{"id":8947,"date":"2022-03-11T11:45:16","date_gmt":"2022-03-11T16:45:16","guid":{"rendered":"https:\/\/jdhitsolutions.com\/blog\/?p=8947"},"modified":"2022-03-11T11:45:19","modified_gmt":"2022-03-11T16:45:19","slug":"i-sid-you-not","status":"publish","type":"post","link":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/","title":{"rendered":"I SID You Not!"},"content":{"rendered":"\n

As usually happens during my day, I get sidetracked to another issue, and before you know it, I have a new PowerShell tool. In this instance, I was looking at event logs using Get-WinEvent. One of the event record properties is a UserID.<\/p>\n\n\n\n

\"Sample<\/a><\/figure>\n\n\n\n

That's very nice, but who is this? In this particular instance, the UserID property is SecurityIdentifier object.<\/p>\n\n\n\n

\"System.Security.Principal.SecurityIdentifier\"<\/a><\/figure>\n\n\n\n

To resolve the SID, you can use the Translate() method.<\/p>\n\n\n\n

\"translate<\/a><\/figure>\n\n\n\n

Nice. I can take this a step further to get a simple string.<\/p>\n\n\n\n

$a.userid.Translate([system.security.principal.ntaccount]).value<\/code><\/pre>\n\n\n\n
But what if I only have the SID value as a string? You might encounter this in plain text log files. <\/p>\n\n\n\n
\"sample<\/a><\/figure>\n\n\n\n
How do I resolve this?<\/p>\n\n\n\n
It is actually pretty easy. I can create a SecurityIdentifier object from the string.<\/p>\n\n\n\n
[System.Security.Principal.SecurityIdentifier]::new($sid)<\/code><\/pre>\n\n\n\n
This gives me the object with the Translate() method.<\/p>\n\n\n\n
\"convert<\/a><\/figure>\n\n\n\n
It is not required, but I can resolve the SID as a string with a single expression.<\/p>\n\n\n\n
[System.Security.Principal.SecurityIdentifier]::new($sid).Translate([system.security.principal.NTAccount]).value<\/code><\/pre>\n\n\n\n
\"resolving<\/a><\/figure>\n\n\n\n
Creating a PowerShell Tool<\/h2>\n\n\n\n
Naturally, the next step is to create a PowerShell tool to simplify the entire process and add a touch of extra value.<\/p>\n\n\n\n
Function Resolve-SID {\n    [cmdletbinding()]\n    [OutputType(\"ResolvedSID\", \"String\")]\n    Param(\n        [Parameter(\n            Position = 0,\n            Mandatory,\n            ValueFromPipeline,\n            ValueFromPipelineByPropertyName,\n            HelpMessage = \"Enter a SID string.\"\n        )]\n        [ValidateScript({\n            If ($_ -match 'S-1-[1235]-\\d{1,2}(-\\d+)*') {\n                $True\n            }\n            else {\n                Throw \"The parameter value does not match the pattern for a valid SID.\"\n                $False\n            }\n        })]\n        [string]$SID,\n        [Parameter(HelpMessage = \"Display the resolved account name as a string.\")]\n        [switch]$ToString\n    )\n    Begin {\n        Write-Verbose \"[$((Get-Date).TimeofDay) BEGIN  ] Starting $($myinvocation.mycommand)\"\n    } #begin\n\n    Process {\n        Write-Verbose \"[$((Get-Date).TimeofDay) PROCESS] Converting $SID \"\n        Try {\n            if ($SID -eq 'S-1-5-32') {\n                #apparently you can't resolve the builtin account\n                $resolved = \"$env:COMPUTERNAME\\BUILTIN\"\n            }\n            else {\n                $resolved = [System.Security.Principal.SecurityIdentifier]::new($sid).Translate([system.security.principal.NTAccount]).value\n            }\n\n            if ($ToString) {\n                $resolved\n            }\n            else {\n                if ($resolved -match \"\\\\\") {\n                    $domain = $resolved.Split(\"\\\")[0]\n                    $username = $resolved.Split(\"\\\")[1]\n                }\n                else {\n                    $domain = $Null\n                    $username = $resolved\n                }\n                [pscustomObject]@{\n                    PSTypename = \"ResolvedSID\"\n                    NTAccount  = $resolved\n                    Domain     = $domain\n                    Username   = $username\n                    SID        = $SID\n                }\n            }\n        }\n        Catch {\n            Write-Warning \"Failed to resolve $SID. $($_.Exception.InnerException.Message)\"\n        }\n    } #process\n\n    End {\n        Write-Verbose \"[$((Get-Date).TimeofDay) END    ] Ending $($myinvocation.mycommand)\"\n    } #end\n\n} #close Resolve-SID<\/code><\/pre>\n\n\n\n
\"resolve<\/a><\/figure>\n\n\n\n
At the core, my function uses the one-line resolution code. I'm parsing the result to create a richer object. Although, I included a ToString parameter. <\/p>\n\n\n\n
\"resolving<\/a><\/figure>\n\n\n\n
This makes it easier to use the result in your messaging or logging.<\/p>\n\n\n\n
The other item of interest in the function is the parameter validation for the SID. I'm using a regular expression pattern to verify that the value looks like a SID.  <\/p>\n\n\n\n
\"SID<\/a><\/figure>\n\n\n\n
The regular expression pattern should take into account built-in SIDs as well.<\/p>\n\n\n\n
\"resolving<\/a><\/figure>\n\n\n\n
By the way, my function writes a typed object to the pipeline so you could create a format ps1xml file.<\/p>\n\n\n\n
The only issue I encountered was resolving the BUILTIN SID of S-1-5-32. This was the only valid SID I found that my code failed to resolve. Instead, I handle this is with a simple IF statement.<\/p>\n\n\n\n
if ($SID -eq 'S-1-5-32') {\n    #apparently you can't resolve the builtin account\n    $resolved = \"$env:COMPUTERNAME\\BUILTIN\"\n}\nelse {\n    $resolved = [System.Security.Principal.SecurityIdentifier]::new($sid).Translate([system.security.principal.NTAccount]).value\n}<\/code><\/pre>\n\n\n\n
If there is any other error trying to resolve the SID, I'll handle it in the Catch block and write a warning.<\/p>\n\n\n\n
\"failing<\/a><\/figure>\n\n\n\n
I have no doubt there are other tools to resolve SIDs and my function is by no means the only PowerShell solution you'll find. I'd love to hear what you think.<\/p>\n","protected":false},"excerpt":{"rendered":"
As usually happens during my day, I get sidetracked to another issue, and before you know it, I have a new PowerShell tool. In this instance, I was looking at event logs using Get-WinEvent. One of the event record properties is a UserID. That’s very nice, but who is this? In this particular instance, the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"New on the Blog: Resolving SIDs with #PowerShell","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[224,534,540,554],"class_list":["post-8947","post","type-post","status-publish","format-standard","hentry","category-powershell","tag-function","tag-powershell","tag-scripting","tag-security"],"yoast_head":"\nI SID You Not! • The Lonely Administrator<\/title>\n<meta name=\"description\" content=\"Here's how I ended up writing a PowerShell function to resolve a SID string to an account name. The function uses a regex pattern for validation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"I SID You Not! • The Lonely Administrator\" \/>\n<meta property=\"og:description\" content=\"Here's how I ended up writing a PowerShell function to resolve a SID string to an account name. The function uses a regex pattern for validation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/\" \/>\n<meta property=\"og:site_name\" content=\"The Lonely Administrator\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-11T16:45:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-11T16:45:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/03\/event-userid.png\" \/>\n<meta name=\"author\" content=\"Jeffery Hicks\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@JeffHicks\" \/>\n<meta name=\"twitter:site\" content=\"@JeffHicks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeffery Hicks\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/\"},\"author\":{\"name\":\"Jeffery Hicks\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"headline\":\"I SID You Not!\",\"datePublished\":\"2022-03-11T16:45:16+00:00\",\"dateModified\":\"2022-03-11T16:45:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/\"},\"wordCount\":377,\"commentCount\":7,\"publisher\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"image\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/event-userid.png\",\"keywords\":[\"Function\",\"PowerShell\",\"Scripting\",\"security\"],\"articleSection\":[\"PowerShell\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/\",\"name\":\"I SID You Not! • The Lonely Administrator\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/event-userid.png\",\"datePublished\":\"2022-03-11T16:45:16+00:00\",\"dateModified\":\"2022-03-11T16:45:19+00:00\",\"description\":\"Here's how I ended up writing a PowerShell function to resolve a SID string to an account name. The function uses a regex pattern for validation.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/#primaryimage\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/event-userid.png\",\"contentUrl\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/event-userid.png\",\"width\":917,\"height\":153},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/8947\\\/i-sid-you-not\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"PowerShell\",\"item\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/category\\\/powershell\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"I SID You Not!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/\",\"name\":\"The Lonely Administrator\",\"description\":\"Practical Advice for the Automating IT Pro\",\"publisher\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\",\"name\":\"Jeffery Hicks\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"caption\":\"Jeffery Hicks\"},\"logo\":{\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"I SID You Not! • The Lonely Administrator","description":"Here's how I ended up writing a PowerShell function to resolve a SID string to an account name. The function uses a regex pattern for validation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/","og_locale":"en_US","og_type":"article","og_title":"I SID You Not! • The Lonely Administrator","og_description":"Here's how I ended up writing a PowerShell function to resolve a SID string to an account name. The function uses a regex pattern for validation.","og_url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/","og_site_name":"The Lonely Administrator","article_published_time":"2022-03-11T16:45:16+00:00","article_modified_time":"2022-03-11T16:45:19+00:00","og_image":[{"url":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/03\/event-userid.png","type":"","width":"","height":""}],"author":"Jeffery Hicks","twitter_card":"summary_large_image","twitter_creator":"@JeffHicks","twitter_site":"@JeffHicks","twitter_misc":{"Written by":"Jeffery Hicks","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/#article","isPartOf":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/"},"author":{"name":"Jeffery Hicks","@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"headline":"I SID You Not!","datePublished":"2022-03-11T16:45:16+00:00","dateModified":"2022-03-11T16:45:19+00:00","mainEntityOfPage":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/"},"wordCount":377,"commentCount":7,"publisher":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"image":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/#primaryimage"},"thumbnailUrl":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/03\/event-userid.png","keywords":["Function","PowerShell","Scripting","security"],"articleSection":["PowerShell"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/","url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/","name":"I SID You Not! • The Lonely Administrator","isPartOf":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/#primaryimage"},"image":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/#primaryimage"},"thumbnailUrl":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/03\/event-userid.png","datePublished":"2022-03-11T16:45:16+00:00","dateModified":"2022-03-11T16:45:19+00:00","description":"Here's how I ended up writing a PowerShell function to resolve a SID string to an account name. The function uses a regex pattern for validation.","breadcrumb":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/#primaryimage","url":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/03\/event-userid.png","contentUrl":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/03\/event-userid.png","width":917,"height":153},{"@type":"BreadcrumbList","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8947\/i-sid-you-not\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"PowerShell","item":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},{"@type":"ListItem","position":2,"name":"I SID You Not!"}]},{"@type":"WebSite","@id":"https:\/\/jdhitsolutions.com\/blog\/#website","url":"https:\/\/jdhitsolutions.com\/blog\/","name":"The Lonely Administrator","description":"Practical Advice for the Automating IT Pro","publisher":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jdhitsolutions.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9","name":"Jeffery Hicks","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","url":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","caption":"Jeffery Hicks"},"logo":{"@id":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg"}}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":6974,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/6974\/watching-the-watcher-with-powershell\/","url_meta":{"origin":8947,"position":0},"title":"Watching the Watcher with PowerShell","author":"Jeffery Hicks","date":"November 14, 2019","format":false,"excerpt":"If you followed along with my recent articles about my PowerShell based backup system, you may recall that I used a PowerShell scheduled job an an event subscriber to monitor for file changes in key folders that I want to back up. I created the scheduled task to run at\u2026","rel":"","context":"In "PowerShell"","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2019\/11\/image_thumb-14.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2019\/11\/image_thumb-14.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2019\/11\/image_thumb-14.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2019\/11\/image_thumb-14.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":8386,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8386\/powershell-event-log-mining\/","url_meta":{"origin":8947,"position":1},"title":"PowerShell Event Log Mining","author":"Jeffery Hicks","date":"May 7, 2021","format":false,"excerpt":"The other day someone who is learning PowerShell reached out to me with a problem. He couldn't understand why the relatively simple PowerShell expression to pull information from the System event log wasn't working. He wasn't seeing errors, but he also wasn't seeing the events he was expecting. Searching event\u2026","rel":"","context":"In "PowerShell"","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/05\/get-restart-5.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/05\/get-restart-5.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/05\/get-restart-5.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/05\/get-restart-5.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":5675,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/5675\/powershell-reminders-now-in-beta\/","url_meta":{"origin":8947,"position":2},"title":"PowerShell Reminders now in Beta","author":"Jeffery Hicks","date":"October 6, 2017","format":false,"excerpt":"For awhile now I've been working on a PowerShell project that I use every day. I am always in a PowerShell prompt and because I always seem to have little things like phone calls or family events that I need to keep track of, I wrote a \"tickler\" system. The\u2026","rel":"","context":"In "GitHub"","block_context":{"text":"GitHub","link":"https:\/\/jdhitsolutions.com\/blog\/category\/github\/"},"img":{"alt_text":"image","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2017\/10\/image_thumb.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2017\/10\/image_thumb.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2017\/10\/image_thumb.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2017\/10\/image_thumb.png?resize=700%2C400 2x"},"classes":[]},{"id":9422,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/9422\/introducing-psreminderlite\/","url_meta":{"origin":8947,"position":3},"title":"Introducing PSReminderLite","author":"Jeffery Hicks","date":"August 14, 2024","format":false,"excerpt":"For several years, I have been using a PowerShell module I wrote called MyTickle to help me manage my reminders and events. I spend my days at a PowerShell prompt, and I wanted an easy way to keep track of upcoming events. The module relied on a SQL Server or\u2026","rel":"","context":"In "GitHub"","block_context":{"text":"GitHub","link":"https:\/\/jdhitsolutions.com\/blog\/category\/github\/"},"img":{"alt_text":"PSReminderTags","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2024\/08\/remindertags-300x148.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":6905,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/6905\/creating-a-powershell-backup-system\/","url_meta":{"origin":8947,"position":4},"title":"Creating a PowerShell Backup System","author":"Jeffery Hicks","date":"November 7, 2019","format":false,"excerpt":"If you follow me on Twitter, you know that I have a monthly tweet reminder about running and testing backups. I have to say that the concept of a backup is different today than it was when I started in IT. Now we have cheap disk storage and cloud services.\u2026","rel":"","context":"In "PowerShell"","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2019\/11\/image_thumb-4.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2019\/11\/image_thumb-4.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2019\/11\/image_thumb-4.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2019\/11\/image_thumb-4.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":9229,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/9229\/exposing-the-mystery-of-powershell-objects\/","url_meta":{"origin":8947,"position":5},"title":"Exposing the Mystery of PowerShell Objects","author":"Jeffery Hicks","date":"March 14, 2023","format":false,"excerpt":"A few weeks ago, I was working on content for a new PowerShell course for Pluralsight. The subject was objects. We all know the importance of working with objects in PowerShell. Hopefully, you also know that the output you get on your screen from running a PowerShell command is not\u2026","rel":"","context":"In "PowerShell"","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2023\/03\/2023-03-14_10-19-52.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2023\/03\/2023-03-14_10-19-52.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2023\/03\/2023-03-14_10-19-52.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/8947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/comments?post=8947"}],"version-history":[{"count":0,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/8947\/revisions"}],"wp:attachment":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/media?parent=8947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/categories?post=8947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/tags?post=8947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}