Basic Usage

First, we will look at commands that are very useful and frequently used in daily usage.

File and Directory

While dealing with files and directories, it should be known that a single dot . represents the current directory, and double dots .. represent the parent directory.

Get-ChildItem (ls)

A cmdlet that lists the content of a specified directory.

PS C:\Users\user> Get-ChildItem    
    Directory: C:\Users\user
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-r---         3/15/2024  11:30 PM                3D Objects
d-r---         3/15/2024  11:30 PM                Contacts
d-r---          4/1/2009  12:10 PM                Desktop
d-r---         3/18/2024  10:39 PM                Documents
d-r---         3/16/2024   9:55 AM                Downloads
d-r---         3/15/2024  11:30 PM                Favorites
d-r---         3/15/2024  11:30 PM                Links
d-r---         3/15/2024  11:30 PM                Music
d-r---         3/15/2024  11:30 PM                Pictures
d-r---         3/15/2024  11:30 PM                Saved Games
d-r---         3/15/2024  11:31 PM                Searches
d-r---         3/15/2024  11:30 PM                Videos

Set-Location (cd)

A cmdlet that changes the working directory.

We saw examples of this earlier.

PS C:\Users\user> Set-Location .\Documents\
PS C:\Users\user\Documents>

New-Item

This cmdlet creates a new file or directory.

If no parameter is provided, it creates an empty file by default.

PS C:\Users\user\Documents> New-Item file.txt    
    Directory: C:\Users\user\Documents
    Mode                 LastWriteTime         Length Name
    ----                 -------------         ------ ----
    -a----          4/1/2009  10:15 PM              0 file.txt

To create a directory, we can provide the -ItemType Directory parameter.

PS C:\Users\user\Documents> New-Item -ItemType Directory logs    
    Directory: C:\Users\user\Documents
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----          4/1/2009  10:24 PM                logs

For more examples and advanced usage, you can refer to the help page.

Get-Help New-Item -examples

Remove-Item (rm)

This command deletes files or directories.

PS C:\Users\user\Documents> Remove-Item .\logs\

Copy-Item (cp)

A cmdlet used to copy files or directories.

PS C:\Users\user\Documents> New-Item file.txt    
    Directory: C:\Users\user\Documents
    Mode                 LastWriteTime         Length Name
    ----                 -------------         ------ ----
    -a----          4/1/2009  10:26 PM              0 file.txt
    
PS C:\Users\user\Documents> Copy-Item file.txt file1.txt
PS C:\Users\user\Documents> ls    
    Directory: C:\Users\user\Documents
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----          4/1/2009  10:26 PM              0 file.txt
-a----          4/1/2009  10:26 PM              0 file1.txt

Move-Item (mv)

Moves or renames files or directories. If only the directory name is given, it will just move the item.

PS C:\Users\user\Documents> Move-Item .\file1.txt ..\Desktop\

If a new name is provided, it will move and rename the item.

PS C:\Users\user\Documents> Move-Item ..\Desktop\file1.txt .\file01.txt
PS C:\Users\user\Documents> ls    
    Directory: C:\Users\user\Documents
    Mode                 LastWriteTime         Length Name
    ----                 -------------         ------ ----
    -a----          4/1/2009  10:26 PM              0 file.txt
    -a----          4/1/2009  10:26 PM              0 file01.txt

Get-Content (cat)

Used to display the content of files.

PS C:\Users\user\Documents> Get-Content .\file.txt

System Processes

Get-Process

Displays a list of processes running on the system.

It is often used with filtering options.

If called without parameters, it shows all processes.

PS C:\Users\user> Get-Process
Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------    
327      19     9500      27948       0.06   5036   1 ApplicationFrameHost    
170      10     1868       8272              2796   0 blnsvr    
272      14     7124      24228       0.31   5136   1 conhost    
516      21     1772       5092               472   0 csrss    
328      17     1776       5192               560   1 csrss    
397      16     3848      19652       0.14   5532   1 ctfmon    
359      17     3332      12372              2192   0 dasHost    
226      17     4196      12140       0.00   6960   1 dllhost    
916      35    44548      78560               476   1 dwm   
1662      63    25876      93940       1.31   5432   1 explorer     
32       5     1444       3652               856   1 fontdrvhost     
32       5     1304       3212               864   0 fontdrvhost      
0       0       60          8                 0   0 Idle   
1208      25     6788      18816               716   0 lsass      
0       0       72        500              1840   0 Memory Compression    
210      14     2200       1832              1372   0 MicrosoftEdgeUpdate    
798      22    11248      25608              6232   0 MoUsoCoreWorker   
1280      44    51628     116456       1.50    904   1 msedge    
149       9     2024       7348       0.02   7048   1 msedge    
307      17    11436      27120       0.03   7200   1 msedge    
349      30    10988      32772       0.27   7208   1 msedge    
169      12     6716      17164       0.05   7216   1 msedge    
193      15    17768      25800       0.08   7580   1 msedge    
401      22    76128     115708       2.77   8136   1 msedge    
773      95   265236     203064              2960   0 MsMpEng    
178      40     3828       8652              4656   0 NisSrv    
678      33   120356     135084       1.09   6824   1 powershell
...

Get-Process -name win*
Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------    
162      11     1460       6948               552   0 wininit    
274      12     2592      12076               624   1 winlogon

Stop-Process:

Terminates a process. It can be called by name or process ID.

PS C:\Users\user> Get-Process -name explorer*
Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------   
2202      85    38472     120904       1.88   5432   1 explorer

PS C:\Users\user> Stop-Process -Id 5432

Get-Service

Used to display the list of services on the system.

PS C:\Users\user> Get-Service
Status   Name               DisplayName
------   ----               -----------
Stopped  AarSvc_40ce5       Agent Activation Runtime_40ce5
Stopped  AJRouter           AllJoyn Router Service
Stopped  ALG                Application Layer Gateway Service
Stopped  AppIDSvc           Application Identity
Running  Appinfo            Application Information
Stopped  AppMgmt            Application Management
Stopped  AppReadiness       App Readiness
Stopped  AppVClient         Microsoft App-V Client
Running  AppXSvc            AppX Deployment Service (AppXSVC)
Stopped  AssignedAccessM... AssignedAccessManager Service
Running  AudioEndpointBu... Windows Audio Endpoint Builder
Running  Audiosrv           Windows Audio
Stopped  autotimesvc        Cellular Time
Stopped  AxInstSV           ActiveX Installer (AxInstSV)
Running  BalloonService     BalloonService
Stopped  BcastDVRUserSer... GameDVR and Broadcast User Service_...
Stopped  BDESVC             BitLocker Drive Encryption Service
Running  BFE                Base Filtering Engine
Stopped  BITS               Background Intelligent Transfer Ser...
Stopped  BluetoothUserSe... Bluetooth User Support Service_40ce5
Running  BrokerInfrastru... Background Tasks Infrastructure Ser...
Stopped  BTAGService        Bluetooth Audio Gateway Service
...

Start-Service

Starts a service.

PS C:\Users\user> Start-Service -Name Appinfo

Stop-Service

Stops a service.

PS C:\Users\user> Stop-Service -Name Appinfo

Object Selection and Filtering

In the cmdlets we discussed earlier, we observed commands that produce very long outputs, outputs that we may want to use differently, or outputs from which we may want to access only a single column. We will learn how to manage these.

In PowerShell, piping allows you to chain tasks together powerfully by sending command outputs to the next command. It is represented by the pipe symbol |.

Piping allows you to run multiple commands on a single command line. The output of the previous command becomes the input for the next command. This enables you to break down complex tasks into smaller, more manageable steps and process the outputs according to your needs.

For example, you might want to get a list of running processes and only see their names and IDs.

Get-Process | Select-Object ProcessName, Id

Select-Object (select)

With this cmdlet, you can choose specific properties of objects in a collection, displaying only the information you need.

In the example above, we only took the process name and ID, ignoring the other non-essential parts.

Where-Object (where)

Allows you to filter objects based on specific criteria. This way, you only process the objects you need.

For example, to list all services and display only the running ones:

Get-Service | Where-Object Status -eq "Running"

Here, the -eq operator stands for equality.

Commonly used operators include:

-eq: Equals
-ne: Not equal
-gt: Greater than
-ge: Greater than or equal
-lt: Less than
-le: Less than or equal

You can find all other operators in the help page of the Where-Object command.

Select-String

The Select-String command is a PowerShell cmdlet used to search and select text lines in text files or strings. You can select lines that match a specific pattern or those that do not.

Searching Text Files: It can be used to search for a specific word, phrase, or regex pattern in a text file.
String Processing: It can be used to select or replace specific text in a string.
Filtering: It can be used to select text lines that match specific criteria.

To search for a specific word in a text file:

PS C:\Users\user\Documents> Select-String -Pattern "today" .\file.txt
file.txt:1:The purpose of today's training is to defeat yesterday's understanding. - Miyamoto Musashi

PreviousIntroduction to PowerShell NextUser Management with PowerShell

Last updated 3 months ago

hashtagFile and Directory

hashtagSystem Processes

hashtagObject Selection and Filtering

File and Directory

System Processes

Object Selection and Filtering