Retrieving Windows Defender Exploit Guard Windows Event logs with PowerShell

Most of the features included in Windows Defender Exploit Guard can be enabled in audit or block mode. The impact can then be analyzed either by looking at the corresponding Windows Event log entries or through advanced hunting queries in Read More …

PowerShell Script – Get Group Policy events by CorrelationID

Update: 22. August 2014: I have posted an updated version of the script here. During his Group Policy: Notes from the Field – Tips, Tricks, and Troubleshooting session at TechEd Group Policy MVP Jeremy Moskowitz demonstrates how to filter the Read More …

Retrieve Windows Boot Time Script

Here’s a small batch script to get the Windows 7 Boot time shown in milliseconds. @echo off FOR /F "Tokens=4" %%a IN (‘%windir%\system32\wevtutil.exe qe Microsoft-Windows-Diagnostics-Performance/Operational /rd:true /f:Text /c:1 /q:"*[System[(EventID = 100)]]"  /e:Events ^| FIND "Duration"’) DO SET BTIME=%%a ECHO Boot Read More …