2021-08-03发表2022-07-06更新powershell / tip7 分钟读完 (大约1025个字)

PowerShell 技能连载 - 读取打印机属性（第 1 部分）

您可能知道 Get-Printer，它返回系统上所有已安装打印机的名称。但是，您无法通过这种方式获得特定的打印机功能或设置。

Get-PrinterProperty 可以提供帮助。只需提交打印机名称（使用 Get-Printer 找出可用的打印机名称），然后运行以下命令（确保将打印机名称更改为存在的名称）：

PS> Get-PrinterProperty -PrinterName 'S/W Laser HP'

ComputerName         PrinterName          PropertyName         Type       Value
------------         -----------          ------------         ----       -----
                        S/W Laser HP         Config:AccessoryO... String     500Stapler
                        S/W Laser HP         Config:ActualCust... String     431800_914400
                        S/W Laser HP         Config:AutoConfig... String     NotInstalled
                        S/W Laser HP         Config:Auto_install  String     INSTALLED
                        S/W Laser HP         Config:BookletMak... String     NOTINSTALLED
                        S/W Laser HP         Config:CombineMed... String     Installed
                        S/W Laser HP         Config:DeviceIsMo... String     Installed
                        S/W Laser HP         Config:DuplexUnit    String     Installed
                        S/W Laser HP         Config:DynamicRender String     AUTODEVICE
                        S/W Laser HP         Config:EMFSpooling   String     Automatic
                        S/W Laser HP         Config:EdgeToEdge... String     Enabled
                        S/W Laser HP         Config:EmbeddedJo... String     NotInstalled
                        S/W Laser HP         Config:EnvFeed_in... String     NOTINSTALLED
                        S/W Laser HP         Config:HPDisplayD... String     True
                        S/W Laser HP         Config:HPFontInst... String     TRUE
                        S/W Laser HP         Config:HPInstalla... String     HP2HolePunch-Q3689
                        S/W Laser HP         Config:HPInstalla... String     500Stapler-Q2443
                        S/W Laser HP         Config:HPInstalla... String     Auto_install
                        S/W Laser HP         Config:HPJobSepar... String     NotInstalled
                        S/W Laser HP         Config:HPMOutputB... String     500Stapler-Q2443
                        S/W Laser HP         Config:HPMOutputB... String     None
                        S/W Laser HP         Config:HPOutputBi... String     0-0
                        S/W Laser HP         Config:HPPCL6Version String     PDL_VERSION_2-1_OR_GREATER
                        S/W Laser HP         Config:HPPinToPri... String     NotInstalled
                        S/W Laser HP         Config:HPPrnPropR... String     hpchl230.cab
                        S/W Laser HP         Config:HPPunchUni... String     NotInstalled
                        S/W Laser HP         Config:InsLwH1_in... String     NOTINSTALLED
                        S/W Laser HP         Config:InsUpH1_in... String     NOTINSTALLED
                        S/W Laser HP         Config:JobRetention  String     Installed
                        S/W Laser HP         Config:LineWidthC... String     Disabled
                        S/W Laser HP         Config:ManualFeed... String     INSTALLED
                        S/W Laser HP         Config:Memory        String     128MB
                        S/W Laser HP         Config:PCCFoldUnit   String     NOTINSTALLED
                        S/W Laser HP         Config:PCOptional... String     None
                        S/W Laser HP         Config:PCVFoldUnit   String     NOTINSTALLED
                        S/W Laser HP         Config:PrinterHar... String     Installed
                        S/W Laser HP         Config:ProductClass  String     HP
                        S/W Laser HP         Config:SHAccessor... String     None
                        S/W Laser HP         Config:SHByPassTray  String     None
                        S/W Laser HP         Config:SHDocInser... String     None
                        S/W Laser HP         Config:SHInstalla... String     MXFN19
                        S/W Laser HP         Config:SHLargeCap... String     None
                        S/W Laser HP         Config:SHMOutputB... String     None
                        S/W Laser HP         Config:SHPaperFol... String     None
                        S/W Laser HP         Config:SHPuncherUnit String     None
                        S/W Laser HP         Config:SPSOptiona... String     None
                        S/W Laser HP         Config:SecurePrin... String     Installed
                        S/W Laser HP         Config:StaplingUn... String     NOTINSTALLED
                        S/W Laser HP         Config:Tray10_ins... String     NOTINSTALLED
                        S/W Laser HP         Config:Tray1_install String     INSTALLED
                        S/W Laser HP         Config:Tray2_install String     INSTALLED
                        S/W Laser HP         Config:Tray3_install String     INSTALLED
                        S/W Laser HP         Config:Tray4_install String     NOTINSTALLED
                        S/W Laser HP         Config:Tray5_install String     NOTINSTALLED
                        S/W Laser HP         Config:Tray6_install String     NOTINSTALLED
                        S/W Laser HP         Config:Tray7_install String     NOTINSTALLED
                        S/W Laser HP         Config:Tray8_install String     NOTINSTALLED
                        S/W Laser HP         Config:Tray9_install String     NOTINSTALLED
                        S/W Laser HP         Config:TrayExt1_i... String     NOTINSTALLED
                        S/W Laser HP         Config:TrayExt2_i... String     NOTINSTALLED
                        S/W Laser HP         Config:TrayExt3_i... String     NOTINSTALLED
                        S/W Laser HP         Config:TrayExt4_i... String     NOTINSTALLED
                        S/W Laser HP         Config:TrayExt5_i... String     NOTINSTALLED
                        S/W Laser HP         Config:TrayExt6_i... String     NOTINSTALLED

注意：Get-PrinterProperty 是 Windows 操作系统（客户端和服务器）附带的 PrintManagement 模块的一部分。如果您使用非常旧的 Windows 操作系统或其他操作系统，则 cmdlet 可能不可用。

返回的属性列表取决于打印机型号。运行此命令以仅获取可用属性名的列表：

PS> Get-PrinterProperty -PrinterName 'S/W Laser HP' | Select-Object -ExpandProperty PropertyName | Sort-Object -Unique
Config:AccessoryOutputBins
Config:ActualCustomRange
Config:Auto_install
Config:AutoConfiguration
Config:BookletMakerUnit_PC
Config:CombineMediaTypesAndInputBins
Config:DeviceIsMopier
Config:DuplexUnit
Config:DynamicRender
Config:EdgeToEdgeSupport_PC
Config:EmbeddedJobAccounting
Config:EMFSpooling
Config:EnvFeed_install
Config:HPDisplayDocUITab
Config:HPFontInstaller
Config:HPInstallableFinisher
Config:HPInstallableHCO
Config:HPInstallableTrayFeatureName
Config:HPJobSeparatorPage
Config:HPMOutputBinHCOMap
Config:HPMOutputBinHCOPMLMap
Config:HPOutputBinPMLRange
Config:HPPCL6Version
Config:HPPinToPrintOnly
Config:HPPrnPropResourceData
Config:HPPunchUnitType
Config:InsLwH1_install
Config:InsUpH1_install
Config:JobRetention
Config:LineWidthCorrection
Config:ManualFeed_install
Config:Memory
Config:PCCFoldUnit
Config:PCOptionalOutputBin
Config:PCVFoldUnit
Config:PrinterHardDisk
Config:ProductClass
Config:SecurePrinting
Config:SHAccessoryOutputBins
Config:SHByPassTray
Config:SHDocInsertionUnit
Config:SHInstallableHCO
Config:SHLargeCapacityTray
Config:SHMOutputBinHCOMap
Config:SHPaperFoldUnit
Config:SHPuncherUnit
Config:SPSOptionalOutputBin
Config:StaplingUnit_PC
Config:Tray1_install
Config:Tray10_install
Config:Tray2_install
Config:Tray3_install
Config:Tray4_install
Config:Tray5_install
Config:Tray6_install
Config:Tray7_install
Config:Tray8_install
Config:Tray9_install
Config:TrayExt1_install
Config:TrayExt2_install
Config:TrayExt3_install
Config:TrayExt4_install
Config:TrayExt5_install
Config:TrayExt6_install

一旦您知道您所希望了解的属性名，您就可以将结果限制为以下属性：

PS> Get-PrinterProperty -PrinterName 'S/W Laser HP' -PropertyName Config:AccessoryOutputBins, Config:BookletMakerUnit_PC

ComputerName         PrinterName          PropertyName         Type       Value
------------         -----------          ------------         ----       -----
                        S/W Laser HP         Config:AccessoryO... String     500Stapler
                        S/W Laser HP         Config:BookletMak... String     NOTINSTALLED

2021-07-30发表2022-07-06更新powershell / tip1 分钟读完 (大约172个字)

PowerShell 技能连载 - 在 Windows 10 上启用 Telnet

每个 Windows 10 版本都附带一个 telnet 客户端，但它最初是隐藏的。要启用 telnet 客户端，请以完全管理员权限运行以下命令：

PS> Enable-WindowsOptionalFeature -Online -FeatureName TelnetClient -All


Path          :
Online        : True
RestartNeeded : False

安装 telnet 客户端后，您可以使用它与另一台计算机的任何端口进行远程通信。由于新命令 “telnet“ 是一个控制台应用程序，因此请确保在真正的控制台窗口中运行它，例如 powershell.exe 或 pwsh.exe，而不是 ISE 编辑器。

2021-07-28发表2022-07-06更新powershell / tip3 分钟读完 (大约401个字)

PowerShell 技能连载 - 管理快捷方式文件（第 3 部分）

在上一个技巧中，我们创建了新的快捷方式文件，您已经看到 CreateShortcut() 方法如何提供方法来控制快捷方式的几乎所有细节。这是在桌面上创建 PowerShell 快捷方式的代码：

$path = [Environment]::GetFolderPath('Desktop') | Join-Path -ChildPath 'myLink.lnk'
$scut = (New-Object -ComObject WScript.Shell).CreateShortcut($path)
$scut.TargetPath = 'powershell.exe'
$scut.IconLocation = 'powershell.exe,0'
$scut.Save()

但是，代码不能做的一件事是启用快捷方式文件的管理员权限，因此双击快捷方式图标会自动提升 LNK 文件启动的 PowerShell。

要启用管理员权限，您必须右键单击新创建的快捷方式文件并手动选择“属性”，然后手动检查相应的对话框。

或者，您需要知道 URL 文件的二进制格式，并通过 PowerShell 翻转这些位。下面的代码将你刚刚在桌面上创建的快捷方式文件变成了一个自动提升的文件：

# launch LNK file as Administrator
# THIS PATH MUST EXIST (use previous script to create the LNK file or create one manually)
$path = [Environment]::GetFolderPath('Desktop') | Join-Path -ChildPath 'myLink.lnk'
# read LNK file as bytes...
$bytes = [System.IO.File]::ReadAllBytes($path)
# flip a bit in byte 21 (0x15)
$bytes[0x15] = $bytes[0x15] -bor 0x20
# update the bytes
[System.IO.File]::WriteAllBytes($path, $bytes)

当您现在双击 LNK 文件时，它会自动提升权限。将位翻转回原位以从任何 LNK 文件中删除管理员权限功能：

1	$bytes[0x15] = $bytes[0x15] -band -not 0x20

2021-07-26发表2022-07-06更新powershell / tip1 分钟读完 (大约172个字)

PowerShell 技能连载 - 管理快捷方式文件（第 2 部分）

$path = [Environment]::GetFolderPath('Desktop') | Join-Path -ChildPath 'myLink.lnk'
$scut = (New-Object -ComObject WScript.Shell).CreateShortcut($path)
$scut.TargetPath = 'powershell.exe'
$scut.IconLocation = 'powershell.exe,0'
$scut.Save()

这就是全部：在您的桌面上现在有一个新的 PowerShell 快捷方式。调整上面的代码以创建其他应用程序和路径的快捷方式。

2021-07-22发表2022-07-06更新powershell / tip3 分钟读完 (大约514个字)

PowerShell 技能连载 - 管理快捷方式文件（第 1 部分）

PowerShell 可以创建新的 LNK 文件并在旧 COM 对象的帮助下编辑现有文件。

让我们首先在开始菜单中的任何位置找到所有 LNK 文件：

1	[Environment]::GetFolderPath('StartMenu') \| Get-ChildItem -Filter *.lnk -Recurse

这样可以获取到在开始菜单中任何位置找到的所有 LNK 文件。

接下来，让我们读取它们并找出它们的目标和隐藏的键盘快捷键（如果有）：

[Environment]::GetFolderPath('StartMenu') |
  Get-ChildItem -Filter *.lnk -Recurse |
  ForEach-Object { $scut = New-Object -ComObject WScript.Shell } {
    $scut.CreateShortcut($_.FullName)
  }

COM 对象 WScript.Shell 提供了一个名为 CreateShortcut() 的方法，当您传入现有 LNK 文件的路径时，您将返回其内部属性。

在我的环境下，这些 LNK 文件看起来类似于：

FullName         : C:\Users\tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code\Visual Studio Code.lnk
Arguments        :
Description      :
Hotkey           :
IconLocation     : ,0
RelativePath     :
TargetPath       : C:\Users\tobia\AppData\Local\Programs\Microsoft VS Code\Code.exe
WindowStyle      : 1
WorkingDirectory : C:\Users\tobia\AppData\Local\Programs\Microsoft VS Code

FullName         : C:\Users\tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Arguments        :
Description      : Performs object-based (command-line) functions
Hotkey           :
IconLocation     : %SystemRoot%\syswow64\WindowsPowerShell\v1.0\powershell.exe,0
RelativePath     :
TargetPath       : C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
WindowStyle      : 1
WorkingDirectory : %HOMEDRIVE%%HOMEPATH%

FullName         : C:\Users\tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk
Arguments        :
Description      : Windows PowerShell Integrated Scripting Environment. Performs object-based (command-line) functions
Hotkey           :
IconLocation     : %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell_ise.exe,0
RelativePath     :
TargetPath       : C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
WindowStyle      : 1
WorkingDirectory : %HOMEDRIVE%%HOMEPATH%

FullName         : C:\Users\tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk
Arguments        :
Description      : Windows PowerShell Integrated Scripting Environment. Performs object-based (command-line) functions
Hotkey           :
IconLocation     : %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell_ise.exe,0
RelativePath     :
TargetPath       : C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
WindowStyle      : 1
WorkingDirectory : %HOMEDRIVE%%HOMEPATH%

FullName         : C:\Users\tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Arguments        :
Description      : Performs object-based (command-line) functions
Hotkey           :
IconLocation     : %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,0
RelativePath     :
TargetPath       : C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
WindowStyle      : 1
WorkingDirectory : %HOMEDRIVE%%HOMEPATH%

FullName         : C:\Users\tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk
Arguments        : /uninstall
Description      : Uninstall Zoom
Hotkey           :
IconLocation     : C:\Users\tobia\AppData\Roaming\Zoom\bin\Zoom.exe,0
RelativePath     :
TargetPath       : C:\Users\tobia\AppData\Roaming\Zoom\uninstall\Installer.exe
WindowStyle      : 1
WorkingDirectory :

2021-07-20发表2022-07-06更新powershell / tip6 分钟读完 (大约949个字)

PowerShell 技能连载 - 在 Windows 10 中解锁额外的 PowerShell 模块

Windows 10 附带了许多可用于控制服务器功能的 PowerShell 模块 - 例如 WSUS 更新管理，这只是众多模块中的一个。

在早期的 Windows 10 版本中，这些 PowerShell 模块是所谓的 RSAT 工具（远程服务器管理工具）的一部分，需要单独下载。在最近的版本中，您已经拥有 RSAT 工具（本技巧中的所有命令都需要提升权限）：

1 2	\#requires -RunAsAdmin Get-WindowsCapability -Online -Name "Rsat.*" \| Format-Table -AutoSize -Wrap -GroupBy Name -Property DisplayName, Description

结果类似于：

Name: Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Active Directory Domain Services and Lightweight Directory Services Tools	Description
-----------
Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) Tools include snap-ins and command-line tools for remotely managing AD DS and AD LDS on Windows Server.

    Name: Rsat.BitLocker.Recovery.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: BitLocker Drive Encryption Administration Utilities	Description
-----------
BitLocker Drive Encryption Administration Utilities include tools for managing BitLocker Drive Encryption features.
BitLocker Active Directory Recovery Password Viewer helps to locate BitLocker drive encryption recovery passwords in Active Directory Domain Services (AD DS).

    Name: Rsat.CertificateServices.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Active Directory Certificate Services Tools	Description
-----------
Active Directory Certificate Services Tools include the Certification Authority, Certificate Templates, Enterprise PKI, and Online Responder Management snap-ins for remotely managing AD CS on Windows Server

    Name: Rsat.DHCP.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: DHCP Server Tools	Description
-----------
DHCP Server Tools include the DHCP MMC snap-in, DHCP server netsh context and Windows PowerShell module for DHCP Server.

    Name: Rsat.Dns.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: DNS Server Tools	Description
-----------
DNS Server Tools include the DNS Manager snap-in, dnscmd.exe command-line tool and Windows PowerShell module for DNS Server.

    Name: Rsat.FailoverCluster.Management.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Failover Clustering Tools	Description
-----------
Failover Clustering Tools include the Failover Cluster Manager snap-in, the Cluster-Aware Updating interface, and the Failover Cluster module for Windows PowerShell

    Name: Rsat.FileServices.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: File Services Tools	Description
-----------
File Services Tools include snap-ins and command-line tools for remotely managing the File Services role on Windows Server.

    Name: Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Group Policy Management Tools	Description
-----------
Group Policy Management Tools include Group Policy Management Console, Group Policy Management Editor, and Group Policy Starter GPO Editor.

    Name: Rsat.IPAM.Client.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: IP Address Management (IPAM) Client	Description
-----------
IP Address Management (IPAM) Client is used to connect to and manage a remote IPAM server. IPAM provides a central framework for managing IP address space and corresponding infrastructure servers such as DHCP and DNS in an Active Directory forest.

    Name: Rsat.LLDP.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Data Center Bridging LLDP Tools	Description
-----------
Data Center Bridging LLDP Tools include PowerShell tools for remotely managing LLDP agents on Windows Server.

    Name: Rsat.NetworkController.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Network Controller Management Tools	Description
-----------
Network Controller Management Tools include PowerShell tools for managing the Network Controller role on Windows Server.

    Name: Rsat.NetworkLoadBalancing.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Network Load Balancing Tools	Description
-----------
Network Load Balancing Tools include the Network Load Balancing Manager snap-in, the Network Load Balancing module for Windows PowerShell, and the nlb.exe and wlbs.exe command-line tools.

    Name: Rsat.RemoteAccess.Management.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Remote Access Management Tools	Description
-----------
Remote Access Management Tools include graphical and PowerShell tools for managing the Remote Access role on Windows Server.

    Name: Rsat.RemoteDesktop.Services.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Remote Desktop Services Tools	Description
-----------
Remote Desktop Services Tools include snap-ins for Remote Desktop Licensing Manager, Remote Desktop Licensing Diagnostics and Remote Desktop Gateway Manager. Use Server Manager to administer all other RDS role services.

    Name: Rsat.ServerManager.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Server Manager	Description
-----------
Server Manager includes the Server Manager console and PowerShell tools for remotely managing Windows Server, and includes tools to remotely configure NIC teaming on Windows Server and Best Practices Analyzer.

    Name: Rsat.Shielded.VM.Tools~~~~0.0.1.0


DisplayName
-----------
SAT: Shielded VM Tools	Description
-----------
Shielded VM Tools include the Provisioning Data File Wizard and the Template Disk Wizard.

    Name: Rsat.StorageMigrationService.Management.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Storage Migration Service Management Tools	Description
-----------
Provides management tools for storage migration jobs.

    Name: Rsat.StorageReplica.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Storage Replica Module for Windows PowerShell	Description
-----------
Includes PowerShell module to remotely manage the Storage Replica feature on Windows Server 2016.

    Name: Rsat.SystemInsights.Management.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: System Insights Module for Windows PowerShell	Description
-----------
System Insights module for Windows PowerShell provides the ability to manage System Insights feature.

    Name: Rsat.VolumeActivation.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Volume Activation Tools	Description
-----------
Volume activation Tools can be used to manage volume activation license keys on a Key Management Service (KMS) host or in Microsoft Active Directory Domain Services. These tools can be used to install, activate, and manage one or more volume activation license keys, and to configure KMS settings on Windows Server.

Name: Rsat.WSUS.Tools~~~~0.0.1.0


DisplayName
-----------
RSAT: Windows Server Update Services Tools	Description
-----------
Windows Server Update Services Tools include graphical and PowerShell tools for managing WSUS.

要访问所有 RSAT PowerShell 模块和工具，您可以像这样启用它们：

1
2
3

#requires -RunAsAdmin
Get-WindowsCapability -Online -Name "Rsat.*" |
  Add-WindowsCapability -Online -Verbose

2021-07-16发表2022-07-06更新powershell / tip3 分钟读完 (大约421个字)

PowerShell 技能连载 - 启用 ActiveDirectory 模块

Windows 10 附带 ActiveDirectory PowerShell 模块 - 它可能尚未启用。如果您想使用 PowerShell cmdlet 进行 AD 管理 - 即 Get-ADUser - 只需以完全管理员权限运行以下代码：

#requires -RunAsAdmin

$element = Get-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS*"
Add-WindowsCapability -Name $element.Name -Online

完成后，您现在可以访问 ActiveDirectory 模块及其 cmdlet。以下是您获得的清单：

PS C:\> Get-Command -Module ActiveDirectory | Format-Wide -Column 4


Add-ADCentralAccessPolicyMember      Add-ADComputerServiceAccount         Add-ADDomainControllerPasswordRep... Add-ADFineGrainedPasswordPolicyS...
Add-ADGroupMember                    Add-ADPrincipalGroupMembership       Add-ADResourcePropertyListMember     Clear-ADAccountExpiration
Clear-ADClaimTransformLink           Disable-ADAccount                    Disable-ADOptionalFeature            Enable-ADAccount
Enable-ADOptionalFeature             Get-ADAccountAuthorizationGroup      Get-ADAccountResultantPasswordRep... Get-ADAuthenticationPolicy
Get-ADAuthenticationPolicySilo       Get-ADCentralAccessPolicy            Get-ADCentralAccessRule              Get-ADClaimTransformPolicy
Get-ADClaimType                      Get-ADComputer                       Get-ADComputerServiceAccount         Get-ADDCCloningExcludedApplicati...
Get-ADDefaultDomainPasswordPolicy    Get-ADDomain                         Get-ADDomainController               Get-ADDomainControllerPasswordRe...
Get-ADDomainControllerPasswordRep... Get-ADFineGrainedPasswordPolicy      Get-ADFineGrainedPasswordPolicySu... Get-ADForest
Get-ADGroup                          Get-ADGroupMember                    Get-ADObject                         Get-ADOptionalFeature
Get-ADOrganizationalUnit             Get-ADPrincipalGroupMembership       Get-ADReplicationAttributeMetadata   Get-ADReplicationConnection
Get-ADReplicationFailure             Get-ADReplicationPartnerMetadata     Get-ADReplicationQueueOperation      Get-ADReplicationSite
Get-ADReplicationSiteLink            Get-ADReplicationSiteLinkBridge      Get-ADReplicationSubnet              Get-ADReplicationUpToDatenessVec...
Get-ADResourceProperty               Get-ADResourcePropertyList           Get-ADResourcePropertyValueType      Get-ADRootDSE
Get-ADServiceAccount                 Get-ADTrust                          Get-ADUser                           Get-ADUserResultantPasswordPolicy
Grant-ADAuthenticationPolicySiloA... Install-ADServiceAccount             Move-ADDirectoryServer               Move-ADDirectoryServerOperationM...
Move-ADObject                        New-ADAuthenticationPolicy           New-ADAuthenticationPolicySilo       New-ADCentralAccessPolicy
New-ADCentralAccessRule              New-ADClaimTransformPolicy           New-ADClaimType                      New-ADComputer
New-ADDCCloneConfigFile              New-ADFineGrainedPasswordPolicy      New-ADGroup                          New-ADObject
New-ADOrganizationalUnit             New-ADReplicationSite                New-ADReplicationSiteLink            New-ADReplicationSiteLinkBridge
New-ADReplicationSubnet              New-ADResourceProperty               New-ADResourcePropertyList           New-ADServiceAccount
New-ADUser                           Remove-ADAuthenticationPolicy        Remove-ADAuthenticationPolicySilo    Remove-ADCentralAccessPolicy
Remove-ADCentralAccessPolicyMember   Remove-ADCentralAccessRule           Remove-ADClaimTransformPolicy        Remove-ADClaimType
Remove-ADComputer                    Remove-ADComputerServiceAccount      Remove-ADDomainControllerPassword... Remove-ADFineGrainedPasswordPolicy
Remove-ADFineGrainedPasswordPolic... Remove-ADGroup                       Remove-ADGroupMember                 Remove-ADObject
Remove-ADOrganizationalUnit          Remove-ADPrincipalGroupMembership    Remove-ADReplicationSite             Remove-ADReplicationSiteLink
Remove-ADReplicationSiteLinkBridge   Remove-ADReplicationSubnet           Remove-ADResourceProperty            Remove-ADResourcePropertyList
Remove-ADResourcePropertyListMember  Remove-ADServiceAccount              Remove-ADUser                        Rename-ADObject
Reset-ADServiceAccountPassword       Restore-ADObject                     Revoke-ADAuthenticationPolicySilo... Search-ADAccount
Set-ADAccountAuthenticationPolicy... Set-ADAccountControl                 Set-ADAccountExpiration              Set-ADAccountPassword
Set-ADAuthenticationPolicy           Set-ADAuthenticationPolicySilo       Set-ADCentralAccessPolicy            Set-ADCentralAccessRule
Set-ADClaimTransformLink             Set-ADClaimTransformPolicy           Set-ADClaimType                      Set-ADComputer
Set-ADDefaultDomainPasswordPolicy    Set-ADDomain                         Set-ADDomainMode                     Set-ADFineGrainedPasswordPolicy
Set-ADForest                         Set-ADForestMode                     Set-ADGroup                          Set-ADObject
Set-ADOrganizationalUnit             Set-ADReplicationConnection          Set-ADReplicationSite                Set-ADReplicationSiteLink
Set-ADReplicationSiteLinkBridge      Set-ADReplicationSubnet              Set-ADResourceProperty               Set-ADResourcePropertyList
Set-ADServiceAccount                 Set-ADUser                           Show-ADAuthenticationPolicyExpres... Sync-ADObject
Test-ADServiceAccount                Uninstall-ADServiceAccount           Unlock-ADAccount

2021-07-14发表2022-07-06更新powershell / tip3 分钟读完 (大约378个字)

PowerShell 技能连载 - 取证事件日志分析（第 2 部分）

在上一个技能中，我们查看了 Get-EventLog 以进行取证分析并在应用程序日志中查找与搜索相关的错误。Get-EventLog 使用简单，但速度慢且已弃用。虽然在 Windows PowerShell 上使用 Get-EventLog 是完全可以的，但您可能希望改用 Get-WinEvent。它速度更快，也可以在 PowerShell 7 上运行。

让我们快速将 Get-EventLog 转换为 Get-WinEvent，以进行上一技巧中介绍的取证分析。下面的代码在应用程序事件日志中查找与“搜索”源相关的所有错误（您的系统上可能没有）：

# old
Get-EventLog -LogName Application -Source *search* -EntryType error -Newest 10 | Select-Object TimeGenerated, Message

# new
Get-WinEvent -FilterHashtable @{
    LogName = 'Application'
    ProviderName = '*search*'
    Level = 1,2
} -ErrorAction Ignore | Select-Object TimeCreated, Message

要将每天的事件分组，请使用 Group-Object 和日期作为分组标准：

# old
Get-EventLog -LogName Application -Source *search* -EntryType error | Group-Object { Get-Date $_.timegenerated -format yyyy-MM-dd } -NoElement


# new
Get-WinEvent -FilterHashtable @{
    LogName = 'Application'
    ProviderName = '*search*'
    Level = 1,2
} -ErrorAction Ignore | Group-Object { Get-Date $_.TimeCreated -format yyyy-MM-dd } -NoElement

同样，您的日志中可能没有任何与搜索相关的错误条目，但是当您调整条件并搜索不同的事件日志条目时，您会很快意识到 Get-WinEvent 的速度有多快。在上面的示例中，Get-WinEvent 比 Get-EventLog 快大约 10 倍。

2021-07-12发表2022-07-06更新powershell / tip4 分钟读完 (大约598个字)

PowerShell 技能连载 - 取证事件日志分析（第 1 部分）

事件日志记录 Windows 几乎所有方面的信息，因此如果出现问题或停止按预期工作，最好将事件日志取证策略包含在故障排除中。

例如，一些用户报告说他们的 Windows“即时搜索”停止查找更新的电子邮件项目。为什么索引服务不再随 Outlook 更新？

那时阅读事件日志会变得非常重要（并且很有帮助）。下面这行代码能快速找出您是否有系统索引问题。它在“应用程序”日志中搜索与“搜索”相关的任何错误：

PS> Get-EventLog -LogName Application -Source *search* -EntryType error -Newest 10 |
        Select-Object TimeGenerated, Message

TimeGenerated       Message
-------------       -------
21.05.2021 09:55:48 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
21.05.2021 09:48:03 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
21.05.2021 08:55:14 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
21.05.2021 08:47:53 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
21.05.2021 08:32:15 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
21.05.2021 08:28:41 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
21.05.2021 08:26:18 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
20.05.2021 18:14:48 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
20.05.2021 12:55:06 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...
20.05.2021 11:41:06 The protocol handler Mapi16 cannot be loaded. Error description: (HRES...

最明显的是，在这个例子中，Mapi16 协议处理程序似乎存在重复的系统问题，阻止索引服务读取 Outlook 电子邮件。

要了解问题何时发生以及它是否仍然令人担忧，您可以将事件日志条目分组并显示它们的频率：

1 2	PS> Get-EventLog -LogName Application -Source search -EntryType error \| Group-Object { Get-Date $_.timegenerated -format yyyy-MM-dd } -NoElement

本示例中的 Group-Object 使用脚本块来计算分组标准：在 同一天 发生的任何错误事件都被放入同一组中，该组返回一个时间顺序协议。这是示例输出：

Count Name
----- ----
    7 2021-05-21
    6 2021-05-20
   29 2021-05-19
   29 2021-05-18
   16 2021-05-17
    5 2021-05-16
    2 2021-05-15
    8 2021-05-14
    2 2021-05-13
    3 2021-05-12
    9 2021-05-11
   13 2021-05-10
    1 2021-05-09
    3 2021-05-08
    7 2021-05-07
   10 2021-05-06
   15 2021-05-05
    8 2021-05-04
   24 2021-05-03
   22 2021-05-02
   10 2021-05-01
    2 2021-04-30

输出清楚地表明该问题始于 4 月 30 日，一直持续到 5 月 21 日，当时它显然已得到修复。

显然，这些示例不会在您的机器上产生相同的结果（除非您遇到相同的问题）。它们确实展示了事件日志信息的价值以及 PowerShell 可以多么轻松地帮助对数据进行取证检查。

2021-07-08发表2022-07-06更新powershell / tip2 分钟读完 (大约230个字)

PowerShell 技能连载 - 生日派对的琐事

假设您受邀参加一位朋友的 37 岁生日。你可以在生日贺卡上放什么？试试这个：

1 2	PS> Invoke-RestMethod -Uri http://numbersapi.com/37 -UseBasicParsing 37 is the number of plays William Shakespeare is thought to have written (counting Henry IV as three parts).

只需将 URL 中的数字替换为您需要的任何实际数字。这是一个很好的例子，说明使用 PowerShell 使用 REST Web 服务是多么容易。

Invoke-RestMethod 始终是更聪明的选择。有时示例使用 Invoke-WebRequest 代替。对于后者，您需要从接收到的值中手动提取信息并将其转换为正确的格式。这就是 Invoke-RestMethod 自动做的：

1 2	PS> (Invoke-WebRequest -Uri http://numbersapi.com/37 -UseBasicParsing).Content 37 is the cost in cents of the Whopper Sandwich when Burger King first introduced it in 1957.