I try to set wmi permanent events base on specifics events coming from network card on a Windows 7 SP1.
I use this code:
#Creating a new event filter
$instanceFilter = ([wmiclass]"\\.\root\subscription:__EventFilter").CreateInstance()
$instanceFilter.QueryLanguage = "WQL"
$instanceFilter.Query = "Select * From __InstanceCreationEvent Where TargetInstance ISA 'Win32_NTLogEvent' AND TargetInstance.LogFile='System' AND TargetInstance.SourceName LIKE '%e1_express%' AND (TargetInstance.EventCode=27 OR TargetInstance.EventCode=32 OR TargetInstance.EventCode=33 OR TargetInstance.EventCode=36)"
$instanceFilter.Name = "LAN_Watcher_Filter"
$instanceFilter.EventNamespace = 'root\cimv2'
$result = $instanceFilter.Put()
$newFilter = $result.Path
#Creating a new event consumer
$instanceConsumer = ([wmiclass]"\\.\root\subscription:CommandLineEventConsumer").CreateInstance()
$instanceConsumer.Name ='LAN_Watcher_Consumer'
$instanceConsumer.ExecutablePath="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$instanceConsumer.CommandLineTemplate="-file C:\Windows\System32\Switch_LAN_TEST.ps1"
$result = $instanceConsumer.Put()
$newConsumer = $result.Path
#Bind filter and consumer
$instanceBinding = ([wmiclass]"\\.\root\subscription:__FilterToConsumerBinding").CreateInstance()
$instanceBinding.Filter = $newFilter
$instanceBinding.Consumer = $newConsumer
$result = $instanceBinding.Put()
$newBinding = $result.Path
##Removing WMI Subscriptions using [wmi] and Delete() Method
#([wmi]$newFilter).Delete()
#([wmi]$newConsumer).Delete()
#([wmi]$newBinding).Delete()
I can turn off the powershell session, script will be launch but if I reboot the computer, the permanent event exist again but the script doesn't work.
Any idea ?
Thanks.
Related
I am attempting to use New-OktaApp to make a new okta application. It runs without errors, however once it runs powershell fails to run any further and must be forced closed.
Has anyone experienced this before?
If you have used this in the past can you show me an example of how would got it to run and produce an app?
Import-Module "pathtomodule\OktaAPI"
Connect-Okta "MyAPIToken" "MyOrg"
New-OktaApp #{
name = "name";
label = "label";
}
There are many examples in the GH site, for example
https://github.com/gabrielsroka/OktaAPI.psm1/blob/master/CallOktaAPI.ps1#L12-L33
function Add-SwaApp() {
$user = Get-OktaUser "me"
# see https://developer.okta.com/docs/api/resources/apps#add-custom-swa-application
$app = #{
label = "AAA Test App"
settings = #{
signOn = #{loginUrl = "https://aaatest.oktapreview.com"}
}
signOnMode = "AUTO_LOGIN"
visibility = #{autoSubmitToolbar = $false}
}
$app = New-OktaApp $app
# see https://developer.okta.com/docs/api/resources/apps#assign-user-to-application-for-sso
$appuser = #{id = $user.id; scope = "USER"}
Add-OktaAppUser $app.id $appuser
}
I want to write something like nestat (that log new tcp connections to console) but for pnp devices with powershell.
Is there an API method "to subscribe to some kind of events bus" specific to PnP and get "connected" and "disconnected" events?
Or only one way to achive this is looping with Get-PnpDevice and "manually" seacrh for the differences?
You can use WMI events to do this. For example, here is one way to do it (seems over-complicated, so maybe someone can improve on it):
$addIdentifier = "WMI.PnpAddEvent"
$removeIdentifier = "WMI.PnpRemoveEvent"
$addAction = { $pnpEntity = $EventArgs.NewEvent.TargetInstance; Write-Host "`nPNPEvent: Plugged In`nCaption: $($pnpEntity.Caption)`nPNPDeviceID: $($pnpEntity.PNPDeviceID)`n" }
$addQuery = "SELECT * FROM __instancecreationevent WITHIN 5 WHERE targetinstance isa 'Win32_PnPEntity'"
$removeAction = { $pnpEntity = $EventArgs.NewEvent.TargetInstance; Write-Host "`nPNPEvent: Unplugged`nCaption: $($pnpEntity.Caption)`nPNPDeviceID: $($pnpEntity.PNPDeviceID)`n" }
$removeQuery = "SELECT * FROM __instancedeletionevent WITHIN 5 WHERE targetinstance isa 'Win32_PnPEntity'"
$addEventArgs = #{
Query = $addQuery
SourceIdentifier = $addIdentifier
SupportEvent = $true
Action = $addAction
}
$removeEventArgs = #{
Query = $removeQuery
SourceIdentifier = $removeIdentifier
SupportEvent = $true
Action = $removeAction
}
Register-WmiEvent #addEventArgs
Register-WmiEvent #removeEventArgs
Now, when you add/remove a device, you'll get output like this in the console:
PNPEvent: Unplugged
Caption: Apple iPhone
PNPDeviceID: USB\VID_05AC&PID_12A8&MI_00\E&2491F388&0&0000
PNPEvent: Plugged In
Caption: Apple iPhone
PNPDeviceID: USB\VID_05AC&PID_12A8&MI_00\E&2491F388&0&0000
A couple of things to keep in mind:
The event registrations last for the current session only
You need to run this from an elevated prompt
As mentioned, the registrations should be cancelled when your session ends, but if you want to do it manually, you can do it like this:
$addIdentifier, $removeIdentifier | ForEach-Object { Unregister-Event -Force -SourceIdentifier $_ }
Is there a way to pull multiple SNMP values and update them as new values in PowerShell?
I have two different OIDs that I'm pulling from my UPS and I want those integer values saved to a database table.
This is my code
$UPS_Temp_oid = '1.3.6.1.4.1.318.1.1.10.2.3.2.1.4.1'
$Battery_Load_oid = '.1.3.6.1.4.1.318.1.1.1.4.2.3.0'
$sql = "SELECT temp, batteryload, upsid, ups_ip FROM ups WHERE ups_ip IS NOT NULL"
$cmd = New-Object System.Data.SqlClient.SqlCommand($sql, $conn)
$rows = $cmd.ExecuteReader()
while ($rows.Read()) {
$ups_id = $rows["upsid"]
$ups_ip = $rows["ups_ip"].trim()
$ups_temp = $rows["temp"]
$battery_load = $rows["batteryload"]
Write-Output $ups_id, $ups_ip, $ups_temp, $battery_load
# Ping UPS
$ping = New-Object System.Net.NetworkInformation.Ping
$ping_reply = $ping.Send($ups_mgmt_ip) | select status
# If success go call func SNMP
if ($ping_reply.status -eq "Success") {
try {
$frm_snmp = Invoke-SNMPget $ups_ip $UPS_Temp_oid "community"
} catch {
Write-Host "$ups_mgmt_ip SNMP Get error: $_"
return null
}
would I have to create another try..catch for the battery_load_oid or would I just simply do something like that?
Invoke-SNMPget ups_ip $ups_temp_oid, $nattery_load_oid "community"
I have the following PowerShell code which adds a new line of data into a MS Access database (based on user input) and works perfectly.
if ($NewAccounts ="Y") {
$cursor = 3
$lock = 3
$Ado = New-Object -ComObject ADODB.Connection
$recordset = New-Object -ComObject ADODB.Recordset
$Ado.Open("Provider = Microsoft.ACE.OLEDB.12.0;Data Source=$Source")
$query = "Select * from [Sheet1]"
$recordset.Open($query, $ado, $cursor, $lock)
$recordset.AddNew()
$recordset.Fields.Item("Account") = $AccName
$recordset.Fields.Item("Serial") = $CGBSerial
$recordset.Fields.Item("SAExpiry") = $SAEDate.ToString("dd/MM/yyyy")
$recordset.Fields.Item("SAValidatedPerson") = $SAPerson
$recordset.Fields.Item("DataCollection") = $DCRun
$recordset.Fields.Item("DataCollectionDate") = $DCRunDate
$recordset.Fields.Item("DataCollectionPerson") = $DCPerson
$recordset.Fields.Item("Version") = $Version
$recordset.Fields.Item("VersionDateValidated") = Get-Date -Format d
$recordset.Fields.Item("VersionValidatedPerson") = $logontrim
$recordset.Update()
$recordset.Close()
$ado.Close()
}
However, I cannot seem to update a row in the database that already exists. Is it possible to update a row, rather than creating an entirely new row?
$recordset.AddNew() appends a new empty record to the recordset. To update an existing record you need to navigate to the record you want to modify first, and then change the values of that record.
$recordset.Open($query, $ado, $cursor, $lock)
while ($recordset.Fields.Item('Account').Value -ne $AccName) {
$recordset.MoveNext()
}
$recordset.Fields.Item('Serial') = $CGBSerial
...
$recordset.Update()
$recordset.Close()
However, you can't use MoveNext() with a static cursor, so you need to change the cursor type to adOpenForwardOnly ($cursor = 0).
Alternatively you could use a prepared statement:
$cn = New-Object -ComObject 'ADODB.Connection'
$cn.ConnectionString = "..."
$cn.Open()
$cmd = New-Object -ComObject 'ADODB.Command'
$cmd.CommandText = 'UPDATE [Sheet1] SET Serial=?, SAExpiry=?, ... WHERE Account=?'
$cmd.Parameters.Append($cmd.CreateParameter('#p1', 200, 1, 50, $CGBSerial))
$cmd.Parameters.Append($cmd.CreateParameter('#p2', 7, 1, $null, $SAEDate))
...
$cmd.Execute()
$cn.Close()
I am trying to add a parent link when I create TFS task via powershell. However, I am only able to add a related link:
function Create-New-WorkItem($projName, $taskType, $title, $state, $assignedTo, $iterationPath, $activity, $BLItem)
{
$tfs = Get-TfsServer
$ws = $tfs.GetService([type]"Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore")
$proj = $ws.projects[$projName]
$workitem = $proj.workitemtypes[$taskType].newworkitem()
$workitem.open()
$workitem.title = $title
$workitem.state = $state
$workitem.fields["Assigned To"].value = $assignedTo
$workitem.iterationpath = $iterationPath
$workitem.fields["Activity"].value = $activity
$id = Get-Parent-Link $BLItem
$workitem.links.add($id.ID)
$workitem.close()
$workitem.save()
}
function Get-Parent-Link($backLogItemName)
{
$tfs = Get-TfsServer
$WIQL = #"
SELECT [System.Id]
FROM WorkItems
where [System.Title] = '$backLogItemName'
"#
return $tfs.wit.query($WIQL)
}
How can I add the link as a parent instead of a related?
After some trial and error I finally found a way to accomplish linking a new work item as a child to a parent item i.e. backlog item.
$ws = $tfs.GetService([type]"Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore")
$linkType = $ws.WorkItemLinkTypes[[Microsoft.TeamFoundation.WorkItemTracking.Client.CoreLinkTypeReferenceNames]::Hierarchy]
Add the workitem id of the parent you want to link the new child workitem to and create a workitemlink object:
$link = new-object Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemLink($linkType.ReverseEnd, 1234)
You can then add the link to a workitem:
$workitem.WorkItemLinks.Add($link)
$workitem.save()
You need to create a different link type object. A good exercise of the API can be found on Shai's blog.
http://blogs.microsoft.co.il/shair/2010/02/27/tfs-api-part-22-create-link-between-work-item-parent-child-etc/
The PowerShell for this is almost identical.