Richard Siddaway's Blog

A question came up on the forum regarding when Windows Update last run and when an update was last installed.  Get-Hotfix shows the date of installation for most BUT not all patches. The registry holds values showing last successful detection and install: $props = [ordered]@{ LastDetect = Get-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect’ -Name LastSuccessTime | select […]

The Win32_ComputerOperatingSystem class can provide a good deal of information about the OS installed on your machines. These examples are converted from those presented here: http://msdn.microsoft.com/en-us/library/aa394596%28v=vs.85%29.aspx   # ServicePack version Get-CimInstance -ClassName Win32_OperatingSystem | select ServicePackMajorVersion, ServicePackMinorVersion # install date of OS Get-CimInstance -ClassName Win32_OperatingSystem | select Installdate # Windows version Get-CimInstance -ClassName Win32_OperatingSystem | […]

You can see the running processes on a local or remote machine using Get-Process. Alternatively you can use Win32_Process: Get-CimInstance -ClassName Win32_Process | select Name, ProcessID, Threadcount, PageFileUsage, PageFaults, WorkingSetSize | Format-Table –AutoSize You can use the –ComputerName or –CimSession properties to access the processes on a remote machine. Other properties are available: Get-CimClass -ClassName […]

To see the command lines that have been used when processes are started is simple one liner: Get-CimInstance -ClassName Win32_Process | select Name, CommandLine If you want to investigate specific processes use the –Filter parameter to restrict the processes

This one is interesting as I’d tried doing this a while back and failed.  Starting a process with Win32_Process is straightforward but controlling the process – such as starting in a hidden window wasn’t working. This is how you do it: function start-hiddenproc { [CmdletBinding()] param ( [string]$processname = ‘notepad.exe’ ) $startclass = Get-CimClass -ClassName […]

The event instructions for event 1 are available for download. Entries will be accepted starting tomorrow. Event will close 26 January 00:00:00 UTC

Back in the day when all we had was VBScript you could run scripts through the command line (cscript) or you would get a more graphical interface (wscript).  One of the examples at http://msdn.microsoft.com/en-us/library/aa394599(v=vs.85).aspx shows how to detect running scripts. I don’t imagine much call for that technique but if you need it – here […]

Event 1 is available for download in just over 6 hours In the mean time head over to powershell.org and look at the fantastic set of tips that the coaches are putting out

I’ve written unfavourably on the Kindle app in the past but I stumbled on an piece of functionality in the app that makes me take a lot of my comments back – search. If you are in the Kindle app and bring up the charms you can get into search. This means you can search […]

In case you were wondering where the examples came that inspired the code in this series from its here – http://msdn.microsoft.com/en-us/library/aa394599(v=vs.85).aspx I’m providing PowerShell examples In some cases it would be easier to use the *Process cmdlets but I want to demonstrate how to use the WMI class