MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
August
Sun Mon Tue Wed Thu Fri Sat
   
24 25 26
27 28 29 30 31    
2017
Months
AugSep
Oct Nov Dec


Thu, Aug 17, 2017 11:09 pm

Obtaining information on a system's motherboard with PowerShell

You can obtain information on the motherboard in a computer running Microsoft Windows using PowerShell by means of the Get-Ciminstance cmdlet with the command Get-Ciminstance Win32_Baseboard. E.g., the following example is from a Microsoft Windows 10 system.

PS C:\> get-ciminstance win32_baseboard


Manufacturer : Gigabyte Technology Co., Ltd.
Model        :
Name         : Base Board
SerialNumber :
SKU          :
Product      : GA-78LMT-S2P



PS C:\>

The manufacturer, model number, serial number, SKU, and product number will be displayed if that information can be queried from the motherboard. Note: not all parameters will be available for every motherboard as shown above. For another system, the serial number is available.

PS C:\> get-ciminstance win32_baseboard


Manufacturer : Dell Inc.
Model        :
Name         : Base Board
SerialNumber : .7XCTZ12.CN7016346F0331.
SKU          :
Product      : 088DT1



PS C:\>

You can restrict the displayed information to particular parameters by piping the output to select-object. E.g.:

PS C:\> get-ciminstance win32_baseboard | select-object manufacturer

manufacturer
------------
Gigabyte Technology Co., Ltd.


PS C:\> get-ciminstance win32_baseboard | select-ojbect manufacturer, product

manufacturer                  product
------------                  -------
Gigabyte Technology Co., Ltd. GA-78LMT-S2P


PS C:\>

Another command line alternative to using PowerShell is to use WMIC to determine motherboard information.

[/os/windows/PowerShell] permanent link

Thu, Aug 10, 2017 9:26 pm

Using PowerShell to obtain process information

You can use the Get-CimInstance cmdlet at a PowerShell prompt to obtain information on processes running on a Microsoft Windows system. E.g., to see a list of all the processes currently running on a system, the command gcim win32_process can be used; gcim is an alias for Get-CimInstance, so you can use the shorter alias or Get-CimInstance. The name of the process, its process identifier (PID), handle count, working set size, and virtual memory size are displayed.

[ More Info ]

[/os/windows/PowerShell] permanent link

Sat, Aug 05, 2017 10:47 pm

List Installed Security Patches with PowerShell

If you want to know which security patches were installed on a Microsoft Windows system within a specific time period, e.g., the last month or the last 3 months, you can use a Get-CimInstance command in a PowerShell window. E.g.:

PS C:\Users\Lila> Get-CimInstance -Class win32_quickfixengineering | Where-Object { $_.InstalledOn -gt (Get-Date).AddMonths(-1) }

Source        Description      HotFixID      InstalledBy          InstalledOn
------        -----------      --------      -----------          -----------
              Security Update  KB4025376     NT AUTHORITY\SYSTEM  7/12/2017 12:00:00 AM
              Security Update  KB4025342     NT AUTHORITY\SYSTEM  7/12/2017 12:00:00 AM


PS C:\Users\Lila> Get-CimInstance -Class win32_quickfixengineering | Where-Object { $_.InstalledOn -gt (Get-Date).AddMonths(-3) }

Source        Description      HotFixID      InstalledBy          InstalledOn
------        -----------      --------      -----------          -----------
              Security Update  KB4020821     NT AUTHORITY\SYSTEM  6/17/2017 12:00:00 AM
              Update           KB4021572     NT AUTHORITY\SYSTEM  6/17/2017 12:00:00 AM
              Update           KB4022405     NT AUTHORITY\SYSTEM  6/17/2017 12:00:00 AM
              Security Update  KB4025376     NT AUTHORITY\SYSTEM  7/12/2017 12:00:00 AM
              Security Update  KB4025342     NT AUTHORITY\SYSTEM  7/12/2017 12:00:00 AM


PS C:\Users\Lila>

[ More Info ]

[/os/windows/PowerShell] permanent link

Mon, Mar 06, 2017 11:28 pm

Finding files modified before or after a certain date with PowerShell

On a Microsoft Windows system, you can find files created before or after a specified date using the Get-ChildItem cmdlet. To use the cmdlet, open a PowerShell window - you can do so on a Windows 10 system by typing powershell in the Cortana "Ask me anything" window, hitting Enter, and then clicking on Windows PowerShell, which should be returned as the best match. If you wish to find files and directories before a certain date, you can use a command in the form Get-ChildItem | Where-Object {$_.LastWriteTime -lt date where date is the relevant date. E.g., on a system that uses the date format of mm/dd/yyyy where mm represents the month, dd the day and yyyy the year, a command like the one shown below, which returns a list of the files with a modification time prior to January 1, 2013, can be used:

PS C:\Users\Lila\documents> Get-ChildItem | Where-Object {$_.LastWriteTime -lt '1/1/2013'}


    Directory: C:\Users\Lila\documents


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         9/9/2012  10:36 PM                Book Collector
d-----        11/8/2012   8:25 AM                Corel PaintShop Pro
d-----         4/6/2012   2:37 PM                recovered
-a----        4/14/2012   4:16 PM      761476464 Disc1.bin
-a----        4/14/2012   4:16 PM            941 Disc1.cue


PS C:\Users\Lila\documents>

[ More Info ]

[/os/windows/PowerShell] permanent link

Fri, Oct 07, 2016 11:09 pm

Get-AppLockerFileInformation versus Get-FileHash hash codes

AppLocker is a policy-based security component of Microsoft Windows introduced in Windows 7 Professional, Enterprise and Ultimate editions and Windows Server 2008 R2. It enables or disables execution of software based on rules such as location, properties and digital signature, so it can be used to restrict that software that can be run on a Microsoft Windows system. Executable file restrictions can be based on a hash value, publisher certificate, etc. Further details on AppLocker can be found at An approach for managing Microsoft AppLocker policies.

The Get-AppLockerFileInformation PowerShell cmdlet will return a hash code it labels as "SHA256". But you will find that a hash code it returns differs from one returned by the Get-FileHash cmdlet for executable, e.g., .exe files.

[ More Info ]

[/os/windows/PowerShell] permanent link

Fri, Sep 23, 2016 9:52 pm

Compressing and uncompressing files with PowerShell

If you wish to create a zip file containing the contents of a folder on a Microsoft Windows system from a command line interface (CLI), you can use PowerShell for that purpose. If you have version 5.0 or later of PowerShell, you can use the compress-archive and expand-archive cmdlets - cmdlets (pronounced command-lets) are specialized .NET classes implementing a particular operation. You can determine which version of PowerShell you have by opening a PowerShell window and typing $psversiontable.

[ More Info ]

[/os/windows/PowerShell] permanent link

Sat, Apr 02, 2016 6:20 pm

Verifying the legitmacy of programs with PowerShell cmdlets

If you need to verify the authenticity or legimacy of a program on a Microsoft Windows system, e.g., if you need to check whether the program has remained unaltered since it was provided by the developer or check that it came from the developer it is purportedly from, you can use Windows PowerShell cmdlets to give you a greater degree of confidence.

Oftentimes a developer website will list a cryptographic hash code for a file. The cryptographic hash code allows you to verify that a program that you have on a system is an unaltered copy of the program as it was delivered by the developer, since changing even a single character/byte in a file will result in a different hash code being calculated for the file when it is checked by a program that can calculate hash codes for files. To calculate a cryptographic hash code for a file, you can use a program like md5sum or, on a Microsoft Windows system, you can obtain a SHA-256 hash code value for a file from a Windows PowerShell prompt using the Get-AppLockerFileInformation cmdlet.

[ More Info ]

[/os/windows/PowerShell] permanent link

Sat, Mar 05, 2016 10:15 pm

PowerShell get-process cmdlet

On a Microsoft Windows system, you can obtain a list of all processes that are currently running from a command line interface (CLI) using the Windows PowerShell cmdlet get-process. To see all running processes, obtain a PowerShell prompt and type get-process.

PS C:\> get-process

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
    100       9     1472        848    71    14.06  41452 adb
1018385      17     3028       1008    99 5,303.64 101076 AdobeARM
     79       7     1200       1336    44           56112 armsvc
    127      10     7956       9444    37   101.42 120812 audiodg
   9244     279   233224      22368  1019            1916 avp
   1334      72    51656       3436   263 1,856.22  11692 avp
    427      34    18864      11000  1510            1984 certsrv
    321      29    52752      71604   501     3.73   6524 chrome
    249      25    44344       9356   290   801.09   7820 chrome
<text snipped>
    268      20     4876      11112    60          121708 w3wp
    227      21   618252      31084   688            5428 wbengine
     84       8      892        324    41             656 wininit
    181      10     2432       2752    58             684 winlogon
    364      44    13596      17920   153 2,894.47 102896 WinSCP
   1672      20     9228      18008    81           52428 WmiPrvSE
   4884      20    16476       8936    61            3252 WSSBackup


PS C:\>

The column values are as follows:

[ More Info ]

[/os/windows/PowerShell] permanent link

Wed, Jan 27, 2016 11:33 pm

PowerShell Command to List the Event Logs on a Remote computer

If you want to see what event logs are available on a remote system, you can use the PowerShell command get-eventlog -List -ComputerName system_name where system_name is the name of the remote computer.

PS C:\WINDOWS\system32> Get-EventLog -List -ComputerName Saturn

  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
     512      7 OverwriteOlder            117 Active Directory Web Services
  20,480      0 OverwriteAsNeeded      27,672 Application
  15,168      0 OverwriteAsNeeded       3,563 DFS Replication
     512      0 OverwriteAsNeeded       2,298 Directory Service
  16,384      0 OverwriteAsNeeded          61 DNS Server
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded         103 OAlerts
  16,384      0 OverwriteAsNeeded           0 ODiag
  16,384      0 OverwriteAsNeeded           0 OSession
   5,056      7 OverwriteOlder              0 PRTG Network Monitor
 131,072      0 OverwriteAsNeeded     219,040 Security
  20,480      0 OverwriteAsNeeded      64,223 System
  15,360      0 OverwriteAsNeeded      18,604 Windows PowerShell


PS C:\WINDOWS\system32>

[/os/windows/PowerShell] permanent link

Tue, Jan 26, 2016 9:54 pm

Viewing the "Modern" aka "Metro" apps on a Microsoft Windows system

If you want to see a list of only the "Modern", aka "Metro" apps installed on a Microsoft Windows system, get a Windows PowerShell prompt, which you can do on Windows 10 by clicking on the Start button, or hitting Ctrl-Esc, then typing PowerShell then right-click on Windows PowerShell and choose "Run as administrator". Then type Get-AppxPackage and hit Enter.

Windows PowerShell
Copyright (C) 2015 Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> Get-AppxPackage | more


Name              : Microsoft.Getstarted
Publisher         : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture      : X64
ResourceId        :
Version           : 2.6.12.0
PackageFullName   : Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe
InstallLocation   : C:\Program Files\WindowsApps\Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe
IsFramework       : False
PackageFamilyName : Microsoft.Getstarted_8wekyb3d8bbwe
PublisherId       : 8wekyb3d8bbwe
IsResourcePackage : False
IsBundle          : False
IsDevelopmentMode : False

Name              : Microsoft.MicrosoftOfficeHub
Publisher         : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture      : X64
ResourceId        :
Version           : 17.6605.23751.0
PackageFullName   : Microsoft.MicrosoftOfficeHub_17.6605.23751.0_x64__8wekyb3d8bbwe
InstallLocation   : C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6605.23751.0_x64__8wekyb3d8bbwe
IsFramework       : False
PackageFamilyName : Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe
PublisherId       : 8wekyb3d8bbwe
IsResourcePackage : False
IsBundle          : False
IsDevelopmentMode : False

Name              : Microsoft.CommsPhone
Publisher         : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture      : X64
ResourceId        :
Version           : 2.12.14001.0
PackageFullName   : Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe
InstallLocation   : C:\Program Files\WindowsApps\Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe
IsFramework       : False
PackageFamilyName : Microsoft.CommsPhone_8wekyb3d8bbwe
PublisherId       : 8wekyb3d8bbwe
IsResourcePackage : False
IsBundle          : False
IsDevelopmentMode : False

Name              : Microsoft.XboxApp
Publisher         : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture      : X64
ResourceId        :
Version           : 11.13.6008.0
-- More  --

If you don't want to see all of the details for the installed packages, just the name, use Get-AppxPackage | findstr "^Name" - put the ^ before "Name" so that you get lines beginning with "Name" and not those beginning with "PackageFullName" and "PackageFamilyName".

PS C:\> Get-AppxPackage | findstr "^Name" | more
Name              : Microsoft.Getstarted
Name              : Microsoft.MicrosoftOfficeHub
Name              : Microsoft.CommsPhone
Name              : Microsoft.XboxApp
Name              : Microsoft.MicrosoftSolitaireCollection
Name              : Microsoft.WindowsCamera
Name              : Microsoft.Office.Sway
Name              : Microsoft.WindowsMaps
Name              : Microsoft.Messaging
Name              : Microsoft.BingFinance
Name              : Microsoft.BingWeather
Name              : Microsoft.BingSports
Name              : Microsoft.BingNews
Name              : king.com.CandyCrushSodaSaga
Name              : Microsoft.Windows.Photos
Name              : Microsoft.VCLibs.140.00
Name              : Microsoft.VCLibs.140.00
Name              : Microsoft.NET.Native.Framework.1.1
Name              : Microsoft.NET.Native.Framework.1.1
Name              : Microsoft.NET.Native.Framework.1.2
Name              : Microsoft.NET.Native.Runtime.1.1
Name              : Microsoft.NET.Native.Framework.1.0
Name              : Microsoft.NET.Native.Framework.1.0
Name              : Microsoft.NET.Native.Runtime.1.0
Name              : Microsoft.NET.Native.Runtime.1.0
Name              : Microsoft.AAD.BrokerPlugin
Name              : Microsoft.BioEnrollment
Name              : Microsoft.Windows.CloudExperienceHost
Name              : Microsoft.Windows.ShellExperienceHost
Name              : windows.immersivecontrolpanel
Name              : Microsoft.Windows.Cortana
Name              : Microsoft.AccountsControl
Name              : Microsoft.LockApp
Name              : Microsoft.MicrosoftEdge
Name              : Microsoft.Windows.AssignedAccessLockApp
Name              : Microsoft.Windows.ContentDeliveryManager
Name              : Microsoft.Windows.ParentalControls
Name              : Microsoft.Windows.SecondaryTileExperience
Name              : Microsoft.WindowsFeedback
Name              : Microsoft.XboxGameCallableUI
Name              : Microsoft.XboxIdentityProvider
Name              : Windows.ContactSupport
Name              : Windows.MiracastView
Name              : Windows.PrintDialog
Name              : Windows.PurchaseDialog
Name              : Microsoft.NET.Native.Runtime.1.1
Name              : Microsoft.NET.Native.Framework.1.2
Name              : 9E2F88E3.Twitter
Name              : windows.devicesflow
-- More  --

[/os/windows/PowerShell] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo