==== Windows Powershell ====
Function: Systeminfo
Usage: systeminfo
Function: Check Uptime
Usage: Get-CimInstance Win32_OperatingSystem | Select-Object LastBootUpTime
Function: Check MSSQL Cluster Status
Usage: GET-CLUSTERGROUP
Function: Output services set to Automatic
Usage: Get-WmiObject -Class Win32_Service | Select-Object Name,State,StartMode | Where-Object {$_.StartMode -eq "Auto"}
Function: Install from URL
Usage: mkdir c:\temp
invoke-webrequest -uri https://example.com/swap.ps1 | out-file c:\temp\swap.ps1
powerhell.exe c:\temp\swap.ps1
Function: Check Connection to BigFix Download
Usage: Test-NetConnection -ComputerName "example.com" -InformationLevel "Detailed"
test-netconnection 8.8.8.8 -port 443
Function: Check for Active Connections
Usage: netstat | select-string 9997, 8089
Function: Check Disk Space
Usage: Get-WmiObject -Class Win32_logicaldisk
Get-WmiObject -Class Win32_logicaldisk |
Select-Object -Property DeviceID, DriveType, VolumeName,
@{L='FreeSpaceGB';E={"{0:N2}" -f ($_.FreeSpace /1GB)}},
@{L="Capacity";E={"{0:N2}" -f ($_.Size/1GB)}}
Function Get-DiskSize {
$Disks = @()
$DiskObjects = Get-WmiObject -namespace "root/cimv2" -query "SELECT Name, Capacity, FreeSpace FROM Win32_Volume"
$DiskObjects | % {
$Disk = New-Object PSObject -Property @{
Name = $_.Name
Capacity = [math]::Round($_.Capacity / 1073741824, 2)
FreeSpace = [math]::Round($_.FreeSpace / 1073741824, 2)
FreePercentage = [math]::Round($_.FreeSpace / $_.Capacity * 100, 1)
}
$Disks += $Disk
}
Write-Output $Disks | Sort-Object Name
}
Get-DiskSize | ft Name,@{L='Capacity (GB)';E={$_.Capacity}},@{L='FreeSpace (GB)';E={$_.FreeSpace}},@{L='FreePercentage (%)';E={$_.FreePercentage}}
Function: Memory Averages (Unavailble AWS Metric Metric):
Usage: Get-WmiObject win32_OperatingSystem |%{"Total Physical Memory: {0}KB`nFree Physical Memory : {1}KB`nTotal Virtual Memory : {2}KB`nFree Virtual Memory : {3}KB" -f $_.totalvisiblememorysize, $_.freephysicalmemory, $_.totalvirtualmemorysize, $_.freevirtualmemory}
Function: See top files
Usage: While in the C:\ drive
Get-childitem
https://www.mssqltips.com/sqlservertip/2774/powershell-script-to-find-files-that-are-consuming-the-most-disk-space/
Function: Check Update History
Usage: wmic qfe list
Function: Less Detail Update History
Usage: get-wmiobject -class win32_quickfixengineering
Get-Hotfix -id kb----
Get-Hotfix -id KB5004244
Function: Get File Listing
Usage: $path = "C:\Windows\System32\config\systemprofile\AppData\Local\ScaleFT"
Get-ChildItem -Path $path | Format-Table
Function: Read File
Usage: get-content -path "C:\Program Files\SplunkUniversalForwarder\etc\apps\adc_deploymentclient\local\deploymentclient.conf" -tail 5
Function: Start Service
Usage: start-service SplunkForwarder
Function: Get IIS Version
Usage: C:\Windows\system32> Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp\ | Select-Object
Function: Magic run command for if you get a "dcsadmin user is disabled" when trying to RDP
Usage: enable-adaccount -identity dcsadmin
Function: Is mcfee installed?
Usage: Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Where-Object {$_.DisplayName -like "McAfee*"}
Function: SSM Permissions
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-ssm-user-permissions.html#ssm-user-permissions-windows
Function: Logout Windows Users
Usage: query session to list off sessions
logoff # to log them off
Function: Get Log File Last 40 lines
Usage: gc 'C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs\20210401.log' | select -Last 40
Function: Set Time Sync TIme
Usage: Press Windows key + X and select Command prompt(Admin).
Type each one of the command below and press enter.
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync
Function: Set Password
Usage: net user USERNAME NEWPASS
$Password = Read-Host -AsSecureString
$UserAccount = Get-LocalUser -Name "User02"
$UserAccount | Set-LocalUser -Password $Password
Function: What caused Reboot?
Usage: Get-WinEvent -FilterHashtable @{logname = 'System'; id = 1074} | Format-Table -wrap
Function: Check for live certificates
Usage: gci Cert:\CurrentUser\AuthRoot
Function: Add Certificate File
Usage: $certfile = 'c:\windows\temp\cert.pem'
Import-Certificate -FilePath $certfile -CertStoreLocation Cert:\LocalMachine\Root
https://stackoverflow.com/questions/26158411/amazon-ec2-custom-ami-not-running-bootstrap-user-data
Function: Get DNS
Usage: Get-DnsClientServerAddress
Function: TLS (Download stubbarnly)
Usage: [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3, [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12
invoke-webrequest -usebasicparsing -uri https://example.com/kb5004859.msu | out-file c:\Windows\Temp\kb5004948.msu
Function: All else fails transfer
Usage: start-bitstransfer -source "https://example.com/kb5004859.msu" -destination c:\Windows\Temp\kb5004859.msu
Function: Disable a service
Usage: Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
Function: Set AD Password
Usage: Set-ADAccountPassword -Identity Administrator -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "myNewPassword" -Force)
C:\Windows\system32> $password = Read-Host "Enter the new password:" -AsSecureString
C:\Windows\system32> Get-LocalUser -Name "Administrator" | Set-LocalUser -Password $password
Function: Missing AWS Routes to KMS
Usage: :missing the routes to the KMS server. You can fix this by running these commands in an Admin PowerShell:
Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"
Add-Routes
Set-ActivationSettings
slmgr /ato
Function: Fix AWS Routes
Usage: Import-Module c:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psm1 ; Add-Routes
stackoverflow.com/questions/26158411/amazon-ec2-custom-ami-not-running-bootstrap-user-data
"At the end of initial bootstrap (UserData) script, just append persist tag as shown below. Works perfectly."
insert script here
true