Powershell - Collecting information

 Collecting information using powershell

Get information about the make and model of a computer

Get-WmiObject -Class Win32_ComputerSystem


Get information about the BIOS of the current computer

Get-WmiObject -Class Win32_BIOS -ComputerName .


List installed hotfixes (QFEs, or Windows Update files)

Get-WmiObject -Class Win32_QuickFixEngineering -ComputerName .


Get the username of the person currently logged on to a computer

Get-WmiObject -Class Win32_ComputerSystem -Property UserName -ComputerName .


Find just the names of installed applications on the current computer

Get-WmiObject -Class Win32_Product -ComputerName. | Format-Wide -Column 1


Get IP addresses assigned to the current computer

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName . | Format-Table -Property IPAddress


Get a more detailed IP configuration report for the current machine

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName . | Select-Object -Property [a-z]* -ExcludeProperty IPX*,WINS*


To find network cards with DHCP enabled on the current computer

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "DHCPEnabled=true" -ComputerName .


Enable DHCP on all network adapters on the current computer

Get-WmiObject -ClassWin32_NetworkAdapterConfiguration -FilterIPEnabled=true -ComputerName . | ForEach-Object -Process {$_.EnableDHCP()}


Navigate the Windows Registry like the file system 

cd hkcu:


Find the five processes using the most memory 

ps | sort –p ws | select –last 5


LocalIR

Utilize for collection of local accounts, processes, services, active connections, USB history, programs and items in DNS cache. It will dump each into a text file for processing and collection in the directory that the script was ran from. Use this script locally on the device

open powershell and run the command. Output will be saved to the folder where u run the powershell


Get-WmiObject -Class Win32_UserAccount -Filter  "LocalAccount='True'"| format-list -property * | out-file accounts.txt

get-process | format-list -property *| out-file process.txt

get-service | format-list -property * | out-file services.txt

netstat -ano | format-list -property * | out-file connections.txt

Get-ItemProperty -ea 0 hklm:\system\currentcontrolset\enum\usbstor\*\* | select FriendlyName,PSChildName | out-file usb.txt

gp -ea 0 HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |Select DisplayName,DisplayVersion,Publisher,InstallDate,InstallLocation | Sort InstallDate -Desc | out-file programs.txt

ipconfig /displaydns | select-string 'Record Name' | out-file dnscache.txt



No comments:

Post a Comment