Articles‎ > ‎Homemade Software‎ > ‎


I find I'm using PowerShell more and more often, but I still need to look up examples.

On this page I have the scripts I've used in the past to refresh my memory.

Things that aren't actual PowerShell, but are handy to prepare for related things:

Enable remote PowerShell:
psexec \\computername -s powershell Enable-PSRemoting -Force

Enable Remote Registry
C:\WINDOWS\system32>sc config remoteregistry start=auto
[SC] ChangeServiceConfig SUCCESS

C:\WINDOWS\system32>sc start remoteregistry

SERVICE_NAME: remoteregistry
        TYPE               : 30  WIN32
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 8148
        FLAGS              :

Basic tasks:
Restart-Service -Name "Service Name" -Verbose
Copy-Item -Path "C:\temp\picture.png" -Destination "C:\temp\newplace.png"
Restart-Computer -ComputerName 'computername'
Disable-NetAdapter -Name 'Ethernet' -Confirm:$false

Tricks with ping: 
From cmd: powershell -command "0..500|foreach {$_;ping -n 1 server1;start-sleep -s 2}"

while ($true) { $ct++; $result=ping -n 1|Select-String "Lost";$ds=Get-Date;$show=$result.ToString();write-host $ct $ds $show.Substring($show.length - 10,10) to google;Start-Sleep -Seconds 1 }

Or save a script:
Write-Output "Target: $target"
 If (-not (Test-Connection -ComputerName $target -BufferSize 16 -Count 1 -Quiet)){
  Write-Output "$(Get-Date) Packet to $target was dropped. Drop count: $dropcount"  
 if (($_ % 60) -eq 0){Get-Date}
 Start-Sleep -Seconds 1
Merge hyper-v drive snapshots, one by one:
PS C:\Hyper-V\Virtual hard disks> function fakemerge { Param ([string]$targetpath);$targetvhd=Get-VHD -Path "$targetpath";$parentpath=$targetvhd.ParentPath;Write-Host "Merge: Merge-VHD -Path" $targetpath "-DestinationPath" $parentpath "-ErrorAction Stop";st
art-sleep -s 3;if ($parentpath){fakemerge "$parentpath"}else{Write-Host "No parent path for $targetpath"} };fakemerge "C:\hyper-v\Virtual Hard Disks\nameserver-drivename-datatype_EE77DAC6-B30D-40B0-BB8D-F719993EEE84.avhdx

Get IP address info for a list of machines:
PS C:\> $servers = @("server1","server2","serverd");foreach ($server in $servers) {write-host "$server";Invoke-Command -Script {Get-NetIPInterface -AddressFamily "IPv4"|where {$_.InterfaceAlias -notmatch 'Loopback'}; (Get-NetIPAddress |where AddressFamily -eq "IPv4" |where IPAddress -ne '').ipaddress} -ComputerName "$server"}

Check Active Directory against a list for lack of entries in the list:
Get-ADUser -Filter 'enabled -eq $true' -Properties UserPrincipalName|Select-Object -Property UserPrincipalName|%{$uid=($_.UserPrincipalName -split '@')[0];$uid;if (!(Select-String -Path C:\temp\list.csv $uid)){"Not Found $uid"}}

Set DNS servers
PS C:\> Set-DnsClientServerAddress -InterfaceIndex 23 -ServerAddresses ("","")

Remove a file
PS C:\> Get-ADComputer -Filter *|Select-Object -ExpandProperty name|foreach { Write-Output "$_"; if(Test-Connection -ComputerName $_ -BufferSize 16 -Count 1 ){ Invoke-Command -Script {if (Test-Path '\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\StupidToHaveHereAnyway.lnk'){remove-item '\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\StupidToHaveHereAnyway.lnk'}} -ComputerName $_}}
Push a copy of a file
PS C:\> Get-ADComputer -Filter { OperatingSystem -like "Windows 10*" } -Properties OperatingSystem |Select-Object -ExpandProperty name|foreach { Write-Output "$_"; if(Test-Connection -ComputerName $_ -BufferSize 16 -Count 1 -Quiet ){ robocopy "\\servername\share\path" "\\$_\c`$\folder\target" filename.chm } else { Write-Output "Couldn't connect to $_" } }

Enable a Hyper-V virtual adapter
PS C:\> GET-VM | GET-VMNetworkAdapter | Connect-VMNetworkAdapter –Switchname ‘New-cool-Hyper-V-Lan’ 

Clean old profiles off of a workstation

#First look at the targets:
Get-CimInstance -ClassName win32_userprofile -ComputerName 'thiscomputername'|Select-Object -Property 'localpath'

#Then de-select any that you want to leave:
Get-CimInstance -ClassName win32_userprofile -ComputerName 'pc1'|Where-Object {($_.LocalPath.split('\')[-1] -ne 'jdoe' -and $_.LocalPath.split('\')[-1] -ne 'jsmith' -and $_.LocalPath.split('\')[-1] -ne 'pcadmin' -and $_.LocalPath.split('\')[-1] -ne 'pcadmin.MYDOMAIN'  -and $_.LocalPath.split('\')[-1] -ne 'NetworkService' -and $_.LocalPath.split('\')[-1] -ne 'LocalService' -and $_.LocalPath.split('\')[-1] -ne 'systemprofile' -and $_.LocalPath.split('\')[-1] -ne '');}|Remove-CimInstance

Connect to Office 365 for Exchange management
$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Remove-PSSession $Session

Adjust Azure AD
PS C:\> install-module msonline
PS C:\> connect-msolservice
PS C:\> Update-ADFSCertificate –CertificateType token-signing
PS C:\> update-msolfederateddomain -domainname
PS C:\> Get-MsolFederationProperty -DomainName | FL Source, TokenSigningCertificate

Adjust a username on Office 365
PS C:\> Set-MsolUserPrincipalName -UserPrincipalName -NewUserPrincipalName

Install a module for Sharepoint Online and use it to unlock a file?? (Not resolved)
PS C:\> Install-Module SharePointPnPPowerShellOnline
PS C:\> Connect-PnPOnline -Url -UseWebLogin (Maybe Not?)
> Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
> Connect-SPOService -Url
C:\> $web = Get-SPOSite -Identity

Add a registry entry to trust a local domain
$UserRegPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

#Value 1 = Intranet
$DWord = 1

$Name = ""
if (-Not (Test-Path "$UserRegPath\$Name")){
 New-Item -Path "$UserRegPath" -ItemType File -Name "$Name"
Set-ItemProperty -Path "$UserRegPath\$Name" -Name "http" -Value $DWord
Set-ItemProperty -Path "$UserRegPath\$Name" -Name "https" -Value $DWord
Set-ItemProperty -Path "$UserRegPath\$Name" -Name "*" -Value $DWord

Watch a text file for changes
PS C:\> get-content -tail 10 -wait '\\server\c$\temp\serversmonitored.log'

Install XPS Viewer
dism /Online /Add-Capability /CapabilityName:XPS.Viewer~~~~

Remove Junk from Microsoft:
foreach ($removethis in $applist){
 Write-Host "Removing $removethis"
  Read-Host -Prompt "Press Enter to continue or Ctrl+C to exit"
 Get-AppxPackage $removethis | Remove-AppxPackage
 Write-Host "Removed $removethis"

Run a DOS/CMD style command
PS C:\> $command = "dir 'c:\program files' "
PS C:\> $bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
PS C:\> $encodedCommand = [Convert]::ToBase64String($bytes)
PS C:\> powershell.exe -encodedCommand $encodedCommand

Use SFTP/SSH/SCP with Posh-SSH module:
PS C:\> Install-Module -Name Posh-ssh
Interactive approvals later:
PS C:\> $username = 'whateveruser'
PS C:\> $password = ConvertTo-SecureString 'WhateverPassword' -AsPlainText -Force
PS C:\> $mycredentials = New-Object System.Management.Automation.PSCredential($username,$password)
PS C:\> New-SSHSession -computername '' -Credential $mycredentials -Verbose
Or generate an OpenSSH public/private key pair with no password, some notes:
  1. Keep this very secure
  2. I used Putty's too PuTTYgen, rsa and exported OpenSSH key files
  3. Be careful to select the entirety of the public key text as it may not all be visible
PS C:\> $username = 'whateveruser'
PS C:\> $nopassword = new-object System.Security.Securestring
PS C:\> $mycredentials = New-Object System.Management.Automation.PSCredential($username,$nopassword)
PS C:\> New-SSHSession -computername '' -Credential $mycredentials -KeyFile C:\temp\id_rsa.private -Verbose
Other command examples:
PS C:\> Get-SSHSession | fl
PS C:\> Invoke-SSHCommand -Index 0 -Command "uname -a"
PS C:\> Remove-SSHSession -Index 0 -Verbose
PS C:\> New-SFTPSession -ComputerName '' -Credential (Get-Credential root) -Verbose | fl
PS C:\> Set-SFTPDirectoryPath -Index 0 -Path /usr/bin
PS C:\> Get-SFTPDirectoryList -Index 0 -Path /tmp
Other commands:
Set-SFTPFile (Uploads a file)

Use SFTP/FTP/SCP/FTPS with WinSCP module:
PS C:\temp> Install-Module -Name WinSCP
Interactive approvals later:
PS C:\> $sessionOption = New-WinSCPSessionOption -hostname 'whateverserver' -Protocol 'Sftp'
PS C:\> $sshHostKeyFingerprint = Get-WinSCPHostKeyFingerprint -SessionOption $sessionOption
PS C:\> $cred = Get-Credential
PS C:\> $sessionOption = New-WinSCPSessionOption -hostname 'whateverserver' -Protocol 'Sftp' -Credential $cred -SshHostKeyFingerprint $sshHostKeyFingerprint
PS C:\> $session1 = New-WinSCPSession -SessionOption $sessionOption
PS C:\> Get-WinSCPChildItem -Path '/home/netadmin'|fl
PS C:\> Remove-WinSCPSession $session1

Logging into a webpage and pulling a download file
2018-11-08 Boyce Crownover created to pull a CSV download
           This was rather tricky because I couldn't get the fine grain control I wanted from the normal tools like WebRequest and WebClient.
   I needed to load a page to get the session cookie, then submit data with POST (including that session cookie) from an image input.
   Then after a successful login, I needed to go to another page, still with the session cookie, and from that page click another
   image input button which results in a stream of data which is the CSV data I'm actually after.

$url = ""

#Load initial page to get the session cookie
$request = [System.Net.WebRequest]::Create($url)
$request.CookieContainer = New-Object System.Net.CookieContainer
$response = $request.GetResponse()
$requestStream = $response.GetResponseStream()
$readStream = New-Object System.IO.StreamReader $requestStream

#Looping seems like it should be unnecessary, but normal pages 
#may have multiple cookies. In this case, I just needed the one.
foreach ($cook in $Response.Cookies)    {
#write-output "Last cookie: $lastcookie" 

#Now that we have the cookie, we post the login data back to the same page.
#I found Telerik Fiddler to be very handy for figuring out exactly what 
#my normal session was doing.
$url = ""
$postData = "Name=myusername&Password=mypassword&loginButton.x=0&loginButton.y=0"
$buffer = [text.encoding]::ascii.getbytes($postData)
[net.httpWebRequest] $req = [net.webRequest]::create($url)
$req.method = "POST"
$req.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
$req.Headers.Add("Accept-Language: en-US")
$req.Headers.Add("Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7")
$req.AllowAutoRedirect = $false
$req.ContentType = "application/x-www-form-urlencoded"
$req.ContentLength = $buffer.length
$req.TimeOut = 50000
$req.KeepAlive = $true
$req.Headers.Add("Keep-Alive: 300");
$reqst = $req.getRequestStream()
$reqst.write($buffer, 0, $buffer.length)
[net.httpWebResponse] $res = $req.getResponse()
$resst = $res.getResponseStream()
$sr = new-object IO.StreamReader($resst)
$result = $sr.ReadToEnd()
#The result is a 302 redirect, which means our session is now successfully authenticated

#Ignoring the redirect, we now go to the download page where we send input
#as if we'd clicked the "Download" button, which isn't an HTML button but an
#input image. As before, Fiddler came in handy.
$url = ""
$buffer = [text.encoding]::ascii.getbytes($postData)
[net.httpWebRequest] $req = [net.webRequest]::create($url)
$req.method = "POST"
$req.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
$req.Headers.Add("Accept-Language: en-US")
$req.Headers.Add("Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7")
$req.AllowAutoRedirect = $false
$req.ContentType = "application/x-www-form-urlencoded"
$req.ContentLength = $buffer.length
$req.TimeOut = 50000
$req.KeepAlive = $true
$req.Headers.Add("Keep-Alive: 300");
$reqst = $req.getRequestStream()
$reqst.write($buffer, 0, $buffer.length)
[net.httpWebResponse] $res = $req.getResponse()
$resst = $res.getResponseStream()
$sr = new-object IO.StreamReader($resst)
$result = $sr.ReadToEnd()
Out-File -InputObject $result -FilePath 'result.csv'
#The resulting stream of data is a CSV file that I need for other tasks.


$cc = new-object Net.CookieContainer
$req = [Net.WebRequest]::Create("")
$req.CookieContainer = $cc
$req = [System.Net.HttpWebRequest] [System.Net.WebRequest]::Create($url)
$probe = $html.ReadToEnd() 
$cookie = $ResponseObject.Headers["Set-Cookie"]
$strt = $cookie .indexOf(';', 0)
$sessionid= $cookie.Substring(0,$strt)
$cookie= $data.Headers["Set-Cookie"]
$req.Headers.Add("Accept-Encoding: gzip,deflate")

"{0} = {1}"    -f $cook.Name, $cook.Value
"Domain      : {0}"     -f $cook.Domain
"Path        : {0}"     -f $cook.Path
"Port        : {0}"     -f $cook.Port
"Secure      : {0}"     -f $cook.Secure
"When issued : {0}"     -f $cook.TimeStamp
"Expires     : {0}"     -f $cook.expireds
"Expired?    : {0}"     -f $cook.expired
"Don't save  : {0}"     -f $cook.Discard
"Comment     : {0}"     -f $cook.Comment
"Uri for comments: {0}" -f $cook.CommentUri
"Version     : {0}"     -f $cook.Version
"String: {0} :"         -f $cook.ToString()

 Print number of cookies
if ($response.Cookies.Count -gt 0) {
"{0} Cookies returned from: {1}" -f $Response.Cookies.Count,$site


Then there was this bit. I found I could do everything I wanted to all the way through clicking the download
button by launching an Internet Explorer object. This can even be hidden. However, I found there was no
way to click the Save button of Internet Exporer without isolating the object, bringing the window to the active
or foreground state, then using sendkeys to send specific keys to the window. Since I want this task to run 
even when nobody is logged into Windows, I don't trust that window manipulation would work and sendkeys is a
little dangerous as I've learned in past programming. That said, it did prove useful to have a program I could run
to record activity to Fiddler without having to do interactive typing, so I'll leave that script here in the reference


$ie = new-object -ComObject "InternetExplorer.Application"
$ie.visible = $true #Do you want to see IE?
$ie.silent = $true #Do you want pop-up dialogs suppressed?

while($ie.Busy) { Start-Sleep -Milliseconds 2000 } #My example was something like 100... I had to increase it a LOT before it worked

$elements=$ie.Document.IHTMLDocument3_getElementsByName("txtLoginName");foreach ($element in $elements){ $element.value=$myusername }
$elements=$ie.Document.IHTMLDocument3_getElementsByName("txtPassword");foreach ($element in $elements){ $element.value=$mypassword }
$elements=$ie.Document.IHTMLDocument3_getElementsByName("btnLogin");foreach ($element in $elements){ $ }

while($ie.Busy) { Start-Sleep -Milliseconds 2000 }

$elements=$ie.Document.IHTMLDocument3_getElementsByName("btnDownload");foreach ($element in $elements){ $ }

while($ie.Busy) { Start-Sleep -Milliseconds 2000 }

#Hit "S" on the keyboard to hit the "Save" button on the download box
$obj = new-object -com WScript.Shell
$obj.AppActivate('Internet Explorer')

Find the model of a computer: (not really PowerShell)
wmic csproduct get name

Admin Powershell to check bitlocker status:
manage-bde -Status

Check the size of a folder
function sizefolder($path) { $objFSO = New-Object -com Scripting.FileSystemObject;("{0:N2}" -f (($objFSO.GetFolder($path).Size/1GB)))}

Check out Hyper-V logs:
Get-WinEvent -FilterHashTable @{LogName ="Microsoft-Windows-Hyper-V*"; StartTime = (Get-Date).AddDays(-1);} -ComputerName Hyper-Vserver

Other stuff:
    • Find-Module "Posh-SSH" |install-module
    • Use psexec to enable rdp
  • netsh interface ipv4 set address name="Wi-Fi" static
    netsh interface ipv4 set dns name="Wi-Fi" static
    netsh interface ipv4 set dns name="YOUR INTERFACE NAME" static DNS_SERVER index=2
  • uptime script:
    • Forcing WSUS checkin
  • Ping like a boss:
    • $base="192.168.4.";$ip=@();1..254|%{$ip += $base+$_};$tasks=$ip|%{[System.Net.NetworkInformation.Ping]::new().SendPingAsync($_)};[Threading.Tasks.Task]::WaitAll($Tasks);$Tasks.Result

Boyce Crownover,
Dec 12, 2018, 12:37 PM