Getting Started with Windows PowerShell

Published 03-15-2019 05:22 PM 241 Views
First published on TECHNET on Jul 03, 2007

Today we're going to talk a little bit about Windows PowerShell.  Before we get into Powershell though, let's look back at how PowerShell came about.  Ever since MS-DOS and the earliest versions of Windows, there has been a command line tool.  The problem was that not everything that could be done via the User Interface could be done via the CLI.  With the introduction of Windows Script Host (WSH), we were able to overcome some of the shortcomings, but we never really had true shell integration.  In 2004, Microsoft started the development of Monad (aka the Microsoft Command Shell).  The goal of Monad was to provide an extensible command line interface shell and scripting language through which a range of core administrative tasks could be performed.

OK - so enough of the PR - on with the technical!  PowerShell runs on XP SP2, Windows Server 2003 SP1 / R2 and higher, Windows Vista and Windows Server 2008.  A customized version of PowerShell ships with Exchange 2007.  In order to install and user PowerShell, you have to install the .Net Framework v2.0.  Think about PowerShell in these terms - "it exposes the power of .NET in an Admin-friendly way" (from the Windows PowerShell team Blog ).

Windows PowerShell defines several types of commands that you can use in development.  These commands include: functions, filters, scripts, aliases, and executables (applications).  What we are going to look at is a simple, small command called a "cmdlet" (pronounced command-let).  A cmdlet is a simple command used for interaction with any managed application, including the operating system.  It is analogous to a built-in command in another shell, such as Cmd.exe, KSH, or BASH.  The traditional shell generally processes commands as separate executable programs.  Each program has to parse the input, distinguish between positional and named parameters, bind values to the correct parameters, format the output, and display the output.

By contrast, Windows PowerShell processes commands as instances of a .NET class, focusing on the simple cmdlet model.  You must provide the parameters and validate the values, and then furnish details of object types and formatting.  Windows PowerShell does the rest of the work: parsing the parameters, binding them to their values, formatting the output, and displaying the output.  So let's take a look at some quick examples.

The first example, we're going to look at is getting a list of processes.  At the prompt within PowerShell, enter the following command: get-process .  You should get output similar to the following:

That's a process list all right - but I really only want to see the SVCHOST processes.  I can filter this list down, by running the same command and specifying the process name: get-process svchost .  And there it is - information about my SVCHOST processes.  I can see the Process ID for each instance, number of Handles, the Non-Paged (NPM) and Paged (PM) memory in use, the Working Set Size (WS), the amount of Virtual Memory (VM) and the amount of Processor time (CPU) that the process has used.

Now I want to look at all the instances of Internet Explorer, SVCHOST and Explorer on my system with a working set greater than 20MB.  Using the Get-Process command, I can specify a filter based on the process names and properties of the processes as follows: get-process svchost,iexplore,explorer | where-object {$_.WorkingSet -gt 20000000}

Let's analyze exactly what this last command does.  Our get-process cmdlet passes the process objects for Explorer, IExplore and SVCHOST to the where-object cmdlet.  This cmdlet then selects only the instances of the process object with a value greater than 20,000,000 bytes for the WorkingSet property.  To get a list of all of the properties of a process object, I could use the get-process | get-member command:

We've talked a bit about the Get-Process cmdlet.  But what if I wanted to see all the basic cmdlet's available in my PowerShell session?  Simply run the get-command command.

The default Get-Command display has three columns: CommandType, Name, and Definition.  When listing cmdlets, the Definition column displays the syntax of the cmdlet.  The ellipsis in the syntax (…) indicates that the data is truncated.  So if I wanted to see all the executable files available for use within PowerShell, I could run the get-command *.exe command.

Remember, this is a list of executables that can be used within PowerShell, not a list of all the executables on the system.  When listing executable files, the Definition column contains the full path to the executable file.

One of the most useful features within PowerShell is the use of aliases.  For example, instead of having to type get-process whenever I want to view or manipulate processes, I can use the alias ps .  Let's try this with a command we've already run before and list all the running instances of svchost:

To get a list of aliases that are available, use the get-alias command:

What we've talked about today only touches on a fraction of what can be accomplished within PowerShell.  For more information on any command, type in “get-help <command>” at the PowerShell command prompt.

Additional Resources

- Blake Morrison

Version history
Last update:
‎Mar 15 2019 05:22 PM
Updated by: