Patching servers manually, but remotely

Here’s a short snippet that will allow you to patch machines remotely:


Solving a problem with “Get-VM” cmdlet


  • Domain “nice.domain”
  • script server “server1.nice.domain”
  • Hyper-V hypervisor “hyperv1.nice.domain”
  • all Windows Server 2012 R2
  • script user “nice\script”
  • script user is member of “Hyper-V Administrators” group on hyperv1.
  • script user has the “Log on as a batch job” right on server1

Scenario 1:

in a Powershell console window on server1 (which was started with “run as different user”) will show a nice list of VMs on the hypervisor.

Scenario 2:

  • running
    in a scheduled task script that runs as the script user on server1 will return NOTHING. No, also no exception thrown.
  • other Hyper-V cmdlets seem to work, f.e. works.


  • Making the script user a member of the “Administrators” group on “server1” works, but that’s not good security.
  • Adding the script user to the “Administrators” group on hyperv1 does not help
  • It’s obviously a problem on server1, something stops Get-VM from working in a scheduled task.

Question: which rights or security settings are missing in Scenario 2?

If you have any ideas or even the solution, please try to comment below or tweet back here (@RicochetPeter). Thx in advance 🙂

Allow an unprivileged domain user to start and stop services on a Windows server

Use case: You have a script server that does recurring scheduled administrative tasks for you. One of these is to regularly restart a remote machine’s service “greatservice1”.

  1. create a domain user “yourdomain\script-user-1”
  2. use subinacl from the Windows Resource Kit to grant that user the right to start and stop the “greatservice1” service on the remote server:
  3. write a basic Powershell script that restarts the service, like for example:

  4. schedule the script for daily execution



Getting the server response when Invoke-Webrequest results in error 5xx

Hi there,

lately, I’ve been confronted with a problem where I simply couldn’t get meaningful error messages from failing runs of Invoke-Webrequest. In doing something like this:

$err would only ever contain the error code like “500 bla”, but not what the server actually returned as the error message. I was querying a REST API.

A colleague finally found the answer here.

What needs to be done is, to tell Powershell to read the stream. The exact difference I cannot tell, as this happens only for 5xx errors, as far as I can see.

$response will now contain the body of what the remote web service returned.

This is another good case that shows me, how easily one can get lost doing g**gle searches. I had searched for a solution also, but the sheer mass of results has overwhelmed me. Also, using only slightly different search terms always give totally different search results… Maybe I was using the wrong terms… Maybe I should have also read the documentation for Invoke-Webrequest more closely 🙂

Use Powershell and 7-zip to zip up files in a directory individually

Today I needed to put the files I had in a directory into zip files, each one in its own archive. After fiddling around with how to quote and double quote stuff in PoSh I found this link on the technet forums. See Section 5 there.

This is how it’s done:

$arg1…$arg4 are the arguments to 7zip. “a” means add, “-mx3” means fast compression (still a whole lot more effective than zip), $arg2 is the destination archive, $arg3 is the file to be zipped.

Hope this helps.

How to delete files older than x

Something I regularly need to do is search for files that are older than a certain amount of time and do something with them, like move or delete. Here’s a handy snippet how to do it in PoSh.

The question mark is an alias for Where-Object, -le means “less than or equal”, and AddMinutes has close relatives like AddDays… just use the autocomplete via the tab key after “Add” to get more.