Blog - Post List
  • Power Tips: Safely Using WMI in PowerShell (Part 1)

    WMI (Windows Management Instrumentation) is part of any Windows operating system and a common and widely used way of getting information about a computer system. PowerShell originally introduced the Get-WmiObject cmdlet. In PowerShell 3, the more modern Get-CimInstance was added.

    Since Windows PowerShell always kept the old Get-WmiObject cmdlet for backwards compatibility, many scripters kept using it and ignored Get…

    • 14 Nov 2019
  • Power Tips: Converting Word Documents from .doc to .docx (Part 2)

    Converting old Word documents to the new .docx format can be a lot of work, and in part 1 you learned the basic steps to automate conversion.

    However, to do it right, there are a number of extra steps. If you want to adhere to security guide lines, you need to find out whether there are macros in the documents, and change the extension accordingly. Also, if a document is in read-only mode, you cannot convert it and should…

    • 12 Nov 2019
  • Power Tips: Converting Word Documents from .doc to .docx (Part 1)

    Converting old Word documents to the new .docx format can be a lot of work. Thanks to PowerShell, you can automate the conversion:

    function Convert-WordDocument
            # launch Word
            $word = New-Object -ComObject Word.Application
    • 8 Nov 2019
  • Power Tips: Exploring PowerShell Modules

    Most PowerShell commands live in modules, and by adding new modules, you can add new commands to your PowerShell environment. To find out whether a command lives in a module, use Get-Command. The next line returns the module that ships the command Get-Service:

    PS C:\> Get-Command -Name Get-Service | Select-Object -ExpandProperty Module

    If the Module property is empty, then the command does not ship via a module…

    • 6 Nov 2019
  • Power Tips: WMI Explorer

    WMI (Windows Management Instrumentation) is a great information source: you can find almost any information about your computer somewhere. The hard part isn’t the WMI query itself. The hard part is finding out the appropriate WMI class names and properties:

    To get information about your BIOS, for example, run this:

    PS> Get-CimInstance -ClassName Win32_BIOS
    SMBIOSBIOSVersion : 1.0.9
    Manufacturer      : Dell Inc…
    • 4 Nov 2019
  • Power Tips: Turning Objects into Hash Tables

    Often, a single object needs to be examined, i.e. a process or an Active Directory user. When you display an object in a grid view window such as Out-GridView, the entire object is displayed in one long line.

    A much better approach is to convert an object into a hash table. This way, each property is displayed in its own line, and you can search for individual properties via the text filter on top of the grid view window…

    • 31 Oct 2019
  • Power Tips: Object Magic (Part 4)

    How about turning a single object into a hash table? This way, you can display one object property per line when you output the object in a grid view window:

    # get any object
    $object = Get-Process -Id $pid
    # try and access the PSObject
    $hash = $object.PSObject.Properties.Where{$null -ne $_.Value}.Name | 
        Sort-Object |
        ForEach-Object { $hash = [Ordered]@{} } { $hash[$_] = $object.$_ } { $hash }
    # output regularly…
    • 29 Oct 2019
  • Power Tips: Object Magic (Part 3)

    Let’s assume you want to hide all object properties that have no value (are empty). Here is a simple approach:

    # get any object
    $object = Get-Process -Id $pid
    # try and access the PSObject
    $propNames = $object.PSObject.Properties.Where{$null -ne $_.Value}.Name
    $object | Select-Object -Property $propNames

    This will output only the properties that have a value. You could even make sure the properties are sorted…

    • 25 Oct 2019
  • Power Tips: Object Magic (Part 2)

    Via the secret “PSObject” property, you can get detailed information about object members. For example, if you’d like to know which object properties can actually be changed, try this:

    # get any object
    $object = Get-Process -Id $pid
    # try and access the PSObject

    The result is a list of properties in Process objects that can be assigned new values…

    • 23 Oct 2019
  • Power Tips: Object Magic (Part 1)

    In PowerShell, most data are represented as PSObjects, a specific object “wrapper” added by PowerShell. To get to this specific wrapper, objects have a secret property called “PSObject”. Let’s take a look:

    # get any object
    $object = Get-Process -Id $pid
    # try and access the PSObject
    # get another object
    $object = "Hello"
    # try again

    As you’ll…

    • 21 Oct 2019
  • Power Tips: Encrypting Text (Part 2)

    This is the second part of our text encryption/decryption series. In the first part you learned how you can safely encrypt text on a machine. Now let’s take a look at the decrypting part.

    To successfully decrypt text, you must specify the same encoding that was used during encryption. Based on your encryption parameters, you must specify the same password, and based on the -Scope settings, decryption will work only…

    • 17 Oct 2019
  • Power Tips: Encrypting Text (Part 1)

    Let’s take a look at a safe way of encrypting text on a computer. The below Protect-Text function takes any text and encrypts it automatically, no password needed. Instead of a password, it uses either your user account and machine, or just your machine as a secret.

    If you use -Scope LocalMachine, any user on that machine can decrypt the text, but if the text is leaked to someone else, it cannot be decrypted on…

    • 15 Oct 2019
  • Power Tips: Creating NT4 Password Hashes

    Internally, Active Directory stores all passwords as so-called NTLM Hashes. There are a number of security-analysis tools that can read and dump these hashes.

    While there fortunately is no feasible way of decrypting these hashes and retrieving the original passwords, you can take a (known) password and turn it into an NTLM hash yourself. This is the fundamental procedure of dictionary attacks: they take long lists of…

    • 11 Oct 2019
  • Power Tips: Simple PowerShell Chat

    Here’s a fun PowerShell script that you can use to create a simple multi-channel chat room. All you need is a network share where everyone has read and write permissions.

    The chat is file-based and makes use of PowerShell’s ability to monitor files for changes. So essentially, each chat channel is a text file, and whenever someone wants to “say” something, a text line is added to the file. Anyone connected to the…

    • 9 Oct 2019
  • Power Tips: Testing Password Strength

    In previous tips, we already talked about services such as They harvest leaked passwords from previous hacker attacks so you can check whether your password has been compromised and is likely to be included in future dictionary attacks.

    Below, you find two useful functions: Test-Password asks for a SecureString so when you get prompted, your input is masked. Convert-SecureStringToText then converts…

    • 7 Oct 2019
  • Power Tips: Converting SecureString to Text

    It can be very useful to be able to convert an encrypted SecureString back to a plain text. This way, for example, you can use PowerShell’s “masked input” features. Simply ask for a SecureString, and PowerShell takes care of masking the user input. Next, take the SecureString and turn it into a plain text so you can use it internally for whatever you like:

    function Convert-SecureStringToText
    • 3 Oct 2019
  • Power Tips: Embedding Binaries (Pictures, DLLs) in PowerShell Scripts

    If your script requires external binary resources such as picture files or DLLs, you can of course ship them together with your script. You could, however, also embed these binaries as text in your script files:

    • Read the binary files as bytes
    • Save the bytes as Base64-encoded strings

    This way, your script can then read the Base64-encoded binaries from a text variable, turn the data back into bytes, and write them back…

    • 1 Oct 2019
  • Power Tips: Built-In SSH support in Windows 10

    In October 2018, a Windows 10 update added built-in SSH support to Windows 10. From now on, Windows 10 ships with a command-line tool called “ssh”. You can use it from within PowerShell to connect to other devices (including IoT, Raspberry Pi, etc) without the need for 3rd party tools:

    PS> ssh
    usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
               [-b bind_address] [-c cipher_spec] [-D [bind_address…
    • 27 Sep 2019
  • Power Tips: Playing with Latest PowerShell Core Version

    In the previous tip we illustrated how you can download a PowerShell script which automatically downloads the latest version of PowerShell Core.

    This script supports a number of parameters. By default, it fetches the latest (stable) production version. If you’d like to play with the latest version including preview versions, use the -Preview parameter. And, if you’d like to install it using an MSI package, add -MSI.…

    • 25 Sep 2019
  • Power Tips: Installing PowerShell Core

    As you probably know, Windows PowerShell (the one shipping in Windows) is done, and all efforts go into development of the new cross-platform PowerShell Core. This new PowerShell version is not (yet) shipping out-of-the-box in Windows, so in order to play with it, you need to download it manually.

    Fortunately, there is a script that does the heavy-lifting for you. This is how you can download the script source code:

    • 23 Sep 2019
  • Power Tips: Finding Public IP Address

    Here is a one-liner that retrieves your current public IP address:

    PS> Invoke-RestMethod -Uri
    ip       :
    hostname :
    city     : Hannover
    region   : Lower Saxony
    country  : DE
    loc      : 52.3705,9.7332
    org      : AS3320 Deutsche Telekom AG
    postal   : 30159
    timezone : Europe/Berlin
    readme   :

    Twitter This Tip! ReTweet this Tip!

    • 19 Sep 2019
  • Power Tips: Real-Time Log Processing

    PowerShell comes with a powerful yet simple way of monitoring file changes. Let’s assume you have a log file that changes every now and then. This would be a PowerShell script that monitors the log file for changes, and whenever a change occurs, executes some code:

    # make sure this points to a log file
    $Path = '\\myserver\report2.txt'
    Get-Content -Path $Path -Tail 0 -Wait |
    ForEach-Object {
    • 17 Sep 2019
  • Power Tips: Detecting Key Press

    Typically, key press detection is supported only in true console windows, so this approach won’t work for the PowerShell ISE and other PowerShell hosts.

    However, PowerShell can borrow a type from the Windows Presentation Foundation that can check the state of any key. This way, it becomes trivial to implement an “abort” key that works in any PowerShell script, whether it runs in the console, Visual Studio Code,…

    • 13 Sep 2019
  • Power Tips: Detecting Storage Issues

    In Windows 10 and Windows Server 2016, PowerShell can access storage reliability data so you can find out whether there is something wrong with one of the attached storage drives. This requires Administrator privileges to execute:

    PS> Get-PhysicalDisk | Get-StorageReliabilityCounter
    DeviceId Temperature ReadErrorsUncorrected Wear PowerOnHours
    -------- ----------- --------------------- ---- ------------
    0          …
    • 11 Sep 2019
  • Power Tips: Resetting Winsock

    PowerShell can execute internal PowerShell commands and also regular console commands, so it’s not a bad thing to continue to use console commands for proven tasks.

    For example, if you’d like to reset your winsocks, this would be a reliable solution:

    #requires -RunAsAdministrator
    netsh winsock reset
    netsh int ip reset

    Note that this code requires Administrator privileges, and may require a system restart…

    • 9 Sep 2019