{"id":73101,"date":"2015-09-27T00:01:00","date_gmt":"2015-09-27T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2015\/09\/27\/weekend-scripter-parsing-the-dism-log-with-powershell\/"},"modified":"2019-02-18T09:35:06","modified_gmt":"2019-02-18T16:35:06","slug":"weekend-scripter-parsing-the-dism-log-with-powershell","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/weekend-scripter-parsing-the-dism-log-with-powershell\/","title":{"rendered":"Weekend Scripter: Parsing the DISM Log with PowerShell"},"content":{"rendered":"

Summary<\/b>: Ed Wilson, Microsoft Scripting Guy, talks about parsing the DISM log with Windows PowerShell.<\/span><\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. One of the things I like to do on weekends is mess around. So I was intrigued when I found a DISM command that would supposedly export file associations (see DISM Default Application Association Servicing Command-Line Options<\/a>). I thought, "Cool."<\/p>\n

Unfortunately, I was not able to find a “PowerShell way" of doing it, but then, hey, the cool thing about a command-line environment is that it makes command-line tools really easy-to-use. So I gave it a shot…<\/p>\n

Again, and again, and again.<\/p>\n

But dudes and dudettes, it didn’t work.<\/p>\n

Note<\/b>: It might be that command simply doesn't work right in Windows 10, or may be there is an issue running it in Windows PowerShell, or maybe I just didn’t get the syntax right. That is one of the things I love about Windows PowerShell—it is really easy to get the syntax correct. And one of the things I hate about old-fashioned command utilities is that it is really hard to get the syntax correct.<\/p>\n

Anyway, the error message told me that it had logged results to a DISM.Log in my Windows folder. I thought, "Cool. I will take a look at it."<\/p>\n

Twenty seconds later, the 11,000 lines finished filling my Windows PowerShell console. Wrong move!<\/p>\n

Get the end of the file<\/h2>\n

One thing I did notice is that the DISM.log is written in chronological order. This means that the end of the file will have the most important information. Luckily, Get-Content<\/b> has a –Tail<\/b> switch that I can use. The following command gets the last 15 lines from the file:<\/p>\n

Get-Content C:\\windows\\Logs\\DISM\\dism.log -tail 15<\/p>\n

Now that I know where the data resides, I need to do two things: expand my search and store the results in a variable. I type the following two commands:<\/p>\n

$a = get-content C:\\windows\\Logs\\DISM\\dism.log -tail 200<\/p>\n

$a[0]<\/p>\n

The first command gets the last 200 lines from the DISM.Log file and stores the results into a variable. The second command retrieves the first line in my variable. This is shown here:<\/p>\n

PS C:\\> $a[0]<\/p>\n

2015-09-24 13:29:52, Info                  DISM   DISM Provider Store: PID=6328 TID=<\/p>\n

4040 Found the OSServices.  Waiting to finalize it until all other providers are unloaded. – CDISMProviderStore::Final_OnDisconnect<\/p>\n

I can now change the amount of information I want, and easily look to see how far back I went. In fact, as you can see here, it takes less than a second to look back 500 lines:<\/p>\n

PS C:\\> $a = get-content C:\\windows\\Logs\\DISM\\dism.log -tail 500<\/p>\n

PS C:\\> $a[0]<\/p>\n

2015-09-24 13:29:11, Info                  DISM   DISM Provider Store: PID=5272 TID=<\/p>\n

9552 Connecting to the provider located at C:\\Users\\mredw\\AppData\\Local\\Temp\\EE97F26<\/p>\n

7-BE60-4FB7-958B-D7D073FA94D0\\SmiProvider.dll. – CDISMProviderStore::Internal_LoadPrOvider<\/p>\n

I need to pay attention to the time stamps. Here, I see that I am 41 seconds earlier, and that it might possibly be from a different DISM session. When I have the chunk of data I want to analyze, I can easily pipe the variable to Select-String<\/b> and try to see what failed:<\/p>\n

$a | Select-String "fail"<\/p>\n

The output is shown in the following image:<\/p>\n

\"Image<\/a><\/p>\n

I look through the errors and see Export User Associations from the Registry fails with hr:0x80070003<\/b>, and before that, Loading a provider fails with hr:0x8007007e<\/b>.<\/p>\n

I know the hr:0x8007007e error usually means Cannot connect to provider<\/b>, Provider not found<\/b>, or even Path not found<\/b>. Also the error hr:0x80004002 is usually something like No such interface<\/b>.<\/p>\n

Not finding the provider and no interface lead me to believe that the way cool DISM command I found may simply not work in Windows 10. Of course, I could be wrong. I do know that the old-fashioned ASSOC command that I used to use also appears to be gone. All that would make sense, I guess.<\/p>\n

Anyway, the point is that using Windows PowerShell to parse through text files can be really easy by using Select-String<\/b> and Get-Content<\/b>.<\/p>\n

Hope you have an awesome day.<\/p>\n

I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n

Ed Wilson, Microsoft Scripting Guy<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Ed Wilson, Microsoft Scripting Guy, talks about parsing the DISM log with Windows PowerShell. Microsoft Scripting Guy, Ed Wilson, is here. One of the things I like to do on weekends is mess around. So I was intrigued when I found a DISM command that would supposedly export file associations (see DISM Default Application […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[611,3,4,617,61,45],"class_list":["post-73101","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-logs","tag-scripting-guy","tag-scripting-techniques","tag-text","tag-weekend-scripter","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Ed Wilson, Microsoft Scripting Guy, talks about parsing the DISM log with Windows PowerShell. Microsoft Scripting Guy, Ed Wilson, is here. One of the things I like to do on weekends is mess around. So I was intrigued when I found a DISM command that would supposedly export file associations (see DISM Default Application […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/73101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=73101"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/73101\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=73101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=73101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=73101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}