当我运行以下查询时...
C:\>powershell "Get-WinEvent -FilterXML ""<QueryList><Query><Select Path='System'>*[System[(EventID=1074 or EventID=6013) and TimeCreated[@SystemTime>='2015-01-23T05:00:00.000Z' and @SystemTime<='2015-01-27T17:59:59.999Z']]]</Select></Query></QueryList>" ""
...我以表格格式获取输出:
ProviderName: EventLog
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
1/27/2015 12:00:00 PM 6013 Information The system uptime is 349...
.....
但是当我尝试使用Select-Object ...
时C:\>powershell "Get-WinEvent -FilterXML ""<QueryList><Query><Select Path='System'>*[System[(EventID=1074 or EventID=6013) and TimeCreated[@SystemTime>='2015-01-23T05:00:00.000Z' and @SystemTime<='2015-01-27T17:59:59.999Z']]]</Select></Query></QueryList>" | Select-Object TimeCreated""
...我收到以下错误:
'Select-Object' is not recognized as an internal or external command, operable program or batch file.
为什么我收到此错误?我在Server 2008 Standard Edition上运行32位,我必须通过正常的命令提示符运行它。
答案 0 :(得分:1)
问题是特殊字符的问题,并将它们从CMD中转出。
这个最简单的解决方案是将您的命令转换为Base64字符串并使用-EncodedCommand参数运行Powershell。这消除了需要在提示符中需要特殊字符的需要。
来自Powershell帮助:
#To use the -EncodedCommand parameter:
$command = 'dir "c:\program files" '
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
powershell.exe -encodedCommand $encodedCommand
完成上述操作后,它通过CMD无错误地运行。为方便起见,这是要使用的以下Base64字符串:
RwBlAHQALQBXAGkAbgBFAHYAZQBuAHQAIAAtAEYAaQBsAHQAZQByAFgATQBMACAAIgA8AFEAdQBlAHIAeQBMAGkAcwB0AD4APABRAHUAZQByAHkAPgA8AFMAZQBsAGUAYwB0ACAAUABhAHQAaAA9ACcAUwB5AHMAdABlAG0AJwA+ACoAWwBTAHkAcwB0AGUAbQBbACgARQB2AGUAbgB0AEkARAA9ADEAMAA3ADQAIABvAHIAIABFAHYAZQBuAHQASQBEAD0ANgAwADEAMwApACAAYQBuAGQAIABUAGkAbQBlAEMAcgBlAGEAdABlAGQAWwBAAFMAeQBzAHQAZQBtAFQAaQBtAGUAJgBnAHQAOwA9ACcAMgAwADEANQAtADAAMQAtADIAMwBUADAANQA6ADAAMAA6ADAAMAAuADAAMAAwAFoAJwAgAGEAbgBkACAAQABTAHkAcwB0AGUAbQBUAGkAbQBlACYAbAB0ADsAPQAnADIAMAAxADUALQAwADEALQAyADcAVAAxADcAOgA1ADkAOgA1ADkALgA5ADkAOQBaACcAXQBdAF0APAAvAFMAZQBsAGUAYwB0AD4APAAvAFEAdQBlAHIAeQA+ADwALwBRAHUAZQByAHkATABpAHMAdAA+ACIAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAFQAaQBtAGUAQwByAGUAYQB0AGUAZAA=