mnerv/artif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add clear options to Get-HotspotConnections.ps1

Browse Source 
- Add -Clear flag to clear all hotspot artifacts (event logs + ARP cache)
- Add -ClearHotspot flag to clear WLAN-AutoConfig event logs only
- Add -ClearArp flag to clear ARP cache only
- Display additional manual clear commands with warnings for broader-impact logs
This commit is contained in:
mnerv
2026-02-03 23:38:28 +01:00
parent ed0c1983b3
commit a788ee5151
1 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
windows/Get-HotspotConnections.ps1
View File

@@ -1,6 +1,12 @@
# Get-HotspotConnections.ps1 # Get-HotspotConnections.ps1
# Collects Windows Mobile Hotspot connection artifacts # Collects Windows Mobile Hotspot connection artifacts
param(
[switch]$Clear, # Clear all (event logs + ARP cache)
[switch]$ClearHotspot, # Clear hotspot connection event logs only
[switch]$ClearArp # Clear ARP cache only
)
# Check for admin privileges # Check for admin privileges
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) $isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
@@ -10,6 +16,49 @@ if (-not $isAdmin) {
exit 1 exit 1
} }
# Handle clear parameters
if ($Clear -or $ClearHotspot -or $ClearArp) {
if ($Clear -or $ClearHotspot) {
Write-Host "Clearing hotspot connection logs..." -ForegroundColor Yellow
try {
wevtutil cl "Microsoft-Windows-WLAN-AutoConfig/Operational"
Write-Host "WLAN-AutoConfig event log cleared successfully" -ForegroundColor Green
} catch {
Write-Host "Error clearing WLAN-AutoConfig log: $_" -ForegroundColor Red
}
}
if ($Clear -or $ClearArp) {
Write-Host "Clearing ARP cache..." -ForegroundColor Yellow
try {
arp -d * 2>$null
Write-Host "ARP cache cleared successfully" -ForegroundColor Green
} catch {
Write-Host "Error clearing ARP cache: $_" -ForegroundColor Red
}
}
Write-Host "`n--- Other logs you may want to clear manually ---" -ForegroundColor Magenta
Write-Host "WARNING: These commands have broader impact" -ForegroundColor Red
Write-Host ""
Write-Host "Clear Security log (clears ALL security events):" -ForegroundColor Yellow
Write-Host " wevtutil cl Security" -ForegroundColor Gray
Write-Host ""
Write-Host "Clear hosted network registry settings:" -ForegroundColor Yellow
Write-Host " Remove-Item 'HKLM:\SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters\HostedNetworkSettings' -Force" -ForegroundColor Gray
Write-Host ""
Write-Host "Clear WLAN diagnostic log:" -ForegroundColor Yellow
Write-Host " wevtutil cl `"Microsoft-Windows-WLAN-AutoConfig/Diagnostic`"" -ForegroundColor Gray
Write-Host ""
Write-Host "Clear Network Profile log:" -ForegroundColor Yellow
Write-Host " wevtutil cl `"Microsoft-Windows-NetworkProfile/Operational`"" -ForegroundColor Gray
Write-Host ""
Write-Host "Clear Wi-Fi Direct log (used by mobile hotspot):" -ForegroundColor Yellow
Write-Host " wevtutil cl `"Microsoft-Windows-WiFiDirect-Services-API/Operational`"" -ForegroundColor Gray
exit 0
}
Write-Host "=== Windows Mobile Hotspot Connection History ===" -ForegroundColor Cyan Write-Host "=== Windows Mobile Hotspot Connection History ===" -ForegroundColor Cyan
Write-Host "Note: Windows does not maintain persistent logs of past hotspot clients" Write-Host "Note: Windows does not maintain persistent logs of past hotspot clients"
Write-Host "Only event logs and currently connected devices can be retrieved`n" Write-Host "Only event logs and currently connected devices can be retrieved`n"