Powershell

From roonics
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Powershell

Useful Commands

Show command history

get-history | more

Test if port open from one server to another

Test-NetConnection 10.10.10.10 -port 445

Example output:

ComputerName           : 10.10.10.10
RemoteAddress          : 10.10.10.10
RemotePort             : 445
InterfaceAlias         : Ethernet
SourceAddress          : 10.10.10.20
PingSucceeded          : True
PingReplyDetails (RTT) : 29 ms
TcpTestSucceeded       : True

Check who rebooted the server

Get-EventLog –Log System –Newest 100 | Where-Object {$_.EventID –eq ‘1074’} | FT MachineName, UserName, TimeGenerated -AutoSize

Example output:

MachineName          UserName           TimeGenerated
-----------          --------           -------------
server01.lab.local   LABLOCAL\user01    28/8/2018 4:28:20 PM

Show DNS Cache

Get-DnsClientCache

When was Windows installed

wmic os get installdate

Example output:

InstallDate
20190402093338.000000+060

Watch port availability

cls;while($true){get-date;$t = New-Object Net.Sockets.TcpClient;try {$t.connect("10.10.10.10",3389);write-host "RDP is up"}catch{write-Host "RDP is down"}finally{$t.close();sleep 30}}

Example output:

Thursday, August 29, 2019 11:27:17 AM
RDP is down
Thursday, August 29, 2019 11:28:08 AM
RDP is down
Thursday, August 29, 2019 11:28:59 AM
RDP is down
Thursday, August 29, 2019 11:29:50 AM
RDP is UP

Watch event viewer

cls;$idxA = (get-eventlog -LogName Application -Newest 1).Index;while($true){$idxA2 = (Get-EventLog -LogName Application -newest 1).index;get-eventlog -logname Application -newest ($idxA2 - $idxA) |  sort index;$idxA = $idxA2;sleep 10}

Example output:

Index Time          EntryType   Source                 InstanceID Message
----- ----          ---------   ------                 ---------- -------
23698 Aug 29 11:31  Information ESENT                  916 DllHost (20044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.

Stop and disable a Windows service remotely

Get-Service -Name "Rubrik Backup Service" -ComputerName server01 | Stop-Service -PassThru | Set-Service -StartupType disabled

Combine multiple txt files to one file

This will also go through the sub folders and combine all txt files in to one file:

Get-ChildItem C:\txts -include *.txt -rec | ForEach-Object {gc $_; ""} | out-file C:\txts\final.txt

Count all file types in folder and subfolders

Get-Childitem -Recurse | where { -not $_.PSIsContainer } | group Extension -NoElement | sort count -Desc

Example output:

Count Name                     
----- ----                     
12285 .jpg                     
 2935 .png                     
  689 .ps1                     
  375 .log                     
  369 .php                     
  213 .txt                     
  150 .html                    
  122 .csv                     
   62 .1                       
   59 .2                       
   59 .3                       
   55 .4                       
   54 .5                       

Find empty folders and subfolders

(gci -r | ? {$_.PSIsContainer -eq $True}) | ?{$_.GetFileSystemInfos().Count -eq 0} | select FullName

Example output:

C:\Users\test\Documents\AirDroid                                                                                      
C:\Users\test\Documents\Custom Office Templates                                                                       
C:\Users\test\Documents\Fax                                                                                           
C:\Users\test\Documents\Rockstar Games                                                                                
C:\Users\test\Documents\Wondershare                                                                                   
                    

Remove empty folders

(gci -r | ? {$_.PSIsContainer -eq $True}) | ?{$_.GetFileSystemInfos().Count -eq 0} | Remove-item

sign out disconnected sessions

quser | Select-String "Disc" | ForEach{logoff ($_.tostring() -split ' +')[2]}

‎<comments />