Introduction to PowerShell
What Is PowerShell?
PowerShell is a powerful command-line shell that supports scripting languages and provides tools for managing computer resources locally and remotely.
Benefits of PowerShell for Windows Administration
Windows PowerShell commands enable automation of repetitive tasks such as managing users, services, files, or scripts. PowerShell can also be used for managing systems, remote administration, and integrating systems like Active Directory, Entra ID and Exchange.
Differences between PowerShell and Command Prompt
PowerShell and the command line differ in functionality, design and capabilities. To choose the right option for the task at hand, consider the following:
| Command line | PowerShell | |
| Command syntax | Simple and limited to basic tasks | Complex commands in the verb-noun format |
| Scripting | Limited scripting capabilities | Advanced scripting capabilities |
| Output | Plain text | Can be structured objects such as tables and lists |
| Extensibility | Limited extensibility | Highly extensible through modules and .Net libraries, custom cmdlets and functions |
| Pipelines | Supports piping of plain text from one command to another | Supports piping of objects with properties |
Key Components of PowerShell Commands
PowerShell Cmdlets: Verb-Noun Structure
PowerShell commands use a verb-noun syntax. The verb part specifies the action to be performed, and the noun part of the command defines the object on which the action will be performed. Examples include Get-process, New-item, Set-Date and Remove-Item.
Common verbs include:
- Get: Retrieves data
- Set: Modifies the properties of an object
- Add: Adds an item to a collection
- Stop: Stops a process or service
- Start: Starts a process or service
- Clear: Removes all the items from a collection
PowerShell Aliases: Shortcuts and Legacy Support
Aliases are short names for cmdlets, functions and scripts. Aliases are used for typing efficiency and to support legacy versions. You can see all the aliases defined in the current PowerShell session by entering the Get-Alias command.
Here are some commonly used aliases:
- Ls —Alias for Get-ChildItem
- Gci —Anotheralias for Get-ChildItem
- Gc —Alias for Get-Content
- Rm — Alias for Remove-Item
- Cd —Alias for Set-Location
- Cls — Alias for Clear-Host
- Dir — Alias for Get-ChildItem
Understanding Parameters in PowerShell Commands
Parameters are used to pass values or options to commands, functions and scripts to modify their actions. To see details about the parameters of a cmdlet, run Get-Help.
The basic types of parameters are as follows:
- Positional parameters are passed in a specific order without explicitly naming them, as shown in this example:
Copy-Item "C:\File1.txt" "D:\Backup\"
- Named parameters are specified with the – prefix and can be provided in any order.
Get-Process -Name "notepad" -Id 1234
- Switch parameters do not require a value because they work like Boolean flags: the presence of the switch enables a feature, and the absence disables it.
Remove-Item "C:\temp\file.txt" -Confirm
- Mandatory parameters must be supplied; if one is omitted, PowerShell will prompt for a value.
Get-MyProcess -ProcessName "chrome"
Essential PowerShell Commands for Beginners
Basic Commands to Get Started
One of the basic PowerShell commands to become familiar with is Get-Help, which will display information about a cmdlet you want to learn to use. Adding the parameter -examples will also provide examples.
For example, to learn more about the Get-ChildItem cmdlet, you could enter Get-Help Get-ChildItem or Get-Help Get-ChildItem -examples, as illustrated below.
Another useful cmdlet is Get-Command.For example, entering Get-Command *Service* will lists all commands that have “Service” in their name.
Displaying File System Contents
This command displays the items in the current directory:
Get-ChildItem
And this one displays the items in the Office directory:
Get-ChildItem D:\Office
Working with Objects
The following cmdlet will get the Notepad application process on the local computer:
Get-Process -Name "notepad"
And this one will fetch processes that are using more than 10% of RAM:
Get-Process | Where-Object {$_.CPU -gt 10}
The command below will get each instance of Notepad and stop the process by ID.
Get-Process | Where-Object { $_.Name -eq "notepad" } | ForEach-Object { Stop-Process -Id $_.Id }
Checking Basic System Information
The command below will fetch Windows services with the status of running:
Get-Service | Where-Object { $_.Status -eq 'Running' }
This command will fetch the first 10 event logs:
Get-EventLog -LogName System -Newest 10
And this command will get the stats of the network adaptor named “Wi-fi”:
Get-NetAdapterStatistics -Name "Wi-fi"
PowerShell Commands for File and Folder Management
This cmdlet will set the current location of PowerShell to D:\Office\Project:
Set-Location -Path "D:\Office\Project"
To get the content of a directory, use this command:
Get-ChildItem, dir, ls
To show the files and folders in the Project directory, use this code:
Get-ChildItem "D:\Office\Project"
dir "D:\Office\Project"
This command will list the files in the Project directory:
Get-ChildItem "D:\Office\Project" -file
This command will list the folders in the Project directory:
dir "D:\Office\Project" -directory
Creating, Copying and Deleting Files: New-Item, Copy-Item, Remove-Item
This command will create the text file myfile in the Project folder:
New-Item -Path "D:\Office \Project\myfile.txt" -ItemType File
This command will copy myfile.txt from the Project folder to the startup folder:
Copy-Item -Path "D:\Office \Project\myfile.txt" -Destination "D:\Office \Project\startup\myfile.txt"
This command will delete myfile.txt from the Project folder:
Remove-Item -Path "D:\Office \Project\myfile.txt"
The command below will delete the Project folder, including all its contents:
Remove-Item -Path "D:\Office \Project" -Recurse
Checking Folder Contents and Searching: Get-ChildItem, Select-String
This command will list all files with type .txt:
Get-ChildItem -Path "D:\Office\Project" -Filter "*.txt"
The following command will list all hidden files:
Get-ChildItem -Path "D:\Office\Project" -Hidden
This command will search for string error in the file Projectlogs.txt:
Select-String -Path "D:\Office\Project\projectlogs.txt" -Pattern "error"
System and Process Management
Managing System Services: Get-Service, Start-Service, Stop-Service
This command will get all the services with the string SQL in their name:
Get-Service -Name "*SQL*"
This command will get all the services with names starting with the string Windows:
Get-Service -DisplayName "Windows *"
Use the cmdlet below to get all the services that are set to start automatically:
Get-Service | Where-Object {$_.StartType -eq "Automatic"}
The display name of a service may differ from its actual service name. Make sure you provide the service name with thecommands below.
To start a service, use a command like this:
Start-Service -Name "spooler"
To stop a service, use a command like this:
Stop-Service -Name "autotimesvc"
Working with Processes: Get-Process, Start-Process, Stop-Process
You can get a process using the -Name parameter, as shown here:
Get-Process -Name notepad
The command below gets processes and piping them to get the results in a table that shows their name, ID and CPU usage:
Get-Process | Format-Table Name, Id, CPU -AutoSize
This cmdlet will start chrome.exe and open the specified site:
Start-Process chrome.exe "https://www.google.com"
Here is how to start Notepad:
Start-Process -FilePath "notepad.exe"
The following script will start Notepad, wait for 5 seconds, and then stop all Notepad processes:
Start-Process -FilePath "notepad.exe" -PassThru
Write-Host "Notepad started."
Start-Sleep -Seconds 5
write-host "waiting for 5 seconds"
stop-process -name notepad
Write-host "Notepad stopped"
To stop a single process, use a command like this:
Stop-Process -Name notepad
To stop multiple processes, list them as shown here:
Stop-Process -Name notepad, chrome
Accessing and Monitoring System Logs: Get-EventLog, Get-WinEvent
To get event log entries, you can use the older cmdlet Get-EventLog. For example, here is how to get the latest 10 error entries from the application event log:
Get-EventLog -LogName Application -EntryType Error -newest 10
Alternatively, you can use the more modern Get-WinEvent cmdlet. Here is how to get the 10 most recent entries in the application log:
Get-WinEvent -LogName Application -MaxEvents 10
Data and Content Handling Commands
Reading and Writing to Files: Get-Content, Set-Content, Out-File
To read the content of myfile.txt in the Project folder, use this command:
Get-Content -Path "D:\Office\Project\myfile.txt"
To read the just the first five lines, change the command as shown here:
Get-Content -Path "D:\Office\Project\myfile.txt" -TotalCount 5
To write textinto myfile.txt, you can use the Set-Content cmdlet:
Set-Content -Path "D:\Office\Project\myfile.txt"" -Value "Welcome to PowerShell blog"
Alternatively, you could use Add-Content, like this:
Add-Content -Path "D:\Office\Project\myfile.txt" -Value "Are you new to PowerShell?"
The Out-File cmdlet sends output to a file; it is commonly used for formatted output. The cmdlet below writes Hello, World! to myfile.txt:
"Hello, World!" | Out-File -FilePath "D:\Office\Project\myfile.txt "
Exporting and Importing Data: Export-Csv, Import-Csv
This command will get information on the process notepad for the specified parameters and export it to the file processes.csv:
Get-Process -Name notepad | Select-Object Name, Id, CPU | Export-Csv -Path "D:\Office\Project\Processes.csv" -NoTypeInformation
To import a csv file, use Import-Csv. This command imports the CVS file we just created into another cmdlet, which iterates through the objects and gets the process by the Id column:
Import-Csv -Path "D:\Office\Project\Processes.csv" | ForEach-Object { Get-Process -Id $_.Id }
Managing and Converting Data Formats: ConvertTo-Html, ConvertTo-Json
The following command will get information about two running processes and convert it into HTML format:
Get-Process -Name "notepad" , "chrome" | Select-Object Name, Id, CPU | ConvertTo-Html -Property Name, Id, CPU -Title "Process Report" | Out-File "D:\Office\Project\ProcessReport.html"
Similarly, the following commands will export the information into JSON format:
Get-Process -Name "notepad" , "chrome" | Select-Object Name, Id, CPU, StartTime| ConvertTo-Json -Depth 2 | Out-File "D:\Office\Project\Processes.json"
Network and Remote Management
Checking Connectivity: Test-Connection, Resolve-DnsName
The Test-Connection command sends an ICMP echo request (ping) to the defined remote host and checks whether it is reachable.
For instance, this command attempts to establish a connection with google.com over the internet:
Test-Connection -ComputerName google.com
And this command checks connectivity with two hosts specified by name and one speficied by its IP address:
Test-Connection -ComputerName "google.com" , "microsoft.com" , "192.168.0.1"
To check specific TCP ports, use the -Port parameter:
Test-NetConnection -ComputerName google.com -Port 443
This command will test the name resolution of a computer to check whether a specific computer exists in our network:
Resolve-DnsName -Name DC1
Alternatively, we can specify a device by its IP address:
Resolve-DnsName -Name 192.168.0.108
To query for a particular type of records, add the -Type parameter with a value such as A (address), AAAA (IPv6), CNAME or MX (Mail Exchange).
Working with Remote Sessions: Enter-PSSession, Exit-PSSession
PowerShell can be used to manage hosts remotely, provided PowerShell remoting is enabled on the host. To enable PowerShell remoting on a host, run the following command with administrative privileges:
Enable-PSRemoting -Force
To connect to the remote host, use the following command:
Enter-PSSession -ComputerName "DC1"
If you are not running PowerShell in a privileged user context, you will be prompted for credentials for user context for the remote session.
After establishing a remote PowerShell session, you can run commands and scripts on the target host as permitted by your privileges on that server. For example, running Get-Process will fetch information from the remote computer:
To exit the session, simply use the following command.
Exit-PSSession.
Managing Remote Commands: Invoke-Command, New-PSSession
To run a command non-interactively on a remote host, use the Invoke-Command cmdlet. For instance, to get the Notepad process on the target host DC1, run this cmdlet:
Invoke-Command -ComputerName DC1 -ScriptBlock { Get-Process -Name Notpad }
If you want to establish a persistent session for repeated operations, use New-PSSession. Here is how to establish a new PS session and store it in a variable:
$session = New-PSSession -ComputerName DC1
Then, run this command to enter the remote PowerShell session:
Enter-PSSession -Session $session
After that, we can run commands on the target host like we are running commands natively on our local host, as shown here:
Get-Process notepad
Security and Execution Policies
PowerShell Execution Policy: Get-ExecutionPolicy, Set-ExecutionPolicy
The PowerShell execution policy helps prevent unauthorized or malicious script execution. There are different policy types and scopes.
Types of Execution Policy
- Restricted — No scripts are allowed to run; only interactive commands can be executed. This is the default for new installations of Windows.
- AllSigned — Only scripts signed by a trusted publisher can run. The system prompts the user to confirm the publisher of a script, even if it was previously trusted.
- RemoteSigned — Locally created scripts can run without signing. A trusted publisher must sign scripts downloaded from the internet.
- Unrestricted — All scripts can run without restriction. Prompts for confirmation when running scripts downloaded from the internet.
- Bypass — No restrictions or warnings; all scripts can run regardless of origin.
- Undefined — No execution policy is set in the current scope. The system inherits the execution policy from a broader scope, e.g., LocalMachine.
Scopes for Execution Policy
- CurrentUser — Affects the user currently logged in and persists for future sessions of that user.
- LocalMachine — Applies to all users and sessions on the computer. Requires administrative privileges to modify.
- Process — Affects the current PowerShell session only. Does not persist after the session ends.
Checking and Modifying Execution Policy
To verify the effective execution policy, type this command:
Get-ExecutionPolicy
To set the execution policy, use the command below, specifying the policy name. If you want, you can specify the scope using the -Scope parameter.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Managing Permissions and Roles: Get-ACL, Set-ACL
An access control list (ACL) controls the permissions of users and groups on files, folders and other objects. The basic ACL permissions are read, write, execute, delete and modify.
To get the ACL for a file, use the Get-ACL cmdlet and provide the path to the file:
Get-Acl -Path "D:\Office\Project\Processes.csv"
To copy the ACL of one file and apply it to another file, take the following steps:
- Get the ACL of the source file and store it in a variable:
$SourcefileACL = Get-Acl -Path "D:\Office\Project\Processes.csv"
- Set the stored ACL to the desired file:
Set-ACL -Path "D:\Office\Project\Processes1.json" -AclObject $SourceACL
To check that the ACL was set correctly, use the following command:
Get-Acl -Path "D:\Office\Project\Processes1.json"
Securing Scripts with Certificates: Set-AuthenticodeSignature, ConvertTo-SecureString
Creating and Applying Certificates
Use the Set-AuthenticodeSignature cmdlet is used to apply a digital signature to a script or file. This signature assures users that the script originates from a trusted source and hasn’t been modified since it was signed.
You can use a certificate issued by a trusted Certificate Authority (CA) or create a self-signed certificate for internal use. Below is an example of creating a self-signed certificate:
New-SelfSignedCertificate -Type CodeSigningCert -Subject "CN=MyCert" -CertStoreLocation Cert:\CurrentUser\My
Locate the certificate in the certificate store and save it in a variable to be used later to sign the files:
$cert = Get-ChildItem Cert:\CurrentUser\My | Where-Object { $_.Subject -like '*MyCert*' }
Then use Set-AuthenticodeSignature to sign your script:
Set-AuthenticodeSignature -FilePath "C:\Temp\Script.ps1" -Certificate $cert
After signing, verify the signature using this command:
Get-AuthenticodeSignature -FilePath "C:\Temp\Script.ps1"
Converting Data into a Secure String
ConvertTo-SecureString creates a secure string for password or sensitive data and store it in a file. For example, you can convert plaintext password to a secure string using this command:
$securePsw = ConvertTo-SecureString "MyPassword123" -AsPlainText -Force
Then you can save the secure string to a file using this cmdlet:
$securePsw | ConvertFrom-SecureString | Out-File "D:\Office\Project\EncryptedPassword.txt"
PowerShell for Windows System Configuration
System Information Retrieval: Get-ComputerInfo, Get-Host, Get-WmiObject
Get-ComputerInfo
This cmdlet retrieves detailed information about the computer’s hardware, operating system and configuration:
Get-ComputerInfo
To limit the output to specific properties, use a cmdlet like this:
Get-ComputerInfo | Select-Object CsName, WindowsVersion, WindowsBuildLabEx, OsArchitecture
You can retrieve information by using the wildcard with the -Property parameter, as shown below:
Get-ComputerInfo -Property "OS*"
Get-Host
This cmdlet provides information about the current PowerShell host environment, which is useful for debugging and other purposes:
Get-Host
To retrieve specific properties, use a command like one of the following:
(Get-Host).Version
(Get-Host).Name
Get-WmiObject
Get-WmiObject is a powerful cmdlet for querying Windows Management Instrumentation (WMI) objects. It provides detailed information about different system components and services.
This cmdlet will retrieve OS information:
Get-WmiObject -Class Win32_OperatingSystem
And this one will retrieve BIOS information:
Get-WmiObject -Class Win32_BIOS
To retrieve processor information, use this command:
Get-WmiObject -Class Win32_Processor | Select-Object Name, NumberOfCores, MaxClockSpeed
Useful Tips for PowerShell Users
Using Get-Help and Get-Command for Command Reference
The Get-Help command is handy for looking up the syntax of other commands:
Get-Help Get-Process
Get-Command can be used to get PowerShell commands, functions, aliases, scripts and modules. It shows their types, name, version and source details.
Get-Command Get-Process
You can use wildcards (*) to explore commands based on partial names. For instance, here is how to view all cmdlets and functions with Service in their names:
Get-Command *Service*
Exploring Object Properties with Get-Member
The Get-Member command is mostly used to understand the structure and capabilities of objects by exploring their properties and methods. For example, the following command will list all the properties of the Get-Date command:
Get-Date | Get-Member -MemberType property
Creating Custom Aliases and Functions for Efficiency
You can create new aliases and functions to make PowerShell easier to use and automate frequent tasks. For instance, the following command will create the alias p for the Get-process command:
New-Alias -Name p -Value Get-Process
Functions allow you to bundle multiple commands into a reusable block. The script below creates a simple function to list and count the files in a directory:
function ListAndCountFiles {
param (
[string]$directory
)
Get-ChildItem -Path $directory
$fileCount = (Get-ChildItem -Path $directory).Count
Write-Host "Total files in $($directory): $fileCount"
}
To use this function later, simply use this command:
ListAndCountFiles -directory "C:\Temp"
Conclusion
Hands-on practice is essential for gaining expertise in PowerShell. To get started, use Get-Help to see details about other cmdlets, navigate through your file system using Get-ChildItem and Set-Location, and retrieve system information using Get-ComputerInfo, Get-Host and Get-WmiObject. Then move on to more advanced tasks like manipulating data, signing scripts, starting and stopping services, and managing objects. If you need to manage hosts remotely, be sure to review the material on remote execution policies and sessions.
Be sure to download or bookmark this blog so you can quickly review the cmdlets you need to use PowerShell effectively.
FAQ
How many PowerShell commands are there?
The number of PowerShell commands available depends on the version of PowerShell and which modules you have installed. To get the total number of commands, use the following command:
Get-Command | Measure-Object
What commands are used in PowerShell?
PowerShell commands offer a wide range of functionality, such as data handling, file and folder management, and system administration. A few important commands include Get-Help, Get-ChildItem, Set-Location, Get-Process and Export-Csv.
How do I get a list of PowerShell commands?
To see all available commands, run this cmdlet:
Get-Command
What cool things can you do with PowerShell?
PowerShell enables users to automate repetitive tasks, manage servers remotely, work with web services and APIs, analyze system resources, and manage cloud resources.
How do I use Windows PowerShell?
To launch PowerShell from the Windows Start menu, simply enter the command PowerShell.
What are PowerShell and basic commands?
PowerShell is a command-line shell and scripting language. Some basic commands include:
- Get-Help
- Get-Service
- Set-location
- New-Item
What is PowerShell for beginners?
PowerShell can be fun for beginners. Its verb-noun structure is easy to use. With dedication and tool like this blog, one can easily master basic tasks and become an intermediate or advanced practitioner in weeks.
