Monday, May 21, 2012

Determine Local Users

Found this somewhere on the net and forgot to save the source website, so sorry to the author, however it's useful.

$strComputer = "computername"
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$Users = $computer.psbase.children |where{$_.psbase.schemaclassname -eq "User"}
foreach ($member in $Users.psbase.syncroot)


Turn it into a function or CL script by using creating a parameter based script:

$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$Users = $computer.psbase.children |where{$_.psbase.schemaclassname -eq "User"}
foreach ($member in $Users.psbase.syncroot)


Thursday, April 26, 2012

Creating Custom Event Log Entires

If you ever want to use the event log to capture information from a script, it's actually pretty easy to do.

First you have to prepare the new entry type for the events you want to capture.  Please note that both creating the new log and writing to it will require an elevated prompt.

New-EventLog -logname logname -source your_new_source

The logname can be either Application, System or Security.

Example: new-eventlog -logname System -source John

This will insert the 'John' source into the registry and allow you to then write events to the System log.

Writing an event is pretty simple as well:

Write-Eventlog -logname logname -source source -eventID number -entrytype (Information, Alert, etc) -message "a message"

I actually have written a function as I'm lazy and don't like to type that much:

Function update-eventlog


# Source is hardcoded to John
# EventID is hardcoded to 1
# Logname is hardcoded to System


Write-Eventlog -Logname System -Source John -EventID 1 -EntryType $entrytype -message $message


update-eventlog "entry type" "Message"


update-eventlog "Information" "This is a test"

Pretty Simple, huh?

Wednesday, April 25, 2012

Function to check folder access

Ever need to quickly determine the ACL for a user in a folder and you wanted to do it in PowerShell?  If so, you've realized it's not as easy as clicking on the folder properties and selecting the security tab.

The below function will check the input folder and user/group for full access to the target folder.

Usage is check-folder FOLDER USER

The script will then check the folder and see the rights.  If the rights are not full control, it will set the value of $access to True.  You can then use the value to do something.

function check-folder

# checks to see if the folder passed to it has full permissions
# granted for the builtin\users group.
# returns True if this is the case.
# Usage: check-folder "folder"

$acl=get-acl $folder
foreach ($accessrule in $acl.access)
if (($accessrule.identityreference -eq "$user") -and
    ($accessrule.filesystemrights -eq "FullControl"))




Check-Folder c:\work "builtin\users"

if ($access -eq true)

write "Hey, $user has access to the $folder"


Time to start actually using this thing.  I believe what I will be doing is posting useful tidbits that I've had to engineer/find for my daily admin tasks that hopefully will be of use for others..

Wednesday, April 11, 2012

Wednesday, September 8, 2010

Delete files using a CSV file as an input and the remove-item command

Deleting mass amounts of files is easy in PowerShell.  Using the Remove-Item command you can set up a CSV file to feed a list of files and their locations to the command-let and step down the list, deleting as you go.

The basic structure of the command would look like this:

$data = import-csv c:\file_inventory\deletelist.csv

foreach ($line in $data)


$A= $($line.fullname)
remove-item $a -recurse -force

To break down what's going on above:
  • The $data variable is going to hold the information that's contained in the deletelist.csv file.  Presumably this file will contain the paths and names of the files to be deleted.
  • The FOREACH statement is stepping thru the deletelist.csv file and then feeding the data to the loop below.  The script will then step thru the loop until it gets to the end of the data file.
  • The loop itself contains only two things:
    • $A=$($line.fullname) - let's make $a contain the information contained in the current line in the CSV file we're stepping thru.  $($Line.Fullname) says: grab the information in the current $line of the $data and look in the fullname column. 
    • Remove-Item is equivalent to the DOS DEL command, however you can feed it a variable (in this case $a).
    • Recurse - step thru any folders below the folder your in.  This is used in case a folder has subfolders that will also be deleted.  If this switch is not there, then the script will stop and ask you what to do.
    • Force - Delete the file even if it's read only, hidden etc.
  • If you want to test the above scenario you can use the -whatif switch in the remove-item statement, this will make PowerShell just show you what would have happened if you ran the command.     

Tuesday, August 31, 2010

Menu Looping in Powershell

Menu Looping is pretty easy to set up in Powershell.  You're basically setting a condition and looping back if that condition isn't met.

For example, we'll use $a as the variable we're keeping an eye on.

$a=0 #setting a to zero value
While ($a -ne 3) 

Write "1. Do something"
Write "2. Do something else"
Write "3. Quit"

$a = Read-host "enter choice"
Switch ($a)



The above loop will look for the numeric condition of the variable 'a' and execute switches for other blocks of powershell code for them.