Produces a native Windows network trace in etl format, downloads a signed Microsoft utility from GitHub and runs that to convert the etl file to a pcapng file that Wireshark can open.
After successful conversion the source etl trace will be deleted, leaving the converted file whose name and location will be in the output window.
Specifying output files on network shares may not work as the script needs to run as system so may not have access.
Address filters can be a comma separated list of IP addresses or resolveable names or leave blank to not filter.
Protocol filters can be a comma separated list of TCP, UDP, ICMP, IGMP or leave blank to not filter.
Ether type filters can be a comma separated list of IPv4, IPv6, ARP, etc or leave blank to not filter.
https://github.com/microsoft/etl2pcapng
View Script
Version: 1.2.20 •
Created: 2024-10-02 •
Modified: 2025-01-12
Performs analysis including:
Show bad event log entries for StoreFront
Check config sync if in cluster
Show log file contents
Analyse IIS log files
Check STA URLs
Check bindings and certificates
View Script
Version: 1.2.8 •
Created: 2024-07-30 •
Modified: 2025-01-12
Check various registry locations to see if a computer rename, domain join/disjoin, Component Based Servicing, Application updates or Windows Update has registered the need for a reboot.
Also check if the SCCM client is installed and if so query that for a reboot requirement
View Script
Version: 1.3.3 •
Created: 2024-05-24 •
Modified: 2024-05-26
Show the open Excel, Word or PowerPoint files for the user, highlighting the active one and naming the active sheet of the active workbook if Excel.
View Script
Version: 1.2.17 •
Created: 2024-02-29 •
Modified: 2024-05-31
This script shows the Monitor Capacity and Usage from the monitor side.
Works for both Cloud and On-Prem deployments!
RT 8.6.5 and higher only
View Script
Version: 2.0.2 •
Created: 2024-02-12 •
Modified: 2024-02-25
Looks for Event 45 around the start of the outlook.exe process and displays the load time of the plugins
View Script
Version: 2.1.5 •
Created: 2024-02-08 •
Modified: 2024-03-24
Use Azure Log Analytics data to find AVD Session Hosts which have not hosted any user sessions in the given timeframe. This can include both those powered up, which will likely incur more cost, as well as those not powered up.
Requires previously saved credentials for Azure for the user that runs the script - these can be stored using a ControlUp script.
View Script
Version: 1.0.7 •
Created: 2024-02-07 •
Modified: 2024-02-25
Show running drivers with different versions on two different systems and also show drivers that exist on one but not the other.
Also compares OS hotfixes between the two systems and shows any differences.
The account that runs the script must have remote WMI/CIM permission to the other machine.
View Script
Version: 1.1.9 •
Created: 2024-02-01 •
Modified: 2024-02-25
Checks for services and scheduled tasks that are configured to run using domain accounts. For such accounts, the script reports the password expiry date.
Use cases:
1) detecting expiry of accounts used for services, so that the account password may be renewed
2) detecting the use of domain accounts, as opposed to managed service accounts
View Script
Version: 1.1.12 •
Created: 2024-01-22 •
Modified: 2024-02-25
Reports or changes the host disk caching mode for the OS disk on an Azure VM.
With disk caching enabled, VMs can achieve higher levels of performance.
The VM does not need to be powered off and the change will have no noticeable effect on user's currently using that VM.
View Script
Version: 1.0.11 •
Created: 2023-11-28 •
Modified: 2024-01-26