You must provide a value expression on the right-hand side of the '-' operator

Question

Morning.

I have a script that blocks IP's at a specific time if over a threshold of 10 failed logins per day.

It works on every server, but one. (there's always one!) This server in particular is Server 2008 (Works fine on other 08's)

it throws the following error:

You must provide a value expression on the right-hand side of the '-' operator. At C:\Users\admin\Desktop\Block.ps1:11 char:34 + $arRemote = $ar.RemoteAddresses -s <<<< plit(',')

This is the original code.

$DT = [DateTime]::Now.AddHours(-24)

$l = Get-EventLog -LogName 'Security' -InstanceId 4625 -After $DT | Select-Object @{n='IpAddress';e={$_.ReplacementStrings[-2]} }

$g = $l | group-object -property IpAddress  | where {$_.Count -gt 10} | Select -property Name 

$fw = New-Object -ComObject hnetcfg.fwpolicy2 

$ar = $fw.rules | where {$_.name -eq 'Blacklist'} 

$arRemote = $ar.RemoteAddresses -split(',') 

$w = $g | where {$_.Name.Length -gt 1 -and !($arRemote -contains $_.Name + '/255.255.255.255') }

$w| %{ 
  if ($ar.RemoteAddresses -eq '*') {
    $ar.remoteaddresses = $_.Name
  }else{
    $ar.remoteaddresses += ',' + $_.Name
  }
}

if ($w.length -gt 1) {
  $w| %{(Get-Date).ToString() + '  ' + $_.Name >> 'C:\blocked.txt'} 
}
clear-eventlog "Security"

I honestly do not understand why it would show this error on 1 server, but works fine on the rest.

Answer 1

This certainly comes to the fact that -split operator exists on PowerShell V3.0 but not in previous versions (have a look to $PSVersionTable) the syntax is :

"aze,rt" -split ','

In all Powershell versions you can use the split method of the string class :

"azer,ty".split(',')
$a = "azer,ty"
$a.split(',')

Answer 2

JPBlanc is correct, but the -split operator has been added in PowerShell v2 not v3.