Write Event to Windows Event Log using PowerShell

 

Creating an EventLog entry using PowerShell is shown below:

Write-EventLog -LogName 'Application' -Source 'MyEventSource' -EventID 1000 -EntryType Warning -Message "This is a test of writing to the Event Log using PowerShell."

 

Note: The Event Source needs to be created before writing entries to the Event Log. (See this post for further info: Create Event Source with PowerShell)

 

 

Useful command lines to access different parts of Windows Control Panel

Use these commands (.cpl) to gain fast access to different part of the Windows Control Panel:

Action Center                   wscui.cpl
Add/Remove Programs             appwiz.cpl
Date/Time Properties            timedate.cpl
Device Manager                  hdwwiz.cpl
Display Properties              desk.cpl
Fonts Folder                    fonts
Internet Properties             inetcpl.cpl
Game Controller Properties      joy.cpl
Keyboard Properties             main.cpl keyboard
Mouse Properties                main.cpl
Network Properties              ncpa.cpl
Pen and Touch Properties        tabletpc.cpl
People Near Me Properties       collab.cpl
Phone and Modem Properties      telephon.cpl
Power Management                powercfg.cpl
Regional Settings               intl.cpl
Sound Properties                mmsys.cpl
System Properties               sysdm.cpl
Windows Firewall Properties     firewall.cpl

Create Event Source with PowerShell

To create a Event Source in PowerShell use this:

$Source = "MyEventSource"
if ([System.Diagnostics.EventLog]::SourceExists($Source) -eq $false {
  [System.Diagnostics.EventLog]::CreateEventSource($Source, "Application")
}

Get more info on CreateEventSource method here : http://msdn.microsoft.com/en-us/library/2awhba7a.aspx

 

In PowerShell 2.0 this is even simpler:

$Source = "MyEventSource"
New-EventLog -LogName Application -Source $Source

 

Enumerate COM classes using WMI

 

Quick and short way of enumerating COM classes is using the WMI class Win32_ClassicComClassSetting.

Example:

 

Get-WmiObject win32_ClassicComClassSetting | Select-Object ProgID | Group-Object ProgID | Select-Object Name | Sort-Object Name

 

EventLog: Determine Windows startup (Event Log Service)

To determine when Windows was started search for Event ID 6005 in the System Event Log. The entry should look like this:

Log Name:     System
Source:       EventLog
Event ID:     6005
User:         N/A
Computer:     computername
Description:  The Event log service was started.