Snippets for Comment Based Help and Advanced Function Parameters in Powershell v2

Been working quite a bit on the module for group policy, and almost have something I feel is worth sharing.  In the meantime, if you have a script editor that supports the concept of “snippets”, or saved re-usable bits of script code, you might find this little bit useful.  I’ve had a hard time remembering the syntax and all the options for some of the new cool stuff we can use in scripts and functions in Powershell v2, so I saved these little bits after scouring the output of Get-Help for comment based help and advanced functions for (hopefully) the last time, haha.

Using Powershell to search XML GPO Reports – Part II – Software Installation

In Part I of our series in querying group policy reports, we learned how to:

• Turn the XML output from Get-GPOReport into a System.XML.XMLDocument object
• Build a System.XML.XMLNamespaceManager from the information in the XMLDocument object
• Use XPath with the namespace manager and document to extract information from the report, including the Extension elements.

We left off with the Get-CGPOReportExtensionData filter, and some questions about it’s output.  This week we’ll look at the output from the filter, and then use that output in another filter to transform the XML report information into an object with the details of a Software Installation extension that can easily be worked with using Powershell’s standard comparison operators and formatting cmdlets.

Get the users that have logged on to a computer

Here’s a multi-line adaptation of a quick one-liner I threw together the other day.  I might have to turn this into a function and add it to my profile if I get asked this question too many more times.  To answer “Who used computer x between these dates?” we can use:

001 002 003 004 005 006 007

Get-EventLog -Before '01/26/2010' -after '01/25/2010' -ComputerName computername -LogName Security | `     where-object `     {         ($_.username -notmatch '^NT AUTHORITY\\(SYSTEM|NETWORK SERVICE|LOCAL SERVICE|ANONYMOUS LOGON)$') `         -and ($_.category -eq "Logon/Logoff")     } | `     select-object timegenerated,username,category,message | sort timegenerated | format-table -auto

Hope that can save some of you a little time :)

BackTrack 4 Final Now Available

I’m a little behind the curve here, as the final build was posted on the 11th of January.  Oh well.  For the security conscious administrator, the backtrack suite makes a great tool.  If you don’t know what it is, or taken the time to at least check it out, cut some time out to do so soon.  It will open your eyes a bit, I promise :)

The final build, available in either .ISO or VM-ware forms, can be downloaded from http://www.backtrack-linux.org/downloads/

If you can, use the torrent links.  Your download will most likely be much faster.