Tag Archives: powershell function

Get Windows Firewall State on Local or Remote Machine Utilizing Netsh.exe

05/10/2015 hah 3 Comments

.SYNOPSIS
Displays the Windows Firewall state for Domain, Private, and Public profiles on local or remote computer.

.DESCRIPTION
Use Get-FirewallState to show current Firewall state that is presented on the Windows Firewall with Advanced Security Properties page, with the tabs for Domain, Private, and Public profiles.

.PARAMETER HOSTNAME
Specifies the remote or local computer name.
When using HOSTNAME parameter, Windows PowerShell creates a temporary connection that is used only to run the specified command and is then closed.

.EXAMPLE
Get-FirewallState -HOSTNAME SERVER01

Description
———–
The script will establish remote connection to SERVER01 machine and display the Firewall state for all profiles:

FirewallDomain FirewallPrivate FirewallPublic

-------------- --------------- --------------

ON ON ON

Code:

Function Get-FirewallState

{

[CmdletBinding()]

Param ([Parameter(Mandatory = $true)][string]$HOSTNAME)

$ErrorActionPreference = "Stop"

Try {

$FirewallBlock = {

$content = netsh advfirewall show allprofiles

If ($domprofile = $content | Select-String 'Domain Profile' -Context 2 | Out-String)

{ $domainpro = ($domprofile.Substring($domprofile.Length - 9)).Trim()}

Else { $domainpro = $null }

If ($priprofile = $content | Select-String 'Private Profile' -Context 2 | Out-String)

{ $privatepro = ($priprofile.Substring($priprofile.Length - 9)).Trim()}

Else { $privatepro = $null }

If ($pubprofile = $content | Select-String 'Public Profile' -Context 2 | Out-String)

{ $publicpro = ($pubprofile.Substring($pubprofile.Length - 9)).Trim()}

Else { $publicpro = $null }

$FirewallObject = New-Object PSObject

Add-Member -inputObject $FirewallObject -memberType NoteProperty -name "FirewallDomain" -value $domainpro

Add-Member -inputObject $FirewallObject -memberType NoteProperty -name "FirewallPrivate" -value $privatepro

Add-Member -inputObject $FirewallObject -memberType NoteProperty -name "FirewallPublic" -value $publicpro

$FirewallObject

}

Invoke-Command -computerName $HOSTNAME -command $FirewallBlock | Select-Object FirewallDomain, FirewallPrivate, FirewallPublic

}

Catch

{

Write-Host ($_.Exception.Message -split ' For')[0] -ForegroundColor Red

}

PowerShell Scripts

Test-AWSEC2 – Detect if a virtual host is running on Amazon EC2

05/10/2015 hah Leave a comment

Amazon EC2 Instances have metadata they can access. They get it by accessing a web server on a link-local address 169.254.169.254.
This PowerShell function will attempt to open http connection to the link-local address 169.254.169.254, and if successful will confirm that the host is running on Amazon Elastic Compute Cloud (Amazon EC2).

Function run on AWS EC2 virtual machine.

Code:

#-----------------------------------Detects if a Host is running on AWS EC2---------------------------------------------------------------

Function Test-AWSEC2

{

$error.clear()

$request = [System.Net.WebRequest]::Create('http://169.254.169.254/')

$request.Timeout = 900

try

{

$response = $request.GetResponse()

$response.Close()

}

catch { $false }

if (!$error)

{

$true

}

Working On

Extended Process Info PowerShell/SQL Tool

01/13/2015 hah Leave a comment

Get-Process Info is a PowerShell function, which provides information about processes and DLLs running or found on Windows PCs.
This PowerShell function queries a process listing database with over 40000 records and returns extra information about a computer process:
[Process Name] [Description] [Additional Info] [Reported as a virus]
[Reported as a trojan] [Reported as a spyware] [Safe to end the process]

Features
-Accepts pipeline input
-Accepts wildcard characters:
% A substitute for zero or more characters
_ A substitute for a single character
[charlist] Sets and ranges of characters to match

Examples

Example 1

1	Get-ProcessInfo -process spoolvlc.exe

Description:
Returns extended information about spoolvlc.exe process.

Output:

Connection to database established.

Showing information for spoolvlc.exe

Process Name : spoolvlc.exe

Description : Process SPOOLVLC.EXE named Troj/Sdbot-HD is harmful application of Troj/Sdbot-HD software. Process SPOOLVLC.EXE is repor

ted as a virus and trojan horse. This variant of SPOOLVLC.EXE is very harmful and should be removed from operating syste

m as soon as possible.

Additional Info : SPOOLVLC.EXE is process associated with malicious software Troj/Sdbot-HD. Troj/Sdbot-HD is a backdoor Trojan that allows

unauthorised remote access to the infected computer via IRC channels while running in the background as a service proce

ss.

Reported as a virus : No

Reported as a trojan : Yes

Reported as a spyware : No

Safe to end the process : N/A

Example 2

1	Get-Process * \| Sort-Object -Unique \| % {Get-ProcessInfo $_.ProcessName}

Shows additional information for all processes currently runing on the local machine.

Output:

Process Name : powershell_ise.exe

Description : The powershell_ise.exe is a Windows PowerShell ISE. This file is part of Microsoft Windows Operating System.

Powershell_ise.exe is developed by Microsoft Corporation. It's a system and hidden file.

Powershell_ise.exe is usually located in the %SYSTEM% sub-folder and its usual size is 204,800 bytes.

Additional Info : The powershell_ise.exe process is safe and disabling it can be dangerous, because programs on your computer need it to work correctly.

Process Name : powershell_ise.resources.dll

Description : This file is part of Microsoft (R) Windows (R) Operating System.

Powershell_ise.resources.dll is developed by Microsoft Corporation. It's a system and hidden file. Powershell_ise.resources.dll is usually

located in the %SYSTEM% sub-folder and its usual size is 4,096 bytes.

Additional Info : The powershell_ise.resources.dll process is safe and disabling it can be dangerous, because programs on your computer need it to work correctly.

Example 3

1	(get-process notepad).Modules \| select -expand ModuleName \|% {Get-ProcessInfo $_}

Gets additional information for dll files and modules loaded by notepad process.

Example 4

1 2	$module = get-process * \|% {$_.modules \| select -expand modulename} foreach ($m in $module) {Get-ProcessInfo $m}

Gets additional information for dll files and modules loaded by all currently running processes.

Example 5

1	Get-Process * -ComputerName COMPUTER01 \| Sort-Object -Unique \| % {Get-ProcessInfo $_.ProcessName}

Gathers processes information for a remote machine.

Example 6

1	Get-ProcessInfo vc%

Returns information for all recorded processes starting with vc.

PowerShell Scripts

WhoIs PowerShell Function

12/20/2014 hah 3 Comments

WhoIs PowerShell function will perform a domain name lookup and return information such as domain availability (creation and expiration date), domain ownership, name servers, etc..

PS C:\> whois power-shell.com

Connecting to Web Services URL...

Gathering power-shell.com data...

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

Domain Name: POWER-SHELL.COM

Registrar: GODADDY.COM, LLC

Whois Server: whois.godaddy.com

Referral URL: http://registrar.godaddy.com

Name Server: NS83.SUPERHOSTING.BG

Name Server: NS84.SUPERHOSTING.BG

Status: clientDeleteProhibited

Status: clientRenewProhibited

Status: clientTransferProhibited

Status: clientUpdateProhibited

Updated Date: 02-nov-2014

Creation Date: 17-oct-2014

Expiration Date: 17-oct-2015

>>> Last update of whois database: Sat, 20 Dec 2014 17:56:21 GMT

Add this function to a module or save it as ps1 file and dot source it in your profile:

Function WhoIs {

param (

[Parameter(Mandatory=$True,

HelpMessage='Please enter domain name (e.g. microsoft.com)')]

[string]$domain

)

Write-Host "Connecting to Web Services URL..." -ForegroundColor Green

try {

If ($whois = New-WebServiceProxy -uri "http://www.webservicex.net/whois.asmx?WSDL") {Write-Host "Ok" -ForegroundColor Green}

else {Write-Host "Error" -ForegroundColor Red}

Write-Host "Gathering $domain data..." -ForegroundColor Green

(($Whois.getwhois(=$domain)).Split("<<<")[0])

} catch {

Write-Host "Please enter valid domain name (e.g. microsoft.com)." -ForegroundColor Red}

}

PowerShell Scripts

File Report PowerShell Function

12/17/2014 hah 1 Comment

Get-FileReport function creates detailed file report and exports it into CSV format.

Description:

Use this function to export properties for files of certain type (doc, txt, jpg, etc.), and files older than certain days. The report includes the following file properties:
File Name | Full File Path | File Extension | File Size in KB | File Owner | Last Change Date | Computer Name
To use the Get-FileReport functions you can dot source the ps1 file in the PowerShell console:
. .\Get-FileReport.ps1
or in your profile:

1	PS C:\ps> notepad $profile

Dot Source PowerShell Function in Profile – Type dot and the full path to the ps1 file.

A comment based help is included. Use Get-Help Get-FileReport -full to retrieve the details bellow.

Parameters

Path
Specifies the target folder path. Scans the files recursively.
Days
Defines the file age.
Ext
Specifies the file extension.
Export
Exports the results in CSV file. Specifies the folder path for the export file.

Examples:

1	Get-FileReport -path c:\backups

Returns the properties of all files under c:\backups.

1	Get-FileReport -path c:\backups -days 1500

Returns all files under c:\backups older than 1500 days:

File_Name        : Rmtshare.exe
Full_File_Path   : C:\backups\Rmtshare.exe
File_Extension   : .exe
File_Size_(KB)   : 12.77
File_Owner       : DOMAIN\user
Last_Change_Date : 02/19/1999
Computer_Name    : COMPUTER03

1	Get-FileReport -path c:\backups -days 150 -ext txt

Returns all .txt files under c:\backups older than 150 days:

File_Name        : temp.txt
Full_File_Path   : C:\backups\temp_files\temp.txt
File_Extension   : .txt
File_Size_(KB)   : 0.01
File_Owner       : DOMAIN\user
Last_Change_Date : 02/19/2013
Computer_Name    : COMPUTER03

1	Get-FileReport -path c:\backups -days 150 -ext txt -export c:\temp

Exports to CSV all .txt files under c:\backups older than 150 days:

File_Name	Full_File_Path	File_Extension	File_Size_(KB)	File_Owner	Last_Change_Date	Computer_Name
commands.txt	C:\backups\commands.txt	.txt	0.09	DOMAIN\User	2/21/2013	COMPUTER03
filer_backup.txt	C:\backups\filers\filer_backup.txt	.txt	0.06	DOMAIN\User	3/12/2013	COMPUTER03
remapping_drive.txt	C:\backups\documents\remapping_drive.txt	.txt	0.85	DOMAIN\User	9/12/2013	COMPUTER03

You can use (Get-Help Get-FileReport).Examples from the console to retrieve the examples.

The Code:

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

Function Get-FileReport {

.SYNOPSIS

This function creates detailed file report and exports it in CSV format.

.DESCRIPTION

Use this function to export properties for files of certain type (doc,txt,jpg,etc.), and files older than certain days.

The report includes the following file properties:

-File Name

-Full File Path

-File Extension

-File Size in KB

-File Owner

-Last Change Date

-Computer Name

.PARAMETER Path

Specifies the target folder path. Scans the files recursively.

.PARAMETER Days

Defines the file age.

.PARAMETER Ext

Specifies the file extension.

.PARAMETER Export

Exports the results in CSV file. Specifies the folder path for the export file.

.EXAMPLE

Get-FileReport -path c:\backups

Returns the properties of all files under c:\backups.

File_Name : filer_backup.txt

Full_File_Path : C:\backups\filer_backup.txt

File_Extension : .txt

File_Size_(KB) : 0.06

File_Owner : DOMAIN\user

Last_Change_Date : 03/12/2013

Computer_Name : COMPUTER03

.EXAMPLE

Get-FileReport -path c:\backups -days 1500

Description

-----------

Returns all files under c:\backups older than 1500 days.

The maximum value is 15000.

File_Name : Rmtshare.exe

Full_File_Path : C:\backups\Rmtshare.exe

File_Extension : .exe

File_Size_(KB) : 12.77

File_Owner : DOMAIN\user

Last_Change_Date : 02/19/1999

Computer_Name : COMPUTER03

.EXAMPLE

Get-FileReport -path c:\backups -days 150 -ext txt

Description

-----------

Returns all .txt files under c:\backups older than 150 days.

File_Name : temp.txt

Full_File_Path : C:\backups\temp_files\temp.txt

File_Extension : .txt

File_Size_(KB) : 0.01

File_Owner : DOMAIN\user

Last_Change_Date : 02/19/2013

Computer_Name : COMPUTER03

.EXAMPLE

Get-FileReport -path c:\docs -days 150 -ext txt -export c:\temp

Description

-----------

Exports to CSV all .txt files under c:\backups older than 150 days.

File_Name : temp.txt

Full_File_Path : C:\backups\temp_files\temp.txt

File_Extension : .txt

File_Size_(KB) : 0.01

File_Owner : DOMAIN\user

Last_Change_Date : 02/19/2013

Computer_Name : COMPUTER03

c:\temp\CZBRN3059-File-Report-7_20_2014.csv created successfully.

.NOTES

File Name: Get-FileReport.ps1

Author: Nikolay Petkov

Blog: http://77.104.138.174/~powershe/power-shell.com

Last Edit: 12/17/2014

.LINK

http://77.104.138.174/~powershe/power-shell.com

[CmdletBinding()]

param (

[Parameter(Mandatory=$True,

ValueFromPipelineByPropertyName=$True,

HelpMessage='Please enter folder path')]

[string]$Path,

[Parameter(Mandatory=$False)]

[string]$Ext,

[Parameter(Mandatory=$False)]

[ValidateRange(1,15000)]

[Int32]$Days,

[Parameter(Mandatory=$False)]

[string]$Export

)

try {

$hostname = gc env:computername

If($days) {$olderthan = (Get-Date).AddDays(-$days)}

else {$olderthan = Get-Date}

$fileColl = @()

# Get the files

If ($Ext) {$files = Get-ChildItem -path $path -recurse -filter *.$ext -ErrorAction stop | Where-Object {$_.CreationTime -lt $olderthan}}

else {$files = Get-ChildItem -Path $path -Recurse -ErrorAction stop | Where-Object {!$_.PSIsContainer -and $_.CreationTime -lt $olderthan}}

# Retreive properties for each file

foreach ($file in $files)

{

$fileObject = New-Object PSObject #An object,created and destroyed for each file

$networkpath = "\\" + $HostName + $path.substring($path.LastIndexOf('\')) + '\' + (($file.FullName).trim($path))

#The following add data to the fileObjects

Add-Member -inputObject $fileObject -memberType NoteProperty -name "File_Name" -value $file

Add-Member -inputObject $fileObject -memberType NoteProperty -name "Full_File_Path" -value $file.FullName

Add-Member -inputObject $fileObject -memberType NoteProperty -name "File_Extension" -value $file.Extension

Add-Member -inputObject $fileObject -memberType NoteProperty -name "File_Size_(KB)" -value ($file.Length/1KB).tostring("0.00")

Add-Member -inputObject $fileObject -memberType NoteProperty -name "File_Owner" -value (get-acl $file.Fullname).Owner

Add-Member -inputObject $fileObject -memberType NoteProperty -name "Last_Change_Date" -value $file.LastWriteTime.ToString("MM/dd/yyy")

Add-Member -inputObject $fileObject -memberType NoteProperty -name "Computer_Name" -value $hostname

$fileObject |sort Last_Change_Date #Output to the screen for a visual feedback

$fileColl += $fileObject #Copy the contents of the object into the Array

$fileObject = $null #Delete the fileObject

} #end foreach

If ($fileColl) {Write-Host "File properties successfully retrieved." -ForegroundColor Green}

If ($export) {

$csvname = (($olderthan.tostring()).split('')[0]).replace('/','_')

$fileColl | Export-Csv -path "$export\$HostName-Files-Older-Than-$csvname.csv" -NoTypeInformation}

} catch {

If (!(Test-Path $Path)) {Write-Host "Cannot find ""$path"" because it does not exist." -ForegroundColor Red}

If (!($files)) {Write-Host "No $Ext files found older than $olderthan." -ForegroundColor Green}

If(($Export) -and (!(Test-Path $Export))) {Write-Host "Cannot export data to ""$Export"" because it does not exist." -ForegroundColor Red}

}

If (Test-Path $export\$HostName-Files-Older-Than-$csvname.csv) {Write-Host "$export\$HostName-Files-Older-Than-$csvname.csv created successfully." -ForegroundColor Green}

} #end function Get-FileReport

PowerShell Blog

Tag Archives: powershell function

Get Windows Firewall State on Local or Remote Machine Utilizing Netsh.exe

Test-AWSEC2 – Detect if a virtual host is running on Amazon EC2

Extended Process Info PowerShell/SQL Tool

WhoIs PowerShell Function

File Report PowerShell Function

Description:

Parameters

Examples:

The Code:

Windows PowerShell scripts and tools for task automation.