Initial commit

Moving PowerEvents project from CodePlex to GitHub.

Author: pcgeek86

Functions/Get-ToDoList.ps1

@@ -0,0 +1,16 @@
+<#
+
+    Author: Trevor Sullivan
+      Date: 2014-02-09
+   Purpose: Retrieves a list of TODO items from the supporting scripts of this
+            PowerShell module, and indicates the line number and file in which each
+            item is located.
+#>
+
+Clear-Host;
+$ScriptList = Get-ChildItem -Path $PSScriptRoot\* -Include *.ps1;
+
+foreach ($Script in $ScriptList) {
+    $Result = (Get-Content -Path $Script.FullName) -match '(?<=#.*)(?<!DONE.*)TODO(?!.*DONE)';
+    $Result | Select-Object -Property PSChildName,ReadCount,@{ Name = 'String'; Expression = { $_.Trim(); } };
+}

Functions/Get-WmiEventBinding.ps1

@@ -0,0 +1,106 @@
+function Get-WmiEventBinding
+{
+	[CmdletBinding(SupportsShouldProcess = $false)]
+	<#
+		.Synopsis
+		Retrieves WMI event bindings
+		
+		.Description
+		The Get-WmiEventBinding function retrieves WMI event binding instances from the specified computer
+        and WMI namespace. You can specify either the -Filter or -Consumer parameter, to identify which
+        WMI event bindings you would like to retrieve, based on the bound filter or consumer. WMI event
+        bindings are instances of the __FilterToConsumerBinding WMI class.
+		
+		.Parameter Namespace
+		The namespace in which to retrieve WMI event bindings from.
+		
+		.Parameter Filter
+		The name of the WMI event filter that you would like to retrieve 
+		
+		.Parameter ComputerName
+		The computer on which to retrieve __FilterToConsumerBinding instances.
+	#>
+	Param(
+		# The name of the WMI event filter to retrieve. The name property is the key on the __FilterToConsumerBinding system WMI class.
+		[Parameter(
+			  Mandatory   = $false
+			, HelpMessage = "Please specify the name of the WMI event filter instance that you would like to retrieve bindings for."
+            , ParameterSetName = 'filter'
+		)]
+		[string]
+		${Filter}
+		,
+        [Parameter(ParameterSetName = 'consumer')]
+        [string]
+        ${Consumer}
+        ,
+		# The WMI namespace to retrieve event filters from.
+		# TODO: Provide an option to retrieve ALL event filters from ALL namespaces?
+        [Parameter(ValueFromPipelineByPropertyName = $true)]
+        [Alias('ns')]
+        [string]
+		${Namespace}
+		,
+        [Parameter(ValueFromPipelineByPropertyName = $true)]
+        [Alias('cn')]
+        [ValidateScript({
+            if (Test-Connection -ComputerName $_ -Count 1) { $true; }
+            else { $false; }
+            })]
+		[string]
+		${ComputerName} = '.'
+		,
+		# TODO: Implement parameter to allow searching of the query text
+		[string]
+		${QuerySearchString}
+        ,
+        [Parameter(ParameterSetName = 'all')]
+        [switch]
+        ${All}
+	)
+	
+	begin
+	{
+		# Get the cmdlet name for writing dynamic log messages
+		${CmdletName} = $Pscmdlet.MyInvocation.MyCommand.Name
+        ${ParameterSetName} = $Pscmdlet.ParameterSetName;
+
+		Write-Verbose -Message "${CmdletName}: Start running BEGIN block";
+	}
+
+    process {
+		Write-Verbose -Message "${CmdletName}: Start running PROCESS block";
+
+        if (${ParameterSetName} = 'all') {
+            $BindingList = Get-WmiObject -ComputerName ${ComputerName} -Namespace ${Namespace} -Class __FilterToConsumerBinding;
+        }
+        elseif (${ParameterSetName} = 'filter') {
+            ${WmiQuery} = "REFERENCES OF {__EventFilter='{0}'} WHERE ResultClass = __FilterToConsumerBinding" -f ${Filter};
+            $BindingList = Get-WmiObject -ComputerName ${ComputerName} -Namespace ${Namespace} -Query ${WmiQuery} -ErrorAction Stop;
+        }
+        elseif (${ParameterSetName} = 'consumer') {
+            ${WmiQuery} = "REFERENCES OF {__EventConsumer='{0}'} WHERE ResultClass = __FilterToConsumerBinding" -f ${Consumer};
+            $BindingList = Get-WmiObject -ComputerName ${ComputerName} -Namespace ${Namespace} -Query ${WmiQuery} -ErrorAction Stop;
+        }
+        # Get a list of WMI filter-to-consumer bindings
+
+        if ($BindingList) {
+            Write-Output -InputObject $BindingList;
+        }
+        else {
+            Write-Error -Message ('{0}: Could not find any matching WMI event bindings' -f ${CmdletName});
+        }
+		# Translate asterisks (wildcards) to percent signs (WMI wildcards)
+		#${Name} = ${Name}.Replace("*", "%");
+    }
+
+    end {
+    }
+}
+
+# Export the Get-WmiEventBinding function
+Export-ModuleMember -Function Get-WmiEventBinding;
+
+# Export an alias for the function
+New-Alias -Name gwmib -Value Get-WmiEventBinding;
+Export-ModuleMember -Alias gwmib

Functions/Get-WmiEventConsumer.ps1

@@ -0,0 +1,134 @@
+function Get-WmiEventConsumer
+{
+	<#
+	.Synopsis
+	Retrieves WMI event consumer objects.
+	
+	.Description
+	Retrieves WMI event consumers instances based on criteria passed to the function. The -Namespace All parameter value can be used to retrieve instances in all WMI namespaces on a given computer.
+	
+	.Link
+	http://trevorsullivan.net
+	
+	.Link
+	http://powershell.artofshell.com
+	#>
+	
+	[CmdletBinding(
+		  SupportsShouldProcess = $false
+		, SupportsTransactions  = $false
+		, ConfirmImpact         = 'Low'
+	)]
+
+    #region PARAM block
+	param (
+		[parameter(
+			  Mandatory   = $false
+			, HelpMessage = "Please specify the name of event consumer you would like to retrieve."
+		)]
+		[string]
+		${Name}
+		,
+        [Parameter(ValueFromPipelineByPropertyName = $true)]
+		[string]
+		${Namespace} = 'root\subscription'
+		,
+		# In the interest of think + type, I've adjusted these types from their actual WMI class names
+		#   EventLog    = NTEventLogEventConsumer
+		#   LogFile     = LogFileEventConsumer 
+		#   Script      = ActiveScriptEventConsumer
+		#   CommandLine = CommandLineEventConsumer
+		#   SMTP        = SMTPEventConsumer
+		[parameter(
+			  Mandatory   = $false
+			, HelpMessage = "Please specify the type of event consumer you would like to retrieve."
+		)]
+		[ValidateSet(
+			  'EventLog'
+			, 'LogFile'
+			, 'CommandLine'
+			, 'Script'
+			, 'SMTP'
+		)]
+		[alias('Type')]
+		${ConsumerType}
+        ,
+        [Parameter(ValueFromPipelineByPropertyName = $true)]
+        [Alias('cn')]
+        [ValidateScript({
+            if (Test-Connection -ComputerName $_ -Count 1) { $true; }
+            else { $false; }
+            })]
+        [string]
+        ${ComputerName} = '.'
+	)
+    #endregion PARAM block
+	
+	Begin
+	{
+		# Get the cmdlet name for writing dynamic log messages
+		${CmdletName} = $Pscmdlet.MyInvocation.MyCommand.Name;
+        Write-Verbose -Message ('{0}: Start running BEGIN block' -f ${CmdletName});
+
+		$ConsumerClasses = @{
+			Script      = "ActiveScriptEventConsumer";
+			SMTP        = "SMTPEventConsumer";
+			EventLog    = "NTEventLogEventConsumer";
+			LogFile     = "LogFileEventConsumer";
+			CommandLine = "CommandLineEventConsumer";
+		}
+	}
+
+	Process
+	{
+        Write-Verbose -Message ('{0}: Start running BEGIN block' -f ${CmdletName});
+
+		if (${Namespace} -ne 'All')
+		{
+			# Translate asterisks (wildcards) to percent signs (WMI wildcards)
+			${Name} = ${Name}.Replace("*", "%")
+
+			# $ConsumerList is an array that holds a list of WMI event consumers returned from WMI.
+			# If multiple namespaces are queries for consumers, this will consolidate the results into a single variable.
+			$ConsumerList = @();
+
+			${ConsumerQuery} = "select * from __EventConsumer";
+            if ($ConsumerType) {
+                ${ConsumerQuery} += " where __CLASS = '{0}'" -f ${ConsumerClasses}.${ConsumerType};
+            }
+
+			Write-Verbose -Message ("${CmdletName}: Consumer query is: " + ${ConsumerQuery});
+			${EventConsumerList} = Get-WmiObject -ComputerName ${ComputerName} -Query ${ConsumerQuery} -Namespace ${Namespace};
+			
+			if (${EventConsumerList})
+			{
+				Write-Verbose -Message ("${CmdletName}: Retrieved " + $Filters.Count + " event consumers from the ${Namespace} namespace.");
+                foreach ($EventConsumer in $EventConsumerList) {
+                    ${ConsumerList} += ${EventConsumer};
+                }
+			}
+			else
+			{
+				Write-Verbose -Message ("${CmdletName}: Could not find any consumers with the specified name and type.");
+			}
+				
+			
+			Write-Output -InputObject ${ConsumerList};
+		}
+		else
+		{
+			
+		}
+	}
+
+    end {
+        Write-Verbose -Message ('{0}: Start running END block' -f ${CmdletName});
+    }
+}
+
+# Export the Get-WmiEventConsumer function
+Export-ModuleMember -Function Get-WmiEventConsumer
+
+# Create an alias for the function
+New-Alias -Name gwmic -Value Get-WmiEventConsumer;
+Export-ModuleMember -Alias gwmic;

Functions/Get-WmiEventFilter.ps1

@@ -0,0 +1,94 @@
+function Get-WmiEventFilter
+{
+	[CmdletBinding(SupportsShouldProcess = $false)]
+	<#
+		.Synopsis
+		Retrieves an existing WMI event filter.
+		
+		.Description
+		Retrieves an existing WMI event filter.
+		
+		.Parameter Namespace
+		The namespace in which to retrieve __EventFilter instances from.
+		
+		.Parameter Name
+		The name of the __EventFilter instance to retrieve.
+		
+		.Parameter ComputerName
+		The computer on which to retrieve __EventFilter instances.
+		
+		.Parameter QuerySearchString
+		String to search for inside the event filter's query text.
+		
+		.Inputs
+		
+	#>
+	Param(
+		# The name of the WMI event filter to retrieve. The name property is the key on the __EventFilter system WMI class.
+		[Parameter(
+			  Mandatory   = $false
+			, HelpMessage = "Please specify the name of the __EventFilter instance you would like to retrieve. Wildcards are acceptable."
+            , ValueFromPipelineByPropertyName = $true
+            , ValueFromPipeline = $true
+		)]
+		[string]
+		${Name}
+		,
+		# The WMI namespace to retrieve event filters from.
+		# TODO: Provide an option to retrieve ALL event filters from ALL namespaces?
+		[Parameter(ValueFromPipelineByPropertyName = $true)]
+        [string]
+		${Namespace} = 'root\subscription'
+		,
+        [Parameter(ValueFromPipelineByPropertyName = $true)]
+        [ValidateScript({
+            if (Test-Connection -ComputerName $_ -Count 1) { $true; }
+            else { $false; }
+            })]
+		[string]
+		${ComputerName} = '.'
+		,
+		# TODO: Implement parameter to allow searching of the query text
+		[string]
+		[ValidateNotNull()]
+		${QuerySearchString}
+	)
+	
+	begin
+	{
+		${CmdletName} = $Pscmdlet.MyInvocation.MyCommand.Name;
+
+		Write-Debug -Message "${CmdletName}: `${Name} parameter's value is: ${Name}";
+		Write-Debug -Message "${CmdletName}: `${Namespace} parameter's value is: ${Name}";
+		Write-Debug -Message "${CmdletName}: `${QuerySearchString} parameter's value is: ${Name}";
+		
+		if (${Name})
+		{
+			# Translate asterisks (wildcards) to percent signs (WMI wildcards)
+			${Name} = ${Name}.Replace("*", "%");
+			${EventFilters} = Get-WmiObject -Namespace ${Namespace} -Query "SELECT * FROM __EventFilter WHERE Name LIKE '${Name}'";
+		}
+		else
+		{
+			# Translate asterisks (wildcards) to percent signs (WMI wildcards)
+			${QuerySearchString} = ${QuerySearchString}.Replace("*", "%");
+			${EventFilters} = Get-WmiObject -Query "SELECT * FROM __EventFilter WHERE Query LIKE '${QuerySearchString}'";
+		}
+
+		if (${EventFilters})
+		{
+			Write-Verbose -Message "${CmdletName}: Found $(${EventFilters}.psbase.Length) event filters";
+			Write-Output -InputObject ${EventFilters};
+		}
+		else
+		{
+			Write-Warning -Message "${CmdletName}: No event filters were found with the specified criteria.";
+		}
+	}
+}
+
+Export-ModuleMember -Function Get-WmiEventFilter;
+
+# Create alias for the Get-WmiEventFilter function
+New-Alias -Name gwmif -Value Get-WmiEventFilter;
+Export-ModuleMember -Alias gwmif;