The next evolution in Windows Scripting has arrived under the name Windows PowerShell. Formerly code-named Monad, PowerShell is a new command line shell and scripting language geared specifically toward helping IT professionals achieve greater productivity.
PowerShell ships standard with Windows Vista and later and is available as a download for Windows XP and Windows Server 2003. Vista users should take the time to download the latest update to the framework. At the time of this writing, the latest release of PowerShell 1.0 is RC2 and can be downloaded at the link below.
You’re probably asking yourself “Okay, so what’s the big deal?” For years Linux fans have been bashing (no pun intended) Windows users over the extreme power available on the Linux command line. But that’s all about to change.
PowerShell adds a whole new dimension of command line capabilities to Windows. This new environment adds a perfect mix of simplicity and power. Its fully featured command base brings flexibility and power to the end user while providing ease of use. It’s like batch on steroids.
PowerShell also has the ability to work with WMI and all of your other favorite Windows scripting technologies while adding its own native features that are missing from other command line environments.
PowerShell is known by several different names. Let’s clear some of them up before going any further. The official name is Windows PowerShell. During development it was originally called Monad. It’s also sometimes referred to as MSH for Microsoft Command Shell.
PowerShell was designed to take all of the best features from several different command line environments including Linux and Windows’ Command Prompt. One of the core design features was that PowerShell be usable by both system administrators and application developers.
The design team started out by improving upon some of the existing CMD features. One example was improved pipelining and output redirection. While this was possible in CMD, support was limited at best.
Along with the upgrades comes a completely new object-oriented framework. Commands in PowerShell output objects rather than blocks of text. These objects can be acted on immediately using the properties and methods associated with that object.
PowerShell also introduces a consistent command naming convention using a verb-noun structure. This pattern makes it much simpler to remember a few object names rather than an array of archaic commands and parameters.
If that isn’t enough there’s added functionality as well. PowerShell can do things that no other command line shell can do in Windows such as navigate the Windows Registry as if it were a file system. You can navigate the registry like a folder system, viewing and changing registry keys and values as you go. No third party scripts or programs are required.
PowerShell has another indispensable feature as well. It allows you to preview the effects that your scripts will have on the system. Commands that create or change objects support the confirm and whatif flags. The confirm flag forces the user to confirm an action before it is executed and the whatif flag will show you what happens without actually performing the action.
In Windows PowerShell help is always at your fingertips. The shell environment has a very well written help system as well as a very in depth online reference. Questions in PowerShell don’t go unanswered long.
If you do have trouble learning to work in your new environment, don’t worry. The commands in Windows PowerShell support aliases, meaning you can use different commands for the same item. Let’s say you want to get a directory listing. In PowerShell you would use the command Get-ChildItem. No need to fear if you forget, you can type the friendly dir command as well.
All PowerShell commands have aliases for their CMD counterparts. If that’s not enough try using ls. That’s right! There are aliases for most Linux equivalents as well.
So, “what the fruit is a cmdlet?” you ask. A cmdlet (pronounced command-let) is basically a miniature program that can be compared to an application’s dll file. It is executable, but only within the PowerShell environment. Cmdlets are created as PowerShell scripts.
As I’ve stated you call specific methods in cmdlets by supplying a verb. There are over 50 verbs, but only a few perform the most common tasks. They are as follows:
Add (Add-content, works like append)
Clear (Clear-variable)
Expand
Export
Format (Format-list or format-table)
Get (Default verb, not always necessary, often assumed)
Group (Group-object often abbreviated to plain group)
Import
Measure (Measure-object)
Move
New (New-object, opens up a whole world of com or net objects)
Out (Out-file, also out-printer, even out-host)
Pop
Push
Read (Read-host is a method of obtaining console input)
Remove * (Remove-item. PowerShell's way of deleting)
Resume (Service)
Restart (Service)
Set (Set-location, like cmd's cd)
Sort (Strictly speaking sort-object)
Start (Start-service)
Stop (Stop-service)
Write (Write-host, also write-output)
Constructing a command is as simple as choosing a verb and a noun. Here are some of most commonly used nouns in PowerShell:
Acl (get-acl)
Alias
Childitem (get-childitem has an Alias of dir)
Command (get-command)
Content (get-content, has an Alias of type)
Drives
Env
Eventlog
File (Out-file)
Item (get-item d:scripts)
Process
Property (Get-property c:boot.ini)
Provider
Service
WmiObject
Obviously not all of the verbs will work with all of the nouns, but it’s very simple to try them and see which ones do. Of course, as I stated, PowerShell has a very extensive help system that lists all of the native objects including their verb-noun pairs.
Try opening a PowerShell window and trying the Get-EventLog pair. You will be asked to supply the name of the Event Log you’d like to view. Just type System and press return. Alternatively you can supply it in the original command line by typing Get-EventLog System. You should see a return that looks something like the following.
Index Time Type Source EventID Message
----- ---- ---- ------ ------- -------
10439 Feb 25 19:31 Warn Tcpip 4226 TCP/IP has reac…
10438 Feb 25 19:04 Warn Tcpip 4226 TCP/IP has reac…
10437 Feb 25 18:56 Info Service Control M... 7036 The LiveUpdate…
10436 Feb 25 18:55 Info Service Control M... 7036 The LiveUpdate…
10435 Feb 25 18:55 Info Service Control M... 7035 The LiveUpdate…
10434 Feb 25 18:54 Info Service Control M... 7036 The LiveUpdate…
10433 Feb 25 18:54 Info Service Control M... 7036 The LiveUpdate…
10432 Feb 25 18:54 Info Service Control M... 7035 The LiveUpdate…
10431 Feb 25 18:51 Info Service Control M... 7036 The WMI Perform…
10430 Feb 25 18:51 Info Service Control M... 7035 The WMI Perform…
10429 Feb 25 18:51 Info Service Control M... 7036 The WMI Perform…
10428 Feb 25 18:51 Info Service Control M... 7036 The LiveUpdate…
10427 Feb 25 18:51 Info Service Control M... 7036 The WMI Perform…
10426 Feb 25 18:51 Info Service Control M... 7035 The WMI Perform…
10425 Feb 25 18:51 Info Service Control M... 7036 The WMI Perform…
10424 Feb 25 18:51 Info Service Control M... 7036 The Application…
…
If that’s too hard for you to read, then you should try pipelining. Support for pipelining is very strong. The command we want is Get-EventLog System | Format-List. The Format-List cmdlet is used to control the output of the Get-EventLog cmdlet. The output should look similar to the following:
Index : 10439
EntryType : Warning
EventID : 4226
Message : TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Category : (0)
CategoryNumber : 0
ReplacementStrings : {}
Source : Tcpip
TimeGenerated : 2/25/2007 7:31:14 PM
TimeWritten : 2/25/2007 7:31:14 PM
UserName :
Index : 10438
EntryType : Warning
EventID : 4226
Message : TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Category : (0)
CategoryNumber : 0
ReplacementStrings : {}
Source : Tcpip
TimeGenerated : 2/25/2007 7:04:44 PM
TimeWritten : 2/25/2007 7:04:44 PM
UserName :
Index : 10437
EntryType : Information
EventID : 7036
Message : The LiveUpdate service entered the stopped state.
You can customize output further by sorting from the output as well. Let’s use the Get-Process cmdlet as an example. It lists all of the currently running processes. You can sort results using the Where-Object method in many different ways. In this example, I’m going to use the command:
The use of regular expressions is far beyond the scope of this article but essentially this searches for and returns only processes beginning with the letter E.
We’re only beginning to tap into the true power that PowerShell has to offer. Not only do you have a full range of cmdlets available to you, but you can also add third-party ones and even write your own. It truly is the most flexible command line environment.
Another very cool feature that I like in PowerShell is its ability to work directly with the Windows registry. Try typing Set-Location HKLM:. You’ll notice by the change in prompt that your are sitting at the root of the HKEY_LOCAL_MACHINE registry hive. From here you can navigate and view the registry as if it were a standard directory structure.
You can use the Get-ChildItem cmdlet to get a “directory” listing for each level of sub keys. To see a listing of keys at the current location you’ll need to use the Get-ItemProperty cmdlet instead.
As you can see, PowerShell has a lot of power built into it. It’s the most advanced command line environment to date. As you experiment and learn more you’ll begin finding even more robust ways of getting things done.
In the future, I will be presenting a series of articles to help you learn how to use this new environment as well as how to write PowerShell scripts. Download the latest copy of PowerShell and start exploring. Until next time.
Windows Scripting 
/ 5 
A Portable Scripting Toolbox
