LEARN with scripting TRAINING CREATE with SCRIPTING TOOLS SHARE in a COMMUNITY BUY Scripting Products

SAPIEN Solutions

SAPIEN homepage
SAPIEN Software
PrimalScript script editor+ide
PrimalScope script debugger
Free Tools script utilities
SAPIEN Press tech books
ScriptingAnswers.com learn+share
ScriptingOutpost.com online store
Blog.Sapien.com official blog
Contact Us

 

« New Poll: Where do you buy books?
Where do I begin? »

December PowerShell One-Liner

This month’s PowerShell one-liner uses WMI to query event logs on remote computers. Specifically it is searching for logs that record when the Event Log service has started. This is another way you can, determine when a computer has started. It’s not foolproof of course but the one-liner should serve as an example of querying WMI on multiple machines.

   1: Get-WmiObject win32_ntlogevent -filter `
   2: "logfile='system' AND EventCode=6005 AND TimeWritten > `
   3: '$((get-date).AddDays(-30).toShortDateString())'" `
   4: -computername (get-content computers.txt) | 
   5: Select @{name="Computername";Expression={$_.__Server}},`
   6: @{name="StartUp";Expression={$_.ConvertToDateTime($_.timewritten)}}

This expression queries a list of computers and finds the specific event records written in the last 30 days.

Download a text file with this expression here.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Technorati Tags: , , , ,

Tags: , , , ,

This entry was posted on Monday, December 1st, 2008 at 11:00 pm and is filed under Windows PowerShell. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply


Entries (RSS) and Comments (RSS).