Collecting information using powershell
Get information about the make and model of a computer
Get-WmiObject -Class Win32_ComputerSystem
Get information about the BIOS of the current computer
Get-WmiObject -Class Win32_BIOS -ComputerName .
List installed hotfixes (QFEs, or Windows Update files)
Get-WmiObject -Class Win32_QuickFixEngineering -ComputerName .
Get the username of the person currently logged on to a computer
Get-WmiObject -Class Win32_ComputerSystem -Property UserName -ComputerName .
Find just the names of installed applications on the current computer
Get-WmiObject -Class Win32_Product -ComputerName. | Format-Wide -Column 1
Get IP addresses assigned to the current computer
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName . | Format-Table -Property IPAddress
Get a more detailed IP configuration report for the current machine
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName . | Select-Object -Property [a-z]* -ExcludeProperty IPX*,WINS*
To find network cards with DHCP enabled on the current computer
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "DHCPEnabled=true" -ComputerName .
Enable DHCP on all network adapters on the current computer
Get-WmiObject -ClassWin32_NetworkAdapterConfiguration -FilterIPEnabled=true -ComputerName . | ForEach-Object -Process {$_.EnableDHCP()}
Navigate the Windows Registry like the file system
cd hkcu:
Find the five processes using the most memory
ps | sort –p ws | select –last 5
LocalIR
Utilize for collection of local accounts, processes, services, active connections, USB history, programs and items in DNS cache. It will dump each into a text file for processing and collection in the directory that the script was ran from. Use this script locally on the device
open powershell and run the command. Output will be saved to the folder where u run the powershell
Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='True'"| format-list -property * | out-file accounts.txt
get-process | format-list -property *| out-file process.txt
get-service | format-list -property * | out-file services.txt
netstat -ano | format-list -property * | out-file connections.txt
Get-ItemProperty -ea 0 hklm:\system\currentcontrolset\enum\usbstor\*\* | select FriendlyName,PSChildName | out-file usb.txt
gp -ea 0 HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |Select DisplayName,DisplayVersion,Publisher,InstallDate,InstallLocation | Sort InstallDate -Desc | out-file programs.txt
ipconfig /displaydns | select-string 'Record Name' | out-file dnscache.txt
0 comments:
Post a Comment