Difference between revisions of "Global Knowledge PowerShell Training"

From RiceFamily Wiki
Jump to: navigation, search
(Module 5)
(EOF)
 
(3 intermediate revisions by the same user not shown)
Line 299: Line 299:
 
get-service | format-table -Property Name,status,canstop,canshutdown,canpause,DisplayName -auto -wrap
 
get-service | format-table -Property Name,status,canstop,canshutdown,canpause,DisplayName -auto -wrap
  
 +
-----
 +
get-process | Format-Table -Property Name,ID,@{n='VM(MB)';e={$_.VM / 1MB};formatString='N2';align='right'} -AutoSize
 +
-----
 +
get-service | sort-object status,name | format-table -groupby status
 +
-----
 +
get-service spooler,winrm,bits -computerName TEM-RELAY-001 | ft MachineName,Status,Name,DisplayName
  
In PowerShell ISE ...
+
get-service spooler,winrm,bits -computerName TEM-RELAY-001,TEM-RELAY-047 | Sort MachineName,Status,Name | ft -GroupBy MachineName
 +
-----
 +
get-service | out-gridview -OutputMode Multiple
  
get-process |
+
get-process | out-gridview -Outputmode multiple | Stop-Process -Force
Format-Table -Property Name,ID,@{n='VM(MB)';
+
-----
                                e={$_.VM / 1MB};
+
Get-ChildItem -Path C:\Windows\*.exe | Sort-Object -Property Length -Descending | Format-Table -Property Name,@{n='Size(KB)';e={$PSItem.Length / 1KB};formatString='N2'} -AutoSize
                                formatString='N2';
+
                                align='right'} -AutoSize
+
  
get-service | sort-object status,name | format-table -groupby status
+
Get-ChildItem -Path C:\Windows\*.exe | Sort -Property Length -Descending | FT -Property Name,@{n='Size(KB)';e={$_.Length / 1KB};formatString='N2'} -AutoSize
 +
-----
 +
Get-EventLog -LogName Security -Newest 20 | Select-Object -Property *,@{n='TimeDifference';e={$PSItem.TimeWritten - $PSItem.TimeGenerated}} | Sort-Object -Property TimeDifference -Descending | Format-Table -Property EventID,TimeDifference -AutoSize
  
get-service spooler,winrm,bits -computerName TEM-RELAY-001 | ft MachineName,Status,Name,DisplayName
+
Get-EventLog -LogName Security -Newest 20 | Select -Property *,@{n='TimeDifference';e={$_.TimeWritten - $_.TimeGenerated}} | Sort -Property TimeDifference -Descending | FT -Property EventID,TimeDifference -AutoSize
 +
 
 +
= Comment Based Help =
 +
help about_comment*
 +
 
 +
Allows comments in the code to become part of the integrated Help system in PowerShell!!
 +
 
 +
= Functions =
 +
function AddMe ($Num1, Num2) {
 +
$Anwser = $Num1 + Num2
 +
Write-Host "This is not part of the answer"
 +
Write-Verbose "This is not part of the answer"
 +
Write-Debug "This is not part of the answer"
 +
Return $Answer
 +
}
 +
 
 +
function AddMe {
 +
Param [
 +
  ($Num1, Num2)
 +
]
 +
$Anwser = $Num1 + Num2
 +
Write-Host "This is not part of the answer"
 +
Write-Verbose "This is not part of the answer"
 +
Write-Debug "This is not part of the answer"
 +
Return $Answer
 +
}
  
get-service spooler,winrm,bits -computerName TEM-RELAY-001,TEM-RELAY-047 | Sort MachineName,Status,Name | ft -GroupBy MachineName
 
  
 
= EOF =
 
= EOF =

Latest revision as of 01:02, 11 June 2015

General Information about PowerShell

Books

Day One Notes

Different versions of PowerShell are available for different OS's. Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows. Newer versions of Powershell work better with Newer versions of Microsoft Windows.

Two versions of the Powershell interface.

  • Console
    • Basic Command-Line
    • Maximum support for PowerShell
    • Minimal editing capabilities
  • ISE
    • Script Editor and Console Combination
    • Some PowerShell features not supported
    • Rich editing cap
  • Third Party hosting apps/Editors

help dir -Online

help dir -ShowWindow

The "-WhatIf" option will allow you to "Dry Run" a command that might modify something on the system.

The "-Confirm" option allows for a Y/N query per item for any command that MODIFIES the system.


get-command

get-command | measure-object

get-command | out-gridview

Show-Command Get-ChildItem

The "back tick" character (above the TAB key) is the "Line Continued Below" reference.

help dir `
-ShowWindow

is the same as

help dir -ShowWindow


get-service | sort-object -Property Status | Out-File Service.txt

same as ...

get-service | sort-object -Property Status > C:\Service.txt


get-service | sort-object -Property Status | Out-File Service.txt -Append

same as ...

get-service | sort-object -Property Status >> C:\Service.txt

Objects

get-process | get-member

Get-Member will output the member properties for an Object


get-service | Format-Table *

get-service spooler | Format-list


dir | get-member


get-service | format-table status,name | get-member

Output references the output of the Format-Table object rather than the Get-Service object.

Format-Table/Format-List should usually be the LAST command in a Pipe Line.


get-service | sort-object - property name

get-process | sort Name,ID

get-process | sort VM -Descending (or -desc, abbreviations work for more items as long as they are unique)


notepad;notepad;notepad

WIll open three instances of NotePad.exe

get-process | sort Name,ID | format-list


get-process | measure -property VM

get-process | measure -property VM -Sum -Average -Maximum -Minimum


Select-Object

get-process | ft Name,VM,PM

get-process | format-table Name,VM,PM

Can't sort this by VM now because it's been destroyed by the Format-Table command.

You have to change how you sort.

Get-Process | Select-Object Name,VM,PM | Sort VM -desc

The Select-Object command extracts the Name,VM,PM objects and preserves them for future actions.


get-process | sort vm -desc | select-object name,vm,pm -First 10

Top 10 memory consumers.


Get-Process | Select-Object Name,@{l="VM(MB)";e={$_.vm / 1mb}}

Day Two Notes

Remember that teh Get-Member object will display the Properties for a given object

Get-Date | Get-Member


Display the Help for an object in a seperate Windows.

Help <object> -ShowWindow


The SELECT-OBJECT component will allow you to filter the results returned.

Get-DHCPServerv4Scope -ComputerName LON-DC1 | Select-Object -Property ScopeID,SubnetMask,Name


Filtering Objects

Comparison Operators are not the usual operators (=, >, <, etc) Equal -eq -ceq Inequality -ne -cne Greater than -gt -cgt Less than -lt -lt Like -like (Allows wild cards * or ?)

HELP About_*

HELP about_Comparison_Operators


Where-Object

There are version compatibility issues with Where-Object/Where commands.

WHERE-OBJECT is aliased by WHERE and by ?

PowerShell 3/4 - Cannot handle the complex queries shown below

Get-Service | Where Status -eq Running

PowerShell 3/4 - AKA Advanced Formatted Filter

Get-Service | Where-Object -Filter {$PSItem.Status -eq 'Running'}

PowerShell 2/3/4 - AKA Advanced Formatted Filter Command, works everywhere.

Get-Service | Where-Object -Filter {$_.Status -eq 'Running' -and $_name -like "*win*"}

Object Enumeration in the Pipeline

For Each Enumeration

$MyServices = Get-Services

$MyServices | ForEach-Object Name

Outputs just the Service Names (% and ForEach are Aliases for ForEach-Object)

$MyServices.Name (works in versions greater than v2.0)

These two version present different output. Try them.

$MyServices | ForEach-Object {Write "The service name is:" $_.Name}

$MyServices | ForEach-Object {Write "The service name is: $($_.Name)"}


$MyServices | where {$_.Name -eq "Spooler"}

$MyServices | where {$_.name -eq "Spooker"} | forEach {$_.stop()}

Simplest version of this ...

$MyServices | ? Name -eq Spooler | % -MemberName Stop


Get-ChildItem -Path C:\Example -File | ForEach-Object -MemberType Encrypt

Get-ChildItem C:\Test -File | ForEach-Object {$_.Encrypt()}


get-aduser -Filter *

get-aduser -filter * -SearchBase "cn=Users,dc=Adatum,dc=com"

get-EventLog -LogName Security | where EventID -eq 4624

get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message

get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message | ConvertTo-HTML | Out-File EventReport.html

Get-ChildItem -Path CERT: -recurse

Get-ChildItem -Path CERT: -recurse | Get-Member

Get-ChildItem -Path CERT: -recurse | where HasPrivateKey -eq $False

Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)}

Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)} | Select Issuer,NotBefore,NotAfter


Get-Volume

Get-Volume | Where-Object {$_.SizeRemaining -gt 0}

Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .99 }

Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .1 }


Get-ControlPanelItem

Get-ControlPanelItem -Category 'System and Security'

Did not need to include the Where-Object item


Get-ChildItem -Path CERT: -Recurse

Get-ChildItem -Path CERT: -Recurse | Get-Member

Get-ChildItem -Path CERT: -Recurse | ForEach GetKeyAlgorithm

Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges

Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | Get-Member

Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | ForEach Reboot

1..100

1..100 | ForEach { Get-Random -SetSeed $_ }

Module 3

GM is an Alias for Get-Member!

Module 4

get-adcomputer -Filter * | select @{l="Computername";e={$_.Name}}

Get-PSDrive

CD Alias:

CD HKLM:

CD HKCU:

New-PSDrive -Name AlphaTest -PSProvider FileSystem -Root \\Alpha\Test

New-PSDrive -Name T -PSProvider FileSystem -Root \\Alpha\Test -Persist

The Second New-PSDrive will actually map a drive T:. The Names for this form MUST be single letter.

Module 5

dir c:\windows\system32 | format-wide -auto

dir c:\windows\system32 | format-wide -column 4

get-service spooler | format-list -Property *

get-service spooler | format-table -Property Name,DisplayName,status -auto

get-service | format-table -Property Name,status,canstop,canshutdown,canpause,DisplayName -auto -wrap


get-process | Format-Table -Property Name,ID,@{n='VM(MB)';e={$_.VM / 1MB};formatString='N2';align='right'} -AutoSize


get-service | sort-object status,name | format-table -groupby status


get-service spooler,winrm,bits -computerName TEM-RELAY-001 | ft MachineName,Status,Name,DisplayName

get-service spooler,winrm,bits -computerName TEM-RELAY-001,TEM-RELAY-047 | Sort MachineName,Status,Name | ft -GroupBy MachineName


get-service | out-gridview -OutputMode Multiple

get-process | out-gridview -Outputmode multiple | Stop-Process -Force


Get-ChildItem -Path C:\Windows\*.exe | Sort-Object -Property Length -Descending | Format-Table -Property Name,@{n='Size(KB)';e={$PSItem.Length / 1KB};formatString='N2'} -AutoSize

Get-ChildItem -Path C:\Windows\*.exe | Sort -Property Length -Descending | FT -Property Name,@{n='Size(KB)';e={$_.Length / 1KB};formatString='N2'} -AutoSize


Get-EventLog -LogName Security -Newest 20 | Select-Object -Property *,@{n='TimeDifference';e={$PSItem.TimeWritten - $PSItem.TimeGenerated}} | Sort-Object -Property TimeDifference -Descending | Format-Table -Property EventID,TimeDifference -AutoSize

Get-EventLog -LogName Security -Newest 20 | Select -Property *,@{n='TimeDifference';e={$_.TimeWritten - $_.TimeGenerated}} | Sort -Property TimeDifference -Descending | FT -Property EventID,TimeDifference -AutoSize

Comment Based Help

help about_comment*

Allows comments in the code to become part of the integrated Help system in PowerShell!!

Functions

function AddMe ($Num1, Num2) {

$Anwser = $Num1 + Num2
Write-Host "This is not part of the answer"
Write-Verbose "This is not part of the answer"
Write-Debug "This is not part of the answer"
Return $Answer

}

function AddMe {

Param [
 ($Num1, Num2) 

]

$Anwser = $Num1 + Num2
Write-Host "This is not part of the answer"
Write-Verbose "This is not part of the answer"
Write-Debug "This is not part of the answer"
Return $Answer

}


EOF