25 basic PowerShell commands for Windows administrators
Getting started with PowerShell or just need a quick refresher? This tip lists the most common PowerShell commands, with details on when to use them.
Even though Windows PowerShell has been around for a while, there are plenty of administrators who might not be familiar with a PowerShell cmdlet. But as Microsoft expands the functionality of PowerShell, administrators should take an interest in understanding its fundamental capabilities.
Let's look at 25 basic PowerShell commands you can execute tasks with. Not only are the tasks themselves common, but the structures of the commands show off the syntax and structure of other PowerShell commands. These basic PowerShell commands should get you started on the path to becoming a master.
Common entries (just to get started)
1. CD HKCU:
PowerShell lets you navigate the Windows Registry like a file system.
The CD command is a leftover from the days of disk operating systems (DOS) and stood for Change Directory. Although the CD command works in PowerShell, it's not truly a PowerShell command. It's an alias or shortcut for the Set-Location cmdlet. HKCU is an abbreviation for HKEY_CURRENT_USER.
2. Dir –r | Select-String "searchforthis"
This command lets you search recursively for text within the file structure because it searches the file names, not the file contents. The -r is what makes the search recursive, which means PowerShell will search both the current directory and subdirectories.
Like the CD command, the Dir command is a DOS leftover. In the days of DOS, the Dir command displayed the contents of the current folder. In PowerShell, Dir is an alias for the Get-ChildItem cmdlet.
3. Get-Process | Sort-Object –p ws | Select-Object –last 5
This command finds the five processes using the most memory. The Get-Process cmdlet retrieves a list of processes, while the Sort-Object portion of the command instructs PowerShell to sort the results by working set memory (ws). The Select-Object portion of the command displays the top five results.
4. Restart-Service DHCP
The Restart-Service command cycles a service by stopping and then restarting it. In this case, the Restart-Service command is used to restart the Dynamic Host Configuration Protocol (DHCP) service.
5. Get-ChildItem
When used by itself, the Get-ChildItem cmdlet list all items within a folder.
6. Get-ChildItem c:\directory -Recurse
You can append a path to the Get-ChildItem cmdlet so PowerShell displays the contents of the specified folder. Appending the -Recurse parameter causes PowerShell to also display the contents of all subfolders.
7. Remove-Item C:\ToBeDeleted
The Remove-Item cmdlet is used to delete a file or folder. When deleting a folder, you can append the -Recurse parameter to delete the files within the folder.
8. Restart-Computer
The Restart-Computer cmdlet reboots the system. You can also append the -ComputerName parameter to reboot a remote system.
Collecting information
9. Get-WmiObject -Class Win32_ComputerSystem
This command retrieves the make and model of a computer.
10. Get-WmiObject -Class Win32_BIOS
This command displays information about the BIOS of the current computer, such as the serial number and version.
11. Get-Hotfix
The Get-Hotfix command displays a list of installed hotfixes or quick fix engineering updates.
12. Get-WmiObject -Class Win32_ComputerSystem -Property UserName | Select-Object Username
This command displays the username of the person logged on to a computer.
13. Get-WmiObject -Class Win32_Product | Select-Object Name, Vendor
This command displays the names of all the applications installed on the computer, along with the vendor who published each application.
14. Get-NetIPAddress | Select-Object IPAddress
The Get-NetIPAddress cmdlet can be used to display a list of all the IP addresses assigned to the computer.
15. Get-NetIPAddress
Using the Get-NetIPAddress cmdlet by itself displays a more detailed summary of the computer's IP address usage. You can also use the IPConfig command for this purpose.
16. Get-NetIPAddress | Where-Object {$_.PrefixOrigin -eq 'DHCP'}
By filtering the Get-NetIPAddress cmdlet's output by PrefixOrigin, you can display only those network adapters that acquire an IP address from a DHCP server.
17. Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=true -ComputerName . | ForEach-Object -Process {$_.EnableDHCP()}
You can enable DHCP on all network adapters on the current computer by using this command.
Software management
18. Start-Process Setup.msi
The Start-Process cmdlet can be used to launch an MSI file, which is used to install a software application. In this case, the filename Setup.msi is used, but you can substitute the required path and filename.
19. (Get-WmiObject -Class Win32_Product -ComputerName . -Filter "Name='name_of_app_to_be_upgraded'").Upgrade(\\MACHINEWHEREMSIRESIDES\path\upgrade_package.msi)
You can use this command to upgrade an installed application with an MSI-based application upgrade package.
20. (Get-WmiObject -Class Win32_Product -Filter "Name='product_to_remove'" -ComputerName . ).Uninstall()
This command can be used to remove an MSI package from the current computer.
Machine management
21. Start-Sleep 60; Restart-Computer –Force –ComputerName TARGETMACHINE
By combining the Start-Sleep cmdlet with the Restart-Computer cmdlet, you can remotely shut down another machine after one minute.
22. Add-Printer -ConnectionName \\PrintServer\Printer
This command lets you install a printer by specifying the shared printer's Universal Naming Convention path using the -ConnectionName parameter.
23. Remove-Printer -Name "printer name"
This command removes a printer. You must substitute the actual name of the printer for the phrase "printer name."
24. Enter-PSSession TARGETMACHINE
You can use the Enter-PSSession command to establish a PowerShell session with a remote machine. You must have remote management enabled on the remote machine and a valid set of credentials.
25. Invoke-Command -ComputerName Machine1 -FilePath C:\Script\script.ps1
You can use the Invoke-Command cmdlet to run a PowerShell script or any PowerShell cmdlet against a remote machine.
Bonus command
26. Stop-Process -ProcessName calc*
You can use the Stop-Process cmdlet to terminate a process running on your computer by appending the name of the process you want stopped. If you don't know -- or don't want to type -- the full process name, you can use wildcards.
