Working with Power Shell Version 2

Introduction......................................................................................................................................... 2
HELP ABOUT HELP ............................................................................................................................... 2
ONLINE HELP ....................................................................................................................................... 2
GCM ..................................................................................................................................................... 3
FINDING FILES ...................................................................................................................................... 3
PIPE ...................................................................................................................................................... 3
CSV....................................................................................................................................................... 3
CMDLET ............................................................................................................................................... 4
PS ISE ................................................................................................................................................... 4
ENABLE SCRIPTING .............................................................................................................................. 4
RUNNING A PS SCRIPT ......................................................................................................................... 4
EXECUTION POLICY AND CERTIFICATES .............................................................................................. 5
REMOTE SESSIONS .............................................................................................................................. 5
CREATING SESSIONS AND MANAGING SESSIONS ............................................................................... 6
REMOTING ........................................................................................................................................... 7
CREATE A SESSION AND CLOSE A SESSSION IMMEDIATELY ................................................................ 8
BEST PRACTISE OF REMOTING ............................................................................................................ 8
REMOTING MULTIPLE COMPUTRES .................................................................................................... 8
HIDING COMPUTER NAME TO GENERATE A TRADITIONAL EVENT LOG REPORT ............................... 9
INVOKE-COMMAND ............................................................................................................................ 9
REMOTING WITHOUT CREATING ANY SESSIONS (from PS version 2) ................................................ 9
JOBS ................................................................................................................................................... 10
TOP 5 CMDLET PS v2 ......................................................................................................................... 11

Introduction
All the commands are typed at PS Prompt.
Navigation:
* From 'Start' open " Windows Power Shell " or type in the 'cmd' window "powershell".
When Power Shell is turned on, PS Prompt is visible, in this way, for example -> PS
C:\Users\pb-user>
Verify PS is working or not by typing " help *event* " :
Ex.- PS C:\Users\pb-user> help *event*
* The words after a "--" is my explanation
HELP ABOUT HELP
READING HELP AND GETTING HELP ABOUT HELP - Knowing the PS features
* gcm (gcm alias for Get-command )
* help *event* - - Gives a list of all Commands that match with "Event"
* Ex. - help get-eventlog - - Provides help for the Command Get-EventLog
* Ex. - Get-EventLog - list - - In System we have various Event Logs and to get the complete
list " - List " Parameter is used.
* Ex. - Get-EventLog ODiag * Ex. - get-eventlog system -newest 20
* Ex. - help get-eventlog -full --The parameter " -full " provides full help
* Ex. - help get-eventlog -examples -- The parameter " -examples " provides examples and
how to use a specific CMDLET or Command
* Ex. - help dir -full * Ex.- md C:\users\scott -- Using "md" we can create directory
* Ex. - help *type* --This Command is also called "Get-Content"
The Command "type or get-content " is used to display the contents of a File. The below
examples show help and examples about "get-content" Command
* Ex. - help type -examples or Ex. - help Get-Content -examples
* Ex. - help *service*

* To clear screen use "cls" (cls is short for ' clear screen' )
* The ' TAB' key can be used for a "cmdlet or Command " auto fill up
ONLINE HELP
-- Sometimes the PS help files are not updated. To get an online help for a specific
Command, type "-online" after a command
* Ex. - help -dir -online

GCM
USE " GCM " TO SEARCH A COMMAND THAT IS TOTALLY UNKNOWN
* gcm (Alias for Get-command )
* Ex. - help *gcm*
* The below example gives a list of all commands that has the word "JOB "
* Ex. - gcm -noun job

FINDING FILES
* get-item and get-childitem is used to find files and directories on the computer
PIPE
* Ex. - help get-service | get-member --To get help about the available members for a
command, a command is piped "|" with " Get-Member "
* Ex. - help stop-service -full
-- Let's say the Service BITS is to be stopped, below is the way to PIPE the object "BITS",
which is a Service Controller and PIPE to Stop-Service to stop BITS
* Ex. - get-service -name BITS | stop-service
SOME MORE EXAMPLES USING " PIPE "
Ex. - get-process | get-member -- To get help about the available members for a specific
command and its properties. * Tip: It is good to check and read the available properties and
Alias Property etc.
Ex. - get-process | sort vm -desc | select -first 10
And
Ex. - get-process | sort vm -desc | select -first 10 | format-list name, id, vm
Ex. - get-eventlog system -newest 1 | get-member
Ex. - get-eventlog | get-member -- gets all the members for a command and useful help for
some command
CSV
AN EXAMPLE TO LOAD A CSV FILE using the Command " IMPORT_CSV ". THE CSV FILE HAS A
LIST OF AD (Active Directory ) USERS TO BE CREATED.
The below File
"users.csv " has all the Properties saved in the file.
Ex. - type C:\users.csv --Verify the data in the file using "type" command.
Ex. - IMPORT_CSV C:\users.csv | NEW-ADUSER --"new-aduser" is a command to add an AD
User

CMDLET
TO DISPLAY ALL THE COMMANDS ( " CMDLET " )
-- The below examples give total count of the commands/cmdlet
Ex. - get-command | where { $_.CommandType -eq "CmdLet" }
Ex. - get-command | where { $_.CommandType -eq "CmdLet" } | measure-object

* " gsv " IS ALIAS FOR GET-SERVICES COMMAND (used to check services running)
* "ps " IS ALIAS FOR PROCESSES COMMAND (used to check processes running)
PS ISE
PS ISE (Integrated Scripting Environment)
PowerShell ISE (PowerShell Integrated Scripting Environment. A GUI Environment )
* Better than using Windows Notepad for Scripts
* For example, while you are in PowerShell ISE type at the PS prompt i.e. at ">" " read-host
Enter a Number ". A Window pops up asking us to enter a number
* In
ISE there exists a button to connect to a remote computer (5th button from left to right)
* Color Coding is available in ISE. That's a pretty cool thing to write a script

ENABLE SCRIPTING
FIRSTLY, SET EXECUTION POLICY TO RUN SCRIPTS
* Get-ExecutionPolicy -- The output could be Restricted. Default is set to "Restricted" . This
is a Global Setting.
* Set-executingpolicy remoteSigned --Enables us to run PowerShell Scripts. The default
extension of a PowerShell Script is " .ps1. For example - " somefile.ps1 "
* Verification: get-executionpolicy --Now it is set to "Remotesigned"

RUNNING A PS SCRIPT
* We can run a Powershell Script like any other script on Linux/Unix System, that is using a
dot and forward slash "./sometestscript. ps1 "

* http://www.powergui.org (Free ), powershellplus.com (Commercial ), primalscript.com

(Commercial. Very good and helps for code completion )
* To set Execution Policy for a Domain, navigate to Group Poicy Management -> Windows
Powershell -> Turn on Script Execution

RENAME A FILE
* ren xyz.txt abc.ps1
FORMAT LIST ( fl )
* PIPE any command with " fl * " to format the output
* Ex. - <some command> | fl *
EXECUTION POLICY AND CERTIFICATES
* Execution Policy should be enabled to run a PS Script even on Local Computer or on a
Remote Computer. Certificates are usually used in a Secure Environment where Security is
given much importance.
* Verification of Execution Policy
* get-executionpolicy (Displays what Policy is set. 'RemoteSigned' is secure enough. On the
other hand "Restricted" is default and disables running a PS Script )
* help *execution*
* help about_ execution_policies (To read what Policies are available)
* An example to see what's exactly in a Certificate
* cd $pshome
* Open with a Notepad " notepad . \types.ps1.xml "
* gcm -noun *signature* ( set-authenticodesignature is used to set a certificate)
* Ex. - get-authenticodesignature .\types.ps1xml (This example shows validity of a
certificate)
OR (format the output using fl )
Ex. - get-authenticodesignature .\types.ps1xml | fl *
* Setting execution policy example (An Administrator can change or set the policy)
* Set-ExecutionPolicy allSigned (A Certificate is needed to run a script)
* Set-ExecutionPolicy remotesigned ( allows to run a script without (digital) certificate )
* help about_signing ( This help provides us how to create a self-signed certificate but allows
us to run only on local computer)

REMOTE SESSIONS
REMOTE SESSIONS (Connecting & working with Remote Computers) AND CONFIGURING
AND MANAGING REMOTE SESSIONS (Connecting & working with Remote Computers)
* winRM -> Windows Remote Management ( This is a Service )
* ws-MAN-> Web Services for Windows Management
* What exactly is winRM/ws-MAN-? Earlier it was named/called as RPC and using http
Protocol Remote Clients get connected . But, winRM/ws-MAN does not use Port 80 or 443,
rather Port 5985
* This is not preconfigured and we got to configure it first

CONFIGURATION
* set-wsmanquickconfig (while setting please do not set directly 'yes', but check whether this
Service was already up& running or not. If it is not running then we can confirm with "yes")
* Verify: While you are in "services" window click on "standard" and check for " Windows
Remote Management"
CONFIGURING winRM Service for a Domain
* Navigation: go to -> group policy management -> Double Click on Default
Domain Policy - > Computer Configuration -> Policies - > Administrative Templates - >
Windows Components - > Windows Remote Management -> Open WinRM Service ->
ENABLE by opening "Allow automatic configuration of listeners "
ENABLING WINDOWS REMOTE SHELL
* From the above navigation open "Windows Remote Shell ", then open the file and enable "
Allow Remote Shell Access "
CONFIGURATION FOR MACHINES/Systems NOT IN DOMAIN IS TRICKY
* google -> " powershell remoting between two workgroup machines " . From the search
you can select, that is, (blogs.msdn.com/wmi/default.aspx?p=2) and search for article in
july/2009
or navigate directly using the below link
" http://blogs.msdn.com/b/wmi/archive/2009/07/24/powershell-remoting-between-twoworkgroup-machines.aspx "

CREATING SESSIONS AND MANAGING SESSIONS

* gcm -noun pssession (The output shows all the commands that has the word ' sessions' )
* help new-pssession -full
Ex. - new-pssession -comp <computer name> (opens a new session for a computer )
Ex. - Opening sessions for multiple computers
* save the computer names in a " .txt " file, let's say you have a domain of computers.
For example - Computer 1, Computer2, Computer3
* new-pssession -comp (get-content C:\computernames.txt ) -- Opens Sessions for multiple
computers
OR
* get-content C:\computernames.txt | new-pssession
OR
* Note: The below example is for Computers in Active Directory / Domain
* Active Directory Module must be imported firstly. At PS Prompt we loaded it.
*
import-module activedirectory
* get-adcomputer -filter * ( lists all the computers in the domain )
* The pssession cannot be piped as per the information in the help file. So, first we get all
the computer names in a domain

* get-adcomputer -filter * | select-object @ { name="computername"; expression={

$_.name } }
* After getting the output we can pipe to pssession, (*** the below piping creates a session
to all the computers in the domain )
* get-adcomputer -filter * | select-object @ { name="computername"; expression={$_.name
} } | pssession
VERIFICATION OF OPENED SESSIONS OR THE SESSIONS ESTABLISHED ALREADY
* get-pssession
REMOVE PSSESSIONS OR SESSIONS
* get-pssession | remove-pssession
CREATE or ASSIGN A NAME TO A SESSION
* get-adcomputer -filter * | select-object @{name="computername";
expression={$_.name}} | new-pssession -name domaincomputers
* Verify: get-pssession -name domaincomputers (domaincomputers is the name we
assigned)
CREATING A VARIABLE FOR MANAGING SESSIONS
Ex . - $domaincomputers = get-adcomputer -filter * | select-object
@{name="computername"; expression={$_.name}} | new-pssession
Verify:
* $domaincomputers (shows the sessions opened )
* remove-pssession $domaincomputers (removes any opened Sessions)

REMOTING
POWER SHELL REMOTING - It means creating a Remote Shell
Creating a variable to save Sessions
* $sessions = new-pssession - computer <computer name>
* Verify: $sessions
ONE-TO-ONE ADHOC REMOTING
* enter-pssession $sessions ($sessions is a User created Variable)
* help enter-pssession (Syntax has to be seen for various examples. Using enter-pssession, a
session can be created and removed instantly. Below is an example )
-- now prompt changes to remote system's name and to verify enter any commands. For
example "dir OR gsv OR ps OR get-eventlog security -newest 20 "
TO EXIT FROM REMOTE SHELL

* exit-pssession
REMOVE SESSIONS -- IT IS IMPORTANT TO REMOVE THE SESSIONS WHEN IT IS NO LONGER
NEEDED
* remove-pssession $sessions
CREATE A SESSION AND CLOSE A SESSSION IMMEDIATELY
* enter-pssession -computer <computer name>
* exit-pssession (exit when a session is not needed)
* Verify if any sessions are still open or not by typing " get-pssession " . There should not be
any Sessions opened now.

BEST PRACTISE OF REMOTING

BEST PRACTISE OR EASY WAY FOR ADHOC ONE-TO-ONE REMOTING
-- CREATE AN ALIAS IN PROFILE OR INSTANTLY
* new-alias ssh enter-pssession (an alias with the name "ssh" is created )
* ssh <computer name>
-- THE ABOVE PRACTISE OPENS A SESSION AND CLOSES THE OPENED SESSIONS JUST BY
TYPING EXIT-PSSESSION WHEN A SESSION IS NO LONGER REQUIRED

REMOTING MULTIPLE COMPUTRES

-- Connecting simultaneously 2 or more Computers
* create a variable for Sessions to connect the remote Computers
* $sess = new-pssession -computer <host 1> , <host 2 > ( sessions for 2 computers will be
created)
-- It is weird to see multiple prompts from multiple computers on the window. So, the below
method is somewhat better to get what is required from multiple Computers.
* invoke-command { get-eventlog security - newest 10} -session $sess
MORE PARAMETERS or PROPERTIES CAN BE ADDED with the help of get-member, in this
way, given below
* invoke-command { get-eventlog security - newest 10} -session $sess | get-member
SOME MORE PROPERTIES OR PARAMETERS ADDED TO THE ABOVE EXAMPLE
* invoke-command { get-eventlog security - newest 10} -session $sess | group-object
pscomputername
GETTING THE OUTPUT FROM REMOTE COMPUTERS IN A BETTER FORMAT USING THE
COMMAND INVOKE-COMMAND AND CREATING A HEADER FOR EACH COMPUTER NAME

* invoke-command { get-eventlog security - newest 10} -session $sess | sort

pscomputername | format-table -groupby pscomputername
* help invoke-command
HIDING COMPUTER NAME TO GENERATE A TRADITIONAL EVENT LOG REPORT
* invoke-command { get-eventlog security - newest 10} -session $sess -hide
computername | sort pscomputername
*TIP: A SCRIPT FILE CAN BE CALLED USING ' PATH' and can be invoked with the above
command
REMOVE ALL THE SESSIONS USING REMOVE-SESSIONS AND TRY THE BELOW

INVOKE-COMMAND
CREATE A SESSION AND CLOSE THE OPENED SESSIONS ON REMOTE COMPUTER USING
INVOKE-COMMAND
* invoke-command { get-eventlog security - newest 10} -computername <host1> , <host2>
* VERIFY ANY SESSIONS ARE OPENED using get-pssession
A CASE : IF THE CORRECT NAME OF THE SERVER OR HOSTNAME IS NOT
PROVIDED/UNKNOWN EXACTLY THEN CONNECTING TO REMOTE COMPUTER IS DIFFICULT .
* $sessions = new-pssession - computer <remotecomputername>
* invoke-command { gsv } -session $sessions | sort pscomputername | ft -groupby
pscomputername
OR GROUP OBJECTS (objects = computers )
* invoke-command { gsv } -session $sessions | group-object pscomputername
REMOTING WITHOUT CREATING ANY SESSIONS (from PS version 2)
* Remove any sessions, if opened (get-pssession | remove-pssession)
* help get-service (see the syntax in the help. Only computer name is required )
* get-service -computername <remotecomputer>
* same with get-process command to connect a remote computer without creating any
session
* same with get-eventlog
* same with restart-computer

JOBS
JOBS (managing and creating jobs)
* help invoke-command ( see for "as job " in the syntax )
* CREATING A JOB
* invoke-command { get-eventlog security -newest 1000 } - computer localhost, system2 -as
job -jobname "EventLogs"
* Verify the job with the command " get-job "
* gcm -noun job (Watch for all the commands with the word "job" )
* TO RECEIVE DATA FROM THE JOB, USE THE COMMAND " RECEIVE-JOB "
* help Get-WmiObject (alias is gwmi )
* help start-job
Ex. - start-job { get-process } -name "LocalProcess"
REMOVE JOB
* get-job -name < jobname > | remove-job
* help receive-job
* receive-job -name <jobname>
* Ex. - $eventlogs = receive-job -name <jobname> -keep (to keep the results of a job in the
memory so that the results of the job will be retrieved when needed )
FILTERING THE RESULTS FROM THE CREATED JOB USING A PROPERTY NAME
Ex. - $eventlogs | group-object pscomputername
Ex. - $eventlogs | where { $_.instanceid -eq <an even number from the above result > }
VERIFY THE PROPERTIES OF A JOB
* get-job -name < jobname > | fl* (fl stands for format list )
CREATING A VARIABLE TO WORK EASILY
Ex. - $job = get-job -name <jobname>
Ex. - $job (A variable created in the above example)
TO SEE THE CHILD JOBS AND VERIFY THE STATUS OF CHILD JOBS
Ex. - $job.childjobs (Displays the child jobs living under the parent job )
Ex. - $job.childjobs [0] (the zero here stands for first child job )
Ex. - $job.childjobs [1] (the number one stands for second child job )
RECEIVE THE RESULTS OF A SINGLE CHILD JOB OR TO DISPLAY THE RESULT OF A SINGLE
CHILD JOB
Ex. - receive-job -name <childjob number or jobid > -keep (using "-keep" , the result/output
kept in memory )

REMOVE A JOB
* get-jobs -name <jobname> | remove-job
TOP 5 CMDLET PS v2
TOP 5 CMDLET IMPROVEMENTS FROM PS ver. 2
* convertto-html ( in capital letters CONVERTTO-HTML)
* get-service, get-process, get-eventlog
* select-string (finds text in strings and files )
* set-strictmode
* get-member
OTHER NEW CMDLETS
* help send-mailmessage
Ex. - send-mailmessge -to 'dba' , 'oper' , 'sysadmin'
* help test-connection
Ex.- test-connection localhost
Ex.- $pings = test-connection localhost
* $pings
* $pings | select -first 1 | fl *
* help test-computersecurechannel
* help ConvertTo-CSV
* gcm -noun *computer*
* help get-hotfix
* out-gridview
Ex. - get-service | out-gridview (output will be in Grid. Output is displayed very good )
* help get-counter
* help export-counter and import-counter
* get-random
Ex. - get-process | get-random