Code snippets : Windows : Importing Event Logs to Database


Code snippet from old archives. It shows how to import Windows event log entries to database. Important is to setup database and table accordingly, so it contains apropriate columns.

Set objConn = CreateObject("ADODB.Connection")
Set objRS = CreateObject("ADODB.Recordset")
objConn.Open "DSN=EventLogs;"
objRS.CursorLocation = 3
objRS.Open "SELECT * FROM tblEventLog" , objConn, 3, 3
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colRetrievedEvents = objWMIService.ExecQuery _
("Select Category, CategoryString, ComputerName, Data, EventCode, _
EventIdentifier, EventType, LogFile, Message, RecordNumber, SourceName, _
TimeGenerated, TimeWritten, Type, User from Win32_NTLogEvent")
For Each objEvent in colRetrievedEvents
objRS("el_Category") = objEvent.Category
objRS("el_CategoryString") = objEvent.CategoryString
objRS("el_ComputerName") = objEvent.ComputerName
objRS("el_Data") = objEvent.Data
objRS("el_EventCode") = objEvent.EventCode
objRS("el_EventIdentifier") = objEvent.EventIdentifier
objRS("el_EventType") = objEvent.EventType
objRS("el_LogFile") = objEvent.LogFile
objRS("el_Message") = objEvent.Message
objRS("el_RecordNumber") = objEvent.RecordNumber
objRS("el_SourceName") = objEvent.SourceName
objRS("el_TimeGenerated") = objEvent.TimeGenerated
objRS("el_TimeWritten") = objEvent.TimeWritten
objRS("el_Type") = objEvent.Type
objRS("el_User") = objEvent.User

Config snippets : useful Netdom command


Quick side note, not to forget for future.

Rename computer

Netdom renamecomputer %computername% /newname:Test-Server

Join computer to domain

Netdom join %computername% /domain:domain.com /UserD:Administrator /PasswordD:*

Tips & Tricks : Windows 8.1 as wireless hotspot


When you need to use your computer as wireless hotspot, you can easily enable that functionality with PowerShell:

Windows PowerShell
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

PS C:\windows\system32> netsh wlan set hostednetwork mode=allow ssid=Windows-Wireless-Hotspot key=password123
The hosted network mode has been set to allow.
The SSID of the hosted network has been successfully changed.
The user key passphrase of the hosted network has been successfully changed.

PS C:\windows\system32> netsh wlan start hostednetwork
The hosted network started.

PS C:\windows\system32>

Tips & Tricks : Remove Event Log Source


To remove Event Log Source use this:

Remove-EventLog -Source "Desktop Window Manager"
Replace Desktop Window Manager with Event Log Source you want to remove.

Tips & Tricks : List Event Logs and associated sources


To list all Event Logs and sources associated with them use:

Get-EventLog -LogName * |ForEach-Object {$LogName = $_.Log;Get-EventLog -LogName $LogName -ErrorAction SilentlyContinue |Select-Object @{Name= "Log Name";Expression = {$LogName}}, Source -Unique}

Code snippets : Restart IIS Application Pool in PowerShell


If you need to watch IIS application pool and start it once goes down and want to use PowerShell for that here is simple script for that.

Script includes also logging all restarts in log file which is created in same folder as script.

# AppPool to monitor
$AppPoolName = "AppPoolName"

# Log Destination
$LogToScreen = 1
$LogToFile = 1

# Determine script location for PowerShell
$ScriptDir = Split-Path $script:MyInvocation.MyCommand.Path

# Output log
$OutputLogPath = $ScriptDir + "\AppPoolRestart.csv"

#Check if file exists and create if it doesn't
If(!(Test-Path -Path $OutputLogPath)){
#Create file and start logging
New-Item -Path $OutputLogPath -ItemType File

# Function: LogMessage
function LogMessage($Msg, $ToScreen, $ToFile)
if ($ToScreen -eq 1)
Write-Host $Message

If ($ToFile -eq 1)
Add-Content -Path $OutputLogPath -Value $Message
# End Function: LogMessage

While (1 -eq 1){


$AppPoolStatus = Get-WebAppPoolState -Name $AppPoolName

$DateTime = Get-Date

If ($AppPoolStatus.Value -eq "Stopped"){
Write-Host "Not Working"
Start-WebAppPool -Name $AppPoolName
$Message = "App Pool $AppPoolName restarted at $DateTime"
LogMessage $Message $LogToScreen $LogToFile
Write-Host "Working"

Sleep 5