Good Afternoon, I trust this finds you all very well.
I am learning powershell and i will really appreciate if someone could please help me with the following : i am not able to get only the output when using the following wmic cmd:
wmic OS Get DataExecutionPrevention_SupportPolicy
This is what i am getting from that line:
PS C:\_Admin_RPC> wmic OS Get DataExecutionPrevention_SupportPolicy
DataExecutionPrevention_SupportPolicy
2
I have tried many thing but it is not working, i would be grateful if someone could please help me.
What i am planing to do is to save the value (2) in a variable and then use write-output to return $true if the value is the one that i am looking for.
Thank you and best regards.
Peace
CodePudding user response:
When you work with PowerShell its always better to use the native PowerShell cmdlets or .NET Classes, simply because you get objects back instead of string values. This makes it alot easier to access certain values, may provide methods for further processing etc.
So back to your question, in principle you could do:
wmic in this case returns a array of strings, the value you are looking for is the 3rd element:
#get the value
(wmic OS Get DataExecutionPrevention_SupportPolicy)[2]
#get the value and store it in a variable
$value = (wmic OS Get DataExecutionPrevention_SupportPolicy)[2]
As js2010 already has pointed out on PowerShell there is the cmdlet get-wmiobject which is the equivalent to wmic. But this one got already replaced by get-cimInstance. So the PowerShell way is:
#Get all properties from class
$value = Get-CimInstance -ClassName win32_operatingsystem
#Display whole object
$value | fl *
#Access specific value
$value.'DataExecutionPrevention_SupportPolicy'
#For further optimization query only attributes needed instead of all
$value = Get-CimInstance -query "Select DataExecutionPrevention_SupportPolicy from win32_operatingsystem"
$value.'DataExecutionPrevention_SupportPolicy'
You want true or false back if the property has the expected value. So we do not need to store that value, we can simply query if the expected value is set or not and then return true or false:
#Query for DataExecutionPrevention_SupportPolicy = 2 and return true or false
If (Get-CimInstance -query "Select DataExecutionPrevention_SupportPolicy from win32_operatingsystem where DataExecutionPrevention_SupportPolicy = 2"){
#output on screen only
write-host $true
}
Else {
#output on screen only
write-host $false
}
If you also want to know which value is set, you can do:
#Query for DataExecutionPrevention_SupportPolicy, create object and write csv
$obj = Get-CimInstance -query "Select DataExecutionPrevention_SupportPolicy from win32_operatingsystem"
If ($obj.'DataExecutionPrevention_SupportPolicy' -eq 2){
$result = [PSCustomObject]@{
'DataExecutionPrevention_SupportPolicy' = $obj.'DataExecutionPrevention_SupportPolicy'
'isExpectedValue' = $true
}
}
Else {
$result = [PSCustomObject]@{
'DataExecutionPrevention_SupportPolicy' = $obj.'DataExecutionPrevention_SupportPolicy'
'isExpectedValue' = $false
}
}
#write result to disk as csv
$result | export-csv [path] -Delimiter ";" -Encoding:utf8 -NoClobber -NoTypeInformation
CodePudding user response:
Both js2010 and Toni answered my questions.
Nevertheless, the best answer was Toni's since he took into consideration my requests and took them to another level with his explanations.
At the end this is the solution that i am using based on the scenario that i am facing:
$value = Get-CimInstance -ClassName win32_operatingsystem | Select-Object -Property 'DataExecutionPrevention_SupportPolicy'
$value = $value.DataExecutionPrevention_SupportPolicy
if($value -eq 1){
Write-Output $true
}
Thank you very much guys for your help and support.
Peace
CodePudding user response:
Anything you can do in wmic you can do in powershell.
WMIC wmi class aliases:
(or in powershell "get-wmiobject -n root\cli msft_clialias", since alias itself is a wmi class alias)
I sorted them. These are probably the most useful wmi classes (aside from win32_userprofile).
wmic alias get friendlyname,target
FriendlyName Target
Alias Select * from Msft_CliAlias
BIOS Select * from Win32_BIOS
BaseBoard Select * from Win32_BaseBoard
BootConfig Select * from Win32_BootConfiguration
CDROM Select * from Win32_CDROMDrive
CPU Select * from WIN32_PROCESSOR
CSProduct Select * from Win32_ComputerSystemProduct
ComputerSystem Select * from Win32_ComputerSystem
DCOMAPP Select * from WIN32_DCOMApplication
DESKTOP Select * from WIN32_DESKTOP
DMAChannel Select * from Win32_DMAChannel
DataFile Select * from CIM_DataFile
DesktopMonitor Select * from WIN32_DESKTOPMONITOR
DeviceMemoryAddress Select * from Win32_DeviceMemoryAddress
DiskDrive Select * from Win32_DiskDrive
DiskQuota Select * from Win32_DiskQuota
Environment Select * from Win32_Environment
FSDir Select * from Win32_Directory
Group Select * from Win32_Group
IDECONTROLLER Select * from Win32_IDEController
IRQ Select * from Win32_IRQResource
Job Select * from Win32_ScheduledJob
LOGON Select * from Win32_LogonSession
LoadOrder Select * from Win32_LoadOrderGroup
LogicalDisk Select * from Win32_LogicalDisk
MEMCACHE Select * from WIN32_CACHEMEMORY
MemPhysical Select * from Win32_PhysicalMemoryArray
MemoryChip Select * from Win32_PhysicalMemory
NIC Select * from Win32_NetworkAdapter
NICConfig Select * from Win32_NetworkAdapterConfiguration
NTDOMAIN Select * from Win32_NTDomain
NTEvent Select * from Win32_NTLogEvent
NTEventLog Select * from Win32_NTEventlogFile
NetClient Select * from WIN32_NetworkClient
NetLogin Select * from Win32_NetworkLoginProfile
NetProtocol Select * from Win32_NetworkProtocol
NetUse Select * from Win32_NetworkConnection
OS Select * from Win32_OperatingSystem
OnBoardDevice Select * from Win32_OnBoardDevice
PageFile Select * from Win32_PageFileUsage
PageFileSet Select * from Win32_PageFileSetting
Partition Select * from Win32_DiskPartition
Port Select * from Win32_PortResource
PortConnector Select * from Win32_PortConnector
PrintJob Select * from Win32_PrintJob
Printer Select * from Win32_Printer
PrinterConfig Select * from Win32_PrinterConfiguration
Process Select * from Win32_Process
Product Select * from Win32_Product
QFE Select * from Win32_QuickFixEngineering
QuotaSetting Select * from Win32_QuotaSetting
RDAccount Select * from Win32_TSAccount
RDNIC Select * from Win32_TSNetworkAdapterSetting
RDPermissions Select * from Win32_TSPermissionsSetting
RDToggle Select * from Win32_TerminalServiceSetting
RecoverOS Select * from Win32_OSRecoveryConfiguration
Registry Select * from Win32_Registry
SCSICONTROLLER Select * from Win32_SCSIController
Server Select * from Win32_PerfRawData_PerfNet_Server
Service Select * from Win32_Service
ShadowCopy Select * from Win32_ShadowCopy
ShadowStorage Select * from Win32_ShadowStorage
Share Select * from Win32_Share
SoftwareElement Select * from Win32_SoftwareElement
SoftwareFeature Select * from Win32_SoftwareFeature
SoundDev Select * from WIN32_SoundDevice
Startup Select * from Win32_StartupCommand
SysAccount Select * from Win32_SystemAccount
SysDriver Select * from Win32_SystemDriver
SystemEnclosure Select * from Win32_SystemEnclosure
SystemSlot Select * from Win32_SystemSlot
TapeDrive Select * from Win32_TapeDrive
Temperature Select * from Win32_TemperatureProbe
TimeZone Select * from Win32_TimeZone
UPS Select * from Win32_UninterruptiblePowerSupply
UserAccount Select * from Win32_UserAccount
Voltage Select * from Win32_VoltageProbe
Volume Select * from Win32_Volume
VolumeQuotaSetting Select * from Win32_VolumeQuotaSetting
VolumeUserQuota Select * from Win32_VolumeUserQuota
WMISet Select * from Win32_WMISetting
So OS is an alias for win32_operatingsystem. % or foreach-object is one way to get the value of a property.
$value = get-wmiobject win32_operatingsystem |
% DataExecutionPrevention_SupportPolicy