Winfred Wangeci
Jignash Reddy
It is Microsoft's new task-based commandline shell and scripting language designed
especially for system administration.
It helps Information Technology Professionals
and PowerShell users control and automate
the Administration of the Windows operating
system and applications that run on Windows.
To address recurring needs
(Viewing the logged Members )
To run script(s) as a scheduled task
(Running a command when user login or logoff)
To store and share ideas behind the scripts
(Creating and modifying files and folders)
Automate repetitive tasks
(Automate the user session time)
Presently, Microsoft Windows programmers
have several options when it comes to
scripting. They can use:
1. MS-DOS (or CMD) to create simple batch files
2. VBScript for more complex programming
3. PowerShell to make the most of the .NET framework
With one of the above or a combination of all,
a programmer gets complete control of all of
the objects on a Windows computer.
A cmdlet is a lightweight command that is
used in the Windows PowerShell environment.
Cmdlets follow a verb-noun naming pattern.
Examples of verbs: get, set, new
Examples of nouns: service, item, date
Below are sample Cmdlets following the verbnoun naming pattern:
PS C:\>get-childitem C:\
(Gets the items and child items in one or more specified locations.)
PS C:\>get-service
(Retrieve information about the services installed on your computer.)
PS C:\>set-location D:\
(It enables you to specify a new working location.)
PS C:\> set-location “c:\my documents”
Get-Help(get-help set-* gives all cmdlets that start with
(you’ll get back a list of all the Windows
PowerShell cmdlets)
Get-Member(will enumerate the properties and methods
of that object.)
(Gets the Windows PowerShell drives in the
current session)
Format-List(each property is displayed on a separate
They differ from commands used in other command-shell environments in that:
They are instances of .NET Framework classes; they are not stand-alone
They can be created from as few as a dozen lines of code.
They do not usually do their own parsing, error presentation, or output
formatting. All these are handled by the Windows PowerShell runtime.
They process input objects from the pipeline rather than from streams of text,
and cmdlets typically deliver objects as output to the pipeline.
They are record-oriented because they process a single object at a time.
An alias is an alternative name assigned to a
Aliases allow users to quickly interact with
the shell.
The Cmdlet get-alias is used to list all builtin aliases as shown in the diagram on the
next slide:
They are .NET programs used to provide easy
access to information external to the shell
environment in order for the users to view it
and manage it.
To obtain a listing of all the providers, the
Get-PSProvider cmdlet is used.
To work with specific providers, use the setlocation cmdlet then specify the provider
There are seven types of providers namely:
1. Alias
- Provides access to the windows
PowerShell aliases and their values
Sl Alias:\
GCI | where-object {$ –like “s*”}
2. Environment
- Provides access to the Windows
environment variables.
3. FileSystem
- Provides access to files and
4. Function - Provides access to the functions
defined in Windows PowerShell.
Provides access to the system registry keys
and values.
Provides access to Windows PowerShell
variables and their values.
Provides read-only access to certificate
stores and certificates.
1. To address recurring problems
foreach ($i in $args)
{Get-ChildItem $i | Where-Object {$_.length -gt 1000} |
Sort-Object -property name}
2. To run the script as a scheduled task
$args = "localhost","loopback",""
foreach ($i in $args)
{$strFile = "c:\mytest\"+ $i +"Processes.txt"
Write-Host "Testing" $i "please wait ...";
Get-WmiObject -computername $i -class win32_process |
Select-Object name, processID, Priority, ThreadCount,
PageFaults, PageFileUsage |
Where-Object {!$_.processID -eq 0} | Sort-Object -property
name |
Format-Table | Out-File $strFile}
3. To store and share both the “secret commands” and
the ideas behind the scripts
$args = "localhost"
foreach ($i in $args)
{Write-Host "Connecting to" $i "please wait ...";
Get-WmiObject -computername $i -class
win32_UserAccount |
Select-Object Name, Disabled, PasswordRequired, SID,
SIDType |
Where-Object {$_.PasswordRequired -eq 0} |
Sort-Object -property name | Write-Host }
Scripting support is disabled by default in
Windows PowerShell.
Running a script when policy is not set
generates an error message that must be
fixed to allow script execution.
There are four levels of execution policy:
Will not run scripts or configuration files
All scripts and configuration files must be signed by a trusted
All scripts and configuration files downloaded from the internet must
be signed by a trusted publisher
All scripts and configuration files will run
Use the Get-ExecutionPolicy cmdlet to
retrieve the current effective script execution
Use the Set-ExecutionPolicy cmdlet to change
the script execution policy to unrestricted as
shown below:
Set-ExecutionPolicy unrestricted
Running a script can be done either within or
outside PowerShell.
Running the script within PowerShell requires
the following steps:
1. Type the full path to the script
2. Include the name of the script
3. Ensure you include the PS1 extension
Running scripts outside PowerShell requires the
following steps:
Type the full path to the script
Include the name of the script
Ensure you include the PS1 extension
Feed this to the PowerShell.exe program
Use the –noexit argument to keep the PowerShell
console after script execution
Powershell –noexit C:\mytest\RetrieveAndSortServiceState.PS1
Powershell evaluates the condition at the start of each cycle and if it’s true,
then it executes the command block as shown in the loop below:
$wmi = get-wmiObject win32_processor
if ($wmi.Architecture -eq 0)
{"This is an x86 computer"}
elseif($wmi.architecture -eq 1)
{"This is an MIPS computer"}
elseif($wmi.architecture -eq 2)
{"This is an Alapha computer"}
elseif($wmi.architecture -eq 3)
{"This is an PowerPC computer"}
elseif($wmi.architecture -eq 6)
{"This is an IPF computer"}
elseif($wmi.architecture -eq 9)
{"This is an x64 computer"}
{$wmi.architecture + " is not a cpu type I am familiar with"}
"Current clockspeed is : " + $wmi.CurrentClockSpeed + " MHZ"
"Max clockspeed is : " + $wmi.MaxClockSpeed + " MHZ"
"Current load percentage is: " + $wmi.LoadPercentage + " Percent"
"The L2 cache size is: " + $wmi.L2CacheSize + " KB"
They enable users to write a script that can
choose from a series of options without
writing a long series of If statements as
shown below:
$wmi = get-wmiobject win32_computersystem
"computer " + $ + " is: "
switch ($wmi.domainrole)
0 {"`t Stand alone workstation"}
1 {"`t Member workstation"}
2 {"`t Stand alone server"}
3 {"`t Member server"}
4 {"`t Back up domain controller"}
5 {"`t Primary domain controller"}
default {"`t The role can not be determined"}
Files and Folders
New-Item is a quick and easy way to create a
new file or folder on your computer.
Creating a file:
New-Item c:\scripts\new_file.txt type file
Creating a folder:
New-Item c:\scripts\Windows
PowerShell -type directory
$intFolders = 10
$i = 1
New-Variable -Name strPrefix -Value "testFolder" -Option
do {
if ($i -lt 10)
new-item -path c:\mytest -name $strPrefix$intPad$i -type
{new-item -path c:\mytest -name $strPrefix$i -type
}until ($i -eq $intFolders+1)
$intFolders = 10
$i = 1
New-Variable -Name strPrefix -Value "testFolder" Option constant
do {
if ($i -lt 10)
Remove-item -path c:\mytest\$strPrefix$intPad$i}
{Remove-item -path c:\mytest\$strPrefix$i}
}until ($i -eq $intFolders+1)
One of the most powerful and possibly
confusing aspects of PowerShell.
The output of one program can be the input
to another
Pipelining is passing data and objects from
one cmdlet to another in a very robust
A | B | C meaning the output of A goes to B,
and the output of B goes to C.
PS C:\> Get-Process | where { $_.handlecount -gt 400 } | Format-List
This example is actually executing three cmdlets
1. The first, Get-Process, returns a list of all running
2. The second, Where {..} will return the conditioned
value which handlecount is greater than 400.
3. Finally the Format-list will display the results in
Alphabetic order
PS C:\> Get-Process | where { $_.handlecount -gt 400 } | Format-List
Id : 1080
Id : 1952
Id : 2656
Id : 1524
: csrss
: explorer
: Groove
: inetinfo
The sort-object cmdlet is used to produce
a listing of items in ascending/descending
Get-EventLog system -newest 5 | Sort-Object eventid
Produces the output below:
Windows PowerShell -129 Commands
Exchange PowerShell-394 Commands
Count Mailbox in organizations
(Get –mailbox).count
Getting all properties for a specific user
Get-Mailbox | where {$_.Display Name -eq
“DR kesh"} | format-list
List of all mailboxes in organization
Get-Mailbox -ResultSize unlimited
Command for creating Users
$UserName = $_.UserName
$newUser = $container.Create("User", "cn=" + $UserNa
$newUser.Put("sAMAccountName", $UserName)
$newUser.psbase.InvokeSet('AccountDisabled', $false)
$newUser.SetPassword("[email protected])
Making changes to users
Apply policies
Assign to groups
Enable or disable features
Changing attributes
Moving mailboxes ....
Supported OS
Microsoft Windows Server 2003 R2, or
Microsoft Windows Server 2003 with SP1 or SP2
Windows XP with Service Pack 2
Windows Vista
Windows 2008
The Microsoft .NET Framework 2.0
Exchange 2007
It is a hierarchical namespace, in which the layers build on
one another like a Lightweight Directory Access Protocol
(LDAP) directory used in Active Directory, or the file system
structure on a hard disk drive.
WMI can be used to: report on drive configuration, report
on available memory both physical and virtual, back up the
event log, modify registry, schedule tasks, share folders,
switch from a static to a dynamic IP address.
The WMI model has three sections namely:
To obtain a listing of WMI classes, use the Get-WmiObject cmdlet and
specify the list argument as shown below:
$strComputer = "."
$wmiNS = "\root\cimv2"
$strUsr ="" #Blank for current security. Domain\Username
$strPWD = "" #Blank for current security.
$strLocl = "MS_409" #US English. Can leave blank for current language
$strAuth = "" #if specify domain in strUsr this must be blank
$iFlag = "0" #only two values allowed: 0 and 128.
$objLocator = New-Object -comobject "WbemScripting.SWbemLocator"
$objWMIService = $objLocator.ConnectServer($strComputer, `
$wmiNS, $strUsr, $strPWD, $strLocl, $strAuth, $iFLag)
$colItems = $objWMIService.subClassesOf()
Write-Host "There are: " $colItems.count " classes in $wmiNS"
foreach ($objItem In $colItems)
Wilson, E. (2007). Microsoft Windows PowerShell
step by step. Washington: Microsoft Press.
Tomsho, G. (2010). MCTS guide to Microsoft
Windows Server 2008 Active Directory
configuration: Exam 70-640. Boston, MA: Course
Technology/Cengage Learning.
Schwichtenberg, H. (2008). Essential PowerShell.
The Addison-Wesley Microsoft technology series.
Upper Saddle River, NJ: Addison-Wesley.

Microsoft Corp. v. AT&T Corp.