Powershell

get-process [-Name string] Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ------- ------ ----- ----- ----- ------ -- ----------- 1504 69 113124 190068 496 725.77 696 chrome 202 21 31500 29828 205 5.63 2096 chrome 326 33 59024 80384 334 42.78 2396 chrome 147 9 1412 4728 67 0.02 3740 chrome 285 32 33040 57192 236 3.84 4192 chrome 262 27 38300 54908 226 3.92 4340 chrome 255 27 38636 51776 231 1.88 4440 chrome 932 43 78888 122212 353 455.20 4924 chrome 118 9 1372 4612 67 0.05 4932 chrome 340 31 56320 77620 324 84.39 5328 chrome 212 24 76552 75492 254 7.47 5480 chrome 184 19 35456 12896 180 0.08 6564 chrome 29 4 1516 2416 16 0.00 5980 cmd 66 7 1120 6072 57 0.05 312 conhost 64 7 1884 7632 59 0.00 2776 conhost 221 11 1728 3588 45 0.25 548 csrss 272 16 1976 34740 74 41.19 600 csrss 198 14 2020 26964 72 2.16 3820 csrss 112 7 1228 4948 54 0.02 3832 dllhost 5285 9600 182316 176228 224 2.13 1328 dns 192 27 61500 100852 193 212.72 908 dwm 207 23 26132 65752 160 9.25 3748 dwm 1343 70 50880 109020 584 65.73 536 explorer 1281 83 39888 93832 505 9.11 3596 explorer 0 0 0 4 0 0 Idle 216 15 6996 10104 104 0.06 1360 IpOverUsbSvc 1084 22 7640 14748 48 2.44 656 lsass 663 47 63736 34980 781 5,100.67 3376 mmc 164 12 2120 6672 41 0.00 3992 msdtc 486 23 79640 82436 629 0.31 4104 powershell 269 12 2448 9912 91 0.48 3256 rdpclip 212 9 2788 5760 20 0.75 648 services 55 2 276 992 4 0.02 420 smss 381 20 3516 9508 72 0.06 1280 spoolsv 106 9 1424 5600 38 0.00 1580 sqlwriter 387 23 7196 12712 89 0.47 92 svchost 434 14 4756 11392 42 0.69 772 svchost 676 34 9608 18520 1375 28.50 784 svchost 388 15 5032 8588 35 61.77 800 svchost 638 19 21752 24268 73 2.48 916 svchost 1855 159 32088 48860 190 3,718.88 944 svchost 360 33 9216 10796 53 0.16 1148 svchost 111 10 1140 4440 21 0.02 1256 svchost 352 17 6012 13200 89 0.11 1308 svchost 372 24 11604 13836 1110 1.08 1624 svchost 563 27 11396 17708 140 29.97 1952 svchost 857 0 116 2420 7 659.94 4 System 210 19 4360 10288 473 0.34 448 taskhostex 165 11 1748 7012 87 0.02 4172 taskhostex 693 46 37596 55260 781 376.05 3616 vmconnect 943 49 172112 170920 887 37.36 5676 vmconnect 968 48 164424 165472 867 21.00 6180 vmconnect 797 31 49808 40660 157 852.97 1692 vmms 649 60 33416 45708 209 ...84.42 460 vmwp 645 60 28136 41352 191 1,147.11 4052 vmwp 85 8 920 3644 40 0.02 608 wininit 158 8 1456 6356 52 0.13 724 winlogon 152 7 1292 5292 49 0.05 3824 winlogon 233 14 5320 11268 73 0.19 868 WmiPrvSE 146 11 2456 7392 34 0.06 1164 WmiPrvSE get-process -name chrome Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ------- ------ ----- ----- ----- ------ -- ----------- 1500 69 113044 190028 494 725.78 696 chrome 202 21 31500 29828 205 5.63 2096 chrome 326 31 58676 80264 328 42.78 2396 chrome 147 9 1412 4728 67 0.02 3740 chrome 285 32 33040 57224 236 3.88 4192 chrome 262 27 38300 54908 226 3.92 4340 chrome 255 27 38636 51776 231 1.88 4440 chrome 932 43 78888 122212 353 455.20 4924 chrome 118 9 1372 4612 67 0.05 4932 chrome 340 31 56320 77616 324 84.39 5328 chrome 212 24 76552 75492 254 7.47 5480 chrome 184 19 35456 12896 180 0.08 6564 chrome

ex1. PS1> get-content .\tmuninst.ptn |where {$_ -match "^\[" } ex2. PS1> get-content .\netstat-na.txt |where {$_ -notmatch "LISTENING"} Active Connections Proto Local Address Foreign Address State TCP 10.38.72.22:445 10.53.37.205:51658 ESTABLISHED TCP 10.38.72.22:3389 10.53.37.205:51666 ESTABLISHED TCP 10.38.72.22:8080 10.1.41.94:53569 ESTABLISHED TCP 10.38.72.22:8080 10.1.41.94:53570 ESTABLISHED TCP 10.38.72.22:8080 10.1.44.114:58696 ESTABLISHED TCP 10.38.72.22:8080 10.1.53.37:53577 ESTABLISHED TCP 10.38.72.22:8080 10.1.58.219:60948 TIME_WAIT TCP 10.38.72.22:8080 10.1.70.159:65018 TIME_WAIT

# Assuming a CSV as such: # Host, IP Addr # host1, IP1 # host2, IP2 # host3, IP3 $csv = Import-Csv C:\users\Administrator\Desktop\test.csv # This retrieves all data from the datafile # If we want to evaluate one cell at a time (line by line), we just pass it to a ForEach-Object. # We identify our search with the $csv.Host which means only the column 'Host' evaluated. $csv.Host | ForEach-Object { #This will print out what is in the current buffer ($_). #You may use this to act on the contents of the buffer for futher processing. $_ } # So if this works, we should have the follow # host1 # host2 # host3

Ex1. PS1> get-eventlog -list Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 102,400 0 OverwriteAsNeeded 127,754 Application 20,480 0 OverwriteAsNeeded 0 HardwareEvents 512 7 OverwriteOlder 0 Internet Explorer 20,480 0 OverwriteAsNeeded 0 Key Management Service 10,240 0 OverwriteAsNeeded 113 Lenovo-Customer Feedback 512 7 OverwriteOlder 0 Lenovo-Lenovo Patch Utility/Admin 512 7 OverwriteOlder 1,715 Lenovo-Message Center Plus/Admin 8,192 0 OverwriteAsNeeded 0 Media Center 128 0 OverwriteAsNeeded 2,187 OAlerts 102,400 0 OverwriteAsNeeded 66,821 Security 102,400 0 OverwriteAsNeeded 308,133 System 15,360 0 OverwriteAsNeeded 1,652 Windows PowerShell Ex2. PS1> get-eventlog application -newest 100 |where {$_.EntryType -match "Error"} |format-list Index : 133505 EntryType : Error InstanceId : 3011 Message : Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Category : (0) CategoryNumber : 0 ReplacementStrings : {WmiApRpl, WmiApRpl, 8, F20300004D070000} Source : Microsoft-Windows-LoadPerf TimeGenerated : 12/4/2017 1:01:08 PM TimeWritten : 12/4/2017 1:01:08 PM UserName : NT AUTHORITY\SYSTEM Index : 133504 EntryType : Error InstanceId : 3012 Message : The performance strings in the Performance registry value is corrupted when process Performance ex tension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Category : (0) CategoryNumber : 0 ReplacementStrings : {Performance, 16, 37070000000000000000000009030000} Source : Microsoft-Windows-LoadPerf TimeGenerated : 12/4/2017 1:01:08 PM TimeWritten : 12/4/2017 1:01:08 PM UserName : NT AUTHORITY\SYSTEM Index : 133500 EntryType : Error InstanceId : 3011 Message : Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Category : (0) CategoryNumber : 0 ReplacementStrings : {WmiApRpl, WmiApRpl, 8, F20300004D070000} Source : Microsoft-Windows-LoadPerf TimeGenerated : 12/4/2017 12:05:00 PM TimeWritten : 12/4/2017 12:05:00 PM UserName : NT AUTHORITY\SYSTEM Index : 133499 EntryType : Error InstanceId : 3012 Message : The performance strings in the Performance registry value is corrupted when process Performance ex tension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Category : (0) CategoryNumber : 0 ReplacementStrings : {Performance, 16, 37070000000000000000000009030000} Source : Microsoft-Windows-LoadPerf TimeGenerated : 12/4/2017 12:05:00 PM TimeWritten : 12/4/2017 12:05:00 PM UserName : NT AUTHORITY\SYSTEM

PS C:\Users\Administrator> Get-ItemProperty 'HKLM:\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.' ClientConsoleZipTimeStamp : 20190330014434 CCSFTimeStamp : 20190330014056 CCSFPTNTimeStamp : 20190603144405 DoSynchronize : 0 UpdateOngoing : 0 TmListenInitDone : 1 AVRegisteredWithWsc : 0 ASRegisteredWithWsc : 0 FWRegisteredWithWsc : 0 DelayLoadTMCCSF : 0 DelayLoadAEGIS : 0 ReloadingTime : 0 PostUninstDone : 1 VDIController01_Status : 0 ECSP : 1 WSCLastReportStatus : 0 Uldrv : 0 Running : 1 NTRtScanInitDone : 1 UADuplicationOptValue : 64 ConfirmUninstall : 0 CanGetIssuerFromBlob : 1 TMEBC-Ver : 1.5.1037 CheckServerByHTTP : 0 ExcludeDCFiles : 1 DirectCheck : 0 EngineMin : 11.000.1006 BkFileKeepDay : 7 NonSynProxySetting : 0 FqdnFirstOnOff : 0 EngineZipVer : 11.000.1006 ProgramVer : 14.0 ProductName : Trend Micro OfficeScan BuildNum : 1101 NoPwdProtect : 0 NoProgramUpgrade : 0 NoEngineUpgrade : 0 AllowMobile : 0 DiskReserved : 60 RemoveCTA : 0 AllowStopScheduleScan : 0 AllowDelayScheduleScan : 0 AllowUpdateNow : 1 AllowUpdateFromTMAU : 1 Allow Uninstall : 0 MailScanPageOnOff : 0 ToolPageOnOff : 1 Pop3TrapOnOff : 1 RunPop3Trap : 0 OutlookScanOnOff : 1 ProxySettingOnOff : 1 FlowDiagnosis : 0 Updating : 0 DomainType : 0 ReferenceHosts : RefHostsChkTimeout : 3 PingServerScheduleInterval : 3600 PingServerCheckMode : 0 RefHostsEnable : 0 RefHostsChkMode : 1 CookieScanner : 0 LogCookie : 0 EnableAssessment : 0 AssessmentUntil : 1561957200 EnableAutoStopScheduleScan : 0 ScheduleScanLimitMinutes : 60 wslimit_l : 10000000 wslimit_r : 10000000 wslimit_m : 5000000 wsperiod_l : 30000 wsperiod_r : 30000 wsperiod_m : 30000 Update_Agent_Direct_Update : 1 EnableEventLog : 0 EnableOPPMutexLog : 0 EventLogForPatternUpdate : 0 Critical2 : !CRYPTEX!377D8DE0B3B921CAD9AC1D9F55CCE4A2B7D6C202FA980BBD9B115AA52A65699387 03B19E73588CEEA5474EEF67ECFCEE Critical1 : !CRYPTEX!9D118E0B7F4955651CE69E27AFB9DAB2A7CA36E9686E43364679EEC138E01DD3A3 383B7632D18A91DC32DF24ECC33DAF HeartbeatFrequency : 10 PollingFrequency : 60 UnreachableNetworkScopeCount : 0 ShowMailScan : 1 AllowConfigNotification : 0 EnableScheduleScanWarning : 0 EnableVirEmailWarning : 1 AllowPromptRebootForCleanup : 1 GlobalHeartbeat : 0 LaunchBelowUsage : 20 LaunchMustContinueBelow : 15 LaunchCheckUsageFrequency : 2 LaunchCheckTimeout : 180 DelaySelfProtect : 1 DelayCheckFile : 1 DelayLoadFirewall : 1 DelayLoadDlp : 1 GCLCacheEnable : 1 GCLCacheRebuildDays : 28 OdscEnable : 1 OdscCriteriaDays : 60 OdscMaxExpiredDays : 30 DelayLoadGCLCacheEnable : 0 HotfixProgramFailLogTry : 3 DisplayPFWTab : 1 Security : 1 RCS : 101 IsLocked : 1 AllowEditLogMaintenanceSetting : 1 EnforceAUupdateURL : 0 DisableSIDName : 0 MinDuplicateVirusAlertInterval : 0 AegisBMDriverVer : 2.98.1162 AegisBMServiceVer : 2.98.1165 AegisPEPtnVer : 1.249.00 AegisWLPtnVer : 1.725.00 AegisBMPtnVer : 1.235.00 AegisTDPtnVer : 1.945.64 AegisTTPtnVer : 1.307.64 AegisTMMSTPtnVer : 0.013.64 VsapiSMVPtnVer : 152300 AllowClnUpdNonPatternFromTMAU : 1 UseVirusAlertSeverity : 0 HighRiskVirusType : Worm,Trojan EnableCentralWhitelist : 1 CentralWhitelistExpCheckPeriod : 240 EnableRTSHealthCheck : 0 RTSHealthCheckFrequencyInMin : 15 IntensiveScanThreshold : 0 EnableTMEBC : 1 AddTmListenServiceDependencies : 0 WSCReportChanged : 0 NoSleepInScheduleScan : 0 NoSleepInManualScan : 0 NoSleepInRemoteScan : 0 ForceEnumerateIPV4 : 0 EnableMeerkatWLCheckRCL : 0 CensusQueryServerName : osce14-en-census.trendmicro.com CensusQueryBackupServerName : osce14bak-en-census.trendmicro.com CensusQueryToken : !CRYPT!313C7CD8367CB5AEA2847E9847411C1C998D713AEE4FEB220741B67667F NFCServer : osce14-en.gfrbridge.trendmicro.com NFCPort : 80 NFCSSLPort : 443 AcCodeTmufe : TREOSCE14\0TRE\0 EnableELAM : 1 CCCASendLogPeriod : 0 EnableSampleSubmission : 0 SampleSubmissionDirectUploadFileExtension : FAPopupAlert : 0 TrendxAlert : 1 EnableAegisActivityMonitor : 1 ResetScanExceptionFrequency : 300 PretouchControl : 0 UseAzureStorage : 0 ClientUIDisplayMode : 0 Wait_7Z_In_Update : 0 EnableDeviceControlUSBBlockingLog : 0 DumpEnableExceptionHelper : 1 DumpMinimumFreeSpaceInMB : 1024 DumpMaximumFiles : 4 DumpEnableFullDump : 1 ReportDebugInfo : 0 GetConnectableIPMethod : 0 RealTimeScanSkippingFilePopupNotification : 0 MsiSignCheckExclusionList : VS80sp1-KB949009-X86-INTL.msp| EnableProcessDeferScan : 0 EnableMoveNATClient : 0 MoveNATClientDomainPrefix : #moveto_ ShellExtensionOnOff : 0 HideNonThreatAlertsBehindFullScreen : 1 CheckSuspectSize : 0 MaxSuspectSize : 500 SuspectExpiredDays : 7 SkipFWLevelLog : 0 EnableRealTimeScanPass : 0 TmlistenCheckLogInterval : 60 EnableUWFComponentRollback : 0 USBScanExclusionOnInsertionList : RmvTmTDIForWinServer : 4294967295 RefEnableLocalConnected : 0 SendLogRetryTimes : 6 ProtectionReportFrequency : 0 EnableSPSRelay : 0 UmhPattern : 283028 DrePattern : 17002 BepPtnVer : 751555 SalPtnVer : 16841300 ElamPtnVer : 25 FalconPtnVer : 102600 ATSEPtnVer : 117000 ATSETrxLocalModelWLVer : 111900 ATSETrxLocalModelVer : 8 RoleSvc : !CRYPTEX!67D7FF5BCCFA76D66DB884C70F7ABC07 UA_Use_HTTP : 1 ASICA : 1 PollingModuleUpdateInterval : 600 OverwriteDLPPtnByHotfix : 0 SpywareSendLogPeriod : 0 DLPDDSendLogPeriod : 0 TmListen_Ver : 14.0.1037 DreEngineVer : 1.9.1044 UMHEngineVer : 2.7.1013 XHLDREngVer : 1.100.1060 FalconEngVer : 1.7.1023 ATSEEngVer : 11.000.1006 ClientUpgradeStatus : 0 ExcludeExchangeStore : 1 PatternTooOld : 0 EnabledIPProtocols : 3 UpdateAgent : 0 ServerID : 973419b6-54ea-488d-91a5-e8c2e3e13c21 IsServerInTheSameMachine : 0 TSCPatternVer : 1604 TSCVAPatternVer : 0 TSCRegDCTVer : 0 TSCCustDCTVer : 0 TSC-Ver : 7.5.1126 CCSFInitDone : 1 TMFBE-Ver : 2.58.1004 SystemModel : 3 IntelliTrapFolders : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache| Synchronize : 0 InternalBloomFilterPatternVer : 1949201800 NonCrcPatternDate : 20191011 InternalNonCrcPatternVer : 1542100 DefaultExt : "",ACCDB,ACE,AMG,ARJ,BAT,BIN,BOO,BOX,BZ2,CAB,CDR,CDT,CHM,CLA,CLASS,COM,CPT, CSC,DLL,DOC,DOCM,DOCX,DOT,DOTM,DOTX,DRV,DVB,DWG,DWT,EML,EPOC,EXE,GMS,GZ,HLP ,HTA,HTM,HTML,HTT,INI,JAR,JPEG,JPG,JS,JSE,JTD,JTT,LNK,LZH,MDB,MPD,MPP,MPT,M SG,MSI,MSO,MST,NWS,OBD,OCX,OFT,OVL,PDF,PHP,PIF,PL,PM,POT,POTM,POTX,PPAM,PPS ,PPSM,PPSX,PPT,PPTM,PPTX,PRC,QPW,RAR,REG,RTF,SCR,SHS,SHW,SIS,SIT,SWF,SYS,TA R,VBE,VBS,VSD,VSS,VST,VXD,WMF,WML,WPD,WPT,WSF,XLA,XLAM,XLS,XLSB,XLSM,XLSX,X LT,XLTM,XLTX,XML,Z,ZIP,{*, WhitelistPatternCache : 29a4fa1f72fff2d9fd8693e859e90d2450902c5af95c402315401b32f9852596f883236e72d a2698 ROOTKIT-Ver : 8.20.1020 PatternDate : 20190829 VsApiNT-Ver : 11.000.1006 TmFilter-Ver : 11.0.1006 TmPreFlt-Ver : 11.000.1006 PatternVer : 0 PatternVer1 : 0 InternalPatternVer : 0 NonCrcPatternVer : 421 IntelliTrapBlackList : 251 IntelliTrapWhiteList : 651 InternalIntelliTrapWhiteList : 165100 InternalIntelliTrapBlackList : 25100 SSAPITMASSAPatternVer : 0 SSAPIPatternVer : 2223 SSAPIPatternDate : 20191009 VSAPIRegCPRVer : 0 SSAPI-Ver : 6.2.4015 StartUpApplyOpp : 0 DelayLoadThreadStart : 2019-09-24-15:06:31 TMUFE-Ver : 3.91.1018 NCIE_CNP_ptnVer : 11020100 NCIE_RR_ptnVer : 11051300 NCIEDriverVer : TDI-Ver : 0.0.0 OUSTimeStamp : 20190913054221 DelayLoadThreadHitCriteria : 39 LastScannedFileName : C:\Windows\SoftwareDistribution\Download\c3ec3a71e304ffc44da00e3a1d8d354e\p ackage_851_for_kb4519998~31bf3856ad364e35~amd64~~10.0.1.9.cat TotalScanned : 178597401 LastScanTime : 1570817891 PS C:\Users\Administrator> (Get-ItemProperty 'HKLM:\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.').ProductName Trend Micro OfficeScan PS C:\Users\Administrator> (Get-ItemProperty 'HKLM:\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.').ProgramVer 14.0 PS C:\Users\Administrator>

(get-item "C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe").versioninfo (get-item "C:\Program Files (x86)\Trend Micro\OfficeScan Client\Tmlistenshare_64x.dll").versioninfo ProductVersion FileVersion FileName -------------- ----------- -------- 12.0 12.0.0.6034 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe 12.0 12.0.0.6034 C:\Program Files (x86)\Trend Micro\OfficeScan Client\Tmlistenshare_64x.dll

Ex1. PS1 > get-wmiobject -class win32_product | where {$_ -match "VMware Tools"} IdentifyingNumber : {203A1A10-9CC9-4253-8975-44C76A0C9C7B} Name : VMware Tools Vendor : VMware, Inc. Version : 9.10.0.2476743 Caption : VMware Tools

Ex1. 
PS1 > get-windowsfeature | select displayname, name
PS1 > get-windowsfeature | select name | export-csv {filename.csv} -verbose

Ex2.
PS1 >  Get-WindowsFeature |where installed

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] Storage Services                                Storage-Services               Installed
[X] Web Server (IIS)                                    Web-Server                     Installed
    [X] Web Server                                      Web-WebServer                  Installed
        [X] Common HTTP Features                        Web-Common-Http                Installed
            [X] Default Document                        Web-Default-Doc                Installed
            [X] Directory Browsing                      Web-Dir-Browsing               Installed
            [X] HTTP Errors                             Web-Http-Errors                Installed
            [X] Static Content                          Web-Static-Content             Installed
            [X] HTTP Redirection                        Web-Http-Redirect              Installed
            [X] WebDAV Publishing                       Web-DAV-Publishing             Installed
        [X] Health and Diagnostics                      Web-Health                     Installed
            [X] HTTP Logging                            Web-Http-Logging               Installed
            [X] Custom Logging                          Web-Custom-Logging             Installed
            [X] Logging Tools                           Web-Log-Libraries              Installed
        [X] Performance                                 Web-Performance                Installed
            [X] Static Content Compression              Web-Stat-Compression           Installed
        [X] Security                                    Web-Security                   Installed
            [X] Request Filtering                       Web-Filtering                  Installed
            [X] Basic Authentication                    Web-Basic-Auth                 Installed
            [X] Windows Authentication                  Web-Windows-Auth               Installed
        [X] Application Development                     Web-App-Dev                    Installed
            [X] .NET Extensibility 3.5                  Web-Net-Ext                    Installed
            [X] .NET Extensibility 4.6                  Web-Net-Ext45                  Installed
            [X] ASP                                     Web-ASP                        Installed
            [X] ASP.NET 3.5                             Web-Asp-Net                    Installed
            [X] ASP.NET 4.6                             Web-Asp-Net45                  Installed
            [X] CGI                                     Web-CGI                        Installed
            [X] ISAPI Extensions                        Web-ISAPI-Ext                  Installed
            [X] ISAPI Filters                           Web-ISAPI-Filter               Installed
            [X] Server Side Includes                    Web-Includes                   Installed
    [X] Management Tools                                Web-Mgmt-Tools                 Installed
        [X] IIS Management Console                      Web-Mgmt-Console               Installed
        [X] IIS 6 Management Compatibility              Web-Mgmt-Compat                Installed
            [X] IIS 6 Metabase Compatibility            Web-Metabase                   Installed
            [X] IIS 6 Management Console                Web-Lgcy-Mgmt-Console          Installed
            [X] IIS 6 Scripting Tools                   Web-Lgcy-Scripting             Installed
            [X] IIS 6 WMI Compatibility                 Web-WMI                        Installed
        [X] IIS Management Scripts and Tools            Web-Scripting-Tools            Installed
[X] .NET Framework 3.5 Features                         NET-Framework-Features         Installed
    [X] .NET Framework 3.5 (includes .NET 2.0 and 3.0)  NET-Framework-Core             Installed
[X] .NET Framework 4.6 Features                         NET-Framework-45-Fea...        Installed
    [X] .NET Framework 4.6                              NET-Framework-45-Core          Installed
    [X] ASP.NET 4.6                                     NET-Framework-45-ASPNET        Installed
    [X] WCF Services                                    NET-WCF-Services45             Installed
        [X] HTTP Activation                             NET-WCF-HTTP-Activat...        Installed
        [X] Message Queuing (MSMQ) Activation           NET-WCF-MSMQ-Activat...        Installed
        [X] Named Pipe Activation                       NET-WCF-Pipe-Activat...        Installed
        [X] TCP Activation                              NET-WCF-TCP-Activati...        Installed
        [X] TCP Port Sharing                            NET-WCF-TCP-PortShar...        Installed
[X] Message Queuing                                     MSMQ                           Installed
    [X] Message Queuing Services                        MSMQ-Services                  Installed
        [X] Message Queuing Server                      MSMQ-Server                    Installed
[X] SMB 1.0/CIFS File Sharing Support                   FS-SMB1                        Installed
[X] Windows Defender Features                           Windows-Defender-Fea...        Installed
    [X] Windows Defender                                Windows-Defender               Installed
    [X] GUI for Windows Defender                        Windows-Defender-Gui           Installed
[X] Windows PowerShell                                  PowerShellRoot                 Installed
    [X] Windows PowerShell 5.1                          PowerShell                     Installed
    [X] Windows PowerShell 2.0 Engine                   PowerShell-V2                  Installed
    [X] Windows PowerShell ISE                          PowerShell-ISE                 Installed
[X] Windows Process Activation Service                  WAS                            Installed
    [X] Process Model                                   WAS-Process-Model              Installed
    [X] Configuration APIs                              WAS-Config-APIs                Installed
[X] WoW64 Support                                       WoW64-Support                  Installed

Ex3. 
PS1 > Get-WindowsFeature |select Name, Installed |Export-Csv test.csv -verbose
VERBOSE: Performing the operation "Export-Csv" on target "test.csv".
PS1 > Get-Content test.csv
#TYPE Selected.Microsoft.Windows.ServerManager.Commands.Feature
"Name","Installed"
"AD-Certificate","False"
"ADCS-Cert-Authority","False"
"ADCS-Enroll-Web-Pol","False"
"ADCS-Enroll-Web-Svc","False"
"ADCS-Web-Enrollment","False"
"ADCS-Device-Enrollment","False"
"ADCS-Online-Cert","False"
"AD-Domain-Services","False"
"ADFS-Federation","False"
"ADLDS","False"
"ADRMS","False"
"ADRMS-Server","False"
"ADRMS-Identity","False"
"DeviceHealthAttestationService","False"
"DHCP","False"
"DNS","False"
"Fax","False"
"FileAndStorage-Services","True"
"File-Services","False"
"FS-FileServer","False"
"FS-BranchCache","False"
"FS-Data-Deduplication","False"
"FS-DFS-Namespace","False"
"FS-DFS-Replication","False"
"FS-Resource-Manager","False"
"FS-VSS-Agent","False"
"FS-iSCSITarget-Server","False"
"iSCSITarget-VSS-VDS","False"
"FS-NFS-Service","False"
"FS-SyncShareService","False"
"Storage-Services","True"
"HostGuardianServiceRole","False"
"Hyper-V","False"
"MultiPointServerRole","False"
"NPAS","False"
"Print-Services","False"
"Print-Server","False"
"Print-Scan-Server","False"
"Print-Internet","False"
"Print-LPD-Service","False"
"RemoteAccess","False"
"DirectAccess-VPN","False"
"Routing","False"
"Web-Application-Proxy","False"
"Remote-Desktop-Services","False"
"RDS-Connection-Broker","False"
"RDS-Gateway","False"
"RDS-Licensing","False"
"RDS-RD-Server","False"
"RDS-Virtualization","False"
"RDS-Web-Access","False"
"VolumeActivation","False"
"Web-Server","True"
"Web-WebServer","True"
"Web-Common-Http","True"
"Web-Default-Doc","True"
"Web-Dir-Browsing","True"
"Web-Http-Errors","True"
"Web-Static-Content","True"
"Web-Http-Redirect","True"
"Web-DAV-Publishing","True"
"Web-Health","True"
"Web-Http-Logging","True"
"Web-Custom-Logging","True"
"Web-Log-Libraries","True"
"Web-ODBC-Logging","False"
"Web-Request-Monitor","False"
"Web-Http-Tracing","False"
"Web-Performance","True"
"Web-Stat-Compression","True"
"Web-Dyn-Compression","False"
"Web-Security","True"
"Web-Filtering","True"
"Web-Basic-Auth","True"
"Web-CertProvider","False"
"Web-Client-Auth","False"
"Web-Digest-Auth","False"
"Web-Cert-Auth","False"
"Web-IP-Security","False"
"Web-Url-Auth","False"
"Web-Windows-Auth","True"
"Web-App-Dev","True"
"Web-Net-Ext","True"
"Web-Net-Ext45","True"
"Web-AppInit","False"
"Web-ASP","True"
"Web-Asp-Net","True"
"Web-Asp-Net45","True"
"Web-CGI","True"
"Web-ISAPI-Ext","True"
"Web-ISAPI-Filter","True"
"Web-Includes","True"
"Web-WebSockets","False"
"Web-Ftp-Server","False"
"Web-Ftp-Service","False"
"Web-Ftp-Ext","False"
"Web-Mgmt-Tools","True"
"Web-Mgmt-Console","True"
"Web-Mgmt-Compat","True"
"Web-Metabase","True"
"Web-Lgcy-Mgmt-Console","True"
"Web-Lgcy-Scripting","True"
"Web-WMI","True"
"Web-Scripting-Tools","True"
"Web-Mgmt-Service","False"
"WDS","False"
"WDS-Deployment","False"
"WDS-Transport","False"
"ServerEssentialsRole","False"
"UpdateServices","False"
"UpdateServices-WidDB","False"
"UpdateServices-Services","False"
"UpdateServices-DB","False"
"NET-Framework-Features","True"
"NET-Framework-Core","True"
"NET-HTTP-Activation","False"
"NET-Non-HTTP-Activ","False"
"NET-Framework-45-Features","True"
"NET-Framework-45-Core","True"
"NET-Framework-45-ASPNET","True"
"NET-WCF-Services45","True"
"NET-WCF-HTTP-Activation45","True"
"NET-WCF-MSMQ-Activation45","True"
"NET-WCF-Pipe-Activation45","True"
"NET-WCF-TCP-Activation45","True"
"NET-WCF-TCP-PortSharing45","True"
"BITS","False"
"BITS-IIS-Ext","False"
"BITS-Compact-Server","False"
"BitLocker","False"
"BitLocker-NetworkUnlock","False"
"BranchCache","False"
"NFS-Client","False"
"Containers","False"
"Data-Center-Bridging","False"
"Direct-Play","False"
"EnhancedStorage","False"
"Failover-Clustering","False"
"GPMC","False"
"DiskIo-QoS","False"
"Web-WHC","False"
"Internet-Print-Client","False"
"IPAM","False"
"ISNS","False"
"LPR-Port-Monitor","False"
"ManagementOdata","False"
"Server-Media-Foundation","False"
"MSMQ","True"
"MSMQ-Services","True"
"MSMQ-Server","True"
"MSMQ-Directory","False"
"MSMQ-HTTP-Support","False"
"MSMQ-Triggers","False"
"MSMQ-Multicasting","False"
"MSMQ-Routing","False"
"MSMQ-DCOM","False"
"Multipath-IO","False"
"MultiPoint-Connector","False"
"MultiPoint-Connector-Services","False"
"MultiPoint-Tools","False"
"NLB","False"
"PNRP","False"
"qWave","False"
"CMAK","False"
"Remote-Assistance","False"
"RDC","False"
"RSAT","False"
"RSAT-Feature-Tools","False"
"RSAT-SMTP","False"
"RSAT-Feature-Tools-BitLocker","False"
"RSAT-Feature-Tools-BitLocker-RemoteAdminTool","False"
"RSAT-Feature-Tools-BitLocker-BdeAducExt","False"
"RSAT-Bits-Server","False"
"RSAT-DataCenterBridging-LLDP-Tools","False"
"RSAT-Clustering","False"
"RSAT-Clustering-Mgmt","False"
"RSAT-Clustering-PowerShell","False"
"RSAT-Clustering-AutomationServer","False"
"RSAT-Clustering-CmdInterface","False"
"IPAM-Client-Feature","False"
"RSAT-NLB","False"
"RSAT-Shielded-VM-Tools","False"
"RSAT-SNMP","False"
"RSAT-Storage-Replica","False"
"RSAT-WINS","False"
"RSAT-Role-Tools","False"
"RSAT-AD-Tools","False"
"RSAT-AD-PowerShell","False"
"RSAT-ADDS","False"
"RSAT-AD-AdminCenter","False"
"RSAT-ADDS-Tools","False"
"RSAT-ADLDS","False"
"RSAT-Hyper-V-Tools","False"
"Hyper-V-Tools","False"
"Hyper-V-PowerShell","False"
"RSAT-RDS-Tools","False"
"RSAT-RDS-Gateway","False"

start-process shortcusts

start-process . (including the dot or period starts a file manager window at the current location.)
start-process code (VS-Code)
start-process winword (Microsoft Word)
start-process excel (Microsoft Excel)
start-process powerpnt (Microsoft PowerPoint)
start-process chrome (Google Chrom browser)
start-process firefox (Mozilla Firefox browser)
start-process ms-teams (Microsoft Teams)
start-process olk (Microsoft Outlook for Business)
start-process outlookmail: (Microsfot built-in outlook mail client cal: is the calendar client.)
start-process snippingtool (as you might guess, the snipping tool to do screan captures.)
start-process 7zfm (7zip File Manager)
start-process MySpreadsheet.xlsx (starts Excel and opens MySpreadsheet.xlsx. You may do this with other documents as well such as .docx, and .pptx)

PS C:\inetpub\wwwroot\Commands> invoke-webrequest -usebasicparsing "https://www.geen.co/index.html" StatusCode : 200 StatusDescription : OK Content : Glen Geen ; tagName=IMG; src=/images/LogoMakr-light.png}} InputFields : {} Links : {@{outerHTML=Home; tagName=A; href=/index.html}, @{outerHTML=Programming; tagName=A; href=/program.html}, @{outerHTML=JavaScript; tagName=A; href=/Commands/javascript.html}, @{outerHTML=Networking; tagName=A; href=/Commands/networking.html}...} ParsedHtml : RawContentLength : 5830 // return just the status code. PS C:\inetpub\wwwroot\Commands> (invoke-webrequest -usebasicparsing "https://www.geen.co/index.html").StatusCode 200 //return just the links in a web file PS C:\inetpub\wwwroot\Commands> (invoke-webrequest -usebasicparsing "https://www.geen.co/index.html").Links outerHTML tagName href --------- ------- ---- Home A /index.html Programming A /program.html JavaScript A /Commands/javascri... Networking A /Commands/networki... Perl A /Commands/perl.html PowerShell A /Commands/powershe... Python A /Commands/python.html SQL A /Commands/sql.html UNIX/Linux A /Commands/unix.html Reading Room A /resource.html Recipe cards A /Recipes Morning News A /resource.html#se_... Forums and blogs A /resource.html#se_... Church A /resource.html#se_... Government Related sites A /resource.html#se_fed Blog Shorts A /BlogShorts 2A related discussion A /BlogShorts/2a.html Changing the course of business A ./BlogShorts/#Chan... Read full story here. A ./BlogShorts/#Chan... My To Do Lists A ./todolist.html Menu Planner A ./MenuPlanner.html LinkedIn A http://www.linkedi... My YouTube channel A https://www.youtub... Rubmle.com A https://rumble.com... My MeWe world A https://mewe.com/i... Pinterest.com A https://www.pinter... Ultimate Guitar A https://www.ultima... Glen Geen A mailto:gptwins@icl...

Powershell commands

Powershell Help

List Processes

List Services

Search Directory

Unix like tail command

Unix like grep command

Unix like wordcount

Unix like find command

Import-CSV

Get-EventLog

Get registry information

Get file version information

Windows feature command

Add Windows feature

Start-process

Configure system region/locale

Configure keyboard

IIS web server

Cleanup IIS logs

Make a simple web request

Prompt for user input