PowerShell 2.0 is finally history: The version of the shell program introduced with Windows 7 will be removed from Windows 11 version 24H2 from August 2025 and from Windows Server 2025 from September 2025.
Windows PowerShell is a command-line shell and scripting environment developed by Microsoft, designed for system administration and automation tasks designed by Jeffrey Snover, Bruce Payette, James Truher (et al.) by DeveloperMicrosoft team, and first appearedNovember 14, 2006 .
The default blue now designe is known by any windows user.
PowerShell 7 is the latest major update to PowerShell, a cross-platform automation tool and configuration framework optimized for dealing with structured data (e.g., JSON, CSV, XML), REST APIs, and object models. PowerShell 7 runs on Windows, Linux, and macOS, making it a versatile tool for various environments. This comes with a black color.
Let's see, this script performs a system integrity check, including checks for Python installation, recent file modifications, and potential unauthorized changes.
# === SYSTEM INTEGRITY AUDIT ===
# Installed applications
Write-Host "Installed applications:"
$apps = Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |
Where-Object { $_.DisplayName } |
Select-Object DisplayName, DisplayVersion, InstallDate |
Sort-Object DisplayName
foreach ($a in $apps) {
$name = $a.DisplayName
$ver = if ($a.DisplayVersion) { $a.DisplayVersion } else { "-" }
$date = if ($a.InstallDate) { $a.InstallDate } else { "-" }
Write-Host "$name | $ver | $date"
}
# DLLs modified recently
Write-Host "DLLs modified in the last 7 days:"
$dlls = Get-ChildItem -Path "C:\Windows","C:\Program Files","C:\Program Files (x86)" -Recurse -Filter *.dll -File -ErrorAction SilentlyContinue |
Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-7) }
foreach ($d in $dlls) {
Write-Host "$($d.FullName) | $($d.LastWriteTime.ToString('yyyy-MM-dd HH:mm:ss'))"
}
# SSH logs
Write-Host "SSH logs:"
if (Get-Service -Name sshd -ErrorAction SilentlyContinue) {
$events = Get-WinEvent -LogName "Microsoft-Windows-OpenSSH/Operational" -MaxEvents 20 -ErrorAction SilentlyContinue
foreach ($e in $events) {
$t = $e.TimeCreated.ToString("yyyy-MM-dd HH:mm:ss")
$m = ($e.Message -replace "\r?\n",' ')
Write-Host "$t | $m"
}
} else {
Write-Host "OpenSSH service is not active."
}
# System files modified recently
Write-Host "System files modified in the last 3 days:"
$sys = Get-ChildItem -Path "C:\Windows" -Recurse -File -ErrorAction SilentlyContinue |
Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-3) }
foreach ($f in $sys) {
Write-Host "$($f.FullName) | $($f.LastWriteTime.ToString('yyyy-MM-dd HH:mm:ss'))"
}
# Python check
Write-Host "Python check:"
$pythonPaths = @(Get-Command python -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Source)
if ($pythonPaths.Count -gt 0) {
foreach ($p in $pythonPaths) { Write-Host "Path: $p" }
try {
$v = & $pythonPaths[0] --version 2>$null
Write-Host "Version: $v"
} catch { Write-Host "Error retrieving Python version." }
} else {
Write-Host "Python not found."
}
# pip check
Write-Host "pip check:"
$pipPath = Get-Command pip -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Source
if ($pipPath) {
Write-Host "Path: $pipPath"
try {
$pv = & $pipPath --version 2>$null
Write-Host "Version: $pv"
} catch { Write-Host "Error retrieving pip version." }
} else {
Write-Host "pip not found."
}
# Alias check
Write-Host "Checking python.exe alias:"
$aliasPath = "$env:LOCALAPPDATA\Microsoft\WindowsApps\python.exe"
if (Test-Path $aliasPath) {
Write-Host "Alias exists: $aliasPath"
} else {
Write-Host "Alias not found."
}
Write-Host "Audit completed."