Available Commands
Below is a list of all of the commands available in Specops GPUpdate Professional.
GPUpdate
Refreshes local and Active Directory based Group Policy settings, including security settings on a remote computer.
Prerequisites
To successfully execute the GPUpdate command all affected computers must have the Windows Firewall Remote Administration exception enabled.
PowerShell cmdlet
Update-SpecopsGroupPolicy
-ADComputer <ADComputer[]>
-Force
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# Run GPUpdate on all computers in the webservers security group
Get-SpecopsADComputer -group:webservers | Update-SpecopsGroupPolicy
# Run GPUpdate on all servers that are not webservers
$servers = Get-SpecopsADComputer -group:servers
$webservers = Get-SpecopsADComputer -group:webservers
$servers | where { webservers -notcontains $_ } | Update-SpecopsGroupPolicy
Windows update
The Windows Update command forces the Windows Update Client on remote computers to check if the Windows Server Update Services (WSUS) or Windows Update have new patches.
Prerequisites
To successfully execute the Windows Update command all affected computers must have the Windows Firewall Remote Administration exception enabled.
PowerShell cmdlet
Update-SpecopsGroupPolicy
-ADComputer <ADComputer[]>
-Force
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Sample
Update-SpecopsGroupPolicy
-ADComputer <ADComputer[]>
-Force
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Start computer
Sends a Wake On Lan magic network packet to a remote computer.
Using the Custom Property File to support non Microsoft DHCP clients.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: The port number specified when executing the command must be allowed through any network peripherals, like firewalls and routers.
- DHCP Server permissions: To query for computers on a DHCP server, the caller needs to be at least member of the DHCP Users group. Other valid groups are the local administrators or the DHCP Administrators.
PowerShell cmdlet
Start-SpecopsComputer
[-ADComputer <ADComputer[]>]
-DhcpServer
-Port <Int32>
-WaitForStart
-WaitForStartSeconds <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Start-SpecopsComputer
[-ADComputer <ADComputer[]>]
-Port <Int32>
-WaitForStart
-WaitForStartSeconds <Int32>
-IPAddress <String>
-MacAddress <String>
-SubnetMask <String>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# send Wake On Lan request to all workstations
Get-SpecopsADComputer -Name:WorkStation* | Start-SpecopsComputer
# send Wake On Lan request to all workstations
# and wait for them to start
Get-SpecopsADComputer -Name:WorkStation* | Start-SpecopsComputer
-WaitForStart
-WaitForStartSeconds:60
-ErrorVariable:notStarted
# if there were errors, this gives us the failing computers
$notStartedComputers = $notStarted | foreach { $_.TargetObject }
# if we later on will check if the non-started
# computers have started,
# we can run
$notStartedComputers | Ping-SpecopsComputer
# Skip DHCP lookup for all computers that have entries in the
# NetworkInfo.csv file on the format
# Name,IPAddress,MacAddress,SubnetMask
# Computer1,192.168.0.5,aabbccddeeff,255.255.255.0
# ...
Set-Alias gsac Get-SpecopsADComputer
gsac Computer* -CustomPropertyFile:c:\data\NetworkInfo.csv | Start-SpecopsComputer
Shutdown computer
Shuts down a remote computer. A message is displayed to the user during a specified ‘WarningTime’. If a user has unsaved work, the shutdown will be aborted, unless the ‘ForceCloseApplications’ options is specified.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: To successfully execute the Shutdown Computer command all affected computers must have the Windows Firewall Remote Administration exception enabled.
- Administrative credentials: To shut down a remote computer, the caller must have the Force shutdown from a remote system privilege on the remote computer. By default, the local Administrators group is assigned the privilege on workstations and servers. On domain controllers, the Server Operators groups are also assigned the privilege.
PowerShell cmdlet
Stop-SpecopsComputer
-ADComputer <ADComputer[]>
[-Message <String>]
-ForceCloseApplications
[-WarningTime <Int32>]
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# shutdown all client computers
Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer
# check what client computers would be shut down
# note that no actions will be taken
Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer -WhatIf
# shutdown all client computers
# but get the chance to confirm each action
Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer -Confirm
# shutdown all client computers, even if they have unsaved work
Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer -ForceCloseApplications
# shutdown all client computers, even if they have unsaved work
$computers = Get-SpecopsADComputer -group:ClientComputers $computers |
Send-SpecopsMessage -Message:'This computer will be shut down in 5 minutes'
# Wait 4 minutes
Start-Sleep -Seconds:240
$computers | Stop-SpecopsComputer
-ForceCloseApplications -WarningTime:60 -Message:'1 minute to shut down'
Restart computer
Restarts a remote computer. A message is displayed to the user during a specified ‘WarningTime’. If a user has unsaved work, the restart will be aborted, unless the ‘ForceCloseApplications’ options is specified.
Prerequisites
The following prerequisites need to be met to successfully execute the command.
- Firewall exception: To successfully execute the Restart Computer command all affected computers must have the Windows Firewall Remote Administration exception enabled.
- Administrative credentials: To restart a remote computer, the caller must have the Force shutdown from a remote system privilege on the remote computer. By default, the local Administrators group is assigned the privilege on workstations and servers. On domain controllers, the Server Operators groups are also assigned the privilege.
PowerShell cmdlet
Restart-SpecopsComputer
-ADComputer <ADComputer[]>
[-Message <String>]
-ForceCloseApplications
[-WarningTime <Int32>]
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# restart all client computers
Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer
# check what client computers would be restarted
# note that no actions will be taken
Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer -WhatIf
# restart all client computers
# but get the chance to confirm each action
Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer -Confirm
# restart all client computers, even if they have unsaved work
Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer
-ForceCloseApplications
# restart all client computers, even if they have unsaved work
$computers = Get-SpecopsADComputer -group:ClientComputers
$computers | Send-SpecopsMessage -Message:'This computer will be shut down in 5 minutes'
# Wait 4 minutes
Start-Sleep -Seconds:240
$computers | Restart-SpecopsComputer -ForceCloseApplications -WarningTime:60
-Message:'1 minute to shutdown'
Ping
Send an Internet Control Message Protocol (ICMP) echo message to a remote computer.
Network topology can determine whether Ping can successfully contact a remote host. The presence and configuration of proxies, network address translation (NAT) equipment, or firewalls can prevent Ping from succeeding. A successful Ping indicates only that the remote host can be reached on the network; the presence of higher-level services (such as a Web server) on the remote host is not guaranteed.
Prerequisites
To successfully execute the Ping command, all remote computers must allow inbound ICMP echo request messages through the Windows Firewall.
Note
If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages automatically, even if the Windows Firewall: Allow ICMP exceptions policy setting would block them.
This procedure can be performed using Group Policy:
- Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
- Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
- In the details pane, double-click Windows Firewall: Allow ICMP exceptions.
- In the Windows Firewall: Allow ICMP exceptions properties dialog box, on the Settings tab, click Enabled.
- Select the Allow inbound echo request check box, and click OK.
PowerShell cmdlet
Ping-SpecopsComputer
-ADComputer <ADComputer[]>
-Timeout <Int32>
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# ping all computers with names matching the pattern server*
# and create error records for all computers that did not respond
# within 10 ms.
Ping-SpecopsComputer Server* -Timeout:10
# ping the webservers
$pingResponse = Get-SpecopsADComputer
-group:WebServers | Ping-SpecopsComputer
-ErrorVariable:pingError
$noPingResponse = $pingError | foreach {
$_.TargetObject
}
Send Message
Sends a message to all logged on users of a remote computer. The message will be displayed in a message box on the remote computer.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: To successfully execute the Send Message command all affected computers must have the Windows Firewall Remote Administration exception enabled.
- Messenger service: To be able to execute the Send Message command on Windows 2000 computers the Messenger service must be started on these computers.
PowerShell cmdlet
Send-SpecopsMessage
-ADComputer <ADComputer[]>
-Message <String>
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# send a message to all WorkStations
Send-SpecopsMessage WorkStation* -Message:"I'm going home"
# send a message to all computers in the HumanResources OU
Get-SpecopsADComputer -OU:HumanResources | Send-SpecopsMessage -Message:"I want a raise!"
Read Remote Registry
Reads a registry value on a remote machine. If no value is specified, the default, unnamed, value of the registry key will be retrieved.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: To successfully execute the Read Remote Registry command all affected computers must have the Windows Firewall Remote Administration exception enabled.
- Remote Registry service: To successfully execute the Read Remote Registry command the Remote Registry service must be started on all remote computers. If the Remote Registry service isn’t started on remote computers, the error message “The interface is unknown” will be shown.
PowerShell cmdlet
Get-SpecopsRemoteRegistry
-ADComputer <ADComputer[]>
-Key <String>
[-Value <String>]
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# find all servers that have at least .Net Framework 3.5 sp1
$servers = Get-SpecopsADComputer -group:Servers
$key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\NET Framework Setup\NDP\v3.5'
$net35sp1Servers = $servers | Get-SpecopsRemoteRegistry
-key:$key
-value:SP | Where {
$_.RegValue -ge 1
}
# find those that have not
$noNet35sp1 = $servers | Where { $net35sp1Servers -notContains $_ }
# The variable $noNet35sp1 now contains all servers that don't have .NET3.5 sp1 installed
Run Executable
Provides the ability to run a local executable with the computer name of a remote computer as argument.
The name of the remote computer will replace all occurrences of %1% in the supplied Arguments.
Prerequisites
Depends on the application that’s being executed.
PowerShell cmdlet
Invoke-SpecopsCommand
-ADComputer <ADComputer[]>
-Command <String>
-Arguments <String>
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Run Executable Remotely
Starts a program on remote computers, for example run Regedit.exe with a registry file to write values to remote computers.
Prerequisites
To successfully execute the Run Executable Remotely command all affected computers must have the Windows Firewall Remote Administration exception enabled.
PowerShell cmdlet
Invoke-SpecopsRemoteCommand
-ADComputer <ADComputer[]>
-Command <String>
-Arguments <String>
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# enter values from a regFile to all computers in a group
# first create a registry file at a public location
$regText = @"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor]
"CompletionChar"=dword:00000040
"DefaultColor"=dword:00000000
"EnableExtensions"=dword:00000001
"PathCompletionChar"=dword:00000040
"@
$regFilePath = '\\Server1\PublicShare\cmdproc.reg'
$regText | Out-File -FilePath:$regFilePath
# then tell all the computers in a group to
# add the information
# to the registry
Get-SpecopsADComputer
-group:DeveloperComputers | Invoke-SpecopsRemoteCommand
-Command:regedit.exe
-Arguments:"/s $regFilePath"
Start Event Viewer
Starts an instance of Event Viewer connected to a remote computer.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: To successfully execute the Start Event Viewer command the affected computer must have the Windows Firewall Remote Administration exception enabled.
- Remote Registry service: To successfully execute the Start Event Viewer command the Remote Registry service must be started on the remote computer. If the Remote Registry service isn’t started on the remote computer, the error message “The interface is unknown” will be shown.
PowerShell cmdlet
Start-SpecopsEventViewer
-ADComputer <ADComputer[]>
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
Start Explorer
Starts an explorer window displaying a drive on a remote computer.
Prerequisites
To successfully execute the Start Explorer command all affected computers must have the Windows Firewall Remote Administration exception enabled.
PowerShell cmdlet
Start-SpecopsExplorer
-ADComputer <ADComputer[]>
[-DriveLetter <String>]
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
Start Remote Desktop
Initiates a remote desktop session with the remote computer.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- System requirements: Remote computer must be running Windows XP, Windows 2003, Windows Vista or Windows Server 2008.
- Firewall exception: To successfully execute the Remote Desktop command the affected computer must have the Windows Firewall Remote Desktop exception enabled.
PowerShell cmdlet
Start-SpecopsRemoteDesktop
-ADComputer <ADComputer[]>
-Console
-FullScreen
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm
Samples
# Start a remote desktop session with the computer Client47
Start-SpecopsRemoteDesktop Client47 -Fullscreen -Console
Start Remote Assistance
Initiates a remote assistance session with the remote computer.
Prerequisites
The following prerequisites need to be met to successfully execute the command.
- System requirements: Remote computer must be running Windows XP, Windows 2003, Windows Vista or Windows Server 2008.
- Firewall exceptions
- Remote Administration exception
- Remote Desktop exception
Program exceptions
This procedure can be performed using Group Policy.
- Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
- Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
- In the details pane, double-click Windows Firewall: Define program exceptions.
- In the Windows Firewall: Define program exceptions properties dialog box, on the Settings tab, click Enabled.
- Click on the Show button.
- Add the following entries for Windows XP and Windows Server 2003:
- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Offer Remote Assistance – Messenger
- %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance
- %WINDIR%\System32\Sessmgr.exe:*:Enabled:Remote Assistance
- Add the following entries for Windows Vista and Windows Server 2008:
- %WINDIR%\System32\msra.exe:*:Enabled:Remote Assistance Client
- %WINDIR%\System32\raserver.exe:*:Enabled:Remote Assistance Server
Enable Remote Assistance on remote computers
The Remote Assistance command uses the concept of Offering Remote Assistance. It’s used when Helpdesk want to offer assistance to a user even if the user has not requested it. This procedure can be performed using Group Policy.
- Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Remote Assistance settings in your organization.
- Open Computer Configuration, open Administrative Templates, open System and open Remote Assistance.
- In the details pane, double-click Offer Remote Assistance setting.
- In the Offer Remote Assistance properties dialog, click Enabled and the select either Allow helpers to only view the computer or Allow helpers to remotely control the computer.
- To configure the list of helpers, click on the Show button. This opens a new window where you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the format \
\ or \\ .
PowerShell cmdlet
Start-SpecopsRemoteAssistance
-ADComputer <ADComputer[]>
-NoPing
-PingTimeout <Int32>
-PassThru
-Verbose
-Debug
-ErrorAction <ActionPreference>
-ErrorVariable <String>
-OutVariable <String>
-OutBuffer <Int32>
-WhatIf
-Confirm