Thursday, April 26, 2012

Creating Custom Event Log Entires

If you ever want to use the event log to capture information from a script, it's actually pretty easy to do.

First you have to prepare the new entry type for the events you want to capture.  Please note that both creating the new log and writing to it will require an elevated prompt.

New-EventLog -logname logname -source your_new_source

The logname can be either Application, System or Security.

Example: new-eventlog -logname System -source John

This will insert the 'John' source into the registry and allow you to then write events to the System log.

Writing an event is pretty simple as well:

Write-Eventlog -logname logname -source source -eventID number -entrytype (Information, Alert, etc) -message "a message"

I actually have written a function as I'm lazy and don't like to type that much:

Function update-eventlog


# Source is hardcoded to John
# EventID is hardcoded to 1
# Logname is hardcoded to System


Write-Eventlog -Logname System -Source John -EventID 1 -EntryType $entrytype -message $message


update-eventlog "entry type" "Message"


update-eventlog "Information" "This is a test"

Pretty Simple, huh?

Wednesday, April 25, 2012

Function to check folder access

Ever need to quickly determine the ACL for a user in a folder and you wanted to do it in PowerShell?  If so, you've realized it's not as easy as clicking on the folder properties and selecting the security tab.

The below function will check the input folder and user/group for full access to the target folder.

Usage is check-folder FOLDER USER

The script will then check the folder and see the rights.  If the rights are not full control, it will set the value of $access to True.  You can then use the value to do something.

function check-folder

# checks to see if the folder passed to it has full permissions
# granted for the builtin\users group.
# returns True if this is the case.
# Usage: check-folder "folder"

$acl=get-acl $folder
foreach ($accessrule in $acl.access)
if (($accessrule.identityreference -eq "$user") -and
    ($accessrule.filesystemrights -eq "FullControl"))




Check-Folder c:\work "builtin\users"

if ($access -eq true)

write "Hey, $user has access to the $folder"


Time to start actually using this thing.  I believe what I will be doing is posting useful tidbits that I've had to engineer/find for my daily admin tasks that hopefully will be of use for others..

Wednesday, April 11, 2012