#reads event logs for filter and exports to
$Date = (Get-Date).AddMinutes(-30)
$LogName = 'Security'
$ProviderName = "Microsoft-Windows-Security-Auditing"
$EventID = 6273
$computer = "server.microsoft.com"
Write-Output "Searching $computer"
$Events = Get-WinEvent -ComputerName $computer -FilterHashtable @{
LogName = $LogName
ProviderName = $ProviderName
Id = $EventID
StartTime = $Date
}
$report = @()
$Events | ForEach-Object -Process {
[xml]$ConvertedFromXML = $_.ToXml()
$params = @{}
foreach ($entry in $ConvertedFromXML.Event.EventData.Data) {
$name = $entry.Name
$Value = $entry.'#text'
$params[$name] = $Value
}
$report += [pscustomobject]$params
}
$report | Export-Csv -NoTypeInformation -Path "C:\Temp\Events.csv"
Showing posts with label windows. Show all posts
Showing posts with label windows. Show all posts
Friday, September 20, 2024
Powershell: Read windows event log remotely and write to csv
Monday, April 18, 2016
Powershell: Get services and accounts used to run them on all computers using Jobs
cls
####################
#By Tony Unger
#Purpose: inventory all services and user accounts running them with jobs
#
##
$myCol = @()
$i =0
$servers = get-adcomputer -filter * | select -expand name
$scriptblock = {
param([string]$server)
get-wmiobject win32_service -computername $Server | select *
}
$ServersCount = $Servers.count
foreach($server in $Servers){
$i++
$running = @(Get-Job | Where-Object { $_.State -eq 'Running' })
Write-Progress -Activity "Gathering computer info" -status "Currently on $server -- $i of $ServersCount" -percentComplete ($i / $ServersCount*100)
if ($running.Count -le 50) {
Start-Job -ScriptBlock $scriptblock -Name $server -ArgumentList $server, $creds
}
else {
$running | Wait-Job
}
}
while ($running.Count -ge 1) {
sleep 1
$running = @(Get-Job | Where-Object { $_.State -eq 'Running' })
}
foreach ($job in Get-Job ){
$recjobs = Receive-Job -Keep -Job $job
foreach ($recjob in $recjobs){
$Detail = New-Object PSObject
$Detail | Add-Member Noteproperty Caption $recjob.Caption
$Detail | Add-Member Noteproperty Name $recjob.name
$Detail | Add-Member Noteproperty Startname $recjob.startname
$Detail | Add-Member Noteproperty Server $recjob.__SERVER
$myCol += $Detail
}
}
Friday, June 5, 2015
Windows: Multiple users, one user gets a blue flash while attempting to launch applications while the other user works fine
I came across an interesting issue where if more then one user is on a Win 2012 r2 server there would be a blue flash while one of the users attempted to launch an application. While the other user would work just fine launching applications. If the user that was working fine logged off the user that was previously not working then would be able to launch applications.
In the event log i saw something similar to this:
Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xdd4
Faulting application path: C:\Windows\explorer.exe
Faulting module path: unknown
Faulting package full name:
Faulting package-relative application ID:
Well it turns out Winzip 19+ was installed on the server and seems to have been the root cause of the issue. I found the fix to be disabling Explorer File Association Helper in Winzip Options
In the event log i saw something similar to this:
Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xdd4
Faulting application path: C:\Windows\explorer.exe
Faulting module path: unknown
Faulting package full name:
Faulting package-relative application ID:
Well it turns out Winzip 19+ was installed on the server and seems to have been the root cause of the issue. I found the fix to be disabling Explorer File Association Helper in Winzip Options
Sunday, April 5, 2015
Windows 10 - ox80073cff Mail, Calendar, and People apps won't install
ox80073cff
- In this build, the Mail, Calendar, and People apps may be broken due to a licensing issue with the Store Beta. To get these apps working again, you need to follow these steps:
- Open powershell as administrator
- Run the command Get-appxprovisionedpackage –online | where-object {$_.packagename –like “*windowscommunicationsapps*”} | remove-appxprovisionedpackage –online
- Re-install Mail, People and Calendar from the Store (green tile)
http://blogs.windows.com/bloggingwindows/2015/03/18/windows-10-technical-preview-build-10041-now-available/
If you now get this error 0x80246007 try running: from and administrator command prompt
DISM /Online /Cleanup-Image /RestoreHealth
Sunday, January 25, 2015
Bring back the windows 10 start menu.
Just follow the steps below:
- Right click on the Start Button and select "Run"
- Type "regedit"
- Navigate to HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Explorer>Advance
- Create a new DWORD (32-bit) value, call it "EnableXamlStartMenu"
- Restart Explorer
Found from
http://www.winbeta.org/news/how-bring-back-old-resizable-start-menu-running-windows-10-build-9926
Saturday, August 23, 2014
Powershell - get all host files on domain.
Purpose: This script will search AD for Window computers and attempted to connect to each one. Then it will read the contents of the host file and write them to a csv file.
Note: This will take a while to run unless someone wants to make it multithreaded.
I just wrote this so there may need to be some bug fixes but in general it seemed to work.
#Read all host files and write to CSV file
Import-Module ActiveDirectory
$PATH = "c:\temp\hostfiles.csv"
$myCol = @()
$AllComputers = Get-ADComputer -Filter {OperatingSystem -Like "Windows*"} -Property * | Select -Expand Name
foreach ($Computer in $AllComputers){
$i++
Write-Progress -activity "Scanning Machine $Computer " -status "Scanned: $i of $($AllComputers.Count)" -percentComplete (($i / $AllComputers.Count) * 100)
Get-Content -Path "\\$Computer\c$\windows\system32\drivers\etc\hosts" |
where {!$_.StartsWith("#")} |
foreach {
if ($_ -ne ""){
$data = $_ -split " ",2
$Hosts = New-Object -TypeName PSObject -Property @{
Host = $Computer
IPAddress = $data[0].Trim()
Node = $data[1].Trim()
}
}
$myCol += $Hosts
}
$myCol |Select Host,Node,IPAddress| Export-Csv -Path $PATH -NoTypeInformation
}
Tuesday, August 5, 2014
Powershell: Get list of all services accounts used on Windows servers in domain.
Purpose: This script will search AD for Windows Servers that are enabled and attempted to connect to each server and get a listing of all services and the accounts used to run them.
Note: This will take a while to run unless someone wants to make it multithreaded.
I just wrote this so there may need to be some bug fixes but in general it seemed to work.
Requirements: RSAT tools WMI
Import-Module activedirectory
cls
$ServicesReport = @()
$AllServers = Get-ADComputer -Filter {(OperatingSystem -Like "Windows Server*")-and (enabled -eq "true")} -Property SamAccountName | select -expand Name
$i = 0
foreach($Server in $AllServers) {
$i++
Write-Host "Working on Server: $Server " $i " of " $AllServers.Count
try
{
if (Test-Connection -ComputerName $Server -Quiet) {
$Services = Get-WmiObject win32_service -ComputerName $Server | select Name,
@{N="StartupType";E={$_.StartMode}},
@{N="ServiceAccount";E={$_.StartName}},
@{N="SystemName";E={$_.Systemname}}
foreach ($Service in $Services) {
$Detail = New-Object PSObject
$Detail | Add-Member Noteproperty ServiceName $($Service.Name)
$Detail | Add-Member Noteproperty StartupType $Service.StartupType
$Detail | Add-Member Noteproperty ServiceAccount $Service.ServiceAccount
$Detail | Add-Member Noteproperty SystemName $Service.Systemname
$ServicesReport += $Detail
}
}
}
Catch
{
$Detail = New-Object PSObject
$Detail | Add-Member Noteproperty ServiceName "NA"
$Detail | Add-Member Noteproperty StartupType "NA"
$Detail | Add-Member Noteproperty ServiceAccount "Error"
$Detail | Add-Member Noteproperty SystemName $Server
$ServicesReport += $Detail
}
}
$ServicesReport | Export-Csv -Path c:\temp\test.csv -NoTypeInformation
Wednesday, April 24, 2013
Enable USB that has been disabled via GPO
Save the following as a batch file and run as a local admin account:
REM REM icacls c:\Windows\inf\usbstor.inf /reset icacls c:\Windows\inf\usbstor.pnf /reset reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies" /v WriteProtect /t REG_DWORD /d 00000000 /f REM REM REM REM
Note:
This will fix the installation of SP1 for Win7/2008r2 that fails because of usb being disabled.
Subscribe to:
Posts (Atom)
-
Here is an excel document I created that will ping a list of nodes in column A and give results in column B. There are much better tools th... -
#reads event logs for filter and exports to $Date = ( Get-Date ).AddMinutes(-30) $LogName = 'Security' $ProviderName = ...
-
Using Google Chrome or MS Edge: Disable Javascript post page load. 1. Open console in dev tools 2. press ctrl - alt - p 3. In the run dial...