How to improve the script?

PowerShell Help
1

I am a complete layman so I can’t do it alone. I don’t know anything about PS However, the task seems to be simple.
I have a script - but you can only process single files with it at a time. I would like to be able to use it for several files at once - just e.g. for * .xxx in the directory. The output files may have the same name.
Can someone modify this script or give me a different one that will apply the first to all files in a given location at once?
Thank you in advance for any help. Here is the script:

# Usage: ps\xorcrypt.ps1 bin\input.bin bin\output.bin

param (
[Parameter(Mandatory=$true)]
[string] $file1, #First File
[Parameter(Mandatory=$true)]
[string] $out #Output File
) #end param

[Environment]::CurrentDirectory = (Get-Location -PSProvider FileSystem).ProviderPath
$file1_b = [System.IO.File]::ReadAllBytes($file1)
$xord_byte_array = New-Object Byte[] $file1_b.Count

# Put your key here
[Byte[]] $key =0x55,0x66,0x77,0x88
$key_position = 0

# XOR
for($i=0; $i -lt $file1_b.Count; $i++)
{
$xord_byte_array[$i] = $file1_b[$i] -bxor $key[$key_position]
$key_position += 1
if ($key_position -eq $key.Length) {$key_position = 0}
}
# Write the XORd bytes to the output file
[System.IO.File]::WriteAllBytes("$out", $xord_byte_array)

Write-host "$out" -foregroundcolor yellow -nonewline; Write-host ".";

 

2

The forums are not a script writing service, you should make an effort. Start by looking at Get-ChildItem, you can do this by doing:

Get-Help Get-ChildItem -Full

There are examples to look at a directory and to return specific extensions. Next, you need to do a loop, which is

foreach

in the loop, you would be able to call the script with dot (.) notation (script is in the root of working directory):

.\xorcrypt.ps1

or

. C:\Scripts\xorcrypt.ps1

If you even search this forum for Get-ChildItem, you will find thousands of examples.

3

Greeting Friend. I am actually trying to create a script that gets all logs files on a number of remote computers. I decided to use Get-WinEvent. However, from what I observe, Get-WinEvent get all the logs file but categorize them using RecordCount. please, could there be a way of expanding each of these recodCount values and get all log files related to each logName? For the meantime, I was able to come up with the below script, I don’t know if this is the best way. A suggestion for this will be appreciated.

param (
[parameter(Mandatory=$true,
valueFromPipeLine=$true)] $groupName,
[switch]$LogErrors,
$CSVPath
)
#-------------------------------------------Create a Folder in C:\ write files to it---------------------------------------------
if(Test-path -path C:\file){
Write-Verbose "A Folder Called Filed exist in this path"
Get-ADGroupMember -Identity $groupName | Select-Object name |Export-Csv 'C:\File\ApplicationErrorLog.csv' -NoTypeInformation
} Else {
Write-Verbose "No Folder Called File Exist in the Path, Folder Created"
New-Item -Name File -itemType Directory -Path C:\
Get-ADGroupMember -Identity $groupName | Select-Object name |Export-Csv 'C:\File\ApplicationErrorLog.csv' -NoTypeInformation
}
#-------------------------------------------Importing file applicattionErrorLog From File------------------------------------------
$impComps = Import-Csv -Path C:\File\ApplicationErrorLog.csv
#------------------------------------------Using For Each to loop through each Computer-------------------------------------------------------------------------
Foreach($comps in $impComps.name){
Write-Progress "Please Wait why we collate all error Logs"
Get-WinEvent -LogName System -ComputerName $comps -ErrorAction SilentlyContinue -ErrorVariable Err |
Select-Object machineName, id, TimeCreated, user,LogName,levelDisplay, LevelName, Message |
Out-File -FilePath C:\File\CompsErrorLogs.txt -Append
Get-WinEvent -LogName Application -ComputerName $comps -ErrorAction SilentlyContinue -ErrorVariable Err |
Select-Object machineName, id, TimeCreated, userid,LogName,levelDisplay, LevelName, Message |
Out-File -FilePath C:\File\CompsErrorLogs.txt -Append
Get-WinEvent -LogName Security -ComputerName $comps -ErrorAction SilentlyContinue -ErrorVariable Err |
Select-Object machineName, id, TimeCreated, userid,LogName,levelDisplay, LevelName, Message |
Out-File -FilePath C:\File\CompsErrorLogs.txt -Append
$err | Out-File -FilePath C:\File\Errors.txt -Append
}
4

Yeah. I will process these files one by one faster than I will learn the basics of PS.

Anyway - thanks

5

[quote quote=192445]Yeah. I will process these files one by one faster than I will learn the basics of PS.

Anyway – thanks[/quote]

But if you start to learn the basics of Powershell now it would help you in the future to accomplish tasks like this much much faster than to do it one by one by hand. If you plan to keep working in Windows environments it will definitely pay off for you in the future. :wink:

6

I need no such wisdom. Instead, I would like someone to improve my script. For experts it is probably a piece of cake

7

Is this to be used in a work environment? For security reasons, you should not accept code from a stranger on the Internet and run it on your computer if you don’t understand how it works or what it does. If your company has security people who are paying attention, you might get fired for running unverified code. If not, you might break something and then get fired.

If you don’t understand how it works, how would you know? A mechanic may know how to fix a car engine, but that doesn’t mean it’s “a piece of cake” to do it.

8

The script was actually scripted by me. Why i posted the script on the forum is to know if it follows Powershell best practice. And if there could be a better way of improving my lines of codes.

9

[quote quote=193370]The script was actually scripted by me. Why i posted the script on the forum is to know if it follows Powershell best practice. And if there could be a better way of improving my lines of codes.

[/quote]

I think you are trying to use PS in a place where I would not (even though I always prefer to use PS).
Check out this, it might be the solution you are after:
https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection

10

Thanks Aapeli. The article you posted is really helpful. However, I was able to come up with the below script as the final solution to the problem I’m trying to resolve.

[Cmdletbinding ()]
param (
[parameter(Mandatory=$true,
valueFromPipeLine=$true)] $groupName,
[switch]$LogErrors,
$exportFileLocation
)
#-----------Pending Development--------------------------------Declearing the start and End Date -------------------------------------------------
<#$Str_date = Read-Host ‘Enter Start Date (mm/dd/yyyy)’
$start_Date = Get-date $Str_date

$input_End_Date = Read-Host ‘Enter End Date (mm/dd/yyyy)’
$End_Date = Get-Date -Date $input_End_Date
#>

#-------------------------------------------Create a Folder in C:\ write files to it---------------------------------------------
if(Test-path -path C:\file){
Write-Verbose “A Folder Called Filed exist in this path”
Get-ADGroupMember -Identity $groupName | Select-Object name |Export-Csv ‘C:\File\ApplicationErrorLog.csv’ -NoTypeInformation
} Else {
Write-Verbose “No Folder Called File Exist in the Path, Folder Created”
New-Item -Name File -itemType Directory -Path C:
Get-ADGroupMember -Identity $groupName | Select-Object name |Export-Csv ‘C:\File\ApplicationErrorLog.csv’ -NoTypeInformation
}

#-------------------------------------------Importing file applicattionErrorLog From File------------------------------------------
$impComps = Import-Csv -Path C:\File\ApplicationErrorLog.csv

#------------------------------------------Using For Each to loop through each Computer--------------------------------------------

Foreach($comps in $impComps.name) {
try {
Invoke-Command -ComputerName $comps -ScriptBlock {Get-EventLog -LogName Security -EntryType FailureAudit |
Select-Object MachineName,UserName,TimeWritten, Source, EventID,message |
Format-Table -Wrap} -ErrorAction Stop -ErrorVariable Err |
Out-file -FilePath C:\Users\ealbert\Desktop\Checked\SecurityErrorDetails.txt -append

Invoke-Command -ComputerName $comps -ScriptBlock {Get-EventLog -LogName System -EntryType Error |
Select-Object MachineName,UserName,TimeWritten, Source, EventID,message |
Format-Table -Wrap} -ErrorAction Stop -ErrorVariable Err |
Out-file -FilePath C:\Users\ealbert\Desktop\Checked\SystemErrorDetails.txt -append

}
catch {
if($LogErrors){
write-host “$Comps Not responding, Error Has Been Writting to a file in C:\Users\ealbert\Desktop\Checked\Error.txt”
$Err | Out-File -FilePath C:\Users\ealbert\Desktop\Checked\Error.txt -Append
} Else {
Write-Output “Computers Not Responding will not be cached”
}
}
}