Gatt's Ramblings

I have updated the code so that it can check multiple servers at once – though the names need to be entered into the script Also, it now has a paramter for the days and prompts only once for the credentials:

# +---------------------------------------------------------------------------
# | File : EventLogs.ps1
# | Version : 1.5
# | Purpose : Export Remote Event Logs to CSV.
# | Synopsis: Creates a CSV file containing all Errors and Warnings from the
# |           "Application", "System" & "Operations Manager" Event Logs
# | Usage : .\EventLogs.ps1 -days NUMDAYS
# +----------------------------------------------------------------------------
# | Maintenance History
# | -------------------
# | Name            Date         Version         Description
# | ------------------------------------------------------------------------------
# | Craig Wilson    25/11/2011   1.0            Initial Release
# | Craig Wilson    28/11/2011   1.1            Added '$store' variable for Log Location
# | Craig Wilson    28/11/2011   1.2            Added Help Infomration
# | Craig Wilson    28/11/2011   1.3            BUG FIX: added "-Credential $user" switch in for all logs
# | Craig Wilson    28/11/2011   1.4            Added filter for Events
# | Craig Wilson    01/12/2011   1.5*           Added Array to loop through all servers in array and removed Paramter for servers.
# +-------------------------------------------------------------------------------
##################
## HELP SECTION ##
##################
<#
.SYNOPSIS
Script to export specific events from remote event logs to a CSV file
.DESCRIPTION
This script will read the event logs of the array of Servers and export all but
all relevant logs to a CSV File for the specified server over the period of history
requested at the command line.
Logs can be filtered by modifing the Query for the appropriate log..
.EXAMPLE
.\EventLogs.PS1 -days 7
.NOTES
Script may error if there are no events to record and will prompt for the password.
NO username or password information is stored by this script and nothing is written back
to the server.
#>
#  Specify Command Line parameters
param([string]$days=$(throw "Days cannot be null"))
$servers = @("SERVER1", "SERVER2", "SERVER3")
$user = Get-Credential
#Set namespace and calculate the date to start from
$namespace = "root\CIMV2"
$BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-$days))
$store = "C:\Logs"  # No trailing slash, Folder must already exist
foreach ($computer in $servers)
{
    # Get the Application Log and export to CSV
    Get-WmiObject -ComputerName $computer -Credential $user `
        -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
            FROM Win32_NTLogEvent WHERE (logfile='Application') AND (type!='Information') AND (EventCode!='1062') `
            AND (EventCode!='9001') AND (EventCode!='1517') AND (EventCode!='16434') AND (EventCode!='16435') `
            AND (EventCode!='30969') AND (EventCode!='1202') AND (EventCode!='1517')  AND (EventCode!='257') `
            AND (TimeWritten > '$BeginDate')" | `
            SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
            Export-Csv "$store\$computer-Application.csv"
    # Get the System Log and export to CSV
    Get-WmiObject -ComputerName $computer -Credential $user `
        -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
            FROM Win32_NTLogEvent WHERE (logfile='System') AND (type!='Information') AND (EventCode!='257') AND (TimeWritten > '$BeginDate')" | `
            SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
            Export-Csv "$store\$computer-System.csv"
}

You will need to change a few parameters to suit your environment : $servers = Array of all servers you want to get the logs from $store = Location where logs will be saved In each of the -Query - amend the filters as needed to remove any events that aren’t needed – you may need to play with this a bit to get it right – but it should be safe to remove anything after the tpe != ‘information’.. Command to run to collect previous 3 days worth of logs is :

 EventLogs -days 3

Service pack 2 for Exchange 2010 has now been released

http://blogs.technet.com/b/exchange/archive/2011/05/17/announcing-exchange-2010-service-pack-2.aspx

One feature that has been long overdue is the ability to segment the GAL so that only certain elements of the GAL are visible to specific groups of users (EG: Only let System Administrator’s see Administrative Accounts…..)

I’ll post a full update once I have applied it to my Lab environment…

So I had recently installed Exchange 2010 SP1 on my Lab Domain and was struggling to get OWA working – all I got was a blank page and no Form-Based Authentication logon..

After a lot of suggestions about recreating OWA to redirects in IIS and a Web.Config file, i eventually stumbled across this post..

http://www.msexchangeblog.nl/2010/05/11/blank-page-in-owa-fix-for-exchange-2010/

Which basically says to run a powershell script buried within Exchange to update the CAS

Voila! All now up and running..

Been working on this for a bit and finally got it working:

Code:

$computer = Read-Host "Server"
$creds = Read-Host "Domain\User account to user"
$days = Read-Host "History (Days)"
$path = "C:\Logs"  #DO NOT add a trailing slash
$namespace = "root\CIMV2"
$BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-$days))

Get-WmiObject -ComputerName $computer -Credential $creds `
    -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
    FROM Win32_NTLogEvent WHERE (logfile='Application') AND (type='Error') AND (TimeWritten > '$BeginDate')" | `
    SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
    Export-Csv "$path\$computer-Application-Errors.csv" 

Get-WmiObject -ComputerName $computer `
    -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
    FROM Win32_NTLogEvent WHERE (logfile='Application') AND (type='Warning') AND (TimeWritten > '$BeginDate')" | `
    SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
    Export-Csv "$path\$computer-Application-Warnings.csv" 

Get-WmiObject -ComputerName $computer `
    -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
    FROM Win32_NTLogEvent WHERE (logfile='System') AND (type='Error') AND (TimeWritten > '$BeginDate')" | `
    SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
    Export-Csv "$path\$computer-System-Errors.csv" 

Get-WmiObject -ComputerName $computer `
    -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
    FROM Win32_NTLogEvent WHERE (logfile='System') AND (type='Warning') AND (TimeWritten > '$BeginDate')" | `
    SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
    Export-Csv "$path\$computer-System-Warnings.csv"

The above example exports all the Errors and Warnings from the Application and System Logs

To export more logs simply copy the Get-WmiObject lines and WHERE (logfile=’System’) AND (type=’Error’) as appropriate

Comments welcome

Thought I’d try the Remote Desktop tile from within Metro UI…

Everything went as exptected in that it asked me for the computer name (or IP) of the remote machine and it connected fine, after bibbing about the lack of a certificate..

First thing I noticed was the lack of the bar across the top of the screen – not that this is much of an issue.
Moving the mouse to the top or bottom of the screen and right clicking brings up the new App Bar, and allows you to change to another Remote PC..

Now for the annoying bit.. Don’t try using any WIN+<KEY> commands – they wont work on the remote PC..

Pressing the WIN key on its own, suspends the RDC and takes you back to the Metro Start Screen..
Win+R? Forget it – doesn’t work… Win+M (Minimize) – not a chance…
Win+C brings up the charm and you can change the RDC preferences (by that I mean change Display preferences or the RD Gateway address..

If you really want to use the Remote Desktop Connection, then I would strongly suggest switching to the Desktop first then running “mstsc.exe” which behaves like Windows 7, etc…

Microsoft have finally given those of us who use multiple monitors the ability to extend the Taskbar across monitors!!

From what I can gather you can simply extend the Taskbar across (start button on one – and clock on the last..) or  you can have a different taskbar for each monitor!

I haven’t yet tried this, but it sounds like you can have a different taskbar for each screen, with different sets of pinned apps on each one..

I’ll need to have a play and post the results…

Windows 8 finally allows you to mount ISO files to a virtual CD drive without the need for a 3rd Party utility!

It’s a feature that Windows 7 should have had but never did – it only allowed you to burn an ISO image..

As always, I’ll post more info and appropriate screenshots over time..

A few quick screenshots of the new Metro UI in Windows 8, which replaces the Start Menu ..

1.. The “Start Screen” as Microsoft

2.. When you press Win+C together then “Settings” on the Charm it allows you access to the properties for the screen, app or tile..

3.. Right clicking on a tile allows you to resize the size to a smaller tile (like the Firefox Tile) or a larger tile (like the Desktop tile). You can also unpin the tile or uninstall the app itself.. Different options are available for different tiles..

It looks like Homegroups now have some sort of grouping by Username:

As the above image shows, all the users currently logged into the homegroup are shown, but unlike in Windows 7, expanding a username lists all the PCs that user is logged into and then under each PC, the expected list of their shared libraries on that specific machine.. This is much more organised that in Windows 7 where there was a separate entry for each computer that the user was logged into…

Also, it would appear that a users Desktop is now a visible share in the homegroup…

If, like me, you have given the Metro UI a try in Windows 8 and have developed an instant dislike towards it then the folks over at ghacks.com have, kindly posted an article on how to get rid of Metro UI but keep the new Ribbon interface in Windows Explorer…

http://www.ghacks.net/2011/09/17/metro-controller-disable-metro-ui-ribbon-explorer-in-windows-8/