Little PowerShell module to extract PowerShell scripts that no longer exists on disk but were run and are still in Event Logs. More information available on blog post.

Extracing PowerShell scripts from Windows PowerShell Event Log and saving it to ScriptsLocal directory in same folder. Format makes sure the script is formatted and, and AddMarkdown adds additional information to asses where the script is coming from.

Restore-PowerShellScript -Type WindowsPowerShell -Path $PSScriptRoot\ScriptsLocal -Verbose -Format -AddMarkdown

Same as above but with a difference that it scans remote servers (two of them). It does it in parallel.

# Keep in mind AD1/AD2 will do it in parallel
Restore-PowerShellScript -Type WindowsPowerShell -Path $PSScriptRoot\ScriptsRemote -ComputerName AD1, AD2 -Verbose -Format -AddMarkdown

Just install module from PowerShellGallery.

Install-Module -Name PowerShellManager -AllowClobber -Force

Force and AllowClobber aren't necessary, but they do skip errors in case some appear.

Update-Module -Name PowerShellManager

That's it. Whenever there's a new version, you run the command, and you can enjoy it. Remember that you may need to close, reopen PowerShell session if you have already used module before updating it.

The essential thing is if something works for you on production, keep using it till you test the new version on a test computer. I do changes that may not be big, but big enough that auto-update may break your code. For example, small rename to a parameter and your code stops working! Be responsible!

• 0.1.2 - 2021.01.19
  • Fix for reading from file system
• 0.1.1 - 2020.08.28
  • Additional security (prevents from accidental execution)
  • First release