General Information about PowerShell

• 6 Basic PowerShell Commands Get Windows
• Boost Productivity with Windows PowerShell Scripts

Books

• Windows PowerShell Pocket Reference (O'Reilly)
• Windows PowerShell 2.0 Administrator's Pocket Consultant
• Windows PowerShell Programming for the Absolute Beginner
• http://www.powershell.com (3rd Party)
• Microsoft ScriptCenter PowerShell
• PowerShell ScriptCenter

Day One Notes

Different versions of PowerShell are available for different OS's. Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows. Newer versions of Powershell work better with Newer versions of Microsoft Windows.

Two versions of the Powershell interface.

• Console
  • Basic Command-Line
  • Maximum support for PowerShell
  • Minimal editing capabilities

• ISE
  • Script Editor and Console Combination
  • Some PowerShell features not supported
  • Rich editing cap

• Third Party hosting apps/Editors
  • Variable Features and Pricing
  • PowerGUI

help dir -Online

help dir -ShowWindow

The "-WhatIf" option will allow you to "Dry Run" a command that might modify something on the system.

The "-Confirm" option allows for a Y/N query per item for any command that MODIFIES the system.

get-command

get-command | measure-object

get-command | out-gridview

Show-Command Get-ChildItem

The "back tick" character (above the TAB key) is the "Line Continued Below" reference.

help dir `
-ShowWindow

is the same as

help dir -ShowWindow

get-service | sort-object -Property Status | Out-File Service.txt

same as ...

get-service | sort-object -Property Status > C:\Service.txt

get-service | sort-object -Property Status | Out-File Service.txt -Append

same as ...

get-service | sort-object -Property Status >> C:\Service.txt

Objects

get-process | get-member

Get-Member will output the member properties for an Object

get-service | Format-Table *

get-service spooler | Format-list

dir | get-member

get-service | format-table status,name | get-member

Output references the output of the Format-Table object rather than the Get-Service object.

Format-Table/Format-List should usually be the LAST command in a Pipe Line.

get-service | sort-object - property name

get-process | sort Name,ID

get-process | sort VM -Descending (or -desc, abbreviations work for more items as long as they are unique)

notepad;notepad;notepad

WIll open three instances of NotePad.exe

get-process | sort Name,ID | format-list

get-process | measure -property VM

get-process | measure -property VM -Sum -Average -Maximum -Minimum

Select-Object

get-process | ft Name,VM,PM

get-process | format-table Name,VM,PM

Can't sort this by VM now because it's been destroyed by the Format-Table command.

You have to change how you sort.

Get-Process | Select-Object Name,VM,PM | Sort VM -desc

The Select-Object command extracts the Name,VM,PM objects and preserves them for future actions.

get-process | sort vm -desc | select-object name,vm,pm -First 10

Top 10 memory consumers.

Get-Process | Select-Object Name,@{l="VM(MB)";e={$_.vm / 1mb}}

Day Two Notes

Remember that teh Get-Member object will display the Properties for a given object

Get-Date | Get-Member

Display the Help for an object in a seperate Windows.

Help <object> -ShowWindow

The SELECT-OBJECT component will allow you to filter the results returned.

Get-DHCPServerv4Scope -ComputerName LON-DC1 | Select-Object -Property ScopeID,SubnetMask,Name

Filtering Objects

Comparison Operators are not the usual operators (=, >, <, etc) Equal -eq -ceq Inequality -ne -cne Greater than -gt -cgt Less than -lt -lt Like -like (Allows wild cards * or ?)

HELP About_*

HELP about_Comparison_Operators

Where-Object

There are version compatibility issues with Where-Object/Where commands.

WHERE-OBJECT is aliased by WHERE and by ?

PowerShell 3/4 - Cannot handle the complex queries shown below

Get-Service | Where Status -eq Running

PowerShell 3/4 - AKA Advanced Formatted Filter

Get-Service | Where-Object -Filter {$PSItem.Status -eq 'Running'}

PowerShell 2/3/4 - AKA Advanced Formatted Filter Command, works everywhere.

Get-Service | Where-Object -Filter {$_.Status -eq 'Running' -and $_name -like "*win*"}

Object Enumeration in the Pipeline

For Each Enumeration

$MyServices = Get-Services

$MyServices | ForEach-Object Name

Outputs just the Service Names (% and ForEach are Aliases for ForEach-Object)

$MyServices.Name (works in versions greater than v2.0)

These two version present different output. Try them.

$MyServices | ForEach-Object {Write "The service name is:" $_.Name}

$MyServices | ForEach-Object {Write "The service name is: $($_.Name)"}

$MyServices | where {$_.Name -eq "Spooler"}

$MyServices | where {$_.name -eq "Spooker"} | forEach {$_.stop()}

Simplest version of this ...

$MyServices | ? Name -eq Spooler | % -MemberName Stop

Get-ChildItem -Path C:\Example -File | ForEach-Object -MemberType Encrypt

Get-ChildItem C:\Test -File | ForEach-Object {$_.Encrypt()}

get-aduser -Filter *

get-aduser -filter * -SearchBase "cn=Users,dc=Adatum,dc=com"

get-EventLog -LogName Security | where EventID -eq 4624

get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message

get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message | ConvertTo-HTML | Out-File EventReport.html

Get-ChildItem -Path CERT: -recurse

Get-ChildItem -Path CERT: -recurse | Get-Member

Get-ChildItem -Path CERT: -recurse | where HasPrivateKey -eq $False

Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)}