Latest Posts
  • Power Tips: Better PowerShell Prompts (Part 2)

    In the previous tip we illustrated how you can define your own “prompt” function to customize the PowerShell prompt.

    One useful item could be to indicate in your prompt whether you are currently granted full Administrator privileges. Here is a prompt function that does this, taken from the…

  • Power Tips: Better PowerShell Prompts (Part 1)

    I know today’s tip isn’t brand new but considering how many people start using PowerShell, it’s worth mentioning again.

    By default, the PowerShell prompt shows the current path which can be long and take away lots of screen real estate. A better way is adjusting the prompt. The most…

  • Power Tips: Reading Recently Installed Software (Improvement #3)

    When reading event log data with Get-WinEvent, in the previous tip we explained how you can use the “Properties” property to extract the event details and use them in your own custom reporting.

    The same can be achieved with a fairly unknown trick. To illustrate, let’s again look at recently…

  • Power Tips: Reading Recently Installed Software (Improvement #2)

    In the previous tip we used Get-WinEvent to read the Windows event log system and get a list of recently installed software, then used Select-Object to pick the properties that yield useful information:

    Get-WinEvent -FilterHashtable @{ ProviderName="MSIInstaller"; ID=1033 } |
    Select-Object
  • Power Tips: Reading Recently Installed Software (Improvement #1)

    In the previous tip we used Get-WinEvent to read the Windows event log system and get a list of recently installed software, similar to this:

    function Shoath
        }
    }
    

    The result is a list of objects, one per installed software, however most of the properties yield unnecessary information:

     
    Message …
  • Power Tips: Reading Recently Installed Software

    The MSI installer logs all successful software installation to the Windows event log system. Here is a one-liner that can read back that information:

    Get-WinEvent -FilterHashtable @{ ProviderName="MSIInstaller"; ID=1033 } |
    Select-Object -Property * 
    


    Twitter This Tip! ReTweet this Tip!

  • Power Tips: Gathering Forensic Process Info

    In order to better understand the processes that run on a server, and possibly identify traces of unwanted processes, PowerShell can dump forensic process information to CSV file in a way that Excel (if installed) can open the file. This way it is easy to review the processes and their command lines…

  • Power Tips: Don’t forget [Math]

    <!doctype html>

    [Math] is a handy static .NET library that you can use inside PowerShell whenever you need more advanced math functions:

     
    PS> [Math] | Get-Member -Static
    
    
       TypeName: System.Math
    
    Name            MemberType Definition
    ----            ---------- ----------
    Abs             Method…
  • Power Tips: Trusting All SSL Sites

    When PowerShell cmdlets download data via HTTPS:, they check whether the server certificate is valid, and if it is not, you receive an exception:

    # this URL always produces an SSL error:
    $url = 'https://expired.badssl.com/'
    
    # fails
    $result = Invoke-RestMethod -Uri $url -UseBasicParsing  
    

    In…

  • Power Tips: Logging Variable Types

    As part of your debugging and quality control you may want to log the data that gets assigned to individual variables. For example, you may want to find out what the actual data types are that are assigned to a given variable, so that you could later strongly-type the variable for added security.

    Here…