- 综合排序
- 最热优先
- 最新优先
- 来自专栏Windows技术交流
如何禁用CDPUserSvc、WpnUserService、ConsentUxUserSvc等带马甲的服务
autoGet-Service WpnUserService | ft -autoGet-Service | Where-Object { $_.Name -like "WpnUserService*" } | ForEach-Object Name WpnUserService -StartupType autoGet-Service | Where-Object { $_.Name -like "WpnUserService*" } | ForEach-Object ConsentUxUserSvc -StartupType autoGet-Service | Where-Object { $_.Name -like "ConsentUxUserSvc*" } | ForEach-Object Stop-Service $serviceName -EA 0 Get-Service | Where-Object { $_.Name -like "$serviceName*" } | ForEach-Object serviceName -StartupType Disabled Get-Service | Where-Object { $_.Name -like "$serviceName*" } | ForEach-Object
1.8K10编辑于 2024-08-19 - 来自专栏Windows技术交流
卸载virtio驱动
Pattern "oem\d+\.inf" -AllMatches | % { $_.Matches } | % { $_.Value }$OEMNumbers = $RedHatDrivers1 | ForEach-Object { $_.Context.PreContext } | Select-String -Pattern "oem\d+\.inf" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value }#$OEMNumbersif($OEMNumbers -eq $null){#Write-Host "get null"}else{foreach { $_.Context.PreContext } | Select-String -Pattern "oem\d+\.inf" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value }#$OEMNumbersif($OEMNumbers -eq $null){#Write-Host "get null"}else{foreach
45600编辑于 2025-01-16 - 来自专栏运维
PowerShell系列(十二):PowerShell Cmdlet高级参数介绍(二)
参数类型为Int32官方示例以 ForEach-Object 处理使用 Write-Host cmdlet 的块。 显示以 2 或 OutBuffer + 1的批次交替显示。 1..4 | ForEach-Object { Write-Host "$($_): First"; $_ } -OutBuffer 1 | ForEach-Object { 示例第一个Foreach-Object命令的结果通过管道传递到第二Foreach-Object个命令中,该命令显示 和 $_的$temp当前值。 created isn't available on the# pipeline when -PipelineVariable creates the same variable name1..5 | ForEach-Object BEGIN]:`$temp=$temp"} -Process { Write-Host "Step1[PROCESS]:`$temp=$temp - `$_=$_" Write-Output $_} | ForEach-Object
1.2K20编辑于 2024-02-05 - 来自专栏Ms08067安全实验室
如何查看域用户登录的计算机
## class $searchtext = "*Domain*" [AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object { $_.GetExportedTypes () } | Where-Object { $_ -like $searchtext } | ForEach-Object { $_.FullName } ? ## method $searchtext = "*connect*" [AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object { $_ .GetExportedTypes() } | ForEach-Object { $_.getmembers() } | Where-Object { $_.isStatic} | Where-Object { $_ -like $searchtext } | ForEach-Object { "[{0}]::{1} --> {2}" -f ` $_.declaringtype, $_.toString(
5.3K10发布于 2020-02-24 - 来自专栏Windows技术交流
第三方工具命令行过滤计划任务,比系统自带的命令要精细
,Description,Source" start-sleep 15 #Get-Content tasks.txt | Where-Object { $_ -match "Diagnos" } | ForEach-Object { ($_ -split ",", 3)[0,1] -join "," } Get-Content tasks.txt| where-object {$_ -match "Diagnos"}| ForEach-Object ($_ -split ",", 3)[0,1] -join "," } Get-Content tasks.txt| where-object {$_ -match "Application"}| ForEach-Object { ($_ -split ",", 3)[0,1] -join "," } Get-Content tasks.txt| where-object {$_ -match "Disk"}| ForEach-Object { ($_ -split ",", 3)[0,1] -join "," } Get-Content tasks.txt| where-object {$_ -match "Defender"}| ForEach-Object
1.1K21编辑于 2023-12-07 - 来自专栏linux运维
脚本性能问题:脚本执行效率低,影响系统性能
PowerShell 脚本常见优化方法使用 ForEach-Object 替代 foreach 循环 ForEach-Object 比 foreach 循环更高效。 Get-ChildItem C:\path\to\directory)) { Write-Host $item.Name }# 推荐 Get-ChildItem C:\path\to\directory | ForEach-Object # 推荐 Get-ChildItem C:\path\to\directory | Where-Object { $_.Length -gt 1MB } | Select-Object Name | ForEach-Object # 测量脚本执行时间 $time = Measure-Command { # 脚本代码 Get-ChildItem C:\path\to\directory | ForEach-Object
64010编辑于 2025-02-07 - 来自专栏Windows技术交流
powershell2.0的弊端
Pattern "oem\d+\.inf" -AllMatches | % { $_.Matches } | % { $_.Value } $OEMNumbers = $RedHatDrivers1 | ForEach-Object { $_.Context.PreContext } | Select-String -Pattern "oem\d+\.inf" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value } $OEMNumbers if($OEMNumbers -eq $null) {Write-Host "get null"}else{ { $_.Context.PreContext } | Select-String -Pattern "oem\d+\.inf" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value } $OEMNumbers if($OEMNumbers -eq $null) {Write-Host "get null"}else{
1.1K00编辑于 2024-06-06 - 来自专栏Windows技术交流
Windows如何过滤出某后缀的文件路径
比较牛逼的代码Get-ChildItem -Path C:\Windows\System32 -Filter ***.dll** -File | Sort-Object Length -Descending | ForEach-Object }Get-ChildItem -Path C:\Windows\System32 -Filter ***.dll** -File | Sort-Object Length -Descending | ForEach-Object (Get-ChildItem -Path C:\Windows\System32 -Filter ***.dll** -File | Sort-Object Length -Descending | ForEach-Object countGet-ChildItem -Path C:\Windows\System32 -Filter ***.dll** -File | Sort-Object Length -Descending | ForEach-Object
2.1K30编辑于 2022-06-25 - 来自专栏Windows技术交流
从阿里云迁移到腾讯云的Windows机器如何删除阿里云组件
aliyun*","vminit*" get-wmiobject -class win32_service | where{$_.PathName -match "Aliyun|Alibaba"} | ForEach-Object EA 0 2>&1 >$null get-wmiobject -class win32_service | where{$_.PathName -match "Aliyun|Alibaba"} | ForEach-Object Set-Service $_.Name -StartupType Disabled} -EA 0 2>&1 >$null Get-Process -Name "aliyun*","vminit*" | ForEach-Object aliyun*","vminit*" get-wmiobject -class win32_service | where{$_.PathName -match "Aliyun|Alibaba"} | ForEach-Object
88710编辑于 2024-12-12 - 来自专栏Windows技术交流
Windows如何去掉"系统、隐藏、只读"属性
.* 上面几句cmd命令对应的powershell命令如下 Get-Item -Path "D:\Ghost" -Force | ForEach-Object { attrib +H +S +R $ _.FullName } Get-Item -Path "D:\Ghost" -Force | ForEach-Object { attrib -H -S -R $_.FullName } Set-Location -Path "D:\Ghost" Get-ChildItem -Path "D:\Ghost" -Recurse -Force | ForEach-Object { attrib +H +S +R $ _.FullName } Get-ChildItem -Path "D:\Ghost" -Recurse -Force | ForEach-Object { attrib -H -S -R $_.FullName
1.8K10编辑于 2024-03-08 - 来自专栏nginx
PowerShell 脚本进阶:如何统计目录大小并包含隐藏文件
优化脚本:递归计算并包含隐藏文件 4.1 原始脚本分析 最初的脚本仅计算非隐藏目录和文件: Get-ChildItem -Directory | ForEach-Object { $size = 不会统计隐藏文件(如 .gitignore) 4.2 改进后的脚本(支持隐藏文件) 添加 -Force 参数,确保包含隐藏文件: Get-ChildItem -Directory -Force | ForEach-Object 脚本执行优化与注意事项 5.1 提高执行效率 避免重复计算:如果目录层级很深,递归遍历可能较慢,可考虑并行计算(ForEach-Object -Parallel,需 PowerShell 7+)。 优化后的脚本(带错误处理) Get-ChildItem -Directory -Force -ErrorAction SilentlyContinue | ForEach-Object { $size # 计算当前目录下所有文件夹大小(含隐藏文件) $results = Get-ChildItem -Directory -Force -ErrorAction SilentlyContinue | ForEach-Object
46510编辑于 2025-11-16 - 来自专栏Windows技术交流
windows通过命令行设置进程优先级
CALL setpriority "idle" powershell命令行示例: Get-WmiObject Win32_process -filter 'name = "ProcessName"' | foreach-object { $_.SetPriority(PriorityLevelID) } 例如:Get-WmiObject Win32_process -filter 'name = "firefox.exe"' | foreach-object
3.6K30编辑于 2022-04-28 - 来自专栏E条咸鱼
Follina .html文件"免杀"
powershell,所以用Invoke-Obfuscation对calc命令进行混淆了一下,生成出来的命令如下: -jOin( '63-61{6c-63'.sPliT('TSNL{-gw') | foREach-oBjeCT ($_.ToSTrIng()),16) ))})|InvOkE-eXprESsIoN 这一段的结果就是calc了 -jOin( '63-61{6c-63'.sPliT('TSNL{-gw') | foREach-oBjeCT 通过|传到Invoke-Expression中执行 我们已经有执行的内容了,所以可以不需要管道符后面的内容,删除空格后,得到 -jOin('63-61{6c-63'.sPliT('TSNL{-gw')|foREach-oBjeCT
1K10编辑于 2022-09-01 - 来自专栏Windows技术交流
获取Windows Ntp Server列表
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters").NtpServer -split " " | ForEach-Object Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters").NtpServer -split " ") | ForEach-Object Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters").NtpServer -split " ") | ForEach-Object
97010编辑于 2025-09-05 - 来自专栏Khan安全团队
通过解析 win-event 日志来获取 Applocker 事件日志
All { $output = Get-WinEvent -FilterHashtable @{LogName="microsoft-windows-applocker/*"} | ForEach-Object Get-WinEvent -FilterHashtable @{LogName="microsoft-windows-applocker/*";id=8004,8007,8022,8024} | ForEach-Object Get-WinEvent -FilterHashtable @{LogName="microsoft-windows-applocker/*"; Id=8002,8005,8020,8023} | ForEach-Object Get-WinEvent -FilterHashtable @{LogName="microsoft-windows-applocker/*"; Id= 8003,8006,,8021,8024} | ForEach-Object
81150编辑于 2023-02-23 - 来自专栏Windows技术交流
阿里云Windows迁移腾讯云方案
aliyun*","vminit*" get-wmiobject -class win32_service | where{$_.PathName -match "Aliyun|Alibaba"} | ForEach-Object EA 0 2>&1 >$null get-wmiobject -class win32_service | where{$_.PathName -match "Aliyun|Alibaba"} | ForEach-Object Set-Service $_.Name -StartupType Disabled} -EA 0 2>&1 >$null Get-Process -Name "aliyun*","vminit*" | ForEach-Object aliyun*","vminit*" get-wmiobject -class win32_service | where{$_.PathName -match "Aliyun|Alibaba"} | ForEach-Object
2.2K11编辑于 2025-08-06 - 来自专栏全栈工程师修炼之路
PS常用.NET类型记录和使用命令
PS > [AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object { $_.GetExportedTypes() } | Where-Object { $_ -like $searchtext } | ForEach-Object { $_.FullName } 搜索方法 下面的例子演示如何根据指定关键字”Address”,搜索方法。 [AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object { $_.GetExportedTypes() } | ForEach-Object { $_.getmembers() } | Where-Object { $_.isStatic} | Where-Object { $_ -like $searchtext } | ForEach-Object {$_.GetExportedTypes() } | Where-Object { $_ -like '*environment*' } | ForEach-Object { $_.FullName
1.4K20编辑于 2022-09-29 - 来自专栏Windows技术交流
从外平台迁移Windows到腾讯云的校时问题如何解决
-Pattern "oem\d+\.inf" -AllMatches | % { $_.Matches } | % { $_.Value } $OEMNumbers = $PVDrivers1 | ForEach-Object { $_.Context.PreContext } | Select-String -Pattern "oem\d+\.inf" -AllMatches | ForEach-Object { $_.Matches } | ForEach-Object { $_.Value } $OEMNumbers if($OEMNumbers -eq $null) {Write-Host "get null"}else{
31110编辑于 2025-12-03 - 来自专栏中二病也要当白帽子
如何使用Powershell批量更改含有方括号文件的文件名
Zoku ['} Get-ChildItem *.mkv | ForEach-Object {Rename-Item -LiteralPath $_.fullname -NewName $_.Name.Replace Get-ChildItem *.后缀名 | ForEach-Object {Rename-Item -LiteralPath $_.fullname -NewName $_.Name.Replace(
4.6K20发布于 2020-06-28 - 来自专栏Dance with GenAI
AI写PowerShell 脚本批量重命名文件
英文版】” Deepseek的回复: 适用于 PowerShell 的脚本: PowerShell 脚本 powershell 复制 Get-ChildItem "F:\佩格和小猫\*.mp3" | ForEach-Object ForEach-Object:遍历每个文件。
91900编辑于 2025-01-07
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号