This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
filter Get-InstalledSoftware { | |
<# | |
.SYNOPSIS | |
Get all installed from the Uninstall keys in the registry. | |
.DESCRIPTION | |
Read a list of installed software from each Uninstall key. | |
This function provides an alternative to using Win32_Product. | |
.EXAMPLE | |
Get-InstalledSoftware |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
filter Get-InstalledSoftware { | |
<# | |
.SYNOPSIS | |
Get all installed from the Uninstall keys in the registry. | |
.DESCRIPTION | |
Read a list of installed software from each Uninstall key. | |
This function provides an alternative to using Win32_Product. | |
.EXAMPLE | |
Get-InstalledSoftware |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Security log | |
#============ | |
#### | |
#4624 - Logon & Logoff events successful | |
#4625 - Logon unsucceful | |
#### | |
# Get usernames | |
Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique | |
# Get domains |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Logparser | |
############### | |
# Security Log | |
############### | |
# Find Event id | |
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'" |