In this assignment, you will determine the PowerShell cmdlets that correctly:
•Extract information from registry values
•Retrieve information using WMI
•Extract information from Windows Event Logs
Copy the assignment below to a Word document. Respond using complete sentences, except where a command or command output is requested. Note: In order to receive full credit, you must maintain the numbering system of the exercises.
1.Software that is installed on windows systems are recorded in the registry the HKEY_LOCAL_MACHINE hive in the SoftwareMicrosoftWindows CurrentVersionUninstall registry key.
1.Determine the number of software applications installed (number of subkeys in this key)
2.Output the name of each of the applications to the applications.txt file
2.Installed software can also be determined through WMI.
1.Use the Win32_Programs WMI object to determine how many applications are installed on the local system.
2.Explain why the number of installed applications determined by the Win32_product WMI object is less that the number of installed applications determined by reading the registry.
3.The Win32_NeworkProtocol, Win32_NetworkAdapter, Win32_NetworkAdapterConfiguration, and Win32_NetworkAdapterSetting WMI objects are used to extract information from a computer system concerning network protocol and adapters.
1.Use a WMI object to determine the number of network adapters installed in your system. Record the command and output.
2.Use a WMI object to output to screen the IP addresses assigned to the adapters. Record the command and the output of the command.
3.Use a WMI object to list the names of installed network protocols. Record the command.
4.Windows Security event logs can record successful and unsuccessful logon events. For Windows Vista, Windows 7 and Server2003, Event ID 4624 is "success logon" and Event ID 4625 is the "failed logon".
1.Issue a command that will show the most recent entry in the Windows security event log. Pipe this command to Get-member to view the properties and methods. Record the command.
2.Issue a command that will show the 100 most recent entries in the Windows security event log showing only those entries that were a successful logon event. Assign the output of this command to $LogonEvent. Record the command.
3.Issue a command that will show the Message of the first event recorded in $LogonEvent. Record the command
4.Note the Logon Type: line. Note that there are three unspecified characters between Logon Type: and its code number.
Logon Type
Description
2Interactive (logon at keyboard and screen of system)
3Network (i.e. connection to shared folder on this computer from elsewhere on network)
4Batch (i.e. scheduled task)
5Service (Service startup)
7Unlock (i.e. unattended workstation with password protected screen saver)
8NetworkCleartext (Logon with credentials sent in the clear text.)
9NewCredentials such as with RunAs or mapping a network drive with alternate credentials.
10RemoteInteractive (Terminal Services, Remote Desktop or Remote Assistance)
11CachedInteractive (logon with cached domain credentials such as when logging on to a laptop when away from the network)
5.Issue a command that will show the 100 most recent entries in the Windows security event log showing only those entries that were a successful logon event by Interactive logon. Assign the output of this command to $InteractiveLogon. Record the command. (Hint: use regular expressions and string comparison)
6.Using $InteractiveLogon, determine how many interactive logons occurred during the newest 100 Security log entries. Record the command used.
Save and name your file as IST321_U4_Lab_Assignment1_Firstname Lastname.doc