In previous tips we looked at NTFS streams, and you discovered how Windows marks downloaded files with Zone Information streams. You also learned to use Unblock-File to remove such restrictions from files.
In this last part, let’s do the opposite and find files that were downloaded from untrusted sources…
Whenever you download a file from the Internet (or other sources deemed untrusted) and store it on a NTFS drive, Windows silently marks such files with a Zone Identifier. That’s for example why PowerShell refuses to execute scripts downloaded from outside the domain.
You can actually look at the…
In the previous tip we explained how NTFS streams work. However, it wasn’t possible to discover the names of hidden file streams. In PowerShell 5 and better, most cmdlets accessing the filesystem received a new parameter called -Stream. With it, it is now trivial to access NTFS streams, so the example…
In the previous tip we explained how NTFS streams can store additional data about a file which raises the question how you can delete such streams, or discover hidden NTFS streams in the first place.
To remove a hidden named stream, you use Remove-Item – just as if you wanted to delete the entire file…
On NTFS file systems, you can store extra information in hidden file streams. Traditionally, PowerShell accesses file streams via colons, so this attaches hidden text information to a plain text file:
# create a sample file $desktop = [Environment]::GetFolderPath('Desktop') $path = Join-Path
German public broadcasting companies maintain rich TV archives and let users view their shows through web interfaces. There is typically no way to download shows or easily find their download URLs.
The following script downloads an unofficial directory listing of all the shows and their network locations…
To find details about the last logged-on user on Windows, you can query the registry:
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" | Select-Object -Property LastLo*, Idle*
The result looks similar to this:
LastLoggedOnDisplayName : Tobias Weltner…
BITS (Background Intelligent Transfer System) is the technique used by Windows to download huge files such as operating system updates. You can use the service as well, for example to download files asynchronously. When you do this, you don’t need to wait for the download to complete, and you can even…
BITS (Background Intelligent Transfer System) is the technique used by Windows to download huge files such as operating system updates. You can use the same system, too, to download large files. As an extra benefit, you get a nice progress bar while the file is downloading. This example downloads a NASA…
When you see results from commands in the PowerShell console, typically only part of the information is displayed. To see the complete information, you need to send it to Select-Object and explicitly select all properties using the “*” wildcard:
PS> Get-CimInstance -ClassName Win32_BIOS…