PowerShell for Windows Admins

February 17, 2014  2:34 AM

PowerShell Hello World

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I had a comment left on one of my posts recently that mentioned a “Hello World” script. The concept of a Hello World program/script is that it is a simple introduction to using a new language that gives a known result.

For a brand new user to PowerShell is is how you create a Hello World script:

open PowerShell with elevated privileges (Run as Administrator)

type  Set-ExecutionPolicy RemoteSigned –Force and press enter

This enables scripts to run.

Run these two lines by typing them individually and pressing enter

New-Item -Path c:\ -Name TestScripts -ItemType Directory cd C:\TestScripts

They create a test folder and move your location to that folder


“‘Hello World'” > script1.ps1

and press enter.  This creates your script. The single quotes nested in the double quotes are so that the text in the script will be surrounded by quotes – its a string value.

Run the script by typing


and pressing enter.  You will see the results:

Hello World

The .\ is required as PowerShell won’t run commands in the current folder by default. You have to explicitly give the local path.

You’ve now written your first PowerShell script and discovered most of the “gotchas” that cause people problems when they are first learning PowerShell

February 13, 2014  1:43 PM

Learn Windows IIS in a Month of Lunches

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Jason Helmick’s book in the Month of Lunches series is now available – http://www.manning.com/helmick/

I really can’t recommend this book enough – if you’re new to IIS or want to learn how to administer IIS with PowerShell – this is the book for you.

Buy it – you won’t be disappointed.

February 12, 2014  1:16 PM

PowerShell Summit–Europe 2014

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The dates of the European PowerShell for 2014 have been announced – 29 September 29 to 1 October at the Hotel park in Amsterdam – http://powershell.org/wp/community-events/summit/powershell-summit-europe/

We are starting to put together an agenda that will feature speakers from Europe, US and the PowerShell team.

Registration details will be announced in the not too distant future – but save the dates.  You won’t want to miss this.

January 22, 2014  1:56 PM

When did Windows update last run

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A question came up on the forum regarding when Windows Update last run and when an update was last installed.  Get-Hotfix shows the date of installation for most BUT not all patches.

The registry holds values showing last successful detection and install:

$props = [ordered]@{ LastDetect = Get-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect’ -Name LastSuccessTime | select -ExpandProperty LastSuccessTime

LastInstall = Get-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install’ -Name LastSuccessTime | select -ExpandProperty LastSuccessTime }

New-Object -TypeName psobject -Property $props

January 22, 2014  12:30 PM

Win32_OperatingSystem examples

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The Win32_ComputerOperatingSystem class can provide a good deal of information about the OS installed on your machines. These examples are converted from those presented here: http://msdn.microsoft.com/en-us/library/aa394596%28v=vs.85%29.aspx

# ServicePack version

Get-CimInstance -ClassName Win32_OperatingSystem |

select ServicePackMajorVersion, ServicePackMinorVersion

# install date of OS

Get-CimInstance -ClassName Win32_OperatingSystem |

select Installdate

# Windows version

Get-CimInstance -ClassName Win32_OperatingSystem |

select Caption, Version

# windows folder

Get-CimInstance -ClassName Win32_OperatingSystem |

select WindowsDirectory

# all

Get-CimInstance -ClassName Win32_OperatingSystem |

select Caption, Version, ServicePackMajorVersion,

ServicePackMinorVersion, Installdate, WindowsDirectory

You could create a function:

function get-OS {



[string]$computername = $env:COMPUTERNAME


Get-CimInstance -ClassName Win32_OperatingSystem -ComputerName $computername|

select Caption, Version, ServicePackMajorVersion,

ServicePackMinorVersion, Installdate, WindowsDirectory


and then choose properties if required:

£> get-OS | Format-Table Caption, Installdate

Caption                                       Installdate

——-                                           ———–

Microsoft Windows 8.1 Pro    05/12/2013 10:16:49

£> get-OS

Caption : Microsoft Windows 8.1 Pro

Version : 6.3.9600

ServicePackMajorVersion : 0

ServicePackMinorVersion : 0

Installdate : 05/12/2013 10:16:49

WindowsDirectory : C:\windows

£> get-OS | Format-Table Caption, Service* -AutoSize

Caption                                    ServicePackMajorVersion   ServicePackMinorVersion

——-                                         ———————–             ———————–

Microsoft Windows 8.1 Pro   0                                              0

January 20, 2014  1:30 PM

Win32_Process examples–running applications

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

You can see the running processes on a local or remote machine using Get-Process. Alternatively you can use Win32_Process:

Get-CimInstance -ClassName Win32_Process | select Name, ProcessID, Threadcount, PageFileUsage, PageFaults, WorkingSetSize | Format-Table –AutoSize

You can use the –ComputerName or –CimSession properties to access the processes on a remote machine.

Other properties are available:

Get-CimClass -ClassName Win32_Process | select -ExpandProperty CimClassProperties | Format-Table -AutoSize

January 20, 2014  1:00 PM

Win32_Process examples–test command line

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

To see the command lines that have been used when processes are started is simple one liner:

Get-CimInstance -ClassName Win32_Process | select Name, CommandLine

If you want to investigate specific processes use the –Filter parameter to restrict the processes

January 20, 2014  12:54 PM

Win32_Examples–start application in hidden window

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

This one is interesting as I’d tried doing this a while back and failed.  Starting a process with Win32_Process is straightforward but controlling the process – such as starting in a hidden window wasn’t working. This is how you do it:

function start-hiddenproc {


param ( [string]$processname = ‘notepad.exe’ )

$startclass = Get-CimClass -ClassName Win32_ProcessStartup

$startinfo = New-CimInstance -CimClass $startclass -Property @{ShowWindow = 0} -ClientOnly

$class = Get-CimClass -ClassName Win32_Process

Invoke-CimMethod -CimClass $class -MethodName Create -Arguments @{Commandline = $processname; ProcessStartupInformation = [CimInstance]$startinfo}


The function takes a path to the process executable as a parameter – would be a good place for a validation script parameter to test the path to the executable.

Get the Win32_ProcessStartup class and use it with New-CimInstance to create the start up information. The New-CimInstance parameter –ClientOnly can be aliased to –Local.  I always prefer to use the master parameter name rather than aliases – makes it easier for people to look things up in the documentation.

Get the Win32_Process class and use it with Invoke-CimMethod to invoke the Create method with the arguments passed as shown

January 18, 2014  6:24 AM

Winter Scripting Games 2014–event 1

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The event instructions for event 1 are available for download.

Entries will be accepted starting tomorrow.

Event will close 26 January 00:00:00 UTC

January 17, 2014  1:25 PM

Win32_Process examples–running scripts

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Back in the day when all we had was VBScript you could run scripts through the command line (cscript) or you would get a more graphical interface (wscript).  One of the examples at http://msdn.microsoft.com/en-us/library/aa394599(v=vs.85).aspx shows how to detect running scripts.

I don’t imagine much call for that technique but if you need it – here it is:

Get-CimInstance -ClassName Win32_Process -Filter “Name = ‘cscript.exe’ OR Name = ‘wscript.exe'” | Format-Table Name, Commandline

You could use a variation to test the command line input to other processes if you need to

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: