Handler Filename,COM Handler Description,Description,Source" start-sleep 15 Get-Content tasks.txt| where-object...{$_ -match "SAT"} #做展示格式的处理示例 #Get-Content tasks.txt| where-object {$_ -match "SAT"}|foreach{$_.split...(",")} #Get-Content tasks.txt| where-object {$_ -match "SAT"}|foreach{$_.split(",")[0]} #Get-Content...tasks.txt| where-object {$_ -match "SAT"}|foreach{ ($_ -split ",", 3)[0,1] -join "," } Get-Content tasks.txt...| Where-Object { $_ -match "SAT" } | ForEach-Object { $parts = ($_ -split ",", 3)[0,1]; $parts[1] =
CDPUserSvc_bd150WpnUserService_bd150ConsentUxUserSvc_bd150Get-Service CDPUserSvc | ft -autoGet-Service | Where-Object...Filter "Name='$($_.Name)'").StartMode}} } | ft -autoGet-Service WpnUserService | ft -autoGet-Service | Where-Object...Filter "Name='$($_.Name)'").StartMode}} } | ft -autoGet-Service ConsentUxUserSvc | ft -autoGet-Service | Where-Object...)" /v Start /t REG_DWORD /d 4 /f }Set-Service -Name ConsentUxUserSvc -StartupType autoGet-Service | Where-Object...)" /v Start /t REG_DWORD /d 4 /f } #查看服务 Get-Service $serviceName | ft -auto Get-Service | Where-Object
"*Domain*" [AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object { $_.GetExportedTypes() } | Where-Object...CurrentDomain.GetAssemblies() | ForEach-Object { $_.GetExportedTypes() } | ForEach-Object { $_.getmembers() } | Where-Object...{ $_.isStatic} | Where-Object { $_ -like $searchtext } | ForEach-Object { "[{0}]::{1} --> {2}" -f `...补充一个@xti9er提到的WMI对象: get-wmiobject|get-member 但这个不完整,详细的搜索可以这样: Get-WmiObject -List | Where-Object
Select-Object DeviceID, MediaType, Model, Size 显示磁盘0每个volume的总字节数 Get-WmiObject -Class Win32_DiskPartition|Where-Object...{ $_.Name -match '#0,' } Get-WmiObject -Class Win32_DiskPartition|Where-Object { $_.Name -match '#0,...' } #0后面的逗号一个是英文一个是中文 2句都执行下,肯定会有一个有结果 显示磁盘1每个volume的总字节数 Get-WmiObject -Class Win32_DiskPartition|Where-Object...{ $_.Name -match '#1,' } Get-WmiObject -Class Win32_DiskPartition|Where-Object { $_.Name -match '#1,
Disabled Get-Service GoogleChrome*, gupdate* | Set-Service -StartupType Disabled Get-ScheduledTask | Where-Object...TaskName -like "MicrosoftEdgeUpdateTaskMachine*"} | Disable-ScheduledTask 2>&1 >$null Get-ScheduledTask | Where-Object...Stop-Service -Name PcaSvc 2>$null Set-Service -Name PcaSvc -StartupType Disabled 2>$null Get-ScheduledTask | Where-Object...ProgramDataUpdater*"}| Disable-ScheduledTask 2>$null 六、禁止visual studio相关计划任务BackgroundDownload Get-ScheduledTask | Where-Object
Get-WinEvent -FilterHashtable @{logname='System';id=@(12,6005);StartTime=(Get-Date).AddDays(-1) } -EA 0| Where-Object...Get-WinEvent -FilterHashtable @{logname='Security';id=@(4688);StartTime=(Get-Date).AddDays(-1) } -EA 0| Where-Object...Get-WinEvent -FilterHashtable @{logname='System';id=@(12,6005);StartTime=(Get-Date).AddDays(-1)} -EA 0| Where-Object...Get-WinEvent -FilterHashtable @{logname='Security';id=@(4688);StartTime=(Get-Date).AddDays(-1)} -EA 0 | Where-Object
读取输出文件并获取图形内存信息 $dxdiagContent = Get-Content $dxdiagOutputFile $displayMemoryLine = $dxdiagContent | Where-Object...{ $_ -match "Display Memory:" }|Select-Object -First 1 $dedicatedMemoryLine = $dxdiagContent | Where-Object...{ $_ -match "Dedicated Memory:" }|Select-Object -First 1 $sharedMemoryLine = $dxdiagContent | Where-Object
适用普通cvm单网卡、多网卡、单队列、多队列,不适用裸金属[Math]::Ceiling(((Get-WmiObject Win32_PNPAllocatedResource | Where-Object...Antecedent -match "IRQNumber"}).count/(Get-WmiObject Win32_NetworkAdapter -Filter 'NetEnabled=True' | Where-Object
你可以使用 Where-Object 命令来筛选进程列表,只显示包含特定名称的进程。...运行以下命令: Get-Process | Where-Object {$_.Name -like "EdgePluginModbusSlave"} 这将只显示名称为"EdgePluginModbusSlave
ExpandProperty DeviceID foreach ($volumeID in $volumeIDs) { Get-Volume | Where-Object...Format-Table -AutoSize } } } Write-Output "" } $driveInfo1 =Get-Volume | Where-Object...DriveLetter -match "[A-Z]" } | Sort-Object DriveLetter $driveInfo2 =Get-PSDrive -PSProvider FileSystem | Where-Object
Disabled Get-Service GoogleChrome*, gupdate* | Set-Service -StartupType Disabled Get-ScheduledTask | Where-Object...-Name WaaSMedicSvc -StartupType Disabled -ErrorAction SilentlyContinue 2>$null Get-ScheduledTask | Where-Object...Disabled Get-Service GoogleChrome*, gupdate* | Set-Service -StartupType Disabled Get-ScheduledTask | Where-Object.../48a420579ef9f5e82525042c.html 列出DisplayName StartsWith Diag和Name StartsWith Diag的服务 Get-Service | Where-Object...列出DisplayName StartsWith Diag和Name StartsWith Diag的服务并逐个打印这些服务的description $services = Get-Service | Where-Object
Stop-Service -Name PcaSvc 2>$null Set-Service -Name PcaSvc -StartupType Disabled 2>$null Get-ScheduledTask | Where-Object...Defender\","\Microsoft\Windows\Maintenance\" 2>$null | Disable-ScheduledTask 2>$null Get-ScheduledTask | Where-Object...Disabled Get-Service GoogleChrome*, gupdate* | Set-Service -StartupType Disabled Get-ScheduledTask | Where-Object...TaskName -like "MicrosoftEdgeUpdateTaskMachine*"} | Disable-ScheduledTask 2>&1 >$null Get-ScheduledTask | Where-Object...WdNisSvc") Get-Service -Name $services 2>$null | Select-Object Name, DisplayName, Status Get-Process | Where-Object
/scomma tasks.txt /Columns "Task Name,Task Folder" Get-Content C:\taskschedulerview-x64\tasks.txt| where-object...DiskDiagnostic|DiskFootprint|Windows Defender|Maintenance' "} Get-Content C:\taskschedulerview-x64\tasks.txt| where-object
ConvertTo-SecureString -String "Admin_123456" -Force -AsPlainText Get-ChildItem -Path 'Cert:\CurrentUser\My' | Where-Object...以下是一个导出 CER 文件的例子: Get-ChildItem -Path Cert:\CurrentUser\My\ | Where-Object { $_.Subject -match "mylab.wang.io...ConvertTo-SecureString -String "Admin_123456" -Force -AsPlainText Get-ChildItem -Path 'Cert:\CurrentUser\My' | Where-Object...Administrator\Desktop\cert\mylab.wang.io.pfx -Password $pwd Get-ChildItem -Path Cert:\CurrentUser\My\ | Where-Object
1、开机计划任务 Get-ScheduledTask | Where-Object { $_.TaskName -like "MicrosoftEdgeUpdateTaskMachine*"} Get-ScheduledTask...| Where-Object { $_.TaskName -like "GoogleUpdateTaskMachine*"} 2、开机服务 Get-Service MicrosoftEdge*,
ForEach-Object { Stop-Process -Id $_.OwningProcess -Force } # 搜索包含关键词"your_keyword"的进程并停止 Get-Process | Where-Object...ProcessName -like "*your_keyword*"} | Stop-Process -Force # 显示所有进程的列表 Get-Process # 查找特定进程的信息 Get-Process | Where-Object...{$_.ProcessName -eq "process_name"} # 获取特定用户的所有进程 Get-Process | Where-Object {$_.UserName -eq "your_username
*, gupdate* | Set-Service -StartupType Disabled 禁止Edge、Chrome浏览器和OneDrive相关计划任务 Get-ScheduledTask | Where-Object...TaskName -like "MicrosoftEdgeUpdateTaskMachine*"} | Disable-ScheduledTask 2>$null Get-ScheduledTask | Where-Object....TaskName -like "GoogleUpdateTaskMachineCore*"} | Disable-ScheduledTask 2>$null Get-ScheduledTask | Where-Object
/ where) > Get-ChildItem C:\Windows | Where-Object -FilterScript {$_.Length -gt 200} > ls . | Where-Object...> Get-Process | Where-Object{$_.ProcessName -eq "svchost"} # Handles NPM(K) PM(K) WS(K)...- -- ----------- # 354 33 8956 11296 0.14 276 0 svchost Get-Process | Where-Object...21124 23296 95 4.80 292 svchost #4.甚至可以筛选之后继续筛选(在JAVA中我们叫链式编程) Get-Process | Where-Object...{$_.ProcessName -eq "svchost"} | Where-Object{$_.Id -gt 1000} #5.补充过滤案例 PS D:\> get-alias | Where-Object
wKiom1gVwMjwm7GmAAAZr6bnVDQ530.png 管道: 管道符号:| 命令1 | 命令2 | 命令3 用法:将管道前的输出结果交给管道后的命令来处理,通常用于筛选或者获取属性 通用筛选语句: Where-Object...wKioL1gVxIOxXy9kAAANe8aDOzI452.png 语法: 管道前命令| Where-Object {$_.字段名 -eq/like "关键字"} 字段名:命令查询出来的列名 -eq:
1.0.0.1版本、codeplex uptime1.1版本以及https://neosmart.net/uptime/ 的uptime四、通过事件ID6005的时间点get-eventlog System | where-object...{$_.EventID -eq "6005"} | sort -desc TimeGeneratedGet-WinEvent -ProviderName eventlog | Where-Object
领取专属 10元无门槛券
手把手带您无忧上云
云服务器
ICP备案
腾讯会议
云直播
对象存储
