Вы находитесь на странице: 1из 15

Use Command

Locking a Computer rundll32.exe user32.dll,LockWorkStation


Shutdown.exe -1 or (Get-WmiObject -Class
Win32_OperatingSystem
Logging Off the Current Session -ComputerName .).Win32Shutdown(0)
Restarting a Computer restart-computer
Use Command
Listing Desktop Get-CimInstance -ClassName Win32_Desktop -ComputerName . Or Get-CimInstance
Settings -ClassName Win32_Desktop -ComputerName . | Select-Object -ExcludeProperty "CIM*"
Listing BIOS Information
Get-CimInstance -ClassName Win32_BIOS -ComputerName .
Get-CimInstance -ClassName Win32_Processor -ComputerName . | Select-Object
-ExcludeProperty "CIM*" OR Get-CimInstance -ClassName Win32_ComputerSystem
Listing Processor Information
-ComputerName . | Select-Object -Property SystemType
Listing Computer
Manufacturer and
Model Get-CimInstance -ClassName Win32_ComputerSystem
Get-CimInstance -ClassName Win32_QuickFixEngineering -ComputerName . Or Get-
Listing Installed CimInstance -ClassName Win32_QuickFixEngineering -ComputerName . -Property
Hotfixes HotFixID
Listing Operating Get-CimInstance -ClassName Win32_OperatingSystem -ComputerName . | Select-
System Version Object -Property
Information BuildNumber,BuildType,OSType,ServicePackMajorVersion,ServicePackMinorVersion
Get-CimInstance -ClassName Win32_LogicalDisk -Filter "DriveType=3"
Getting Available Disk-ComputerName
Space .

Getting Logon SessionGet-CimInstance


Information -ClassName Win32_LogonSession -ComputerName .
Getting the User
Logged on to a Get-CimInstance -ClassName Win32_ComputerSystem -Property UserName
Computer -ComputerName .
Getting Local Time
from a Computer Get-CimInstance -ClassName
Get-CimInstance -ClassName Win32_LocalTime
Win32_Service -ComputerName
-ComputerName .
. | Select-Object
Displaying Service Status
-Property Status,Name,DisplayName

Use Command

Locking a Computer rundll32.exe user32.dll,LockWorkStation


Shutdown.exe -1 or (Get-WmiObject -Class Win32_OperatingSystem
Logging Off the Current
-ComputerName
Session .).Win32Shutdown(0)

Restarting a Computer
restart-computer

Use Command
Viewing Object
Structure (Get-
Member) Get-Process | Get-Member | Out-Host -Paging

Selecting Parts of Get-WmiObject -Class Win32_LogicalDisk | Select-Object -Property Name,FreeSpace OR


Objects (Select- Get-WmiObject -Class Win32_LogicalDisk | Select-Object -Property Name,FreeSpace |
Object) ForEach-Object -Process {$_.FreeSpace = ($_.FreeSpace)/1024.0/1024.0; $_}

Performing Simple Tests


1,2,3,4
with| Where-Object
Where-Object -FilterScript {$_ -lt 3}

Get-WmiObject -Class Win32_SystemDriver | Where-Object -FilterScript {$_.State -eq


Filtering Based on 'Running'} or Get-WmiObject -Class Win32_SystemDriver | Where-Object -FilterScript
Object Properties {$_.State -eq "Running"} | Where-Object -FilterScript {$_.StartMode -eq "Auto"}
Get-ChildItem | Sort-Object -Property LastWriteTime, Name | Format-Table -Property
Basic sorting LastWriteTime, Name
Get-ChildItem | Sort-Object -Property LastWriteTime, Name -Descending | Format-Table
descending sort -Property LastWriteTime, Name
Get-ChildItem | Sort-Object -Property @{ Expression = 'LastWriteTime'; Descending =
$true }, @{ Expression = 'Name'; Ascending = $true } | Format-Table -Property
Using hash tables LastWriteTime, Name

Repeating a Task for


Multiple Objects PS> Get-WmiObject -Class Win32_LogicalDisk | ForEach-Object -Process
(ForEach-Object) {($_.FreeSpace)/1024.0/1024.0}

Using New-Object
for Event Log Access New-Object -TypeName System.Diagnostics.EventLog

$ie = New-Object -ComObject InternetExplorer.Application


$ie.Visible = $true
$ie.Navigate("http://www.microsoft.com/technet/scriptcenter/default.mspx")
$ie.Document.Body.InnerText
$ie.Quit()
Using Internet Explorer
Remove-Variable
from WindowsiePowerShell

Get-WmiObject -Class Win32_OperatingSystem -Namespace root/cimv2


-ComputerName . | Get-Member -MemberType Property

Get-WmiObject -Class Win32_OperatingSystem -Namespace root/cimv2


-ComputerName . | Format-Table -Property
TotalVirtualMemorySize,TotalVisibleMemorySize,FreePhysicalMemory,FreeVirtualMemo
Displaying WMI Classry,FreeSpaceInPagingFiles
Details

Use Command

Get-Process -Name PowerShell -ComputerName localhost, Server01, Server01 | Format-


Table -Property ID, ProcessName, MachineName

or

Get-Process powershell -ComputerName localhost, Server01, Server02 |


Format-Table -Property Handles,
@{Label="NPM(K)";Expression={[int]($_.NPM/1024)}},
@{Label="PM(K)";Expression={[int]($_.PM/1024)}},
@{Label="WS(K)";Expression={[int]($_.WS/1024)}},
@{Label="VM(M)";Expression={[int]($_.VM/1MB)}},
Getting Processes @{Label="CPU(s)";Expression={if ($_.CPU -ne $()){$_.CPU.ToString("N")}}},
(Get-Process) Id, ProcessName, MachineName -auto
Get-Process -Name BadApp | Where-Object -FilterScript {$_.SessionId -neq 0} | Stop-
Stopping Processes (Stop-Process)
Process

Get-Process -Name powershell | Where-Object -FilterScript {$_.Id -ne $PID} | Stop-


Stopping All Other Windows
Process PowerShell
-PassThru Sessions
New-PSDrive -Name Office -PSProvider FileSystem -Root "C:\Program Files\Microsoft
Adding New WindowsOffice\OFFICE11"
PowerShell Drives (New-PSDrive)

Deleting Windows PowerShell


Remove-PSDrive
Drives (Remove-PSDrive)
-name Office

Listing Printer Connections


Get-WmiObject -Class Win32_Printer
(New-Object -ComObject
Adding a Network Printer
WScript.Network).AddWindowsPrinterConnection("\\Printserver01\Xerox5")
(Get-WmiObject -ComputerName . -Class Win32_Printer -Filter "Name='HP LaserJet
Setting a Default Printer
5Si'").SetDefaultPrinter()
(New-Object -ComObject
Removing a Printer Connection
WScript.Network).RemovePrinterConnection("\\Printserver01\Xerox5")

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true


-ComputerName . | Format-Table -Property IPAddress or Get-WmiObject -Class
Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true -ComputerName . | Get-
Listing IP Addresses Member -Name IPAddress
for a Computer
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true
isting IP Configuration-ComputerName
Data .

Get-WmiObject -Class Win32_PingStatus -Filter "Address='127.0.0.1'" -ComputerName .


Or Get-WmiObject -Class Win32_PingStatus -Filter "Address='127.0.0.1'"
-ComputerName . | Format-Table -Property Address,ResponseTime,StatusCode
-Autosize Or '127.0.0.1','localhost','research.microsoft.com' | ForEach-Object -Process
{Get-WmiObject -Class Win32_PingStatus -Filter ("Address='" + $_ + "'")
Pinging Computers -ComputerName .} | Select-Object -Property Address,ResponseTime,StatusCode
Retrieving Network
Adapter Properties Get-WmiObject -Class Win32_NetworkAdapter -ComputerName .

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true


-ComputerName . | ForEach-Object -Process { $_. SetDNSDomain('fabrikam.com') } or
Assigning the DNS Get-WmiObject -Class Win32_NetworkAdapterConfiguration -ComputerName . |
Domain for a Where-Object -FilterScript {$_.IPEnabled} | ForEach-Object -Process
Network Adapter {$_.SetDNSDomain('fabrikam.com')}
1.Determining DHCP-Enabled Adapters:
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter
"DHCPEnabled=$true" -ComputerName .
2.Retrieving DHCP Properties
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter
"DHCPEnabled=$true" -ComputerName . | Format-Table -Property DHCP*
3.Enabling DHCP on Each Adapter
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true
-ComputerName . | ForEach-Object -Process {$_.EnableDHCP()}
4.Releasing and Renewing DHCP Leases on Specific Adapters
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "IPEnabled=$true
and DHCPEnabled=$true" -ComputerName . | Where-Object -FilterScript
{$_.DHCPServer -contains '192.168.1.254'} | ForEach-Object -Process
{$_.ReleaseDHCPLease()}
5.Releasing and Renewing DHCP Leases on All Adapters
Get-WmiObject -List | Where-Object -FilterScript {$_.Name -eq
'Win32_NetworkAdapterConfiguration'}
( Get-WmiObject -List | Where-Object -FilterScript {$_.Name -eq
'Win32_NetworkAdapterConfiguration'} ).ReleaseDHCPLeaseAll()
( Get-WmiObject -List | Where-Object -FilterScript {$_.Name -eq
Performing DHCP Configuration
'Win32_NetworkAdapterConfiguration'}
Tasks ).RenewDHCPLeaseAll()
Creating a Network (Get-WmiObject -List -ComputerName . | Where-Object -FilterScript {$_.Name -eq
Share 'Win32_Share'}).Create('C:\temp','TempShare',0,25,'test share of the temp folder')
Removing a (Get-WmiObject -Class Win32_Share -ComputerName . -Filter
Network Share "Name='TempShare'").Delete() or net share tempshare /delete

(New-Object -ComObject WScript.Network).MapNetworkDrive('B:', '\\FPS01\users') or


Connecting a Windows
netAccessible
use B: \\FPS01\users
Network Drive
Listing Windows
Installer Get-CimInstance -Class Win32_Product | Where-Object Name -eq "Microsoft .NET Core
Applications Runtime - 2.1.2 (x64)" | Format-List -Property *

New-PSDrive -Name Uninstall -PSProvider Registry -Root


Listing All HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Uninstallable $UninstallableApplications = Get-ChildItem -Path Uninstall:
Applications $UninstallableApplications | ForEach-Object -Process { $_.GetValue('DisplayName') }
Installing Invoke-CimMethod -ClassName Win32_Product -MethodName Install -Arguments
Applications @{PackageLocation='\\AppSrv\dsp\NewPackage.msi'}

Removing Get-ChildItem -Path Uninstall: | Where-Object -FilterScript { $_.GetValue('DisplayName')


Applications -like 'Win*'} | ForEach-Object -Process { $_.GetValue('UninstallString') }
Upgrading Windows Get-CimInstance -Class Win32_Product -Filter "Name='OldAppName'" | Invoke-
Installer CimMethod -MethodName Upgrade -Arguments
Applications @{PackageLocation='\\AppSrv\dsp\OldAppUpgrade.msi'}

Use Command
Get-Item -Path
Listing Registry Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion |
Entries Select-Object -ExpandProperty Property
Get-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion -Name
DevicePath or reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion /v
Getting a Single Registry
DevicePath
Entry
$value = Get-ItemProperty -Path HKCU:\Environment -Name Path
$newpath = $value.Path += ";C:\src\bin\"
Setting a Single Registry
Set-ItemProperty
Entry -Path HKCU:\Environment -Name Path -Value $newpath
Creating New New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion -Name
Registry Entries PowerShellPath -PropertyType String -Value $PSHome

Renaming Registry Rename-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion


Entries -Name PowerShellPath -NewName PSHome -passthru
Deleting Registry Remove-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion
Entries -Name PSHome
Use
Viewing Object Structure (Get-Member)

Selecting Parts of Objects (Select-Object)


Performing Simple Tests with Where-Object

Filtering Based on Object Properties


Basic sorting

descending sort

Using hash tables


Repeating a Task for Multiple Objects
(ForEach-Object)
Using New-Object for Event Log Access

Using Internet Explorer from Windows PowerShell

Displaying WMI Class Details


Command
Get-Process | Get-Member | Out-Host -Paging
Get-WmiObject -Class Win32_LogicalDisk | Select-Object -Property Name,FreeSpace OR Get-WmiObject -Class
Win32_LogicalDisk | Select-Object -Property Name,FreeSpace | ForEach-Object -Process {$_.FreeSpace =
($_.FreeSpace)/1024.0/1024.0; $_}
1,2,3,4 | Where-Object -FilterScript {$_ -lt 3}
Get-WmiObject -Class Win32_SystemDriver | Where-Object -FilterScript {$_.State -eq 'Running'} or Get-WmiObject -Class
Win32_SystemDriver | Where-Object -FilterScript {$_.State -eq "Running"} | Where-Object -FilterScript {$_.StartMode -eq
"Auto"}
Get-ChildItem | Sort-Object -Property LastWriteTime, Name | Format-Table -Property LastWriteTime, Name

Get-ChildItem | Sort-Object -Property LastWriteTime, Name -Descending | Format-Table -Property LastWriteTime, Name
Get-ChildItem | Sort-Object -Property @{ Expression = 'LastWriteTime'; Descending = $true }, @{ Expression = 'Name';
Ascending = $true } | Format-Table -Property LastWriteTime, Name

PS> Get-WmiObject -Class Win32_LogicalDisk | ForEach-Object -Process {($_.FreeSpace)/1024.0/1024.0}


New-Object -TypeName System.Diagnostics.EventLog

$ie = New-Object -ComObject InternetExplorer.Application


$ie.Visible = $true
$ie.Navigate("http://www.microsoft.com/technet/scriptcenter/default.mspx")
$ie.Document.Body.InnerText
$ie.Quit()
Remove-Variable ie

Get-WmiObject -Class Win32_OperatingSystem -Namespace root/cimv2 -ComputerName . | Get-Member -MemberType


Property

Get-WmiObject -Class Win32_OperatingSystem -Namespace root/cimv2 -ComputerName . | Format-Table -Property


TotalVirtualMemorySize,TotalVisibleMemorySize,FreePhysicalMemory,FreeVirtualMemory,FreeSpaceInPagingFiles
Use

Getting Processes (Get-Process)


Stopping Processes (Stop-Process)
Stopping All Other Windows PowerShell Sessions
Adding New Windows PowerShell Drives (New-PSDrive)
Deleting Windows PowerShell Drives (Remove-PSDrive)
Listing Printer Connections
Adding a Network Printer
Setting a Default Printer
Removing a Printer Connection

Listing IP Addresses for a Computer


isting IP Configuration Data

Pinging Computers
Retrieving Network Adapter Properties
Assigning the DNS Domain for a Network Adapter

Performing DHCP Configuration Tasks

Creating a Network Share

Removing a Network Share


Connecting a Windows Accessible Network Drive

Listing Windows Installer Applications

Listing All Uninstallable Applications


Installing Applications

Removing Applications

Upgrading Windows Installer Applications


Command

Get-Process -Name PowerShell -ComputerName localhost, Server01, Server01 | Format-Table -Property ID, ProcessName,
MachineName

or

Get-Process powershell -ComputerName localhost, Server01, Server02 |


Format-Table -Property Handles,
@{Label="NPM(K)";Expression={[int]($_.NPM/1024)}},
@{Label="PM(K)";Expression={[int]($_.PM/1024)}},
@{Label="WS(K)";Expression={[int]($_.WS/1024)}},
@{Label="VM(M)";Expression={[int]($_.VM/1MB)}},
@{Label="CPU(s)";Expression={if ($_.CPU -ne $()){$_.CPU.ToString("N")}}},
Id, ProcessName, MachineName -auto
Get-Process -Name BadApp | Where-Object -FilterScript {$_.SessionId -neq 0} | Stop-Process
Get-Process -Name powershell | Where-Object -FilterScript {$_.Id -ne $PID} | Stop-Process -PassThru
New-PSDrive -Name Office -PSProvider FileSystem -Root "C:\Program Files\Microsoft Office\OFFICE11"
Remove-PSDrive -name Office
Get-WmiObject -Class Win32_Printer
(New-Object -ComObject WScript.Network).AddWindowsPrinterConnection("\\Printserver01\Xerox5")
(Get-WmiObject -ComputerName . -Class Win32_Printer -Filter "Name='HP LaserJet 5Si'").SetDefaultPrinter()
(New-Object -ComObject WScript.Network).RemovePrinterConnection("\\Printserver01\Xerox5")

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true -ComputerName . | Format-Table


-Property IPAddress or Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true
-ComputerName . | Get-Member -Name IPAddress

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true -ComputerName .

Get-WmiObject -Class Win32_PingStatus -Filter "Address='127.0.0.1'" -ComputerName . Or Get-WmiObject -Class


Win32_PingStatus -Filter "Address='127.0.0.1'" -ComputerName . | Format-Table -Property
Address,ResponseTime,StatusCode -Autosize Or '127.0.0.1','localhost','research.microsoft.com' | ForEach-Object -Process
{Get-WmiObject -Class Win32_PingStatus -Filter ("Address='" + $_ + "'") -ComputerName .} | Select-Object -Property
Address,ResponseTime,StatusCode
Get-WmiObject -Class Win32_NetworkAdapter -ComputerName .
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true -ComputerName . | ForEach-Object
-Process { $_. SetDNSDomain('fabrikam.com') } or Get-WmiObject -Class Win32_NetworkAdapterConfiguration
-ComputerName . | Where-Object -FilterScript {$_.IPEnabled} | ForEach-Object -Process
{$_.SetDNSDomain('fabrikam.com')}

1.Determining DHCP-Enabled Adapters:


Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "DHCPEnabled=$true" -ComputerName .
2.Retrieving DHCP Properties
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "DHCPEnabled=$true" -ComputerName . | Format-
Table -Property DHCP*
3.Enabling DHCP on Each Adapter
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=$true -ComputerName . | ForEach-Object
-Process {$_.EnableDHCP()}
4.Releasing and Renewing DHCP Leases on Specific Adapters
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "IPEnabled=$true and DHCPEnabled=$true"
-ComputerName . | Where-Object -FilterScript {$_.DHCPServer -contains '192.168.1.254'} | ForEach-Object -Process
{$_.ReleaseDHCPLease()}
5.Releasing and Renewing DHCP Leases on All Adapters
Get-WmiObject -List | Where-Object -FilterScript {$_.Name -eq 'Win32_NetworkAdapterConfiguration'}
( Get-WmiObject -List | Where-Object -FilterScript {$_.Name -eq
'Win32_NetworkAdapterConfiguration'} ).ReleaseDHCPLeaseAll()
( Get-WmiObject -List | Where-Object -FilterScript {$_.Name -eq
'Win32_NetworkAdapterConfiguration'} ).RenewDHCPLeaseAll()
(Get-WmiObject -List -ComputerName . | Where-Object -FilterScript {$_.Name -eq
'Win32_Share'}).Create('C:\temp','TempShare',0,25,'test share of the temp folder')
(Get-WmiObject -Class Win32_Share -ComputerName . -Filter "Name='TempShare'").Delete() or net share tempshare
/delete
(New-Object -ComObject WScript.Network).MapNetworkDrive('B:', '\\FPS01\users') or net use B: \\FPS01\users
Get-CimInstance -Class Win32_Product | Where-Object Name -eq "Microsoft .NET Core Runtime - 2.1.2 (x64)" | Format-
List -Property *

New-PSDrive -Name Uninstall -PSProvider Registry -Root HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall


$UninstallableApplications = Get-ChildItem -Path Uninstall:
$UninstallableApplications | ForEach-Object -Process { $_.GetValue('DisplayName') }
Invoke-CimMethod -ClassName Win32_Product -MethodName Install -Arguments
@{PackageLocation='\\AppSrv\dsp\NewPackage.msi'}
Get-ChildItem -Path Uninstall: | Where-Object -FilterScript { $_.GetValue('DisplayName') -like 'Win*'} | ForEach-Object
-Process { $_.GetValue('UninstallString') }
Get-CimInstance -Class Win32_Product -Filter "Name='OldAppName'" | Invoke-CimMethod -MethodName Upgrade
-Arguments @{PackageLocation='\\AppSrv\dsp\OldAppUpgrade.msi'}
Use Command
Get-Item -Path
Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
Listing Registry Entries on | Select-Object
-Name -ExpandProperty
DevicePath or reg query Property
Getting a Single Registry Entry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion /v DevicePath
$value = Get-ItemProperty -Path HKCU:\Environment -Name Path
$newpath = $value.Path += ";C:\src\bin\"
Setting a Single Registry Entry Set-ItemProperty -Path HKCU:\Environment -Name Path -Value $newpath

New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion


Creating New Registry Entries -Name PowerShellPath -PropertyType String -Value $PSHome
Rename-ItemProperty -Path
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion -Name PowerShellPath
Renaming Registry Entries -NewName PSHome -passthru
Remove-ItemProperty -Path
Deleting Registry Entries HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion -Name PSHome