Basic Usage
First, we will look at commands that are very useful and frequently used in daily usage.
File and Directory
While dealing with files and directories, it should be known that a single dot . represents the current directory, and double dots .. represent the parent directory.
Get-ChildItem (ls)
A cmdlet that lists the content of a specified directory.
PS C:\Users\user> Get-ChildItem
Directory: C:\Users\user
Mode LastWriteTime Length Name
---- ------------- ------ ----
d-r--- 3/15/2024 11:30 PM 3D Objects
d-r--- 3/15/2024 11:30 PM Contacts
d-r--- 4/1/2009 12:10 PM Desktop
d-r--- 3/18/2024 10:39 PM Documents
d-r--- 3/16/2024 9:55 AM Downloads
d-r--- 3/15/2024 11:30 PM Favorites
d-r--- 3/15/2024 11:30 PM Links
d-r--- 3/15/2024 11:30 PM Music
d-r--- 3/15/2024 11:30 PM Pictures
d-r--- 3/15/2024 11:30 PM Saved Games
d-r--- 3/15/2024 11:31 PM Searches
d-r--- 3/15/2024 11:30 PM VideosSet-Location (cd)
A cmdlet that changes the working directory.
We saw examples of this earlier.
PS C:\Users\user> Set-Location .\Documents\
PS C:\Users\user\Documents>New-Item
This cmdlet creates a new file or directory.
If no parameter is provided, it creates an empty file by default.
PS C:\Users\user\Documents> New-Item file.txt
Directory: C:\Users\user\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 4/1/2009 10:15 PM 0 file.txtTo create a directory, we can provide the -ItemType Directory parameter.
PS C:\Users\user\Documents> New-Item -ItemType Directory logs
Directory: C:\Users\user\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 4/1/2009 10:24 PM logsFor more examples and advanced usage, you can refer to the help page.
Get-Help New-Item -examplesRemove-Item (rm)
This command deletes files or directories.
PS C:\Users\user\Documents> Remove-Item .\logs\Copy-Item (cp)
A cmdlet used to copy files or directories.
PS C:\Users\user\Documents> New-Item file.txt
Directory: C:\Users\user\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 4/1/2009 10:26 PM 0 file.txt
PS C:\Users\user\Documents> Copy-Item file.txt file1.txt
PS C:\Users\user\Documents> ls
Directory: C:\Users\user\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 4/1/2009 10:26 PM 0 file.txt
-a---- 4/1/2009 10:26 PM 0 file1.txtMove-Item (mv)
Moves or renames files or directories. If only the directory name is given, it will just move the item.
PS C:\Users\user\Documents> Move-Item .\file1.txt ..\Desktop\If a new name is provided, it will move and rename the item.
PS C:\Users\user\Documents> Move-Item ..\Desktop\file1.txt .\file01.txt
PS C:\Users\user\Documents> ls
Directory: C:\Users\user\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 4/1/2009 10:26 PM 0 file.txt
-a---- 4/1/2009 10:26 PM 0 file01.txtGet-Content (cat)
Used to display the content of files.
PS C:\Users\user\Documents> Get-Content .\file.txtSystem Processes
Get-Process
Displays a list of processes running on the system.
It is often used with filtering options.
If called without parameters, it shows all processes.
PS C:\Users\user> Get-Process
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
327 19 9500 27948 0.06 5036 1 ApplicationFrameHost
170 10 1868 8272 2796 0 blnsvr
272 14 7124 24228 0.31 5136 1 conhost
516 21 1772 5092 472 0 csrss
328 17 1776 5192 560 1 csrss
397 16 3848 19652 0.14 5532 1 ctfmon
359 17 3332 12372 2192 0 dasHost
226 17 4196 12140 0.00 6960 1 dllhost
916 35 44548 78560 476 1 dwm
1662 63 25876 93940 1.31 5432 1 explorer
32 5 1444 3652 856 1 fontdrvhost
32 5 1304 3212 864 0 fontdrvhost
0 0 60 8 0 0 Idle
1208 25 6788 18816 716 0 lsass
0 0 72 500 1840 0 Memory Compression
210 14 2200 1832 1372 0 MicrosoftEdgeUpdate
798 22 11248 25608 6232 0 MoUsoCoreWorker
1280 44 51628 116456 1.50 904 1 msedge
149 9 2024 7348 0.02 7048 1 msedge
307 17 11436 27120 0.03 7200 1 msedge
349 30 10988 32772 0.27 7208 1 msedge
169 12 6716 17164 0.05 7216 1 msedge
193 15 17768 25800 0.08 7580 1 msedge
401 22 76128 115708 2.77 8136 1 msedge
773 95 265236 203064 2960 0 MsMpEng
178 40 3828 8652 4656 0 NisSrv
678 33 120356 135084 1.09 6824 1 powershell
...Get-Process -name win*
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
162 11 1460 6948 552 0 wininit
274 12 2592 12076 624 1 winlogonStop-Process:
Terminates a process. It can be called by name or process ID.
PS C:\Users\user> Get-Process -name explorer*
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
2202 85 38472 120904 1.88 5432 1 explorer
PS C:\Users\user> Stop-Process -Id 5432Get-Service
Used to display the list of services on the system.
PS C:\Users\user> Get-Service
Status Name DisplayName
------ ---- -----------
Stopped AarSvc_40ce5 Agent Activation Runtime_40ce5
Stopped AJRouter AllJoyn Router Service
Stopped ALG Application Layer Gateway Service
Stopped AppIDSvc Application Identity
Running Appinfo Application Information
Stopped AppMgmt Application Management
Stopped AppReadiness App Readiness
Stopped AppVClient Microsoft App-V Client
Running AppXSvc AppX Deployment Service (AppXSVC)
Stopped AssignedAccessM... AssignedAccessManager Service
Running AudioEndpointBu... Windows Audio Endpoint Builder
Running Audiosrv Windows Audio
Stopped autotimesvc Cellular Time
Stopped AxInstSV ActiveX Installer (AxInstSV)
Running BalloonService BalloonService
Stopped BcastDVRUserSer... GameDVR and Broadcast User Service_...
Stopped BDESVC BitLocker Drive Encryption Service
Running BFE Base Filtering Engine
Stopped BITS Background Intelligent Transfer Ser...
Stopped BluetoothUserSe... Bluetooth User Support Service_40ce5
Running BrokerInfrastru... Background Tasks Infrastructure Ser...
Stopped BTAGService Bluetooth Audio Gateway Service
...Start-Service
Starts a service.
PS C:\Users\user> Start-Service -Name AppinfoStop-Service
Stops a service.
PS C:\Users\user> Stop-Service -Name AppinfoObject Selection and Filtering
In the cmdlets we discussed earlier, we observed commands that produce very long outputs, outputs that we may want to use differently, or outputs from which we may want to access only a single column. We will learn how to manage these.
In PowerShell, piping allows you to chain tasks together powerfully by sending command outputs to the next command. It is represented by the pipe symbol |.
Piping allows you to run multiple commands on a single command line. The output of the previous command becomes the input for the next command. This enables you to break down complex tasks into smaller, more manageable steps and process the outputs according to your needs.
For example, you might want to get a list of running processes and only see their names and IDs.
Get-Process | Select-Object ProcessName, IdSelect-Object (select)
With this cmdlet, you can choose specific properties of objects in a collection, displaying only the information you need.
In the example above, we only took the process name and ID, ignoring the other non-essential parts.
Where-Object (where)
Allows you to filter objects based on specific criteria. This way, you only process the objects you need.
For example, to list all services and display only the running ones:
Get-Service | Where-Object Status -eq "Running"Here, the -eq operator stands for equality.
Commonly used operators include:
-eq: Equals
-ne: Not equal
-gt: Greater than
-ge: Greater than or equal
-lt: Less than
-le: Less than or equal
You can find all other operators in the help page of the Where-Object command.
Select-String
The Select-String command is a PowerShell cmdlet used to search and select text lines in text files or strings. You can select lines that match a specific pattern or those that do not.
Searching Text Files: It can be used to search for a specific word, phrase, or regex pattern in a text file.
String Processing: It can be used to select or replace specific text in a string.
Filtering: It can be used to select text lines that match specific criteria.
To search for a specific word in a text file:
PS C:\Users\user\Documents> Select-String -Pattern "today" .\file.txt
file.txt:1:The purpose of today's training is to defeat yesterday's understanding. - Miyamoto MusashiLast updated