January 2008 - Posts
To backup eventlog, we could use get-eventlog cmdlet to retrieve the entries in the eventlog and then using export-clixml cmdlet to store them in a xml file
get-eventlog security | export-clixml -path Seclog.xml
Once that’s done, you can archive the xml files you created and you can also use import-clixml cmdlet to review the entries in PowerShell
Import-clixml Seclog.xml
After you backup each and every eventlog on the machine, you could delete the eventlogs using the below script
get-eventlog -list |%{$_.clear()}
But be very careful with this as this will delete all the eventlogs with no discrimnation. I have yet to find a way to delete eventlog selectively!
Let’s say you manage a web farm and there are a lot of front end web servers and they are basiclly the same. But as there are so many “cooks in the kitchen”, sometimes the files (for example, the hosts file)are modified unexpectely. You want to identify if the files are modified after certain date (like the release date). You can run the below script against target folder
get-childitem –recurse | where-object {$_.lastwritetime -gt “1/13/2008”}
To find our all the files in the target directory modified in the last 15 days:
$DateToCompare = (Get-date).AddDays(-15)
Get-Childitem –recurse | where-object {$_.lastwritetime –gt $DateToCompare}
Now you can easily modify the above script for multiple remote machines.
As you might guessed, the best place to find currently installed software is from the place that stores information about how to uninstall it – the HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall registry key.
Here is a PS script to list installed software on a local machine – you could add more propertites as you deem approriate
$a = New-Object -comobject Excel.Application
$a.visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = "Name"
$c.Cells.Item(1,2) = "Version"
$c.Cells.Item(1,3) = "Publisher"
$c.Cells.Item(1,4) = "InstalledOn"
$c.Cells.Item(1,5) = "HelpLink"
$c.Cells.Item(1,6) = "UninstallString"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True
$intRow = 2
$Keys = Get-ChildItem HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall
$Items = $keys |foreach-object {Get-ItemProperty $_.PsPath}
foreach ($item in $items)
{
$c.Cells.Item($intRow,1) = $item.Displayname
$c.Cells.Item($intRow,2) = $item.DisplayVersion
$c.Cells.Item($intRow,3) = $item.Publisher
$c.Cells.Item($intRow,4) = $item.InstallDate
$c.Cells.Item($intRow,5) = $item.HelpLink
$c.Cells.Item($intRow,6) = $item.UninstallString
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()
Snapins are PowerShell extensions that contains additional cmdlets and providers.
The following are the steps to use a snapin:
1. You need to obtain the snapin assembly;
2. Copy it to your computer;
3. Register the snapin. From the directory that contains the snapin assembly, run InstallUtil SnapinName.dll. You can find the InstallUtil utility in the .NET Framework installation directory(C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
4. Add the snapin. At the PowerShell prompt, run the command Add-PsSnapin SnapinIdentifier.
5. The comdlets and providers contained in that snapin are ready for use.
To see all the registered Snapins, using the below command
Get-PsSnapin – Registered
Let’s say you need to find out the Windows Installer version on multiple remote machines. If you have SMS in place, this should be an easy task. You can create a dynamic query collection. But what happens if you don’t have SMS in your environment? I wrote a PowerShell script to accomplish this task. Query remote computer for msi.dll (this applies to any interested files) fileversion.
$erroractionpreference = "SilentlyContinue"
$a = New-Object -comobject Excel.Application
$a.visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "File Name"
$c.Cells.Item(1,3) = "Version"
$c.Cells.Item(1,4) = "Report Time Stamp"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True
$intRow = 2
$colComputers = get-content C:\Temp\Machinelist.txt
foreach ($strComputer in $colComputers)
{
$c.Cells.Item($intRow,1) = $strComputer
Function GetFileInfo
{
$Path = "\\"+ $strComputer + "\C$\Windows\System32\msi.dll"
$File = get-item $Path
$c.Cells.Item($intRow,2) = $File.Name
$c.Cells.Item($intRow,3) = $File.VersionInfo.Productversion
}
GetFileInfo
$c.Cells.Item($intRow,4) = Get-date
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()
If you play with PowerShell for a while, you probably use get-help and get-member comdlets a lot. Here I want to mention another very handy cmdlet, get-command
In PowerShell console, type get-command | out-file cmdlets.xls
This will create a spreadsheet which contains all the PowerShell cmdlets. As it stands now for CTP 2.0, it has 155 cmdlets.
Let's say you want to use a cmdlet but you don't know the exact verb-noun combination, but you do remember the verb is "export", you can type the below
PS C:\Users\Ying> get-command -verb export
CommandType Name Definition
----------- ---- ----------
Cmdlet Export-Alias Export-Alias [-Path] <String> [[-Name] <String[]...
Cmdlet Export-Clixml Export-Clixml [-Path] <String> [-Depth <Int32>] ...
Cmdlet Export-Console Export-Console [[-Path] <String>] [-Force] [-NoC...
Cmdlet Export-Csv Export-Csv [-Path] <String> -InputObject <PSObje...
Similarly, if you know the noun is "object", you can do this:
PS C:\Users\Ying> get-command -noun object
CommandType Name Definition
----------- ---- ----------
Cmdlet Compare-Object Compare-Object [-ReferenceObject] <PSObject[]> [...
Cmdlet ForEach-Object ForEach-Object [-Process] <ScriptBlock[]> [-Inpu...
Cmdlet Group-Object Group-Object [[-Property] <Object[]>] [-NoElemen...
Cmdlet Measure-Object Measure-Object [[-Property] <String[]>] [-InputO...
Cmdlet New-Object New-Object [-TypeName] <String> [[-ArgumentList]...
Cmdlet Select-Object Select-Object [[-Property] <Object[]>] [-InputOb...
Cmdlet Sort-Object Sort-Object [[-Property] <Object[]>] [-Descendin...
Cmdlet Tee-Object Tee-Object [-FilePath] <String> [-InputObject <P...
Cmdlet Where-Object Where-Object [-FilterScript] <ScriptBlock> [-Inp...
It’s indeed very handy, isn’t it?