Difference between revisions of "Global Knowledge PowerShell Training"

From RiceFamily Wiki
Jump to: navigation, search
(Notes)
(EOF)
 
(26 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
* [http://www.makeuseof.com/tag/boost-productivity-windows-powershell-scripts/ Boost Productivity with Windows PowerShell Scripts]
 
* [http://www.makeuseof.com/tag/boost-productivity-windows-powershell-scripts/ Boost Productivity with Windows PowerShell Scripts]
  
= Notes =
+
== Books ==
 +
* Windows PowerShell Pocket Reference (O'Reilly)
 +
* Windows PowerShell 2.0 Administrator's Pocket Consultant
 +
* Windows PowerShell Programming for the Absolute Beginner
 +
* http://www.powershell.com (3rd Party)
 +
* [https://technet.microsoft.com/en-us/scriptcenter/bb410849.aspx Microsoft ScriptCenter PowerShell]
 +
* [http://technet.microsoft.com/scriptcenter PowerShell ScriptCenter]
 +
 
 +
= Day One Notes =
 
Different versions of PowerShell are available for different OS's.  Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows.  Newer versions of Powershell work better with Newer versions of Microsoft Windows.
 
Different versions of PowerShell are available for different OS's.  Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows.  Newer versions of Powershell work better with Newer versions of Microsoft Windows.
  
Line 23: Line 31:
 
-----
 
-----
  
 +
help dir -Online
 +
 +
help dir -ShowWindow
 +
 +
The "-WhatIf" option will allow you to "Dry Run" a command that might modify something on the system.
 +
 +
The "-Confirm" option allows for a Y/N query per item for any command that MODIFIES the system.
 +
 +
 +
get-command
 +
 +
get-command | measure-object
 +
 +
get-command | out-gridview
 +
 +
Show-Command Get-ChildItem
 +
 +
The "back tick" character (above the TAB key) is the "Line Continued Below" reference.
 +
 +
help dir `<br>
 +
-ShowWindow
 +
 +
is the same as
 +
 +
help dir -ShowWindow
 +
 +
-----
 +
 +
get-service | sort-object -Property Status | Out-File Service.txt
 +
 +
same as ...
 +
 +
get-service | sort-object -Property Status > C:\Service.txt
 +
-----
 +
get-service | sort-object -Property Status | Out-File Service.txt -Append
 +
 +
same as ...
 +
 +
get-service | sort-object -Property Status >> C:\Service.txt
 +
 +
== Objects ==
 +
get-process | get-member
 +
 +
Get-Member will output the member properties for an Object
 +
 +
-----
 +
 +
get-service | Format-Table *
 +
 +
get-service spooler | Format-list
 +
 +
-----
 +
 +
dir | get-member
 +
 +
-----
 +
 +
get-service | format-table status,name | get-member
 +
 +
Output references the output of the Format-Table object rather than the Get-Service object.
 +
 +
Format-Table/Format-List should usually be the LAST command in a Pipe Line.
 +
 +
-----
 +
 +
get-service | sort-object - property name
 +
 +
get-process | sort Name,ID
 +
 +
get-process | sort VM -Descending  (or -desc, abbreviations work for more items as long as they are unique)
 +
 +
-----
 +
 +
notepad;notepad;notepad
 +
 +
WIll open three instances of NotePad.exe
 +
 +
get-process | sort Name,ID | format-list
 +
 +
-----
 +
 +
get-process | measure -property VM
 +
 +
get-process | measure -property VM -Sum -Average -Maximum -Minimum
 +
 +
-----
 +
 +
Select-Object
 +
 +
get-process | ft Name,VM,PM
 +
 +
get-process | format-table Name,VM,PM
 +
 +
Can't sort this by VM now because it's been destroyed by the Format-Table command.
 +
 +
You have to change how you sort.
 +
 +
Get-Process | Select-Object Name,VM,PM | Sort VM -desc
 +
 +
The Select-Object command extracts the Name,VM,PM objects and preserves them for future actions.
 +
 +
-----
 +
 +
get-process | sort vm -desc | select-object name,vm,pm -First 10
 +
 +
Top 10 memory consumers.
 +
 +
-----
 +
 +
Get-Process | Select-Object Name,@{l="VM(MB)";e={$_.vm / 1mb}}
 +
 +
= Day Two Notes =
 +
Remember that teh Get-Member object will display the Properties for a given object
 +
 +
Get-Date | Get-Member
 +
-----
 +
Display the Help for an object in a seperate Windows.
 +
 +
Help <object> -ShowWindow
 +
-----
 +
The SELECT-OBJECT component will allow you to filter the results returned.
 +
 +
Get-DHCPServerv4Scope -ComputerName LON-DC1 | Select-Object -Property ScopeID,SubnetMask,Name
 +
-----
 +
 +
== Filtering Objects ==
 +
 +
Comparison Operators are not the usual operators (=, >, <, etc)
 +
Equal -eq -ceq
 +
Inequality -ne -cne
 +
Greater than -gt -cgt
 +
Less than -lt -lt
 +
Like -like (Allows wild cards * or ?)
 +
 +
HELP About_*
 +
 +
HELP about_Comparison_Operators
 +
-----
 +
== Where-Object ==
 +
There are version compatibility issues with Where-Object/Where commands.
 +
 +
WHERE-OBJECT is aliased by WHERE and by ?
 +
 +
PowerShell 3/4 - Cannot handle the complex queries shown below
 +
 +
Get-Service | Where Status -eq Running
 +
 +
PowerShell 3/4 - AKA Advanced Formatted Filter
 +
 +
Get-Service | Where-Object -Filter {$PSItem.Status -eq 'Running'}
 +
 +
PowerShell 2/3/4 - AKA Advanced Formatted Filter Command, works everywhere.
 +
 +
Get-Service | Where-Object -Filter {$_.Status -eq 'Running' -and $_name -like "*win*"}
 +
 +
== Object Enumeration in the Pipeline ==
 +
 +
=== For Each Enumeration ===
 +
 +
$MyServices = Get-Services
 +
 +
$MyServices | ForEach-Object Name
 +
 +
Outputs just the Service Names (% and ForEach are Aliases for ForEach-Object)
 +
 +
$MyServices.Name (works in versions greater than v2.0)
 +
 +
These two version present different output. Try them.
 +
 +
$MyServices | ForEach-Object {Write "The service name is:" $_.Name}
 +
 +
$MyServices | ForEach-Object {Write "The service name is: $($_.Name)"}
 +
-----
 +
$MyServices | where {$_.Name -eq "Spooler"}
 +
 +
$MyServices | where {$_.name -eq "Spooker"} | forEach {$_.stop()}
 +
 +
Simplest version of this ...
 +
 +
$MyServices | ? Name -eq Spooler | % -MemberName Stop
 +
-----
 +
Get-ChildItem -Path C:\Example -File | ForEach-Object -MemberType Encrypt
 +
 +
Get-ChildItem C:\Test -File | ForEach-Object {$_.Encrypt()}
 +
-----
 +
get-aduser -Filter *
 +
 +
get-aduser -filter * -SearchBase "cn=Users,dc=Adatum,dc=com"
 +
 +
get-EventLog -LogName Security | where EventID -eq 4624
 +
 +
get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message
 +
 +
get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message | ConvertTo-HTML | Out-File EventReport.html
 +
 +
Get-ChildItem -Path CERT: -recurse
 +
 +
Get-ChildItem -Path CERT: -recurse | Get-Member
 +
 +
Get-ChildItem -Path CERT: -recurse | where HasPrivateKey -eq $False
 +
 +
Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)}
 +
 +
Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)} | Select Issuer,NotBefore,NotAfter
 +
-----
 +
Get-Volume
 +
 +
Get-Volume | Where-Object {$_.SizeRemaining -gt 0}
 +
 +
Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .99 }
 +
 +
Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .1 }
 +
-----
 +
Get-ControlPanelItem
 +
 +
Get-ControlPanelItem -Category 'System and Security'
 +
 +
Did not need to include the Where-Object item
 +
-----
 +
Get-ChildItem -Path CERT: -Recurse
 +
 +
Get-ChildItem -Path CERT: -Recurse | Get-Member
 +
 +
Get-ChildItem -Path CERT: -Recurse | ForEach GetKeyAlgorithm
 +
 +
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges
 +
 +
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | Get-Member
 +
 +
Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | ForEach Reboot
 +
 +
1..100
 +
 +
1..100 | ForEach { Get-Random -SetSeed $_ }
 +
 +
=== Module 3 ===
 +
GM is an Alias for Get-Member!
 +
 +
=== Module 4 ===
 +
 +
get-adcomputer -Filter * | select @{l="Computername";e={$_.Name}}
 +
 +
Get-PSDrive
 +
 +
CD Alias:
 +
 +
CD HKLM:
 +
 +
CD HKCU:
 +
 +
New-PSDrive -Name AlphaTest -PSProvider FileSystem -Root \\Alpha\Test
 +
 +
New-PSDrive -Name T -PSProvider FileSystem -Root \\Alpha\Test -Persist
 +
 +
The Second New-PSDrive will actually map a drive T:.  The Names for this form MUST be single letter.
 +
 +
=== Module 5 ===
 +
 +
dir c:\windows\system32 | format-wide -auto
 +
 +
dir c:\windows\system32 | format-wide -column 4
 +
 +
get-service spooler | format-list -Property *
 +
 +
get-service spooler | format-table -Property Name,DisplayName,status -auto
 +
 +
get-service | format-table -Property Name,status,canstop,canshutdown,canpause,DisplayName -auto -wrap
 +
 +
-----
 +
get-process | Format-Table -Property Name,ID,@{n='VM(MB)';e={$_.VM / 1MB};formatString='N2';align='right'} -AutoSize
 +
-----
 +
get-service | sort-object status,name | format-table -groupby status
 +
-----
 +
get-service spooler,winrm,bits -computerName TEM-RELAY-001 | ft MachineName,Status,Name,DisplayName
 +
 +
get-service spooler,winrm,bits -computerName TEM-RELAY-001,TEM-RELAY-047 | Sort MachineName,Status,Name | ft -GroupBy MachineName
 +
-----
 +
get-service | out-gridview -OutputMode Multiple
 +
 +
get-process | out-gridview -Outputmode multiple | Stop-Process -Force
 +
-----
 +
Get-ChildItem -Path C:\Windows\*.exe | Sort-Object -Property Length -Descending | Format-Table -Property Name,@{n='Size(KB)';e={$PSItem.Length / 1KB};formatString='N2'} -AutoSize
 +
 +
Get-ChildItem -Path C:\Windows\*.exe | Sort -Property Length -Descending | FT -Property Name,@{n='Size(KB)';e={$_.Length / 1KB};formatString='N2'} -AutoSize
 +
-----
 +
Get-EventLog -LogName Security -Newest 20 | Select-Object -Property *,@{n='TimeDifference';e={$PSItem.TimeWritten - $PSItem.TimeGenerated}} | Sort-Object -Property TimeDifference -Descending | Format-Table -Property EventID,TimeDifference -AutoSize
 +
 +
Get-EventLog -LogName Security -Newest 20 | Select -Property *,@{n='TimeDifference';e={$_.TimeWritten - $_.TimeGenerated}} | Sort -Property TimeDifference -Descending | FT -Property EventID,TimeDifference -AutoSize
 +
 +
= Comment Based Help =
 +
help about_comment*
 +
 +
Allows comments in the code to become part of the integrated Help system in PowerShell!!
 +
 +
= Functions =
 +
function AddMe ($Num1, Num2) {
 +
$Anwser = $Num1 + Num2
 +
Write-Host "This is not part of the answer"
 +
Write-Verbose "This is not part of the answer"
 +
Write-Debug "This is not part of the answer"
 +
Return $Answer
 +
}
 +
 +
function AddMe {
 +
Param [
 +
  ($Num1, Num2)
 +
]
 +
$Anwser = $Num1 + Num2
 +
Write-Host "This is not part of the answer"
 +
Write-Verbose "This is not part of the answer"
 +
Write-Debug "This is not part of the answer"
 +
Return $Answer
 +
}
 +
 +
 +
= EOF =
 
[[Category:Training]]
 
[[Category:Training]]
 
[[Category:Work]]
 
[[Category:Work]]
 
[[Category:PowerShell]]
 
[[Category:PowerShell]]
 
[[Category:Scripting]]
 
[[Category:Scripting]]

Latest revision as of 01:02, 11 June 2015

General Information about PowerShell

Books

Day One Notes

Different versions of PowerShell are available for different OS's. Microsoft is using PowerShell as a way to drive people to upgrade to the latest version of Windows. Newer versions of Powershell work better with Newer versions of Microsoft Windows.

Two versions of the Powershell interface.

  • Console
    • Basic Command-Line
    • Maximum support for PowerShell
    • Minimal editing capabilities
  • ISE
    • Script Editor and Console Combination
    • Some PowerShell features not supported
    • Rich editing cap
  • Third Party hosting apps/Editors

help dir -Online

help dir -ShowWindow

The "-WhatIf" option will allow you to "Dry Run" a command that might modify something on the system.

The "-Confirm" option allows for a Y/N query per item for any command that MODIFIES the system.


get-command

get-command | measure-object

get-command | out-gridview

Show-Command Get-ChildItem

The "back tick" character (above the TAB key) is the "Line Continued Below" reference.

help dir `
-ShowWindow

is the same as

help dir -ShowWindow

get-service | sort-object -Property Status | Out-File Service.txt

same as ...

get-service | sort-object -Property Status > C:\Service.txt

get-service | sort-object -Property Status | Out-File Service.txt -Append

same as ...

get-service | sort-object -Property Status >> C:\Service.txt

Objects

get-process | get-member

Get-Member will output the member properties for an Object

get-service | Format-Table *

get-service spooler | Format-list

dir | get-member

get-service | format-table status,name | get-member

Output references the output of the Format-Table object rather than the Get-Service object.

Format-Table/Format-List should usually be the LAST command in a Pipe Line.

get-service | sort-object - property name

get-process | sort Name,ID

get-process | sort VM -Descending (or -desc, abbreviations work for more items as long as they are unique)

notepad;notepad;notepad

WIll open three instances of NotePad.exe

get-process | sort Name,ID | format-list

get-process | measure -property VM

get-process | measure -property VM -Sum -Average -Maximum -Minimum

Select-Object

get-process | ft Name,VM,PM

get-process | format-table Name,VM,PM

Can't sort this by VM now because it's been destroyed by the Format-Table command.

You have to change how you sort.

Get-Process | Select-Object Name,VM,PM | Sort VM -desc

The Select-Object command extracts the Name,VM,PM objects and preserves them for future actions.

get-process | sort vm -desc | select-object name,vm,pm -First 10

Top 10 memory consumers.

Get-Process | Select-Object Name,@{l="VM(MB)";e={$_.vm / 1mb}}

Day Two Notes

Remember that teh Get-Member object will display the Properties for a given object

Get-Date | Get-Member

Display the Help for an object in a seperate Windows.

Help <object> -ShowWindow

The SELECT-OBJECT component will allow you to filter the results returned.

Get-DHCPServerv4Scope -ComputerName LON-DC1 | Select-Object -Property ScopeID,SubnetMask,Name

Filtering Objects

Comparison Operators are not the usual operators (=, >, <, etc) Equal -eq -ceq Inequality -ne -cne Greater than -gt -cgt Less than -lt -lt Like -like (Allows wild cards * or ?)

HELP About_*

HELP about_Comparison_Operators

Where-Object

There are version compatibility issues with Where-Object/Where commands.

WHERE-OBJECT is aliased by WHERE and by ?

PowerShell 3/4 - Cannot handle the complex queries shown below

Get-Service | Where Status -eq Running

PowerShell 3/4 - AKA Advanced Formatted Filter

Get-Service | Where-Object -Filter {$PSItem.Status -eq 'Running'}

PowerShell 2/3/4 - AKA Advanced Formatted Filter Command, works everywhere.

Get-Service | Where-Object -Filter {$_.Status -eq 'Running' -and $_name -like "*win*"}

Object Enumeration in the Pipeline

For Each Enumeration

$MyServices = Get-Services

$MyServices | ForEach-Object Name

Outputs just the Service Names (% and ForEach are Aliases for ForEach-Object)

$MyServices.Name (works in versions greater than v2.0)

These two version present different output. Try them.

$MyServices | ForEach-Object {Write "The service name is:" $_.Name}

$MyServices | ForEach-Object {Write "The service name is: $($_.Name)"}

$MyServices | where {$_.Name -eq "Spooler"}

$MyServices | where {$_.name -eq "Spooker"} | forEach {$_.stop()}

Simplest version of this ...

$MyServices | ? Name -eq Spooler | % -MemberName Stop

Get-ChildItem -Path C:\Example -File | ForEach-Object -MemberType Encrypt

Get-ChildItem C:\Test -File | ForEach-Object {$_.Encrypt()}

get-aduser -Filter *

get-aduser -filter * -SearchBase "cn=Users,dc=Adatum,dc=com"

get-EventLog -LogName Security | where EventID -eq 4624

get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message

get-EventLog -LogName Security | where EventID -eq 4624 | Select TimeWritten<EventID,Message | ConvertTo-HTML | Out-File EventReport.html

Get-ChildItem -Path CERT: -recurse

Get-ChildItem -Path CERT: -recurse | Get-Member

Get-ChildItem -Path CERT: -recurse | where HasPrivateKey -eq $False

Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)}

Get-ChildItem -Path CERT: -Recurse | Where {$_.HasPrivateKey -eq $False -and $_.NotAfter -gt (Get_Date) -and $_.NotBefore -lt (Get-Date)} | Select Issuer,NotBefore,NotAfter

Get-Volume

Get-Volume | Where-Object {$_.SizeRemaining -gt 0}

Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .99 }

Get-Volume | Where-Object {$_.SizeRemaining -gt 0 -and $_.SizeRemaining/$_.Size -lt .1 }

Get-ControlPanelItem

Get-ControlPanelItem -Category 'System and Security'

Did not need to include the Where-Object item

Get-ChildItem -Path CERT: -Recurse

Get-ChildItem -Path CERT: -Recurse | Get-Member

Get-ChildItem -Path CERT: -Recurse | ForEach GetKeyAlgorithm

Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges

Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | Get-Member

Get-WMIObject-Class Win32_OperatingSystem -EnableAllPrivileges | ForEach Reboot

1..100

1..100 | ForEach { Get-Random -SetSeed $_ }

Module 3

GM is an Alias for Get-Member!

Module 4

get-adcomputer -Filter * | select @{l="Computername";e={$_.Name}}

Get-PSDrive

CD Alias:

CD HKLM:

CD HKCU:

New-PSDrive -Name AlphaTest -PSProvider FileSystem -Root \\Alpha\Test

New-PSDrive -Name T -PSProvider FileSystem -Root \\Alpha\Test -Persist

The Second New-PSDrive will actually map a drive T:. The Names for this form MUST be single letter.

Module 5

dir c:\windows\system32 | format-wide -auto

dir c:\windows\system32 | format-wide -column 4

get-service spooler | format-list -Property *

get-service spooler | format-table -Property Name,DisplayName,status -auto

get-service | format-table -Property Name,status,canstop,canshutdown,canpause,DisplayName -auto -wrap

get-process | Format-Table -Property Name,ID,@{n='VM(MB)';e={$_.VM / 1MB};formatString='N2';align='right'} -AutoSize

get-service | sort-object status,name | format-table -groupby status

get-service spooler,winrm,bits -computerName TEM-RELAY-001 | ft MachineName,Status,Name,DisplayName

get-service spooler,winrm,bits -computerName TEM-RELAY-001,TEM-RELAY-047 | Sort MachineName,Status,Name | ft -GroupBy MachineName

get-service | out-gridview -OutputMode Multiple

get-process | out-gridview -Outputmode multiple | Stop-Process -Force

Get-ChildItem -Path C:\Windows\*.exe | Sort-Object -Property Length -Descending | Format-Table -Property Name,@{n='Size(KB)';e={$PSItem.Length / 1KB};formatString='N2'} -AutoSize

Get-ChildItem -Path C:\Windows\*.exe | Sort -Property Length -Descending | FT -Property Name,@{n='Size(KB)';e={$_.Length / 1KB};formatString='N2'} -AutoSize

Get-EventLog -LogName Security -Newest 20 | Select-Object -Property *,@{n='TimeDifference';e={$PSItem.TimeWritten - $PSItem.TimeGenerated}} | Sort-Object -Property TimeDifference -Descending | Format-Table -Property EventID,TimeDifference -AutoSize

Get-EventLog -LogName Security -Newest 20 | Select -Property *,@{n='TimeDifference';e={$_.TimeWritten - $_.TimeGenerated}} | Sort -Property TimeDifference -Descending | FT -Property EventID,TimeDifference -AutoSize

Comment Based Help

help about_comment*

Allows comments in the code to become part of the integrated Help system in PowerShell!!

Functions

function AddMe ($Num1, Num2) { 

$Anwser = $Num1 + Num2
Write-Host "This is not part of the answer"
Write-Verbose "This is not part of the answer"
Write-Debug "This is not part of the answer"
Return $Answer

}

function AddMe { 

Param [
 ($Num1, Num2)

] 

$Anwser = $Num1 + Num2
Write-Host "This is not part of the answer"
Write-Verbose "This is not part of the answer"
Write-Debug "This is not part of the answer"
Return $Answer

}


EOF

Retrieved from "http://wiki.ricefamily.org/index.php?title=Global_Knowledge_PowerShell_Training&oldid=575"