Regular Expression to select mulicast and broadcast ip addresses

This is a powershell code snippet I used to find security log event entries that had a multicast or broadcast source ip address:

Get-EventLog -LogName Security -instanceid 5156 | where {$_.message -match 'Source Add.*\.255\s|Source Add.*\s22[4-9]|Source Add.*\s23[0-9]'}
Posted in Uncategorized | Leave a comment

Powershell script to show duplicate tv episodes

This powershell script will look in my recorded tv folder for my media center pc and count the number of episodes displaying any duplicates:

$sh = new-object -com shell.application
$hash = $null
$hash = @{}

$folder = $sh.namespace("F:\Recorded TV")
if ($folder) {
    $folderitems = $folder.Items()
	foreach ($folderitem in $folderitems) {
		if ($folderitem) {
			$episode = $folder.getdetailsof($folderitem,196) 
			$episode | foreach-object {$hash[$_]++}

foreach ( $key in @($hash.keys) ) { if ( $hash[$key] -ge 2 ) { $key, $hash[$key] }}
Posted in Powershell | Leave a comment

Powershell script to display Top CPU processes

This is a quick little script that you can use to view CPU usage by process from a CLI interface:

while (1)  { $Proc = Get-counter "\Process(*)\% processor time"; $Proc.CounterSamples | where {$_.instanceName -ne "idle"} | where {$_.instanceName -ne "_total"} | sort -desc CookedValue |select -first 20; sleep -seconds 2; cls }
Aside | Posted on by | Leave a comment

Disable Windows Sidebar Gadgets Feature in Windows 7

Microsoft is recommending all users disable the windows sidebar gadgets feature for Vista and Windows 7. While they have provided a fixit to do this for you, here is a script you can also use:

dism /online /disable-feature /featurename:WindowsGadgetPlatform
Posted in Uncategorized | Leave a comment

Windows 2008 time sync with

Here is the command to setup ntp time sync with on a windows 2008 server:

w32tm /config /syncfromflags:manual /,,,

Note you need to restart the windows time services for this to take effect:

Posted in Uncategorized | Leave a comment

Show start stop times in Vista and Windows 7

In Windows XP and 2000 you had a great resource kit utility, uptime.exe, to show you the uptime and boot times of your pc. In Vista and above it behaves erratically and crashes often even when it does work. I have found a way to get the same information quickly from the eventlog with the sysinternals psloglist command:

psloglist -i 6005,6006 -s

This command shows starts and stops of the eventlog which is last to stop and first to start.

Posted in Uncategorized | 2 Comments

Run Process monitor remotely on Windows 7 via psexec

In order to account for session 0 isolation you need to use the following commands:

psexec -s -i 0 \\computername c:\reskit\procmon /backingfile c:\temp\procmon /quiet

and then to stop collection:

psexec -s -i 0 \\computername c:\reskit\procmon /terminate

It is critically important that you stop the procmon collection process by using the terminate command. If you simply kill the process or reboot while it is running the log file will be corrupted and unusable.

Posted in Uncategorized | Leave a comment