PowerShell Stuff

To find all PS Commands in your computer

Get-Command

Understanding the Results of the Get-Command Cmdlet

There are four columns in the results of the Get-Command Output

• CommandType: This tells you whether command is an Alias, a Cmdlet, or a Function.
• Name: The name is the actual command you execute.
• Version: This is the PowerShell version
• Source: The module of the PS command.

With this information, you can filter the results from Get-Command. Say you want to see PowerShell commands containing the word “EventLog”, running the command below will get the job done:

Get-Command -Name *EventLog

Get WAN IP

(Invoke-WebRequest ifconfig.me/ip).Content.Trim()

Fix Trust Relationship between computer and domain.

Reset-ComputerMachinePassword -Server DomainServer -Credential DomainName\Administrator

Connect PS to Remote Computer

Enter-PSSession -ComputerName COMPUTER -Credential USER

Install Windows Updates

Install and check the module:

Install-Module -Name PSWindowsUpdate
Get-Package -Name PSWindowsUpdate

List all available updates:

Get-WindowsUpdate

Install all available updates:

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

Get-WindowsUpdate -AcceptAll -Install -AutoReboot

Install a specific update:

Get-WindowsUpdate -Install -KBArticleID KB#######

List All User Password Ages

get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires

List All User Password Expiration Dates

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

Find All Locked Account

Search-ADAccount -LockedOut

List all RDP connections made to computer

$RDPAuths = Get-WinEvent -LogName 'Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational' -FilterXPath '<QueryList><Query Id="0"><Select>*[System[EventID=1149]]</Select></Query></QueryList>'
[xml[]]$xml=$RDPAuths|Foreach{$_.ToXml()}
$EventData = Foreach ($event in $xml.Event)
{ New-Object PSObject -Property @{
TimeCreated = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm:ss K')
User = $event.UserData.EventXML.Param1
Domain = $event.UserData.EventXML.Param2
Client = $event.UserData.EventXML.Param3
}
} $EventData | FT

Remove Inactive RDS User Profiles

Take ownership of ‘folder.V2’ path

takeown /r /d Y /f .\folder.V2

Grant open permissions to the folder (for easy deletion)

icacls .\folder.V2 /grant Everyone:F /T

Delete the ‘folder.V2’ path

remove-item -path .\folder.V2 -force -recurse

Migrate DHCP server configuration

Export the existing configuration:

Export-DHCPServer -ComputerName <old server> c:\dhcp.xml -ver -leases

Import to the new server:

Import-DHCPServer -ComputerName <new server> c:\dhcp.xml -backuppath c:\dhcpbackup -leases

Fix Common BPA Scan Results on new Windows Servers

• Set-smbserverconfiguration -AsynchronousCredits 64
• Set-smbserverconfiguration -MaxThreadsPerQueue 20
• Set-smbserverconfiguration -Smb2CreditsMax 2048
• Set-smbserverconfiguration -Smb2CreditsMin 128
• Set-smbserverconfiguration -DurableHandleV2TimeoutInSeconds 30
• Set-smbserverconfiguration -AutoDisconnectTimeout 0
• Set-smbserverconfiguration -CachedOpenLimit 5

Using command prompt as administrator

• sc config srv start=demand