Available Commands
Below is a list of all of the commands available in Specops GPUpdate Professional.
GPUpdate
Refreshes local and Active Directory based Group Policy settings, including security settings on a remote computer.
Prerequisites
To successfully execute the GPUpdate command all affected computers must have the Windows Firewall Remote Administration exception enabled.
PowerShell cmdlet
Shell Script
Update-SpecopsGroupPolicy [-ADComputer] <ADComputer[]> [-Force] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>]
[-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# Run GPUpdate on all computers in the webservers security group Get-SpecopsADComputer -group:webservers | Update-SpecopsGroupPolicy # Run GPUpdate on all servers that are not webservers $servers = Get-SpecopsADComputer -group:servers $webservers
= Get-SpecopsADComputer -group:webservers $servers | where {$webservers -notcontains $_} | Update-SpecopsGroupPolicy
Windows update
The Windows Update command forces the Windows Update Client on remote computers to check if the Windows Server Update Services (WSUS) or Windows Update have new patches.
Prerequisites
To successfully execute the Windows Update command all affected computers must have the Windows Firewall Remote Administration exception enabled.
PowerShell cmdlet
Shell Script
Update-SpecopsGroupPolicy [-ADComputer] <ADComputer[]> [-Force] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>]
[-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Sample
Shell Script
Update-SpecopsGroupPolicy [-ADComputer] <ADComputer[]> [-Force] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>]
[-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Start computer
Sends a Wake On Lan magic network packet to a remote computer.
Using the Custom Property File to support non Microsoft DHCP clients.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: The port number specified when executing the command must be allowed through any network peripherals, like firewalls and routers.
- DHCP Server permissions: To query for computers on a DHCP server, the caller needs to be at least member of the DHCP Users group. Other valid groups are the local administrators or the DHCP Administrators.
PowerShell cmdlet
Shell Script
Start-SpecopsComputer [[-ADComputer] <ADComputer[]>] [-DhcpServer ] [-Port <Int32>] [-WaitForStart] [-WaitForStartSeconds <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>]
[-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Shell Script
Start-SpecopsComputer [[-ADComputer] <ADComputer[]>] [-Port <Int32>] [-WaitForStart] [-WaitForStartSeconds <Int32>] -IPAddress <String> -MacAddress <String> -SubnetMask <String> [-PassThru] [-Verbose] [-Debug]
[-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# send Wake On Lan request to all workstations Get-SpecopsADComputer -Name:WorkStation* | Start-SpecopsComputer # send Wake On Lan request to all workstations # and wait for them to start Get-SpecopsADComputer -Name:WorkStation* | Start-SpecopsComputer
-WaitForStart ` -WaitForStartSeconds:60 ` -ErrorVariable:notStarted # if there where errors, this gives us the failing computers $notStartedComputers = $notStarted | foreach {$_.TargetObject} # if we later on will check if the non-started
computers has started, # we can run $notStartedComputers | Ping-SpecopsComputer # Skip DHCP lookup for all computers that have entries in the # NetworkInfo.csv file on the format # Name,IPAddress,MacAddress,SubnetMask # Computer1,192.168.0.5,aabbccddeeff,255.255.255.0
# ... Set-Alias gsac Get-SpecopsADComputer gsac Computer* -CustomPropertyFile:c:\data\NetworkInfo.csv | Start-SpecopsComputer
Shutdown computer
Shuts down a remote computer. A message is displayed to the user during a specified ‘WarningTime’. If a user has unsaved work, the shutdown will be aborted, unless the ‘ForceCloseApplications’ options is specified.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: To successfully execute the Shutdown Computer command all affected computers must have the Windows Firewall Remote Administration exception enabled.
- Administrative credentials: To shut down a remote computer, the caller must have the Force shutdown from a remote system privilege on the remote computer. By default the local Administrators group is assigned the privilege on workstations and servers. On domain controllers the Server Operators groups is also assigned the privilege.
PowerShell cmdlet
Shell Script
Stop-SpecopsComputer [-ADComputer] <ADComputer[]> [[-Message] <String>] [-ForceCloseApplications] [[-WarningTime] <Int32>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>]
[-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
#shutdown all client computers Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer # check what client computers would be shut down # note that no actions will be taken Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer
-WhatIf #shutdown all client computers # but get the chance to confirm each action Get-SpecopsADComputer -group:ClientComputers | Stop-SpecopsComputer -Confirm #shutdown all client computers, even if they have unsaved work Get-SpecopsADComputer
-group:ClientComputers | Stop-SpecopsComputer -ForceCloseApplications #shutdown all client computers, even if they have unsaved work $computers = Get-SpecopsADComputer -group:ClientComputers $computers | Send-SpecopsMessage -Message:'This
computer will be shut down in 5 minutes' # Wait 4 minutes Start-Sleep -Seconds:240 $computers | Stop-SpecopsComputer -ForceCloseApplications ` -WarningTime:60 -Message:'1 minute to shut down'
Restart computer
Restarts a remote computer. A message is displayed to the user during a specified ‘WarningTime’. If a user has unsaved work, the restart will be aborted, unless the ‘ForceCloseApplications’ options is specified.
Prerequisites
The following prerequisites need to be met to successfully execute the command.
- Firewall exception: To successfully execute the Restart Computer command all affected computers must have the Windows Firewall Remote Administration exception enabled.
- Administrative credentials: To restart a remote computer, the caller must have the Force shutdown from a remote system privilege on the remote computer. By default the local Administrators group is assigned the privilege on workstations and servers. On domain controllers the Server Operators groups is also assigned the privilege.
PowerShell cmdlet
Shell Script
Restart-SpecopsComputer [-ADComputer] <ADComputer[]> [[-Message] <String>] [-ForceCloseApplications] [[-WarningTime] <Int32>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>]
[-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# restart all client computers Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer # check what client computers would be restarted # note that no actions will be taken Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer
-WhatIf # restart all client computers # but get the chance to confirm each action Get-SpecopsADComputer -group:ClientComputers | Restart-SpecopsComputer -Confirm # restart all client computers, even if they have unsaved work Get-SpecopsADComputer
-group:ClientComputers | Restart-SpecopsComputer -ForceCloseApplications # restart all client computers, even if they have unsaved work $computers = Get-SpecopsADComputer -group:ClientComputers $computers | Send-SpecopsMessage -Message:'This
computer will be shut down in 5 minutes' # Wait 4 minutes Start-Sleep -Seconds:240 $computers | Restart-SpecopsComputer -ForceCloseApplications ` -WarningTime:60 -Message:'1 minute to shutdown'
Ping
Send an Internet Control Message Protocol (ICMP) echo message to a remote computer.
Network topology can determine whether Ping can successfully contact a remote host. The presence and configuration of proxies, network address translation (NAT) equipment, or firewalls can prevent Ping from succeeding. A successful Ping indicates only that the remote host can be reached on the network; the presence of higher level services (such as a Web server) on the remote host is not guaranteed.
Prerequisites
To successfully execute the Ping command, all remote computers must allow inbound ICMP echo request messages through the Windows Firewall.
This procedure can be performed using Group Policy:
- Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
- Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
- In the details pane, double-click Windows Firewall: Allow ICMP exceptions.
- In the Windows Firewall: Allow ICMP exceptions properties dialog box, on the Settings tab, click Enabled.
- Select the Allow inbound echo request check box, and click OK.
PowerShell cmdlet
Shell Script
Ping-SpecopsComputer [-ADComputer] <ADComputer[]> [-Timeout <Int32>] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# ping all computers with names matching the pattern server* # and create error records for all computers that did not respond # within 10 ms. Ping-SpecopsComputer Server* -Timeout:10 # ping the webservers $pingResponse = Get-SpecopsADComputer
-group:WebServers | Ping-SpecopsComputer -ErrorVariable:pingError $noPingResponse = $pingError | foreach { $_.TargetObject }
Send Message
Sends a message to all logged on users of a remote computer. The message will be displayed in a message box on the remote computer.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: To successfully execute the Send Message command all affected computers must have the Windows Firewall Remote Administration exception enabled.
- Messenger service: To be able to execute the Send Message command on Windows 2000 computers the Messenger service must be started on these computers.
PowerShell cmdlet
Shell Script
Send-SpecopsMessage [-ADComputer] <ADComputer[]> [-Message] <String> [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>]
[-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# send a message to all WorkStations Send-SpecopsMessage WorkStation* -Message:"I'm going home" # send a message to all computers in the HumanResources OU Get-SpecopsADComputer -OU:HumanResources |
Send-SpecopsMessage -Message:"I want a raise!"
Read Remote Registry
Reads a registry value on a remote machine. If no value is specified, the default, unnamed, value of the registry key will be retrieved.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: To successfully execute the Read Remote Registry command all affected computers must have the Windows Firewall Remote Administration exception enabled.
- Remote Registry service: To successfully execute the Read Remote Registry command the Remote Registry service must be started on all remote computers. If the Remote Registry service isn’t started on remote computers, the error message “The interface is unknown” will be shown.
PowerShell cmdlet
Shell Script
Get-SpecopsRemoteRegistry [-ADComputer] <ADComputer[]> [-Key] <String> [[-Value] <String>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>]
[-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# find all servers that has at least .Net Framework 3.5 sp1 $servers = Get-SpecopsADComputer -group:Servers $key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\NET Framework Setup\NDP\v3.5' $net35sp1Servers = $servers | Get-SpecopsRemoteRegistry -key:$key
-value:SP | Where {$_.RegValue -ge 1} # find those that has not $noNet35sp1 = $servers | Where {$net35sp1Servers -notContains $_} # The variable $noNet35sp1 now contais all servers that doesn't have .NET3.5 sp1 installed
Run Executable
Provides the ability to run a local executable with the computer name of a remote computer as argument.
The name of the remote computer will replace all occurrances of %1% in the supplied Arguments.
Prerequisites
Depends on the application that’s being executed.
PowerShell cmdlet
Shell Script
Invoke-SpecopsCommand [-ADComputer] <ADComputer[]> -Command <String> [-Arguments <String>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>]
[-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Run Executable Remotely
Starts a program on remote computers, for example run Regedit.exe with a registry file to write values to remote computers.
Prerequisites
To successfully execute the Run Executable Remotely command all affected computers must have the Windows Firewall Remote Administration exception enabled.
PowerShell cmdlet
Shell Script
Invoke-SpecopsRemoteCommand [-ADComputer] <ADComputer[]> -Command <String> [-Arguments <String>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>]
[-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# enter values from a regFile to all computers in a group #first create a registry file at a public location $regText = @" Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor] "CompletionChar"=dword:00000040
"DefaultColor"=dword:00000000 "EnableExtensions"=dword:00000001 "PathCompletionChar"=dword:00000040 "@ $regFilePath = '\\Server1\PublicShare\cmdproc.reg' $regText | Out-File -FilePath:$regFilePath # then tell all the computers in a group to
add the information # to the registry Get-SpecopsADComputer -group:DeveloperComputers | Invoke-SpecopsRemoteCommand -Command:regedit.exe ` -Arguments:"/s $regFilePath"
Start Event Viewer
Starts an instance of Event Viewer connected to a remote computer.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- Firewall exception: To successfully execute the Start Event Viewer command the affected computer must have the Windows Firewall Remote Administration exception enabled.
- Remote Registry service: To successfully execute the Start Event Viewer command the Remote Registry service must be started on the remote computer. If the Remote Registry service isn’t started on the remote computer, the error message “The interface is unknown” will be shown.
PowerShell cmdlet
Shell Script
Start-SpecopsEventViewer [-ADComputer] <ADComputer[]> [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer
<Int32>] [-WhatIf] [-Confirm]
Samples
Start Explorer
Starts an explorer window displaying a drive on a remote computer.
Prerequisites
To successfully execute the Start Explorer command all affected computers must have the Windows Firewall Remote Administration exception enabled.
PowerShell cmdlet
Shell Script
Start-SpecopsExplorer [-ADComputer] <ADComputer[]> [[-DriveLetter] <String>] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable
<String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
Start-SpecopsExplorer -ADComputer:Server1 -DriveLetter:C Start-SpecopsExplorer Server1 C
Start Remote Desktop
Initiates a remote desktop session with the remote computer.
Prerequisites
The following prerequisites need to be met to successfully execute the command:
- System requirements: Remote computer must be running Windows XP, Windows 2003, Windows Vista or Windows Server 2008.
- Firewall exception: To successfully execute the Remote Desktop command the affected computer must have the Windows Firewall Remote Desktop exception enabled.
PowerShell cmdlet
Shell Script
Start-SpecopsRemoteDesktop [-ADComputer] <ADComputer[]> [-Console] [-FullScreen] [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable
<String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# Start a remote desktop session with the computer Client47 Start-SpecopsRemoteDesktop Client47 -Fullscreen -Console
Start Remote Assistance
Initiates a remote assistance session with the remote computer.
Prerequisites
The following prerequisites need to be met to successfully execute the command.
- System requirements: Remote computer must be running Windows XP, Windows 2003, Windows Vista or Windows Server 2008.
-
Firewall exceptions
- Remote Administration exception
- Remote Desktop exception
Program exceptions
This procedure can be performed using Group Policy.
- Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
- Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
- In the details pane, double-click Windows Firewall: Define program exceptions.
- In the Windows Firewall: Define program exceptions properties dialog box, on the Settings tab, click Enabled.
- Click on the Show button.
-
Add the following entries for Windows XP and Windows Server 2003:
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Offer Remote Assistance – Messenger
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance
%WINDIR%\System32\Sessmgr.exe:*:Enabled:Remote Assistance -
Add the following entries for Windows Vista and Windows Server 2008:
%WINDIR%\System32\msra.exe:*:Enabled:Remote Assistance Client
%WINDIR%\System32\raserver.exe:*:Enabled:Remote Assistance Server
Enable Remote Assistance on remote computers
The Remote Assistance command uses the concept of Offering Remote Assistance. It’s used when Helpdesk want to offer assistance to a user even if the user has not requested it. This procedure can be performed using Group Policy.
- Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Remote Assistance settings in your organization.
- Open Computer Configuration, open Administrative Templates, open System and open Remote Assistance.
- In the details pane, double-click Offer Remote Assistance setting.
- In the Offer Remote Assistance properties dialog, click Enabled and the select either Allow helpers to only view the computer or Allow helpers to remotely control the computer.
- To configure the list of helpers, click on the Show button. This opens a new window where you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the format <Domain Name>\<User Name> or <Domain Name>\<Group Name.
PowerShell cmdlet
Shell Script
Start-SpecopsRemoteAssistance [-ADComputer] <ADComputer[]> [-NoPing] [-PingTimeout <Int32>] [-PassThru] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-ErrorVariable <String>] [-OutVariable <String>] [-OutBuffer
<Int32>] [-WhatIf] [-Confirm]
Samples
Shell Script
# starts a remote assistance session with client 47 Start-SpecopsRemoteAssistance Client47