Useful_Scripts

< ----------------------------  Microsoft Remote Assistance  ------------------------------------ >
If you have computer-savvy friends, use <a class="shellExecuteLink" href="shortcut:%25systemroot%25\system32\msra.exe" title="Click to open Windows Remote Assistance"><img src="mshelp://help/?id=Microsoft.Windows.Resources.ShellExecuteTopicIcon" helpImage="ShellExecute"><span class="notLocalizable">Windows</span> Remote Assistance</a>
 to let a friend access your computer over the Internet and help you fix a problem. You can watch what they're doing and interact with them while they're helping you.

msra.exe

< ----------------------------  Microsoft Remote Assistance  ------------------------------------ >


< ----------------------------  Microsoft Office 2013 Autocomplete  ------------------------------------ >


%localappdata%\Microsoft\Outlook\RoamCache\Stream_Autocomplete*


< ----------------------------  Microsoft Office 2013 Autocomplete  ------------------------------------ >


winrm invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe";CurrentDirectory="C:\"}


powershell [-noexit] -executionpolicy bypass -File <Filename>


%winternals%\psexec \\HOSTNAME -s powershell Enable-PSRemoting -Force

psexec64 \\HOSTNAME -s powershell Enable-PSRemoting -Force


wmic systemenclosure get ChassisTypes,LockPresent,Manufacturer,Name,SecurityStatus,SerialNumber,SMBIOSAssetTag,Tag /format:list


wmic printer get Caption,Comment,Default,Description,Location,Name,PortName,ServerName,SystemName /format:csv > printers.csv

WMIC PRINTER GET CAPTION,COMMENT,DEFAULT,DEFAULTPRIORITY,DESCRIPTION,DRIVERNAME,INSTALLDATE,NAME,PORTNAME,PRINTERSTATE,PRINTERSTATUS,SHARENAME,SPOOLENABLED,STATUS,SYSTEMNAME /FORMAT:LIST


"c:\PSTools\PsExec.exe" -accepteula \\KACE_HOST_NAME cmd /c IF EXIST "C:\program files (x86)" ("C:\program files (x86)\dell\kace\runkbot.exe" 4 0) ELSE ("C:\program files\dell\kace\runkbot.exe" 4 0)


netsh int ip set address name = "LAN" source = dhcp

netsh advfirewall show privateprofile settings

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes


netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain


NETSH -R HOSTNAME ADVFIREWALL FIREWALL ADD RULE NAME="VHN 11.4 - 25017" DIR=IN ACTION=ALLOW PROGRAM="C:\program files\FourJs\gdc25017\bin\gdc.exe" ENABLE=YES

NETSH -R HOSTNAME ADVFIREWALL FIREWALL ADD RULE NAME="VHN 11.4 - 25017" DIR=IN ACTION=ALLOW PROGRAM="C:\program files\FourJs\gdc25017\bin\gdc.exe" ENABLE=YES PROFILE=DOMAIN


netsh advfirewall firewall show rule dir=in name=all

netsh advfirewall firewall show rule status=enabled name=all


< ---------------------------------------------------------------- Powershell Firewall Command ---------------------------------------------------------------- >


(New-object -comObject HNetCfg.FwPolicy2).rules | where {$_.Name -like '*remote*'} | select Name


< ---------------------------------------------------------------- Powershell Firewall Command ---------------------------------------------------------------- >


<# ----------------------------------------------------------------  [Built In Packet Capture on Win Srv 2008 and above]  ---------------------------------------------------------------- #>


Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl

Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=4096 filemode=single correlation=yes traceFile=E:\trace\NetTrace_10-12-2018_1.etl


netsh trace stop


<# ----------------------------------------------------------------  [Built In Packet Capture on Win Srv 2008 and above]  ---------------------------------------------------------------- #>


			[ Netsh ICMP enable IPV4 & 6 ]

netsh -r HOSTNAME advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

netsh -r HOSTNAME advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=allow

			[ Netsh ICMP enable IPV4 & 6 ]


Command Substitute for Get-NetFirewallRule in Windows 7:
	$(New-object -comObject HNetCfg.FwPolicy2).rules | Format-Table -Property name, protocol, localports


NETSH INTERFACE IP DELETE ARPCACHE
 ARP -D *

IPCONFIG /FLUSHDNS

NBTSTAT -R

NBTSTAT -RR


defrag c: & sleep 300 & defrag c: /X & sleep 300 & shutdown /s /f /c "After Defrag"

%winternals%\psexec \\"HostName_IP" -u "DOMAIN\administrator" -p "Administrator_Password" -s -i wusa "c:\tech\Windows6.1-KB2819745-x64-MultiPkg.msu" /quiet /norestart

dnscmd 10.10.x.x /RecordAdd ZONE.local HOSTNAME /Aging /OpenAcl A 10.0.x.x

wmic datafile where name='C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe' get /format:list

## File HASH  -  certutil -hashfile FILENAME.EXT MD5 {MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512]


MSG USERNAME/* /SERVER:HOSTNAME "HELLO"


##  icacls c:\ /reset /t /c

Timout /T 300 /nobreak

< ------------------------------------------ >

gpresult /Scope User /v

gpresult /Scope computer /v

< ------------------------------------------ >


wmic diskdrive get PNPDeviceID

wmic path CIM_LogicalDevice where "Description like 'USB%'" get /value

PowerShell EQ   gwmi Win32_USBControllerDevice |fl Antecedent,Dependent
		gwmi Win32_USBControllerDevice |%{[wmi]($_.Dependent)} | Sort Description,DeviceID | ft Description,DeviceID -auto


< ------------------     Windows 10 - Remote Registry Disabled by default     ------------------ >


sc \\HOSTNAME config remoteregistry start= demand

sc \\HOSTNAME start remoteregistry

reg query "\\HOSTNAME\HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection"

sc \\HOSTNAME stop remoteregistry

sc \\HOSTNAME config remoteregistry start= disabled


< ------------------     Windows 10 - Remote Registry Disabled by default     ------------------ >


                     ---=== Change Computer Description Remotely ===---

sc \\HOSTNAME query remoteregistry

sc \\HOSTNAME start remoteregistry

reg query "\\HOSTNAME\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"

reg add "\\HOSTNAME\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v srvcomment /t REG_SZ /d "Computer Description Text" /f

sc \\HOSTNAME stop remoteregistry


< --------------------------------------------------------------------------  [Change Description of Remote Machine]  -------------------------------------------------------------------------- >

Invoke-Command -ComputerName HOSTNAME -ScriptBlock {$OSWMI=Get-WmiObject -class Win32_OperatingSystem;$OSWMI.Description=$args[0];$OSWMI.put() } -ArgumentList("DESCRIPTION")


Set-WmiInstance -Path "\\HOSTNAME\root\cimv2:Win32_OperatingSystem=@" -Arguments @{description="Description Here"}


< --------------------------------------------------------------------------  [Change Description of Remote Machine]  -------------------------------------------------------------------------- >


< --------------------------------------------------------------------------  [Original Script]  -------------------------------------------------------------------------- >

########################################################################################
##
## https://www.alexandreviot.net/2015/05/03/powershell-change-computer-description/
##
########################################################################################

$myDescription="My Server"
Invoke-Command -ComputerName $lServerName -ScriptBlock {$OSWMI=Get-WmiObject -class Win32_OperatingSystem;$OSWMI.Description=$args[0];$OSWMI.put() } -ArgumentList($myDescription)

< --------------------------------------------------------------------------  [Original Script]  -------------------------------------------------------------------------- >


                     ---=== Change Computer Description Remotely ===---


reg query \\HOSTNAME\HKLM\software\wow6432node\Microsoft\Windows\currentversion\Uninstall /f "gdc*" /s
reg query \\HOSTNAME\HKLM\software\Microsoft\Windows\currentversion\Uninstall /f "gdc*" /s


<   ----------------------------------- [ Computer Description ] ------------------------------------------------------------------------------------ >

reg query \\[HOSTNAME/IP]\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters /f srvcomment


wmic /node:[HOSTNAME/IP] os set Description="Descriptive Text Here"


REG ADD "\\[HOSTNAME/IP]\HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters /v srvcomment /t REG_SZ /d "your description here" /f


<   ----------------------------------- [ Computer Description ] ------------------------------------------------------------------------------------ >


###########################  UltraVNC Install & Start Service #########################################################################


sc \\REMOTE_HOST query uvnc_service

sc \\REMOTE_HOST start uvnc_service

sc \\REMOTE_HOST query state= all | find /I "vnc"

sc \\REMOTE_HOST start remoteregistry


%winternals%\psexec \\REMOTE_HOST "c:\Program Files\UltraVNC\winvnc.exe" -install

%winternals%\psexec \\REMOTE_HOST "c:\Program Files\UltraVNC\winvnc.exe" -startservice


Invoke-Command -ComputerName REMOTE_HOST -ScriptBlock {& cmd /c "c:\Program files\ultravnc\winvnc.exe" -install}

Invoke-Command -ComputerName REMOTE_HOST -ScriptBlock {& cmd /c "c:\Program files\ultravnc\winvnc.exe" -startservice}


sc \\REMOTE_HOST query uvnc_service


###########################  UltraVNC Install & Start Service #########################################################################


"Set-NetFirewallRule -DisplayName “File and Printer Sharing (Echo Request – ICMPv4-In)” -enabled True"


< ----------------------------------------------  External/Public IP Address  ---------------------------------------------- >


Invoke-RestMethod http://ipinfo.io/json | Select -exp ip


(Invoke-RestMethod http://ipinfo.io/json).ip

(Invoke-RestMethod http://ipinfo.io/json).hostname

(Invoke-RestMethod http://ipinfo.io/json).city

(Invoke-RestMethod http://ipinfo.io/json).region

(Invoke-RestMethod http://ipinfo.io/json).country

(Invoke-RestMethod http://ipinfo.io/json).loc

(Invoke-RestMethod http://ipinfo.io/json).org


(Invoke-WebRequest http://ipinfo.io/ip).Content.Trim()


Invoke-RestMethod ipecho.net/plain


Invoke-WebRequest http://ifconfig.me/ip


invoke-restmethod https://api.ipify.org?format=json | select -exp ip

(Invoke-WebRequest IPv4.Icanhazip.com).Content


(Invoke-WebRequest "http://checkip.dyndns.com").ParsedHTML.body.innerHtml


icm -ComputerName HOSTNAME -ScriptBlock {Invoke-RestMethod http://ipinfo.io/json | Select -exp ip}

Invoke-Command -ComputerName HOSTNAME -ScriptBlock {Invoke-RestMethod http://ipinfo.io/json | Select -exp ip}


(new-object System.Net.WebClient).DownloadString("http://myexternalip.com/raw")

(Invoke-WebRequest -URI http://myexternalip.com/raw).content

(Invoke-WebRequest -URI http://myip.dnsomatic.com/).content


curl ifcfg.me
nslookup . ifcfg.me
telnet ifcfg.me
ftp ifcfg.me
finger @ifcfg.me


Invoke-WebRequest -Uri https://www.hackthebox.eu/api/invite/generate  -Method POST


%winternals%\psexec \\HOSTNAME nslookup myip.opendns.com. resolver1.opendns.com


dig +short myip.opendns.com @resolver1.opendns.com


< ----------------------------------------------  External/Public IP Address  ---------------------------------------------- >


Get-WmiObject -Class "Win32_NetworkAdapterConfiguration" -ComputerName 127.0.0.1 -Filter "IpEnabled = TRUE" | foreach { write-host $_.IpAddress[0]}


(Get-WmiObject Win32_NetworkAdapterConfiguration | where { (($_.IPEnabled -ne $null) -and ($_.DefaultIPGateway -ne $null)) } | select IPAddress -First 1).IPAddress[0]


Get-WmiObject Win32_NetworkAdapterConfiguration

(Get-WmiObject Win32_NetworkAdapterConfiguration -EA).IpAddress[0]

(Get-WmiObject Win32_NetworkAdapterConfiguration).IpAddress[0]

(Get-WmiObject Win32_NetworkAdapterConfiguration).IpAddress[0]

(Get-WmiObject Win32_NetworkAdapterConfiguration).IpAddress

(Get-WmiObject Win32_NetworkAdapterConfiguration).IpAddress[1]

(Get-WmiObject Win32_NetworkAdapterConfiguration).IpAddress[0]

(Get-WmiObject Win32_NetworkAdapterConfiguration).IPSubnet

(Get-WmiObject Win32_NetworkAdapterConfiguration).DefaultIPGateway

(Get-WmiObject Win32_NetworkAdapterConfiguration).DNSServerSearchOrder

(Get-WmiObject Win32_NetworkAdapterConfiguration).DHCPEnables

(Get-WmiObject Win32_NetworkAdapterConfiguration).DHCPEnabled

(Get-WmiObject Win32_NetworkAdapterConfiguration).DHCPEnabled[0]

Get-WmiObject -Class Win32_Networkadapterconfiguration | ? {$_.IPEnabled -eq $true }

Get-WmiObject -Class Win32_Networkadapterconfiguration | ? {$_.DHCPEnabled -eq $true }

Get-WmiObject -Class Win32_Networkadapterconfiguration | ? {$_.IPEnabled -eq $true } ? {$_.DHCPEnabled -eq $true }

Get-WmiObject -Class Win32_Networkadapterconfiguration | ? {$_.IPEnabled -eq $true } | ? {$_.DHCPEnabled -eq $true }

Get-WmiObject -Class Win32_IP4RouteTable -ComputerName HOSTNAME | select destination,mask,nexthop, metric1

Get-WmiObject -namespace root\wmi –class MSStorageDriver_FailurePredictStatus -ErrorAction Silentlycontinue |  Select InstanceName, PredictFailure, Reason | Format-Table –Autosize


<  ##############################################################################  Powershell Basic Commands  ############################################################################## >

<  ########################################################################################### >
<  ##############################                               ############################## >
<  ############################## Set IP Address, Gateway, DNS  ############################## >
<  ##############################                               ############################## >
<  ########################################################################################### >

New-NetIPAddress -InterfaceAlias Ethernet -IPAddress 172.16.0.20 -PrefixLength 24 -DefaultGateway 172.16.0.1

Set-DNSClientServerAddress -InterfaceAlias "Ethernet" -ServerAddress 172.16.0.10


Test-NetConnection 8.8.8.8
Test-NetConnection www.bing.com -traceroute
Test-NetConnection smtp.com -Port 25
Test-NetConnection www.bing.com -Port 80


Restart-Service

Get-service | Out-GridService

Rename-Computer COMPUTERNAME01

Restart-Computer

Shutdown-Computer

Add-Computer -DomainName Domain.Name

Install-WindowsFeature -IncludeAllSubFeatures -INcludeManagementTools File-Services

Install-WindowsFeature Net-Framework-Core -source d:\sources\sxs

Test-ComputerSecureChannel -Credential Domain\Admin -Repair

Set-NetFirewallProfile -Profile domain,public,private -Enabled {False | True}


<  ##############################################################################  Powershell Basic Commands  ############################################################################## >


<  --------------------------------------------------------------------------  Simple List of Shared Folders  --------------------------------------------------------------------------  >
<  ##
<  ## https://superuser.com/questions/769679/powershell-get-list-of-folders-shared
<  ##
<  ## ----------------------------------------------------------------------------  >

(net view \\HOSTNAME) | % { if($_.IndexOf(' Disk ') -gt 0){ $_.Split('  ')[0] } }


$Servers = ( Get-ADComputer -Filter { DNSHostName -Like '*' }  | Select -Expand Name )
foreach ($Server in $Servers)
{
    (net view $Server) | % { if($_.IndexOf(' Disk ') -gt 0){ $_.Split('      ')[0] } } | out-file C:\file_shares\$Server.txt
}

<  --------------------------------------------------------------------------  Simple List of Shared Folders  --------------------------------------------------------------------------  >


([WMI]'').ConvertToDateTime((Get-WmiObject Win32_OperatingSystem).InstallDate)

([WMI]'').ConvertToDateTime((Get-WmiObject Win32_OperatingSystem -ComputerName HOSTNAME).InstallDate)

[timezone]::CurrentTimeZone.ToLocalTime(([datetime]'1/1/1970').AddSeconds($(get-itemproperty 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion').InstallDate))


< ----------------------------------------- [AD Computer LastLogon Conversion] ----------------------------------------- >

w32tm /ntte 131625959999922000

         [Excel]

=IF(P15>0,P15/(8.64*10^11) - 109205,"")

=((P15/10000000/3600/24)-109205)-0.166673

         [Excel]

< ----------------------------------------- [AD Computer LastLogon Conversion] ----------------------------------------- >

gwmi win32_systemenclosure | select PSComputerName,ChassisTypes,LockPresent,Manufacturer,Name,SecurityStatus,SerialNumber,SMBIOSAssetTag,Tag

GWMI WIN32_NETWORKADAPTERCONFIGURATION -COMPUTER HOSTNAME | SELECT Description,MACAddress,IPAddress

gwmi win32_physicalmemoryarray | select PSComputerName,Caption,MaxCapacity,Tag

gwmi win32_physicalmemory | select PSComputerName,Capacity,Caption,Description,DeviceLocator,FormFactor,Manufacturer,Name,OtherIdentifyingInfo,PartNumber,PositionInRow,SerialNumber,SKU,Speed,Tag,TotalWidth,TypeDetail

gwmi win32_networkadapterconfiguration -ComputerName HOSTNAME | select PSComputername,Index,Description,DHCPEnabled,DNSDomain,DNSDomainSuffixSearchOrder,DNSHostName,DNSServerSearchOrder,FullDNSRegistrationEnabled,IPAddress,IPEnabled,Caption,DefaultIPGateway,IPSubnet,MACAddress,ServiceName | where {$_.Index -eq '1'}

gwmi win32_networkadapterconfiguration -ComputerName HOSTNAME | select * | where {$_.Index -eq '1'}


(Get-WMIObject -class Win32_PhysicalMemory -ComputerName SERVER | Measure-Object -Property capacity -Sum | % {[Math]::Round(($_.sum / 1GB),2)})


Get-ADComputer -filter {Name -like '*08'} | Foreach-Object {[math]::Round((Get-WmiObject -Class Win32_ComputerSystem).TotalPhysicalMemory/1GB)} | Format-Table -property * -AutoSize


Get-ADComputer -filter {Name -like '*08'} | Foreach-Object {Get-WmiObject -Class Win32_ComputerSystem -ErrorAction SilentlyContinue -ComputerName $_.Name | Select-Object PSComputerName, @{Name="Memory"; Expression={[math]::Round($_.TotalPhysicalMemory/1GB)}}}

Get-ADComputer -filter {Name -like '*08'} | Foreach-Object {Get-WmiObject -Class Win32_ComputerSystem -ErrorAction SilentlyContinue -ComputerName $_.Name | Select-Object PSComputerName,Manufacturer,Model, @{Name="Memory"; Expression={[math]::Round($_.TotalPhysicalMemory/1GB)}}}


Get-ADComputer -filter {Name -like '*ComputerName*'} | Foreach-Object {Get-WmiObject -ErrorAction SilentlyContinue -Class Win32_ComputerSystem -ComputerName $_.Name}

Get-ADComputer -filter {Name -like '*ComputerName*'} | Foreach-Object {Get-WmiObject -ErrorAction SilentlyContinue -Class Win32_ComputerSystem -ComputerName $_.Name | Select-Object *} | Format-Table -Property * -AutoSize | Out-String -Width 4096

Get-ADComputer -filter {Name -like '*ComputerName*'} | Foreach-Object {Get-WmiObject -ErrorAction SilentlyContinue -Class Win32_ComputerSystem -ComputerName $_.Name | Select-Object PSComputerName,Status,Name,BootROMSupported,BootStatus,Caption,CurrentTimeZone,DaylightInEffect,mDNSHostNamem,Domain,DomainRole,EnableDaylightSavingsTime,HypervisorPresent,InstallDate,LastLoadInfo,Manufacturer,Model,NumberOfLogicalProcessors,NumberOfProcessors,PartOfDomain,PauseAfterReset,PrimaryOwnerContact,PrimaryOwnerName,Roles,SystemFamily,SystemSKUNumber,SystemType,TotalPhysicalMemory,UserName} | Format-List -Property * | Out-String -Width 4096

Get-ADComputer -filter {Name -like '*ComputerName*'} | Foreach-Object {Get-WmiObject -ErrorAction SilentlyContinue -Class Win32_ComputerSystem -ComputerName $_.Name | Select-Object PSComputerName,Status,Name,BootROMSupported,BootStatus,Caption,CurrentTimeZone,DaylightInEffect,mDNSHostNamem,Domain,DomainRole,EnableDaylightSavingsTime,HypervisorPresent,InstallDate,LastLoadInfo,Manufacturer,Model,NumberOfLogicalProcessors,NumberOfProcessors,PartOfDomain,PauseAfterReset,PrimaryOwnerContact,PrimaryOwnerName,Roles,SystemFamily,SystemSKUNumber,SystemType,TotalPhysicalMemory,UserName} | ConvertTo-Csv -UseCulture

Get-ADComputer -filter * -SearchBase "OU=ORG_UNIT_1,DC=DOMAIN,DC=local" | Foreach-Object {Test-Connection -ErrorAction SilentlyContinue -ComputerName $_.Name}


gwmi win32_diskdrive | select PSComputerName,Status,DeviceID,Partitions,BytesPerSector,InstallDate,InterfaceType,SectorsPerTrack,Size,TotalCylinders,TotalHeads,TotalSectors,TotalTracks,TracksPerCylinder,Capabilities,CapabilityDescriptions,Caption,Description,FirmwareRevision,Manufacturer,MediaLoaded,MediaType,Model,Name,PNPDeviceID,SerialNumber,Signature,SystemName

gwmi -ComputerName HOSTNAME WIN32_COMPUTERSYSTEM | SELECT PSComputerName,PowerSupplyState,PowerState,Name,BootROMSupported,Caption,DaylightInEffect,DNSHostName,Domain,HypervisorPresent,InstallDate,Manufacturer,Model,SystemType,TotalPhysicalMemory,Username

Get-ADComputer -filter * | Foreach-Object {Get-WmiObject -Class Win32_BIOS -ComputerName $_.Name -erroraction silentlycontinue | Select-Object PSComputerName, Serialnumber | FT * -AutoSize}


cat "C:\Test\Filename.txt" | where {$_.Contains("Error")} | Write-Host -ForegroundColor Red

cat "C:\Test\Filename.txt" | where {$_.Contains("Information")} | Write-Host -ForegroundColor Yellow

Get-Content 'C:\Test\Filename.txt' | ? { $_ -match "Error" -and $_ -match "PM"} | Write-Host -ForegroundColor Yellow


(Get-ADDomain).PDCEmulator


Get-ADUser -filter * -SearchBase "OU=ORG_UNIT_1,DC=DOMAIN,DC=local" -Properties MemberOf

(Get-ADUser -filter * -SearchBase "OU=ORG_UNIT_1,DC=DOMAIN,DC=local" -Properties MemberOf).memberof

Get-ADUser -filter * -SearchBase "OU=ORG_UNIT_1,DC=DOMAIN,DC=local" -Properties MemberOf

Get-ADUser -filter * -SearchBase "OU=ORG_UNIT_1,DC=DOMAIN,DC=local" -Properties *

Get-ADUser -filter * -SearchBase "OU=CONTOSO,DC=DOMAIN,DC=local" -Properties DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion

Get-ADUser -filter * -SearchBase "OU=ORG_UNIT_1,DC=DOMAIN,DC=local" -Properties * | select DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion

Get-ADUser -filter * -SearchBase "DC=DOMAIN,DC=local" -Properties * | select DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion

Get-ADUser -filter * -SearchBase "DC=DOMAIN,DC=local" -Properties * | select DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion | where { $_.DisplayName -like 'Connie*'} | Format-Table -AutoSize *

Get-ADUser -filter * -SearchBase "DC=DOMAIN,DC=local" -Properties * | select DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion | where { $_.DisplayName -like '*WIC*'} | Format-Table -AutoSize *

Get-ADUser -filter * -SearchBase "DC=DOMAIN,DC=local" -Properties * | select DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion | where { $_.DisplayName -like '*WIC'} | Format-Table -AutoSize *

Get-ADUser -filter * -SearchBase "DC=DOMAIN,DC=local" -Properties * | select DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion | where { $_.DisplayName -like 'Scott'} | Format-Table -AutoSize *

Get-ADUser -filter * -SearchBase "DC=DOMAIN,DC=local" -Properties * | select DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion | where { $_.DisplayName -like 'Scott*'} | Format-Table -AutoSize *

Get-ADUser -filter * -SearchBase "DC=DOMAIN,DC=local" -Properties * | select DisplayName,Enabled,Lockedout,ProtectedFromAccidentalDeletion | where { $_.DisplayName -like '*Bo*'} | Format-Table -AutoSize *

Get-ADUser -filter * -SearchBase "DC=DOMAIN,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,PasswordExpired,ProtectedFromAccidentalDeletion | where { $_.SamAccountName -like 'Username'}

Get-ADUser -filter * -SearchBase "DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion | where { $_.DisplayName -like 'Name*'}

Get-ADUser -filter * -SearchBase "DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion | where { $_.SamAccountName -eq 'Username'}

Get-ADUser -filter * -SearchBase "DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,PasswordExpired,ProtectedFromAccidentalDeletion | where { $_.SamAccountName -like 'Username'}

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion,Company,Department,Name,Title

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion,Company,Department,Name

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion,Company,Department,Name | where {$_.Enabled -eq 'True'}

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion,Company,Department,Name | where {$_.Enabled -eq 'True'}

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion,Company,Department,Name,OfficePhone | where {$_.Enabled -eq 'True'}

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | select DisplayName,SamAccountName,Title,Enabled,Lockedout,ProtectedFromAccidentalDeletion,Company,Department,Name,OfficePhone | where {$_.Enabled -eq 'True'} | where {$_.SamAccountName -eq 'Username'}

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | where {$_.Enabled -eq 'True'} | where {$_.SamAccountName -eq 'Username'}

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | where {$_.Enabled -eq 'True'} | where {$_.SamAccountName -eq 'Username'} | Set-ADUser -PasswordNeverExpires:$True

Get-ADUser -Filter {(ObjectClass -eq "user")} -SearchBase "OU=Offices,DC=Contoso,DC=com" | Set-ADUser -PasswordNeverExpires:$FALSE

Get-ADUser -filter * -SearchBase "OU=ITDept,OU=DO/DEPARTMENT,DC=CONTOSO,DC=local" -Properties * | where {$_.Enabled -eq 'True'} | where {$_.SamAccountName -eq 'Username'}

Get-ADUser -filter * -SearchBase "DC=CONTOSO,DC=local" -Properties * | where {$_.Enabled -eq 'True'} | where {$_.SamAccountName -eq 'Username'}

Get-ADUser -filter * -SearchBase "DC=CONTOSO,DC=local" -Properties * | where {$_.SamAccountName -eq 'Username'}

Get-ADUser -filter * -SearchBase "DC=CONTOSO,DC=local" -Properties * | where {($_.PasswordNeverExpires -eq 'True') -or ($_.CannotChangePassword -eq 'True') -and ($_.DisplayName -notlike '*Terminated*') -and ($_.Description -notlike '*terminated*')} | select DisplayName,SamAccountName,Title,Description,Enabled,Lockedout,PasswordNeverExpires,CannotChangePassword | ConvertTo-Csv | Filename.csv

Get-AdUser -Filter 'PasswordNeverExpires -eq $false' -SearchBase "OU=users,DC=domain,DC=com" -Properties Name, Manager, Title, AccountExpirationDate, LastLogonDate | Select-Object Name, SamAccountName, Manager, Title, AccountExpirationDate, LastLogonDate | Export-CSV c:\Test\Testusers_expirationdate.csv -NoTypeInformation

Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpire

Get-ADUser -filter {name -like 'Administrator'} -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpire

Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:\yaniv.csv

Get-ADUser -Filter * -SearchBase "DC=CONTOSO,DC=local" -ResultPageSize 0 -Property CN, Description, LastLogonTimestamp | Select-Object -Property CN, Description, @{ n = "LastLogonDate"; e = { [datetime]::FromFileTime( $_.lastLogonTimestamp ) } } | Sort-Object -Property CN, Description, LastLogonDate | Export-CSV -NoTypeInformation "C:\test\lastlogon.csv"

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | out-gridview

Get-ADUser Username -Properties * | Select Name,Enabled,PasswordExpired,PasswordNeverExpires,SamAccountName,Title,Description,EmailAddress,OfficePhpone,TelephoneNumber,Department,Company,City,State


get-adcomputer -filter {operatingsystem -like "*2008*" -or operatingsystem -like "*2012*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -like "*2003*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -like "*server*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -like "*2003*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -like "*2008*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -like "*2012*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -ne "*Windows Server*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -ne "*Windows Server*"} -Properties Description | Select Description,Enabled,Name,ObjectClass

get-adcomputer -filter {operatingsystem -ne "*Windows Server*" -and Enabled -eq "False"} -Properties Description | Select Description,Enabled,Name,ObjectClass

get-adcomputer -filter {operatingsystem -ne "*Windows*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -like "*Windows XP*"} -Properties operatingsystem | Select Name,OperatingSystem

get-adcomputer -filter {operatingsystem -like "*2008*" -or operatingsystem -like "*2012*"} -Properties BadLogonCount,badPwdCount,CanonicalName,Created,Description,DNSHostName,Enabled,IPv4Address,isDeleted,LastBadPasswordAttempt,LastLogonDate,LockedOut,LogonCount,Name,ObjectClass,OperatingSystem,OperatingSystemHotFix,OperatingSystemServicePack,OperatingSystemVersion,ProtectedFromAccidentalDeletion

get-adcomputer -filter {operatingsystem -like "*2008*" -or operatingsystem -like "*2012*"} -Properties BadLogonCount,badPwdCount,CanonicalName,Created,Description,DNSHostName,Enabled,IPv4Address,isDeleted,LastBadPasswordAttempt,LastLogonDate,LockedOut,LogonCount,Name,ObjectClass,OperatingSystem,OperatingSystemHotFix,OperatingSystemServicePack,OperatingSystemVersion,ProtectedFromAccidentalDeletion | ConvertTo-Csv > FileName.csv

Get-ADComputer -Filter 'Name -like "HOSTNAME"' -Properties * | Select CannotChangePassword,BadPwdCount,CanonicalName,CN,Created,Deleted,Description,DisplayName,DistinguishedName,DNSHostName,Enabled,IPv4Address,IPv6Address,isCriticalSystemObject,isDeleted,lastLogoff,lastLogon,LockedOut,logonCount,Name,OperatingSystem,OperatingSystemHotfix,OperatingSystemServicePack,OperatingSystemVersion,ProtectedFromAccidentalDeletion | ConvertTo-Csv

Get-ADComputer -Filter {Name -like "HOSTNAME" -or Name -like "HOSTNAME2"} -Properties * | Select Name,DNSHostName,CanonicalName,DistinguishedName,CannotChangePassword,BadPwdCount,CN,Created,Deleted,Description,DisplayName,Enabled,IPv4Address,IPv6Address,isCriticalSystemObject,isDeleted,lastLogoff,lastLogon,LockedOut,logonCount,OperatingSystem,OperatingSystemHotfix,OperatingSystemServicePack,OperatingSystemVersion,ProtectedFromAccidentalDeletion | ConvertTo-Csv

get-adcomputer -filter {Description -like "*ENTRY*"} -Properties * | Select Name,Description,OperatingSystem,OperatingSystemVersion,Created,LastLogonDate,Modified,whenChanged | FL


Get-ADComputer -Filter * -Properties Name,OperatingSystem ,lastlogontimestamp | Select Name,OperatingSystem ,@{N='lastlogontimestamp'; E={[DateTime]::FromFileTime($_.lastlogontimestamp)}}


Get-ADComputer -Filter {operatingsystem -like "*windows 7*"} -Properties * | Select CanonicalName,CN,Created,Deleted,Description,DisplayName,DNSHostName,Enabled,IPv4Address,isDeleted,LockedOut,Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion,ProtectedFromAccidentalDeletion | ConvertTo-Csv -UseCulture > WIn-7_AD_PCs_6-28-2017_1.csv


Get-ADComputer -Filter * -Properties ipv4Address, OperatingSystem | Format-List Name, ipv4*, oper* > c:\users\username\desktop\computers.txt

	Found on Spiceworks: https://community.spiceworks.com/topic/2081162-powershell-script-to-get-computer-name-ip-last-logon-and-name-of-last-logon?utm_source=copy_paste&utm_campaign=growth


Search-ADAccount -Accountinactive -TimeSpan 60 -Usersonly | Select name,lastlogondate


<# ----------------------------------------------------------------------------  Ping color coded UP/Down for IPs pulled from GET-ADComputer ------------------------------------------- #>


Get-ADComputer -Filter {Name -like '*HOSTNAMES*'} | ForEach {

    If (Test-Connection -ComputerName $_.Name -Count 1 -Quiet) {

        Write-Host "$($_.Name) is up" -ForegroundColor Green

    } Else {

        Write-Host "$($_.Name) is down" -ForegroundColor Red

    }

}

<# ----------------------------------------------------------------------------  Ping color coded UP/Down for IPs pulled from GET-ADComputer ------------------------------------------- #>

##
## https://social.technet.microsoft.com/Forums/lync/en-US/737b2322-e51c-48a4-9cfe-63ebef9d120a/getadcomputer-to-query-organizational-unit-for-active-computers?forum=winserverpowershell
##

<# ----------------------------------------------------------------------------  CSV Export of IPs pulled from GET-ADComputer to Test-Connection ------------------------------------------- #>


Get-ADComputer -Filter {Name -like '154*'} | ForEach {

    $computerName = $_.Name

    $props = @{
        ComputerName = $computerName
        Status = ''
    }

    If (Test-Connection -ComputerName $computerName -Count 1 -Quiet) {

        $props.Status = 'UP'

    } Else {

        $props.Status = 'DOWN'

    }

    New-Object PsObject -Property $props

} | Select ComputerName,Status | Export-Csv .\pingResults.csv -NoTypeInformation


<# ----------------------------------------------------------------------------  CSV Export of IPs pulled from GET-ADComputer to Test-Connection ------------------------------------------- #>


Get-GPO -All | Sort-Object displayname | Where-Object { If ( $_ | Get-GPOReport -ReportType XML | Select-String -NotMatch "<LinksTo>" ) {$_.DisplayName } }


< --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >
## https://social.technet.microsoft.com/Forums/en-US/ff2f5ca5-91d7-43d7-9f45-e9d758dc1257/how-to-filter-multiple-conditions-with-getadcomputer?forum=winserverpowershell
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

$DaysInactive = 30
$time = (Get-Date).Adddays(-($DaysInactive))

Get-ADComputer
-Filter {(Enabled -eq $TRUE -and LastLogonTimeStamp -gt $time)}
-Property *
| ? OperatingSystem -NotLike "*Server*"
|

< --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >


Invoke-CimMethod -InputObject (Get-CimInstance Win32_Process -Filter "name = 'notepad.exe'") -MethodName GetOwner


Get-WmiObject win32_process -Filter "Name='PowerShell.exe'" | fl Caption,Name,ProcessName,Handles,CommandLine,CSName,Description,OSName,WindowsVersion,Priority,ProcessID,ThreadCount


Get-WmiObject  Win32_UserProfile | select LocalPath, SID,@{LABEL="last used";EXPRESSION={$_.ConvertToDateTime($_.lastusetime)}}| ft


get-ciminstance win32_userprofile | ? lastusetime | select lastusetime, localpath,@{LABEL='user';EXPRESSION={(gwmi win32_useraccount -filter "SID = '$($_.sid)'").caption}}

gwmi -NS root\cimv2\power -Class win32_PowerPlan | select ElementName, IsActive | ft -a


-------------------------------------------------------------------------------------------------

$ServicePID = (get-wmiobject win32_service | where { $_.name -eq 'service name'}).processID

	Stop-Process $ServicePID -Force

     <  -----------------------------------------------------------------------------  >

gci | % name


	But it's important to remember that PS isn't all about speed, but functionality.

Powershell
gci | ? LastWriteTime -lt (Get-Date).AddDays(-15) | % Name


-------------------------------------------------------------------------------------------------


[ Rename Files ]

Get-ChildItem -Filter "*.wav" -Recurse | Rename-Item -NewName {$_.name -replace 'wav','flac' } -whatif


get-childitem -path "hklm:\software\microsoft\windows\currentversion\uninstall" | Get-ItemProperty | ? {$_.DisplayName -like "paint.net"}

gci -path "hklm:\software\microsoft\windows\currentversion\uninstall" | Get-ItemProperty | ? {$_.DisplayName -like "paint.net"}

get-childitem -path "hklm:\software\microsoft\windows\currentversion\uninstall" | Get-ItemProperty | Where-Objectd {$_.DisplayName -like "paint.net"}


Get-ChildItem "hklm:\software\microsoft\windows\currentversion\uninstall" | ForEach-Object {Get-ItemProperty $_.pspath} | where-object {$_.DisplayName} | Foreach-Object {$_.DisplayName}

Get-ChildItem "hklm:\software\microsoft\windows\currentversion\uninstall" | ForEach-Object {Get-ItemProperty $_.pspath} | Foreach-Object {$_.DisplayName}


$files = Get-ChildItem -Path C:\Temp
foreach ($file in $files)
 {
	 $newFileName=$file.Name.Replace("c11","c12")
 	 Rename-Item $file $newFileName
 }

[ Rename Files ]


Get-WmiObject Win32_MappedLogicalDisk -computer <computername> | select name, providername  (Mapped Drive)


Test-Connection -count 1 -computer (Get-Content names.txt) | ForEach { # do something with $_.Address }_

1..254 | ForEach-Object {Test-Connection -ComputerName "192.168.0.$_" -Count 1 -ErrorAction SilentlyContinue}

Test-Connection -Count ([Int32]::MaxValue) outlook.office365.com

Test-Connection -ErrorAction Silentlycontinue -Count ([Int32]::MaxValue) outlook.office365.com


< ---###########################################################################################################--- >


while ($true)
{
    "$(Get-Date);$(Test-Connection -ComputerName outlook.office365.com -Quiet)"
}


while ($true)
{
    "$(Get-Date);$(Test-Connection -ComputerName outlook.office365.com)"
}


while ($true){"$(Get-Date);$(Test-Connection -ComputerName outlook.office365.com)"}


< ---###########################################################################################################--- >


< ################################### Compare Folder Hashes ################################### >

$LeftFolder = "C:\Users\Username\Downloads\Dell\Skylake\Win7_x64_Dell_OEM"
$RightFolder = "E:\Scott\ISO\Win7_x64_Dell_OEM"
$LeftSideHash = Get-ChildItem $LeftFolder -Recurse | Get-FileHash | select @{Label="Path";Expression={$_.Path.Replace($LeftFolder,"")}},Hash
$RightSideHash = Get-ChildItem $RightFolder -Recurse | Get-FileHash | select @{Label="Path";Expression={$_.Path.Replace($RightFolder,"")}},Hash
Compare-Object $LeftSideHash $RightSideHash -Property Path,Hash

< ################################### Compare Folder Hashes ################################### >


Get-Service | select *

Get-Service -Name 'PRTG*' | select *

Get-Service | select Name,Status,RequiredServices,StartType

Get-Service -Name 'PRTG*' | select Name,Status,RequiredServices,StartType

get-service -ComputerName HOSTNAME winrm -requiredServices

get-service -name winrm -computername localhost, Server01, Server02 | format-table -property MachineName, Status, Name, DisplayName -auto

get-service s* | sort-object status -descending

get-service | where-object {$_.DependentServices} | format-list -property Name, DependentServices, @{Label="NoOfDependentServices"; Expression={$_.dependentservices.count}}

get-service -ComputerName HOSTNAME | where-object {$_.Status -eq "Running"}

get-service -ComputerName HOSTNAME | where {$_.Name -like "Mps*"}

get-Service -Name mpssvc -ComputerName HOSTNAME | start-service

set-service -name lanmanworkstation -DisplayName "LanMan Workstation"

Get-Service
New-Service

Restart-Service

Get-Service -Name "net*" | Where-Object {$_.Status -eq "Stopped"} | Restart-Service


Resume-Service
Start-Service
Stop-Service
Suspend-Service


(Get-WmiObject -Class Win32_Service -Filter "name='WinRM'" -ComputerName Server01)

(get-wmiobject win32_process -filter "name='ampagent.exe'" -computername hart08)

Get-CimInstance Win32_Service -Filter "name = 'AMPWatchDog'" -ComputerName HOSTNAME | ConvertTo-Csv

Get-CimInstance Win32_Service -Filter "name = 'AMPWatchDog'" | ConvertTo-Csv


Get-Service -name "adws","dns","kdc","netlogon" -ComputerName (Get-ADDomain).ReplicaDirectoryServers | Sort Machinename | Format-Table -group @{Name="Computername";Expression={$_.Machinename.toUpper()}} -Property Name,Displayname,Status


Add-Computer –DomainName mylab.local –Credential (Get-Credential)


Get-ADComputer -filter * -SearchBase "OU=ORG_UNIT_2,OU=ORG_UNIT_1,DC=DOMAIN,DC=local" | Select-Object -expand name

Get-ADGroup -Filter * | Select-Object Name,GroupCategory,GroupScope,DistinguishedName

Get-ADGroup -Filter * | Select-Object Name,DistinguishedName


powershell.exe  -executionpolicy bypass -command "C:\Users\gas\Desktop\Update-Sysinternals.ps1"


dism.exe /online /enable-feature /featurename:NetFX3 /Source:D:\sources\sxs /all

	dism /online /enable-feature /featurename:netfx3 /all /LimitAccess /source:\\share_name\sources\sxs


<#  -------------------------  [Add Telnet CMD Line / PowerShell]  ------------------------- #>


Import-Module servermanager

Add-WindowsFeature telnet-client


dism /online /Enable-Feature /FeatureName:TelnetClient


<#  -------------------------  [Add Telnet CMD Line / PowerShell]  ------------------------- #>


## PowerShell History  -  get-history | Format-Table -Property < *|CommandLine > -AutoSize | Out-String -Width 4096 | clip


< -------------------------------------------  Windows / PowerShell Version ------------------------------------------- >


get-item "C:\Windows\System32\qmgr.dll" | Select-Object -ExpandProperty VersionInfo

[System.Environment]::OSVersion.Version

(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId

[Environment]::OSVersion.Version -ge (new-object 'Version' 6,1)


< -------------------------------------------  Windows / PowerShell Version ------------------------------------------- >


## GET DOT NET VERSION  -  Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name Version -EA 0 | Where { $_.PSChildName -Match '^(?!S)\p{L}'} | Format-Table PSChildName, Version -AutoSize

[System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:\Windows\system32\notepad.exe").FileVersion

Invoke-Command -ComputerName COMPUTERNAME -ScriptBlock {& cmd /c "c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe" -p gooberpea -stop}

Invoke-Command -ComputerName HOSTNAME -ScriptBlock {(Get-ItemProperty 'hklm:software\symantec\Symantec Endpoint Protection\CurrentVersion').ProductVersion}

Invoke-Command -ComputerName HOSTNAME -ScriptBlock {(Get-ItemProperty 'hklm:software\symantec\Symantec Endpoint Protection\CurrentVersion').ProductName}


Invoke-Command -ComputerName HOSTNAME {Get-PSDrive D} | Select-Object PSComputerName,Used,Free | ForEach-Object {$_.free / 1GB}

Invoke-Command -ComputerName HOSTNAME {Get-PSDrive D} | Select-Object PSComputerName,Used,Free | ForEach-Object {$_.used / 1GB}


powershell.exe -nologo -executionpolicy bypass -WindowStyle hidden -noprofile -file "uninstallScript.ps1" "Java"

gwmi win32_product | where-object { $_.name -match "" }

&START /WAIT msiexec `/qn `/x `{$stringer`}

(Get-WmiObject Win32_Process | ?{ $_.ProcessName -match "paintdotnet" }).Terminate()


Get-WmiObject Win32_Service | Where {$_.name -eq "uvnc_serivce"}

Get-WmiObject Win32_Service | Where {$_.name -eq "spooler"}

Get-WmiObject Win32_Service | Where {$_.name -like "*vnc*"}

gwmi win32_service | where {$_.StartMode -ne “Disabled”} | select name,startname | format-list

gwmi win32_service | where {$_.StartMode -ne “Disabled”} | select name,startname | format-Wide

gwmi win32_service | where {$_.StartMode -ne “Disabled”} | select name,startname | format-Table

gwmi win32_service | where {$_.StartMode -ne “Disabled”} | select name,startname | export-csv c:\services.csv

gwmi win32_service | where {$_.StartMode -ne “Disabled”} | select name,startname | convertto-html

gwmi win32_service | where {$_.StartMode -ne “Disabled”} | select name,startname | convertto-html | out-file c:\services.html

(Get-WmiObject Win32_OperatingSystem -ComputerName ).OSArchitecture

(Get-WmiObject Win32_OperatingSystem -ComputerName ).Description

gwmi -ComputerName HOSTNAME Win32_OperatingSystem | Select-Object PSComputerName,CSName,Caption,CSDVersion,Version,ServicePackMajorVersion,ServicePackMinorVersion,OSType,LastBootUpTime,ProductType,Organization,OSArchitecture,EncryptionLevel,BuildNumber,BuildType,Description,InstallDate,RegisteredUser,SerialNumber

(gwmi -ComputerName HOSTNAME Win32_OperatingSystem).caption


gwmi win32_operatingsystem -ComputerName HOSTNAME | select PSComputerName,BuildNumber,Caption,Description,EncryptionLevel,InstallDate,LastBootUpTime,LocalDateTime,OperatingSystemSKU,Organization,OSArchitecture,Version | Export-Csv -Path c:\test\WMI_OS_Property.csv


Get-WmiObject win32_operatingsystem | select csname, @{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}


Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Office\ClickToRun\Configuration


Get-ItemProperty -path "hkcu:\Software\Microsoft\Office\15.0\Outlook\Security"

Get-ItemProperty -path "hkcu:\Software\Microsoft\Office\16.0\Outlook\Security"


(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId

	Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ReleaseId


(gwmi -ComputerName HOSTNAME Win32_OperatingSystem).caption


Get-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\* | Select FriendlyName

Get-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\* | Select FriendlyName,HardwareID

Get-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\* | Select FriendlyName,MFG,Service

ICM -ComputerName HOSTNAME -ScriptBlock {Get-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\* | Select FriendlyName}

ICM -ComputerName HOSTNAME -ScriptBlock {Get-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\* | Select FriendlyName,Service}


(invoke-command -ComputerName mymachine -ScriptBlock {Get-ItemProperty HKLM:\SOFTWARE\VanDyke\VShell\License -Name Version }).version


Get-WmiObject -class Win32_OperatingSystem | Select-Object __SERVER,@{label='Install Date';expression={$_.ConvertToDateTime($_.InstallDate)}}

Get-WmiObject -class Win32_OperatingSystem | Select-Object __SERVER,@{label='Last Restart';expression={$_.ConvertToDateTime($_.LastBootUpTime)}}

Get-WmiObject -class Win32_OperatingSystem | Select-Object __SERVER,@{label='Local Date Time';expression={$_.ConvertToDateTime($_.LocalDateTime)}}


gwmi win32_computersystem -ComputerName HOSTNAME | select PSComputerName,Name,Caption,ChassisSkuNumber,DaylightInEffect,DNSHostName,Domain,DomainRole,HypervisorPresent,Manufacturer,Model,NetworkServerModeEnabled,NumberOfLogicalProcessors,NumberOfProcessors,PartOfDomain,PrimaryOwnerContact,PrimaryOwnerName,SystemFamily,SystemSKUNumber,SystemType,TotalPhysicalMemory,Username


gwmi win32_volume | select PSComputerName,AutoMount,BlockSize,Capacity,Caption,Compressed,DirtyBitSet,FileSystem,FreeSpace,IndexingEnabled,Label,PageFilePresent,QuotasEnabled,SerialNumber,SystemVolume,DriveLetter,DriveType,Name

gwmi win32_volume | select PSComputer,Name,DriveLetter,DriveType,AutoMount,Caption,Index,FreeSpace,PageFilePresent,IndexingEnabled,DirtyBitSet,FileSystem,Compressed,Capacity,BlockSize,BootVolume

gwmi win32_volume -ComputerName HOSTNAME | select DriveLetter,Compressed,FileSystem,SerialNumber,SystemVolume, @{Name="Capacity"; Expression={[math]::Round($_.Capacity/1GB)}},@{Name="FreeSpace"; Expression={[math]::Round($_.FreeSpace/1GB)}} | sort -Property DriveLetter | FT


Get-CimInstance Win32_DiskDrive | Select-Object Model,SerialNumber

< -----------------------  Win 8 +  ------------------------ >

Get-PhysicalDisk | Select-Object FriendlyName,SerialNumber

< -----------------------  Win 8 +  ------------------------ >


(Get-WmiObject Win32_LogicalDisk -ComputerName HOSTNAME -Filter "DeviceID='C:'" | Select-Object Size,FreeSpace).size/1GB

(Get-WmiObject Win32_LogicalDisk -ComputerName HOSTNAME -Filter "DeviceID='C:'" | Select-Object Size,FreeSpace).freespace/1GB


Get-WMIObject Win32_Logicaldisk -filter "deviceid='C:'" -ComputerName HOSTNAME | Select PSComputername,DeviceID,@{Name="SizeGB";Expression={$_.Size/1GB -as [int]}},@{Name="FreeGB";Expression={[math]::Round($_.Freespace/1GB,2)}}


$OS = Get-WMiobject -Class Win32_operatingsystem -ComputerName chi-core01
$OS.SystemDrive

Get-WMIObject Win32_Logicaldisk -filter "deviceid='$($os.systemdrive)'" -ComputerName HOSTNAME | Select PSComputername,DeviceID,@{Name="SizeGB";Expression={$_.Size/1GB -as [int]}},@{Name="FreeGB";Expression={[math]::Round($_.Freespace/1GB,2)}}


Get-WMIObject Win32_Logicaldisk -filter "deviceid='$((Get-WMiobject -Class Win32_operatingsystem).systemdrive)'" -ComputerName HOSTNAME | Select PSComputername,DeviceID,@{Name="SizeGB";Expression={$_.Size/1GB -as [int]}},@{Name="FreeGB";Expression={[math]::Round($_.Freespace/1GB,2)}}


< ---------------------------------------------------------  Last Boot Up Time  --------------------------------------------------------- >


GWMI -class Win32_Share -computer HOSTNAME

	(net view \\enetsqnap01) | % { if($_.IndexOf(' Disk ') -gt 0){ $_.Split('  ')[0] } }


Get-WmiObject -class Win32_OperatingSystem | Select-Object __SERVER,@{label='LastRestart';expression={$_.ConvertToDateTime($_.LastBootUpTime)}}


Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime

Get-WmiObject win32_operatingsystem | select csname, @{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}

systeminfo /FO CSV | ConvertFrom-CSV


net statistics workstation

< ---------------------------------------------------------  Last Boot Up Time  --------------------------------------------------------- >


< ---------------------------------------------------------  IMPORT PCS FROM AD INTO COMMAND  --------------------------------------------------------- >

Get-WmiObject -class Win32_BIOS -comp (
Get-ADComputer -filter * -SearchBase "OU=ORG_UNIT2, OU=ORG_UNIT1, DC=DOMAIN, DC=local" | Select-Object -expand name
) | SELECT SERIALNUMBER,PSComputername


Get-WmiObject -class Win32_computersystem -comp (
Get-ADComputer -filter * -SearchBase "OU=ORG_UNIT2, OU=ORG_UNIT1, DC=DOMAIN, DC=local" | Select-Object -expand name
) | SELECT PSComputerName,Username,Manufacturer,Model,Domain,SystemType


Get-WmiObject -class Win32_networkadapterconfiguration -comp (
Get-ADComputer -filter * -SearchBase "OU=ORG_UNIT2, OU=ORG_UNIT1, DC=DOMAIN, DC=local" | Select-Object -expand name
) | SELECT PSComputerName,ipaddress,macaddress,description


Invoke-command -comp (
Get-ADComputer -filter * -SearchBase "OU=ORG_UNIT2, OU=ORG_UNIT1, DC=DOMAIN, DC=local" | Select-Object -expand name
) {Get-PSDrive C} | Select-Object PSComputerName,Used,Free | ForEach-Object {$_.used / 1GB}

< ---------------------------------------------------------  IMPORT PCS FROM AD INTO COMMAND  --------------------------------------------------------- >


Get-HotFix | where InstalledOn -ge ([datetime]”11/1/2013″)

get-hotfix -id KB974332

get-hotfix -id KB974332 -computername HOSTNAME

if (!(get-hotfix -id KB974332 -computername HOSTNAME)) \{ add-content $_ -path Missing-KB974332.txt \}

get-content computers.txt | foreach \{ if (!(get-hotfix -id KB974332 -computername $_)) \{ add-content $_ -path Missing-KB974332.txt \}\}

 Get-HotFix : This command cannot find hot-fix on the machine 'savdaldc11'. Verify the input and Run your command again. At line:1 char:55 + get-content computers.txt | foreach \{ if (!(get-hotfix <<<< -id KB974332 -computername $_)) \{ add-content $_ -path Missing-KB974332.txt \}\}

get-hotfix | Where-Object {$_.installedon -gt (get-date).addmonths(-6)} | Sort-Object -property installedOn -Descending

Get-Hotfix | where {$_.HotFixId -like "KB000000"}


Get-CimInstance Win32_StartupCommand | Select-Object Name, command, Location, User | Format-List


($result.IPV6Address).IPAddressToString


<  ---------- Clean Shutdown  ------------------------------------------------------------------------------------------------------------------------------  >

Get-Process | Where-Object MainWindowTitle | Out-GridView -Title 'Select Program To Kill' -PassThru | ForEach-Object { $_.CloseMainWindow() }


Get-Process | Where-Object MainWindowTitle | Out-GridView -Title 'Select Program To Kill' -PassThru | Stop-Process

<  ---------- Foreced Shutdown  ----------------------------------------------------------------------------------------------------------------------------  >


Get-Process | Where-Object { $_.MainWindowTitle } | Select-Object -Property Name, Company, Description, CPU | Out-Excel

Get-Process | Where-Object { $_.MainWindowTitle } | Select-Object -Property Name, Company, Description, CPU


Get-Process | Where-Object { $_.MainWindowTitle } | Select-Object -Property Name,Company,Description,CPU,ID,FileVersion,ProductVersion,StartTime,Path


Get-Process -ComputerName HOSTNAME | Select-Object name,fileversion,productversion,company

Get-Process -id (get-process ProtectionUtilSurrogate*).id -FileVersionInfo

(Get-Process -id (get-process PfuSsMon*).id -module).count

(get-process explorer).id


Get-Process -Name prt* | select Name,ID,PriorityClass,FileVersion,HandleCount,TotalProcessorTime,Handles,Company,CPU,ProductVersion,Description,Product,ExitCode,HasExited,ExitTime,Handle,PriorityBoostEnabled,ProcessName,ProcessorAffinity,Responding,SessionID,StartTime,EnableRaisingEvents,Site,Container


get-process | select -Property Name,ID,handlecount,PagedMemorySize,Handles,Path,Company,CPU,ProductVersion,Description,Product | Out-GridView


Get-FileHash "C:\Users\Username\Downloads\ImgBurn\SetupImgBurn_2.5.8.0.exe" -Algorithm md5

	-Algorithm <String> {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}


dir "DIRECOTRY PATH" -Recurse | Where-Object {!$_.psiscontainer } | get-filehash | ? {$_.hashstring -match ‘f64a28eaa82a657e16044ca85b5f0571’}
dir "DIRECTORY PATH" -Recurse | Where-Object {!$_.psiscontainer } | get-filehash | ? {$_.hashstring -match ‘6798240DCFECA09BCD6AE21AC7F5E573’}


if ( $($(CertUtil -hashfile C:\TEMP\MyDataFile.img MD5)[1] -replace " ","") -eq "your_hash" ) { echo "ok" }


ipconfig | Where-Object { $_ -like "*Address*"}

ipconfig | Where-Object { $_ -like "*IPv4 Address*"}

dir -Recurse | Where-Object { $_ -like "*Google*"}


gwmi -Class win32_process -computername HOSTNAME |  select name, kernelmodetime, usermodetime

Get-WmiObject Win32_Process | select Name, @{Name="CPU_Time";Expression={$_.kernelmodetime + $_.usermodetime}} | sort CPU_Time -Descending

ps -ComputerName HOSTNAME | sort cpu -Descending

Invoke-Command -ScriptBlock {get-process} -ComputerName HOSTNAME


get-WmiObject -list | where {$_.name -match “Printer”}

GWMI WIN32_PRINTER | SELECT CAPTION,COMMENT,DEFAULT,DEFAULTPRIORITY,DESCRIPTION,DRIVERNAME,INSTALLDATE,NAME,PORTNAME,PRINTERSTATE,PRINTERSTATUS,SHARENAME,SPOOLENABLED,STATUS,SYSTEMNAME | ConvertTo-Csv -UseCulture > $env:computername"_PRINTERS.CSV"

GWMI WIN32_PRINTER | SELECT CAPTION,COMMENT,DEFAULT,DEFAULTPRIORITY,DESCRIPTION,DRIVERNAME,INSTALLDATE,NAME,PORTNAME,PRINTERSTATE,PRINTERSTATUS,SHARENAME,SPOOLENABLED,STATUS,SYSTEMNAME | ConvertTo-Csv -UseCulture > $env:computername"_$(get-date -f MM-dd-yyyy-HH-mm)".csv


Get-WMiObject Win32_USBControllerDevice -computername HOSTNAME | fl Antecedent,Dependent

gwmi Win32_USBControllerDevice |%{[wmi]($_.Dependent)} | Sort Description,DeviceID | ft Description,DeviceID -auto


Get-WMIObject -class Win32_ComputerSystem | select username


Get-WmiObject -Class __Namespace -Namespace root `  -Filter "name='WMI'"


(Get-WSManInstance -Enumerate wmicimv2/* -filter "select * from win32_computersystemproduct").uuid

Get-WmiObject Win32_NetworkAdapter -Filter "netenabled = true" | Select Guid

Get-WmiObject Win32_NetworkAdapter -Filter "netenabled = true" | Select Guid,macaddress,description


wmic csproduct get uuid


get-history | Format-Table -Property * -AutoSize | Out-String -Width 4096 | clip

get-history | Format-Table -Property CommandLine -AutoSize | Out-String -Width 4096 | clip


Test-Connection IPADDRESS | Format-list -Property PSComputerName,IPV4Address,ResponseTimeToLive,ReplySize

Test-Connection IPADDRESS | Out-GridView -Title 'PING Reply Table'

Test-Connection IPADDRESS | Out-GridView -PassThru | Export-Csv -Path .\IPScan.csv


Invoke-Command -ComputerName S1, S2 -ScriptBlock {Get-Process PowerShell} -HideComputerName

Invoke-Command -ComputerName HOSTNAME -ScriptBlock {Get-Process vm*}

Invoke-Command -ComputerName HOSTNAME -ScriptBlock {Get-Process win*}


Get-CimClass Win32*Disk*

Get-CimInstance -ClassName Win32_DiskDrive | Select Status,InterfaceType,Size,Caption,Description,Name,SystemName,FirmwareRevision,Manufacturer,Model,SerialNumber,Signature

Get-CimInstance -ClassName Win32_DiskDrive -Property Status, InterfaceType, Size, Caption, Description, Name, SystemName, FirmwareRevision, Manufacturer, Model, SerialNumber, Signature


Get-ChildItem -Path C:\TECH -Recurse -Directory -Force -ErrorAction SilentlyContinue | Select-Object FullName

Get-Childitem -Path C:\Users -Include *HSG* -Exclude *.JPG,*.MP3,*.TMP -File -Recurse -ErrorAction SilentlyContinue


[ Look for String in files ]
ls -r c:\ -file | % {select-string -path $_ -pattern mypassword}

[ Look for file name ]
ls -r -file -filter *secret*


< ------ [ GWMI is alias for Get-WMIObject ] ------ >

(Get-WmiObject win32_bios).serialnumber

Gwmi Win32_SystemEnclosure | Select Serialnumber

Get-WMIObject Win32_SystemEnclosure | Select Serialnumber

Gwmi Win32_BIOS | Select Serialnumber

Get-WMIObject Win32_BIOS | Select Serialnumber


((Get-CimInstance win32_processor).Name | select -First 1)

(Get-CimInstance win32_processor).Name

(Get-CimInstance win32_processor)

(Get-CimInstance win32_processor).Caption

(Get-CimInstance win32_processor).DeviceID

(Get-CimInstance win32_processor).MaxClockSpeed

(Get-CimInstance win32_processor).SocketDesignation

(Get-ADComputer -Filter {OperatingSystem -Like "*Server*"} -Properties OperatingSystem)

(Get-WmiObject Win32_OperatingSystem).Version

(Get-WmiObject Win32_OperatingSystem)

(Get-WmiObject Win32_OperatingSystem) | select *

(Get-WmiObject Win32_OperatingSystem).Caption

(Get-WmiObject Win32_OperatingSystem).RegisteredUser

(Get-WmiObject Win32_OperatingSystem).RegisteredUser.OSArchitecture

(Get-WmiObject Win32_OperatingSystem).OSArchitecture

(Get-WmiObject Win32_OperatingSystem).Description


< ------ [ GWMI is alias for Get-WMIObject ] ------ >


Get-CimInstance -ClassName win32_bios | Select SMBIOSBIOSVersion, Manufacturer, Name, SerialNumber, Version

Get-CimInstance -ClassName CIM_ComputerSystem | select Name,Caption,PrimaryOwnerName,DayLightInEffectd,DNSHostName,Domain,DomainRole,EnableDayLightSavingsTime,HypervisorPresent,Manufacturer,Model,NumberOfLogicalProcessors,NumberOfProcessors,PartOfDomain,SystemSKUNumber,SystemType,TotalPhysicalMemeory,UserName,WorkGroup

Get-CimInstance -ClassName CIM_DiskDrive | select *

Get-CimInstance -ClassName CIM_Chip | select *

Get-CimInstance -ClassName CIM_PhysicalMemory

Get-CimInstance -ClassName CIM_Printer | select Name,Status,Caption,Description,DeviceID,SystemName,Comment,Default,Direct,DriverName,Local,Network,PortName,ServerName,ShareName

Get-CimInstance -ClassName CIM_Process

Get-CimInstance -ClassName CIM_Processor

Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object -Property BuildNumber,BuildType,OSType,ServicePackMajorVersion,ServicePackMinorVersion

Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object -Property NumberOfLicensedUsers,NumberOfUsers,RegisteredUser

Get-CimInstance -ClassName Win32_LogicalDisk -Filter "DriveType=3"

Get-CimInstance -ClassName Win32_LogicalDisk -Filter "DriveType=3" | Measure-Object -Property FreeSpace,Size -Sum | Select-Object -Property Property,Sum

Get-CimInstance -ClassName Win32_LogonSession


< ------------------------------------------------------------------  Invoke-RestMethod  ------------------------------------------------------------------ >


$Data = Invoke-RestMethod -Uri  'https://gis.iowadot.gov/public/rest/services/Traffic_Safety/Crash_Data/MapServer/0?f=pjson'

  $Data.fields|Select-Object -Property Name, alias, Domain


(Invoke-RestMethod -Uri  'https://gis.iowadot.gov/public/rest/services/Traffic_Safety/Crash_Data/MapServer/0?f=pjson').fields | Select Name,Alias,Domain

((Invoke-RestMethod -Uri  'https://gis.iowadot.gov/public/rest/services/Traffic_Safety/Crash_Data/MapServer/0?f=pjson').fields | Where-Object  {$_.name  -eq 'weather'}).Domain.CodedValues

Invoke-RestMethod -Uri  'https://gis.iowadot.gov/public/rest/services/Traffic_Safety/Crash_Data/MapServer/0?f=pjson' | select -Property Name,CurrentVersion,supportsStatistics,supportedQueryFormats,ownershipBasedAccessControlForFeatures,useStandardizedQueries


< ------------------------------------------------------------------  Invoke-RestMethod  ------------------------------------------------------------------ >


gwmi -ComputerName HOSTNAME -ClassName CIM_Chip


Get-PnpDevice -PresentOnly


(whoami /all | select-string S-1-16-12288) -ne $null


Last Bootup Time  -  [System.Management.ManagementDateTimeConverter]::ToDateTime((Get-WmiObject Win32_OperatingSystem).LastBootUpTime)


Get-WmiObject win32_processor | Measure-Object -property LoadPercentage -Average | Select Average

Get-WmiObject -Computername HOSTNAME win32_processor | Measure-Object -property LoadPercentage -Average | Select Average


Get-WmiObject -Class win32_Volume | select Name,FileSystem,BlockSize,Capacity,Label,PSComputername | Format-Table

Get-WmiObject -Computername HOSTNAME -Class win32_Volume | select Name,FileSystem,BlockSize,Capacity,Label,PSComputername | Format-Table


Get-WMIObject Win32_OperatingSystem | select-object caption

Get-WMIObject Win32_OperatingSystem

Get-WMIObject Win32_OperatingSystem -Computername HOSTNAME | select-object caption


(Get-ADDomain).PDCEmulator

Get-ADUser -Identity Username -Properties memberof | Select-Object -ExpandProperty memberof

(Get-ADUser -Identity Username -Properties memberof).memberof

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol


Write-Host (2,4,6,8,10,12) -Separator ", -> " -ForegroundColor Green -BackgroundColor RED

Write-Host (2,4,6,8,10,12) -Separator ", -> " -ForegroundColor DarkGreen -BackgroundColor white


CommandLine
-----------
Get-WinEvent -LogName Microsoft-Windows-TaskScheduler/Operational
Get-WinEvent -LogName security
Get-WinEvent -LogName Microsoft-Windows-Security-Audit-Configuration-Client/Operational
Get-WinEvent -LogName Microsoft-Windows-Winlogon/Operational
Get-WinEvent -LogName Microsoft-Windows-Winlogon
Get-WinEvent -LogName Microsoft*

Get-EventLog -list | Where-Object {$_.logdisplayname -eq "Security"}
Get-EventLog "Security" | Where-Object {$_.EventID -eq 4672}
Get-EventLog "Security" -ComputerName HOSTNAME | Where-Object {$_.EventID -eq 428 -or }
Get-Eventlog -logname Security -ComputerName HOSTNAME | Where EventID -EQ “4740” | Format-Table

Get-WinEvent -FilterHashtable @{logname='Security'; id=4672; level=2} -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672; UserID=Username} -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672; UserID=CONTOSO\Username} -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672; UserID=Administratro} -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672; UserID=Administrator} -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} -MaxEvents 10 | Group-Object eventid | Sort-Object Name
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} | Group-Object eventid | Sort-Object Name -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} | Group-Object eventid | Sort-Object Name
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} | Group-Object id | Sort-Object Message
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} | Group-Object id | Sort-Object Message -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} | Group-Object id -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} | Group-Object Id -MaxEvents 10
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} | Format-Table -Property * -AutoSize | Out-String -Width 4096
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} -MaxEvents 10 | Format-Table -Property * -AutoSize | Out-String -Width 4096
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} -MaxEvents 10 | Format-Table -Property * -AutoSize | Out-String -Width 4096 | clip
Get-WinEvent -FilterHashtable @{logname='Security'; id=4672} -MaxEvents 10 | Format-Table -Property * -AutoSize | clip
Get-EventLog -ComputerName SERVER -LogName Security  ?{$_.EventID -eq 538 -or $_.Event -eq 540}

Get-EventLog -LogName Security  ?{$_.EventID -eq 4907 -or $_.Event -eq 4672}
Get-EventLog -LogName Security  ?{$_.EventID -eq 4907 -or $_.Event -eq 4672}
Get-EventLog -LogName Security ?{$_.EventID -eq 4907 -or $_.Event -eq 4672}
Get-EventLog -LogName Security | ?{$_.EventID -eq 4907 -or $_.Event -eq 4672}
Get-EventLog -ComputerName SERVER -LogName Security | ?{$_.EventID -eq 4907 -or $_.Event -eq 4672}
Get-EventLog -ComputerName SERVER -LogName Security | ?{$_.EventID -eq 538 -or $_.Event -eq 540}
Get-EventLog -ComputerName SERVER -LogName Security | ?{$_.EventID -eq 538 -or $_.Event -eq 540}
Get-EventLog -ComputerName SERVER -LogName Security | ?{$_.EventID -eq 538 -or $_.Event -eq 540} | Format-Table -Property * -AutoSize | Out-String -Width 4096

get-history | Format-Table -Property * -AutoSize | Out-String -Width 4096 | clip

Get-WinEvent -FilterHashtable @{logname='application'} | where-object  { $_.Message -like '*konea*' }
Get-WinEvent -FilterHashtable @{logname='application'} | where-object  { $_.Message -like '*outlook*' }
Get-WinEvent -FilterHashtable @{logname='application'} | where-object  { $_.Message -like '*outlook*' }
Get-WinEvent -FilterHashtable @{logname='application'} | where-object  { $_.Message -like '*outlook*' } | clip
Get-WinEvent -FilterHashtable @{logname='application'} | where-object  { $_.Message -like '*outlook*' } | Format-Table -AutoSize *
Get-WinEvent -FilterHashtable @{logname='application'} | where-object  { $_.Message -like '*outlook*' } | Format-Table -AutoSize
Get-WinEvent -FilterHashtable @{logname='application'} | where-object  { $_.Message -like '*outlook*' } | select message

Get-WinEvent -FilterHashtable @{logname='application'; id=4107; StartTime="1/17/11"}


Invoke-Command -Computername Computer01 -ScirptBlock {Get-Eventlog -Logname Security | Select-Object -First 10}

Invoke-Command -Computername Computer01 -ScirptBlock {Get-Process} | gm

Invoke-Command -Computername Computer01 -ScirptBlock {Get-Process} | where {_.name -eq "notepad"}

Measure-Command {Invoke-Command -Computername Computer01 -ScirptBlock {Get-Process} | where {_.name -eq "notepad"} }

Measure-Command {Invoke-Command -Computername Computer01 -ScirptBlock {Get-Process | where {_.name -eq "notepad"}} }

Invoke-Command -Computername Computer01 -ScirptBlock {Get-Process | where {_.name -eq "notepad"} | Stop-Process}


Event Log Archive - Get-WinEvent -FilterHashtable @{logname='security'; id=1105; StartTime="12/12/17"}

Event Log Pass Change - Get-WinEvent -FilterHashtable @{logname='security'; id=628; StartTime="12/12/17"}

Get-WinEvent -FilterHashtable @{logname='application';id=4107;StartTime="1/15/11";EndTime="1

Get-EventLog "Application" | Where-Object {$_.EventID -eq 1003 -or $_.EventID -eq 62 -or $_.EvendID -eq 902} | select EventID,TimeGenerated,EntryType,Source

Get-EventLog "System" | Where-Object {$_.EventID -eq 7 -or $_.EventID -eq 11 -or $_.EventID -eq 51 -or $_.EvendID -eq 52 -or $_.EventID -eq 13150} | select EventID,TimeGenerated,EntryType,Source,Message

Get-EventLog "System" | Where-Object {$_.EventID -eq 7 -or $_.EventID -eq 11 -or $_.EventID -eq 51 -or $_.EvendID -eq 52 -or $_.EventID -eq 13150} | select * | ConvertTo-Csv > C:\Test\EvntLog_HD_Failure.csv

Get-EventLog "System" | Where-Object {$_.EventID -eq 7 -or $_.EventID -eq 9 -or $_.EventID -eq 11 -or $_.EventID -eq 15 -or $_.EventID -eq 51 -or $_.EvendID -eq 52 -or $_.EventID -eq 13150} | select EventID,TimeGenerated,EntryType,Source,Message

Get-EventLog "System" | Where-Object {$_.EventID -eq 7 -or $_.EventID -eq 9 -or $_.EventID -eq 11 -or $_.EventID -eq 15 -or $_.EventID -eq 51 -or $_.EvendID -eq 52 -or $_.EventID -eq 13150} | select * | ConvertTo-Csv > C:\Test\EvntLog_HD_Failure.csv


Get-EventLog Security -ComputerName Computer  -Source Microsoft-Windows-Security-Auditing | Where {$_.InstanceID -like "4624"} | Select $UserProperty | where {$_.Username -Like "username"} | Export-Csv D:\Logon.csv -NoTypeInformation

  -  Make sure Service "RemoteRegistry" running

Get-EventLog Security -ComputerName Computer  -Source Microsoft-Windows-Security-Auditing | Where {$_.InstanceID -like "4624"} | Select $UserProperty | where {$_.Username -Like "*blalock"} | Export-Csv D:\Logon.csv -NoTypeInformation


Get-EventLog "System" | Where-Object {$_.EntryType -eq 'Error'} | select EventID,TimeGenerated,EntryType,Source


Get-EventLog "System" | Where-Object {$_.EntryType -ne "Information"} | select * | more

Get-EventLog "System" | Where-Object {$_.EntryType -eq "Error"} | select * | more


$date = (Get-Date).AddDays(-1)

Get-WinEvent -FilterHashTable @{ LogName = "System"; StartTime = $date; ID = "12" }


$formatEnumerationLimit = -1

$formatenumerationlimit


Get-WinEvent -FilterHashtable @{logname='application'; ProviderName='MSSQLSERVER'} | where-object  { $_.Message -like '*error*' }


Get-WinEvent -path "C:\temp\*Security*.evtx" -max 10 -FilterHashtable @{Providername="Microsoft-Windows-Security-Auditing"; id=4740; StartTime='1/7/2013'; EndTime='1/8/2013'}


Get-WinEvent -FilterHashtable @{logname='application'; providername='.Net Runtime' }

Get-WinEvent -FilterHashtable @{logname='system'; providername='Disk' }

Get-WinEvent -FilterHashtable @{logname='system'; level='2'}


Get-EventLog Security -Source Microsoft-Windows-Security-Auditing -After ((Get-Date).Date.AddDays(-30)) | Where ($_.EventID -eq 4624)

Get-WinEvent -FilterHashTable @{LogName="System"; StartTime=(get-date).AddDays(-13); EndTime=(get-date).AddHours(-1): level='2'}

Write-Eventlog -Logname "Operations Manager" -Source 'HealthService' -EventID 100 -EntryType Warning -Message "String `"$string`" has not been found in URL `"$url`" authenticated with username `"$user`" and password `"$password`"."


Get-EventLog System | Where-Object {$_.EventID -eq "1074" -or $_.EventID -eq "6008" -or $_.EventID -eq "1076"} | ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap | More


##############################################################################################################################################################
##
## https://4sysops.com/archives/search-the-event-log-with-the-get-winevent-powershell-cmdlet/
##
###############################################################################################

Events with a specific information level

You must provide the information level with Level as the key and a Number as the value. Here is a list of levels associated with their respective numbers:
•LogAlways 0
•Critical 1
•Error 2
•Warning 3
•Informational 4
•Verbose 5

The following command displays all error events from the System log:

Get-WinEvent -FilterHashTable @{LogName='System';Level='2'}

Unfortunately, you can only specify one level at a time through a hash table.
However, we can circumvent this problem by using the Where-Object cmdlet instead of the Level key from the hash table.

##############################################################################################################################################################


 < *************************************  https://social.technet.microsoft.com/Forums/ie/en-US/c8330f58-f2e5-4681-beb2-b2b6a185f818/how-to-geteventlog-for-offline-evtx-files?forum=winserverpowershell ************** >

If you want to export out only some column, then please run below command first to select out one object and get those column:

$EventLogonIDs="4624","4634"
Get-WinEvent -FilterHashtable @{Path="C:\temp\Security*.evtx";id= @($EventLogonIDs);StartTime="1/7/2013";EndTime="1/8/2013"} | select-object -first 2

OR we also could use get-member command to get all properties of the result, and then choose what you want to export:

$EventLogonIDs="4624","4634"
Get-WinEvent -FilterHashtable @{Path="C:\temp\Security*.evtx";id= @($EventLogonIDs);StartTime="1/7/2013";EndTime="1/8/2013"} | select-object -first 1 | get-member

 < *************************************  https://social.technet.microsoft.com/Forums/ie/en-US/c8330f58-f2e5-4681-beb2-b2b6a185f818/how-to-geteventlog-for-offline-evtx-files?forum=winserverpowershell **************


<  ----------------------------------   https://www.makeuseof.com/tag/15-advanced-tasks-powershell-can-handle-windows-10/


Set-Date -date "12/25/2016 7:30 AM"

Set-Date (Get-Date).AddDays(2)

Test-Path c:\Users\Brad\Documents\PowerShell.xls

Rename-Item c:\Users\Brad\Documents\PowerShellisDifficult.xls PowerShellisEasy.xls

Move-Item c:\Users\Brad\Documents\PowerShellisEasy.xls c:\Users\Brad\Important Documents

Move-Item c:\Users\Brad\Documents\*.xls c:\Users\Brad\Important Documents

Invoke-Item c:\Windows\System32\notepad.exe

Invoke-Item c:\MakeUseOf\Hello.txt

Invoke-Item c:\MakeUseOf\*.txt

Get-Content c:\MakeUseOf\Hello.txt

Get-Content c:\MakeUseOf\Hello.txt -totalcount 5

Add-Content c:\MakeUseOf\Hello.txt "written by Brad Jones"

Add-Content c:\MakeUseOf\Hello.txt "`nwritten by Brad Jones"

Get-Content c:\MakeUseOf\Hello.txt | Measure Object

Get-Service

Get-Service | Where-Object {$_.status -eq "stopped"}

Restart-Service dbupdate

Restart-Service -displayname "Dropbox Update Service"

Set-Service dbupdate -startuptype "manual"

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}


 powershell -NoExit -Command "Set-Location c:\\"

 If your path contains spaces, you can wrap it in single-quotes, like so:
 powershell -NoExit -Command "Set-Location 'c:\\program files'"


 'powershell -NoExit -Command "Set-Location ' + path1 + '"'

 'start C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -NoExit -Command '; s2 = '"Select-Location ' + "'" + path1 + "'" + '"', and command = s1 + s2


<  ----------------------------------   https://www.makeuseof.com/tag/15-advanced-tasks-powershell-can-handle-windows-10/


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Show addins for Outlook
-------------------------------------------------------------


$searchScopes = "HKCU:\SOFTWARE\Microsoft\Office\Outlook\Addins","HKLM:\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins"
$searchScopes | % {Get-ChildItem -Path $_ | % {Get-ItemProperty -Path $_.PSPath} | Select-Object @{n="Name";e={Split-Path $_.PSPath -leaf}},FriendlyName,Description} | Sort-Object -Unique -Property name


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

if(test-path "C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe"){(ls "C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe").VersionInfo | Format-List}
if(test-path "C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe"){(ls "C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe").VersionInfo | select ProductVersion}

$path= "\\remote\C$\windows\System32\WindowsPowerShell\v1.0\powershell.exe"
if(test-path $path){(ls $path).VersionInfo}

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


< =======================================================  Command Used Excel Formulas ======================================================= >

=IF(D1>1024*1024*1024,TRUNC(D1/1024/1024/1024,2)&" GB", IF(D1>1024*1024, ROUND(D1/1024/1024,0)&" MB", ROUND(D1/1024,0)&" KB"))


< =======================================================  Command Used Excel Formulas ======================================================= >


Powershell.exe -ExecutionPolicy Bypass -File "\\sccm\clienthealth$\ConfigMgrClientHealth.ps1" -Config "\\sccm\clienthealth$\config.xml"


< ----------------------------  [ Powershell Versioning ] ---------------------------- >


Get-Host | Select-Object Version


Invoke-Command  -Computername HOSTNAME -Scriptblock {$PSVersionTable.psversion}

REG QUERY \\HOSTNAME\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine

REG QUERY \\HOSTNAME\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine /V "PowerShellVersion"

REG QUERY \\HOSTNAME\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine /V "PowerShellVersion"

REG QUERY \\HOSTNAME\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\

REG QUERY \\HOSTNAME\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3


< ----------------------------  [ Powershell Versioning ] ---------------------------- >


< ----------------------------  [ Check if Server needs rebooting ] ---------------------------- >


reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired"
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update"
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /s
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending"
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing"
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending"


< ----------------------------  [ Check if Server needs rebooting ] ---------------------------- >


< ----------------------------  [ Powershell 5.1 Quient Install/Uninstall ] ---------------------------- >


wusa.exe Win7AndW2K8R2-KB3191566x64.msu /quiet /norestart


wusa.exe /KB3191566 /uninstall /quiet /norestart


< ----------------------------  [ Powershell 5.1 Quient Install/Uninstall ] ---------------------------- >


function Get-SystemUptime
{
    $operatingSystem = Get-WmiObject Win32_OperatingSystem
    [Management.ManagementDateTimeConverter]::ToDateTime($operatingSystem.LastBootUpTime)
}


##########################################################################################################################################
##
## http://windowsitpro.com/blog/four-ways-get-computer-names-computername-parameter
##
##########################################################################################################################################

I'm teaching a class forSAPIEN Technologies in Chicago this week. Actually, everyone's doing a lab on WMI, watching me enter this. Don't you wish you were here? Anyway, we needed to look at various ways to feed computer names to any cmdlet that has a -computerName parameter. Here's what I cam up with:


# get names from a file, one name per line
Get-WmiObject -class Win32_Whatever -computer (Get-Content names.txt)


# get names from Active Directory
Import-Module ActiveDirectory
Get-WmiObject -class Win32_Something -comp (
    Get-ADComputer -filter * | Select-Object -expand name
)


# specify one computer
Get-WmiObject -class Win32_This -computer SERVER-R2


# specify many computers
Get-WmiObject -class Win32_That -computer WESTDC4,EASTDC5


# get names from a CSV file that has a "host" column
Get-WmiObject -class Win32_Those -computer (
    Import-CSV computerlist.csv | Select-Object -expand host
)
 I used Get-WmiObject for all of the examples, but you can obviously use this with any cmdlet that supports -computerName. Enjoy!


##########################################################################################################################################


##############################################################################################################################################################################
##
## WINDOWS 7 AND ABOVE - NIC ADAPTER REPAIR EQUIVALENT
##
## http://windowsitpro.com/windows-xp/what-actions-occur-when-i-click-repair-network-connection-windows-xp-and-later
##
##############################################################################################################################################################################


If you right-click a network connection and select Status, Windows displays information about the connection's speed, duration of connection, and packet activity.
For XP and later, a Repair option appears on the Support tab. When you click Repair, Windows attempts to resolve a range of problems.
Specifically, the OS attempts to renew the DHCP lease, if the connection obtains its IP address through DHCP, using a broadcast message.

•Flushes the Address Resolution Protocol (ARP) cache using the command
	arp -d *

•Flushes the NetBIOS cache using the command
	nbtstat -R

•Flushes the DNS cache using the command
	ipconfig /flushdns

•Reregisters the NetBIOS name and IP address with WINS using the command
	nbtstat -RR

•Reregisters the computer name and IP address with DNS using the command
	ipconfig /registerdns

arp -d *
nbtstat -R
ipconfig /flushdns
nbtstat -RR
ipconfig /registerdns


##############################################################################################################################################################################


nmap -sV -script=banner IP / HOSTNAME

nmap -p "Port Number" -oA "Base File Name" IP/RANGE - No quotes


##############################################################################################################################################################################
## SERVER ONLY COMMANDS FOR NOW
##############################################################################################################################################################################

Get-DhcpServerv4Lease -ScopeId "NETWORK_ID" | select IPAddress,ClientID,HostName


##############################################################################################################################################################################


icacls "C:\Program Files (x86)\FourJs" /grant "Users":(OI)(CI)F /inheritance:r

icacls DemoOCX.lnk /grant users:F  (Topaz signature pad, give full access to local USERS group in %PUBLIC%\DESKTOP\DemoOCX.lnk link file)


invoke-command -ComputerName SERVER -ScriptBlock {Test-Connection -ComputerName 10.0.1.4,10.0.2.4,10.0.3.4,10.0.4.4,10.0.5.4,10.0.6.4,10.0.7.1,10.0.8.4,10.0.9.4,10.0.10.4,10.0.11.4,10.0.12.4,10.0.53.4,10.0.61.1 -Count 2 | format-table -autosize}


<  #####################################################  -  ESXi  CLI -- Command  -  ######################################################################################### >

ESXi History Log  -  https://ESXiHostnameOrIP/host/shell.log
	https://kb.vmware.com/s/article/2004810


[root]: esxcli network ip connection list
[root]: vim-cmd vmsvc/getallvms
[root]: vim-cmd vmsvc/power.on vcsa
[root]: vim-cmd vmsvc/getallvms
[root]: vim-cmd vmsvc/power.on 47
[root]: vim-cmd vmsvc/getallvms |grep hall
[root]: vim-cmd vmsvc/getallvms |grep HALL
[root]: vim-cmd vmsvc/getallvms |grep vcsa
[root]: vim-cmd vmsvc/power.on 47
[root]: esxcli vm process list
[root]: history


<  #####################################################  -  ESXi  CLI -- Command  -  ######################################################################################### >


<  #####################################################  -  PowerShell  Sessions  -  ######################################################################################### >

<  #####################################################  >
<  ####                                ####
<  ####  https://youtu.be/PMRkM9jlMMw  ####
<  ####                                ####
<  #####################################################  >

$sess = New-PSSession -ComputerName Computer01

Get-PSSession

Process - wsmprovhost.exe - Check username it is running under

Invoke-Command -Session $sess {var=10} (remains due to estabilshed session)

$sess | Remove-PSSession

For domain controllers must be in "Built In" "Administrators"


$sess | Remove-PSSession

$dcs = "DC01", "DC02"
$dcs (should show list of previously added DCs)

Invoke-Command -ComputerName $dcs -ScriptBlock {$env:computername}

$sess = NewPSSession -ComputerName $dcs

Invoke-Command -Session $sess -ScriptBlock {$env:computername}

Enter-PSSession -Session $sess [0]
gps
Get-Service
exit


Remove-PSSession | remove
$sess | Remove

[Implicit Remoting is importing modules from remote session]

$adsess = NewPSSession -ComputerName DC01
Import-Module -Name ActiveDirectory -PSSession $adsess
Get-Module
Get-Command -Module ActiveDirectory

$c = Get-Command Get-ADUser
$c.definition

Get-ADUser -filter * | gm
(Deserialized)

$comm = "Get-Command"
& $comm


Remove-Module ActiveDirectory
Import-Module -Name ActiveDirectory -PSSession $adsess -Prefix OnDC
Get-Module


$sess = New-PSSession -Name DC1Sess -ComputerName DC01
Get-PSSession

Invoke-Command -Session $sess {$var=50}
Disconnect-PSSession -ID 2

Connect-PSSession -ID2

Invoke-Command -Session $sess {$var}

Try telnet "node" 5985

Import-Module PSDiagnostics
Get-Command -Module PSDiagnostics
Enable-PSWSManCombinedTrace

Invoke-Command -ComputerName Computer01 -ScriptBlock {Get-Process}
Disable-PSWSMANCombinedTrace


cd .\\LocalMachine\my
ls


<  #####################################################  -  PowerShell  Sessions  -  ######################################################################################### >


<  #####################################################  -  Wireshark Filtering   -  ######################################################################################### >


http.request.uri matches "^....$"


<  #####################################################  -  Wireshark Filtering   -  ######################################################################################### >


<  #####################################################  -  Powershell JSON to XML Conversion   -  ##################################################### >


Get-Content -Path "PATH\FILE-NAME.json" | ConvertFrom-Json | ConvertTo-Xml -As Document -Depth 3 | Out-File -FilePath "PATH\FILE-NAME.xml"


<  #####################################################  -  Powershell JSON to XML Conversion   -  ##################################################### >