Powershell info

.Net framework - foundation for Windows programming. Provides consistent object-

oriented programming environment. A collection of classes providing easy access to all
aspects of the Windows environment.

What is an object?

An object is a software representation of a real world object, such as a file, or a folder.

Objects are based on classes - a class is the blueprint used to construct the object. It’s
similar to a blueprint used to describe a house. Example: a file has properties, such as
size, name, location, and permissions. This makes the file unique and recognizable.
There are actions needed we need to perform on that files, such as read, write, move or
copy.

Further information later (below)

Compatibility between versions

Version 2.0 is compatible with 1.0.

Version 2.0 can run with 3.0 OR 4.0, but
Version 3.0 can’t run with 4.0 or visa versa.

To find version:
$PSversiontable

To change versions (more than one can be on your computer):

powershell -version x.0

Note that 3 and 4 can run scripts from 2, but not obviously if you use commands from 3
or 4, 2 can’t run it. And, 2 is the most used out there, as it comes with Win 7. 8 has 3.0,
8.1 has 4.0.
DON’T INSTALL 4.0 ON THE FOLLOWING:
System Center 2012 configuration manager (not including SP1)
System Center Virtual Machine Manager 2008 R2 (including SP1)
MS Exchange Server 2007
Windows Small Business Server 2011 Standard

As a rule, check supported system requirements!

Powershell runs under Normal User privilege. For some functions, you may need to run
as Administrator.

Setup and Maintenance

Update help every once in awhile, using the update-help command. This must be done
in Administrator mode.

To set up the execution policy so that you can actually DO stuff, you have to type:
Set-ExecutionPolicy RemoteSigned

The status can be checked with Get-ExecutionPolicy

To enable Powershell Remoting - by default, Powershell is configured to run commands

on other Windows computers. However, the remote computers probably won’t ALLOW
the commands to be executed. So on each computer that you want to run commands
on, type this PowerShell command:

Enable-PSRemoting

PowerShell profiles

Contains information about your preferences, similar to your Windows profile.

To create:
create a text file with the specified name (see below) in the specified location based on
the type of profile you want to use.

$Profile will show you the path to your profile. To see if you HAVE a path, type: test-
path $Profile. If it returns False, then you need to create one.

Type New-Item -path $profile -type file - force

If you type it exactly like that, you’ll get the #4 profile and it will create the
WindowsPowerShell directory in the user Documents folder. It will be a blank file.

NOTE: a customized profile can be deployed to other computers to ensure a consistent

environment and functionality across machines

Four types of profiles:

1. AllUsersAllHosts - applies to all users and all shells. Stored in %windir\System32\

WindowsPowerShell\v1.0\profile.ps1
2. AllUsersCurrentHost - applies to all users, but only the MS Powershell shell. Stored
in %windir\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
3. CurrentUserAllHosts - applies to current user, all shells. Stored in %UserProfile\My
Documents\WindowsPowerShell\profile.ps1
4. CurrentUserCurrentHost - applies to current user, MS Powershell. Stored in
%UserProfile\My Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

Sample script for #4 profile:

# Display greeting

Clear-Host
Write-Host " "
Write-Host " "
Write-Host "`t `t `t ====================== Attention! ======================
"
Write-Host "`t `t `t You are being tracked. We know who you are. Resistance is
useless. "
Write-Host " "
Write-Host " "

NOTE: ‘ is the escape sequence. NOT a single quote, it’s the accent grave to the right
of the 1 on the top row of the keyboard. “t” is for tab.

Cmdlets

Cmdlets perform an action, and typically return an MS Net Framework object to the next
command in the pipeline (“pipeline” covered below.)
Cmdlets have the same basic structure: Verb - Noun - parameter argument. The verb
describes the action to take place, the noun describes the target of the action, and the
parameters are optional characteristics or a property of the noun.

Common Cmdlet verbs:

Get - queries a specific object
Set - modifies the settings of an object
Enable - enables a setting
Disable - disables a setting
New - creates a new instance of an item (used a lot!)
Remove - removes an instance of an item

Other verbs: add, clear, export, format, import, invoke.

Cmdlet syntax - when using “help”, it will list the syntax. Anything in a bracket is
optional.

Using Help in Powershell

Start with the command “get-help” followed by the command name: get-help get-
process, for example.
To get information on one page: get-help <cmdlet>, or help <cmdlet>
To get information on multiple pages: <cmdlet> -?
To see examples of the command: get-help <cmdlet> -examples
To see more detailed info: get-help <cmdlet> -detailed
To see full technical information: get-help <cmdlet> -full
To open in a window (PS 3.0 and up): get-help <cmdlet> -ShowWindow. In the window,
you can search for terms and they’ll be highlighted. You can click on “settings” and it
will filter out whatever you uncheck, such as syntax or description.

What are all the commands?

There are hundreds of cmdlets in PS. The command get-command will list all of them.
Combines with get-help <cmdlet>, it’s a start on learning them.

PS has a set of cmdlets that let you control which properties are displayed for particular
objects.
The cmdlets begin with the verb Format.

There are four format commands:

Format-wide - displays only the default property of an object by default
Format-list - displays with each property labeled and on a separate line
Format-table - produces a tabular layout
Format-custom - outputs as defined in an alternate view (not covered in this course)

You would use a pipe to specify the format:

get-process | format-table
You can specify the process with “name”:
get-process name powershell | format-list
To get specific information:
Get-Process -Name powershell | Format-Table -Property Path,Name,Id,Company (or
whatever parameters you want). BUT, the information will be truncated if it’s too long.

So, the “autosize” command, added at the end, will fix that. It will begin with the
leftmost column:
Get-Process -Name powershell | Format-Table -Property Path,Name,Id,Company -
AutoSize

To get more of a particular column, move it to the left:

Get-Process -Name powershell | Format-Table -Property Company,Name,Id,Path -
AutoSize

Another way to prevent truncated data is to use the “wrap” command:

Get-Process -Name powershell | Format-Table -Wrap -Property
Name,Id,Company,Path

The GroupBy parameter groups output based on a property value:

Get-Process -Name powershell | Format-Table -Wrap -AutoSize -Property
Name,Id,Path -GroupBy Company

Now, that might not seem very handy if you’re only looking at one process. But when
you look at ALL of them:
Get-Process | Format-Table -Wrap -AutoSize -Property Name,Id,Path -GroupBy
Company

Get-member

This retrieves information about .NET objects

almost everything in PS is a .NET object! It displays the properties and methods.
These are also called the “members” of an object. For example, type $m = “Hello” and
hit enter. You’ve now created an object called $m. To see the properties (in this case,
the only property would be the length) and the methods (numerous methods, but ones
applicable would be things like “toupper” which would change it to HELLO, or “tolower”
which would change it to “hello”).
The command would be:
$m | get-member

To change a method:
$m.toupper()

The “()” - open and close brackets - is used with methods. For a property, which in this
case is length, it would be:
$m.length

Objects

.Net objects have pre-programmed functionalities. That’s why a simple command like
$m=”Hello” will be recognized as a string object, with $m being considered a string
variable. Now PS will automatically assign a number of pre-programmed functionalities
(which can be found with the $m | Get-member command) to it.

.Net object use a functionality known as inheritance, so an object can inherit

functionalities from parent objects. (see below)

Objects are based on classes, which is the top of the “food chain” in .Net
Framework. .NF is actually just a huge collection of classes! They define the objects.
Compare it to a blueprint for a series of houses. Each house may be a bit different, but
structurally they will all be the same, following the blueprint. Substitute “blueprint” for
classes, and “houses” for objects, and it makes sense.

So, it’s important to learn which classes are “parent” classes, that pass functionalities
down to other classes. For example, the “string class” inherits functionalities from its
parent, the “object class”. Again, objects are based on classes. So a string object is
created based on a string class. So it automatically has whatever functionalities are in
the string class, and any parent classes. This lets you use built in functions instead of
creating the wheel all over again for common things you’d want to do.

Functions are actually methods and properties. Methods are actions that can be
performed (Copy, Trim, Upper, Lower). Properties are attributes that describe the
object (Name, color, size, length).
So cmdlets are PS commands that you use to make things happen - like creating
a .NET object! Then you can use the properties and methods to create powerful
functionalities and still write very little code at all! Get-member will show you what
properties and methods are available.

Running and looking at DLLs

First, run the command [Reflection.Assembly]::LoadFile(“x:\filename.ext”)

For example, the course comes with a file called MLClass.dll. So that has to be copied
to somewhere that PS can find it. We put it in the root, as an example. The command
is then [Reflection.Assembly]::LoadFile(“c:\MLClass.dll”)

So now we create a new variable, called (for argument’s sake) $ml:

$ml = new-object MLClass.Messages
So PS looks at the MLClass.dll for that. In an earlier example, we didn’t type the whole
new-object etc. stuff. PS did that in the background for us!

Now we use one of the methods in that dll, called SendMsg:

$ml.SendMsg() - remember brackets () are used with methods

To see what MLClass.dll contains, you type the variable and pipe it to get-member:
$ml | get-member

In this case, the output is:

TypeName: MLClass.Messages

Name
MemberType
Definition
Equals
Method
bool Equals(System.Object o
GetHashCode
Method
int GetHashCode()
GetType
Method
type GetType()
SendMsg
Method
void SendMsg()
ToString
Method
string ToString()
IsAdmin
Property
bool IsAdmin {get;set;}
IsOnDuty
Property
bool IsOnDuty {get;set;}

Get-ChildItem

This is basically a dir command. It can be accessed by get-childitem, dir, ls, or gci (get-
childitem)

Using the -recurse option allows you to see all subdirectories and files within a folder.
Using the -path option allows you to specify a path - including the registry!
gci -path hklm:\Software will show that branch of the registry.
Using the -include option allows you to specify particular file types. For example:
c:\>gci c:\*.* -include *.txt
will list all the text files in that directory (root). If you combine with -recurse, you can
check the whole drive, but -recurse has to come first: gci c:\*.* -recurse -include *.txt