Difference between revisions of "Global Knowledge PowerShell Training"
(→Notes) |
(→EOF) |
||
(27 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
* [http://www.makeuseof.com/tag/boost-productivity-windows-powershell-scripts/ Boost Productivity with Windows PowerShell Scripts] | * [http://www.makeuseof.com/tag/boost-productivity-windows-powershell-scripts/ Boost Productivity with Windows PowerShell Scripts] | ||
− | = Notes = | + | == Books == |
+ | * Windows PowerShell Pocket Reference (O'Reilly) | ||
+ | * Windows PowerShell 2.0 Administrator's Pocket Consultant | ||
+ | * Windows PowerShell Programming for the Absolute Beginner | ||
+ | * http://www.powershell.com (3rd Party) | ||
+ | * [https://technet.microsoft.com/en-us/scriptcenter/bb410849.aspx Microsoft ScriptCenter PowerShell] | ||
+ | * [http://technet.microsoft.com/scriptcenter PowerShell ScriptCenter] | ||
+ | |||
+ | = Day One Notes = | ||
Different versions of PowerShell are available for different OS's. Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows. Newer versions of Powershell work better with Newer versions of Microsoft Windows. | Different versions of PowerShell are available for different OS's. Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows. Newer versions of Powershell work better with Newer versions of Microsoft Windows. | ||
Line 23: | Line 31: | ||
----- | ----- | ||
− | [Category:Training] | + | help dir -Online |
− | [Category:Work] | + | |
− | [Category:PowerShell] | + | help dir -ShowWindow |
− | [Category:Scripting] | + | |
+ | The "-WhatIf" option will allow you to "Dry Run" a command that might modify something on the system. | ||
+ | |||
+ | The "-Confirm" option allows for a Y/N query per item for any command that MODIFIES the system. | ||
+ | |||
+ | |||
+ | get-command | ||
+ | |||
+ | get-command | measure-object | ||
+ | |||
+ | get-command | out-gridview | ||
+ | |||
+ | Show-Command Get-ChildItem | ||
+ | |||
+ | The "back tick" character (above the TAB key) is the "Line Continued Below" reference. | ||
+ | |||
+ | help dir `<br> | ||
+ | -ShowWindow | ||
+ | |||
+ | is the same as | ||
+ | |||
+ | help dir -ShowWindow | ||
+ | |||
+ | ----- | ||
+ | |||
+ | get-service | sort-object -Property Status | Out-File Service.txt | ||
+ | |||
+ | same as ... | ||
+ | |||
+ | get-service | sort-object -Property Status > C:\Service.txt | ||
+ | ----- | ||
+ | get-service | sort-object -Property Status | Out-File Service.txt -Append | ||
+ | |||
+ | same as ... | ||
+ | |||
+ | get-service | sort-object -Property Status >> C:\Service.txt | ||
+ | |||
+ | == Objects == | ||
+ | get-process | get-member | ||
+ | |||
+ | Get-Member will output the member properties for an Object | ||
+ | |||
+ | ----- | ||
+ | |||
+ | get-service | Format-Table * | ||
+ | |||
+ | get-service spooler | Format-list | ||
+ | |||
+ | ----- | ||
+ | |||
+ | dir | get-member | ||
+ | |||
+ | ----- | ||
+ | |||
+ | get-service | format-table status,name | get-member | ||
+ | |||
+ | Output references the output of the Format-Table object rather than the Get-Service object. | ||
+ | |||
+ | Format-Table/Format-List should usually be the LAST command in a Pipe Line. | ||
+ | |||
+ | ----- | ||
+ | |||
+ | get-service | sort-object - property name | ||
+ | |||
+ | get-process | sort Name,ID | ||
+ | |||
+ | get-process | sort VM -Descending (or -desc, abbreviations work for more items as long as they are unique) | ||
+ | |||
+ | ----- | ||
+ | |||
+ | notepad;notepad;notepad | ||
+ | |||
+ | WIll open three instances of NotePad.exe | ||
+ | |||
+ | get-process | sort Name,ID | format-list | ||
+ | |||
+ | ----- | ||
+ | |||
+ | get-process | measure -property VM | ||
+ | |||
+ | get-process | measure -property VM -Sum -Average -Maximum -Minimum | ||
+ | |||
+ | ----- | ||
+ | |||
+ | Select-Object | ||
+ | |||
+ | get-process | ft Name,VM,PM | ||
+ | |||
+ | get-process | format-table Name,VM,PM | ||
+ | |||
+ | Can't sort this by VM now because it's been destroyed by the Format-Table command. | ||
+ | |||
+ | You have to change how you sort. | ||
+ | |||
+ | Get-Process | Select-Object Name,VM,PM | Sort VM -desc | ||
+ | |||
+ | The Select-Object command extracts the Name,VM,PM objects and preserves them for future actions. | ||
+ | |||
+ | ----- | ||
+ | |||
+ | get-process | sort vm -desc | select-object name,vm,pm -First 10 | ||
+ | |||
+ | Top 10 memory consumers. | ||
+ | |||
+ | ----- | ||
+ | |||
+ | Get-Process | Select-Object Name,@{l="VM(MB)";e={$_.vm / 1mb}} | ||
+ | |||
+ | = Day Two Notes = | ||
+ | Remember that teh Get-Member object will display the Properties for a given object | ||
+ | |||
+ | Get-Date | Get-Member | ||
+ | ----- | ||
+ | Display the Help for an object in a seperate Windows. | ||
+ | |||
+ | Help <object> -ShowWindow | ||
+ | ----- | ||
+ | The SELECT-OBJECT component will allow you to filter the results returned. | ||
+ | |||
+ | Get-DHCPServerv4Scope -ComputerName LON-DC1 | Select-Object -Property ScopeID,SubnetMask,Name | ||
+ | ----- | ||
+ | |||
+ | == Filtering Objects == | ||
+ | |||
+ | Comparison Operators are not the usual operators (=, >, <, etc) | ||
+ | Equal -eq -ceq | ||
+ | Inequality -ne -cne | ||
+ | Greater than -gt -cgt | ||
+ | Less than -lt -lt | ||
+ | Like -like (Allows wild cards * or ?) | ||
+ | |||
+ | HELP About_* | ||
+ | |||
+ | HELP about_Comparison_Operators | ||
+ | ----- | ||
+ | == Where-Object == | ||
+ | There are version compatibility issues with Where-Object/Where commands. | ||
+ | |||
+ | WHERE-OBJECT is aliased by WHERE and by ? | ||
+ | |||
+ | PowerShell 3/4 - Cannot handle the complex queries shown below | ||
+ | |||
+ | Get-Service | Where Status -eq Running | ||
+ | |||
+ | PowerShell 3/4 - AKA Advanced Formatted Filter | ||
+ | |||
+ | Get-Service | Where-Object -Filter {$PSItem.Status -eq 'Running'} | ||
+ | |||
+ | PowerShell 2/3/4 - AKA Advanced Formatted Filter Command, works everywhere. | ||
+ | |||
+ | Get-Service | Where-Object -Filter {$_.Status -eq 'Running' -and $_name -like "*win*"} | ||
+ | |||
+ | == Object Enumeration in the Pipeline == | ||
+ | |||
+ | === For Each Enumeration === | ||
+ | |||
+ | $MyServices = Get-Services | ||
+ | |||
+ | $MyServices | ForEach-Object Name | ||
+ | |||
+ | Outputs just the Service Names (% and ForEach are Aliases for ForEach-Object) | ||
+ | |||
+ | $MyServices.Name (works in versions greater than v2.0) | ||
+ | |||
+ | These two version present different output. Try them. | ||
+ | |||
+ | $MyServices | ForEach-Object {Write "The service name is:" $_.Name} | ||
+ | |||
+ | $MyServices | ForEach-Object {Write "The service name is: $($_.Name)"} | ||
+ | ----- | ||
+ | $MyServices | where {$_.Name -eq "Spooler"} | ||
+ | |||
+ | $MyServices | where {$_.name -eq "Spooker"} | forEach {$_.stop()} | ||
+ | |||
+ | Simplest version of this ... | ||
+ | |||
+ | $MyServices | ? Name -eq Spooler | % -MemberName Stop | ||
+ | ----- | ||
+ | Get-ChildItem -Path C:\Example -File | ForEach-Object -MemberType Encrypt | ||
+ | |||
+ | Get-ChildItem C:\Test -File | ForEach-Object {$_.Encrypt()} | ||
+ | ----- | ||
+ | get-aduser -Filter * | ||
+ | |||
+ | get-aduser -filter * -SearchBase "cn=Users,dc=Adatum,dc=com" | ||
+ | |||
+ | get-EventLog -LogName Security | where EventID -eq 4624 | ||
+ | |||
+ | get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message | ||
+ | |||
+ | get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message | ConvertTo-HTML | Out-File EventReport.html | ||
+ | |||
+ | Get-ChildItem -Path CERT: -recurse | ||
+ | |||
+ | Get-ChildItem -Path CERT: -recurse | Get-Member | ||
+ | |||
+ | Get-ChildItem -Path CERT: -recurse | where HasPrivateKey -eq $False | ||
+ | |||
+ | Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)} | ||
+ | |||
+ | Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)} | Select Issuer,NotBefore,NotAfter | ||
+ | ----- | ||
+ | Get-Volume | ||
+ | |||
+ | Get-Volume | Where-Object {$_.SizeRemaining -gt 0} | ||
+ | |||
+ | Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .99 } | ||
+ | |||
+ | Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .1 } | ||
+ | ----- | ||
+ | Get-ControlPanelItem | ||
+ | |||
+ | Get-ControlPanelItem -Category 'System and Security' | ||
+ | |||
+ | Did not need to include the Where-Object item | ||
+ | ----- | ||
+ | Get-ChildItem -Path CERT: -Recurse | ||
+ | |||
+ | Get-ChildItem -Path CERT: -Recurse | Get-Member | ||
+ | |||
+ | Get-ChildItem -Path CERT: -Recurse | ForEach GetKeyAlgorithm | ||
+ | |||
+ | Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | ||
+ | |||
+ | Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | Get-Member | ||
+ | |||
+ | Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | ForEach Reboot | ||
+ | |||
+ | 1..100 | ||
+ | |||
+ | 1..100 | ForEach { Get-Random -SetSeed $_ } | ||
+ | |||
+ | === Module 3 === | ||
+ | GM is an Alias for Get-Member! | ||
+ | |||
+ | === Module 4 === | ||
+ | |||
+ | get-adcomputer -Filter * | select @{l="Computername";e={$_.Name}} | ||
+ | |||
+ | Get-PSDrive | ||
+ | |||
+ | CD Alias: | ||
+ | |||
+ | CD HKLM: | ||
+ | |||
+ | CD HKCU: | ||
+ | |||
+ | New-PSDrive -Name AlphaTest -PSProvider FileSystem -Root \\Alpha\Test | ||
+ | |||
+ | New-PSDrive -Name T -PSProvider FileSystem -Root \\Alpha\Test -Persist | ||
+ | |||
+ | The Second New-PSDrive will actually map a drive T:. The Names for this form MUST be single letter. | ||
+ | |||
+ | === Module 5 === | ||
+ | |||
+ | dir c:\windows\system32 | format-wide -auto | ||
+ | |||
+ | dir c:\windows\system32 | format-wide -column 4 | ||
+ | |||
+ | get-service spooler | format-list -Property * | ||
+ | |||
+ | get-service spooler | format-table -Property Name,DisplayName,status -auto | ||
+ | |||
+ | get-service | format-table -Property Name,status,canstop,canshutdown,canpause,DisplayName -auto -wrap | ||
+ | |||
+ | ----- | ||
+ | get-process | Format-Table -Property Name,ID,@{n='VM(MB)';e={$_.VM / 1MB};formatString='N2';align='right'} -AutoSize | ||
+ | ----- | ||
+ | get-service | sort-object status,name | format-table -groupby status | ||
+ | ----- | ||
+ | get-service spooler,winrm,bits -computerName TEM-RELAY-001 | ft MachineName,Status,Name,DisplayName | ||
+ | |||
+ | get-service spooler,winrm,bits -computerName TEM-RELAY-001,TEM-RELAY-047 | Sort MachineName,Status,Name | ft -GroupBy MachineName | ||
+ | ----- | ||
+ | get-service | out-gridview -OutputMode Multiple | ||
+ | |||
+ | get-process | out-gridview -Outputmode multiple | Stop-Process -Force | ||
+ | ----- | ||
+ | Get-ChildItem -Path C:\Windows\*.exe | Sort-Object -Property Length -Descending | Format-Table -Property Name,@{n='Size(KB)';e={$PSItem.Length / 1KB};formatString='N2'} -AutoSize | ||
+ | |||
+ | Get-ChildItem -Path C:\Windows\*.exe | Sort -Property Length -Descending | FT -Property Name,@{n='Size(KB)';e={$_.Length / 1KB};formatString='N2'} -AutoSize | ||
+ | ----- | ||
+ | Get-EventLog -LogName Security -Newest 20 | Select-Object -Property *,@{n='TimeDifference';e={$PSItem.TimeWritten - $PSItem.TimeGenerated}} | Sort-Object -Property TimeDifference -Descending | Format-Table -Property EventID,TimeDifference -AutoSize | ||
+ | |||
+ | Get-EventLog -LogName Security -Newest 20 | Select -Property *,@{n='TimeDifference';e={$_.TimeWritten - $_.TimeGenerated}} | Sort -Property TimeDifference -Descending | FT -Property EventID,TimeDifference -AutoSize | ||
+ | |||
+ | = Comment Based Help = | ||
+ | help about_comment* | ||
+ | |||
+ | Allows comments in the code to become part of the integrated Help system in PowerShell!! | ||
+ | |||
+ | = Functions = | ||
+ | function AddMe ($Num1, Num2) { | ||
+ | $Anwser = $Num1 + Num2 | ||
+ | Write-Host "This is not part of the answer" | ||
+ | Write-Verbose "This is not part of the answer" | ||
+ | Write-Debug "This is not part of the answer" | ||
+ | Return $Answer | ||
+ | } | ||
+ | |||
+ | function AddMe { | ||
+ | Param [ | ||
+ | ($Num1, Num2) | ||
+ | ] | ||
+ | $Anwser = $Num1 + Num2 | ||
+ | Write-Host "This is not part of the answer" | ||
+ | Write-Verbose "This is not part of the answer" | ||
+ | Write-Debug "This is not part of the answer" | ||
+ | Return $Answer | ||
+ | } | ||
+ | |||
+ | |||
+ | = EOF = | ||
+ | [[Category:Training]] | ||
+ | [[Category:Work]] | ||
+ | [[Category:PowerShell]] | ||
+ | [[Category:Scripting]] |
Latest revision as of 01:02, 11 June 2015
Contents
General Information about PowerShell
Books
- Windows PowerShell Pocket Reference (O'Reilly)
- Windows PowerShell 2.0 Administrator's Pocket Consultant
- Windows PowerShell Programming for the Absolute Beginner
- http://www.powershell.com (3rd Party)
- Microsoft ScriptCenter PowerShell
- PowerShell ScriptCenter
Day One Notes
Different versions of PowerShell are available for different OS's. Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows. Newer versions of Powershell work better with Newer versions of Microsoft Windows.
Two versions of the Powershell interface.
- Console
- Basic Command-Line
- Maximum support for PowerShell
- Minimal editing capabilities
- ISE
- Script Editor and Console Combination
- Some PowerShell features not supported
- Rich editing cap
- Third Party hosting apps/Editors
- Variable Features and Pricing
- PowerGUI
help dir -Online
help dir -ShowWindow
The "-WhatIf" option will allow you to "Dry Run" a command that might modify something on the system.
The "-Confirm" option allows for a Y/N query per item for any command that MODIFIES the system.
get-command
get-command | measure-object
get-command | out-gridview
Show-Command Get-ChildItem
The "back tick" character (above the TAB key) is the "Line Continued Below" reference.
help dir `
-ShowWindow
is the same as
help dir -ShowWindow
get-service | sort-object -Property Status | Out-File Service.txt
same as ...
get-service | sort-object -Property Status > C:\Service.txt
get-service | sort-object -Property Status | Out-File Service.txt -Append
same as ...
get-service | sort-object -Property Status >> C:\Service.txt
Objects
get-process | get-member
Get-Member will output the member properties for an Object
get-service | Format-Table *
get-service spooler | Format-list
dir | get-member
get-service | format-table status,name | get-member
Output references the output of the Format-Table object rather than the Get-Service object.
Format-Table/Format-List should usually be the LAST command in a Pipe Line.
get-service | sort-object - property name
get-process | sort Name,ID
get-process | sort VM -Descending (or -desc, abbreviations work for more items as long as they are unique)
notepad;notepad;notepad
WIll open three instances of NotePad.exe
get-process | sort Name,ID | format-list
get-process | measure -property VM
get-process | measure -property VM -Sum -Average -Maximum -Minimum
Select-Object
get-process | ft Name,VM,PM
get-process | format-table Name,VM,PM
Can't sort this by VM now because it's been destroyed by the Format-Table command.
You have to change how you sort.
Get-Process | Select-Object Name,VM,PM | Sort VM -desc
The Select-Object command extracts the Name,VM,PM objects and preserves them for future actions.
get-process | sort vm -desc | select-object name,vm,pm -First 10
Top 10 memory consumers.
Get-Process | Select-Object Name,@{l="VM(MB)";e={$_.vm / 1mb}}
Day Two Notes
Remember that teh Get-Member object will display the Properties for a given object
Get-Date | Get-Member
Display the Help for an object in a seperate Windows.
Help <object> -ShowWindow
The SELECT-OBJECT component will allow you to filter the results returned.
Get-DHCPServerv4Scope -ComputerName LON-DC1 | Select-Object -Property ScopeID,SubnetMask,Name
Filtering Objects
Comparison Operators are not the usual operators (=, >, <, etc) Equal -eq -ceq Inequality -ne -cne Greater than -gt -cgt Less than -lt -lt Like -like (Allows wild cards * or ?)
HELP About_*
HELP about_Comparison_Operators
Where-Object
There are version compatibility issues with Where-Object/Where commands.
WHERE-OBJECT is aliased by WHERE and by ?
PowerShell 3/4 - Cannot handle the complex queries shown below
Get-Service | Where Status -eq Running
PowerShell 3/4 - AKA Advanced Formatted Filter
Get-Service | Where-Object -Filter {$PSItem.Status -eq 'Running'}
PowerShell 2/3/4 - AKA Advanced Formatted Filter Command, works everywhere.
Get-Service | Where-Object -Filter {$_.Status -eq 'Running' -and $_name -like "*win*"}
Object Enumeration in the Pipeline
For Each Enumeration
$MyServices = Get-Services
$MyServices | ForEach-Object Name
Outputs just the Service Names (% and ForEach are Aliases for ForEach-Object)
$MyServices.Name (works in versions greater than v2.0)
These two version present different output. Try them.
$MyServices | ForEach-Object {Write "The service name is:" $_.Name}
$MyServices | ForEach-Object {Write "The service name is: $($_.Name)"}
$MyServices | where {$_.Name -eq "Spooler"}
$MyServices | where {$_.name -eq "Spooker"} | forEach {$_.stop()}
Simplest version of this ...
$MyServices | ? Name -eq Spooler | % -MemberName Stop
Get-ChildItem -Path C:\Example -File | ForEach-Object -MemberType Encrypt
Get-ChildItem C:\Test -File | ForEach-Object {$_.Encrypt()}
get-aduser -Filter *
get-aduser -filter * -SearchBase "cn=Users,dc=Adatum,dc=com"
get-EventLog -LogName Security | where EventID -eq 4624
get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message
get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message | ConvertTo-HTML | Out-File EventReport.html
Get-ChildItem -Path CERT: -recurse
Get-ChildItem -Path CERT: -recurse | Get-Member
Get-ChildItem -Path CERT: -recurse | where HasPrivateKey -eq $False
Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)}
Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)} | Select Issuer,NotBefore,NotAfter
Get-Volume
Get-Volume | Where-Object {$_.SizeRemaining -gt 0}
Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .99 }
Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .1 }
Get-ControlPanelItem
Get-ControlPanelItem -Category 'System and Security'
Did not need to include the Where-Object item
Get-ChildItem -Path CERT: -Recurse
Get-ChildItem -Path CERT: -Recurse | Get-Member
Get-ChildItem -Path CERT: -Recurse | ForEach GetKeyAlgorithm
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | Get-Member
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | ForEach Reboot
1..100
1..100 | ForEach { Get-Random -SetSeed $_ }
Module 3
GM is an Alias for Get-Member!
Module 4
get-adcomputer -Filter * | select @{l="Computername";e={$_.Name}}
Get-PSDrive
CD Alias:
CD HKLM:
CD HKCU:
New-PSDrive -Name AlphaTest -PSProvider FileSystem -Root \\Alpha\Test
New-PSDrive -Name T -PSProvider FileSystem -Root \\Alpha\Test -Persist
The Second New-PSDrive will actually map a drive T:. The Names for this form MUST be single letter.
Module 5
dir c:\windows\system32 | format-wide -auto
dir c:\windows\system32 | format-wide -column 4
get-service spooler | format-list -Property *
get-service spooler | format-table -Property Name,DisplayName,status -auto
get-service | format-table -Property Name,status,canstop,canshutdown,canpause,DisplayName -auto -wrap
get-process | Format-Table -Property Name,ID,@{n='VM(MB)';e={$_.VM / 1MB};formatString='N2';align='right'} -AutoSize
get-service | sort-object status,name | format-table -groupby status
get-service spooler,winrm,bits -computerName TEM-RELAY-001 | ft MachineName,Status,Name,DisplayName
get-service spooler,winrm,bits -computerName TEM-RELAY-001,TEM-RELAY-047 | Sort MachineName,Status,Name | ft -GroupBy MachineName
get-service | out-gridview -OutputMode Multiple
get-process | out-gridview -Outputmode multiple | Stop-Process -Force
Get-ChildItem -Path C:\Windows\*.exe | Sort-Object -Property Length -Descending | Format-Table -Property Name,@{n='Size(KB)';e={$PSItem.Length / 1KB};formatString='N2'} -AutoSize
Get-ChildItem -Path C:\Windows\*.exe | Sort -Property Length -Descending | FT -Property Name,@{n='Size(KB)';e={$_.Length / 1KB};formatString='N2'} -AutoSize
Get-EventLog -LogName Security -Newest 20 | Select-Object -Property *,@{n='TimeDifference';e={$PSItem.TimeWritten - $PSItem.TimeGenerated}} | Sort-Object -Property TimeDifference -Descending | Format-Table -Property EventID,TimeDifference -AutoSize
Get-EventLog -LogName Security -Newest 20 | Select -Property *,@{n='TimeDifference';e={$_.TimeWritten - $_.TimeGenerated}} | Sort -Property TimeDifference -Descending | FT -Property EventID,TimeDifference -AutoSize
Comment Based Help
help about_comment*
Allows comments in the code to become part of the integrated Help system in PowerShell!!
Functions
function AddMe ($Num1, Num2) {
$Anwser = $Num1 + Num2 Write-Host "This is not part of the answer" Write-Verbose "This is not part of the answer" Write-Debug "This is not part of the answer" Return $Answer
}
function AddMe {
Param [ ($Num1, Num2)
]
$Anwser = $Num1 + Num2 Write-Host "This is not part of the answer" Write-Verbose "This is not part of the answer" Write-Debug "This is not part of the answer" Return $Answer
}