Experimenting with PowerShell v2
Powershell is a command line interface for Windows that offers a very powerful and flexible model.
It is now a feature included with Windows 7 and Windows Server 2008 R2, not an optional download as before.
In this post, I show some sample commands that can help you understand some of the basic features and a few more complex ones.
If you never played with it before, try running Get-Help and Get-Command in a PowerShell prompt.
| Shows a list of commands: | Get-Command |
| Shows the help overview: | Get-Help |
| Show the help for “Dir”: | Get-Help Dir |
Let's use the Dir command now (actually an alias for Get-ChildItem) and a number of ways to transform the output using pipeline functions:
| Shows Directory: | Dir |
| Shows Directory in list format (two ways): | Dir | Format-List Dir | FL |
| Shows Directory sorted by file length: | Dir | Sort Length |
| Shows Directory sorted by file length in descending order: | Dir | Sort Length –Descending |
| Shows all the methods and properties for the objects resulting from Dir (files and folders): | Dir | Get-Member |
| Shows a selected list of properties instead of the default list: | Dir | Select Directory, Name, Extension, Length |
| Shows directory in HTML format (not much use going to the console like this, though): | Dir | ConvertTo-Html |
| Output the Directory listing to a file: | Dir | Out-File psfilelist.txt |
| Output the Directory listing to a grid in window: | Dir | Out-GridView |
| All together now: Shows selected list of properties, sorted, in HTML, going to a file. You need to open the file yourself: | Dir | Select Directory, Name, Extension, Length | Sort Length -Descending | ConvertTo-Html | Out-File psfilelist.htm |
Now exploring other “drives” in PowerShell with Get-PSDrive, including the certificate store and the registry.
| Get list of PowerShell “drives”: | Get-PSDrive |
| Shows environment variables: | Dir ENV: |
| Shows the certiticate store: | Dir CERT: |
| Shows root certificates for the machine: | Dir CERT:LocalMachineRoot | Select FriendlyName, NotAfter |
| Shows “HK Local Machine” portion of the registry | Dir HKLM: |
| Shows specified part of the registry: | Dir HKLM:SOFTWAREMicrosoftWindowsCurrentVersion |
Another easy way to get interesting data is with Get-Process.
| List running processes: | Get-Process |
| Shows all the methods and properties for the process objects: | Get-Process | Get-Member |
| Shows selected list of properties of running processes, formatted as table: | Get-Process | Select Id, Name, Product, CPU, WorkingSet | Format-Table –autosize |
Combining PowerShell with WMI is also very interesting. You can leverage any WMI provider on the box using Get-WmiObject.
You can get a list of WMI Classes from https://msdn.microsoft.com/en-us/library/aa394554(VS.85).aspx
| Shows all WMI objects with "disk" on the name: | Get-WmiObject -List *disk* | Select Name |
| Shows disk partitions: | Get-WmiObject Win32_DiskPartition | Select Name, Size, BootPartition |
| Shows logical disks: | Get-WmiObject Win32_LogicalDisk | Select DeviceID, DriveType, Size, FreeSpace |
| Shows mapped drives (with NET USE command): | Get-WmiObject Win32_MappedLogicalDisk | Select Name, ProviderName, FileSystem, Size, FreeSpace | Format-Table |
PowerShell also lets you call the .NET Framework, which is a huge library.
You need to use a syntax where the full class name (library.class) is mentioned in [], followed by a :: and the method name.
You can find a reference for it at https://msdn.microsoft.com/en-us/library/ms229335.aspx
| Shows network interfaces: | [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces() | Select Name, Speed, OperationalStatus |
| Shows identity of the current logged user: | [System.Security.Principal.WindowsIdentity]::GetCurrent() | Select Name, AuthenticationType, IsAuthenticated, IsSystem |
| Shows drive information: | [System.IO.DriveInfo]::GetDrives() | Select Name, DriveType, IsReady, TotalSize, TotalFreeSpace, RootDirectory | Format-Table -autosize |
It’s also interesting to iterate through the list of resulting objects, to perform additional actions.
You use the ForEach keyword (actually an alias for ForEach-Object), which allows you to run something for each item. The item is referred to as $_.
You can also use the symbol % instead of ForEach-Object.
| Change to the application data folder, which is obtained from the environment variables: | Dir Env:AppData | ForEach { CD $_.Value }Dir Env:AppData | % { CD $_.Value } |
| Show all text files enumerated by the Dir command: | Dir *.TXT | ForEach { Type $_ }Dir *.TXT | % { Type $_ } |
| Show root directory for all drives enumerated by GetDrives: | [System.IO.DriveInfo]::GetDrives() | foreach { Dir $_ }[System.IO.DriveInfo]::GetDrives() | % { Dir $_ } |
A similar syntax is used for Where (actually an alias for Where-Object), which can be used to filter objects in the pipeline.
You can also use the symbol ? instead of Where-Object.
| Show selected properties of processes using more than 10MB of memory, in descending order, formatted as table: | Get-Process | Select Id, Name, Product, CPU, WorkingSet | Where { $_.WorkingSet -gt 10*1024*1024} | Sort WorkingSet -Descending | Format-Table –autosize |
| Shows all services that are stopped: | Get-Service | Where { $_.Status -eq "Stopped" }Get-Service | ? { $_.Status -eq "Stopped" } |
Now let's focus on the DFS Namespaces service, which is something I’m working on (these will only work if the box is a Windows Server file server with the DFS-N role service installed):
| Shows all 2000 mode domain namespaces on the current computer, using the registry: | Dir HKLM:SoftwareMicrosoftDFSRootsDomain |
| Shows all 2008 mode domain namespaces on the current computer, using the registry: | Dir HKLM:SoftwareMicrosoftDFSRootsDomainV2 |
| Shows all standalone namespaces on the current computer, using the registry: | Dir HKLM:SoftwareMicrosoftDFSRootsStandalone |
| Shows all namespaces of all types on the current computer, using the registry: | Dir HKLM:SoftwareMicrosoftDFSRoots –Recurse | Select PSChildName, ValueCount, Property |
| Shows properties of the DFS-N service in the registry: | Dir HKLM:SystemCurrentControlSetServicesDfs |
| Get status of DFS Service (formatted as list) | Get-Service DFS | fl |
| Starts the DFS-N service (two ways): | Get-Service DFS | Start-Service Get-Service DFS | % { $_.Start } |
| Shows all WMI objects with DFS on the name (will include some DFS-R ones as well): | Get-WmiObject -List *DFS* |
| Shows DFS Targets on the current computer, using WMI: | Get-WmiObject Win32_DFSTarget |
| Shows selected properties of DFS nodes on the current computer, including it's a root and its state, using WMI: | Get-WmiObject Win32_DFSNode | Select Name, Root, State | Format-Table –autosize |
I hope that has helped you see how interesting PowerShell can be. Here are a few links for additional information and tutorials:
- Windows Powershell Owner's Manual: https://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/default.mspx
- List of cmdlets (help topics): https://technet.microsoft.com/en-us/library/dd347701.aspx
- Powershell ScriptCenter: https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx
- Powershell on Wikipedia: https://en.wikipedia.org/wiki/Windows_PowerShell
- Some free video tutorials: https://www.idera.com/Promo/Practical-PowerShell
- Official Powershell team blog: https://blogs.msdn.com/powershell
- Powershell Guy blog: https://thepowershellguy.com/blogs/posh