“I need to know how to do my job and perform certain task” When it comes to PowerShell this is the most common request I get around PowerShell training topics. As admins continue to struggle with the decision on whether they use a GUI on Windows Server or to use Core, I want to provide the most basic cmdlets and resources that one would need to administer Windows Server successfully. This blog entry wont go into the why I think everyone should move to Windows Server Core or why I think everyone needs to learn PowerShell as a scripting language.
If you would like to learn more about PowerShell and if the company you work for is a Microsoft Premier Customer, reach out to the Technical Account Manager assigned to your company and look into setting up one of Premier’s Workshop around PowerShell.
if you’ve attended one of my brown bags or Tech Talks around GUI ‘less administration, here is the cmdlets used during those sessions.
All the example cmdlets were tested on a Windows 10 client host using PowerShell direct to the host. They also work the same way performing windows to windows remote pssessions.
PowerShell Direct – Running PowerShell inside a virtual machine from the Hyper-V host
Most Useful Cmdlets
#use this to get help for a particular cmdlet
get-help get-help
#Powershell 5 updates are needed to view help, save help files on host.
save-help -Module * -DestinationPath c:datasave
#on vm create folder to save help files to
New-Item .save -ItemType directory
#on host, copy files through the psession to the vm
copy-item -ToSession $localvm -Path c:datasave* -Destination c:datasave
#on vm, update help on vm server
Update-Help -SourcePath c:datasave
get-help Get-Service
get-help get-service -Examples
get-help get-service -Detailed
get-help get-service -Full
#will provide help on any particular powershell topic
get-help "about_variable"
get-help about_*
#find cmdlets based on certain criteria
get-command -name *service*
get-command -Verb get
get-command -noun service
get-command -verb get -noun *service*
get-command -ParameterName computername
get-command -ParameterName ciminstance
get-command -Module Microsoft.PowerShell.Management
#find cmdlets in a module
get-command -module storage
#get information about an object, or objects cmdlets return
#get-help about_types
Get-Member
get-service | Get-Member
get-service | Get-Member -MemberType Property
get-service | Get-Member -MemberType Method
#find info about an array
,$(get-service) | get-member
#alias's are used to simplify or common name cmdlets
#get-help about_alias
Get-Alias
Get-Alias dir
#Execution policy defines how cmdlets and scripts can be ran remotly and locally
#get-help about_Execution_Policies
Get-ExecutionPolicy
Get-ExecutionPolicy -List
#can use gpo or similar cmdlet to change.
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
#displays every performed during a session
#get-help about_history
get-history
#create a script based on the activity you have done
(Get-History).commandline | Out-File c:dataexamplescript.ps1
#review the results
psedit C:dataexamplescript.ps1
PowerTip: Find Array Members with Get-Member in PowerShell
Is it safe to use ALIASES in scripts?
Weekend Scripter: Looking at PowerShell Aliases
PowerShell Modules
#get-help about_modules
#get-command *module
Get-Module
get-module -listavailable
import-module activedirectory #if module is installed on newer ps version not needed
#get all available modules and import them. This is useful for get-command
get-module -ListAvailable | Import-Module
#check the Powershell gallery for a module
find-module azuread
find-module azuread | install-module
Welcome to the PowerShell Gallery
Overview of the PowerShell Get module to find scripts
Features and Roles
#get-command *WindowsFeature*
#get-help Get-WindowsFeature
#get all windows features, format it to make it more readable
Get-WindowsFeature
Get-WindowsFeature | select displayname,name, installstate, Installed
#just installed features
Get-WindowsFeature | where installed -eq $true | select displayname,name, installstate, Installed
#install the file service role
get-windowsfeature File-Services | Install-WindowsFeature
Get-WindowsFeature *file*
#install the rsat feature
Get-WindowsFeature *rsat*
get-windowsfeature rsat | Install-WindowsFeature
Get-WindowsFeature | where installed -eq $true | select displayname,name, installstate, Installed
Useful Windows Feature Commands
Server Rename, Shutdown, Restart and Domain Joining
#get-command *-computer*
#get a consolidated view of system and os properties
get-computerinfo
#rename a computer
rename-computer -NewName server1
#join a computer to Active Directory and Rename it
add-computer -NewName server1 -DomainName contoso.com
#test and repair secure channel between computer and domain
Test-computersecurechannel
Test-ComputerSecureChannel -Repair
#Resets the machine account password for the computer
Reset-computermachinepassword
#restart and shutdown
restart-computer
stop-computer
Use PowerShell to Reset the Secure Channel on a Desktop
CIM – WMI
CIM and WMI is an entire session in its self, going to provide some useful links for you to read up on. The bottom line is wmi cmdlets and cim cmdlets have their uses. But learing to leverage cimcmdlets will simplify task
#get-help about_WMI
#get-help about_cimsession
#get-command *cim*
#get-command *wmi*
Get-CimClass *service*
Get-wmiobject -list *service*
#get services running
Get-CimInstance Win32_Service | where state -eq "running"
#get account service running under
Get-CimInstance Win32_Service | select name, startname
#cimsession use wsman instead of dcom, cimsession can use dcom though. A CIM session is a client-side object representing a connection to a local or remote computer.
#The CIM session contains information about the connection, such as ComputerName, the protocol used for the connection, session ID, and instance ID.
get-command -ParameterName cimsession
CIM Cmdlets – Some Tips & Tricks
Should I use CIM or WMI with Windows PowerShell?
Comparing CIM and WMI in PowerShell
Using PowerShell CIM Cmdlets to Explore WMI Classes
Part 1 – Install Bash on Windows 10, OMI CIM Server, and DSC for Linux
Extending Inventory on Linux and UNIX computers using Open Management Infrastructure (OMI)
Services and Processes
#get-help get-service
#get-command *-service
Get-Service
get-service -name w32time
get-service -name w32time | Stop-Service
get-service -name w32time | start-Service
get-service -name w32time | restart-Service
#get-help get-process
#get-command *-process
Get-Process
get-process lsass
Start-Process notepad
Get-Process notepad
get-process notepad -includeusername
get-process notepad -includeusername | select name,username,description,Id,path,ProcessName,fileversion,Handles,NPM,PM,WS,VM,CPU
Get-Process notepad | Stop-Process
The Scripting Wife Uses PowerShell to Find Service Accounts
Use PowerShell to Find Non-Starting Automatic Services
Three Cool PowerShell Service Tricks
Get Process Owner and Other Info with WMI and PowerShell
Use PowerShell to Explore Process Threads in Windows
Local User and Local Groups
#get-command *localuser
#get-help get-localuser
#new for Windows 10/2016 WHAT!!!!!
Get-LocalUser
New-LocalUser -Name Chunk -Password (ConvertTo-SecureString -AsPlainText P@ssw0rd -Force)
Get-localuser -Name administrator | Set-LocalUser -Password (ConvertTo-SecureString -AsPlainText P@ssw0rd -Force)
#get-command *localgroup*
Get-LocalGroup
Get-LocalGroupMember administrators
Add-LocalGroupMember -Member "Chunk" -Name administrators
#old wmi/cim
Get-CimInstance win32_useraccount -filter "domain='$env:computername'“
#really old way WINNT Provider using adsi
$machine = [ADSI]"WinNT://$env:COMPUTERNAME"
$machine | get-member
$machine.Children | where schemaclassname -eq "user" | select *
$machine.Children | where schemaclassname -eq "user" | Select name
$user = $machine.create("User","Larry")
$user.setpassword("Directory1")
$user.setinfo()
Adding Local Users to Local Groups
Use PowerShell to Add Local Users to Local Groups
Use PowerShell to Create Local Groups
How Can I Use Windows PowerShell to Determine the Status of the Guest Account?
Files and Folders
#Providers and drives first, A Windows PowerShell provider allows any data store to be exposed like a file system as if it were a mounted drive.
#get-help about_provider
get-psprovider
#get-command
#get-help *psdrive*
get-psdrive -PSProvider FileSystem
#does a file exist or not
test-path c:data
get-command *item* -Module Microsoft.PowerShell.Management
#list files and subfolders
Dir
Get-Alias dir
Get-ChildItem -Recurse
#change directory
Get-Alias cd
set-Location
#filter for file types
get-childitem C:windowssystem32 -recurse | where {$_.extension -eq ".dll"} | select Directory,name,extension
get-childitem C:windowssystem32 -recurse | where {$_.extension -eq ".sys"} | select Directory,name,extension
#create a bunch of generic files
1..20 | foreach{new-item ".test$($_).txt" -itemtype file}
psedit .test1.txt
Get-Content .test1.txt
#create a folder
New-Item .move -ItemType directory
New-Item .copy -ItemType directory
dir
#move
move-item -Path .test10.txt -Destination .move
copy-item -Path .test11.txt -Destination .copy
cd .move
dir
cd .copy
dir
cd..
#delete
remove-item -Path .test11.txt
#copy an item through pssession/powershell direct
Copy-Item -FromSession $session -Path c:data* -Destination c:data
Learn How to Use the PowerShell Env: PSDrive
Playing with the AD: Drive for Fun and Profit
Working with Certificates in PowerShell
Use PowerShell to Work Easily with Drives and Paths
Shares
#get-command *smb*
#get-help get-smbshare
#get a list of smb shares
Get-smbshare
#see more info
Get-SmbShare | select *
#create a new share give account read access
new-smbshare -name "User_File_Share" -path "c:datashare" -readaccess "corpblah"
#add additional access to a share
Grant-SmbShareAccess -Name "User_File_Share" -AccountName corpchad -AccessRight Full
#find all smb shares with file in its name
Get-smbshare "*file*" | select *
#list open files on shares
Get-SmbOpenFile
#How to map a drive using psdrive
New-PSDrive -Name "P" -PSProvider "FileSystem" -Root "\Server01Public"
New-SmbMapping -LocalPath X: -RemotePath "\Server01Public"
Remove-SmbMapping -LocalPath X:
The basics of SMB PowerShell, a feature of Windows Server 2012 and SMB 3.0
The built-in SMB PowerShell aliases in Windows Server 2012 and Windows 8
Registry
get-psdrive -PSProvider Registry
#use Get-Item. Registry keys have a property with the generic name of "Property" that is a list of registry entries in the key
#get-command *item* -Module Microsoft.PowerShell.Management
#get-help get-item
Get-Item -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersion
Get-Item -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersion | Select-Object -ExpandProperty Property
#get-help get-childitem
Get-childItem HKLM:SystemCurrentControlSetServicesTcpip
Get-childItem HKLM:SystemCurrentControlSetServicesTcpip -Recurse
Get-childItem HKLM:SystemCurrentControlSetServicesTcpip -Recurse -PipelineVariable hive | foreach{$hive.name;$hive | Get-ItemProperty}
#A little more readable with get-itemproperty
Get-ItemProperty -Path HKLM:SystemCurrentControlSetServicesTcpip
Get-ItemProperty -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersion
#Create
New-ItemProperty -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersion -Name Thisisatest -PropertyType String -Value yep
#delete
Remove-ItemProperty -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersion -Name Thisisatest
#leverage invoke-command to perform remote work with the reistry
$remote_key = "HKLM:SystemCurrentControlSetServicesTcpip"
Invoke-Command -ScriptBlock{Get-ItemProperty -Path $using:remote_key} -ComputerName server1
Update or Add Registry Key Value with PowerShell
Use PowerShell to Enumerate Registry Property Values
Use PowerShell to Edit the Registry on Remote Computers
Use PowerShell to Create New Registry Keys on Remote Systems
Event Logs
#get-command *event*
#get-winevent (everything including event channels) vs get-eventlog (legacy log types)
#get-help get-winevent
get-winevent
#get a list of the available logs
get-winevent -listlog *
Get-WinEvent -listlog *system*
#get particular log
Get-WinEvent -LogName System
Get-WinEvent -LogName System -MaxEvents 50
#format the log
Get-WinEvent -LogName System | select *
#search for a certain event ID
get-winevent -logname application | where {$_.id -eq "8196"}
#limit the amount seen
get-winevent -logname application -maxevents 1 | where {$_.id -eq "8196"}
#leverage the filterhashtable for better filtering
Get-WinEvent -FilterHashtable @{logname='System'; id=7036} -MaxEvents 50
Get-WinEvent -FilterHashtable @{logname='application'; id=8196; StartTime=(Get-Date).date}
#write event id 7036 to a file
Get-WinEvent -FilterHashtable @{logname='System'; id=7036} -MaxEvents 50 | select id, providername, timecreated, message | export-csv c:dataevent7036.csv
#copy file locally to review
copy-item -fromSession $localvm -path c:dataevent7036.csv -Destination c:data
Use FilterHashTable to Filter Event Log with PowerShell
Windows Event Log in PowerShell – Part II
Processing Event Logs in PowerShell
Use PowerShell Cmdlet to Filter Event Log for Easy Parsing
Data Mine the Windows Event Log by Using PowerShell and XML
Perfmon or PerfData
#get-command *counter -module Microsoft.PowerShell.Diagnostics
#get-command -Module Microsoft.PowerShell.Diagnostics
#get-help get-counter
Get-counter
#Gets list of objects available
Get-counter –listset *
#Cleaner list of counters
Get-Counter -ListSet * | Sort-Object CounterSetName | select CounterSetName
#Gets list of available counter under a object
(Get-Counter -ListSet Memory).Paths
#To get information on a single counter
Get-Counter -Counter "physicaldisk(_total)current disk queue length“
#To get 5 collections of a counter
Get-Counter -Counter "physicaldisk(_total)current disk queue length" -MaxSamples 5
#To get a continuous collection of a counter
Get-Counter -Continuous -Counter "physicaldisk(_total)current disk queue length"
#Formatted
Get-counter 'Process(*)% Processor Time'
$p = Get-counter 'Process(*)% Processor Time‘
$p.CounterSamples | Sort-Object -Property CookedValue -Descending | Format-Table -Auto
#get counters from remove servers
$Counter = "Process(Idle)% Processor Time"
Get-Counter -Counter $Counter -ComputerName server1
$DiskReads = "LogicalDisk(C:)Disk Reads/sec"
$DiskReads | Get-Counter -Computer server1,server2 -MaxSamples 10
$_perf_counters = "Netlogon(_Total)*","Security System-Wide StatisticsNTLM Authentications","Security System-Wide StatisticsKerberos Authentications","DirectoryServices(*)*","Database(lsass)*","NTDS*","Memory*","PhysicalDisk(*)*","Process(*)*","Processor(*)*","TCPv4*","DNS*"
$_computers = "server1", "server2", "server3"
$_counter_results = get-counter -counter $_perf_counters -computer $_computers -ErrorAction SilentlyContinue -maxsamples 10
$_counter_results | export-counter -Path c:dataperf.blg -FileFormat BLG -force
$_counter_results | export-counter -Path c:dataperf.csv -FileFormat csv -force
import-counter -Path c:dataperf.blg
import-counter -Path c:dataperf.blg -Summary
$blg_counters = import-counter -Path c:dataperf.blg -ListSet *memory* | ForEach-Object {$_.counter}
import-counter -Path c:dataperf.blg -counter $blg_counters
Using PowerShell To Gather Performance Data
Use PowerShell to Parse Saved Performance Counter Logs
Device and Drivers
#get-command *pnpdevice*
Get-pnpdevice
Get-PnpDevice -PresentOnly | select *
#get-command *driver*
Get-WindowsDriver -Online -All | select *
PowerTip: Disable plug and play device with PowerShell
PowerTip: Find all devices connected to a computer
Ooooh… PnP Cmdlets & Surface Book Fun!
Network and Network Capture
#get-command *lbfo*
#get-help Get-NetLbfoTeam
#get a list of nic teams
Get-NetLbfoTeam
#get-command *net*
#get-command *netip* -module nettcpip
#Get ip / set ip
Get-NetIPAddress
New-NetIPAddress -InterfaceAlias Ethernet -IPAddress $ipaddress -AddressFamily IPv4 -PrefixLength 24
#get-command *netadapter*
#get nic
Get-NetAdapter
Get-NetAdapter | select *
Get-NetAdapter "ethernet 2"
#disable / enable
Get-NetAdapter "ethernet 2" | Disable-NetAdapter
Get-NetAdapter "ethernet 2" | enable-NetAdapter
#get-command *dnsclient*
#get-command -module dnsclient
#Get / set dns
Get-dnsclient
Get-dnsclientserveraddress
Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses "10.0.0.2"
#similiar to nslookup get ip info from hostname
Resolve-DnsName -Name server1
Resolve-DnsName -Name server1 -Type TXT
#get-command *netcon*
#get-help test-netconnection -example
#similar to ping
Test-NetConnection server1
Test-NetConnection server1 -Port 80
Test-NetConnection server1 -Port 80 -DiagnoseRouting
Test-NetConnection server1 -TraceRoute
#Start network strace
#get-command *neteventsession*
get-neteventsession
Remove-NetEventSession
#Get-Command Get-NetTCPConnection
#get-help Get-NetTCPConnection
#view port usauge
Get-NetTCPConnection
Get-NetTCPConnection | group localport -NoElement | sort count -Descending
Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count
#add process info
Get-NetTCPConnection | Group-Object -Property State, OwningProcess | `
Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}} | `
Sort Count -Descending
#get-command *netevent*
#get-command -module NetEventPacketCapture
#set up network trace
New-NetEventSession -Name "Session2" -LocalFilePath c:datacapture.etl
Add-NetEventProvider -Name "Microsoft-Windows-TCPIP" -SessionName "Session2”
#start trace
Start-NetEventSession -Name "Session2"
#stop trace
Stop-NetEventSession -name "session2"
#use get-winevent to read network trace
$log = get-winevent -Path C:datacapture.etl -Oldest
$log.message
Windows Server 2012 “Server 8 Beta” NIC teaming
New Networking Diagnostics with PowerShell in Windows Server R2
PowerTip: Use PowerShell to Count Hops to Server
Windows PowerShell equivalents for common networking commands
Packet Sniffing with PowerShell: Getting Started
Use PowerShell to Parse Network Trace Logs
Use PowerShell to Test Connectivity on Remote Servers
Disk
#get-command *disk*
#get-command -Module Storage
#get all disk
get-disk
get-disk | select *
Get-PhysicalDisk
Get-PhysicalDisk | select *
get-Disk | select number, operation*, health*, friendly*, size, @{Name="gb";Expression={$_.size/1GB}}
#prepare and add a new disk
get-disk 1 | Clear-Disk
get-disk 1 | initialize-disk –PartitionStyle MBR
get-disk 1 | New-Partition -UseMaximumSize -AssignDriveLetter
Get-Disk | Where-Object IsOffline –Eq $True
#get-command *partition* -module storage
Get-Partition
#get-command *volume* -module storage
get-volume
Get-Volume D | select *
#move cdrom to another drive letter
$cddrive = Get-CimInstance win32_volume -Filter 'Driveletter = "D:"'
$cddrive | Set-CimInstance -Property @{Driveletter="Z:"}
Get-Volume
Managing Storage with Windows PowerShell on Windows Server 2012
Use PowerShell to Initialize Raw Disks and to Partition and Format Volumes
Patching
#get-command *hotfix
#get-help get-hotfix
get-hotfix
Get-HotFix $_.InstalledOn -gt "10/1/2014" -AND $_.InstalledOn -lt "12/11/2014" }
#Get a list of failed updates
$Failures = Get-ciminstance Win32_ReliabilityRecords
$Failures | Where { $_.message -match 'failure' } | Select-Object -ExpandProperty message
#retired wuauclt.exe /detectnow
$AutoUpdates = New-Object -ComObject "Microsoft.Update.AutoUpdate"
$AutoUpdates.DetectNow()
#Windows update client from repo
find-module PSWindowsUpdate | install-module
Import-Module pswindowsupdate
get-command -Module pswindowsupdate
new-item -ItemType Directory -Path c:datawindowsupdate
#switch to host
new-item -ItemType Directory -Path c:datawindowsupdate
Save-Module -Path c:datawindowsupdate
copy-item -FromSession -Path c:datawindowsupdate* -Destination c:datawindowsupdate
Use PowerShell to Find Hotfixes Installed in Time Range
Features Removed or Deprecated in Windows Server 2016
Date, Time, and Time Zone
#get-command *timezone*
#get-command *-date*
get-date
#get timezone information
Get-TimeZone