Get-WinEvent, whoamni ==>who-is-there, icacls, files
Events
Post-Event Info Expertslive Conference 2021
Find Videos and Pictures here
Azure Security Cafe September 22, 2021
Find more Infos here.
Snippets
Get-WinEvent – The complete guide
Adam Listek wrote agreat summary on Get-Winevent, the swiss-army-knife for windows eventlog management with PowerShell. If you need to managa windows boxes, and want to get more knowledge out of logs, read this !
Who is logged on to this computer ?
For linux users its clear, whoami tells you the currently logged on user. „whoami.exe“ also exists quite a long time on windows, so this is a no-brainer. Bit if you want to know ALL users, which are logged on currently to a computer, the thing gets tricky. Read June Castillotes blog on this challenge and its solutions.
Manage file permissions with icacls and PowerShell
icacls.exe, a command which was called cacls.exe on Windows Server 2003 and is on the Windows OS beginning with 2000 is the tool of choice if you want to manage file permissions. as there is no adequate solution with PowerShell, invest some time on reading this blog and learn insights on file permissions.
Manage Files with Powershell
Great fit to the article above, PowerShell file management explained by John Case.
Photo by mostafa meraji on Unsplash