netsh trace start capture = yes ipv4.address = 10.81.4.196
Start your app
netsh trace stop
Friday, November 16, 2018
Friday, July 20, 2018
Remote patching
1. Who is logged on
6. Installing Sysinternal tools:
8.Change Regional settings
1. Who is logged on
qwinstalogoff 3$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
$currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)$TargetSession = New-PSSession -ComputerName HALOMEM03
Copy-Item -ToSession $TargetSession -Path "C:\tools\" -Destination "C:\tools\" -Recurse
5. Upgrade Powershell to 5.1:Invoke-WebRequest -Uri 'https://go.microsoft.com/fwlink/?linkid=839516' -OutFile "c:\\temp\\Win8.1AndW2K12R2-KB3191564-x64.msu" -Proxy "http:\\10.81.18.66:3128"
winrs -r:localhost c:\windows\system32\wusa.exe c:\temp\Win8.1AndW2K12R2-KB3191564-x64.msu /extract:c:\temp
winrs -r:localhost dism /online /add-package /PackagePath:c:\temp\WindowsBlue-KB3191564-x64.cab /norestart
shutdown /r /t 10
6. Installing Sysinternal tools:
Invoke-Command -ComputerName jdecli003d -ScriptBlock {
& {
$TARGETDIR = 'c:\tools'
if(!(Test-Path -Path $TARGETDIR )){
New-Item -ItemType directory -Path $TARGETDIR
}
Invoke-WebRequest -Uri 'https://download.sysinternals.com/files/SysinternalsSuite.zip' -OutFile "c:\\temp\\SysinternalsSuite.zip" -Proxy "http:\\10.81.18.66:3128"
Expand-Archive C:\temp\SysinternalsSuite.zip -DestinationPath C:\tools
#alternative expand:
#Add-Type -A 'System.IO.Compression.FileSystem'
#[IO.Compression.ZipFile]::ExtractToDirectory('c:\temp\SysinternalsSuite.zip', 'c:\tools')
}
}
7. Getting list of users who were logged to machine in past 60 days:Invoke-Command -ComputerName jdecli001d,jdecli002d,jdecli003d,jdecli004d,jdecli005d,jdecli006d,jdecli007d,jdecli008d,jdecli009d,jdecli010d,jdecli011d,jdecli012d,jdecli013d,jdecli014d,jdecli015d,jdecli016d,jdecli017d,jdecli018d,jdecli019d,jdecli020d -ScriptBlock {
& {
Param (
#[string]$Computer = (Read-Host Remote computer name),
[string]$Computer = 'localhost',
[int]$Days = 60
)
cls
$Hostname = hostname
$Result = @()
Write-Host "Gathering Event Logs, this can take awhile..."
$ELogs = Get-EventLog System -Source Microsoft-Windows-WinLogon -After (Get-Date).AddDays(-$Days) -ComputerName $Computer
If ($ELogs)
{ Write-Host "Processing..."
ForEach ($Log in $ELogs)
{ If ($Log.InstanceId -eq 7001)
{ $ET = "Logon"
}
ElseIf ($Log.InstanceId -eq 7002)
{ $ET = "Logoff"
}
Else
{ Continue
}
$Result += New-Object PSObject -Property @{
Time = $Log.TimeWritten
'Event Type' = $ET
User = (New-Object System.Security.Principal.SecurityIdentifier $Log.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])
'Computer' = $Hostname
}
}
$Result | Select Time,"Event Type",User,Computer | Sort Time -Descending | export-csv c:\temp\logged.csv -Force #| Out-GridView
cat c:\temp\logged.csv
Write-Host "Done."
}
Else
{ Write-Host "Problem with $Computer."
Write-Host "If you see a 'Network Path not found' error, try starting the Remote Registry service on that computer."
Write-Host "Or there are no logon/logoff events (XP requires auditing be turned on)"
}
}
}
8.Change Regional settings
Invoke-Command crkrd1azwe0p,crkrd1azwe1p,crkrd1azwe2p,crkrd1azwe3p,crkrd1azwe4p,crkrd1azwe5p,crkrd1azwe6p,crksqlazwe0p,Crksqlazwe1p,crkupdazwe0p,Crkupdazwe1p -ScriptBlock {
if (!(test-path c:\temp)) {New-Item c:\temp -ItemType Directory}
[xml]$XmlDocument = invoke-webrequest -Uri https://raw.githubusercontent.com/poorleno1/systemlocale/master/USRegion.xml -UseBasicParsing | Select-Object -ExpandProperty content
$XmlDocument.Save("c:\temp\USRegion.xml")
# Set Locale, language etc.
& $env:SystemRoot\System32\control.exe "intl.cpl,,/f:`"c:\temp\USRegion.xml`""
# Set Timezone
& tzutil /s "Central European Standard Time"
# Set languages/culture
Set-Culture en-US
}
9.
Subscribe to:
Posts (Atom)