Retrieving Information

Retrieving System Information

Get-ComputerInfo

Provides information about the operating system details, hardware information, and more.

PS C:\Users\Administrator> Get-ComputerInfo

WindowsBuildLabEx                                       : 17763.1.amd64fre.rs5_release.180914-1434
WindowsCurrentVersion                                   : 6.3
WindowsEditionId                                        : ServerStandard
WindowsInstallationType                                 : Server
WindowsInstallDateFromRegistry                          : 3/20/2024 4:48:20 AM
WindowsProductId                                        : 00429-00000-00001-AA815
WindowsProductName                                      : Windows Server 2019 Standard
WindowsRegisteredOrganization                           :
WindowsRegisteredOwner                                  : Windows User
WindowsSystemRoot                                       : C:\Windows
WindowsVersion                                          : 1809
BiosCharacteristics                                     :
BiosBIOSVersion                                         : {BOCHS  - 1}
BiosBuildNumber                                         :
BiosCaption                                             : Default System 
BIOSBiosCodeSet                                         :
BiosCurrentLanguage                                     :
BiosDescription                                         : Default System BIOS
...

win32_OperatingSystem Class

Ideal for replicating the target system and conducting tests.

PS C:\Users\Administrator> Get-WmiObject -Class win32_OperatingSystem

SystemDirectory : C:\Windows\system32
Organization    :BuildNumber     : 17763
RegisteredUser  : Windows User
SerialNumber    : 00429-00000-00001-AA815
Version         : 10.0.17763

Viewing Installed Updates

The Get-Hotfix command is used to display all updates (hotfixes) installed either via Windows Update or manually by users.

PS C:\Users\Administrator> Get-Hotfix

Source        Description      HotFixID      InstalledBy          InstalledOn
------        -----------      --------      -----------          -----------
SRV2019       Update           KB4464455                          10/29/2018 12:00:00 AM
...

Defender

Provides information about Defender services.

PS C:\Users\Administrator> Get-Service | Where-Object DisplayName -like '*Defender*'

Status   Name               DisplayName
------   ----               -----------
Running  mpssvc             Windows Defender Firewall
Stopped  Sense              Windows Defender Advanced Threat Protection
Running  WdNisSvc           Windows Defender Antivirus Network Inspection Service
Running  WinDefend          Windows Defender Antivirus Service

Retrieving Information About Files

Searching for Text in Files

To find any text in all files, you can use the following command:

Get-ChildItem -Recurse *.* | Select-String -Pattern "SEARCH_STR"

File Permissions

There is a command to view the Access Control List (ACL). ACL is a list of users or groups with permissions (Read, Write, Delete, etc.) to access a file or folder.

Get-Acl file.txt

File Hashes

You can use this to get the hash of any file for searching, comparison, etc.

Get-FileHash file.txt