PowerShell Resources and Links

Error Handling Error Handling in PowerShell by Don Jones https://www.youtube.com/watch?v=wZ7xYU-dxXI Windows PowerShell Intermediate Chapter 03 – Error Trapping and Handling https://www.youtube.com/watch?v=-6Yn-56IhG0 PowerShell Tutorial – Try Catch Finally and error handling in PowerShell http://www.vexasoft.com/blogs/powershell/7255220-powershell-tutorial-try-catch-finally-and-error-handling-in-powershell Windows PowerShell Blot (-ErrorAction and -ErrorVariable) http://blogs.msdn.com/b/powershell/archive/2006/11/03/erroraction-and-errorvariable.aspx

Get Device Drivers

The following are Powershell commands that will list device drivers currently installed. In the Select-Object portion, special syntax is used to convert the driver date to a user friendly format and to provide user friendly column names. This will provide output of all drivers. Get-WmiObject -Class Win32_PnpSignedDriver | where-object {$_.Driverdate -ne $null } | Sort-Object Description…

Get OS Last Boot Time

The following Powershell command will perform a WMI query using the Get-WmiObject cmlet to obtain the last bootup time for a machine. $OS = Get-WmiObject -Class Win32_OperatingSystem -Computername computername $OS.ConvertToDateTime($OS.LastBootUpTime)

Event Logs to Investigate Machine Restarts

The following are Powershell commands that can help do a quick assessment of machine restarts. This will query the event logs and pull event ID 1074 that will provide the nature of the restart including the process and user account used to initiate the restart. This will provide output to Out-Gridview get-eventlog -log system | where…

Files Sorted by Size in Descending Order

This powershell command will recurse the C drive and export a list of files sorted by size in descending order. This may be helpful if you need to find which files are taking up the most space. You may get denied errors for some folders that are protected by Windows. This will provide output to…

List Microsoft Office Software by Architecture

If running a combination of Office 2007, Office 2010, and Office 2013 software products AND you need to query by architecture (application bitness), the following Powershell script queries can be used. These queries inspect the Product GUID or IdentifyingNumber. Please note, this works only for MSI-based Office applications. This will not work for Click-To-Run installed software like…

List TPM Values

If the TPM setting is enabled in the BIOS, Windows should maintain a WMI class for Win32_TPM. The following commands will allow you to display TPM values in Powershell. $TPM = get-wmiobject win32_tpm -namespace “root/cimv2/security/microsofttpm” $TPM Sample Output: Typically, the more interesting values to view are those pertaining to “IsActivated”, “IsEnabled”, and “IsOwned”. Please note,…