I am speaking at PowerShell Conference Asia 2016!

I am happy to announce that I have been accepted as a speaker at the PowerShell Conference Asia in Singapore! I will be presenting two sessions and I will do joint session together with Jason Yoder. I will be presenting on the following topics:

  • Securing PowerShell to defeat malware
  • Creating better reports using PowerShell
  • PowerShell pre-conference session with Jason Yoder

psconf

The PowerShell Conference Asia is held in Singapore for the second year this year and I am happy to once again be a part of this event. To cite the psconf.asia website:

“Join us for the second PowerShell Conference Asia, held in Singapore, where PowerShell speakers from Asia and around the world come together to bring attendees in-depth PowerShell and DevOps content.

Speakers include 4 members of the PowerShell team from Microsoft headquarters in Redmond and a strong line-up of MVPs, well-known international speakers, and community contributors. They’ll cover in-depth topics on the PowerShell language and how you can use PowerShell to automate the technologies you use every day.”

If you are interested in joining the conference or if you would like to know more about it, visit the website, follow @psconfasia on Twitter or join our Slack group psconfasia.slack. See you in Singapore!

Dutch PowerShell User Group – Featuring the Microsoft Scripting Guy

Last week as DuPSUG we organized another Dutch PowerShell User Group meetup with no one less than the Microsoft Scripting guy presenting two sessions at our humble event. The event was sponsored by: Methos

During the event we had the following sessions and speakers:

Speaker Session
Scripting Guy Ed’s 5 favorite things about PowerShell 5.0
Ben Gelens Start-NewEra.ps1 –Repo PowerShell
Jaap Brasser Testing in PowerShell – Unit testing, Integration testing and Operational Tests
Rob Sewel PowerShell PowerBi and SQL – Reducing your DBA’s Context Switching
Scripting Guy Conf Mgmt with Azure Automation DSC – Cloud & On-Prem, Windows & Linux
Jeff Wouters Azure Resource Manager – Make it so!

Aside from the speakers and the sessions themselves, in the audience we had an additional 3 PowerShell MVPs visiting the event, bringing up the total to six:

For more information about the topics in this article please visit the links below:

Links in this article
Start-NewEra.ps1 –Repo PowerShell
Testing in PowerShell – Unit testing, Integration testing and Operational Tests
PowerShell PowerBi and SQL – Reducing your DBA’s Context Switching
Dutch PowerShell User Group – DuPSUG

250000 Downloads in Technet Script Gallery

Jaap Brasser - TechNet Script GalleryApproximately one year ago I saw the number of downloads tick over a hundred thousand, today my total downloads from the TechNet Script Gallery has reached 250,000.  To celebrate this milestone I have uploaded all of the scripts I have stored in the TechNet Script Gallery also to GitHub to simplify the updating and collaboration with others.

My personal preferred method of installing and sharing scripts is by using the PowerShell Gallery, which is available at PowerShellGallery.com or by using the PowerShellGet cmdlets, for example the following two lines of code can find the scripts and modules I have currently posted:

1
$(Find-Script;Find-Module).Where{$_.Author -match 'Jaap Brasser'}

FindModuleandScripts

The complete list of my scripts is now available on GitHub:
Jaap Brasser – GitHub – SharedScripts
Jaap Brasser - GitHub - SharedScripts

And also in the TechNet Script Gallery:
Jaap Brasser – TechNet Script Gallery

As I personally mostly see benefit in sharing of modules and not so much single scripts and function I am working on converting some of the scripts I have written into modules and once they are finalized I will upload those to the PowerShell Gallery as well. So my question to the community is as follows, which improvements are you most interested in or what would you like to see next?

Feel free to use the comment section underneath this post to share your ideas or feedback. That is it for now, until the next milestone!

250,000 Downloads
My TechNet Community Profile
My entries in TechNet Script Gallery
Jaap Brasser – GitHub Profile
Jaap Brasser – PowerShell Gallery

Retrieve Certificate from Event log binary data

As I was looking into some errors in my event log I found that I had a number of certificate errors in the event log. In order to investigate this further I wanted to take a look at the certificate in the event log. There are a number of tools available to extract this from the event log but I wanted to be able to automate this in the future so I settled on writing this in PowerShell.

I had the following events in my system event log:

Event

The interesting portion is what is stored in the XML, specifically EventData – Binary:

XMLView

In order to retrieve this event using PowerShell we can run the following code:

1
Get-WinEvent -FilterHashtable @{'Logname' = 'System' ; 'Id' = 36882} -MaxEvents 1

Get-WinEvent

In order to retrieve the binary data we can run the following code:

1
2
3
4
5
([xml](Get-WinEvent -FilterHashtable @{
        'Logname' = 'System'
        'Id' = 36882
    } -MaxEvents 1).ToXml()
).Event.Eventdata.Binary

The binary data is encoded as pairs of hexadecimal numbers, so this needs to be converted before we can write this to disk. In order to do this we split the string into pairs of two and then do a conversion using the ToByte method of the System.Convert class:

1
2
3
4
5
6
7
8
9
10
(
    ([xml](Get-WinEvent -FilterHashtable @{
            'Logname' = 'System'
            'Id'      = 36882
        } -MaxEvents 1).ToXml()
    ).Event.Eventdata.Binary -split '(..)' |
    Where-Object {$_} | ForEach-Object {
        [system.convert]::ToByte($_,16)
    }
)

Now that we have PowerShell output an array of bytes we are ready to write the output of the event log to file. Because we know this should be a certificate all we have to do is write this to a .cer file and we will have a working certificate:

1
2
3
4
5
6
7
8
9
10
11
12
13
[System.IO.File]::WriteAllBytes("$env:USERPROFILE\desktop\EventCert.cer",
    (
        (
            [xml](Get-WinEvent -FilterHashtable @{
                'Logname' = 'System'
                'Id'      = 36882
            } -MaxEvents 1).ToXml()
        ).Event.Eventdata.Binary -split '(..)' |
        Where-Object {$_} | ForEach-Object {
            [system.convert]::ToByte($_,16)
        }
    )
)

Now the following functional certificate will be available on the desktop:

EventCert

So there we have it, in this article we have identified the event that contains a certificate that. Afterwards we went into the xml of this event and retrieved the binary eventdata, converted this to a byte array and then wrote this to file.

QuickTip: Get Domain Name of Computer

In PowerShell it is relatively trivial to retrieve the domain for the logged in user, as this is stored in the environment variable. In multi-domain environments it is often the case that the user account is a member of the same domain as the computer account. To retrieve the domain name of the current computer the following command can be executed:

1
[System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties()

ComputerDomainName

To only retrieve the Domain Name the following command can be used:

1
[System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().DomainName

For more information about the GetIPGlobalProperties method and the IPGlobalProperties class please refer to the following article:
MSDN – IPGlobalProperties