PowerShell: How-To Guide

 

So you’ve seen PowerShell, you’re excited! But you don’t know where to start? Well don’t fear, these top commands below are easy to get you started.

Get-Help

It might sound like an obvious question but reading the help section can always help you learn and understand about things when you first start out trying to learn a new scripting language.

You can use Get-Help with any other command, for example if you wanted to know how the Get-Process command works then you can type the following into PowerShell

Get-Help Get-Process

You will then get an output window which should look like this and will display all available options to you.

PS 1

 

There are other commands you can use typing any of them into a PowerShell session will show results, for example typing Get-Help below will;Get-Help below will;

– Get-Help – Will give you a brief overview on how to use the help section

– Get-Help command – Rundown of that particular command, with descriptions, rules and related comments

– Get-Help command –Full – A more in-depth rundown of that particular command

– Get-Help command –Example – Will show examples on how the command can be used and the expected output that you should receive

– Get-Help * – Will Show you every help topic PowerShell has. It’s been compared to reading a dictionary cover to cover.

Get-Command

With Get-Command you can list all available commands that you can use right now. It will not list every single command and isn’t very useful if you type it in on its own.

PS2

 

From listing Get-Command, we can see that there are lots of different names and commands available. Typing Get-Command –event* will display all commands that match the named event in the given file.

PS3

As with Get-Help, there are a number of commands that you can use in order to help you find and filter what you are looking for.

– Get-Command Name – Will show commands with the given name

– Get-Command *Name* – Will show you all commands that have “name” somewhere in the actual name, an example of this can be seen above. The * denote a wildcard thus returning results of anything that you have specified a search for.

– Get-Command –CommandType Type – Will only show commands of a particular type such as Alias, Cmdlet, Script etc

Get-EventLog

You can even use PowerShell to output its finding to a log file.

For example to see the events for the system logs all you need to type is;

Get-EventLog –Log “System”

You can sort by lists and even pipe out to sort object and by descending or ascending type

Get-EventLog -List | Sort-Object -Property Entries –Descending

As well as selecting the number of entries you are able to see

Get-EventLog –LogName System –Newest 50

Get-Service

This command allows you to fetch information on services that are on the system you are connected to. Running this command without any parameters will display all services whether they are running or stopped
If you know the name of the service you are looking for then you can add this to your command

Get-Service -DisplayName “print*”

You can also stop, start or restart services by using the commands below

Start-Service
Stop-Service
Suspend-Service
Resume-Service
Restart-Service

Get-Process

Get-Process is the same as Get-Service, however, it returns processes instead of services.

Running the command on its own will output all processes that are on the system. Filters can be put in place to only display names, ID any other unique information. As with Get-Service, you can star, stop and hold processes

Start-Process
Stop-Process
Wait-Process

Execution Policy

In order to run custom scripts, you will need to change your Execution Policy for PowerShell, to help prevent getting affected by malicious code.  To check what level your execution policy is set to, you can type.

Get-ExecutionPolicy

There are four security levels to choose from;

  • Restricted – This is the default policy, only commands typed in can be used, scripts cannot run
  • All Sighed – Scripts can only be ran is they are signed by a Trusted Publisher
  • Remote Signed – Any PowerShell scripts that have been created are allowed to run, remotely created scripts can again only run if they are signed by a Trusted Publisher
  • Unrestricted – All restrictions are removed, all scripts can be ran

To change your Execution policy you can type the following into PowerShell;

Set-ExecutionPolicy RemoteSigned

If you need any more help – contact us!