Windows 7 Can Teach You PowerShell–Inbuilt Wealth of Scripts

This is looking at all scripts included in Windows 7. These contain a lot of useful sample code.

The purpose here is to show you PowerShell scripts included in Windows and where I think the script contains useful code examples I’ve listed what they can show you how to do.

Maintenance Troubleshooter


Look in subfolders for example of localization.

  • CL_Utility.ps1

    • Using Environment Variables

    • Reading Registry

    • Retrieving Size of of Folder

    • Deleting Folder

    • Delete Folders older than x months

    • Get Free Disk Space

    • Build list of files older than a certain date

    • Convert KB to MB

    • Convert B to GB

    • Using delimited list

    • Convert Path to WQL Compatible Path

    • Test if Shortcut points to valid link

    • Using embedded C# and Interop to interact with COM

    • Update windows Time Source

    • Get status of service

    • Get System Drive Info

    • Check if machine is domain joined

    • Wait for a service to reach a particular status

  • RS_AdminDiagnosticHistory.ps1

  • RS_MachineWERQueue.ps1

  • RS_RemoveShortcuts

  • RS_RemoveUnusedDesktopIcons.ps1

    • Get file name from full path

    • Get proper date format

    • Using ArrayList

  • RS_SyncSystemTime

    • Get Time Sync Type

    • Update Time Sync Type

    • Restart Service

  • RS_UserDiagnosticHistory.ps1

  • RS_UserWERQueue.ps1

  • TS_BrokenShortcuts.ps1

    • Check a directory for list of broken shortcuts

  • TS_DiagnosticHistory.ps1

  • TS_InaccurateSystemTime.ps1

    • Check whether system time is accurate

  • TS_UnusedDesktopIcons.ps1

    • Get a list of unused files from a directory (i.e. haven’t been accessed in x months)

  • TS_VolumeErrors.ps1

    • Embedded C# with DLLImpot calling Windows APIs in Kernel32.DLL

    • Test if Volume is Dirty

  • TS_WERQueue.ps1

AERO Troubleshooter


  • CL_AeroFeature.ps1
    • Check if AeroTransperency is enabled
  • CL_Invocation.ps1
    • Start a process, wait to exit wtiem out
  • CL_LoadAssembly.ps1
    • Load Assembly by Namespace or from Path
  • CL_RegSnapin.ps1
    • Register/Unregister InstallUtil snap-in
  • CL_RunDiagnosticScript.ps1
  • CL_Utility.ps1
    • Get absolute path of a file name (i.e. Join-Path & Get-Location)
    • Get System Path
    • Get Runtime Path
    • Update Feature ASsessment
    • Check AERO Transparency using inline C# code and calls to dwmapi.dll
    • Retrieve Power Policy Info
    • Retrieve Theme Management using inline C# code
    • Retrieve Theme Source Code using inline C# code and COM
    • Compile C# Code
    • Convert Power source name
    • Wait for Service Status
  • CL_VideoMemory.ps1
    • Retrieve screen resolution data
    • Check Video Memory
    • Check Video Performance
  • CL_WinSAT.ps1
    • Check Video Memory Bandwidth
    • Check if WinSAT has run
    • Check if video card supports DirectX9.0
    • Check if video card supports Pixel Shader Model 2.0 or higher
    • Check if video card has WDDM driver
  • MF_AERODiagnostic.ps1
    • Embedded C# call windows API GetSystemMetrics in User32.dll
    • Check if running on remote session
  • RS_ChangeColorDepth.ps1
    • Using MonitorSnapin.dll to set color depth on each monitor
  • RS_ColorTheme.ps1
    • WMI query
    • Calling ThemeTool.exe to get get current theme, get theme status, and get current visual style name
  • RS_DWMEnable.ps1
    • Enable DWM through registry and service configuration
  • RS_PowerPolicySetting.ps1
    • Set Balanced Power Policy
  • RS_Themes.ps1
    • WMI queries
    • Restart Services
  • RS_Transparency.ps1
    • Enable AERO Transparency through registry and service restart
  • RS_UXSMS.ps1
    • WMI queries
    • Restart Services
  • RS_WinSat.ps1
    • Invoke WinSat Display Assessment
  • TS_ColorTheme.ps1
    • Use of ThemeTool.exe to get current theme, get theme status, get current visual style name
  • TS_DWMEnable.ps1
    • Use of DesktopWindowsMgmt.dll to see if DWM is enabled
  • TS_HardwareSupport.ps1
    • Processing XML Data (WinSat –i.e. Windows Experience Index XML data)
    • Detecting support for DirectX9 and Pixel Shader Model 2.0
    • Check video memory size
    • Use of MonitorSnapin.dll to check monitor resolution data
  • TS_LowColorDepth.ps1
    • Using MonitorSnapin.dll to check if any screen does not have 32-bit color enabled
  • TS_MirrorDriver.ps1
    • Embedded C# calling Windows APIs in User32.dll
    • Check whether mirror driver is running or not
  • TS_PowerPolicySetting.ps1
    • Checking current Power Policy
    • Using Regular Expressions
    • Using System.Windows.Forms.SystemInformation
  • TS_SKU.ps1
    • Check if AERO is enabled?
    • Using embedded C# & Interop to work with slc.dll
  • TS_Themes.ps1
    • Use of WMI to check status of Themes service
  • TS_Transparency.ps1
  • TS_UXSMS.ps1
    • Use of WMI to check status of UXSMS service
  • TS_WDDMDriver.ps1
    • Processing XML
    • Loading WinSat (Windows Experience) data to determine if WDDM driver is installed
  • TS_WinSat.ps1
    • Check whether WinSat (Windows Experience) has run

Audio Troubleshooter


  • CL_Invocation.ps1
    • Start a process, wait to exit wtiem out
  • CL_LoadAssembly.ps1
    • Load Assembly by Namespace or from Path
  • CL_RegSnapin.ps1
    • Register/Unregister InstallUtil snap-in
  • CL_RunDiagnosticScript.ps1
  • CL_Utility.ps1
    • Get Audio Device Type Name
    • Embedded C# & COM interaction –> IPolicyConfig
    • Get localized Audio Device Type Name
    • Get Device State Name
  • MF_AudioDiagnostic.ps1
    • Use AudioDiagnosticSnapIn.dll to get Audio Device ID
    • Use inline C# and interop with User32.dll to check if running in Remote Session
    • Export registry
  • RS_AudioService.ps1
    • Use WMI and ServiceProcess.ServiceController to check startup type of Audio services and reset to automatic if necessary
  • RS_ChangeVolume.ps1
    • Retrieve volume level of audio devices
  • RS_EnableInCPL.ps1
    • Enable audio device based on device ID
  • RS_NotDefault.ps1
    • Set Default Audio Device Endpoint
  • RS_Unmute.ps1
    • Check if audio device is muted, if it is unmute it
  • TS_AudioDeviceDriver.ps1
    • WMI to retrieve sound devices
    • Check for any sound devices with errors
    • Retrieve PNP Device ID of Audio Device
  • TS_AudioService.ps1
    • WMI to check Audio services are running
  • TS_DisabledInCPL.ps1
    • Check if audio device is disabled
  • TS_LowVolume.ps1
    • Check if audio device is low volume
  • TS_Mute.ps1
    • Check if audio device is muted
  • TS_NotDefault.ps1
    • Check default audio device
  • TS_UnpluggedIn.ps1
    • Check if speaker cable is connected to audio device

Device Troubleshooter


  • CL_DetectingDevice.ps1
    • Use WMI to retrieve list of hardware devices
    • Identify Config Manager Error codes on Devices
  • CL_Utility.ps1
    • Using inline C# to interop with setupapi.dll, cfgmgr.dll, user32.dll, newdev.dll, Wer.dll
    • Identify Driver Not Found based on Device ID
    • Wait for Driver Install
    • Rescan all devices
    • Reinstall device by device ID
    • Show Update Driver Wizard
    • Remove a device
    • Enable a device
    • Get Event
    • Query Windows Error Reporting Response for a Deviec ID
  • DB_DeviceErrorLibrary.ps1
    • Creation of hash table
    • Populate hash table with keys and localized strings
  • RS_CheckDevices.ps1
    • Read from hash table
  • RS_DriverNotFound.ps1
    • Use WMI to identify problematic devices
    • Search event log for certain events
  • RS_EnableDevice.ps1
    • Enable all disabled devices
  • RS_RescanAllDevices.ps1
  • RS_UpdateDriver.ps1
  • RS_WindowsUpdate.ps1
  • TS_DeviceDisabled.ps1
    • Use WMI to identify disabled devices
  • TS_DriverNeedUpdated.ps1
    • Use WMI to identify driver needs updating
  • TS_DriverNotFound.ps1
    • Use WMI to identify drivers not found
  • TS_HardwareDeviceMain.ps1
    • Use of hash table
  • TS_NotWorkProperly.ps1
    • Use WMI to identify devices not working properly
  • TS_WindowsUpdate.ps1
    • Use Registry key to check Device Driver Search Settings

Device Centre Troubleshooter


  • CL_Utility.ps1
    • Inline C# to interop ole32.dll &P/Invoke COM Interfaces
    • Using Microsoft.Windows.Diagnosis.DDOManager
  • TS_DeviceCenter.ps1
    • Retrieve information on a problematic device



  • CL_Detection.ps1
    • Retrieve Home Group Name
    • Check IPv6 is enabled
    • Check HomeGroup Registry Keys
    • Check Registry Key Permissions
    • Check if Windows Firewall is Enabled
    • Check Windows Firewall Rules
    • Check Group Membership
  • CL_INetwork.ps1
    • Use of inline C# to interact with Network List Manager using included Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
    • Check if connected to Home Network
    • Check if connect to Domain Network
    • Set current network to Home
  • CL_NativeMethods.ps1
    • Use of inline C# to work with slc.dll and interface with com
    • Check current Windows SKU functionality
    • Check if domain joined
    • Republish offline items from cache
  • CL_Service.ps1
    • Wait for service status
    • Check if service is running
    • Retrieve reference to service
    • Set service start-up type to automatic
  • CL_WscApi.ps1
    • Use of inline C# to  interact with wscapi.dll
    • Check if firewall has configuration issue
  • RS_ApplyFix.ps1
    • Enable firewall rules
    • Change NTFS permissions on files
    • Add users to local group
  • RS_LaunchInteraction.ps1
    • Examples of using interaction in Windows Troubleshooter scripts
  • RS_Service.ps1
    • Set startup of all services related to HomeGroup to Automatic
  • TS_HomeGroup.ps1
    • Enable homegroup logging through registry key
  • VF_HomeGroup.ps1

Networking Troubleshooter


  • HTInteractiveRes.ps1
  • InteractiveRes.ps1
  • NetworkDiagnosticsResolve.ps1
  • NetworkDiagnosticsTroubleshoot.ps1
  • NetworkDiagnosticsVerify.ps1
  • StartDPSService.ps1
  • UtilityFirewall.ps1
    • Use inline C# to interop with Shlwapi.dll and FirewallAPI.dll
  • UtilityFunctions.ps1
  • UtilitySetConstants.ps1
    • Use of Constants

Program Compatibility Wizard


  • RS_ProgramCompatibilityWizard.ps1
    • Use of inline C# to interop with pcwutil.dll, apphelp.dll, kernel32.dll
    • Get temporary file path
    • Get file info
    • Get media type
    • Map file path to ID
    • Get existing compat mode of an .exe path
    • Set/Overwrite existing app compat mode of an .exe
    • Get binary type
    • Write event to event log
  • TS_ProgramCompatibilityWizard.ps1
    • Use of infline C# to interop with sfc.dll, acppage.dll
    • Get Start Menu Path
    • Get All Users Start Menu Path
    • Get Desktop Path
    • Check if file is “Protected”
    • Implementing Sort
    • Retrieve .exe from .lnk file
  • VF_ProgramCompatibilityWizard.ps1

Performance Troubleshooter


  • CL_Utility.ps1
    • Inline C# interop with wtsapi32.dll, user32.dll, powrprof.dll
    • Get system path
    • Get logged on users info – user name, domain name and session ID
    • Get Windows Type
    • Create Registry Key
    • Backup the Startup Registry Key
    • Backup Startup Link Files
    • Remove Startup Programs
    • Retrieve/Set Windows Power Configuration
    • Check hardware is laptop
    • Check screen saver configuration
    • Change screen saver configuration
    • Check if display is dimmed
    • Get Inbox Exe Product Name
  • RS_MultipleUsers.ps1
    • Inline c# interop with wtsapi32.dll
    • Force log off of specified users
    • Use of ArrayList
  • RS_PowerMode.ps1
    • Set Balanced Power Plan
  • RS_RemoveAllUsersStartupPrograms.ps1
    • Remove All Users Start-up Programs in the registry
  • RS_RemoveCurrentUserStartupPrograms.ps1
    • Remove Current User Start-up Programs in the registry
  • RS_StartSysMainService.ps1
    • Find SysMain service using WMI and set to automatic startup
  • RS_SwitchIntoDMA.ps1
    • Switch disk devices into DMA-enabled mode
  • RS_VisualEffects.ps1
    • Launch window of performance options
  • TS_MultipleAntivirusProducts.ps1
    • Check for multiple anti virus products installed
  • TS_MultipleUsers.ps1
  • TS_PIOMode.ps1
    • Check if disk devices are in PIO mode
  • TS_PowerMode.ps1
    • Check if Power Saver mode is enabled
  • TS_SuperFetch.ps1
    • Check if SysMain service is Running
  • TS_TooManyStartupPrograms.ps1
    • Enumerate all programs that run at startup
  • TS_VisualEffects.ps1
    • Check visual effects setting through Registry key

Power Troubleshooter


  • Power_Troubleshooter.ps1
  • Powerconfig.ps1
    • Inline C# to interop with powrprof.dll
    • Get friendly name of active power schema
    • Check if laptop
    • Check if video is dimmed
    • Check for PPM Capability
    • Check if screen saver is active
    • Disable screen saver
    • Get Active Schema GUID
    • Set Active Schema GUID
    • Get Power Settings
    • Get Default Power Setting
    • Get Balancer Power Plan
    • Check Power Setting Access
    • Check Active Scheme Access
  • RS_AdjustDimDisplay.ps1
    • Adjust Dim Display Power Settings
  • RS_AdjustScreenBrightness.ps1
    • Adjust Screen Brightness Power Settings
  • RS_Adjustwirelessadaptersettings.ps1
    • Adjust Wireless Adapter Power Settings
  • RS_Balanced.ps1
    • Retrieved Balanced Power Plan GUID
    • Set current power plan to Balanced
  • RS_ChangeProcessorState.ps1
    • Change Processor Power Settings
  • RS_DisableScreensaver.ps1
    • Disable Screen Saver
  • RS_DisableUSBSelective.ps1
    • Change USB Power Settings
  • RS_ResetDisplayIdleTimeout
    • Reset display idle time out
  • RS_ResetIdleDiskTimeout.ps1
    • Reset idle disk timeout
  • RS_ResetIdleSleepsetting.ps1
    • Reset idle sleep setting
  • TS_Balanced.ps1
    • Check if high performance power plan enable
  • TS_DimDisplay.ps1
    • Check dim display settings
  • TS_DisplayIdleTimeout.ps1
    • Check display idle timeout
  • TS_IdleDiskTimeout.ps1
    • Check idle disk timeout
  • TS_IdleSleepsetting.ps1
    • Check idle sleep setting
  • TS_MinProcessorState.ps1
    • Check processor power state
  • TS_ScreenBrightness.ps1
    • Check screen brightness
  • TS_ScreenSaver.ps1
    • Check if screen saver is enabled
  • TS_USBSelective.ps1
    • Check if USB Selective Suspend is enabled
  • TS_Wirelessadaptersettings.ps1
    • Check Wi-Fi Idle Sleep settings

Printer Troubleshooter


  • CL_Utility.ps1
    • Inline C# to interop with winspool.drv
    • Retrieve absolute path of a filename
    • Get system path of a filename
    • Get printer attributes
    • Get printer type
    • Get printer status
    • Check if printer is shared
    • Set printer attributes
    • Check if printer is virtual by the printer name
  • MF_PrinterDiagnostic.ps1
  • RS_CancelAllJobs.ps1
    • Cancel all printer jobs for specified printer
  • RS_DeletePrintJobs.ps1
    • Delete files stuck in print queue
  • RS_HomeGroup.ps1
    • Share specified printer
  • RS_NoPrinterInstalled.ps1
  • RS_PrinterDriver.ps1
    • Update Printer Driver
  • RS_ProcessPrinterjobs.ps1
    • Cancel print jobs of selected printer
  • RS_RestartSpoolerService.ps1
    • Restart Print Spooler Service
  • RS_SpoolerCrashing.ps1
    • Attempt to fix common issues with print spooler crashing
  • RS_StartSpoolerService.ps1
    • Start Spooler Service
  • RS_WrongDefaultPrinter.ps1
    • Retrieve current default printer
    • Set new default printer
  • TS_CannotConnect.ps1
    • Ping server name
    • Get printer port information
  • TS_DefaultPrinter.ps1
    • Check default printer
  • TS_HomeGroup.ps1
    • Get HomeGroup name
    • Check if printer is shared
  • TS_NoPrinterInstalled.ps1
    • Check printer has no device driver installed
  • TS_OutOfPaper.ps1
    • Check if paper is out of printer
  • TS_OutOfToner.ps1
    • Check if out of toner
  • TS_PaperJam.ps1
    • Check if paper jammed
  • TS_PrinterDriver.ps1
    • Check if any print drivers need updates
  • TS_PrinterDriverError.ps1
    • Check for print driver errors
  • TS_PrinterTurnedOff.ps1
    • Check if printer is off
  • TS_PrintJobsStuck.ps1
    • Check for stuck print jobs
  • TS_SpoolerCrashing.ps1
    • Search event log to check if spooler is crashing

Search Troubleshooter


  • CL_Utility.ps1
    • Use of inline C# to interop with advapi32.dll
    • Grant current process right to assign ownership of security descriptors
  • RS_RestoreDefaults.ps1
    • Restore default registry settings for Windows Search
  • RS_RestorePermissions.ps1
    • Retrieve Windows Search Data Directory
    • Take ownership of a folder
    • Grant NTFS permissions to a folder
  • RS_StartIndexingService.ps1
    • Use WMI to find Indexing Service and set start-up type to automatic
  • TS_CheckPermissions.ps1
    • Check NTFS permissions of a folder
  • TS_FilterHostCrashing.ps1
    • Check event log to see if filter host is crashing
  • TS_ForcedShutdownInRecovery.ps1
    • Check event log for forced shutdowns in recovery mode
  • TS_ForcedShutdownNoCorruption.ps1
    • Check event log for forced shutdowns when no corruption occurred
  • TS_IndexingService.ps1
    • Check if Indexing Service is Running
  • TS_IndexingServiceCrashing.ps1
    • Scan event log to check for indexing service crashes
  • TS_ProtocolHostCrashing.ps1
    • Scan event log for protocol host crashing

Windows Media Player Configuration Troubleshooter


  • RS_ConfigurationErrors.ps1
    • Backup and re-recreate Windows Media Player preferences through Registry
  • RS_NetworkCacheCorrupted.ps1
    • Retrieve file version of an .exe
    • Re-create network cache file
  • TS_IsWMPUnavailable.ps1
    • Check if Windows Media player is installed
  • TS_NetworkCacheCorrupted.ps1
    • Check if Network Cache is corrupt
    • Process XML data
  • TS_WindowsMediaPlayer.ps1
    • Check if process is running

Windows Media Player Library Troubleshooter


  • RS_MediaLibCorrupted.ps1
    • Get appdata path
    • Delete directories
    • Rename directory
  • TS_IsWMPUnavailable.ps1
    • Check if Windows Media player is installed
  • TS_WindowsMediaPlayer.ps1

Windows Media Player DVD Troubleshooter


  • RS_DvdDecoder.ps1
  • TS_DVDAudioDecoder.ps1
    • Use registry to identify preferred decoder for DVD audio
    • Check codec is installed
  • TS_DVDDevice.ps1
    • Check device has valid DVD
  • TS_DVDVideoDecoder.ps1
    • Use registry to identify preferred decoder for DVD video
    • Check codec is installed
  • TS_IsWMPUnavailable.ps1
    • Check if Windows Media player

Windows Update Troubleshooter


  • TS_Connectivity.ps1
    • Check Windows update for available updates
    • If unable to use Windows update collect relevant event logs



Provides examples of set-alias. Maps common bash/cmd syntax to PowerShell commands.

IE Browser Diagnostic


This location will vary based on x86 or x64 version of Windows and what build of the OS is used.

  • CL_Utility.ps1
    • Retrieve IE Add-on Publisher
    • Retrieve Certificate Publisher
    • Get IE Add-on Name from Guid
    • Get IE Add-on Version Information
    • Disable IE Add-On
  • IEBrowseWeb_TroubleShooter.ps1
  • RS_Disableaddon.ps1
    • Disable list of add-ons
  • RS_DisableaddonLoadingTime.ps1
    • Retrieve loading time of add-ons
  • RS_ResetCacheSize.ps1
    • Reset IE Cache Limit
  • RS_Resetpagesyncpolicy.ps1
    • Reset IE Page sync policy
  • RS_RestoreIEconnection.ps1
    • Restore MaxConnectionsPerServer registry keys to default
  • TS_IEAddon.ps1
    • Retrieve info about IE Toolbars, Explorer Bars, Extensions, etc
  • TS_IEAddonLoadingTime.ps1
    • Retrieve IE add-on loading time information, report any add-ons taking more than 1 sec to load
  • TS_pagesyncpolicy.ps1
    • Check IE cache page sync settings
  • TS_tempfilecachesize.ps1
    • Retrieve temp cache file size
  • VF_IEDefectiveAddon.ps1

IE Security Diagnostic Troubleshooter


This location will vary based on x86 or x64 version of Windows and what build of the OS is used.

  • CL_Utility.ps1
    • Use WMI to query Resultant Set Of Policy setting for a specific user
  • IESecurity_TroubleShooter.ps1
  • IEsecuritysettings.ps1
    • Inline C# to interact with COM
    • Perform IE repair to reset any insecure settings
    • Retrieve IE zones
    • Reset IE Protected Mode
    • Check if IE Protected Mode is enabled
  • RS_Blockpopups.ps1
    • Disable Pop-ups through registry
  • RS_IESecuritylevels.ps1
  • RS_PhishingFilter.ps1
    • Check if Phishing filter is enabled
    • Enabled Phishing filter
  • TS_Blockpopups.ps1
    • Retrieve IE Pop-up blocker settings
  • TS_IEsecuritylevels.ps1
    • Check IE security settings
  • TS_PhishingFilter.ps1
    • Check if Phishing filter is enabled

The End.

Epitah: In built .VBS scripts

Most likely if you have become comfortable with PowerShell you will cringe each time you have to open a VBScript. However unfortunately sometimes it still comes back to haunt us. Some of the inbuilt VBScript files in Windows 7 include

In C:\windows\system32

gatherNetworkInfo.vbs – Collect all kinds of details about network configuration and store in bunch of .txt files

slmgr.vbs – for activation / licensing

winrm.vbs – Windows Remote Management

In C:\Windows\System32\Printing_Admin_Scripts\en-US

Scripts for doing all kind of possible things with printer devices.

~ The end. Really.

About chentiangemalc

specializes in end-user computing technologies. disclaimer 1) use at your own risk. test any solution in your environment. if you do not understand the impact/consequences of what you're doing please stop, and ask advice from somebody who does. 2) views are my own at the time of posting and do not necessarily represent my current view or the view of my employer and family members/relatives. 3) over the years Microsoft/Citrix/VMWare have given me a few free shirts, pens, paper notebooks/etc. despite these gifts i will try to remain unbiased.
This entry was posted in PowerShell, Scripting and tagged . Bookmark the permalink.

3 Responses to Windows 7 Can Teach You PowerShell–Inbuilt Wealth of Scripts

  1. Be careful with the troubleshooting scripts. Those are intended to be used with the Troubleshooting module. I would not recommend trying to run them manually.

    I also wouldn’t say that all the scripts are great examples. To me, many of these scripts appear to be written by people with a developer background. Not that there is anything wrong with that. In my experience, these scripts don’t always follow what I consider to be good PowerShell administrative scripting best practices. Still, it is always helpful to have code samples. Thanks for putting this together.

    Jeffery Hicks
    Windows PowerShell MVP
    Follow me on Twitter

    “Those who forget to script are doomed to repeat their work.”

    Now Available: Managing Active Directory with Windows PowerShell: TFM 2nd Ed. (SAPIEN Press 2011)

    • Thanks for the comments. Obviously these are not the only place to learn PowerShell :) But they are helpful if understanding how to build your own Troubleshooting modules, but also there are many small code snippets contained here it is hard to find sample scripts elsewhere to perform same actions.

  2. Hey Malcolm, long time mate, hope things are well. So this page came up when I googled “NETWORKDIAGNOSTICSTROUBLESHOOT.ps1”, because I’m experiencing an issue with AppLocker “Script Rules”, and thought you may be able to help out being such a guru ;-)

    So, we’ve got AppLocker “Script Rules” set up, currently in “Audit only” mode (will be hopefully going to “Enforce rules” to get PowerShell Constrained Language Mode), but when Users go to run the “Network Troubleshooter Wizard”, it logs an entry like mentioned in .
    e.g. “%OSDRIVE%\USERS\%USER%\APPDATA\LOCAL\TEMP\SDIAG_0B3FBDE3-B857-4F36-937E-212DE1CDA324\NETWORKDIAGNOSTICSTROUBLESHOOT.PS1 was allowed to run but would have been prevented from running if the AppLocker policy were enforced.”

    I’ve got “Enforce rules” set up on some test machines, and yes it is blocked.
    Windows copies the files (e.g. NETWORKDIAGNOSTICSTROUBLESHOOT.PS1, UTILITYFUNCTIONS.PS1, UTILITYSETCONSTANTS.PS1) from C:\Windows\diagnostics\system\Networking to the Users %temp%, runs them, then deletes them.
    The files have no signature for using in AppLocker rules, the files seem to update with every major update to Windows 10, can’t put a path to the file as it changes, so no idea how to put them into “Exclusions”.

    Any thoughts ?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s