PS: Hardware Commands

8 minute read


These commands have to do with the filesystem, services, ext:

NOTE: Almost all command prompt commands work just as well in Powershell. Search the “batch” label to see examples of them.

To Create A Text File of All Files Older Than 6 Months Old:

dir | where-object {$_.LastWriteTime -lt (get-date).addmonths(-6)} | out-file c:blah.txt

To Create A New Folder:

New-Item -Path . -Name Windowspowershell -Itemtype Directory 
# Or you could do the old fashion way by typing mkdir WindowsPowerShell or md WindowsPowerShell

To Read the Contents of A Text File Within PS:

Get-Content text.txt

To Re-Write Certain Words In A Text File:

(Get-Content Example.Txt) | Foreach-Object {$_ -Replace "Warning", "Caution"} | Set-Content Example-Revised.Txt

To compress multi line strings:

$ex = @"

# join all lines as one long string:
$2 = $ex.Replace("`r`n","")
# join all lines with a comma as one long string:
$3 = $ex.replace("`r`n", ",")

To convert to a string:

$1 = get-process
$2 = $1 | out-string -Stream
# now you can access each object as a line by the index number
10060     756   212536      23096              3080   0 AdjustService

List All Files You Have Modified Today:

Dir | Where-Object {$_.LastWriteTime -ge [DateTime]::Today}

Services, Event Logs, and Processes:

To Create A Web Page Of Latest 5 Events In System Log:

Get-Eventlog -Logname System -Newest 5 | Select -Property Eventid, Timewritten, Message | Sort Timewritten -Descending | Convertto-Html | Out-File C:Error.Htm

To Get The Highest Running Processes:

# Replace 900 With Whatever Cutoff You Want.
Get-Process | Where Handles -Gt 900 | Sort Handles -Descending

To Get A List of All Critical Events From A Group of Computers Listed At “Servers.Txt”:
NOTE: You must have enabled remoting on these computers for this to work.

Invoke-Command -Computername (Get-Content C:\Servers.Txt) -Scriptblock {Get-Eventlog -Logname System | Where {$_Leveldisplayname -Eq "Critical"}}

To See If Your Computer Shutdown Unexpectedly:

Get-Eventlog -Log System –Newest 1000 | Where-Object {$_.Eventid –Eq '1074'} | Format-Table Machinename, Username, Timegenerated –Autosize

To Get Free Disk Space For Drive “C:”:

Get-Ciminstance Win32_Logicaldisk -Filter "Deviceid='C:'" | Select @{N='Freegb' ; E={$_.Freespace / 1gb -As [Int]}}

To Get All Running Services On A Local Machine:

Get-Service | Where {$_.Status -Eq "Running"}

To Shutdown A Remote Computer:

Stop-Computer –Computer Computername –Credential # Computername\Accountname

To Create A Web Page of All Services That Are Set To Start Automatically But Are Not Running:

Get-Wmiobject -Class Win32_Service | Where { $_.State -Ne 'Running' -And $_.Startmode -Eq 'Auto' } | Convertto-Html | Out-File Serviceerrors.Html

To See If A Specific Windows Upate is installed:

Get-Hotfix -Id Kb2862152

How To Expand With Powershell:

To Find The Last Boot Time of A Computer:

(Get-Date) - (Get-CimInstance Win32_operatingSystem).Lastbootuptime

To Get The Last Boot Time For A Remote Computer:

Get-Wmiobject -Class Win32_Operatingsystem -Namespace Rootcimv2 -Computer (Computername)| Select __Server,@{Label='Lastbootuptime';Expression={$_.Converttodatetime($_.Lastbootuptime)} }

To Get The Last Boot Time For A Remote Computer AND Change ColumnName __SERVER To “Computer Name” AND Export To A CSV:

Get-Wmiobject -Class Win32_Operatingsystem -Namespace Rootcimv2 -Computer (Computername) | Select @{Label='Computername' ;E={$_.__Server}},@{Label='Lastbootuptime' ;Expression={$_.Converttodatetime($_.Lastbootuptime)} } | Export-Csv Lastboottime.Csv

File System:

To Rename Files In Bulk:

Get-Childitem “C:\_Gwill\Scripts” | Rename-Item -Newname { $_.Name -Replace “.Txt”,”.Ps1″ }

Changing The File Extension Of All .Jpeg Files To .Jpg

Get-Childitem *.Jpeg | Rename-Item -Newname { $_.Name -Replace “.Jpeg”,”.Jpg” }

Appending A File Extension:

Dir | Rename-Item -Newname { $_.Name +”.Jpg” }

File Rename With Customizable Increasing Number:

Dir *.Jpg | Foreach-Object -Begin { $Count=1 } -Process { Rename-Item $_ -Newname “Image$Count.Jpg”; $Count++ }

To Get The Parent Path Of A Directory:

$a = "c:\users\test"
$b = $a.Split("\")[-1]
$c = $a.TrimEnd($b)

To Set Filters For Queries:

Filter FileSizeBelow($size)
If ($_.length -le $size)

# Create 10 MB File:
$path = “c:\_gwill\test.txt”
$file = [io.file]::Create($path)

# Create 10 KB File:
$path = “c:\_gwill\test2.txt”
$file = [io.file]::Create($path)

# Should see test.txt but not test2.txt:
Get-Childitem c:\_gwill | FileSizeBelow 200kb

# See all files less than 100 MB:
Get-Childitem -Recurse C:\_gwill | Where-Object { !$_.PSIsContainer } | FileSizeBelow 100mb

To Clear Log File If Larger Than 10 MB:

$Dir = “C:\Scripts\script.log”
$SizeMax = 10
$Size = (Get-ChildItem $Dir | Measure-Object -Property Length -Sum)
$SizeMb=$size.sum / 1MB
if ($sizeMb -ge $sizeMax)
Get-ChildItem $Dir | Clear-Content

To Compare Files

Compare-Object -ReferenceObject ( Get-Content "c:\_gwill\prod.txt" ) -DifferenceObject ( Get-Content "c:\_gwill\prod2.txt" ) | 
Where-Object -Property SideIndicator -eq '=>'

Compare-Object -ReferenceObject ( Get-Content "c:\_gwill\prod.txt" ) -DifferenceObject ( Get-Content "c:\_gwill\prod2.txt" ) | 
Where-Object -Property SideIndicator -eq '<='

To Set Everyone Full Permissions For A File

Function Set-Permissions($File)
$Acl = Get-Acl $File
$Accessrule= New-Object System.Security.Accesscontrol.Filesystemaccessrule(“Everyone”, “Fullcontrol”, “Allow”)
$Acl | Set-Acl $File

To See Logfile (Place At End Of Script):

$Input = Read-Host “Would You Like To See The Script’s Log? (Y)Yes Or (N)No”
If($Input -Eq ‘Y’)
Invoke-Item $Logfile

To Clean Strings (In This Case { And } Are Removed):


To Take Ownership Files:

Function Set-Ownership($File)
# The Takeown.Exe File Should Already Exist In Win7 – Win10
& Takeown /f $File
Write-Output “Failed To Take Ownership Of $File}

To Get All Files Where $User Is Owner:

Get-Childitem -Recurse C:\ | Get-Acl | Where {$_.Owner -Match “Gerry.Williams” }

To Take Ownership Of Registry Keys:

Function Takeown-Registry($Key)
# Todo Does Not Work For All Root Keys Yet
Switch ($Key.Split(‘\’)[0])
$Reg = [Microsoft.Win32.Registry]::Classesroot
$Key = $Key.Substring(18)
$Reg = [Microsoft.Win32.Registry]::Currentuser
$Key = $Key.Substring(18)
$Reg = [Microsoft.Win32.Registry]::Localmachine
$Key = $Key.Substring(19)
# Get Administrator Group
$Admins = New-Object System.Security.Principal.Securityidentifier(“S-1-5-32-544”)
$Admins = $Admins.Translate([System.Security.Principal.Ntaccount])

# Set Owner
$Key = $Reg.Opensubkey($Key, “Readwritesubtree”, “Takeownership”)
$Acl = $Key.Getaccesscontrol()

# Set Fullcontrol
$Acl = $Key.Getaccesscontrol()
$Rule = New-Object System.Security.Accesscontrol.Registryaccessrule($Admins, “Fullcontrol”, “Allow”)

To Give Admins Full Control Of A Folder:

Function Takeown-File($Path)
Takeown.Exe /A /F $Path
$Acl = Get-Acl $Path

# Get Administraor Group
$Admins = New-Object System.Security.Principal.Securityidentifier(“S-1-5-32-544”)
$Admins = $Admins.Translate([System.Security.Principal.Ntaccount])

# Add Nt Authority\System
$Rule = New-Object System.Security.Accesscontrol.Filesystemaccessrule($Admins, “Fullcontrol”, “None”, “None”, “Allow”)

Set-Acl -Path $Path -Aclobject $Acl

To Take Control Of A Folder (Requires Takeown-File):

Function Takeown-Folder($Path)
Takeown-File $Path
Foreach ($Item In Get-Childitem $Path)
If (Test-Path $Item -Pathtype Container)
Takeown-Folder $Item.Fullname
Takeown-File $Item.Fullname

To Elevate A Process:

Function Elevate-Privileges
$Definition = @”
Using System;
Using System.Runtime.Interopservices;

Public Class Adjpriv {
[Dllimport(“Advapi32.Dll”, Exactspelling = True, Setlasterror = True)]
Internal Static Extern Bool Adjusttokenprivileges(Intptr Htok, Bool Disall, Ref Tokpriv1luid Newst, Int Len, Intptr Prev, Intptr Rele);

[Dllimport(“Advapi32.Dll”, Exactspelling = True, Setlasterror = True)]
Internal Static Extern Bool Openprocesstoken(Intptr H, Int Acc, Ref Intptr Phtok);

[Dllimport(“Advapi32.Dll”, Setlasterror = True)]
Internal Static Extern Bool Lookupprivilegevalue(String Host, String Name, Ref Long Pluid);

[Structlayout(Layoutkind.Sequential, Pack = 1)]
Internal Struct Tokpriv1luid {
Public Int Count;
Public Long Luid;
Public Int Attr;

Internal Const Int Se_Privilege_Enabled = 0x00000002;
Internal Const Int Token_Query = 0x00000008;
Internal Const Int Token_Adjust_Privileges = 0x00000020;

Public Static Bool Enableprivilege(Long Processhandle, String Privilege) {
Bool Retval;
Tokpriv1luid Tp;
Intptr Hproc = New Intptr(Processhandle);
Intptr Htok = Intptr.Zero;
Retval = Openprocesstoken(Hproc, Token_Adjust_Privileges | Token_Query, Ref Htok);
Tp.Count = 1;
Tp.Luid = 0;
Tp.Attr = Se_Privilege_Enabled;
Retval = Lookupprivilegevalue(Null, Privilege, Ref Tp.Luid);
Retval = Adjusttokenprivileges(Htok, False, Ref Tp, 0, Intptr.Zero, Intptr.Zero);
Return Retval;
$Processhandle = (Get-Process -Id $Pid).Handle
$Type = Add-Type $Definition -Passthru
$Type[0]::Enableprivilege($Processhandle, $Privilege)

To Force Create A Directory:

Function Force-Mkdir($Path)
If (!(Test-Path $Path))
New-Item -Itemtype Directory -Force -Path $Path

To Send Clipboard Contents To Desktop:

Function Send-ClipToDesktop

Function Get-Clipboard
[CmdletBinding(ConfirmImpact = ‘None’, SupportsShouldProcess = $false)] # to support -OutVariable and -Verbose
param ()

Add-Type -AssemblyName System.Windows.Forms
if ([threading.thread]::CurrentThread.ApartmentState.ToString() -eq ‘STA’)
Write-Verbose ‘STA mode: Using [Windows.Forms.Clipboard] directly.’
# To be safe, we explicitly specify that Unicode (UTF-16) be used – older platforms may default to ANSI.
Write-Verbose ‘MTA mode: Using a [System.Windows.Forms.TextBox] instance for clipboard access.’
$tb = New-Object System.Windows.Forms.TextBox
$tb.Multiline = $true

Get-Clipboard | Out-File Passwords.txt
Copy-Item Passwords.txt -Destination $env:userprofile\Desktop\Passwords.txt

To Place Input To Keyboard (Essentially clip.exe in a nutshell):

Function Set-Clipboard
Add-Type -AssemblyName System.Windows.Forms
$In = @($Input)

$Out = If ($In.Length -Eq 1 -And $In[0] -Is [String])
$In | Out-String

If ($Out)
# Input Is Nothing, Therefore Clear The Clipboard

# “Blah” | Set-Clipboard

To Convert CSV To JSON:

# This assumes that your CSV file has three columns, one for Name, one for SessionValues, and one for UserAgent
$Query = @{}
Import-Csv -Path $Path | ForEach-Object {
    $Properties = @{}
    $Properties['Client_Session'] = @($_.SessionValues)
    $Properties['ebanner_HTTP'] = @($_.UserAgent)

    $Query[$_.Name] = @{
        Properties = $Properties

example output:
    "":  {
                       "properties":  {
                                          "client_session":  [
                                                                 " 23/TCP",
                                                                 " 23/TCP"
                                          "ebanner_http":  [
                                                               "Super Secret HTTP Agent 1.0"

To Disable/Enable Touchscreen:

Get-PnpDevice | Where-Object {$_.FriendlyName -like '*touch screen*'} | Disable-PnpDevice -Confirm:$false
Start-Sleep -Seconds 3
Get-PnpDevice | Where-Object {$_.FriendlyName -like '*touch screen*'} | Enable-PnpDevice -Confirm:$false

To Create/Send Shortcuts To The Desktop:

Write-Output "Setting IE 64bit"
$Targetfile = "C:\Program Files\Internet Explorer\Iexplore.Exe"
$Shortcutfile = "$Env:Userprofile\Desktop\Internet Explorer.lnk"
$Wscriptshell = New-Object -Comobject Wscript.Shell
$Shortcut = $Wscriptshell.Createshortcut($Shortcutfile)
$Shortcut.Targetpath = $Targetfile

Write-Output "Setting Google Shortcut"
$Targetfile = ""
$Shortcutfile = "$Env:Userprofile\Desktop\Google.url"
$Wscriptshell = New-Object -Comobject Wscript.Shell
$Shortcut = $Wscriptshell.Createshortcut($Shortcutfile)
$Shortcut.Targetpath = $Targetfile

Write-Output "Setting MS Excel Link"
$Targetfile = "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"
$Shortcutfile = "$Env:Userprofile\Desktop\Excel 2016.lnk"
$Wscriptshell = New-Object -Comobject Wscript.Shell
$Shortcut = $Wscriptshell.Createshortcut($Shortcutfile)
$Shortcut.Targetpath = $Targetfile

Write-Output "Setting MS Outlook Link"
$Targetfile = "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE"
$Shortcutfile = "$Env:Userprofile\Desktop\Outlook 2016.lnk"
$Wscriptshell = New-Object -Comobject Wscript.Shell
$Shortcut = $Wscriptshell.Createshortcut($Shortcutfile)
$Shortcut.Targetpath = $Targetfile

Write-Output "Setting MS Word Link"
$Targetfile = "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"
$Shortcutfile = "$Env:Userprofile\Desktop\Word 2016.lnk"
$Wscriptshell = New-Object -Comobject Wscript.Shell
$Shortcut = $Wscriptshell.Createshortcut($Shortcutfile)
$Shortcut.Targetpath = $Targetfile

Write-Output "Setting OneNote Link"
$Targetfile = "C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE"
$Shortcutfile = "$Env:Userprofile\Desktop\OneNote 2016.lnk"
$Wscriptshell = New-Object -Comobject Wscript.Shell
$Shortcut = $Wscriptshell.Createshortcut($Shortcutfile)
$Shortcut.Targetpath = $Targetfile

# Setting shortcut as admin (haven't tested yet)
Copy-Item $Toolscript 'G:\FileLocation\IT\Tools'
$ToolShortcut = New-Object -ComObject WScript.Shell
$Shortcut = $ToolShortcut.CreateShortcut("C:\users\public\Desktop\$Toolscript.lnk")
$Shortcut.TargetPath = 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
$Shortcut.Arguments = '-NoProfile -File "G:\FileLocation\IT\Tools\$ToolScript" -Interactive'
#Manipulation to make it run as admin:
$bytes = [System.IO.File]::ReadAllBytes("C:\Users\Public\Desktop\Toolbox.lnk")
$bytes[0x15] = $bytes[0x15] -bor 0x20 # Sets byte 21 (0x15) bit 6 (0x20) to ON
[System.IO.File]::WriteAllBytes("C:\Users\Public\Desktop\Toolbox.lnk", $bytes)