Category Archives: Uncategorized

Enumerate GPO GUIDs

dsquery * -limit 9999 -filter “(&(objectClass=groupPolicyContainer)(name={*}))” -attr name displayName

Posted in Uncategorized | Leave a comment

Batch file to send Splunk Alerts

The free version of Splunk lacks the capability to do scheduled reports and alerting. However, it has a very capable API that can be simply accessed using curl. I wrote some batch files to access these APIs and scheduled them … Continue reading

Posted in Uncategorized | Leave a comment

Powershell top processes script v2

I made some modifications to my top processes script that make it both better performing and more useful by providing more information. There is a noticeable delay when get-counter is called so rather than staring at a black screen waiting … Continue reading

Posted in Uncategorized | Leave a comment

Regular Expression to select mulicast and broadcast ip addresses

This is a powershell code snippet I used to find security log event entries that had a multicast or broadcast source ip address: Get-EventLog -LogName Security -instanceid 5156 | where {$_.message -match ‘Source Add.*\.255\s|Source Add.*\s22[4-9]|Source Add.*\s23[0-9]’}

Posted in Uncategorized | Leave a comment

Powershell script to display Top CPU processes

This is a quick little script that you can use to view CPU usage by process from a CLI interface: while (1)  { $Proc = Get-counter “\Process(*)\% processor time”; $Proc.CounterSamples | where {$_.instanceName -ne “idle”} | where {$_.instanceName -ne “_total”} … Continue reading

Aside | Posted on by | Leave a comment

Disable Windows Sidebar Gadgets Feature in Windows 7

Microsoft is recommending all users disable the windows sidebar gadgets feature for Vista and Windows 7. While they have provided a fixit to do this for you, here is a script you can also use: dism /online /disable-feature /featurename:WindowsGadgetPlatform

Posted in Uncategorized | Leave a comment

Windows 2008 time sync with pool.ntp.org

Here is the command to setup ntp time sync with pool.ntp.org on a windows 2008 server: w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org Note you need to restart the windows time services for this to take effect:

Posted in Uncategorized | Leave a comment