#requires -RunAsAdmin

$Days = 180

$machineName = @{
    Name = 'MachineName'
    Expression = { $env:COMPUTERNAME }
}

$FileName = @{
        Name = 'FileName';
        Expression = { $_.properties[2].value }
}

$Name = @{
        Name = 'Name';
        Expression = { $_.properties[4].value }
}

$Version = @{
        Name = 'Version'
        Expression = { $_.properties[6].value }
}

$TotalTime = @{
        Name = 'TotalTime'
        Expression = { $_.properties[7].value }
}

$DegradationTime = @{
        Name = 'DegradationTime'
        Expression = { $_.properties[8].value }
}

Get-WinEvent -FilterHashtable @{
    LogName='Microsoft-Windows-Diagnostics-Performance/Operational'
    Id=101
    StartTime = (Get-Date).AddDays(-$Days)
    Level = 1,2
} |
  Select-Object -Property $MachineName, TimeCreated,
                          $FileName, $Name, $Version,
                          $TotalTime, $DegradationTime, Message |
  Out-GridView

$Parameters = @{
Name = "Packages"
Path = "C:\Repo1"
FullAccess = "{0}\{1}" -f $env:userdomain, $env:username
}

New-SmbShare @Parameters

PS> New-SmbShare -Name Packages -Path c:\repo1 -FullAccess 'domain\username'

# Read-Host
$entered = Read-Host -Prompt 'Enter secret info' -AsSecureString

# mandatory parameter
function test([Parameter(Mandatory)][SecureString]$Secret)
{
    "You entered secret: $Secret"
    return $Secret
}

# run function with mandatory parameter
$entered = test

filter Convert-SecureStringToString
{
   param([Parameter(Mandatory,ValueFromPipeline)][SecureString]$SecureString)
   [Runtime.InteropServices.Marshal]::
    PtrToStringAuto(
     [Runtime.InteropServices.Marshal]::
     SecureStringToBSTR($SecureString)
    )
}

# Read-Host
$entered = Read-Host -Prompt 'Enter secret info' -AsSecureString |
             Convert-SecureStringToString

PS> Get-ControlPanelItem -Name *print*

Name                 CanonicalName                Category             Description
----                 -------------                --------             -----------
Devices and Printers Microsoft.DevicesAndPrinters {Hardware and Sound} View and manage devices, printers, and print jobs

PS> Show-ControlPanelItem -Name *print*

function Get-WinEvent
{
    [CmdletBinding(DefaultParameterSetName='GetLogSet', HelpUri='https://go.microsoft.com/fwlink/?LinkID=138336')]
    param(

        [Parameter(ParameterSetName='ListLogSet', Mandatory, Position=0)]
        [AllowEmptyCollection()]
        [string[]]
        ${ListLog},

        [Parameter(ParameterSetName='LogNameGetEventlog', Mandatory, Position=0)] <#NEW#>
        [Parameter(ParameterSetName='GetLogSet', Position=0, ValueFromPipeline, ValueFromPipelineByPropertyName)]
        [string[]]
        [ArgumentCompleter({
          # receive information about current state:
          param($commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameters)

          # list all log files in the path
          Get-WinEvent -ListLog * -ErrorAction Ignore |
          Where-Object RecordCount -gt 0 |
          Sort-Object -Property LogName |
          # filter results by word to complete
          Where-Object { $_.LogName -like "$wordToComplete*" } |
          Foreach-Object {
            # create completionresult items:
            $completion = $_.LogName
            if ($completion -like '* *')
            {
                $completion = "'$completion'"
            }
            $displayname = $_.LogName
            $tooltip = '{0:n0} Records, {1:n0} MB' -f $_.RecordCount, ($_.MaximumSizeInBytes/1MB)
            [System.Management.Automation.CompletionResult]::new($completion, $displayname, "ParameterValue", $tooltip)
          }
            })]
        ${LogName},

        [Parameter(ParameterSetName='ListProviderSet', Mandatory, Position=0)]
        [AllowEmptyCollection()]
        [string[]]
        ${ListProvider},

        <# Get-EventLog supports wildcards, Get-WinEvent does not. Needs to be corrected. #>
        [Parameter(ParameterSetName='GetProviderSet', Mandatory, Position=0, ValueFromPipelineByPropertyName)]
        [string[]]
        ${ProviderName},

        [Parameter(ParameterSetName='FileSet', Mandatory, Position=0, ValueFromPipelineByPropertyName)]
        [Alias('PSPath')]
        [string[]]
        ${Path},

        [Parameter(ParameterSetName='FileSet')]
        [Parameter(ParameterSetName='GetProviderSet')]
        [Parameter(ParameterSetName='GetLogSet')]
        [Parameter(ParameterSetName='HashQuerySet')]
        [Parameter(ParameterSetName='XmlQuerySet')]
        [ValidateRange(1, 9223372036854775807)]
        [long]
        ${MaxEvents},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [ValidateRange(0, 2147483647)]
        [int]
        ${Newest},

        [Parameter(ParameterSetName='GetProviderSet')]
        [Parameter(ParameterSetName='ListProviderSet')]
        [Parameter(ParameterSetName='ListLogSet')]
        [Parameter(ParameterSetName='GetLogSet')]
        [Parameter(ParameterSetName='HashQuerySet')]
        [Parameter(ParameterSetName='XmlQuerySet')]
        [Parameter(ParameterSetName='LogNameGetEventlog')] <#NEW#>
        [Alias('Cn')]
        [ValidateNotNullOrEmpty()] <#CORRECTED#>
        [string] <# used to be [String[]], Get-WinEvent accepts [string] only, should be changed to accept string arrays #>
        ${ComputerName},

        [Parameter(ParameterSetName='GetProviderSet')]
        [Parameter(ParameterSetName='ListProviderSet')]
        [Parameter(ParameterSetName='ListLogSet')]
        [Parameter(ParameterSetName='GetLogSet')]
        [Parameter(ParameterSetName='HashQuerySet')]
        [Parameter(ParameterSetName='XmlQuerySet')]
        [Parameter(ParameterSetName='FileSet')]
        [pscredential]
        [System.Management.Automation.CredentialAttribute()]
        ${Credential},

        [Parameter(ParameterSetName='FileSet')]
        [Parameter(ParameterSetName='GetProviderSet')]
        [Parameter(ParameterSetName='GetLogSet')]
        [ValidateNotNull()]
        [string]
        ${FilterXPath},

        [Parameter(ParameterSetName='XmlQuerySet', Mandatory, Position=0)]
        [xml]
        ${FilterXml},

        [Parameter(ParameterSetName='HashQuerySet', Mandatory, Position=0)]
        [hashtable[]]
        ${FilterHashtable},

        [Parameter(ParameterSetName='GetProviderSet')]
        [Parameter(ParameterSetName='ListLogSet')]
        [Parameter(ParameterSetName='GetLogSet')]
        [Parameter(ParameterSetName='HashQuerySet')]
        [switch]
        ${Force},

        [Parameter(ParameterSetName='GetLogSet')]
        [Parameter(ParameterSetName='GetProviderSet')]
        [Parameter(ParameterSetName='FileSet')]
        [Parameter(ParameterSetName='HashQuerySet')]
        [Parameter(ParameterSetName='XmlQuerySet')]
        [switch]
        ${Oldest},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [ValidateNotNullOrEmpty()]
        [datetime]
        ${After},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [ValidateNotNullOrEmpty()]
        [datetime]
        ${Before},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [ValidateNotNullOrEmpty()]
        [string[]]
        ${UserName},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog', Position=1)]
        [ValidateRange(0, 9223372036854775807)]
        [ValidateNotNullOrEmpty()]
        [long[]]
        ${InstanceId},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [ValidateNotNullOrEmpty()]
        [ValidateRange(1, 2147483647)]
        [int[]]
        ${Index},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [Alias('ET','LevelDisplayName')]
        [ValidateNotNullOrEmpty()]
        [ValidateSet('Error','Information','FailureAudit','SuccessAudit','Warning')]
        [string[]]
        ${EntryType},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [Alias('ABO')]
        [ValidateNotNullOrEmpty()]
        [string[]]
        [ArgumentCompleter({
          # receive information about current state:
          param($commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameters)

          if ($fakeBoundParameters.ContainsKey('LogName'))
          {
            $nofilter = $false
            $chosenLog = $fakeBoundParameters['LogName']
          }
          else
          {
            $nofilter = $true
            $chosenLog = ''
          }
          # list all log files in the path
          Get-WinEvent -ListProvider * -ErrorAction Ignore |
          Where-Object { $nofilter -or ($_.LogLinks.LogName -contains $chosenLog) } |
          Select-Object -ExpandProperty Name |
          Sort-Object |
          # filter results by word to complete
          Where-Object { $_ -like "$wordToComplete*" } |
          Foreach-Object {
            # create completionresult items:
            $completion = $_
            if ($completion -like '* *')
            {
                $completion = "'$completion'"
            }
            $displayname = $_
            $tooltip = $_
            [System.Management.Automation.CompletionResult]::new($completion, $displayname, "ParameterValue", $tooltip)
          }
            })]
        ${Source},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [Alias('MSG')]
        [ValidateNotNullOrEmpty()]
        [string]
        ${Message},

        <# NEW #>
        [Parameter(ParameterSetName='LogNameGetEventlog')]
        [switch]
        ${AsBaseObject},

        [Parameter(ParameterSetName='ListGetEventlog')]
        [switch]
        ${List},

        [Parameter(ParameterSetName='ListGetEventlog')]
        [switch]
        ${AsString}


    )

    begin
    {
        try {
            $outBuffer = $null
            if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer))
            {
                $PSBoundParameters['OutBuffer'] = 1
            }
            $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Microsoft.PowerShell.Diagnostics\Get-WinEvent', [System.Management.Automation.CommandTypes]::Cmdlet)

            # if the user chose the Get-EventLog compatible parameters,
            # compose the appropriate filterhashtable:
            $scriptCmd = if ($PSCmdlet.ParameterSetName -eq 'LogNameGetEventlog')
            {
                # mandatory parameter:
                $filter = @{
                    LogName = $PSBoundParameters['Logname']
                }
                $null = $PSBoundParameters.Remove('LogName')

                if ($PSBoundParameters.ContainsKey('Before'))
                {
                    $filter['EndTime'] = $PSBoundParameters['Before']
                    $null = $PSBoundParameters.Remove('Before')
                }
                if ($PSBoundParameters.ContainsKey('After'))
                {
                    $filter['StartTime'] = $PSBoundParameters['After']
                    $null = $PSBoundParameters.Remove('After')
                }
                if ($PSBoundParameters.ContainsKey('EntryType'))
                {
                    # severity is translated to an integer array:

                    $levelFlags = [System.Collections.Generic.List[int]]@()

                    # string input converted to integer array:
                    if ($PSBoundParameters['EntryType'] -contains 'Error')
                    {
                        $levelFlags.Add(1) # critical
                        $levelFlags.Add(2) # error
                    }
                    if ($PSBoundParameters['EntryType'] -contains 'Warning')
                    {
                        $levelFlags.Add(3) # warning
                    }
                    if ($PSBoundParameters['EntryType'] -contains 'Information')
                    {
                        $levelFlags.Add(4) # informational
                        $levelFlags.Add(5) # verbose
                    }


                    # default to 0:
                    if ($levelFlags.Count -gt 0)
                    {
                        $filter['Level'] = [int[]]$levelFlags
                    }

                    # audit settings stored in Keywords key:
                    if ($PSBoundParameters['EntryType'] -contains 'FailureAudit')
                    {
                        $filter['Keywords'] += 0x10000000000000
                    }
                    if ($PSBoundParameters['EntryType'] -contains 'SuccessAudit')
                    {
                        $filter['Keywords'] += 0x20000000000000
                    }
                    $null = $PSBoundParameters.Remove('EntryType')
                }
                if ($PSBoundParameters.ContainsKey('InstanceId'))
                {
                    $filter['ID'] = $PSBoundParameters['InstanceId']
                    $null = $PSBoundParameters.Remove('InstanceId')
                }
                if ($PSBoundParameters.ContainsKey('Source'))
                {
                    $filter['ProviderName'] = $PSBoundParameters['Source']
                    $null = $PSBoundParameters.Remove('Source')
                }

                $PSBoundParameters['FilterHashtable'] = $filter
                Write-Verbose ("FilterHashtable: " + ($filter | Out-String))

                if ($PSBoundParameters.ContainsKey('Newest'))
                {
                    $PSBoundParameters['MaxEvents'] = $PSBoundParameters['Newest']
                    $null = $PSBoundParameters.Remove('Newest')
                }
            }
            $scriptCmd = if ($PSBoundParameters.ContainsKey('Message'))
                {
                    $null = $PSBoundParameters.Remove('Message')
                    { & $wrappedCmd @PSBoundParameters | Where-Object Message -like $Message }
                }
                else
                {
                    { & $wrappedCmd @PSBoundParameters }
                }



            $steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)
            $steppablePipeline.Begin($PSCmdlet)
        } catch {
            throw
        }
    }

    process
    {
        try {
            $steppablePipeline.Process($_)
        } catch {
            throw
        }
    }

    end
    {
        try {
            $steppablePipeline.End()
        } catch {
            throw
        }
    }
    <#

            .ForwardHelpTargetName Microsoft.PowerShell.Diagnostics\Get-WinEvent
            .ForwardHelpCategory Cmdlet

    #>

}

PS> Get-EventLog -LogName System -EntryType Error -Newest 3

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
  551873 Jun 02 06:40  Error       DCOM                        10010 The description for Event ID '10010' ...
  551872 Jun 02 06:38  Error       DCOM                        10010 The description for Event ID '10010' ...
  551848 Jun 02 03:35  Error       DCOM                        10010 The description for Event ID '10010' ...

PS> Get-WinEvent -LogName System -EntryType Error -Newest 3

   ProviderName: Microsoft-Windows-DistributedCOM

TimeCreated                      Id LevelDisplayName Message
-----------                      -- ---------------- -------

02.06.2023 06:40:14           10010 Error            The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did...
02.06.2023 06:38:14           10010 Error            The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did...
02.06.2023 03:35:23           10010 Error            The server {776DBC8D-7347-478C-8D71-791E12EF49D8} did...

PS> Get-WinEvent -LogName System -EntryType Error -Newest 3 -Verbose
VERBOSE: FilterHashtable:
Name                           Value
----                           -----
LogName                        {System}
Level                          {1, 2}

VERBOSE: Constructed structured query:
<QueryList><Query Id="0" Path="system"><Select Path="system">*[((System/Level=1) or
(System/Level=2))]</Select></Query></QueryList>.

   ProviderName: Microsoft-Windows-DistributedCOM
TimeCreated                      Id LevelDisplayName Message
-----------                      -- ---------------- -------
02.06.2023 06:40:14           10010 Error            The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with
DCOM ...
02.06.2023 06:38:14           10010 Error            The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with
DCOM ...
02.06.2023 03:35:23           10010 Error            The server {776DBC8D-7347-478C-8D71-791E12EF49D8} did not register with
DCOM ...

PS> Get-EventLog -Source Microsoft-Windows-Kernel-General -Newest 2 -LogName System -InstanceId 1

 Index Time         EntryType   Source                           InstanceID Message
 ----- ----         ---------   ------                           ---------- -------
551590 Jun 01 17:57 Information Microsoft-Windows-Kernel-General          1 Possible detection of CVE: 2023-06-01T15:57:15.025483...
551505 Mai 31 17:57 Information Microsoft-Windows-Kernel-General          1 Possible detection of CVE: 2023-05-31T15:57:13.842816...

PS> Get-WinEvent -FilterHashtable @{
    ProviderName = 'Microsoft-Windows-Kernel-General'
    LogName = 'System'
    Id = 1
} -MaxEvents 2

ProviderName: Microsoft-Windows-Kernel-General
TimeCreated         Id LevelDisplayName Message
-----------         -- ---------------- -------
01.06.2023 17:57:15  1 Information      The system time has changed to ‎2023‎-‎06‎-‎01T15:57:15.025483100Z from ‎2023‎-‎06‎-‎01T1...
31.05.2023 17:57:13  1 Information      The system time has changed to ‎2023‎-‎05‎-‎31T15:57:13.842816200Z from ‎2023‎-‎05‎-‎31T1...

param (
[Parameter(Mandatory)]
[DateTime]$Date
)

$cutoff = $Date.toString('"0000-"MM-dd')
'Zodiac,Sternzeichen,StartDate
Capricorn,Steinbock,0000-01-20
Aquarius,Wassermann,0000-01-21
Pisces,Fische,0000-02-20
Aries,Widder,0000-03-21
Taurus,Stier,0000-04-21
Gemini,Zwillinge,0000-05-21
Cancer,Krebs,0000-06-22
Leo,Löwe,0000-07-23
Virgo,Jungfrau,0000-08-23
Libra,Waage,0000-09-23
Scorpio,Skorpion,0000-10-23
Sagittarius,Schütze,0000-11-22' |
ConvertFrom-Csv |
Where-Object StartDate -lt $cutoff |
Select-Object -Last 1

PS> (Get-Date).ToString('"0000-"MM-dd')
0000-06-02

PS> $anyDate = Get-Date -Date '2024-12-24 19:22:11'

PS> $anyDate.ToString('"0000-"MM-dd')
0000-12-24

PS> (Get-Date).AddHours(-48).ToString('yyyy-MM-dd "08:45:00"')
2023-05-31 08:45:00