Chapter 6. Working with Operating System Components
As an administration tool, MSH offers a range of cmdlets that give script authors and administrators access to most of the major stores of data within the operating system. In this chapter, we’ll take a look at the data sources that are readily available in MSH, from event logs to WMI, and the cmdlets that are available for making changes to operating system components.
Monitoring the Event Log
The operating system provides the event log service as a mechanism for allowing the system and applications running on it to record their activity in a nonintrusive fashion. If each operating system component and application decided to pop up a message whenever anything happened, an interactive user would never have a chance to get anything done. While the Event Viewer tool (eventvwr.exe) continues to allow an administrator to review, sort, and filter events from a graphical interface, MSH also provides a cmdlet for querying the event logs from within the shell.
Windows operating systems primarily store event records in three logs, separating events based on their relevance to different aspects of the system.
- Application log
The application log is the place in which applications running on the system can record events of note. It’s up to the application developer to determine which events are recorded in this log.
- Security log
The security log records activity related to user and system authorization and authentication: failed login attempts, ...
Get Monad (AKA PowerShell) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.