Goal
Chain commands together and then Out-File to a filename.txt
For example
netstat -s;netstat -r;netstat -bona;netsh advfirewall show allprofiles state;Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime
Display on Screen while writing to file
I know there is a way but when I issue | Out-File
There is this other method but man is the code long
"netstat -s>>filename.txt";netstat -r>>filename.txt";netstat -bona>>filename.txt" ...
Looking for a quick one-liner to perform this operation.
This isn't a one-liner. But you could do this easily by assigning the command to a variable then outputting it to a .txt file
$output = netstat -s;netstat -r;netstat -bona;netsh advfirewall show allprofiles state;Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime
$output | out-file test.txt
You could make it a scriptblock, and immediately invoke it, then pipe to Tee-Object to both write to file and to the pipeline (and thus the screen unless you otherwise redirect it).
{netstat -s;netstat -r;netstat -bona;netsh advfirewall show allprofiles state;Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime}.Invoke() | Tee-Object -FilePath FileName.txt
Related
I need a batch script to taskkill by "Command Line" arguments ("Command Line" from Windows Task Manager). To clarify - these processes are dotnet core applications. They are started via:
dotnet MyDotnetCoreApp.dll xxx yyy
If you examine under Task Managers,
Name = dotnet.exe
Image path name = C:\Program Files\dotnet\dotnet.exe
Command line = dotnet MyDotnetCoreApp.dll xxx yyy
I need a batch script to kill these tasks, probably with taskkill
OPTION 1 is Taskkill by PID but how my script search "Command Line" arguments for MyDotnetCoreApp?
OPTION 2 is taskkill by Image Name? This is no go as my server has many dotnet core applications, if kill my Image Name, all dotnet core processes be killed
I been researching:
https://superuser.com/questions/415360/how-do-i-find-out-command-line-arguments-of-a-running-program
https://www.itprotoday.com/powershell/powershell-contains
I can't get this to work, not good at PowerShell:
Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | Select-Object Handle
Here'd get a list of PIDs with which to kill.
Two challenges:
First Challenge, my WHERE clause dont work:
Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | where {$_.CommandLine -like '*MyDotnetCoreApp*'} | Select-Object Handle
I checked further, found out these "CommandLine" was NOT populated for these WmiObjects (omg!):
Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | Select-Object ProcessId, Name, CSName, Caption, CommandLine, ExecutablePath
I later then found out "CommandLine" would have been populated IF you run Powershell as Administrator!?! (Powershell so cryptic!)
In the end - First challenged was resolved:
Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | where {$_.CommandLine -like '*MyDotnetApp*'} | Select-Object ProcessId, Name, CSName, Caption, CommandLine, ExecutablePath
Second Challenge: How to kill it? Found it!!
(Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | where {$_.CommandLine -like '*MyDotnetCoreApp*'}).Terminate()
So this is actually resolved!
Run Powershell as Administrator! Download psexec from https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
psexec -u Administrator -p SomeSecret powershell
Then from Powershell:
(Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | where {$_.CommandLine -like '*MyDotnetCoreApp*'}).Terminate()
Now as separate question, can you do this one line? Below wont work because -Filter has quotes in it!
psexec -u Administrator -p SomeSecret powershell -Command "(Get-WmiObject Win32_Process -Filter ""name = 'dotnet.exe'"" | where {$_.CommandLine -like '*MyDotnetCoreApp*'}).Terminate() "
As hacky work around, I removed -Filter clause (How unfortunate, not sure how to escape quotes):
psexec -u Administrator -p SomeSecret powershell -Command "(Get-WmiObject Win32_Process | where {$_.CommandLine -like '*MyDotnetCoreApp*'}).Terminate() "
Works for me as a regular user, unless the process is running as administrator?. Unfortunately, the filter syntax is like sql here, where '%' is the wildcard. Piping to where-object would probably work just as well.
get-wmiobject win32_process -filter "commandline like '%dotnet.exe%MyDotnetCoreApp%'" |
remove-wmiobject
get-wmiobject win32_process | where commandline -like '*dotnet.exe*MyDotnetCoreApp*' |
remove-wmiobject
I am trying to run this programme against a a list of remote pc/servers either by AD out TXT and display them in either csv or html if any one can offer some help or advise I would be greatly appreciative.
My only limitation is all my machines run powershell v2 only
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |
Format-Table –AutoSize
You want to take the output of that command and put it in a file? PowerShell has a lot of tools to do this. However, you need to remove the Format-Table command first.
See, Format-Table is all about making your command output look really good in a PowerShell window, so it's got a lot of hard returns and columns and things defined in it which make sense to the console, but look like garbage when you export it.
For data like this, I think Comma Separated Value is probably the way to go.
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |
Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |
Export-CSV -NoTypeInfo -Path \\server\share\$($env:ComputerName)_Programs.csv
This example will export a CSV, omitting the import-helper info PowerShell normally adds, using the -NoTypeInformation switch. I figured it'd be useful to know the name of the computer which made the file, so that's just what it will do. Edit -Path to point to a server with a share and away you go. You'll end up with files like this:
ComputerA_Programs.Csv
ComputerB_Programs.Csv
ComputerC_Programs.Csv
If you want to pull from all Ad computers
ForEach ($COMPUTER in (Get-ADComputer -Filter * | Select-Object -ExpandProperty Name))
{if(!(Test-Connection -Cn $computer -BufferSize 16 -Count 1 -ea 0 -quiet))
{write-host "cannot reach $computer" -f red}
else{Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |
Export-CSV -NoTypeInfo -Path "\\server\share$\$Computer_Programs.csv" -NoTypeInformation}}
for if you have list of computers in text
Foreach ($computer in ($computers= Get-Content "c:\Computers.txt" ))
{if(!(Test-Connection -cn $computer -BufferSize 16 -Count 1 -ea 0 -quiet))
{write-host "cannot reach $computer" -f red}
else{
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |
Export-CSV -NoTypeInfo -Path "\\server\share$\$Computer_Programs.csv" -NoTypeInformation
}}
I am running the following query to get the video driver version number
Get-WmiObject Win32_videoController | where {$_.Name -like "Nvidia*"} | Format-table -HideTableHeaders DriverVersion
It returns the data I want plus about 4 extra lines. One before the output and 3 after. It doesn't look like it's going to show up properly in the post.
PS F:\>
Get-WmiObject Win32_videoController | where {$_.Name -like "Nvidia*"} | Format-table -HideTableHeaders DriverVersion
9.18.13.3250
PS F:\>
If you want to determine the driver version, forget about Format-Table. Simply do this:
Get-WmiObject Win32_VideoController -Filter "Name LIKE 'Nvidia%'" |
Select-Object -Expand DriverVersion
Note: You can also use the aliases gwmi for Get-WmiObject and select for Select-Object. Beware, though, that aliases may not be present during script execution depending on your environment. They're basically a means to reduce the amount of typing required in an interactive console.
Not sure exactly if this is what you want but give this a try.
This will only display the "Unique" driver versions. This will get rid of the dupe entrys
Get-WmiObject Win32_videoController | Where {$_.Name -like "Nvidia*"} | Select-Object DriverVersion -Unique | Format-Table -HideTableHeaders
When I run this command
PS C:\> gwmi Win32_Process | select CommandLine
It cuts off the command line. How can I get it to show the full command line?
That being done by the default formatting, which is using Format-Table. Try format-list
gwmi win32_process | select commandline | format-list
Alternatively Format-Table offers the -wrap and -autosize parameters.
gwmi win32_process | select handle, commandline | ft -wrap -autosize
Results
466 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=bas
esrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileContro
l=Off MaxRequestThreads=16
550 wininit.exe
510 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=bas
esrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileContro
l=Off MaxRequestThreads=16
546 C:\Windows\system32\services.exe
596 C:\Windows\system32\lsass.exe
3472 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
1766 "C:\Windows\system32\notepad.exe"
3384 "C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe"
1780 \??\C:\Windows\system32\conhost.exe
You're better off filtering for specific process which can be done via PID or Process Name, both pieces of information are easily obtained from the task manager if you don't already know.
Once you have the PID this will work great:
$PID=<Your Process ID)
(Get-WmiObject win32_process -Filter ProcessId=$PID -Property CommandLine).CommandLine
Example of getting java.exe by process name:
(Get-WmiObject -Class win32_process -Filter "Name='java.exe'" -Property CommandLine).CommandLine
added by barlop
example with output-
PS C:\Users\User> (Get-WmiObject win32_process -Filter ProcessId=1676 -Property CommandLine).CommandLine <ENTER>
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,1777349067310493
8616,10462310811264875730,131072 --lang=en-GB --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --devi
ce-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=1695 --no-v8-untrust
ed-code-mitigations --mojo-platform-channel-handle=11412 /prefetch:1
PS C:\Users\User>
This is a frequently asked question about how powershell formats output. Aside from making the window bigger:
gwmi Win32_Process | % CommandLine
sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
How can I get the Windows service startup type using PowerShell and not using WMI?
I looked inside the Get-Service command, and it does not provide something to display the "startup type".
With PowerShell version 4:
You can run a command as given below:
Get-Service | select -property name,starttype
WMI is the way to do this.
Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='winmgmt'"
Or
Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='Winmgmt'"
In PowerShell you can use the command Set-Service:
Set-Service -Name Winmgmt -StartupType Manual
I haven't found a PowerShell command to view the startup type though. One would assume that the command Get-Service would provide that, but it doesn't seem to.
You can use also:
(Get-Service 'winmgmt').StartType
It returns just the startup type, for example, disabled.
As far as I know there is no “native” PowerShell way of getting this information. And perhaps it is rather the .NET limitation than PowerShell.
Here is the suggestion to add this functionality to the version next:
https://connect.microsoft.com/PowerShell/feedback/details/424948/i-would-like-to-see-the-property-starttype-added-to-get-services
The WMI workaround is also there, just in case. I use this WMI solution for my tasks and it works.
Once you've upgraded to PowerShell version 5 you can get the startup type.
To check the version of PowerShell you're running, use $PSVersionTable.
The examples below are for the Windows Firewall Service:
For the local system
Get-Service | Select-Object -Property Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
For one remote system
Get-Service -ComputerName HOSTNAME_OF_SYSTEM | Select-Object -Property MachineName,Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
For multiple systems (must create the systems.txt)
Get-Service -ComputerName (Get-content c:\systems.txt) | Select-Object -Property MachineName,Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
Use:
Get-Service BITS | Select StartType
Or use:
(Get-Service -Name BITS).StartType
Then
Set-Service BITS -StartupType xxx
[PowerShell 5.1]
If you update to PowerShell 5 you can query all of the services on the machine and display Name and StartType and sort it by StartType for easy viewing:
Get-Service |Select-Object -Property Name,StartType |Sort-Object -Property StartType
You can also use the sc tool to set it.
You can also call it from PowerShell and add additional checks if needed.
The advantage of this tool vs. PowerShell is that the sc tool can also set the start type to auto delayed.
# Get Service status
$Service = "Wecsvc"
sc.exe qc $Service
# Set Service status
$Service = "Wecsvc"
sc.exe config $Service start= delayed-auto
It is possible with PowerShell 4.
Get-Service *spool* | select name,starttype | ft -AutoSize
screenshot
By default StartType is not shown by Get-Service, but you can always explicitly ask for it:
Get-Service | select StartType,DisplayName | sort StartType,DisplayName
Use Get-Service | Get-Member to see all available fields.