The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,603 other followers

Archive for the ‘PowerShell’ Category

« Previous Entries

Run cmd as elevated user (via: windows – How to run batch file command with elevated permissions? – Super User)

Posted by jpluimers on 2019/03/13

Based on [WayBack] windows – How to run batch file command with elevated permissions? – Super User:

powershell -command "Start-Process cmd.exe -Verb runas"

This works better than "runas /user:administrator cmd.exe" as that forces to use the specific Administrator account, whereas the PowerShell way allows you to specify the actual account during elevation.

–jeroen

Posted in Batch-Files, CommandLine, Console (command prompt window), Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »

eventviewer – filtering on service stop/start events

Posted by jpluimers on 2018/12/27

Based on eventviewer – View Shutdown Event Tracker logs under Windows Server 2008 R2 – Server Fault « The Wiert Corner – irregular stream of stuff, I’ve made similar filters for service stop/start events.

Works on translated systems:

PowerShell
Get-EventLog System | Where-Object {$_.EventID -eq "7036"} | ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

Or on one line:

Get-EventLog System ^| Where-Object {$_.EventID -in "6005","6006","7000","7009","7036","7040","7042","7043","7045"} ^| ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

Note the -In operator was introduced in PowerShell 3: [WayBack]

Source: PowerShell v3 – New -in Operator | Jonathan Medd’s Blog

I’ve adapted the custom view to include all these event IDs above (note some links have disappeared moving my notes to a blog post):

  • [WayBack] 6005: The Event log service was started (indication for system startup).
  • [WayBack] 6006: The Event log service was stopped (indication for system shutdown).
  • [WayBack] 7000: The <servicename> service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.
  • [WayBack] 7009: A timeout was reached (30000 milliseconds) while waiting for the <servicename> service to connect.
  • [WayBack] 7036:
    • The <servicename> service entered the stopped state.
    • The <servicename> service entered the running state.
  • [WayBack] 7040: The start type of the <servicename> service was changed from demand start to auto start.
  • [WayBack] 7042: The <servicename> service was successfully sent a stop control.
  • [WayBack] 7043: The <servicename> service did not shut down properly after receiving a preshutdown control.
  • [WayBack] 7045: A service was installed in the system.

Other event IDs that might be relevant via [WayBack] Windows Server restart / shutdown history – Server Fault:

  • [WayBack] 6008: “The previous system shutdown was unexpected.” Records that the system started after it was not shut down properly.
  • [WayBack] 6009: Indicates the Windows product name, version, build number, service pack number, and operating system type detected at boot time.
  • [WayBack] 6013: Displays the uptime of the computer. There is no TechNet page for this id.
  • [WayBack] 1074: “The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z.” Indicates that an application or a user initiated a restart or shutdown.
  • [WayBack] 1076: “The reason supplied by user X for the last unexpected shutdown of this computer is: Y.” Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence.
  • [WayBack] 41 (source: Microsoft-Windows-Kernel-Power)
  • [WayBack] 1001: (source: BugCheck).
  • [WayBack] 12, which is typically the first eventid to be logged after a reboot/reset etc and shows the actual “system start time”, i.e.: “The operating system started at system time ‎2017‎-‎09‎-‎19T02:46:06.582794900Z.”

A more complete list of Windows Kernel related Event IDs is at [WayBack] rootkit.com/NETEVENT.H at master · bowlofstew/rootkit.com.

Steps for the custom view:

Open Event Viewer then

  • Right click Custom Views
  • Click Create Custom View
  • Under the Filter tab
    • Keep Logged as Any time
    • Select all the Event level types (Critical, Warning, etc.)
    • Choose by source = Service Control Manager, Service Control Manager Performance Diagnostic Provider
    • Optionally; For Event ID under the Includes/Excludes Event IDs section enter 6005,6006,7000,7009,7036,7040,7042,7043,7045 for the Event ID
  • Click Ok
  • Enter a name like Shutdown Events and any description then
  • Click Ok again to complete the custom event log.

Your new custom view should show up in the list of custom views with the correct filter applied.

–jeroen

Posted in CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »

eventviewer – View Shutdown Event Tracker logs under Windows Server 2008 R2 – Server Fault

Posted by jpluimers on 2018/12/25

Works on translated systems:

PowerShell
Get-EventLog System | Where-Object {$_.EventID -eq "1074" -or $_.EventID -eq "6008" -or $_.EventID -eq "1076"} | ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

Or on one line:

Get-EventLog System ^| Where-Object {$_.EventID -eq "1074" -or $_.EventID -eq "6008" -or $_.EventID -eq "1076"} ^| ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

I’ve adapted the custom view to include all these event IDs above:

  • 12: The operating system started at system time ‎<iso8601utc>.
  • 13: The operating system is shutting down at system time  <iso8601utc>.
  • 109: The kernel power manager has initiated a shutdown transition.
  • 1074: [WayBack] The process <process> has initiated the restart of <computer name> for the following reason: No title for this reason could be found.
    Minor Reason: <reason>
    Shutdown Type: <type>
  • 1076: [WayBack] The reason supplied by user <user name> for the last unexpected shutdown of this computer is: <error description>
    Reason Code: <error code>
    Bug ID: <bug id>
    Bugcheck String: <string>
    Comment: <comment>
  • 6008: [WayBack] The previous system shutdown at <time> on <date> was unexpected.

Steps for the custom view:

Open Event Viewer then

  • Right click Custom Views
  • Click Create Custom View
  • Under the Filter tab
    • Keep Logged as Any time
    • Select all the Event level types (Critical, Warning, etc.)
    • Choose by source = Windows Logs > System
    • For Event ID under the Includes/Excludes Event IDs section enter 12,13,1074,1076,6008 for the Event ID
  • Click Ok
  • Enter a name like Shutdown Events and any description then
  • Click Ok again to complete the custom event log.

Your new custom view should show up in the list of custom views with the correct filter applied.

Source: [WayBack] eventviewer – View Shutdown Event Tracker logs under Windows Server 2008 R2 – Server Fault

–jeroen

Posted in CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »

No it was not possible to install PowerShell 3 on a Windows Server 2003 or 2003 R2? – Super User

Posted by jpluimers on 2018/08/28

Since it was not possible to install PowerShell 3 on ancient Windows Server 2003 and Windows Server 2003 R2 machines, I opted for this workaround during the time they were being retired:

I’ve investigating how much work it will be to migrate the machine, as opposed to adapting the scripts with Poshcode/Jaykul modules (of which many have external dependencies that I’d need to check first). It’s about the same order of magnitude, so I’ll be migrating the machine earlier. In the mean time, a different machine will run the scripts and access the required data over a network share.

Source: [WayBack] Is it possible to install PowerShell 3 on a Windows Server 2003 or 2003 R2? – Super User

Posted in CommandLine, Development, PowerShell, PowerShell, Scripting, Software Development | Leave a Comment »

PowerShell on Mac OS X and other non-Windows systems

Posted by jpluimers on 2018/07/17

I wasn’t expecting it to be so easy to install PowerShell on Mac OS X:

brew install Caskroom/cask/powershell

In the background it executes this script: https://github.com/caskroom/homebrew-cask/blob/master/Casks/powershell.rb. which indirectly goes through the URL template https://github.com/PowerShell/PowerShell/releases/download/v#{version}/powershell-#{version}.pkg.

On other non-Windows systems, you have to go through GitHub yourself: https://github.com/powershell/PowerShell. The PowerShell team at Microsoft has many more repositories including the Win32-OpenSSH port which you can find through https://github.com/PowerShell.

At the time of writing, PowerShell was available for these platforms:

Platform Downloads How to Install
Windows 10 / Server 2016 (x64) .msi Instructions
Windows 8.1 / Server 2012 R2 (x64) .msi Instructions
Windows 7 (x64) .msi Instructions
Windows 7 (x86) .msi Instructions
Ubuntu 16.04 .deb Instructions
Ubuntu 14.04 .deb Instructions
CentOS 7 .rpm Instructions
OpenSUSE 42.1 .rpm Instructions
Arch Linux Instructions
Many Linux distributions .AppImage Instructions
macOS 10.11 .pkg Instructions
Docker Instructions

The first version I installed on Mac OS X was this: ==> Downloading https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.17/powershell-6.0.0-alpha.17.pkg

By now I really hope it is out of Alpha state.

–jeroen

via:

Posted in *nix, Apple, CommandLine, Development, iMac, Linux, Mac, Mac OS X / OS X / MacOS, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, MacMini, openSuSE, Power User, PowerShell, PowerShell, Scripting, Software Development, SuSE Linux, Ubuntu | Leave a Comment »

« Previous Entries
 
%d bloggers like this: