Top PowerShell Commands Every Sysadmin Needs to Know!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

on today's episode of James on it we're going to talk about Powershell and help you get more comfortable using the command line and become a master of the true power in every Windows system let's get started if you're not aware Powershell is a very very powerful tool that every Windows Cy admin should know by heart reason being it's behind everything in Microsoft Windows it allows you to automate so many tasks allows you to do things like roll out changes and gather data on a whole Fleet of computers you can run commands on thousands of computers at once using Powershell or create virtual machines check the status of hard drive sizes and so much more Powershell is the ultimate tool that you need to know to help you become a better CIS admin and a more valuable CIS admin so let's get started today and going over the top 25 Powershell commands that you need to know first thing though before we get into those commands to understand how Powershell Works let's take a look at how the commands are built just to help you understand some of the basics so here in our terminal we're looking at Powershell window and you can launch Powershell just by right clicking on your windows icon and open up terminal or it may say command or it may say Powershell here depending on your windows version if you're not sure you can always just hit your windows icon and type in the word Powershell and you'll see it here and when it opens up it may be a blue window or it may be black like this if you have the windows terminal installed so every Powershell command starts with a verb it's either add get it can be find new and so much more after it starts with that verb it has a dash and then it says what the command is that command may be child item it may be lock it could be all kinds of different things and that gets us started on our very first command get command so let's take a look and see what get command does if we just type in get- command here and hit enter it's going to sit there and it'll go through every single command that's in your system it's a whole bunch of data right but this doesn't really tell you much the nice part about it is though you can use that git command to find other commands so let's say we just want to see all the git type commands all the ones that start with Git well there we go how about update and this lists all of the various Powershell commands that start with update whereas here it starts with the word get if you want to get more information you can use our next command get help so for example we'll use this command here let's pick a good one get local user so get help on get local user and hit enter and what it does is it gives you the information on okay the name is get local user we already know that but here's a syntax what the local user is you can get their Sid any common parameters even an alias and that leads us into our next command get alias aliases allow us to simplify the command so instead of typing the long command we' just type an alias so let's take a look at some of these examples like for example if you're a Linux guy and you're used to typing LS well that's actually an alias for get child item and if you're used to the old dos command line where you type in dir well guess what that's also an alias for get child item and the nice part is if you want to create your own Alias you can do that first let's clear host to clear our Powershell command which has its own Alias of clear so let's say we open up and we've got a whole bunch of stuff here we just type in clear and there we go that eliminates it out so we've already gotten what five different commands here thus far let's play with that get alias a little bit more but this time instead of a git Alias let's use the get command and we're going to see what commands end in Alias remember how we looked for okay I want to know everything that has get or everything that has update or new or whatever now we can look at the other half okay what all has Alias well it has export get import new and set Alias and each one has a different use you can run get help on any of these to actually see the help information for those commands but we're going to do a new Alias and this time we're going to have notepad we're going to do NP Windows system 32 and we're going to look for and let's shorten that a little bit no P ad. XE now if I type in NP we have notepad and that's how aliases work in Powershell but what if you want something a little more useful from a system standpoint aliases and getting help and getting commands are are nice well let's take a look what hard drives do you have on your computer well you type in get volume and that'll tell you what hard drive you have what their health status is if they're okay or not what size they are what file system type and so much more it'll give you every single volume so right now I've only got a C C drive on this virtual machine so it's pretty simple if you have multiple Drive letters when you type in get volume you're going to see all the different Drive letters and get a status just like this but there's more what about um your IP address of your computer well you can type in get net adapter and that's going to tell you what ethernet connections that you have Wi-Fi or other things as you can see I've got hyperv network adapter because this is a hyperv VM that I'm running this in and see the index there of the interface index and what it statuses if it's up down unplug things like that and the name of it ethernet too allow you to work with it another helpful command we all know what the task manager is what about get service get service allows us to list all the various services that we have on a machine now this is a whole bunch of data and as nice as this is wouldn't it be nice to be able to see or filter a little more you know we did a little bit of filtering with the git command program so let's say you want to filter so you can only see which services are running on your computer actively right right now well you can run get service and then you use this command which is called a pipe what this does is it pipes it takes the output of the G service command and pushes it to our next command our next command is wear object and here we need to put it in curly braces where we say status D EQ that means equals running and end it in a curly bracket now we see all the services that are running on this machine likewise if we just want to look at stopped Services we can change this to stopped and we'll only see what's not running on this computer so knowing how to pipe the output of one command into another is extremely helpful to know but this is nice it's in the terminal let's say my boss wants to know everything that's running on the computer but you know what it would be nice to see this in a nice Web format that's easy to view well that gets us into our next command convert to HTML we can take the output of this where object is running from the get service command and make it into its own little web page that's right we'll just call it services. HTM and now if we launch that and open it up here we have a nice web view of all of our services what the status is what it's dependent on start type who owns it whether it's at manual automatic things like that which is a little bit easier to read than just a simple command interface so let's say you want to take this HTML and instead we want a text file well we can change this to text but we need to change our Command and that takes us into our next command which is out file without file we just need to tell them where we want it when we're going to put it in the current directory it outputs it and now we can use our Alias that we created earlier for notepad to open services. text and here we are so here's the output of all the running services on our machine is there other ways to manipulate the data absolutely so another command that we can use let's say we want to get all the running but we only want to see the the name well if we use select object and we type in name that only gives us the name so instead of us earlier when we typed in all the running and we see a list of three columns of data here our status our name and display name keep in mind in Powershell everything is pretty much an object which makes it very flexible when working with these kinds of outputs so we can grab just this column of data such as using select object name or let's say we want just the display name we can do that too so we can pull segments of data out of the output and we can even take this data and combine them like let's say there are other columns that we could have in here that we saw in the HTML output that we're not seeing in our terminal as you saw well we can select those particular ones to pop in here if we know what those columns are now let's say we want to compare something we want the we've got two different files but the exact same format and same data that's inside those files we can use the command we'll clear this output here we can use the command compare object to be able to see what those the differences are between them those now let's say you have a couple files and their Nam similar if we look at what we have we have the services. HTM and services. text let's create a copy of this services. text file and here's another command that we we can add to our list CP or copy item this is a Alias so if we get alias CP we see CP equals copy item so there's another one that we can add to our list let's go ahead and clear our screen now we have two files and well three we include the HTM as. asri you notice I'm using these Asis in these commands what this is to represent is any characters in between here this C and this Dot and any anything ending after this dot so if I wanted to filter this more just for the text files I can just put an asri here and it pulls in sees okay this has an S this has an s2o we can also do something like this where we have a single question mark and it's not going to pull anything because we've got more than one character here but if we put in two question marks it's going to pull in Services the difference being is is it's looking at only one character difference so didn't mean to side ra else too much but it's good to know but if we open up our services 2. text let's make a couple differences we'll call this one food and we'll call this one bar and we'll put a cat over here all right let's save that and close that out so now there's differences between these two and if we take a look at these files you'll see that the last right time is different as well as things update and this one's just a tad bit just a Teensy bit longer because we added a few extra characters so if we use our Command compare object it allows us to compare the results of U the output of two objects so this is a great way if you're used to Linux at all this is basically the Microsoft version of diff and what you do with this is you need to use a git content command this is dot text and we need to do another get content this is kind of a quick and dirty way of doing this but it works and now shows us the difference okay our services 2 has this Foo bar and Cat our services. text does not have those and it shows us line by line which objects so our input object that's our first file our second one is the SED so it's your left and your right and that's why we're getting these arrows left and right showing us the difference between these lines so it's a very handy tool that you should know if you ever have a couple files or you can use this on a variety of outputs like let's say you um put you can actually create variables so like let me show you this this this can come in handy so instead of typing all this get content and stuff you can actually put in file one and we're going to say get content services. text two here and we'll call this file two and now if we type in compare object file one and file two boom gives us the same output so this is just a shorter way of doing it but the nice part about is is as you're working with stuff and like we were getting those Services earlier you can actually put the output of that command into a variable and pull that variable into other commands just like I did here so know that you have that flexibility play with it it's a heck of a lot of fun all right we need to get back to our list of fantastic commands so let's go ahead and clear this out another great command that you should know is actually checkpoint computer when you run checkpoint computer what it does is it allows you to take snapshots of your computer that you can quickly and easily restore from so it's great if you're making a change to your computer and you want to save it before you make that change like let's say you want to test a program out and you want to revert back well then you can do the restore and that's part of every single Windows computer out there now that's running a modern version of Windows I think they introduced it back in like uh I know it's been around at least since Windows 7 probably longer but um it's the same thing as do going in here and doing Crea a restore point and I've obviously got this off in this VM and that's why I didn't complete running this but it'll give you a description it'll run you through the command and of course you can always get help check computer to find out more information now let's say we want to see if a file exists or a folder exists instead of just doing a uh dir or an LS to see what's on your file system you can actually do what's called test path and see if services. HTM is there or not if we type services. HTML you'll see it gives you a value of whether it's true or false the nice part about this program and why I'm including it in our list of power shell commands you should know is it's very handy if you're looking for let's say you want to see if a program is installed on a bunch of different computers you can write a script and use this test path to see if those programs exist where they're installed at you know if you know the program has you could see if all the files are there or not and put that in a variable and check against each of those and you'll see if there's any differences likewise let's say if you're not sure if something is on the network you know we all know the command ping it's very very handy you know if we want to Ping Google DNS it's easy enough to do well there's another command called test connection now this program is quite a bit different your PIN command what it does is throws out what's called icmp packets and pretty much everything out there will respond it's configured by default to respond to pings but just because you can ping it doesn't mean you can talk to it test connection will actually initiate a TCP connection to that other host and tell you if it's up or not so here we see that we're doing a test connection against 8.8 eight and we're getting replies now if you're in an environment where you're run an active directory you're going to love this next command usually if a computer has a problem with its authentication against active directory the way to fix that is by removing it D joining it from the domain and then rejoining it to the domain well there's a much easier way of doing this you can use the command test computer secure Channel and what this does is it will actually reset your connection for you back to your domain controller now you notice this VM that I've got isn't part of the domain so that's why I'm getting this error so I can't actually run this and show it to you I'll give you the full output here we do test computer secure Channel then what you'd want to do is You' want to run credential and then here you'd want to put your domain and and your credentials so I'm just going to use administrator hopefully you are following best practices and not using the domain administrator and but you should be using a separate admin account domain administrator should be something that is restricted for only emergency use and then you use the dash repair and what that'll do is it test the connection the computer has to your domain controller and then fixes it using your admin administrator credentials and I'll ask you for your password when you type this in another very handy tool to know about is the command invoke web request way this command works is it allows you to download something from a website now you can grab forms you can grab entire web pages or you can even grab files for example ex Le let's say we want to download a file winp now it's easy we can type it in here and hit download things like that and we could say our download now but before we do that what we could do so we can grab this button and take this link and we can actually put it in our own little script here so to speak and use the command invoke web request and we can put this in here and what it'll do is when we execute it it's going to automatically download it for us and we're going to see it right here in our files where it's downloaded and we can take this file and run it and launch it so if we have a bunch of Compu computer that we need to download a file to or if you want to be able to pull it it doesn't have to be necessarily A a web page but you can make it into like let's say you download it you can put on a web server and download it that way like an internal web server things like that and you can tell where it's actually grabbed other data when it was pulling in that web request and that's what kicked off edge to open up and download it let's go ahead and clear our terminal but know that invoke web request is there there's also another one called invoke bits transfer it's another fantastic tool very similar but there's times where you'll find that the bits transfer is a little better than the web request but know that you've got both they do very similar things last couple commands I want to talk about is Powershell has some Standard Security around it so if we do a git execution policy it can tell us what our execution policy is now the nice part about this is it's automatically set to restricted what that means is unless the scripts are signed by a certificate it means it will not run them it'll block those scripts from running now there's ways to make them run by getting around this if with the right permissions or you can change that execution policy by using the set execution policy command and you can say whether you want to bypass things like that I highly recommend lead of it at restricted and instead you set authentic code signature the beautiful part about this command is it allows you to sign your own code so if you have a Powershell command you can create either a self-signed certificate you want to use using the command new self signed certificate and you can create a certific certificate using that command of course you're going to have to add a few things in here you can also use the makeer ility which is part of Windows these are giving errors because it's not in the path let's go ahead and clear that out otherwise you have to purchase a certificate but at least you can sign your own search using your self- signed certificate if you've got your own CA or just want to create a self-signed certificate off of your own computer but you can use that command set authentic code signature you can use this command to sign your own scripts using Powershell and that makes it more secure because then it will only run the scripts that you approve of that are assigned and authenticated using a trusted party whether it's your own internal certificate Authority or your own certificate that you purchased from a provider the full command on this to run is your script name name PS1 and then what you want to do is to make it simple we'll use a at and this is a get child item command and we put the seert path in here which the CT path this is part of your this is a Powershell path and we want to use current user most likely is where you'll have it at and then my and we want to say it's a code signing certificate and then we want to do the [Music] include chain all and then lastly our time stamp server and this this goes to the p on path to net I'm just typing in something random your ca time stamp D so by running this now obviously I've put in my own funky path here but by running this you would actually be able to sign your script that you created and just for fun we got one more bonus command I want to show you and that is get random get random always gives you a random number that you can use this is great if you want to literally get a random value and there are plenty of options with get random that you can use to say what your seed is how many objects that you want Count things like that is just a fun random command I had to throw in so in short Powershell as you can see lives up to its name it's super powerful work with those commands have fun doing so and you'll find out that it doesn't take long and you'll go right at home in the command line be sure to take these commands have fun with them and keep learning

Info

Channel: James on IT

Views: 3,089

Rating: undefined out of 5

Keywords:

Id: EfkLZXF35ks

Channel Id: undefined

Length: 28min 7sec (1687 seconds)

Published: Thu Apr 25 2024