Tag Archives: powershell function

Get Windows Firewall State on Local or Remote Machine Utilizing Netsh.exe

.SYNOPSIS
Displays the Windows Firewall state for Domain, Private, and Public profiles on local or remote computer.

.DESCRIPTION
Use Get-FirewallState to show current Firewall state that is presented on the Windows Firewall with Advanced Security Properties page, with the tabs for Domain, Private, and Public profiles.

.PARAMETER HOSTNAME
Specifies the remote or local computer name.
When using HOSTNAME parameter, Windows PowerShell creates a temporary connection that is used only to run the specified command and is then closed.

.EXAMPLE
Get-FirewallState -HOSTNAME SERVER01

Description
———–
The script will establish remote connection to SERVER01 machine and display the Firewall state for all profiles:

 

Code:

 

Test-AWSEC2 – Detect if a virtual host is running on Amazon EC2

Amazon EC2 Instances have metadata they can access. They get it by accessing a web server on a link-local address 169.254.169.254.
This PowerShell function will attempt to open http connection to the link-local address 169.254.169.254, and if successful will confirm that the host is running on Amazon Elastic Compute Cloud (Amazon EC2).

Function run on AWS EC2 virtual machine.
Function run on AWS EC2 virtual machine.

Code:

 

Extended Process Info PowerShell/SQL Tool

Get-Process Info is a PowerShell function, which provides information about processes and DLLs running or found on Windows PCs.
This PowerShell function queries a process listing database with over 40000 records and returns extra information about a computer process:
[Process Name] [Description] [Additional Info] [Reported as a virus]
[Reported as a trojan] [Reported as a spyware] [Safe to end the process]

Features

-Accepts pipeline input
-Accepts wildcard characters:
%           A substitute for zero or more characters
_             A substitute for a single character
[charlist]  Sets and ranges of characters to match

Examples

Example 1

Description:
Returns extended information about spoolvlc.exe process.

Output:

Example 2

Shows additional information for all processes currently runing on the local machine.

Output:

Example 3

Gets additional information for dll files and modules loaded by notepad process.

Example 4

Gets additional information for dll files and modules loaded by all currently running processes.

Example 5

Gathers processes information for a remote machine.

Example 6

Returns information for all recorded processes starting with vc.

WhoIs PowerShell Function

WhoIs PowerShell function will perform a domain name lookup and return information such as domain availability (creation and expiration date),  domain ownership, name servers, etc..

Add this function to a module or save it as ps1 file and dot source it in your profile:

 

File Report PowerShell Function

Function Get-FileReport
Function Get-FileReport

Get-FileReport function creates detailed file report and exports it into CSV format.

Description:

Use this function to export properties for files of certain type (doc, txt, jpg, etc.), and files older than certain days. The report includes the following file properties:
File Name | Full File Path | File Extension | File Size in KB | File Owner | Last Change Date | Computer Name
To use the Get-FileReport functions you can dot source the ps1 file in the PowerShell console:
.  .\Get-FileReport.ps1
or in your profile:

Dot Source Function in Profile
Dot Source PowerShell Function in Profile – Type dot and the full path to the ps1 file.

A comment based help is included. Use Get-Help Get-FileReport -full to retrieve the details bellow.

Parameters

  • Path
    Specifies the target folder path. Scans the files recursively.
  • Days
    Defines the file age.
  • Ext
    Specifies the file extension.
  • Export
    Exports the results in CSV file. Specifies the folder path for the export file.

Examples:

Returns the properties of all files under c:\backups.

Returns all files under c:\backups older than 1500 days:

File_Name        : Rmtshare.exe
Full_File_Path   : C:\backups\Rmtshare.exe
File_Extension   : .exe
File_Size_(KB)   : 12.77
File_Owner       : DOMAIN\user
Last_Change_Date : 02/19/1999
Computer_Name    : COMPUTER03

Returns all .txt files under c:\backups older than 150 days:

File_Name        : temp.txt
Full_File_Path   : C:\backups\temp_files\temp.txt
File_Extension   : .txt
File_Size_(KB)   : 0.01
File_Owner       : DOMAIN\user
Last_Change_Date : 02/19/2013
Computer_Name    : COMPUTER03

Exports to CSV all .txt files under c:\backups older than 150 days:

File_Name Full_File_Path File_Extension File_Size_(KB) File_Owner Last_Change_Date Computer_Name
commands.txt C:\backups\commands.txt .txt 0.09 DOMAIN\User 2/21/2013 COMPUTER03
filer_backup.txt C:\backups\filers\filer_backup.txt .txt 0.06 DOMAIN\User 3/12/2013 COMPUTER03
remapping_drive.txt C:\backups\documents\remapping_drive.txt .txt 0.85 DOMAIN\User 9/12/2013 COMPUTER03

 

You can use (Get-Help Get-FileReport).Examples from the console to retrieve the examples.

The Code: