Getting Started
All of Powershell's commands follow a Verb-Object pattern.
Powershell is object-oriented, thus every object has methods and properties.
Powershell allows the use of aliases i.e. Get-ChildItem is the same as dir or ls. See Common Commands for more.
Common Commands
Use the Get-Alias command to view all Powershell aliases.
Manage Processes
Start-Process ; start
Stop-Process ; kill, spps
Manage Services
Start-Service ; sasv
Stop-Service ; spsv
Manage/Navigate File System
New-Item;
Move-Item ; move
Remove-Item ;
Copy-Item ; copy, cp
Get-ChildItem
Set-Location ; cd, chdir
Write-Host; Read-Host
Use the "Help"
Powershell has a great built-in help system which is incredibly useful for gaining info on commands or Powershell properties. Look at the below command:
Get-Help Start-Process
This will bring up some basic information about the command such as Syntax, Description, and Related Links, BUT it can do so much more. You can control how much detail the "Help" system gives you by using certain switches such as "-Detailed", "-Full", and "-Examples". I recommend the "-ShowWindow" switch which will give you all the available details in a separate window, which is great for keeping the console window clean:
Get-Help Start-Process -ShowWindow
"Help" can also be used to search for commands or modules of interest and it accepts wildcards.
"Get-Help *process*" will bring all commands that have "process" anywhere in the name. Additionally you can use only one asterisk, "*process" or "process*", if you want to search for commands that have "process" in either the front or the back.
Variables
Powershell will let you save and use variables inside both scripts and console windows.
$Var = ...
This function makes invoking methods much simpler. Here's a common one:
$Bitness = Get-wmiobject win32_operatingsystem
$Bitness.OSarchitecture
The former line grabs the OS object and stores it into the variable. This means one can use the variable to invoke all the methods and properties assigned to the object.
It takes two lines but is easier to use and read than the alternative:
(Get-wmiobject win32_operatingsystem).OSarchitecture
The latter would require entering the entire line to access the property. If you only need the one property then
$Bitness = (Get-wmiobject win32_operatingsystem).OSarchitecture
is better to use as it stores the string found in "OSarchitecture" instead of storing the whole object.
Environment Variables
Much like, Command Line, Powershell uses Environment Variables but in a slightly different way. Environment Variables look like variables in structure, $env:SystemRoot, but use a colon.
Get-ChildItem env:
Use the above line to view the current Environment Variables.
Pipeline
Most of Powershell's commands have an output which can be transferred directly to another command. Below is a simple example.
Get-Process | Out-Gridview
Using the pipeline can produce several different results, but allow you to customize the output according to your needs.
Get-Process | sort -Property Name,ID | export-csv -Path "$env:userprofile\Desktop\processes.csv"
The above line grabs all processes, sorts them by Name then ID and finally exports them to the Desktop as a csv file. The "$env:userprofile" is an environment variable. View Environment Variables to learn more.
Scripting
Execution Policy
The Execution Policy is a safety feature which prevents scripts from running on the machine. The default policy on all new Windows OS's is Restricted which prevents all scripts from running on the machine. As such, you will have to change the policy before running any powershell scripts.
Set-ExecutionPolicy -ExecutionPolicy Bypass
The above line allows all scripts to run but it alters the settings for the entire machine. You can specify how far the policy is implemented however.
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser will allow scripts to run for the user.
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process will allow scripts to run for the current Powershell session and will not affect current policy settings.
Unfortunately, all the above require a powershell console to be open and the lines typed manually. To get around this we can use the command lilne.
Start powershell.exe -ExecutionPolicy Bypass -File "path\to\File.ps1"
Running the above line from an admin level command line will run powershell as admin, then from the powershell instance, it will run whatever .ps1 file you give it. Additionally, it won't alter the default policies set for the machine or user.