Powershell: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary Tag: Manual revert |
||
| (31 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Powershell= | =Powershell= | ||
==Useful Commands== | ==Useful Commands== | ||
===Show command history=== | |||
<pre>get-history | more</pre> | |||
===Test if port open from one server to another=== | ===Test if port open from one server to another=== | ||
<pre>Test-NetConnection 10.10.10.10 -port 445</pre> | <pre>Test-NetConnection 10.10.10.10 -port 445</pre> | ||
Example output: | Example output: | ||
<pre style="color: white; background: #012456; width: 800px"> | |||
ComputerName : 10.10.10.10 | |||
RemoteAddress : 10.10.10.10 | |||
RemotePort : 445 | |||
InterfaceAlias : Ethernet | |||
SourceAddress : 10.10.10.20 | |||
PingSucceeded : True | |||
PingReplyDetails (RTT) : 29 ms | |||
TcpTestSucceeded : True | |||
</pre> | |||
===Check who rebooted the server=== | |||
<pre>Get-EventLog –Log System –Newest 100 | Where-Object {$_.EventID –eq ‘1074’} | FT MachineName, UserName, TimeGenerated -AutoSize</pre> | |||
Example output: | |||
<pre style="color: white; background: #012456; width: 800px"> | |||
MachineName UserName TimeGenerated | |||
----------- -------- ------------- | |||
server01.lab.local LABLOCAL\user01 28/8/2018 4:28:20 PM | |||
</pre> | |||
===Show DNS Cache=== | |||
<pre>Get-DnsClientCache</pre> | |||
===When was Windows installed=== | |||
<pre>wmic os get installdate</pre> | |||
Example output: | |||
<pre style="color: white; background: #012456; width: 800px"> | |||
InstallDate | |||
20190402093338.000000+060 | |||
</pre> | |||
===Watch port availability=== | |||
<pre>cls;while($true){get-date;$t = New-Object Net.Sockets.TcpClient;try {$t.connect("10.10.10.10",3389);write-host "RDP is up"}catch{write-Host "RDP is down"}finally{$t.close();sleep 30}}</pre> | |||
Example output: | |||
<pre style="color: white; background: #012456; width: 800px"> | |||
Thursday, August 29, 2019 11:27:17 AM | |||
RDP is down | |||
Thursday, August 29, 2019 11:28:08 AM | |||
RDP is down | |||
Thursday, August 29, 2019 11:28:59 AM | |||
RDP is down | |||
Thursday, August 29, 2019 11:29:50 AM | |||
RDP is UP | |||
</pre> | |||
===Watch event viewer=== | |||
<pre>cls;$idxA = (get-eventlog -LogName Application -Newest 1).Index;while($true){$idxA2 = (Get-EventLog -LogName Application -newest 1).index;get-eventlog -logname Application -newest ($idxA2 - $idxA) | sort index;$idxA = $idxA2;sleep 10}</pre> | |||
Example output: | |||
<pre style="color: white; background: #012456; width: 1500px"> | |||
Index Time EntryType Source InstanceID Message | |||
----- ---- --------- ------ ---------- ------- | |||
23698 Aug 29 11:31 Information ESENT 916 DllHost (20044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000. | |||
</pre> | |||
===Stop and disable a Windows service remotely=== | |||
<pre>Get-Service -Name "Rubrik Backup Service" -ComputerName server01 | Stop-Service -PassThru | Set-Service -StartupType disabled</pre> | |||
===Combine multiple txt files to one file=== | |||
This will also go through the sub folders and combine all txt files in to one file: | |||
<pre>Get-ChildItem C:\txts -include *.txt -rec | ForEach-Object {gc $_; ""} | out-file C:\txts\final.txt</pre> | |||
===Count all file types in folder and subfolders=== | |||
<pre>Get-Childitem -Recurse | where { -not $_.PSIsContainer } | group Extension -NoElement | sort count -Desc</pre> | |||
Example output: | |||
<pre style="color: white; background: #012456; width: 1500px"> | |||
Count Name | |||
----- ---- | |||
12285 .jpg | |||
2935 .png | |||
689 .ps1 | |||
375 .log | |||
369 .php | |||
213 .txt | |||
150 .html | |||
122 .csv | |||
62 .1 | |||
59 .2 | |||
59 .3 | |||
55 .4 | |||
54 .5 | |||
</pre> | |||
===Find empty folders and subfolders=== | |||
<pre>(gci -r | ? {$_.PSIsContainer -eq $True}) | ?{$_.GetFileSystemInfos().Count -eq 0} | select FullName</pre> | |||
Example output: | |||
<pre style="color: white; background: #012456; width: 1500px"> | |||
C:\Users\test\Documents\AirDroid | |||
C:\Users\test\Documents\Custom Office Templates | |||
C:\Users\test\Documents\Fax | |||
C:\Users\test\Documents\Rockstar Games | |||
C:\Users\test\Documents\Wondershare | |||
</pre> | |||
===Remove empty folders=== | |||
<pre>(gci -r | ? {$_.PSIsContainer -eq $True}) | ?{$_.GetFileSystemInfos().Count -eq 0} | Remove-item</pre> | |||
===sign out disconnected sessions=== | |||
<pre>quser | Select-String "Disc" | ForEach{logoff ($_.tostring() -split ' +')[2]}</pre> | |||
[[Category:PowerShell]] | |||
<comments /> | |||
Latest revision as of 14:36, 6 March 2023
Powershell
Useful Commands
Show command history
get-history | more
Test if port open from one server to another
Test-NetConnection 10.10.10.10 -port 445
Example output:
ComputerName : 10.10.10.10 RemoteAddress : 10.10.10.10 RemotePort : 445 InterfaceAlias : Ethernet SourceAddress : 10.10.10.20 PingSucceeded : True PingReplyDetails (RTT) : 29 ms TcpTestSucceeded : True
Check who rebooted the server
Get-EventLog –Log System –Newest 100 | Where-Object {$_.EventID –eq ‘1074’} | FT MachineName, UserName, TimeGenerated -AutoSize
Example output:
MachineName UserName TimeGenerated ----------- -------- ------------- server01.lab.local LABLOCAL\user01 28/8/2018 4:28:20 PM
Show DNS Cache
Get-DnsClientCache
When was Windows installed
wmic os get installdate
Example output:
InstallDate 20190402093338.000000+060
Watch port availability
cls;while($true){get-date;$t = New-Object Net.Sockets.TcpClient;try {$t.connect("10.10.10.10",3389);write-host "RDP is up"}catch{write-Host "RDP is down"}finally{$t.close();sleep 30}}
Example output:
Thursday, August 29, 2019 11:27:17 AM RDP is down Thursday, August 29, 2019 11:28:08 AM RDP is down Thursday, August 29, 2019 11:28:59 AM RDP is down Thursday, August 29, 2019 11:29:50 AM RDP is UP
Watch event viewer
cls;$idxA = (get-eventlog -LogName Application -Newest 1).Index;while($true){$idxA2 = (Get-EventLog -LogName Application -newest 1).index;get-eventlog -logname Application -newest ($idxA2 - $idxA) | sort index;$idxA = $idxA2;sleep 10}
Example output:
Index Time EntryType Source InstanceID Message ----- ---- --------- ------ ---------- ------- 23698 Aug 29 11:31 Information ESENT 916 DllHost (20044,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Stop and disable a Windows service remotely
Get-Service -Name "Rubrik Backup Service" -ComputerName server01 | Stop-Service -PassThru | Set-Service -StartupType disabled
Combine multiple txt files to one file
This will also go through the sub folders and combine all txt files in to one file:
Get-ChildItem C:\txts -include *.txt -rec | ForEach-Object {gc $_; ""} | out-file C:\txts\final.txt
Count all file types in folder and subfolders
Get-Childitem -Recurse | where { -not $_.PSIsContainer } | group Extension -NoElement | sort count -Desc
Example output:
Count Name ----- ---- 12285 .jpg 2935 .png 689 .ps1 375 .log 369 .php 213 .txt 150 .html 122 .csv 62 .1 59 .2 59 .3 55 .4 54 .5
Find empty folders and subfolders
(gci -r | ? {$_.PSIsContainer -eq $True}) | ?{$_.GetFileSystemInfos().Count -eq 0} | select FullName
Example output:
C:\Users\test\Documents\AirDroid
C:\Users\test\Documents\Custom Office Templates
C:\Users\test\Documents\Fax
C:\Users\test\Documents\Rockstar Games
C:\Users\test\Documents\Wondershare
Remove empty folders
(gci -r | ? {$_.PSIsContainer -eq $True}) | ?{$_.GetFileSystemInfos().Count -eq 0} | Remove-item
sign out disconnected sessions
quser | Select-String "Disc" | ForEach{logoff ($_.tostring() -split ' +')[2]}
<comments />