shutdown Computer command all affected computers must have the Windows Firewall Remote Administration exception enabled.
  • Administrative credentials: To shut down a remote computer, the caller must have the Force shutdown from a remote system privilege on the remote computer. By default the local Administrators group is assigned the privilege on workstations and servers. On domain controllers the Server Operators groups is also assigned the privilege.

PowerShell cmdlet

Stop-SpecopsComputer [-ADComputer] <ADComputer[]> [[-Message] <String>] [-ForceCloseApplications] [[-WarningTime] <Int32>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

#shutdown all client computers Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer

# check what client computers would be shut down # note that no actions will be taken Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer -WhatIf #shutdown all client computers # but get the chance to confirm each action Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer -Confirm #shutdown all client computers, even if they have unsaved work Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer -ForceCloseApplications

#shutdown all client computers, even if they have unsaved work $computers = Get-SpecopsADComputer -group:ClientComputers
$computers | Send-SpecopsMessage -Message:'This computer will be shut down in 5 minutes' # Wait 4 minutes Start-Sleep -Seconds:240
$computers | Stop-SpecopsComputer -ForceCloseApplications `
 -WarningTime:60 -Message:'1 minute to shut down'

Restart computer

Restarts a remote computer. A message is displayed to the user during a specified ‘WarningTime’. If a user has unsaved work, the restart will be aborted, unless the ‘ForceCloseApplications’ options is specified.

Prerequisites

The following prerequisites need to be met to successfully execute the command.

  • Firewall exception: To successfully execute the Restart Computer command all affected computers must have the Windows Firewall Remote Administration exception enabled.
  • Administrative credentials: To restart a remote computer, the caller must have the Force shutdown from a remote system privilege on the remote computer. By default the local Administrators group is assigned the privilege on workstations and servers. On domain controllers the Server Operators groups is also assigned the privilege.

PowerShell cmdlet

Restart-SpecopsComputer [-ADComputer] <ADComputer[]> [[-Message] <String>] [-ForceCloseApplications] [[-WarningTime] <Int32>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# restart all client computers Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer

# check what client computers would be restarted # note that no actions will be taken Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer -WhatIf # restart all client computers # but get the chance to confirm each action Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer -Confirm # restart all client computers, even if they have unsaved work Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer -ForceCloseApplications

# restart all client computers, even if they have unsaved work $computers = Get-SpecopsADComputer -group:ClientComputers
$computers | Send-SpecopsMessage -Message:'This computer will be shut down in 5 minutes' # Wait 4 minutes Start-Sleep -Seconds:240
$computers | Restart-SpecopsComputer -ForceCloseApplications `
 -WarningTime:60 -Message:'1 minute to shutdown'

Ping

Send an Internet Control Message Protocol (ICMP) echo message to a remote computer.

Network topology can determine whether Ping can successfully contact a remote host. The presence and configuration of proxies, network address translation (NAT) equipment, or firewalls can prevent Ping from succeeding. A successful Ping indicates only that the remote host can be reached on the network; the presence of higher level services (such as a Web server) on the remote host is not guaranteed.

Prerequisites

To successfully execute the Ping command, all remote computers must allow inbound ICMP echo request messages through the Windows Firewall.

Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages automatically, even if the Windows Firewall: Allow ICMP exceptions policy setting would block them.

This procedure can be performed using Group Policy:

  1. Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
  2. Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
  3. In the details pane, double-click Windows Firewall: Allow ICMP exceptions.
  4. In the Windows Firewall: Allow ICMP exceptions properties dialog box, on the Settings tab, click Enabled.
  5. Select the Allow inbound echo request check box, and click OK.

PowerShell cmdlet

Ping-SpecopsComputer [-ADComputer] <ADComputer[]> [-Timeout <Int32>] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# ping all computers with names matching the pattern server* # and create error records for all computers that did not respond # within 10 ms. Ping-SpecopsComputer Server* -Timeout:10

# ping the webservers $pingResponse = Get-SpecopsADComputer -group:WebServers |
 Ping-SpecopsComputer -ErrorVariable:pingError
$noPingResponse = $pingError | foreach { $_.TargetObject }

Send Message

Sends a message to all logged on users of a remote computer. The message will be displayed in a message box on the remote computer.

Prerequisites

The following prerequisites need to be met to successfully execute the command:

  • Firewall exception: To successfully execute the Send Message command all affected computers must have the Windows Firewall Remote Administration exception enabled.
  • Messenger service: To be able to execute the Send Message command on Windows 2000 computers the Messenger service must be started on these computers.

PowerShell cmdlet

Send-SpecopsMessage [-ADComputer] <ADComputer[]> [-Message] <String> [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# send a message to all WorkStations Send-SpecopsMessage WorkStation* -Message:"I'm going home"

# send a message to all computers in the HumanResources OU
Get-SpecopsADComputer -OU:HumanResources |
                Send-SpecopsMessage -Message:"I want a raise!"

Read Remote Registry

Reads a registry value on a remote machine. If no value is specified, the default, unnamed, value of the registry key will be retrieved.

Prerequisites

The following prerequisites need to be met to successfully execute the command:

  • Firewall exception: To successfully execute the Read Remote Registry command all affected computers must have the Windows Firewall Remote Administration exception enabled.
  • Remote Registry service: To successfully execute the Read Remote Registry command the Remote Registry service must be started on all remote computers. If the Remote Registry service isn’t started on remote computers, the error message “The interface is unknown” will be shown.

PowerShell cmdlet

Get-SpecopsRemoteRegistry [-ADComputer] <ADComputer[]> [-Key] <String> [[-Value] <String>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# find all servers that has at least .Net Framework 3.5 sp1 $servers = Get-SpecopsADComputer -group:Servers

$key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\NET Framework Setup\NDP\v3.5'
$net35sp1Servers = $servers |
 Get-SpecopsRemoteRegistry -key:$key -value:SP |
 Where {$_.RegValue -ge 1}

# find those that has not $noNet35sp1 = $servers | Where {$net35sp1Servers -notContains $_}

# The variable $noNet35sp1 now contais all servers that doesn't have .NET3.5 sp1 installed

Run Executable

Provides the ability to run a local executable with the computer name of a remote computer as argument.

The name of the remote computer will replace all occurrances of %1% in the supplied Arguments.

Prerequisites

Depends on the application that’s being executed.

PowerShell cmdlet

Invoke-SpecopsCommand [-ADComputer] <ADComputer[]> -Command <String> [-Arguments <String>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Run Executable Remotely

Starts a program on remote computers, for example run Regedit.exe with a registry file to write values to remote computers.

Prerequisites

To successfully execute the Run Executable Remotely command all affected computers must have the Windows Firewall Remote Administration exception enabled.

PowerShell cmdlet

Invoke-SpecopsRemoteCommand [-ADComputer] <ADComputer[]> -Command <String> [-Arguments <String>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# enter values from a regFile to all computers in a group #first create a registry file at a public location $regText = @" Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor] "CompletionChar"=dword:00000040 "DefaultColor"=dword:00000000 "EnableExtensions"=dword:00000001 "PathCompletionChar"=dword:00000040 "@

$regFilePath = '\\Server1\PublicShare\cmdproc.reg' $regText | Out-File -FilePath:$regFilePath # then tell all the computers in a group to add the information # to the registry Get-SpecopsADComputer -group:DeveloperComputers |
 Invoke-SpecopsRemoteCommand -Command:regedit.exe `
 -Arguments:"/s $regFilePath"

Start Event Viewer

Starts an instance of Event Viewer connected to a remote computer.

Prerequisites

The following prerequisites need to be met to successfully execute the command:

  • Firewall exception: To successfully execute the Start Event Viewer command the affected computer must have the Windows Firewall Remote Administration exception enabled.
  • Remote Registry service: To successfully execute the Start Event Viewer command the Remote Registry service must be started on the remote computer. If the Remote Registry service isn’t started on the remote computer, the error message “The interface is unknown” will be shown.

PowerShell cmdlet

Start-SpecopsEventViewer [-ADComputer] <ADComputer[]> [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

Start-SpecopsEventViewer Server1

Start Explorer

Starts an explorer window displaying a drive on a remote computer.

Prerequisites

To successfully execute the Start Explorer command all affected computers must have the Windows Firewall Remote Administration exception enabled.

PowerShell cmdlet

Start-SpecopsExplorer [-ADComputer] <ADComputer[]> [[-DriveLetter] <String>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

Start-SpecopsExplorer -ADComputer:Server1 -DriveLetter:C

Start-SpecopsExplorer Server1 C

Start Remote Desktop

Initiates a remote desktop session with the remote computer.

Prerequisites

The following prerequisites need to be met to successfully execute the command:

  • System requirements: Remote computer must be running Windows XP, Windows 2003, Windows Vista or Windows Server 2008.
  • Firewall exception: To successfully execute the Remote Desktop command the affected computer must have the Windows Firewall Remote Desktop exception enabled.

PowerShell cmdlet

Start-SpecopsRemoteDesktop [-ADComputer] <ADComputer[]> [-Console] [-FullScreen] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# Start a remote desktop session with the computer Client47 Start-SpecopsRemoteDesktop Client47 -Fullscreen -Console

Start Remote Assistance

Initiates a remote assistance session with the remote computer.

Prerequisites

The following prerequisites need to be met to successfully execute the command.

  • System requirements: Remote computer must be running Windows XP, Windows 2003, Windows Vista or Windows Server 2008.
  • Firewall exceptions
    • Remote Administration exception
    • Remote Desktop exception

Program exceptions

This procedure can be performed using Group Policy.

  1. Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
  2. Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
  3. In the details pane, double-click Windows Firewall: Define program exceptions.
  4. In the Windows Firewall: Define program exceptions properties dialog box, on the Settings tab, click Enabled.
  5. Click on the Show button.
  6. Add the following entries for Windows XP and Windows Server 2003:
    %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Offer Remote Assistance – Messenger
    %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance
    %WINDIR%\System32\Sessmgr.exe:*:Enabled:Remote Assistance
  7. Add the following entries for Windows Vista and Windows Server 2008:
    %WINDIR%\System32\msra.exe:*:Enabled:Remote Assistance Client
    %WINDIR%\System32\raserver.exe:*:Enabled:Remote Assistance Server

Enable Remote Assistance on remote computers

The Remote Assistance command uses the concept of Offering Remote Assistance. It’s used when Helpdesk want to offer assistance to a user even if the user has not requested it. This procedure can be performed using Group Policy.

  1. Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Remote Assistance settings in your organization.
  2. Open Computer Configuration, open Administrative Templates, open System and open Remote Assistance.
  3. In the details pane, double-click Offer Remote Assistance setting.
  4. In the Offer Remote Assistance properties dialog, click Enabled and the select either Allow helpers to only view the computer or Allow helpers to remotely control the computer.
  5. To configure the list of helpers, click on the Show button. This opens a new window where you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the format <Domain Name>\<User Name> or <Domain Name>\<Group Name.

PowerShell cmdlet

Start-SpecopsRemoteAssistance [-ADComputer] <ADComputer[]> [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]

Samples

# starts a remote assistance session with client 47 Start-SpecopsRemoteAssistance Client47