functionGet-TestData { # if a function is to return more than one information kind, # wrap it in a custom object
[PSCustomObject]@{ # wrap anything you'd like to return ID = 1 Random = Get-Random Date = Get-Date Text = 'Hello' BIOS = Get-WmiObject-Class Win32_BIOS User = $env:username } }
结果是以表格形式呈现:
1 2 3 4 5 6 7 8 9 10
PS> Get-TestData
ID : 1 Random : 147704985 Date : 25.05.201813:09:26 Text : Hello BIOS : \\DESKTOP-7AAMJLF\root\cimv2:Win32_BIOS.Name="1.6.1",SoftwareElementID="1.6.1",SoftwareElementState=3,TargetOperatingSys tem=0,Version="DELL - 1072009" User : tobwe
当移除掉一些属性,限制属性个数为 4 个或更少时,PowerShell 输出一个表格:
1 2 3 4 5
PS> Get-TestData
ID Random Text User ---------------- 1567248729 Hello tobwe
[PSCustomObject]@{ # wrap anything you'd like to return ID = 1 Random = Get-Random Date = Get-Date Text = 'Hello' BIOS = Get-WmiObject-Class Win32_BIOS User = $env:username } | # add the first-class citizen info to your object Add-Member-MemberType MemberSet -Name PSStandardMembers -Value$info-PassThru
ID : 1 Random : 1298877814 Date : 25.05.201813:15:22 Text : Hello BIOS : \\DESKTOP-7AAMJLF\root\cimv2:Win32_BIOS.Name="1.6.1",SoftwareElementID="1.6.1",SoftwareElementState=3,TargetOperatingSys tem=0,Version="DELL - 1072009" User : tobwe
functionGet-TestData { # if a function is to return more than one information kind, # wrap it in a custom object
[PSCustomObject]@{ # wrap anything you'd like to return ID = 1 Random = Get-Random Date = Get-Date Text = 'Hallo' BIOS = Get-WmiObject-Class Win32_BIOS User = $env:username } }
ID : 1 Random : 1794057589 Date : 25.05.201813:06:57 Text : Hallo BIOS : \\DESKTOP-7AAMJLF\root\cimv2:Win32_BIOS.Name="1.6.1",SoftwareElementID="1.6.1",SoftwareElementState=3,TargetOperatingSys tem=0,Version="DELL - 1072009" User : tobwe
# create a script block with internal variables # that will persist $c = & { # define an internal variable that will # PERSIST and keep its value even though # the function exits $a = 0
{ # use the internal variable $script:a++ "You called me $a times!" }.GetNewClosure() }
这段代码创建一个包含内部变量的脚本块。当您多次运行这个脚本块时,计数器会累加:
1 2 3 4 5 6 7 8
PS> & $c You called me 1 times!
PS> & $c You called me 2 times!
PS> & $c You called me 3 times!
然而,脚本内的 $a 变量的作用域既不是 global 也不是 scriptglobal。它的作用域只在脚本块的内部:
If you find yourself always using the same parameter values over again, try using PowerShell default parameters. Here is how: 如果您常常反复使用相同的参数值,试着使用 PowerShell 的缺省参数。以下是实现方法:
1 2 3 4 5 6 7 8 9 10 11 12
# hash table # Key = # Cmdlet:Parameter # Value = # Default value for parameter # * (Wildcard) can be used
# make sure this file exists, or else # pick a different text file that is very large $path = 'C:\Windows\Logs\DISM\dism.log' # SLOW # filtering text file via pipeline (low memory usage) Measure-Command { $result = Get-Content-Path$Path | Where-Object { $_-like'*Error*' } }
# FAST # filtering text by first reading in all # content (high memory usage!) and then # using a classic loop
functionClear-PowerShellLog { <# .SYNOPSIS Ckears the entire PowerShell operational log including script blog logging entries. Administrator privileges required. .DESCRIPTION Clears the complete content of the log Microsoft-Windows-PowerShell/Operational. This includes all logged script block code. .EXAMPLE Clear-PowershellLog Clears the entire log Microsoft-Windows-PowerShell/Operational. #> [CmdletBinding(ConfirmImpact='High')] param()
try { $ErrorActionPreference = 'Stop' wevtutil cl Microsoft-Windows-PowerShell/Operational } catch { Write-Warning"Administrator privileges required. Run this command from an elevated PowerShell."
functionGet-LoggedCode { # to speed up SID-to-user translation, # we use a hash table with already translated SIDs # it is empty at first $translateTable = @{}
# read all raw events $logInfo = @{ ProviderName="Microsoft-Windows-PowerShell"; Id = 4104 } Get-WinEvent-FilterHashtable$logInfo | # take each raw set of data... ForEach-Object { # store the code in this entry
# if this is the first part, take it if ($_.Properties[0].Value -eq1) { $code = $_.Properties[2].Value } # else, add it to the $code variable else { $code += $_.Properties[2].Value }
# return the object when all parts have been processed if ($_.Properties[0].Value -eq$_.Properties[1].Value) { # turn SID into user $userSID = $_.UserId
# if the cache does not contain the user SID yet... if (!$translateTable.ContainsKey($userSid)) { try { # ...try and turn it into a real name, and add it # to the cache $identifier = New-Object System.Security.Principal.SecurityIdentifier($userSID) $result = $identifier.Translate( [System.Security.Principal.NTAccount]).Value $translateTable[$userSid] = $result } catch { # if this fails, use the SID instead of a real name $translateTable[$userSid] = $userSID } } else {
}
# create a new object and extract the interesting # parts from the raw data to compose a "cooked" # object with useful data [PSCustomObject]@{ # when this was logged Time = $_.TimeCreated # script code that was logged Code = $code # path of script file (this is empty for interactive # commands) Path = $_.Properties[4].Value # log level # by default, only level "Warning" will be logged Level = $_.LevelDisplayName # user who executed the code # take the real user name from the cache of translated # user names User = $translateTable[$userSID] } } } }
functionGet-LoggedCode { # to speed up SID-to-user translation, # we use a hash table with already translated SIDs # it is empty at first $translateTable = @{}
# read all raw events $logInfo = @{ ProviderName="Microsoft-Windows-PowerShell"; Id = 4104 } Get-WinEvent-FilterHashtable$logInfo | # take each raw set of data... ForEach-Object { # turn SID into user $userSID = $_.UserId
# if the cache does not contain the user SID yet... if (!$translateTable.ContainsKey($userSid)) { try { # ...try and turn it into a real name, and add it # to the cache $identifier = New-Object System.Security.Principal.SecurityIdentifier($userSID) $result = $identifier.Translate( [System.Security.Principal.NTAccount]).Value $translateTable[$userSid] = $result } catch { # if this fails, use the SID instead of a real name $translateTable[$userSid] = $userSID } } else {
}
# create a new object and extract the interesting # parts from the raw data to compose a "cooked" # object with useful data [PSCustomObject]@{ # when this was logged Time = $_.TimeCreated # script code that was logged Code = $_.Properties[2].Value # if code was split into multiple log entries, # determine current and total part PartCurrent = $_.Properties[0].Value PartTotal = $_.Properties[1].Value
# if total part is 1, code is not fragmented IsMultiPart = $_.Properties[1].Value -ne1 # path of script file (this is empty for interactive # commands) Path = $_.Properties[4].Value # log level # by default, only level "Warning" will be logged Level = $_.LevelDisplayName # user who executed the code # take the real user name from the cache of translated # user names User = $translateTable[$userSID] } } }
functionSet-SBLLogSize { <# .SYNOPSIS Sets a new size for the script block logging log. Administrator privileges required. .DESCRIPTION By default, the script block log has a maximum size of 15MB which may be too small to capture and log PowerShell activity over a given period of time. With this command, you can assign more memory to the log. .PARAMETER MaxSizeMB New log size in Megabyte .EXAMPLE Set-SBLLogSize -MaxSizeMB 100 Sets the maximum log size to 100MB. Administrator privileges required. #>