I spend my entire working day in a PowerShell prompt. It is often a combination of Windows PowerShell and PowerShell 7. Sometimes I’m in a session with a loaded profile, sometimes not. Sometimes I have a PowerShell 7 Preview session running. And then there are the scheduled jobs which also run PowerShell. Over the years,…
Tag: Get-CIMInstance
Finding Zombie Files with PowerShell
Since this is Halloween weekend in the United States, I thought I’d offer up a PowerShell solution to a scary task – finding zombie files. Ok, maybe these aren’t really living dead files, but rather files with a 0-byte length. It is certainly possible that you may intentionally want a 0 length file. But perhaps…
Resolving SIDs with WMI, WSMAN and PowerShell
In the world of Windows, an account SID can be a very enigmatic thing. Who is S-1-5-21-2250542124-3280448597-2353175939-1019? Fortunately, many applications, such as the event log viewer resolve the SID to an account name. The downside, is that when you are accessing that same type of information from PowerShell, you end up with the “raw’ SID….
Adding System Path to CIMInstance Objects
The other night when I presented for the Mississippi PowerShell Users’ Group, one of the members showed some PowerShell 3.0 code using the CIM cmdlets. At issue is how the CIM cmdlets handle the WMI system properties like __SERVER and __RELPATH. By default, those properties aren’t displayed, but they are captured in the CimSystemProperties property….
Find Files with PowerShell 3.0
My last few articles have looked at using WMI and CIM_DATAFILE class to find files, primarily using Get-WmiObject in PowerShell. But now that we have PowerShell 3.0 at our disposal, we can use the new CIM cmdlets. So I took my most recent version of Get-CIMFile and revised it specifically to use Get-CimInstance. I also…
Query Local Administrators with CIM
Yesterday I posted an article on listing members of the local administrators group with PowerShell and Get-WmiObject. PowerShell 3.0 offers an additional way using the CIM cmdlets. The CIM cmdlets query the same WMI information, except instead of using the traditional RPC/DCOM connection, these cmdlets utilize PowerShell’s remoting endpoint so they are much more firewall…