General Information about PowerShell
Day One Notes
Different versions of PowerShell are available for different OS's. Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows. Newer versions of Powershell work better with Newer versions of Microsoft Windows.
Two versions of the Powershell interface.
- Console
- Basic Command-Line
- Maximum support for PowerShell
- Minimal editing capabilities
- Script Editor and Console Combination
- Some PowerShell features not supported
- Rich editing cap
- Third Party hosting apps/Editors
- Variable Features and Pricing
- PowerGUI
help dir -Online
help dir -ShowWindow
The "-WhatIf" option will allow you to "Dry Run" a command that might modify something on the system.
The "-Confirm" option allows for a Y/N query per item for any command that MODIFIES the system.
get-command | measure-object
get-command | out-gridview
Show-Command Get-ChildItem
The "back tick" character (above the TAB key) is the "Line Continued Below" reference.
help dir `
is the same as
help dir -ShowWindow
get-service | sort-object -Property Status | Out-File Service.txt
same as ...
get-service | sort-object -Property Status > C:\Service.txt
get-service | sort-object -Property Status | Out-File Service.txt -Append
same as ...
get-service | sort-object -Property Status >> C:\Service.txt
get-process | get-member
Get-Member will output the member properties for an Object
get-service | Format-Table *
get-service spooler | Format-list
dir | get-member
get-service | format-table status,name | get-member
Output references the output of the Format-Table object rather than the Get-Service object.
Format-Table/Format-List should usually be the LAST command in a Pipe Line.
get-service | sort-object - property name
get-process | sort Name,ID
get-process | sort VM -Descending (or -desc, abbreviations work for more items as long as they are unique)
WIll open three instances of NotePad.exe
get-process | sort Name,ID | format-list
get-process | measure -property VM
get-process | measure -property VM -Sum -Average -Maximum -Minimum
get-process | ft Name,VM,PM
get-process | format-table Name,VM,PM
Can't sort this by VM now because it's been destroyed by the Format-Table command.
You have to change how you sort.
Get-Process | Select-Object Name,VM,PM | Sort VM -desc
The Select-Object command extracts the Name,VM,PM objects and preserves them for future actions.
get-process | sort vm -desc | select-object name,vm,pm -First 10
Top 10 memory consumers.
Get-Process | Select-Object Name,@{l="VM(MB)";e={$_.vm / 1mb}}
Day Two Notes
Remember that teh Get-Member object will display the Properties for a given object
Get-Date | Get-Member
Display the Help for an object in a seperate Windows.
Help <object> -ShowWindow
The SELECT-OBJECT component will allow you to filter the results returned.
Get-DHCPServerv4Scope -ComputerName LON-DC1 | Select-Object -Property ScopeID,SubnetMask,Name
Filtering Objects
Comparison Operators are not the usual operators (=, >, <, etc) Equal -eq -ceq Inequality -ne -cne Greater than -gt -cgt Less than -lt -lt Like -like (Allows wild cards * or ?)
HELP About_*
HELP about_Comparison_Operators
There are version compatibility issues with Where-Object/Where commands.
WHERE-OBJECT is aliased by WHERE and by ?
PowerShell 3/4 - Cannot handle the complex queries shown below
Get-Service | Where Status -eq Running
PowerShell 3/4 - AKA Advanced Formatted Filter
Get-Service | Where-Object -Filter {$PSItem.Status -eq 'Running'}
PowerShell 2/3/4 - AKA Advanced Formatted Filter Command, works everywhere.
Get-Service | Where-Object -Filter {$_.Status -eq 'Running' -and $_name -like "*win*"}
Object Enumeration in the Pipeline
For Each Enumeration
$MyServices = Get-Services
$MyServices | ForEach-Object Name
Outputs just the Service Names (% and ForEach are Aliases for ForEach-Object)
$MyServices.Name (works in versions greater than v2.0)
These two version present different output. Try them.
$MyServices | ForEach-Object {Write "The service name is:" $_.Name}
$MyServices | ForEach-Object {Write "The service name is: $($_.Name)"}
$MyServices | where {$_.Name -eq "Spooler"}
$MyServices | where {$ -eq "Spooker"} | forEach {$_.stop()}
Simplest version of this ...
$MyServices | ? Name -eq Spooler | % -MemberName Stop
Get-ChildItem -Path C:\Example -File | ForEach-Object -MemberType Encrypt
Get-ChildItem C:\Test -File | ForEach-Object {$_.Encrypt()}
get-aduser -Filter *
get-aduser -filter * -SearchBase "cn=Users,dc=Adatum,dc=com"
get-EventLog -LogName Security | where EventID -eq 4624
get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message
get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message | ConvertTo-HTML | Out-File EventReport.html
Get-ChildItem -Path CERT: -recurse
Get-ChildItem -Path CERT: -recurse | Get-Member
Get-ChildItem -Path CERT: -recurse | where HasPrivateKey -eq $False
Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)}
Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)} | Select Issuer,NotBefore,NotAfter
Get-Volume | Where-Object {$_.SizeRemaining -gt 0}
Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .99 }
Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .1 }
Get-ControlPanelItem -Category 'System and Security'
Did not need to include the Where-Object item
Get-ChildItem -Path CERT: -Recurse
Get-ChildItem -Path CERT: -Recurse | Get-Member
Get-ChildItem -Path CERT: -Recurse | ForEach GetKeyAlgorithm
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | Get-Member
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | ForEach Reboot
1..100 | ForEach { Get-Random -SetSeed $_ }
Module 3
GM is an Alias for Get-Member!
Module 4
get-adcomputer -Filter * | select @{l="Computername";e={$_.Name}}
CD Alias:
New-PSDrive -Name AlphaTest -PSProvider FileSystem -Root \\Alpha\Test
New-PSDrive -Name T -PSProvider FileSystem -Root \\Alpha\Test -Persist
The Second New-PSDrive will actually map a drive T:. The Names for this form MUST be single letter.
Module 5
dir c:\windows\system32 | format-wide -auto
dir c:\windows\system32 | format-wide -column 4
get-service spooler | format-list -Property *
get-service spooler | format-table -Property Name,DisplayName,status -auto
get-service | format-table -Property Name,status,canstop,canshutdown,canpause,DisplayName -auto -wrap
In PowerShell ISE ...
get-process | Format-Table -Property Name,ID,@{n='VM(MB)';
e={$_.VM / 1MB}; formatString='N2'; align='right'} -AutoSize
get-service | sort-object status,name | format-table -groupby status
get-service spooler,winrm,bits -computerName TEM-RELAY-001 | ft MachineName,Status,Name,DisplayName
get-service spooler,winrm,bits -computerName TEM-RELAY-001,TEM-RELAY-047 | Sort MachineName,Status,Name | ft -GroupBy MachineName