It’s all about the “Right Tool for the Job” – #PowerShell FTW

I say these (somewhat-cheesy) phrases frequently:

  • “Right tool, right job”
  • “Right tool for the job”
  • “Golf club mentality”
  • “Sometimes you have to choose between a 3-iron and a 9-iron..”

Here’s an example I encountered this week. . .

Our Remote Application Delivery team wanted to capture users who were launching applications from a specific farm. They knew the information was logged in the event log under a specific application log and instance ID, so submitted a request to our SCOM team to enable a custom rule to capture the data so that they could generate reports. In testing the monitor, they found there were 90K instances captured for this event in less than a week!  This is a significant amount of data to capture in SCOM, especially since the data only needed to be captured for the next 1-2 months.

Enter PowerShell.

This simple code queries each server in the array for Event ID 184 in the “MyApp Secure Gateway” log, and exports the data to a .csv.

$computers = @('Server1005','Server1007',
$a = Get-EventLog -LogName "MyApp Secure Gateway" `
    -ComputerName $computers -InstanceId 184
$a | export-csv c:\logs\myApp.csv -NoTypeInformation

As you can see from my example, if the admin had been aware of the power of PowerShell (as well as proper rights to the servers in question), he could quickly pull the data by himself, and even used PowerShell to further manipulate the data to make the information more useful to him, faster. Don’t get me wrong here – SCOM is a great tool, and I’m using it more and more everyday. Just be sure to evaluate your end-state goal, and spend some time to determine the right tool for the job.

I have a new saying. PowerShell will put your kids through college. If you haven’t quite started learning PowerShell, it’s time to invest in yourself. You will be amazed at the amount of things you can do with a few lines of code. And even if you’re not an expert, you will know enough to know the potential.

Another thing I’m saying frequently is “Think, Type, Do.” Here’s why :

Snover: PowerShell is the glue coat. We’ve glued things together. So we deal with the world as it is. It’s a messy world. Ultimately, we’re trying to drive to these cmdlets — these high-level task-oriented abstractions that allow people to think about what they want, type it, and get it. Ultimately, perfection would be do/myjob/ordermeapizza. Obviously we’re not going to get there. But if you think about what you want, and you can type it and get it, PowerShell is very easy. The fact that you have to type it isn’t a big issue. It’s a different input device, but that’s not the issue. You think about something; you type it and get it. In the past, you had to do some COM programming or find some WMI classes, or invoke some command-line shell and parse the output — which can get pretty rough. Some people just love that stuff and are very successful at it. But ultimately a lot of people just want to type it and get it. So this is where the 130, 230, 2,300 cmdlets come in. (emphasis added – full article at Windows IT Pro)

And that’s just it-the more time  you spend with PowerShell, the more you will realize how many things you can accomplish with Think Type, Do.

Happy Scripting,




This post first appeared on

About Greg Ramsey
Greg Ramsey is a Distinguished Engineer for Dell Digital - Services. He has a B.S. in Computer Sciences and Engineering from The Ohio State University and has co-authored many books over the years. Greg is also a board member of the Northwest System Center User Group and the Midwest Management Summit. ​Greg has been a Microsoft Endpoint Manager (ConfigMgr, Intune) MVP for over 14 years.

6 Responses to It’s all about the “Right Tool for the Job” – #PowerShell FTW

  1. Jeffrey Snover says:

    BTW – they got the transcription wrong. I said “glue CODE” not “glue coat”.
    Imagine putting on a “glue coat” – there’s an image!

    Jeffrey Snover [MSFT]
    Distinguished Engineer and Lead Architect for Windows Server and System Center

  2. Love your posts and Completely agree with you on this.

    P.S.: one can also use the Get-WinEvent cmdlet (post Windows vista OS) for huge performance while collecting eventlogs..


  3. And your code would be even more powerfull using remoting. That takes “do” to a whole new level.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: