PowerShell: Gathering Information - Gary-Moore/developmentwiki GitHub Wiki
Common Information Model - CIM
The Common Information Model (CIM) is an extensible, object-oriented data model that contains information about different parts of an enterprise. The CIM is a cross-platform standard maintained by the Distributed Management Task Force (DMTF). Through WMI, a developer can use the CIM to create classes that represent hard disk drives, applications, network routers etc. https://msdn.microsoft.com/en-us/library/aa389234(v=vs.85).aspx
Get-CimInstance
The Get-CimInstance cmdlet gets the CIM instances of a class from a CIM server. You can specify either the class name or a query for this cmdlet.
This cmdlet returns one or more CIM instance objects representing a snapshot of the CIM instances present on the CIM server.
Get Cim Instance of the Win32_PhyicalMemory class
Get-CimInstance -ClassName Win32_PhysicalMemory
Get-CimClass
The Get-CimClass cmdlet retrieves a list of CIM classes in a specific namespace. If there is no class name supplied, then the cmdlet returns all the classes in the namespace.
Unlike a CIM instance, CIM classes do not contain the CIM session or computer name from which they are retrieved.
GetCimClass
Get-CimClass -ClassName *disk*
Get Logical Disk Info
Get-CimInstance -ClassName CIM_LogicalDisk
or
Get-WmiObject -Class win32_LogicalDisk
Get BIOS info
Get-CimInstance Win32_BIOS
Get-CimInstance Win32_BIOS | select Name, Version
Get-Counter
The Get-Counter cmdlet gets live, real-time performance counter data directly from the performance monitoring instrumentation in the Windows family of operating systems. You can use it to get performance data from the local or remote computers at the sample interval that you specify.
Without parameters, this cmdlet gets counter data for a set of system counters.
Get all of the counter sets on the local computer
Get-Counter -ListSet *
Get the Memory Performance Counter
Get-Counter -ListSet *memory* | where CounterSetName -eq 'Memory'
Select the Memory Counter Paths
Get-Counter -ListSet *memory* | where CounterSetName -eq 'Memory' | select -expand Paths
Get the Committed Bytes In Use Counter
get-counter "\memory\% Committed Bytes In Use"
Event Log
The Get-EventLog cmdlet gets events and event logs on the local and remote computers.
You can use the parameters of this cmdlet to search for events by using their property values. This cmdlet gets only the events that match the specified property values.
The cmdlets that contain the EventLog noun work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.
List Event Logs
Get-EventLog -List
Get the five most recent entries from the Application Log
Get-EventLog -Newest 5 -LogName "Application"
Get the last 3 times the Server was Rebooted
Get-EventLog -Newest 1000 -LogName system | where eventid -eq '1074' | format-table machinename, username, timegenerated -autosize
Network
Get-NetIPAddress
The Get-NetIPAddress cmdlet gets the IP address configuration, such as IPv4 addresses, IPv6 addresses and the IP interfaces with which addresses are associated. Without parameters, this cmdlet gets the entire IP address configuration for the computer.
Get-NetIPAddress | Format-Table
Get IPv6 address configuration
Get-NetIPAddress -AddressFamily IPv6
https://docs.microsoft.com/en-us/powershell/module/nettcpip/get-netipaddress?view=win10-ps
Get-NetIPConfiguration
The Get-NetIPConfiguration cmdlet gets network configuration, including usable interfaces, IP addresses, and DNS servers.
If you do not specify any parameters, this cmdlet gets IP configuration properties for all non-virtual connected interfaces on a computer.
Get-NetIPConfiguration
Get-NetIPConfiguration -All
https://docs.microsoft.com/en-us/powershell/module/nettcpip/get-netipconfiguration?view=win10-ps
Get-DNSClient
The Get-DnsClient cmdlet gets configuration details specific to the different network interfaces on a specified computer.
Get-DnsClient
https://docs.microsoft.com/en-gb/powershell/module/dnsclient/Get-DnsClient?view=win10-ps
Get-DnsClientServerAddress
The Get-DnsClientServerAddress cmdlet gets one or more DNS server IP addresses associated with the interfaces on the computer.
Get-DnsClientServerAddress
Get-DnsClientServerAddress -InterfaceAlias "Wired Ethernet Connection"
Get-DnsClientCache
The Get-DnsClientCache cmdlet retrieves the contents of the local DNS client cache.
Get-DnsClientCache
https://docs.microsoft.com/en-gb/powershell/module/dnsclient/get-dnsclientcache?view=win10-ps
Mapping Network Drives
Get-SmbMapping
The Get-SmbMapping cmdlet retrieves the Server Message Block (SMB) client directory mappings created for a server. This can be a mapping from a local drive letter to a remote shared folder, or it can be a mapping without a local path.
Get-SmbMapping
https://docs.microsoft.com/en-gb/powershell/module/smbshare/Get-SmbMapping?view=win10-ps
Set-SmbMapping
New-SmbMapping -LocalPath 'X:' -RemotePath '\\Contoso-SO\VMFiles'
https://docs.microsoft.com/en-gb/powershell/module/smbshare/New-SmbMapping?view=win10-ps
Test-NetConnection
The Test-NetConnection cmdlet displays diagnostic information for a connection. It supports ping test, TCP test, route tracing, and route selection diagnostics. Depending on the input parameters, the output can include the DNS lookup results, a list of IP interfaces, IPsec rules, route/source address selection results, and/or confirmation of connection establishment.
Test-NetConnection
Test-NetConnection -Port 80 -InformationLevel "Detailed"
Test a connection to a remote host
Test-NetConnection -ComputerName "www.contoso.com" -InformationLevel "Detailed"
Test-NetConnection -CommonTCPPort HTTP -ComputerName "www.contoso.com" -InformationLevel "Detailed"
Perform route diagnostics to connect to a remote host
Test-NetConnection -ComputerName www.contoso.com -DiagnoseRouting -InformationLevel Detailed
https://docs.microsoft.com/en-gb/powershell/module/nettcpip/Test-NetConnection?view=win10-ps