Hey, Scripting Guy! What Improvements Does Windows PowerShell 2.0 Have?

Hey, Scripting Guy! What Improvements Does Windows PowerShell 2.0 Have?

  • Comments 1
  • Likes

Bookmark and Share

(Editor’s note: Portions of today's Hey, Scripting Guy! Blog post are excerpted from the Microsoft Press book, Windows PowerShell 2.0 Best Practices by Ed Wilson which is now available for pre-order.)

Hey, Scripting Guy! Question

Hey, Scripting Guy! I am curious about some of the new features of Windows PowerShell 2.0. I know that all of the old cmdlets from Windows PowerShell 1.0 are still around, but have there been any improvements?

-- MB

Hey, Scripting Guy! AnswerHello MB,

Microsoft Scripting Guy Ed Wilson here. Today I am listening to Die Zauberflote on my Zune and sipping a cup of Gyokuro green tea. It has a light delicate taste. I put a little lemon grass in the infuser and a fresh cinnamon stick in my cup. When brewing a pot of Gyokuro tea, it is important to not allow it to steep for more than five minutes or else the tea will begin to taste grassy. If the tea is allowed to steep for more than eight minutes, it will begin to taste bitter—which is a shame given the fine nature of the tea. For some reason Gyokuro tea goes well with Mozart. Of course, to really set things off, you need an ANZAC biscuit to go along with the cup of tea.

Several of the cmdlets in Windows PowerShell 2.0 have added new parameters. Perhaps the most immediately useful parameter is the –ComputerName parameter that allows working with computers in a remote fashion. These modified cmdlets are listed here.

·         Get-EventLog: Gets the events in an event log, or a list of the event logs, on the local or remote computers. In the following command we use the –ComputerName with the Get-EventLog cmdlet to allow us to retrieve the most recent event from the application log on a remote computer named berlin.

Get-EventLog -ComputerName berlin -LogName application -Newest 1

·         Get-Process: Gets the processes that are running on the local computer or a remote computer. In the following command, we use the new –ComputerName with the Get-Process cmdlet to obtain a listing of the processes currently running on a remote computer named berlin.

Get-Process -ComputerName berlin

·         Get-Service: Gets the services on a local or remote computer. By using the –ComputerName parameter with the Get-Service cmdlet, we can get a listing of the status of all the services that are defined on a remote computer named berlin. This line of code is shown here.

Get-Service -ComputerName berlin

·         Set-Service: Starts, stops, and suspends a service, and changes its properties. The Set-Service cmdlet has been updated to include the –ComputerName parameter as well. As seen here, we use the new switch to connect to a remote computer named berlin and to change the startup type of the service to manual. Because this is modifying system state, we also decide to use the –Confirm switch to ensure we are working with both the correct computer and the correct service.

Set-Service -ComputerName berlin -Name bits -StartupType manual –Confirm

The –credential parameter was present in Windows PowerShell 1.0 in only one cmdlet, Get-WmiObject. This parameter allows for the use of alternate credentials when making remote connections. This switch has been added to several cmdlets such as Add-Content and Get-Content. However, when I tested this by trying to access a file on a remote computer, it came back with an error as shown here:

Image of error message

We can investigate this by examining the capabilities of the providers. First we need to see what types of capabilities the providers could support. To do this we use the GetValues() static method from the System.Enum .NET Framework class. The GetValues() method takes one argument, the name of the .NET Framework class from which it is to retrieve the enumeration values. The System.Management.Automation.Provider.ProviderCapabilities class contains the enumeration values we are interested in. The code that obtains these values is shown here:

[enum]::getValues(“System.Management.Automation.Provider.ProviderCapabilities")

We obtain the following list of provider capabilities:

None
Include
Exclude
Filter
ExpandWildcards
ShouldProcess
Credentials
Transactions

Now that we have a listing of the capabilities available to the Windows PowerShell providers, we need to see which default Windows PowerShell 2.0 providers support the Credentials capability. To see this, we can use the Get-PSProvider cmdlet. As seen here, only one of the default Windows PowerShell 2.0 providers supports the use of capabilities:

Get-PSProvider
Name                 Capabilities                            Drives
----                 ------------                            ------
Alias                ShouldProcess                           {Alias}
Environment          ShouldProcess                           {Env}
FileSystem           Filter, ShouldProcess                   {C, D, dle, apw...}
Function             ShouldProcess                           {Function}
Registry             ShouldProcess, Transactions             {HKLM, HKCU, HKCR}
Variable             ShouldProcess                           {Variable}
Certificate          ShouldProcess                           {cert, certCU}
WSMan                Credentials                             {WSMan}

The –credential parameter will work only if a provider supports it. Because cmdlets like Add-Content are designed to work on any Windows PowerShell drive, the –credential parameter was added. The WSMan default, PSProvider, supports the use of credentials, but none of the other default PSProviders does so. If you have loaded the Remote Server Administration Tools (RSAT), the Active Directory provider supports credentials. This is shown here:

PS C:\> Get-PSProvider -PSProvider activeDirectory | Format-List *

ImplementingType : Microsoft.ActiveDirectory.Management.Provider.ADProvider
HelpFile         : Microsoft.ActiveDirectory.Management.dll-Help.xml
Name             : ActiveDirectory
PSSnapIn         :
ModuleName       : Microsoft.ActiveDirectory.Management
Module           : Microsoft.ActiveDirectory.Management
Description      :
Capabilities     : Include, Exclude, Filter, ShouldProcess, Credentials
Home             :
Drives           : {AD}

In addition to the –credential and the –computername parameters, the cmdlets have been upgraded with additional parameters as well. For example, the Get-Process cmdlet has a new switch called FileVersionInfo. This switched parameter will display file version information for a specific process or all processes. In the example seen here, the file version information for a process named conhost is shown:

PS C:\> Get-Process -FileVersionInfo -Name conhost

ProductVersion   FileVersion      FileName
--------------   -----------      --------
6.1.7600.16385   6.1.7600.1638... C:\Windows\system32\conhost.exe

If your troubleshooting of a process requires additional information, you may wish to use the –module switched parameter. When the –module switch is used, DLL files and other modules that make up the process are displayed:

PS C:\> Get-Process -module -Name conhost

   Size(K) ModuleName                                         FileName
   ------- ----------                                         --------
       348 conhost.exe                                        C:\Windows\system32...
      1708 ntdll.dll                                          C:\Windows\SYSTEM32...
      1148 kernel32.dll                                       C:\Windows\system32...
       428 KERNELBASE.dll                                     C:\Windows\system32...
       412 GDI32.dll                                          C:\Windows\system32...
      1000 USER32.dll                                         C:\Windows\system32...
        56 LPK.dll                                            C:\Windows\system32...
       808 USP10.dll                                          C:\Windows\system32...
       636 msvcrt.dll                                         C:\Windows\system32...
       184 IMM32.dll                                          C:\Windows\system32...
      1060 MSCTF.dll                                          C:\Windows\system32...
      2052 ole32.dll                                          C:\Windows\system32...
      1208 RPCRT4.dll                                         C:\Windows\system32...
       860 OLEAUT32.dll                                       C:\Windows\system32...
        60 CRYPTBASE.dll                                      C:\Windows\system32...

The Get-Service cmdlet has been upgraded with the –DependentServices switch and the –RequiredServices switch. The use of these two switches can be useful when you are trying to determine if a service can be disabled or set to manual. This is illustrated here:

PS C:\> Get-Service -Name wudfsvc

Status   Name               DisplayName
------   ----               -----------
Running  wudfsvc            Windows Driver Foundation - User-mo...


PS C:\> Get-Service -Name wudfsvc -RequiredServices

Status   Name               DisplayName
------   ----               -----------
Running  PlugPlay           Plug and Play
Running  WudfPf             User Mode Driver Frameworks Platfor...


PS C:\> Get-Service -Name wudfsvc -DependentServices

Status   Name               DisplayName
------   ----               -----------
Stopped  WbioSrvc           Windows Biometric Service

The Get-EventLog cmdlet has been upgraded with a number of new parameters. In Windows PowerShell 1.0, you could display the contents of an event log as shown here:

PS C:\> Get-EventLog -LogName application

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
    1205 Oct 22 14:14  Information Software Protecti...   1073750020 License Acti...
    1204 Oct 22 12:14  Information Software Protecti...   1073750020 License Acti...
    1203 Oct 22 10:14  Information Software Protecti...   1073750020 License Acti...
    1202 Oct 22 08:14  Information Software Protecti...   1073750020 License Acti...
    1201 Oct 22 07:13  Information Software Protecti...   1073750020 License Acti...
    1200 Oct 22 07:08  Information Software Protecti...   1073750020 License Acti...
    1199 Oct 22 06:38  Information Software Protecti...   1073750020 License Acti...

If you wanted to return only event log entries that were related to WMI, you needed to use the Where-Object cmdlet, as seen here:

PS C:\> Get-EventLog -LogName application | Where-Object { $_.source -eq 'winmgmt'}

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
    1178 Oct 22 06:00  0           WinMgmt                3221231089 The descript...
    1177 Oct 22 06:00  0           WinMgmt                3221231087 The descript...
    1144 Oct 21 10:49  0           WinMgmt                3221231089 The descript...
    1143 Oct 21 10:49  0           WinMgmt                3221231087 The descript...
    1117 Oct 21 10:28  0           WinMgmt                3221231089 The descript...
    1116 Oct 21 10:28  0           WinMgmt                3221231087 The descript...
    1076 Oct 19 13:51  0           WinMgmt                3221231089 The descript...
    1075 Oct 19 13:51  0           WinMgmt                3221231087 The descript...

In Windows PowerShell 2.0, you can omit the Where-Object cmdlet because a –source parameter has been added to the Get-EventLog cmdlet. This is seen here:

PS C:\> Get-EventLog -LogName application -Source winmgmt

  Index Time          EntryType   Source                 InstanceID Message
  ----- ----          ---------   ------                 ---------- -------
   1178 Oct 22 06:00  0           WinMgmt                3221231089 The descript...
   1177 Oct 22 06:00  0           WinMgmt                3221231087 The descript...
   1144 Oct 21 10:49  0           WinMgmt                3221231089 The descript...
   1143 Oct 21 10:49  0           WinMgmt                3221231087 The descript...
   1117 Oct 21 10:28  0           WinMgmt                3221231089 The descript...
   1116 Oct 21 10:28  0           WinMgmt                3221231087 The descript...
   1076 Oct 19 13:51  0           WinMgmt                3221231089 The descript...
   1075 Oct 19 13:51  0           WinMgmt                3221231087 The descript...
   1055 Oct 19 13:43  0           WinMgmt                3221231089 The descript...
   1054 Oct 19 13:43  0           WinMgmt                3221231087 The descript...
   1019 Oct 16 09:59  0           WinMgmt                3221231089 The descript...
   1017 Oct 16 09:59  0           WinMgmt                3221231087 The descript...
    957 Oct 14 11:44  0           WinMgmt                3221231089 The descript...
    956 Oct 14 11:44  0           WinMgmt                3221231087 The descript...
    932 Oct 14 11:35  0           WinMgmt                3221231089 The descript...
    931 Oct 14 11:35  0           WinMgmt                3221231087 The descript...
    900 Oct 07 08:08  0           WinMgmt                3221231089 The descript...
    899 Oct 07 08:08  0           WinMgmt                3221231087 The descript...
    868 Oct 06 06:27  0           WinMgmt                3221231089 The descript...
    867 Oct 06 06:27  0           WinMgmt                3221231087 The descript...
    826 Oct 05 07:48  0           WinMgmt                3221231089 The descript...
    825 Oct 05 07:48  0           WinMgmt                3221231087 The descript...
    793 Oct 02 11:29  0           WinMgmt                3221231089 The descript...
    792 Oct 02 11:29  0           WinMgmt                3221231087 The descript...
    763 Oct 01 11:48  0           WinMgmt                3221231089 The descript...
    762 Oct 01 11:48  0           WinMgmt                3221231087 The descript...
    732 Sep 30 10:22  0           WinMgmt                3221231089 The descript...
    731 Sep 30 10:22  0           WinMgmt                3221231087 The descript...
    707 Sep 29 14:43  0           WinMgmt                3221231089 The descript...
    706 Sep 29 14:43  0           WinMgmt                3221231087 The descript...
    675 Sep 28 11:59  0           WinMgmt                3221231089 The descript...

The Get-EventLog cmdlet also boasts a new –after parameter in addition to the –source parameter. The use of the –after parameter is illustrated in the code shown here:

PS C:\> Get-EventLog -LogName application -Source winmgmt -After 10/19/2009

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
    1178 Oct 22 06:00  0           WinMgmt                3221231089 The descript...
    1177 Oct 22 06:00  0           WinMgmt                3221231087 The descript...
    1144 Oct 21 10:49  0           WinMgmt                3221231089 The descript...
    1143 Oct 21 10:49  0           WinMgmt                3221231087 The descript...
    1117 Oct 21 10:28  0           WinMgmt                3221231089 The descript...
    1116 Oct 21 10:28  0           WinMgmt                3221231087 The descript...
    1076 Oct 19 13:51  0           WinMgmt                3221231089 The descript...
    1075 Oct 19 13:51  0           WinMgmt                3221231087 The descript...
    1055 Oct 19 13:43  0           WinMgmt                3221231089 The descript...
    1054 Oct 19 13:43  0           WinMgmt                3221231087 The descript...


PS C:\>

 

MB, we hope you found this discussion of things that have changed with some of the Windows PowerShell 2.0 cmdlets. Join us tomorrow as we continue to explore Windows PowerShell 2.0.

If you want to know exactly what we will be looking at tomorrow, follow us on Twitter or Facebook. If you have any questions, send e-mail to us at scripter@microsoft.com or post them on the Official Scripting Guys Forum. See you tomorrow. Until then, keep on scripting!

Ed Wilson and Craig Liebendorfer, Scripting Guys

 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment