Powershell v2 Day 1
Class Notes Day 1
Get-Command -CommandType cmdlet | Where-Object { $_.Parameters.Keys -contains "ComputerName"}
$blah =Get-Command Test-WSMan
$blah.Parameters.keys
get-process | ? { $_.workingset64 -gt 100mb }
$ScriptBlock = { $_.workingset64 -gt 100mb }
get-process | ? $ScriptBlock
Running scripts
& run script in a child process no access to varibles in the script
. run script in current process variables will show in the shell.
Strings
-Expandable strings " "
-Literal strings ' '
"blah" | gm
$blah = "blah"
$blah | gm
Get-EventLog -After (Get-Date 7/18/2011) -LogName application
THis one fails
Get-EventLog -After ($date=Get-Date 7/18/2011; $date) -LogName application
This one works
Get-EventLog -After $($date=Get-Date 7/18/2011; $date) -LogName application
These two lines are similar but different
invoke-expression "Get-process explorer"
& "Get-process explorer" -fails because of the space
Command and expression parsing modes
& puts you in command mode $ "Get-process"
A
$array = 1,2,3
$array.GetType()
#The next line returns the members of each of the items in the array
#the two lines following return the members of the array itself
$array | gm
Get-Member -InputObject $array
the "," tells powershell not to unwrap the object See , Comma operator in get-help about_Operators | less -i ,$array | gm
$array = @()
$array +=1
$array +=10
$array
#Return an array if the data is not already an array (will not wrap an array in another array)
$proc = @( Get-Process explorer)
#increment or decrement ++ -- can be done pre and post
$a=10
$a
10
$a++
++$a
$a
write-host ($a++)
write-host (++$a)
#bankers rounding (rounding to even)
[int32] 10.5
[int32] 11.5
name of class :: static method operator name of method
[system.math]::Pow(10,2)
[system.math] | get-member -static
[Math]::Round(10.5, 0)
[Math]::Round(10.5, 2)
[Math]::Round(10.5, 0, "AwayFromZero")
[Math::Round([Math]::PI, 15)
[Math]::PI
[System.web.httputility]::HTMLDecode("Hello & goodbye")
$ServiceName="WinRM"
Get-WmiObject -Class win32_service -ComputerName . -Filter "name='WinRM'"
Get-WmiObject -Class win32_service -ComputerName . -Filter "name=$ServiceName"
#Build filter first then
$filter = "name='$ServiceName'"
Get-WmiObject -Class win32_service -ComputerName . -Filter $filter
Get-WmiObject -Class win32_service -ComputerName . -Filter "name='$ServiceName'"
Get-WmiObject -List | ? { $_.__DERIVATION -contains '__Event'}
#Bitwise operators
File Attributes
A archive
D Director
S system
H hidden
R read only
AD SHR
00100000 Archive bitmask
cd c:\
gci -force
gci -force | ? {$_.Attributes -band 0x2} # Hidden
gci -force | ? {$_.Attributes -band 0x10} #Directory
[System.Enum]::GetNames("System.IO.FileAttributes")
gci -force | ? {$_.Attributes -band [System.IO.FileAttributes] "ReadOnly"}
gci | ? {$_.PSIsContainer} # directory
gci | ? {!($_.PSIsContainer)} # not directory
Get-EventLog -LogName system | ? {$_.message -like "*shutdown*"}
"999-99-9999" -match "\d\d\d-\d\d-\d\d\d\d"
"999-99-9999" -match "\d{3}-\d{2}-\d{4}"
Hashtable = Associative array = dictionary
$Matches
#Grep like
Select-string
ParseTranscripts.ps1
$env:path
$env:path -split ";"
Import-Csv -Path C:\Windows\WindowsUpdate.log -Delimiter "`t" -Header "Date","Time","ThreadID","Eventid","Component","Message"
$logs=Import-Csv -Path C:\Windows\WindowsUpdate.log -Delimiter "`t" -Header "Date","Time","ThreadID","Eventid","Component","Message"
$logs.Count
$logs | Group-Object -Property Component
Format Operator page 61
-f
$errorString = "An error occured.`nMessage: {0}"
$errorString -f "Bad Stuff"
An error occured.
Message: Bad Stuff
Heading foo
ddd
PS Code Here blah