Say what’s up to PowerShell 5 (Part 24/27)

The next four posts in the series are dedicated to scripting.  I’m assuming you’ve gone through the 24 posts in this series on learning PowerShell 5.  So if you haven’t done that… well you’ve got some reading to do haha.

Today I’m going to walk you through building you very first PowerShell script.  This is an exciting time because learning how to write and read PowerShell scripts will make you incredibly valuable to any employer.  This is a coveted skill and you’re about to learn it in this post and the next three.

Let’s dive in!

How to build PowerShell Scripts

First you need to figure out what goal you’re trying to achieve.  What task are you trying to automate?

Once you have that in mind you can start by opening the PowerShell console and building out your cmdlet and parameters.

In this example, we’re going to return the last five error events from the Windows EventLog for several computers on our network.  We’ll save the output to a file.

One thing I should mention is that just because this script is simple doesn’t mean it isn’t powerful or can’t be extended.  For example, you can tweak any part of the script adding more computers to the -ComputerName parameter or saving the html file directly into your ISS 8.5 root web directory.  You could even use the -CssURI and -Head paremters to tweak the CSS and make your error report look really nice.

But I don’t want to complicate things – I mean this is your first script so let’s just get it running…

Let’s type and tab complete our command.

Get-EventLog -LogName System -Newest 5 -EntryType error


Now looking at the output you may discover that you don’t want all those properties returned.  So let’s just return the Time, Source and Message.

The column headers aren’t necessarily the exact parameter names so make sure you pipe your cmds to Get-Member first so you can get the exact names.

Get-EventLog -LogName System -Newest 5 -EntryType error| gm

For example the Time column is actually called TimeGenerated.

Get-EventLog | gm

Once we have that let’s continue building out our cmdlet for our script.

Get-EventLog -LogName System -Newest 5 -EntryType error | Select-Object TimeGenerated, Source, Message



Let’s run this command against several computers…

I’m going to run this from fs17alx1 because ws11alx1 is having networking issues so don’t let that trip you up… (you can actually see the ws10alx1 authentication errors in the event log output lol)

Get-EventLog -LogName System -Newest 5 -EntryType error -ComputerName dc16alx1, fs17alx1 | Select-Object TimeGenerated, Source, Message

ComputerName variable

Awesome.  Now let’s convert it to an HTML report.

Get-EventLog -LogName System -Newest 5 -EntryType error -ComputerName dc16alx1, fs17alx1 | Select-Object TimeGenerated, Source, Message | ConvertTo-HTML | Out-File C:\error-report.html


Now let’s save it as a .PS1 file (the default extension for scripts)  We techically could copy and paste into Notepad and save as a .ps1 but I think it’s cooler to just use Add-Content.  It’ll create our file as a PS1 and add the content all in one step.  We’ll name our script reportingErrors.ps1

Add-Content reportingErrors.ps1 "Get-EventLog -LogName System -Newest 5 -EntryType error -ComputerName dc16alx1, fs17alx1 | Select-Object TimeGenerated, Source, Message | ConvertTo-HTML | Out-File C:\error-report.html"


Now we can confirm the contents of the file with Get-Content

Get-Content .\reportErrors.ps1


And now we’re close to running it but not quite there. We need to change the execution policy from Restricted to Remote-Signed.

You see, by default, won’t all you to run local or internet scripts on your computer.  But if we set the Execution-Policy to Remote-Signed it lets us run any local script on our computer but still requires scripts download from the internet to have a valid digital signature from a trusted source.  This isn’t perfect security but it’s still a hurddle the bad guys need to jump over.  Well, actually it’s not really a hurdle at all, anyone can change this but I’m just trying to show you how to run your first script so chill out! lol.

Let’s view the current Execution-Policy


And change it so we can run the script

Set-Execution-Policy Remote-Signed

Now let’s look at the fruit of our labor

Start c:\error-report.html

HTML output

There you have it.  That’s a script.  Yes, a basic one but we’re just getting started.  In the next post we’ll go into a little more detail about writing scripts.

Stay tuned.


Connect with Vonnie on Twitter

Posted in Windows, Windows 10 Tagged with: