SMTP from the command line
Remoting in PowerShell
INVOKE
invoke-command -ComputerName (get-content C:\temp\TestComputers.txt) -ScriptBlock {get-eventlog -LogName Application -Newest 5}
invoke-command -ComputerName (get-adcomputer -filter *) -ScriptBlock {get-eventlog -LogName Application -Newest 5}
PS C:\temp> Enter-PSSession -ComputerName SGEN-TN01
[SGEN-TN01]: PS C:\Users\admin-its-tn\Documents> get-eventlog -LogName Application -Newest 5
Index Time EntryType Source InstanceID Message
—– —- ——— —— ———- ——-
3382 Sep 04 12:05 Information SceCli 1073743528 Security policy in the Group policy objects has been applied successfully.
3381 Sep 04 12:05 Information gupdate 0 The description for Event ID ‘0’ in Source ‘gupdate’ cannot be found. The local computer may not have the necessary r…
3380 Sep 04 10:59 Information Windows Error Rep… 1001 Fault bucket 1838438238644566740, type 5…
3379 Sep 04 10:35 Information gupdate 0 The description for Event ID ‘0’ in Source ‘gupdate’ cannot be found. The local computer may not have the necessary r…
3378 Sep 04 10:35 0 Software Protecti… 1073742727 The Software Protection service has stopped….
[SGEN-TN01]: PS C:\Users\admin-its-tn\Documents> Exit-PSSession
PS C:\temp>
Returning just the value in PowerShell
This uses “-expand” or “-expanproperty”
Get-ADComputer -filter -searchbase “ou=domain controllers, dc=company,dc=primary”
…this will return a list of computer OBJECTS from the domain controllers OU.
You cannot use this command as a pipeline return….
Get-Service -computerName (Get-ADComputer -filter -searchbase “ou=domain controllers, dc=company,dc=primary”)
As “-ComputerName” is expecting a string and NOT an object. To resolve this we can use the “-expand” to extract a property……
Get-ADComputer -filter -searchbase “ou=domain controllers, dc=company,dc=primary” | Select-Object -expandproperty Name
So, this would work…..
Get-Service -computerName (Get-ADComputer -filter -searchbase “ou=domain controllers, dc=company,dc=primary” | Select-Object -expandproperty Name)
Get-Process -computerName (import-csv .\computers.csv | select-object -expandproperty hostname)
Syntax in PowerShell
Get-EventLog [-LogName] <String> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before <DateTime>] [-ComputerName <String[]>] [-EntryType {Error | Information | FailureAudit | SuccessAudit | Warning}] [-Index <Int32[]>] [-Message <String>] [-Newest <Int32>] [-Source <String[]>] [-UserName <String[]>] [<CommonParameters>]
Get-EventLog [-AsString] [-ComputerName <String[]>] [-List] [<CommonParameters>]
- There are two possible combinations of parameters you can’t mix between them, some commands may have more than 2 sets.
- Anything in square brackets is optional.
- If you omit optional parameter names then they MUST be provided in the correct order! (e.g. ‘Get-EventLog Security 10’ is shorthand for ‘Get-EventLog -LogName Security -InstanceID 10’. ‘Get-EventLog 10 Security’ will not work as there is no Event Log called 10).
[-LogName] <String>
- The log name is not optional as its not in square brackets but actually writing the word LogName is!
[[-InstanceId] <Int64[]>]
- Instance ID is optional (the whole thing is in square brackets
- Writing ‘-InstanceID’ is optional
- InstanceID expects a 64-bit integer (-9223372036854775808 to 9223372036854775807) and the additional square brackets indicate it will accept and array or list of them
[-List]
- This is a switch, essentially a parameter without a value
[<CommonParameters>]
- These are a bunch of parameters available to ALL commands
Alias in PowerShell
Finding the alias of a command:
get-alias -Definition "Get-Service"
Finding the command of an alias
Get-alias gsv
Help gsv
Finding the alias of a parameter (getting the alias of the computername parameter for ‘Get-EventLog’):
(get-command get-eventlog | select -ExpandProperty parameters) .computername.aliases
Finding the parameter of an alias (getting the parameter of the -Cn alias for ‘Get-EventLog’):
get-eventlog -Cn
(this will error with the error displaying the full parameter name of the Alias)
Help in PowerShell
Help Get-EventLog
Help Get-EventLog -full
Help Get-EventLog -showwindow
Help Get-EventLog -online
The best help command ever!!!!
Environmental Variables in PowerShell
From an elevated powershell
[System.Environment]::SetEnvironmentVariable(‘MyAwesomeTargetFolder’, ‘c:\littlebitawesome’, [System.EnvironmentVariableTarget]::Machine)
CLOSE POWERSHELL AND REOPEN IT!!!
(get-item env:MyAwesomeTargetFolder).value
SPF Records
https://www.kitterman.com/spf/validate.html?
https://www.dmarcanalyzer.com/spf/checker/
Maximum length of an spf record and splitting it into multiple strings:
https://support.agari.com/hc/en-us/articles/202952749-How-long-can-my-SPF-record-be-
SPF DNS Look up limits:
https://help.returnpath.com/hc/en-us/articles/222479888-How-can-I-avoid-SPF-failures-if-I-am-reaching-the-DNS-lookup-limit-
Securely Erasing Disks – DiskWipe
DBAN is the way to do it but for a quick easy way to do USB drives and SD Cards then try…
http://www.diskwipe.org/download.php