Solved

How do I troubleshoot the Set-Strictmode Powershell command?

Posted on 2015-02-06
8
206 Views
Last Modified: 2015-02-06
Hi Expert,

Why does line 4, Get-WinEvent, fail when I add the 'Set-StrictMode -Version Latest' entry?
What is the best way to troubleshoot results from this setting?

Thank you. CuriousMAUser

Set-StrictMode -Version Latest
 $cred = Get-Credential Domain\admin
# Grab the events from a DC
 $Events = Get-WinEvent -ComputerName DC01 -Credential $cred -FilterHashTable @{Logname='Security';ID=4729}  

# Parse out the event message data
 ForEach ($Event in $Events) {
  # Convert the event to XML
  $eventXML= [xml]$Event.ToXml()
 
  # Iterate through each one of the XML message properties
  For ($i=0; $i -lt $eventXML.Event.EventData.Data.Count; $i++) {
 
  # Append these as object properties
  Add-Member -InputObject $Event -MemberType NoteProperty -Force `
    -Name $eventXML.Event.EventData.Data[$i].name `
    -Value $eventXML.event.eventData.Data[$i].'#text'
 
  # View the results with your favorite output method
  $Events | Select-Object -property MemberName, ID, TargetUserName, TargetDomainName, TimeCreated, Message | export-csv C:\Scripts\WinEventID4729.csv

   }
}
0
Comment
Question by:CuriousMAUser
  • 4
  • 3
8 Comments
 
LVL 69

Expert Comment

by:Qlemo
ID: 40594627
First step with PowerShell is always to read the error message. PS is verbose on failure.
Which PS release are you running?
0
 

Author Comment

by:CuriousMAUser
ID: 40594649
Thank you, Qlemo.

Of course, I tried to repeat the process and was unable to repeat the error.

I started with
Set-StrictMode -Version 4 - ran the script successfully
Set-StrictMode -Version Latest - ran the script successfully

Hmmmm. The error did appear once, maybe I had a fat figure error and the syntax was incorrect. I'll keep testing and see what I find. If I can't repeat the error I'll close the ticket. Thank you for the quick response.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40594678
Just has been some kind of typo or other failure probably.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:CuriousMAUser
ID: 40594680
Hi Qlem,

A different script did create an error message:
System.Management.Automation.RuntimeException
The variable '$UserName' cannot be retrieved because it has not been set.
System.Management.Automation.RuntimeException
The variable '$UserName' cannot be retrieved because it has not been set.

The variable $UserName needs to be defined. Does that belong before the 'try' statement? Can you supply an example?
*********************************************************
Set-ExecutionPolicy remotesigned -Force
Import-module activedirectory

Set-StrictMode -Version Latest

try{
 $SearchID='4728'
 get-childitem "C:\EventLog\SecurityEvents.evtx" | select FullName | forEach{
  %{get-winevent  -filterHashTable @{path=$psitem.Fullname;ID=$SearchID } -ErrorAction Stop   |                
     ? {$psitem.Properties[5].Value -match $UserName}   |  
     Select-Object -Property TimeCreated, `
                             @{Name='SecurityId';Expression={$psitem.Properties[4].Value}}, `
                             @{Name='AccountName';Expression={$psitem.Properties[5].Value}}, `
                             @{Name='AccountDomain';Expression={$psitem.Properties[6].Value}}, `
                             @{Name='LogonId';Expression={$psitem.Properties[7].Value}}, `
                             @{Name='LogonType';Expression={$psitem.Properties[8].Value}}, `
                             @{Name='Description';Expression={$psitem.Message}}, `
     Format-Table
 }  }
 }
 Catch{
 $psitem.Exception.GetType().FullName
 $psitem.Exception.Message
 }
#
# Event Code 4729
#
try{
 $SearchID='4729'
 get-childitem "C:\EventLog\SecurityEvents.evtx" | select FullName | forEach{
  %{get-winevent  -filterHashTable @{path=$psitem.Fullname;ID=$SearchID } -ErrorAction Stop   |                
     ? {$psitem.Properties[5].Value -match $UserName}   |  
     Select-Object -Property TimeCreated, `
                             @{Name='SecurityId';Expression={$psitem.Properties[4].Value}}, `
                             @{Name='AccountName';Expression={$psitem.Properties[5].Value}}, `
                             @{Name='AccountDomain';Expression={$psitem.Properties[6].Value}}, `
                             @{Name='LogonId';Expression={$psitem.Properties[7].Value}}, `
                             @{Name='LogonType';Expression={$psitem.Properties[8].Value}}, `
                             @{Name='Description';Expression={$psitem.Message}},
     Format-Table
 }  }
 }
 Catch{
 $psitem.Exception.GetType().FullName
 $psitem.Exception.Message
 }
0
 

Author Comment

by:CuriousMAUser
ID: 40594713
I've requested that this question be closed as follows:

Accepted answer: 0 points for CuriousMAUser's comment #a40594680

for the following reason:

Hi Qlem,

Thank you for your response to the first question. Sorry I tried to slip in another. :-)

Enjoy the weekend. I'll work on the variable question myself. That was a lazy response.

Thank you. You've opened my eyes to what to ask.
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40594701
Doesn't matter if you put it inside or outside of the block.
I'm not certain I understand the meaning of $psitem, though.
And off course it is bad style to repeat the same code just changing the event ID.
0
 

Author Closing Comment

by:CuriousMAUser
ID: 40594714
Good point, thx
0
 
LVL 40

Expert Comment

by:footech
ID: 40594761
$psitem is the same as $_
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question