I have a script to read the last 30 entries for the Application and System event logs, currently the scripts only works on my machine and only outputs a partial message (see below for example).
411905 May 05 15:05 Information Microsoft-Windows... 1501 The Group Policy settings for the user were processed successfully. There were no changes detected since the last succ...
Can anyone tell me how the following can be done
use this for remote computers - I have tried entering the computer name in the format of \domain\computername but is doesn't work
How I can display the full message and not just a section
How I can save the file with the computer name as part of the file name e.g. "mycomputer application log.txt"
My script so far is like this
Get-EventLog -LogName Application -Newest 30 -ComputerName MYCOMPUTER | Out-File -FilePath "D:\Test\Application Event Logs.txt"
Get-EventLog -LogName System -Newest 30 -ComputerName MYCOMPUTER | Out-File -FilePath "D:\Test\System Event Logs.txt"
I am new to scripting and thought this could be a useful script to have but I can't get it to work.
Remote Computers
If you mean computers in another domain, then I don't think you can using the cmdlet alone.
Instead, you can use PowerShell remoting to run any powershell commands that exist on the remote computer. But you have to set up remotin gon the remote machine, and use SSL or trusted hosts, with explicit credentials to ensure the connection will be allowed:
$credential = Get-Credential # enter credentials for remote machine
$session = New-PSSession -ComputerName REMOTECOMPUTER -Credential $credential
Invoke-Command -Session $session -ScriptBlock {
Get-EventLog # parameters
}
The Full Text
It's important to note that what is returned by Get-WinEvent is a complex object. What you see when it's displayed on the screen is just a view. Writing it out to a file directly will also be just a view. Instead, explicitly figure out what you want, build a string, and then write it to a file.
Start by assigning the result of the cmdlet to a variable so that you can inspect it:
$events = Get-WinEvent #params
Now you can look at the results:
$events | Get-Member # see what properties are available
So then you can see that Message is a property.
To get just the message, you can use Select-Object and since you want it as a string and not a property, you -ExpandProperty:
$events | Select-Object -ExpandProperty Message | Out-File #etc
That would write out all the messages (but no other info).
In practice, you might want to operate on each log entry returned and build your string to write to the file:
$events | ForEach-Object {
# $_ represents the current object
$msg = $_.Message
$id = $_.Id
$timeCreated = $_.TimeCreated
"A log entry with ID $id was created at $timeCreated, and it says:`r`n`r`n$msg`r`n---------`r`n"
} | Out-File #params
Using the Computer Name
Assuming you know the computer name you're checking in advance, put it in a variable, then embed it in the file name:
$computer = 'MYCOMPUTER'
Get-WinEvent -ComputerName $computer | ForEach-Object {
# do stuff like above
} | Out-File -Path "D:\Whatever\$computer Application Log"
Related
I am running invoke-command on lots of servers to gather info in parallel. I am then exporting the data locally on the server where the invoke-command is run. Problem i am having is exporting each job as its own unique $server.txt file when i am running invoke-command in parallel.
Contents of servers.txt file
Server1
Server2
Server3
Here is my current code..
icm -ComputerName (Get-Content c:\temp\servers.txt) -ErrorAction SilentlyContinue -ThrottleLimit 15 -ScriptBlock{
$A=get some local server info
$B=get some local server info
$C=get some local server info
echo $A,$B,$C} | out-file c:\temp\$server.txt
Problem i have is that i want to export the results as a filename that is the server name the script is running on, and i cannot get the $server variable when using invoke-command to run these jobs in parallel.
i dont want to use a foreach loop because thats not in parallel.
i want the output for each serve to be in unique files like this.
C:\temp\server1.txt
C:\temp\server2.txt
C:\temp\server3.txt
EDIT:
I guess my other question or workaround would be is there any way to use a variable from inside the invoke-command loop outside?
I am gathering the machine name inside the invoke-command, but need to use it to set the filename of the export file.
thank you
invoke-command -ComputerName (Get-Content c:\temp\servers.txt) -ErrorAction SilentlyContinue -ThrottleLimit 15 -ScriptBlock{
$data = #(
get some local server info
get some local server info
get some local server info
)
$server = $env:computername
$data | set-content c:\temp\$server.txt
}
should do the trick - but you could also receive the data directly:
$result = invoke-command -ComputerName (Get-Content c:\temp\servers.txt) -ErrorAction SilentlyContinue -ThrottleLimit 15 -ScriptBlock{
$data = #(
get some local server info
get some local server info
get some local server info
)
return $data
}
$result | export-csv C:\data.csv -delimiter ";" -noclobber -notypeinformation
I would return an object instead, then you get the pscomputername property added on.
icm localhost,localhost,localhost { # elevated prompt for this example
$A,$B,$C=1,2,3
[pscustomobject]#{A=$A;B=$B;C=$C}
} | ft
A B C PSComputerName RunspaceId
- - - -------------- ----------
1 2 3 localhost 40636f4b-0b65-494f-9912-82464e34c0f2
1 2 3 localhost 857d514c-8080-40ce-8848-d9b62088d75d
1 2 3 localhost 6ee0fd30-fb3a-4ad7-abba-bb2da0fbbece
I'm brand new to PS scripting, so bear with me :)
I'm trying to create a PS script that will write the Win10 activation code to a file then copy that file to a central repo to then manually activate.
I'm creating a PS script and trying to run
cscript.exe c:\windows\system32\slmgr.vbs -dti >
$SourceDir\$env:computername.txt
$SourceDir = \\computer01\c$\temp
I need to run it from one computer, remotely connecting to every computer on the network, creating the computername.txt file then copying that file back to a central repository for all the files.
What I have so far:
$s1=New-PSSession -ComputerName computer01 -Credential $AdminCred
Test-Connection -ComputerName computer01
$id='\\computer01\windows\system32'
$SourceDir='\\computer01\c$\temp'
md $SourceDir
$GetActID=cscript.exe $id\slmgr.vbs -dti >
$SourceDir\$env:computername.txt
Invoke-Command -Session $s1 -ScriptBlock { $Using:GetActID }
Then I call a batch file that copies the computername.txt file from the computer01 over to a repository where they are going to sit.
I FINALLY got it working correctly except for the name of the file isn't naming it to the computer01, it's naming it with the hostname of the computer I'm running it from, therefore the filenames are identical. I had the naming piece working, but I had to change the way I was remoting into the computer and now it's not naming correctly.
Any idea on how I could get it to name the file to be related to the remote computer?
**I'm still working on the whole piece of the puzzle where it goes back to an excel sheet pulled from AD and pulls the host names from that sheet to connect to each machine, I believe I'll be adding a ForEach syntax in there somehow for that.
Although not sure how you are getting the list of "every computer on the network", chances are you are doing this using
# get a list of all AD computers (their names only)
$computers = (Get-ADComputer -Filter *).Name
Then I think you don't need to have every computer save the file on its own disk and later copy these files to a central share.
Instead, just capture the info in a variable and after the loop write the file to the central share as structured CSV file combining all computernames and install id's so you can open in Excel.
Using the array of computernames from above, iterate through them
$result = $computers | ForEach-Object {
# test if the computer can be reached
if (Test-Connection -ComputerName $_ -Count 1 -Quiet) {
$installId = Invoke-Command -ComputerName $_ -ScriptBlock {
cscript.exe //nologo "$env:SystemRoot\System32\slmgr.vbs" -dti
}
# $installId is returned as array !
# output an object with two properties
[PsCustomObject]#{
Computer = $_
InstallId = $installId[0] -replace '\D' # remove everything non-numeric
}
}
else {
Write-Warning "Computer $_ is not responding"
}
}
# now you can display the result on screen
$result | Format-Table -AutoSize
# or by means of the GridView if you prefer
$result | Out-GridView -Title 'Computer InstallIds'
# and save the results in your central share as structured CSV file
$result | Export-Csv -Path '\\server\share\restofpath\ComputerInstallIds.csv' -NoTypeInformation
You may have to append -Credential $adminCreds to the Invoke-Command call to make sure you have permissions to have each machine run that piece of code in the scriptblock. The easiest way of obtaining that credential is to start off with $adminCreds = Get-Credential -Message "Please enter administrator credentials"
I've tried a variety of iterations of this and gotten a range of errors. I'm trying to get a a list of installed drivers off from a list of computers. None of the ways I've tried in PowerShell have piped the information into a csv. Here's the current iteration of the script.
#Load Active Directory
Import-Module activedirectory
#Load list of computers
$results = #()
$Computer = Get-Content -path 'C:\ScriptResources\computers.txt'
#Check each computer in the list
foreach($ComputerName in $Computer)
{
$results += Get-ADComputer -Filter " Name -Like '*$ComputerName*' " | Get-PrinterDriver; Start-Sleep -milliseconds 500
}
#Export to CSV file
$results | export-csv 'C:\ScriptResults\InstalledPrinters.csv'
I've also used it with just the Get-Printer command and got the following error.
Get-Printer : No MSFT_Printer objects found with property 'Name' equal to 'Redacted'. Verify the value of the
property and retry.
Depending what I've fed the $Computer file I'll get different errors. I've also gotten the RPC server is unavailable and Error Spooler Service Not Running. I have domain wide privileges and I checked the print spooler service and it is running.
The reason I think this is odd is that I have .bat tool that I use that gets printer info from a singular host and I don't run into any issues. The reason I'm trying to put this in PowerShell is because 1) I want to do the whole domain and 2) PowerShell formats its outputs in a more useable fashion.
wmic /node:%ComputerIP% path win32_printer get deviceid, drivername, portname
Additionally, I've also tried the following in the $results function of the script
$results += Get-WmiObject -class Win32_printer -ComputerName name, systemName, shareName
This didn't give errors. What it did instead is that for each computer in the list of computers it checked the computer I was running the script from for its printers and output on each line which printers were installed on my computer.
I'm at a loss and any help would be appreciated. Thanks!
Just so this is closed out. Vivek's answer ended up working.
$results += Get-WmiObject -class Win32_printer -ComputerName $Computer | Select name, systemName, shareName
The RPC issue I was getting was that the list of computers were all turned off for some reason (remote site + different time zone + doing the testing during second shift). Normally, everything remains on though. So that was just an anomaly.
Thanks for the help!
I know I must be using these commands wrong but I can't seem to find a solution. I believe the issue is with my use of the invoke-command and out-file. I'm trying to check to see if a process is running on multiple remote machines and write their states back to a text file on the host system. Even if it wrote to the remote system I could work with that but I cant seem to get anything.
$MyDomain=’mydomain’
$MyClearTextUsername=’myusername’
$MyClearTextPassword=’mypassword’
$MyUsernameDomain=$MyDomain+’\’+$MyClearTextUsername
$SecurePassword=Convertto-SecureString –String $MyClearTextPassword
-AsPlainText –force
$MyCredentials=New-object System.Management.Automation.PSCredential
$MyUsernameDomain,$SecurePassword
$Servers = ( "server1","server2","server3")
$output = foreach ($Server in $Servers)
{
$Session = New-PSSession -ComputerName $Server -Credential $MyCredentials
Invoke-Command -Session $Session -ScriptBlock
{
Get-Service -Name service | select name, status, PSComputername, Runspaceid
} | Out-File -filepath 'c:\TEMP\check.txt'
}
Write-output $output | Out-File -filepath 'c:\TEMP\check.txt'
edit: I don't believe the last line is needed but I threw it in just to see if I could get anything out.
You are not capturing anything in $output because you are redirecting all of the output from your Invoke-Command to Out-File -filepath 'c:\TEMP\check.txt'. Get-Service doesn't return that much data, especially once's it's been deserialized when it returns from the remote session, so I wouldn't bother with the Select statement. Even if you do want to include the Select statement you are specifying PSComputerName which doesn't get added until the data comes back from the remote system, so you may want to move that Select to outside of the scriptblock and after the Invoke-Command in the pipeline. Plus, since you are outputting with Out-File your local file is being overwritten each time that call is made, so the first server's results are saved, then overwritten by the second server's results, then by the third server's results. After that, since $output has nothing (as all output was redirected to file), you are outputting an empty variable to the same file, effectively erasing the service state of the third server.
But this really all becomes a moot point if the script is run with the credentials that has access to the remote servers. You can specify one or more computer names to the Get-Service cmdlet, so this could become as simple as:
$Results = Get-Service Service -ComputerName 'Server1','Server2','Server3'
$Results | Select name, status, PSComputername, Runspaceid | Set-Content 'C:\TEMP\check.txt'
Just to make sure... you are looking for a service right? Not just a process? Because if it isn't a service you would need to use Get-Process instead of Get-Service.
If you want to output the data to the remote server you could do:
$output = foreach ($Server in $Servers)
{
$Session = New-PSSession -ComputerName $Server -Credential $MyCredentials
Invoke-Command -Session $Session -ScriptBlock
{
Get-Service -Name service | Tee-Object -FilePath C:\Temp\ServiceState.txt
} | select name, status, PSComputername, Runspaceid
}
$output | Out-File -filepath 'c:\TEMP\check.txt'
That should make a file in the C:\Temp folder on each server with the state of the service, as well as pass the information back to the local host, where it is passed to Select and stored in $output. At the end I output $output to file, just as you did.
I guess in the end you could just remove the Out-File call from within your loop, and it would probably do what you want it to.
Windows 7:
cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -g
Windows XP:
cscript C:\windows\system32\prnmngr.vbs -g
These will get the default printer of the current system. I was wondering if there is a way to run this on my computer to get the default printer of a remote computer by computer name?
I tried running:
psexec \\c78572 -i -d cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -g
And it appears to run.. but I only see the results in a quick popup cmd line window on the remote computer and not on mine. All I see on my end is:
cscript started with process ID 568.
In powershell gwmi win32_printer -computername c78572 works.. but I don't know how to sort it to show me the default printer.
EDIT 12/20/13 I am trying to combine it with a show all printers and the default but I can't get it to work:
while (1) {
$tag1 = Read-Host 'Enter tag # or Q to quit'
if ($tag1 -eq "Q") {
break;
}
cls
sc.exe \\$tag1 start RemoteRegistry;
cls
start-sleep -seconds 2
cls
$OSInfo = get-wmiobject -class win32_operatingsystem -computername $tag1;
$OSInfo | Format-Table -Property #{Name="OS Name";Expression={$_.Caption}},#{Name="System Boot Time";Expression={$_.ConvertToDateTime($_.LastBootUpTime)}} -AutoSize;
gwmi win32_printer -computername $tag1 | ft -Property #{Name="Printer Name";Expression={$_.Name}} -AutoSize;
$Computer = $tag1
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('currentuser', $Computer)
$RegKey= $Reg.OpenSubKey('Software\Microsoft\Windows NT\CurrentVersion\Windows')
$DefaultPrinter = $RegKey.GetValue("Device")
$DefaultPrinter | ConvertFrom-Csv -Header Name, Provider, Order| Select Name
# Alt method: Get-WmiObject win32_printer -computername c60311
}
You can use wmi32_printer to get the default. Here is the code:
$AllPrinters = gwmi win32_printer -computername c78572
$DefaultPrinter = $AllPrinters | where {$_.Default -eq $true}
This will return all locally attached printers. If you want to get a list of network attached printers (as Aaron commented below), you run into a little bit of an issue. The above script doesn't work because WMI operates on the local machine, and not on the user level. After much research, one way of getting this information is to have a log on script that runs, because there is essentially no other way of remotely using WMI to get the logged in user's information.
How to really do it if we can't use WMI? Use the back door. All the pertinent information is stored in the registry. The output may not be pretty, but it will give you all the information that we need. We are only concerned about 3 key locations:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers
This contains all Locally Installed printers. Forget about it, use the gwmi win32_printer command to get this list.
HKEY_CURRENT_USER\Printers\Settings
This contains all the Currently logged in User Installed printers. It does not have the default printer information.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device
This is where to get the Currently logged in User Installed Default printer. i.e. This is what Aaron is specifically looking for.
So, we can use PowerShell to connect to the remote registry, and read the currently logged in user's default printer with the following script:
$Computer = "c78572"
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('currentuser', $Computer)
$RegKey= $Reg.OpenSubKey('Software\Microsoft\Windows NT\CurrentVersion\Windows')
$DefaultPrinter = $RegKey.GetValue("Device")
$DefaultPrinter | ConvertFrom-Csv -Header Name, Provider, Order| Select Name
----EDIT - to get a list of all printers----
To list all printers on the remote computer:
$Computer = "c78572"
#Get Local Printers:
$Printers = #(Get-WmiObject win32_printer -computername $Computer | Select Name)
#Get List of Network Printers:
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('currentuser', $Computer)
$RegKey= $Reg.OpenSubKey('Printers\Settings')
$Printers += #($RegKey.GetValueNames())
#Output List of Printers
Write-Output $Printers | ft -Property #{Name="Printer Name";Expression={$_.Name}} -AutoSize
#Get Default Printer
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('currentuser', $Computer)
$RegKey= $Reg.OpenSubKey('Software\Microsoft\Windows NT\CurrentVersion\Windows')
$DefaultPrinter = $RegKey.GetValue("Device")
#Output the Default Printer
Write-Output $DefaultPrinter | ConvertFrom-Csv -Header Name, Provider, Order| Select Name | ft -Property #{Name="Default Printer Name";Expression={$_.Name}} -AutoSize
This script will return the specified computer's currently-logged-in user's default printer (read from the Registry).
We're trying to clean up some network printer connections, and a script like this that shows the shared printers that a user is connected to is something we really need.
My primary challenge was figuring out a way to get at the "current user" information (as opposed to the "computer" information). The shared printer connections are stored in the user area, so that's where I needed to be.
I pieced together information from several sources to do it this way:
Determine the logged-in user (account)
Get the SID for that user
Use the SID to navigate to the user's HKEY_USERS Registry hive
Output the value in SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Device. Before coding I determined that this Registry value is updated immediately upon a default printer change. BONUS: You can also change/set the user's default printer by updating this Registry value.
# ---------------------------------------------------------------------------
#
# This script requires a computer name. It will return the computer's
# currently logged-in user's default printer.
#
# ---------------------------------------------------------------------------
# Set the variable below to choose your computer
$Computer = "computer_name"
# get the logged-in user of the specified computer
$user = Get-WmiObject –ComputerName $computer –Class Win32_ComputerSystem | Select-Object UserName
# get that user's AD object
$AdObj = New-Object System.Security.Principal.NTAccount($user.UserName)
# get the SID for the user's AD Object
$strSID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
# get a handle to the "USERS" hive on the computer
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("Users", $Computer)
# get a handle to the current user's USERS Registry key where the default printer value lives
$regKey = $reg.OpenSubKey("$strSID\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows")
# read and show the new value from the Registry for verification
$regValue = $regKey.GetValue("Device")
write-output $regValue
write-output " "
write-output " "
[void](Read-Host 'Press Enter to continue…')