Powershell

From roonics
Jump to navigation Jump to search

Powershell

Useful Commands

Show command history

get-history | more

Test if port open from one server to another

Test-NetConnection 10.10.10.10 -port 445

Example output:

ComputerName           : 10.10.10.10
RemoteAddress          : 10.10.10.10
RemotePort             : 445
InterfaceAlias         : Ethernet
SourceAddress          : 10.10.10.20
PingSucceeded          : True
PingReplyDetails (RTT) : 29 ms
TcpTestSucceeded       : True

Check who rebooted the server

Get-EventLog –Log System –Newest 100 | Where-Object {$_.EventID –eq ‘1074’} | FT MachineName, UserName, TimeGenerated -AutoSize

Example output:

MachineName          UserName           TimeGenerated
-----------          --------           -------------
server01.lab.local   LABLOCAL\user01    28/8/2018 4:28:20 PM

Show DNS Cache

Get-DnsClientCache

When was Windows installed

wmic os get installdate

Example output:

InstallDate
20190402093338.000000+060

Watch port availability

cls;while($true){get-date;$t = New-Object Net.Sockets.TcpClient;try {$t.connect("10.10.10.10",3389);write-host "RDP is up"}catch{write-Host "RDP is down"}finally{$t.close();sleep 30}}

Example output:

Thursday, August 29, 2019 11:27:17 AM
RDP is down
Thursday, August 29, 2019 11:28:08 AM
RDP is down
Thursday, August 29, 2019 11:28:59 AM
RDP is down
Thursday, August 29, 2019 11:29:50 AM
RDP is UP

Watch event viewer

cls;$idxA = (get-eventlog -LogName Application -Newest 1).Index;while($true){$idxA2 = (Get-EventLog -LogName Application -newest 1).index;get-eventlog -logname Application -newest ($idxA2 - $idxA) |  sort index;$idxA = $idxA2;sleep 10}

Example output:

Index Time          EntryType   Source                 InstanceID Message
----- ----          ---------   ------                 ---------- -------
23698 Aug 29 11:31  Information ESENT                  916 DllHost (20044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.

Stop and disable a Windows service remotely

Get-Service -Name "Rubrik Backup Service" -ComputerName server01 | Stop-Service -PassThru | Set-Service -StartupType disabled