Tag Archives: ComputerName

Get-WmiObject

February 26, 2014 Adam

SYNOPSIS
Gets instances of Windows Management Instrumentation (WMI) classes or information about the available classes.

SYNTAX
Get-WmiObject [-Authority <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

Get-WmiObject [[-Class] <string>] [-Authority <string>] [-List] [-Recurse] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

Get-WmiObject [-Authority <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

Get-WmiObject [-Class] <string> [[-Property] <string[]>] [-Authority <string>] [-DirectRead] [-Filter <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

Get-WmiObject -Query <string> [-Authority <string>] [-DirectRead] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

DESCRIPTION
The Get-WmiObject cmdlet gets instances of WMI classes or information about the available WMI classes. The ComputerName parameter can always be used to specify a remote computer. If the List parameter is specified, the cmdlet gets information about the WMI classes that are available in a specified namespace. If the Query parameter is specified, the cmdlet runs a WMI query language (WQL) statement.

The Get-WmiObject cmdlet does not use the Windows PowerShell remoting infrastructure to perform remote operations. You can use the ComputerName parameter of the Get-WmiObject cmdlet even if your computer does not meet the requirements for Windows PowerShell remoting and even if your computer is not configured for remoting in Windows PowerShell.

PARAMETERS
-Amended [<SwitchParameter>]
Gets or sets a value that indicates whether the objects that are returned from WMI should contain amended information. Typically, amended information is localizable information, such as object and property descriptions, that is attached to the WMI object..

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-AsJob [<SwitchParameter>]
Runs the command as a background job. Use this parameter to run commands that take a long time to finish.

When you use the AsJob parameter, the command returns an object that represents the background job and then displays the command prompt. You can continue to work in the session while the job finishes. If Get-WmiObject is used against a remote computer, the job is created on the local computer, and the results from remote computers are automatically returned to the local computer. To manage the job, use the cmdlets that contain the Job noun (the Job cmdlets). To get the job results, use the Receive-Job cmdlet.

Note: To use this parameter with remote computers, the local and remote computers must be configured for remoting. Additionally, you must start Windows PowerShell by using the “Run as administrator” option in Windows Vista and later versions of Windows,. For more information, see about_remote_requirements.

For more information about Windows PowerShell background jobs, see about_jobs and about_remote_Jobs.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Authentication <AuthenticationLevel>
Specifies the authentication level to be used with the WMI connection. Valid values are:

        -1: Unchanged
        0: Default
        1: None (No authentication in performed.)
        2: Connect (Authentication is performed only when the client establishes a relationship with the application.)
        3: Call (Authentication is performed only at the beginning of each call when the application receives the request.)
        4: Packet (Authentication is performed on all the data that is received from the client.)
        5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.)
        6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.)

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Authority <string>
Specifies the authority to use to authenticate the WMI connection. You can specify standard NTLM or Kerberos authentication. To use NTLM, set the authority setting to ntlmdomain:<DomainName>, where <DomainName> identifies a valid NTLM domain name. To use Kerberos, specify kerberos:<DomainName>\<ServerName>”. You cannot include the authority setting when you connect to the local computer.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Class <string>
Specifies the name of a WMI class. When this parameter is used, the cmdlet retrieves instances of the WMI class.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ComputerName <string[]>
Specifies the computer against which you want to run the management operation. The value can be a fully qualified domain name, a NetBIOS name, or an IP address. Use the local computer name, use localhost, or use a dot (.) to specify the local computer. The local computer is the default. When the remote computer is in a different domain from the user, you must use a fully qualified domain name. This parameter can also be piped to the cmdlet.

This parameter does not rely on Windows PowerShell remoting, which uses WS-Management ). You can use the ComputerName parameter of Get-WmiObject even if your computer is not configured to run WS-Management remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user. Type a user name, such as “User01”, “Domain01\User01”, or User@Contoso.com. Or, enter a PSCredential object, such as an object that is returned by the Get-Credential cmdlet. When you type a user name, you will be prompted for a password.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-DirectRead [<SwitchParameter>]
Specifies whether direct access to the WMI provider is requested for the specified class without any regard to its base class or to its derived classes.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-EnableAllPrivileges [<SwitchParameter>]
Enables all the privileges of the current user before the command makes the WMI call.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Filter <string>
Specifies a Where clause to use as a filter. Uses the syntax of the WMI Query Language (WQL).

Important: Do not include the Where keyword in the value of the parameter. For example, the following commands return only the logical disks that where the DeviceID equals ‘c:’ and the services where the name equals ‘WinRM’, without using the Where keyword:

Get-WmiObject Win32_LogicalDisk -Filter “DeviceID = ‘c:’ ”
Get-WmiObject win32_service -Filter “name=’WinRM'”

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Impersonation <ImpersonationLevel>
Specifies the impersonation level to use. Valid values are:

        0: Default (reads the local Registry for the default impersonation level , which is usually set to “3: Impersonate”.)
        1: Anonymous (Hides the credentials of the caller.)
        2: Identify (Allows objects to query the credentials of the caller.)
        3: Impersonate (Allows objects to use the credentials of the caller.)
        4: Delegate (Allows objects to permit other objects to use the credentials of the caller.)

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-List [<SwitchParameter>]
Specifies whether to retrieve and display the names of the WMI classes in the WMI repository namespace that is specified in the Namespace parameter. The Default Namespace Registry entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting Registry key is not used by this cmdlet to determine the default namespace. If you specify the List parameter but not the Namespace parameter, the root\CIMV2 namespace is used by default.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Locale <string>
Specifies the preferred locale for WMI objects. Specify the value of the Locale parameter as an array in the MS_<LCID> format in the preferred order .

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Namespace <string>
When used with the Class parameter, this parameter specifies the WMI repository namespace where the referenced WMI class is located. When used with the List parameter, it specifies the namespace from which to gather WMI class information.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Property <string[]>
Specifies the WMI class property or set of properties to retrieve.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Query <string>
Specifies a WMI Query Language (WQL) statement to run. Event queries are not supported by this parameter.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Recurse [<SwitchParameter>]
Makes the command search the current namespace and all other namespaces for the class name that is specified in the Class parameter.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ThrottleLimit <int>
Allows the user to specify a throttling value for the number of WMI operations that can be executed simultaneously. This parameter is used together with the AsJob parameter.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
None
You cannot pipe input to Get-WmiObject.

OUTPUTS
PSObject or System.Management.Automation.RemotingJob
When you use the AsJob parameter, the cmdlet returns a job object. Otherwise, the object that Get-WmiObject returns depends on the value of the Class parameter.

NOTES

To access WMI information on a remote computer, the cmdlet must run under an account that is a member of the local administrators group on the remote computer. Alternatively, the default access control on the WMI namespace of the remote repository can be changed to give other account access rights.

By default, only some of the properties of a WMI class are displayed. The set of properties that will be displayed for each WMI class is specified in the Types.ps1xml configuration file. One of the examples included in this Help topic demonstrates how to override this behavior by using the Format-List cmdlet.

————————– EXAMPLE 1 ————————–

C:\PS>Get-WmiObject win32_process

    __GENUS                    : 2
    __CLASS                    : Win32_Process
    __SUPERCLASS             : CIM_Process
    __DYNASTY                 : CIM_ManagedSystemElement
    __RELPATH                 : Win32_Process.Handle=”0″
    __PROPERTY_COUNT         : 45
    __DERIVATION             : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER                 : SYSTEM01
    __NAMESPACE                : root\cimv2
    __PATH                     : \\SYSTEM01\root\cimv2:Win32_Process.Handle=”0″
    Caption                    : System Idle Process
    CommandLine                :
    CreationClassName         : Win32_Process
    CreationDate             :
    CSCreationClassName        : Win32_ComputerSystem
    CSName                     : SYSTEM01
    Description                : System Idle Process
    ExecutablePath             :
    ExecutionState             :
    Handle                     : 0
    HandleCount                : 0
    InstallDate                :
    KernelModeTime             : 6138394740432
    MaximumWorkingSetSize     :
    MinimumWorkingSetSize     :
    Name                     : System Idle Process
    OSCreationClassName        : Win32_OperatingSystem
    OSName                     : Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition3
    OtherOperationCount        : 0
    OtherTransferCount         : 0
    PageFaults                 : 0
    PageFileUsage             : 0
    ParentProcessId            : 0
    PeakPageFileUsage         : 0
    PeakVirtualSize            : 0
    PeakWorkingSetSize         : 0
    Priority                 : 0
    PrivatePageCount         : 0
    ProcessId                 : 0
    QuotaNonPagedPoolUsage     : 0
    QuotaPagedPoolUsage        : 0
    QuotaPeakNonPagedPoolUsage : 0
    QuotaPeakPagedPoolUsage    : 0
    ReadOperationCount         : 0
    ReadTransferCount         : 0
    SessionId                 : 0
    Status                     :
    TerminationDate            :
    ThreadCount                : 2
    UserModeTime             : 0
    VirtualSize                : 0
    WindowsVersion             : 6.0.6001
    WorkingSetSize             : 24576
    WriteOperationCount        : 0
    WriteTransferCount         : 0
    ProcessName                : System Idle Process
    Handles                    : 0
    VM                         : 0
    WS                         : 24576
    Path                     :

…

    Description
    ———–
    This command displays information about all the processes that are running on a computer.

————————– EXAMPLE 2 ————————–

C:\PS>Get-WmiObject win32_service -ComputerName 127.0.0.1

    __GENUS                    : 2
    __CLASS                    : Win32_Process
    __SUPERCLASS             : CIM_Process
    __DYNASTY                 : CIM_ManagedSystemElement
    __RELPATH                 : Win32_Process.Handle=”0″
    __PROPERTY_COUNT         : 45
    __DERIVATION             : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER                 : SYSTEM02
    __NAMESPACE                : root\cimv2
    __PATH                     : \\SYSTEM02\root\cimv2:Win32_Process.Handle=”0″
    Caption                    : System Idle Process
    CommandLine                :
    CreationClassName         : Win32_Process
    CreationDate             :
    CSCreationClassName        : Win32_ComputerSystem
    CSName                     : SYSTEM02
    Description                : System Idle Process
    ExecutablePath             :
    ExecutionState             :
    Handle                     : 0
    HandleCount                : 0
    InstallDate                :
    KernelModeTime             : 6138394740432
    MaximumWorkingSetSize     :
    MinimumWorkingSetSize     :
    Name                     : System Idle Process
    OSCreationClassName        : Win32_OperatingSystem
    OSName                     : Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition3
    OtherOperationCount        : 0
    OtherTransferCount         : 0
    PageFaults                 : 0
    PageFileUsage             : 0
    ParentProcessId            : 0
    PeakPageFileUsage         : 0
    PeakVirtualSize            : 0
    PeakWorkingSetSize         : 0
    Priority                 : 0
    PrivatePageCount         : 0
    ProcessId                 : 0
    QuotaNonPagedPoolUsage     : 0
    QuotaPagedPoolUsage        : 0
    QuotaPeakNonPagedPoolUsage : 0
    QuotaPeakPagedPoolUsage    : 0
    ReadOperationCount         : 0
    ReadTransferCount         : 0
    SessionId                 : 0
    Status                     :
    TerminationDate            :
    ThreadCount                : 2
    UserModeTime             : 0
    VirtualSize                : 0
    WindowsVersion             : 6.0.6001
    WorkingSetSize             : 24576
    WriteOperationCount        : 0
    WriteTransferCount         : 0
    ProcessName                : System Idle Process
    Handles                    : 0
    VM                         : 0
    WS                         : 24576
    Path                     :

…

    Description
    ———–
    This command displays information about the services on the remote computer. It displays the information by specifying the Internet Protocol (IP) address 127.0.0.1. You can change this IP address to any other valid IP address on your network so that you can display information about the services on that remote computer. By default, the account you are running under must be a member of the local administrators group on the remote computer that you specify .

————————– EXAMPLE 3 ————————–

C:\PS>Get-WmiObject -Namespace “root/default” -list

NameSpace: ROOT\default

    Name                                Methods             Properties
    —-                                ——-             ———-
    __NotifyStatus                     {}                 {StatusCode}
    __ExtendedStatus                    {}                 {Description, Operation, ParameterInfo, ProviderName…}
    __SecurityRelatedClass             {}                 {}
    __Trustee                         {}                 {Domain, Name, SID, SidLength…}
    __NTLMUser9X                        {}                 {Authority, Flags, Mask, Name…}
    __ACE                             {}                 {AccessMask, AceFlags, AceType, GuidInheritedObjectType…}
    __SecurityDescriptor                {}                 {ControlFlags, DACL, Group, Owner…}
    __PARAMETERS                        {}                 {}
    __SystemClass                     {}                 {}
    __ProviderRegistration             {}                 {provider}
    __EventProviderRegistration         {}                 {EventQueryList, provider}
    __ObjectProviderRegistration        {}                 {InteractionType, provider, QuerySupportLevels, SupportsBat…
    __ClassProviderRegistration         {}                 {CacheRefreshInterval, InteractionType, PerUserSchema, prov…
    __InstanceProviderRegistration     {}                 {InteractionType, provider, QuerySupportLevels, SupportsBat…
    __MethodProviderRegistration        {}                 {provider}
    __PropertyProviderRegistration     {}                 {provider, SupportsGet, SupportsPut}
    __EventConsumerProviderRegistration {}                 {ConsumerClassNames, provider}
    __thisNAMESPACE                     {}                 {SECURITY_DESCRIPTOR}
    __NAMESPACE                         {}                 {Name}
    __IndicationRelated                 {}                 {}
    __FilterToConsumerBinding         {}                 {Consumer, CreatorSID, DeliverSynchronously, DeliveryQoS…}
    __EventConsumer                     {}                 {CreatorSID, MachineName, MaximumQueueSize}
    LogFileEventConsumer                {}                 {CreatorSID, Filename, IsUnicode, MachineName…}
    ActiveScriptEventConsumer         {}                 {CreatorSID, KillTimeout, MachineName, MaximumQueueSize…}
    NTEventLogEventConsumer             {}                 {Category, CreatorSID, EventID, EventType…}
    SMTPEventConsumer                 {}                 {BccLine, CcLine, CreatorSID, FromLine…}
    CommandLineEventConsumer            {}                 {CommandLineTemplate, CreateNewConsole, CreateNewProcessGro…
    __AggregateEvent                    {}                 {NumberOfEvents, Representative}
    __TimerNextFiring                 {}                 {NextEvent64BitTime, TimerId}
    __EventFilter                     {}                 {CreatorSID, EventAccess, EventNamespace, Name…}
    __Event                             {}                 {SECURITY_DESCRIPTOR, TIME_CREATED}
    __NamespaceOperationEvent         {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __NamespaceModificationEvent        {}                 {PreviousNamespace, SECURITY_DESCRIPTOR, TargetNamespace, T…
    __NamespaceDeletionEvent            {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __NamespaceCreationEvent            {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __ClassOperationEvent             {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __ClassDeletionEvent                {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __ClassModificationEvent            {}                 {PreviousClass, SECURITY_DESCRIPTOR, TargetClass, TIME_CREA…
    __ClassCreationEvent                {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __InstanceOperationEvent            {}                 {SECURITY_DESCRIPTOR, TargetInstance, TIME_CREATED}
    __InstanceCreationEvent             {}                 {SECURITY_DESCRIPTOR, TargetInstance, TIME_CREATED}

…

    Description
    ———–
    This command displays the WMI classes in the root or default namespace of the local computer.

————————– EXAMPLE 4 ————————–

C:\PS>Get-WmiObject -query “select * from win32_service where name=’WinRM'” -ComputerName server01, server02

    ExitCode : 0
    Name     : WinRM
    ProcessId : 1708
    StartMode : Auto
    State     : Running
    Status    : OK

    ExitCode : 0
    Name     : WinRM
    ProcessId : 948
    StartMode : Auto
    State     : Running
    Status    : OK

    Description
    ———–
    This command displays information about the WinRM service on the computers that are specified in the ComputerName parameter.

————————– EXAMPLE 5 ————————–

C:\PS>(Get-WmiObject win32_service -Filter “name=’WinRM'” -ComputerName server01).StopService()

    __GENUS         : 2
    __CLASS         : __PARAMETERS
    __SUPERCLASS     :
    __DYNASTY        : __PARAMETERS
    __RELPATH        :
    __PROPERTY_COUNT : 1
    __DERIVATION     : {}
    __SERVER         :
    __NAMESPACE     :
    __PATH         :
    ReturnValue     : 0

Another query using Get-WmiObject -query “select * from win32_service where name=’WinRM'” -ComputerName server01, shows the service as stopped.

    ExitCode : 0
    Name     : WinRM
    ProcessId : 0
    StartMode : Auto
    State     : Stopped
    Status    : OK

    Description
    ———–
    This command stops the WinRM service on the Server01 remote computer. The command uses the standard Get-WmiObject command and adds a call to the StopService method of the Win32_Service WMI class.

————————– EXAMPLE 6 ————————–

C:\PS>Get-WmiObject win32_bios | Format-List *

    Status                : OK
    Name                 : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    Caption             : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    SMBIOSPresent         : True
    __GENUS             : 2
    __CLASS             : Win32_BIOS
    __SUPERCLASS         : CIM_BIOSElement
    __DYNASTY             : CIM_ManagedSystemElement
    __RELPATH             : Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementID=”Phoenix ROM BIOS
                             PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSystem=0,Version=”DELL – 14”
    __PROPERTY_COUNT     : 27
    __DERIVATION         : {CIM_BIOSElement, CIM_SoftwareElement, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER             : SERVER01
    __NAMESPACE         : root\cimv2
    __PATH                : \\SERVER01\root\cimv2:Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,Software
                            ElementID=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSys
                            tem=0,Version=”DELL – 14”
    BiosCharacteristics : {7, 9, 10, 11…}
    BIOSVersion         : {DELL – 14, Phoenix ROM BIOS PLUS Version 1.10 2.3.1 , Phoenix ROM BIOS PLUS Version 1.10 2.3
                            .1 , Phoenix ROM BIOS PLUS Version 1.10 2.3.1 }
    BuildNumber         :
    CodeSet             :
    CurrentLanguage     : en|US|iso8859-1
    Description         : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    IdentificationCode    :
    InstallableLanguages : 1
    InstallDate         :
    LanguageEdition     :
    ListOfLanguages     : {en|US|iso8859-1}
    Manufacturer         : Dell Inc.
    OtherTargetOS         :
    PrimaryBIOS         : True
    ReleaseDate         : 20070521000000.000000+000
    SerialNumber         : 8PWRVD1
    SMBIOSBIOSVersion     : 2.3.1
    SMBIOSMajorVersion    : 2
    SMBIOSMinorVersion    : 3
    SoftwareElementID     : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    SoftwareElementState : 3
    TargetOperatingSystem : 0
    Version             : DELL – 14
    Scope                 : System.Management.ManagementScope
    Path                 : \\SERVER01\root\cimv2:Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,Software
                            ElementID=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSys
                            tem=0,Version=”DELL – 14”
    Options             : System.Management.ObjectGetOptions
    ClassPath             : \\SERVER01\root\cimv2:Win32_BIOS
    Properties            : {BiosCharacteristics, BIOSVersion, BuildNumber, Caption…}
    SystemProperties     : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY…}
    Qualifiers            : {dynamic, Locale, provider, UUID}
    Site                 :
    Container             :

    Description
    ———–
    This command displays BIOS information. It displays all the properties of the WMI class, not just the properties that are specified in the Types.ps1xml configuration file.

————————– EXAMPLE 7 ————————–

C:\PS>Get-WmiObject win32_service -Credential FABRIKAM\administrator -computer fabrikam

    ExitCode : 0
    Name     : AeLookupSvc
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 1077
    Name     : ALG
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 1077
    Name     : AppIDSvc
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 0
    Name     : Appinfo
    ProcessId : 888
    StartMode : Manual
    State     : Running
    Status    : OK

    ExitCode : 1077
    Name     : AppMgmt
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

…

    Description
    ———–
    This command displays service information on a computer named Fabrikam. It specifies a user account name by using the Credential parameter, which causes a dialog box to be displayed in which you enter the corresponding password.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113337
    Invoke-WmiMethod
    Remove-WmiObject
    Set-WmiInstance
    Get-WSManInstance
    Invoke-WSManAction
    New-WSManInstance
    Remove-WSManInstance

cmdlet, Get, Service

Get-Service

February 26, 2014 Adam

NAME
Get-Service

SYNOPSIS
Gets the services on a local or remote computer.

SYNTAX
Get-Service [[-Name] <string[]>] [-ComputerName <string[]>] [-DependentServices] [-Exclude <string[]>] [-Include <string[]>] [-RequiredServices] [<CommonParameters>]

Get-Service -DisplayName <string[]> [-ComputerName <string[]>] [-DependentServices] [-Exclude <string[]>] [-Include <string[]>] [-RequiredServices] [<CommonParameters>]

Get-Service [-InputObject <ServiceController[]>] [-ComputerName <string[]>] [-DependentServices] [-Exclude <string[]>] [-Include <string[]>] [-RequiredServices] [<CommonParameters>]

DESCRIPTION
The Get-Service cmdlet gets objects that represent the services on a local computer or on a remote computer, including running and stopped services.

You can direct Get-Service to get only particular services by specifying the service name or display name of the services, or you can pipe service objects to Get-Service.

PARAMETERS
-ComputerName <string[]>
Gets the services running on the specified computers. The default is the local computer.

Type the NetBIOS name, an IP address, or a fully qualified domain name of a remote computer. To specify the local computer, type the computer name, a dot (.), or “localhost”.

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Service even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value                Localhost
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-DependentServices [<SwitchParameter>]
Gets only the services that depend upon the specified service.

By default, Get-Service gets all services.

        Required?                    false
        Position?                    named
        Default value                False
        Accept pipeline input?     false
        Accept wildcard characters? false

-DisplayName <string[]>
Specifies the display names of services to be retrieved. Wildcards are permitted. By default, Get-Service gets all services on the computer.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Exclude <string[]>
Omits the specified services. The value of this parameter qualifies the Name parameter. Enter a name element or pattern, such as “s*”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Include <string[]>
Retrieves only the specified services. The value of this parameter qualifies the Name parameter. Enter a name element or pattern, such as “s*”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-InputObject <ServiceController[]>
Specifies ServiceController objects representing the services to be retrieved. Enter a Variable that contains the objects, or type a command or expression that gets the objects. You can also pipe a service object to Get-Service.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

-Name <string[]>
Specifies the service names of services to be retrieved. Wildcards are permitted. By default, Get-Service gets all of the services on the computer.

        Required?                    false
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue, ByPropertyName)
        Accept wildcard characters? true

-RequiredServices [<SwitchParameter>]
Gets only the services that this service requires.

This parameter gets the value of the ServicesDependedOn property of the service. By default, Get-Service gets all services.

INPUTS
System.ServiceProcess.ServiceController, System.String
You can pipe a service object or a service name to Get-Service.

OUTPUTS
System.ServiceProcess.ServiceController
Get-Service returns objects that represent the services on the computer.

NOTES

You can also refer to Get-Service by its built-in Alias, “gsv”. For more information, see about_aliases.

Get-Service can display services only when the current user has permission to see them. If Get-Service does not display services, you might not have permission to see them.

To find the service name and display name of each service on your system, type “Get-Service“. The service names appear in the Name column, and the display names appear in the DisplayName column.

When you sort in ascending order by status value, “Stopped” services appear before “Running” services. The Status property of a service is an enumerated value in which the names of the statuses represent integer values. The sort is based on the integer value, not the name. “Running” appears before “Stopped” because “Stopped” has a value of “1”, and “Running” has a value of “4”.

————————– EXAMPLE 1 ————————–

C:\PS>Get-Service

    Description
    ———–
    This command retrieves all of the services on the system. It behaves as though you typed “Get-Service *”. The default display shows the status, service name, and display name of each service.

————————– EXAMPLE 2 ————————–

C:\PS>Get-Service wmi*

    Description
    ———–
    This command retrieves services with service names that begin with “WMI” (the acronym for Windows Management Instrumentation).

————————– EXAMPLE 3 ————————–

C:\PS>Get-Service -displayname *network*

    Description
    ———–
    This command displays services with a display name that includes the word
    “network”. Searching the display name finds network-related services even when the service name does not include “Net”, such as xmlprov, the Network Provisioning Service.

————————– EXAMPLE 4 ————————–

C:\PS>Get-Service -Name win* -Exclude winrm

    Description
    ———–
    These commands get only the services with service names that begin with “win”, except for the WinRM service.

————————– EXAMPLE 5 ————————–

C:\PS>Get-Service | Where-Object {$_.Status -eq “Running”}

    Description
    ———–
    This command displays only the services that are currently running. It uses the Get-Service cmdlet to get all of the services on the computer. The pipeline operator (|) passes the results to the Where-Object cmdlet, which selects only the services with a Status property that equals “Running”.

Status is only one property of service objects. To see all of the properties, type “Get-Service | Get-Member“.

————————– EXAMPLE 6 ————————–

C:\PS>Get-Service -ComputerName Server02

    Description
    ———–
    This command gets the services on the Server02 remote computer.

Because the ComputerName parameter of Get-Service does not use Windows PowerShell remoting, you can use this parameter even if the computer is not configured for remoting in Windows PowerShell.

————————– EXAMPLE 7 ————————–

C:\PS>Get-Service | Where-Object {$_.DependentServices} | Format-List -property Name, DependentServices, @{Label=”NoOfDependentS
ervices”; Expression={$_.dependentservices.count}}

    Name                 : AudioEndpointBuilder
    DependentServices     : {AudioSrv}
    NoOfDependentServices : 1

    Name                 : Dhcp
    DependentServices     : {WinHttpAutoProxySvc}
    NoOfDependentServices : 1
    …

    Description
    ———–
    These commands list the services on the computer that have dependent services.

The first command uses the Get-Service cmdlet to get the services on the computer. A pipeline operator (|) sends the services to the Where-Object cmdlet, which selects the services whose DependentServices property is not null.

Another pipeline operator sends the results to the Format-List cmdlet. The command uses its Property parameter to display the name of the service, the name of the dependent services, and a calculated property that displays the number of dependent services that each service has.

————————– EXAMPLE 8 ————————–

C:\PS>C:\PS> Get-Service s* | Sort-Object status

    Status Name             DisplayName
    —— —-             ———–
    Stopped stisvc             Windows Image Acquisition (WIA)
    Stopped SwPrv             MS Software Shadow Copy Provider
    Stopped SysmonLog         Performance Logs and Alerts
    Running Spooler            Print Spooler
    Running srservice         System Restore Service
    Running SSDPSRV            SSDP Discovery Service
    Running ShellHWDetection Shell Hardware Detection
    Running Schedule         Task Scheduler
    Running SCardSvr         Smart Card
    Running SamSs             Security Accounts Manager
    Running SharedAccess     Windows Firewall/Internet Connectio…
    Running SENS             System Event Notification
    Running seclogon         Secondary Logon

C:\PS> Get-Service s* | Sort-Object status -descending

    Status Name             DisplayName
    —— —-             ———–
    Running ShellHWDetection Shell Hardware Detection
    Running SharedAccess     Windows Firewall/Internet Connectio…
    Running Spooler            Print Spooler
    Running SSDPSRV            SSDP Discovery Service
    Running srservice         System Restore Service
    Running SCardSvr         Smart Card
    Running SamSs             Security Accounts Manager
    Running Schedule         Task Scheduler
    Running SENS             System Event Notification
    Running seclogon         Secondary Logon
    Stopped SysmonLog         Performance Logs and Alerts
    Stopped SwPrv             MS Software Shadow Copy Provider
    Stopped stisvc             Windows Image Acquisition (WIA)

    Description
    ———–
    This command shows that when you sort services in ascending order by the value of their Status property, stopped services appear before running services. This happens because the value of Status is an enumeration, in which “Stopped” has a value of “1”, and “Running” has a value of 4.

To list running services first, use the Descending parameter of the Sort-Object cmdlet.

————————– EXAMPLE 9 ————————–

C:\PS>Get-Service -Name winrm -ComputerName localhost, Server01, Server02 | Format-Table -property MachineName, Status, Name, DisplayName -auto

    MachineName    Status Name DisplayName
    ———— —— —- ———–
    localhost     Running WinRM Windows Remote Management (WS-Management)
    Server01     Running WinRM Windows Remote Management (WS-Management)
    Server02     Running WinRM Windows Remote Management (WS-Management)

    Description
    ———–
    This command uses the Get-Service cmdlet to run a “Get-Service Winrm” command on two remote computers and the local computer (“localhost”).

The Get-Service command runs on the remote computers, and the results are returned to the local computer. A pipeline operator (|) sends the results to the Format-Table cmdlet, which formats the services as a table. The Format-Table command uses the Property parameter to specify the properties displayed in the table, including the MachineName property.

————————– EXAMPLE 10 ————————–

C:\PS>Get-Service winrm -RequiredServices

    Description
    ———–
    This command gets the services that the WinRM service requires.

The command returns the value of the ServicesDependedOn property of the service.

————————– EXAMPLE 11 ————————–

C:\PS>”winrm” | Get-Service

    Description
    ———–
    This command gets the WinRM service on the local computer. This example shows that you can pipe a service name string (enclosed in quotation marks) to Get-Service.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113332
    Start-Service
    Stop-Service
    Restart-Service
    Resume-Service
    Suspend-Service
    Set-Service
    New-Service

cmdlet, Get, PSSession

Get-PSSession

February 26, 2014 Adam

NAME
Get-PSSession

SYNOPSIS
Gets the Windows PowerShell sessions (PSSessions) in the current session.

SYNTAX
Get-PSSession [[-ComputerName] <string[]>] [<CommonParameters>]

Get-PSSession [-Id] <Int32[]> [<CommonParameters>]

Get-PSSession [-InstanceId <Guid[]>] [<CommonParameters>]

Get-PSSession [-Name <string[]>] [<CommonParameters>]

DESCRIPTION
The Get-PSSession cmdlet gets the Windows PowerShell sessions (PSSessions) that were created in the current session.

Without parameters, Get-PSSession gets all of the PSSessions created in the current session. You can use the parameters of Get-PSSession to get the sessions that are connected to particular computers, or you can identify sessions by their names, IDs, or instance IDs.

For more information about Windows PowerShell sessions, see about_pssessions.

PARAMETERS
-ComputerName <string[]>
Gets only the PSSessions that are connected to the specified computers. Wildcards are permitted.

Type the NetBIOS name, an IP address, or a fully-qualified domain name of one or more computers. To specify the local computer, type the computer name, “localhost”, or a dot (.).

        Required?                    false
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? true

-Id <Int32[]>
Gets only the PSSessions with the specified IDs. Type one or more IDs (separated by commas), or use the range operator (..) to specify a range of IDs.

An ID is an integer that uniquely identifies the PSSession in the current session. It is easier to remember and type than the InstanceId, but it is unique only within the current session. To find the ID of a PSSession, use Get-PSSession without parameters.

        Required?                    true
        Position?                    1
        Default value                All sessions in the shell
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-InstanceId <Guid[]>
Gets only the PSSessions with the specified instance IDs.

The instance ID is a GUID that uniquely identifies a PSSession on a local or remote computer. The InstanceID is unique, even when you have multiple sessions running in Windows PowerShell.

The InstanceID is stored in the InstanceID property of the object that represents a PSSession. To find the InstanceID of the PSSessions in the current session, type “Get-PSSession | Format-Table Name, ComputerName, InstanceId”.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? true

-Name <string[]>
Gets only the PSSessions with the specified friendly names. Wildcards are permitted.

To find the names of the PSSessions in the current session, type “Get-PSSession” without parameters.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? true

INPUTS
None
You cannot pipe input to this cmdlet.

OUTPUTS
System.Management.Automation.Runspaces.PSSession
Get-PSSession returns a PSSession object for each PSSession that it gets.

NOTES

Get-PSSession gets the PSSessions that were created in the current session. It does not get the session that is created when you open Windows PowerShell, and it does not get PSSessions that were created in other sessions or on other computers, even if they connect to the local computer.

————————– EXAMPLE 1 ————————–

C:\PS>Get-PSSession

    Description
    ———–
    This command gets all of the PSSessions that were created in the current session.

It does not get PSSessions that were created in other sessions or on other computers, even if they connect to this computer.

————————– EXAMPLE 2 ————————–

C:\PS>$s = Get-PSSession -ComputerName Server02

    Description
    ———–
    This command gets the PSSessions that are connected to the Server02 computer and saves them in the $p Variable.

————————– EXAMPLE 3 ————————–

C:\PS>New-PSSession -ComputerName Server01, Server02, Server03

C:\PS> $s1, $s2, $s3 = Get-PSSession

    Description
    ———–
    This example shows how to save the results of a Get-PSSession command in multiple Variables.

The first command uses the New-PSSession cmdlet to create PSSessions on three remote computers.

The second command uses a Get-PSSession cmdlet to get the three PSSessions. It then saves each of the PSSessions in a separate Variable.

When Windows PowerShell assigns an array of objects to an array of Variables, it assigns the first object to the first Variable, the second object to the second Variable, and so on. If there are more objects than Variables, it assigns all remaining objects to the last Variable in the array. If there are more Variables than objects, the extra Variables are not used.

————————– EXAMPLE 4 ————————–

C:\PS>Get-PSSession | Format-Table -property computername, InstanceID

C:\PS> $s = Get-PSSession -InstanceID a786be29-a6bb-40da-80fb-782c67f7db0f

C:\PS> Remove-PSSession -session $s

    Description
    ———–
    This example shows how to get a PSSession by using its instance ID, and then to delete the PSSession.

The first command gets all of the PSSessions on the local computer. It sends the PSSessions to the Format-Table cmdlet, which displays the ComputerName and InstanceID properties of each PSSession.

The second command uses the Get-PSSession cmdlet to get a particular PSSession and to save it in the $s Variable. The command uses the InstanceID parameter to identify the PSSession.

The third command uses the Remove-PSSession cmdlet to delete the PSSession in the $s Variable.

————————– EXAMPLE 5 ————————–

C:\PS>Get-PSSession -ComputerName Serv*

    Description
    ———–
    This command gets all the PSSessions that connect to computers that have computer names that begin with “Serv”.

————————– EXAMPLE 6 ————————–

C:\PS>Get-PSSession -name Test*, Ux*

    Description
    ———–
    This command gets PSSessions that have names that begin with “Test” or “Ux”.

————————– EXAMPLE 7 ————————–

C:\PS>Get-PSSession 2

    Description
    ———–
    This command gets the PSSession with ID 2.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=135219
    about_pssessions
    about_remote
    New-PSSession
    Remove-PSSession
    Enter-PSSession
    Exit-PSSession
    Invoke-Command

cmdlet, Get, Process

Get-Process

February 26, 2014 Adam

NAME
Get-Process

SYNOPSIS
Gets the processes that are running on the local computer or a remote computer.

SYNTAX
Get-Process [[-Name] <string[]>] [-ComputerName <string[]>] [-FileVersionInfo] [-Module] [<CommonParameters>]

Get-Process -Id <Int32[]> [-ComputerName <string[]>] [-FileVersionInfo] [-Module] [<CommonParameters>]

Get-Process -InputObject <Process[]> [-ComputerName <string[]>] [-FileVersionInfo] [-Module] [<CommonParameters>]

DESCRIPTION
The Get-Process cmdlet gets the processes on a local or remote computer.

Without parameters, Get-Process gets all of the processes on the local computer. You can also specify a particular process by process name or process ID (PID) or pass a process object through the pipeline to Get-Process.

By default, Get-Process returns a process object that has detailed information about the process and supports methods that let you start and stop the process. You can also use the parameters of Get-Process to get file version information for the program that runs in the process and to get the modules that the process loaded.

PARAMETERS
-ComputerName <string[]>
Gets the processes running on the specified computers. The default is the local computer.

Type the NetBIOS name, an IP address, or a fully qualified domain name of one or more computers. To specify the local computer, type the computer name, a dot (.), or “localhost”.

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Process even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-FileVersionInfo [<SwitchParameter>]
Gets the file version information for the program that runs in the process.

On Windows Vista and later versions of Windows, you must open Windows PowerShell with the “Run as administrator” option to use this parameter on processes that you do not own.

Using this parameter is equivalent to getting the MainModule.FileVersionInfo property of each process object. When you use this parameter, Get-Process returns a FileVersionInfo object (System.Diagnostics.FileVersionInfo), not a process object. So, you cannot pipe the output of the command to a cmdlet that expects a process object, such as Stop-Process.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Id <Int32[]>
Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separate the IDs. To find the PID of a process, type “Get-Process“.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-InputObject <Process[]>
Specifies one or more process objects. Enter a Variable that contains the objects, or type a command or expression that gets the objects.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

-Module [<SwitchParameter>]
Gets the modules that have been loaded by the processes.

On Windows Vista and later versions of Windows, you must open Windows PowerShell with the “Run as administrator” option to use this parameter on processes that you do not own.

This parameter is equivalent to getting the Modules property of each process object. When you use this parameter, Get-Process returns a ProcessModule object (System.Diagnostics.ProcessModule), not a process object. So, you cannot pipe the output of the command to a cmdlet that expects a process object, such as Stop-Process.

When you use both the Module and FileVersionInfo parameters in the same command, Get-Process returns a FileVersionInfo object with information about the file version of all modules.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Name <string[]>
Specifies one or more processes by process name. You can type multiple process names (separated by commas) or use wildcard characters. The parameter name (“Name”) is optional.

        Required?                    false
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? true

INPUTS
System.Diagnostics.Process
You can pipe a process object to Get-Process.

OUTPUTS
System.Diagnostics.Process, System.Diagnotics.FileVersionInfo, System.Diagnostics.ProcessModule
By default, Get-Process returns a System.Diagnostics.Process object. If you use the FileVersionInfo parameter, it returns a System.Diagnotics.FileVersionInfo object. If you use the Module parameter (without the FileVersionInfo parameter), it returns a System.Diagnostics.ProcessModule object.

NOTES

You cannot use the Name, ID, and InputObject parameters in the same command.

You can also refer to Get-Process by its built-in Aliases, “ps” and “gps”. For more information, see about_aliases.

You can also use the properties and methods of the WMI Win32_Process object in Windows PowerShell. For information, see Get-WmiObject and the Windows Management Instrumentation (WMI) SDK.

The default display of a process is a table that includes the following columns:

— Handles: The number of handles that the process has opened.

— NPM(K): The amount of non-paged memory that the process is using, in kilobytes.

— PM(K): The amount of pageable memory that the process is using, in kilobytes.

— WS(K): The size of the working set of the process, in kilobytes. The working set consists of the pages of memory that were recently referenced by the process.

— VM(M): The amount of virtual memory that the process is using, in megabytes. Virtual memory includes storage in the paging files on disk.

— CPU(s): The amount of processor time that the process has used on all processors, in seconds.

— ID: The process ID (PID) of the process.

— ProcessName: The name of the process.

For explanations of the concepts related to processes, see the Glossary in Help and Support Center and the Help for Task Manager.

You can also use the built-in alternate views of the processes available with Format-Table, such as “StartTime” and “Priority”, and you can design your own views. For more information, see Format-Table.

————————– EXAMPLE 1 ————————–

C:\PS>Get-Process

    Description
    ———–
    This command gets a list of all of the running processes running on the local computer. For a definition of each column, see the “Additional Notes” section of the Help topic for Get-Help.

————————– EXAMPLE 2 ————————–

C:\PS>Get-Process winword, explorer | Format-List *

    Description
    ———–
    This command gets all available data about the Winword and Explorer processes on the computer. It uses the Name parameter to specify the processes, but it omits the optional parameter name. The pipeline operator (|) passes the data to the Format-List cmdlet, which displays all available properties (*) of the Winword and Explorer process objects.

You can also identify the processes by their process IDs. For example, “Get-Process -id 664, 2060″.

————————– EXAMPLE 3 ————————–

C:\PS>Get-Process | Where-Object {$_.WorkingSet -gt 20000000}

    Description
    ———–
    This command gets all processes that have a working set greater than 20 MB. It uses the Get-Process cmdlet to get all running processes. The pipeline operator (|) passes the process objects to the Where-Object cmdlet, which selects only the object with a value greater than 20,000,000 bytes for the WorkingSet property.

WorkingSet is one of many properties of process objects. To see all of the properties, type “Get-Process | Get-Member“. By default, the values of all amount properties are in bytes, even though the default display lists them in kilobytes and megabytes.

————————– EXAMPLE 4 ————————–

C:\PS>$a = Get-Process

C:\PS> Get-Process -inputobject $a | Format-Table -view priority

    Description
    ———–
    These commands list the processes on the computer in groups based on their priority class.

The first command gets all the processes on the computer and then stores them in the $a Variable.

The second command uses the InputObject parameter to pass the process objects that are stored in the $a Variable to the Get-Process cmdlet. The pipeline operator passes the objects to the Format-Table cmdlet, which formats the processes by using the Priority view.

The priority view, and other views, are defined in the PS1XML format files in the Windows PowerShell home directory ($pshome).

————————– EXAMPLE 5 ————————–

C:\PS>Get-Process powershell -ComputerName S1, localhost | ft @{Label=”NPM(K)”;Expression={[int]($_.NPM/1024)}}, @{Label=”PM(K)”;Expression={[int]($_.PM/1024)}},@{Label=”WS(K)”;Expression={[int]($_.WS/1024)}},@{Label=”VM(M)”;Expression={[int]($_.VM/1MB)}}, @{Label=”CPU(s)”;Expression={if ($_.CPU -ne $()) { $_.CPU.ToString(“N”)}}}, Id, MachineName, ProcessName -auto

    NPM(K) PM(K) WS(K) VM(M) CPU(s) Id MachineName ProcessName
    —— —– —– —– —— — ———– ———–
         6 23500 31340 142        1980 S1         powershell
         6 23500 31348 142        4016 S1         powershell
        27 54572 54520 576        4428 localhost powershell

    Description
    ———–
    This example provides a Format-Table (alias = ft) command that adds the MachineName property to the standard Get-Process output display.

————————– EXAMPLE 6 ————————–

C:\PS>Get-Process powershell -FileVersionInfo

    ProductVersion FileVersion     FileName
    ————– ———–     ——–
    6.1.6713.1     6.1.6713.1 (f… C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe

    Description
    ———–
    This command uses the FileVersionInfo parameter to get the version information for the PowerShell.exe file that is the main module for the PowerShell process.

To run this command with processes that you do not own on Windows Vista and later versions of Windows, you must open Windows PowerShell with the “Run as administrator” option.

————————– EXAMPLE 7 ————————–

C:\PS>Get-Process sql* -Module

    Description
    ———–
    This command uses the Module parameter to get the modules that have been loaded by the process. This command gets the modules for the processes that have names that begin with “sql”.

To run this command on Windows Vista (and later versions of Windows) with processes that you do not own, you must start Windows PowerShell with the “Run as administrator” option.

————————– EXAMPLE 8 ————————–

C:\PS>$p = Get-WmiObject win32_process -filter “name=’powershell.exe'”

C:\PS> $p.getowner()

    __GENUS         : 2
    __CLASS         : __PARAMETERS
    __SUPERCLASS     :
    __DYNASTY        : __PARAMETERS
    __RELPATH        :
    __PROPERTY_COUNT : 3
    __DERIVATION     : {}
    __SERVER         :
    __NAMESPACE     :
    __PATH         :
    Domain         : DOMAIN01
    ReturnValue     : 0
    User             : user01

    Description
    ———–
    This command shows how to find the owner of a process. Because the System.Diagnostics.Process object that Get-Process returns does not have a property or method that returns the process owner, the command uses
    the Get-WmiObject cmdlet to get a Win32_Process object that represents the same process.

The first command uses Get-WmiObject to get the PowerShell process. It saves it in the $p Variable.

The second command uses the GetOwner method to get the owner of the process in $p. The command reveals that the owner is Domain01\user01.

————————– EXAMPLE 9 ————————–

C:\PS>Get-Process powershell

C:\PS> Get-Process -id $pid

C:\PS> Get-Process powershell

    Handles NPM(K)    PM(K)     WS(K) VM(M) CPU(s)     Id ProcessName
    ——- ——    —–     —– —– ——     — ———–
        308     26    52308     61780 567     3.18 5632 powershell
        377     26    62676     63384 575     3.88 5888 powershell

C:\PS> Get-Process -id $pid

    Handles NPM(K)    PM(K)     WS(K) VM(M) CPU(s)     Id ProcessName
    ——- ——    —–     —– —– ——     — ———–
        396     26    56488     57236 575     3.90 5888 powershell

    Description
    ———–
    These commands show how to use the $pid automatic Variable to identify the process that is hosting the current Windows PowerShell session. You can use this method to distinguish the host process from other PowerShell processes that you might want to stop or close.

The first command gets all of the PowerShell processes in the current session.

The second command gets the PowerShell process that is hosting the current session.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113324
    Get-Process
    Start-Process
    Stop-Process
    Wait-Process
    Debug-Process

cmdlet, Get, HotFix

Get-HotFix

February 26, 2014 Adam

NAME
Get-HotFix

SYNOPSIS
Gets the hotfixes that have been applied to the local and remote computers.

SYNTAX
Get-HotFix [[-Id] <string[]>] [-ComputerName <string[]>] [-Credential <PSCredential>] [<CommonParameters>]

Get-HotFix [-Description <string[]>] [-ComputerName <string[]>] [-Credential <PSCredential>] [<CommonParameters>]

DESCRIPTION
The Get-HotFix cmdlet gets the hotfixes that have been applied to the local computer or to remote computers by Component-Based Servicing.

PARAMETERS
-ComputerName <string[]>
Specifies a remote computer. The default is the local computer.

Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer.

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-HotFix even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value                Local computer
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

Type a user name, such as “User01” or “Domain01\User01”, or enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password.

        Required?                    false
        Position?                    named
        Default value                Current user
        Accept pipeline input?     false
        Accept wildcard characters? false

-Description <string[]>
Gets only hotfixes with the specified descriptions. Wildcards are permitted. The default is all hotfixes on the computer.

        Required?                    false
        Position?                    named
        Default value                All hotfixes
        Accept pipeline input?     false
        Accept wildcard characters? true

-Id <string[]>
Gets only hotfixes with the specified hotfix IDs. The default is all hotfixes on the computer.

        Required?                    false
        Position?                    1
        Default value                All hotfixes
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
None
You cannot pipe input to Get-HotFix.

OUTPUTS
System.Management.ManagementObject#root\CIMV2\Win32_QuickFixEngineering
Get-HotFix returns objects that represent the hotfixes on the computer.

NOTES

This cmdlet uses the Win32_QuickFixEngineering WMI class, which represents small system-wide updates of the operating system. Starting with Windows Vista, this class returns only the updates supplied by Component Based Servicing (CBS). It does not include updates that are supplied by Microsoft Windows Installer (MSI) or the Windows update site. For more information, see the Win32_QuickFixEngineering class topic in the Microsoft .NET Framework SDK at http://go.microsoft.com/fwlink/?LinkID=145071.

The output of this cmdlet might be different on different operating systems.

————————– EXAMPLE 1 ————————–

C:\PS>Get-HotFix

    Description
    ———–
    This command gets all hotfixes on the local computer.

————————– EXAMPLE 2 ————————–

C:\PS>Get-HotFix -description Security* -ComputerName Server01, Server02 -cred Server01\admin01

    Description
    ———–
    This command gets all hotfixes on the Server01 and Server02 computers that have a description that begins with “Security”.

————————– EXAMPLE 3 ————————–

C:\PS>$a = Get-Content servers.txt

C:\PS> $a | foreach { if (!(Get-HotFix -Id KB957095 -ComputerName $_)) { Add-Content $_ -path Missing-kb953631.txt }}

    Description
    ———–
    The commands in this example create a text file listing the names of computers that are missing a security update.

The commands use the Get-HotFix cmdlet to get the KB957095 security update on all of the computers whose names are listed in the Servers.txt file.

If a computer does not have the update, the Add-Content cmdlet writes the computer name in the Missing-KB953631.txt file.

————————– EXAMPLE 4 ————————–

C:\PS>(Get-HotFix | sort installedon)[-1]

    Description
    ———–
    This command gets the most recent hotfix on the computer.

It gets the hotfixes, sorts them by the value of the InstalledOn property, and then it uses array notation to select the last item in the array.

RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=135217
Get-ComputerRestorePoint

cmdlet, EventLog, Get

Get-EventLog

February 26, 2014 Adam

NAME
Get-EventLog

SYNOPSIS
Gets the events in an event log, or a list of the event logs, on the local or remote computers.

SYNTAX
Get-EventLog [-AsString] [-ComputerName <string[]>] [-List] [<CommonParameters>]

Get-EventLog [-LogName] <string> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before <DateTime>] [-ComputerName <string[]>] [-EntryType <string[]>] [-Index <Int32[]>] [-Message <string>] [-Newest <int>] [-Source <string[]>] [-UserName <string[]>] [<CommonParameters>]

DESCRIPTION
The Get-EventLog cmdlet gets events and event logs on the local and remote computers.

Use the parameters of Get-EventLog to search for events by using their property values. Get-EventLog gets only the events that match all of the specified property values.

The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.

PARAMETERS
-After <DateTime>
Gets only the events that occur after the specified date and time. Enter a DateTime object, such as the one returned by the Get-Date cmdlet.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-AsBaseObject [<SwitchParameter>]
Returns a standard System.Diagnostics.EventLogEntry object for each event. Without this parameter, Get-EventLog returns an extended PSObject object with additional EventLogName, Source, and InstanceId properties.

To see the effect of this parameter, pipe the events to the Get-Member cmdlet and examine the TypeName value in the result.

-AsString [<SwitchParameter>]
Returns the output as strings, instead of objects.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Before <DateTime>
Gets only the events that occur before the specified date and time. Enter a DateTime object, such as the one returned by the Get-Date cmdlet.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ComputerName <string[]>
Specifies a remote computer. The default is the local computer.

Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer. To specify the local computer, type the computer name, a dot (.), or “localhost”.

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-EventLog even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-EntryType <string[]>
Gets only events with the specified entry type. Valid values are Error, Information, FailureAudit, SuccessAudit, and Warning. The default is all events.

        Required?                    false
        Position?                    named
        Default value                All events
        Accept pipeline input?     false
        Accept wildcard characters? false

-Index <Int32[]>
Gets only events with the specified index values.

-InstanceId <Int64[]>
Gets only events with the specified instance IDs.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-List [<SwitchParameter>]
Gets a list of event logs on the computer.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-LogName <string>
Specifies the event log. Enter the log name (the value of the Log property; not the LogDisplayName) of one event log. Wildcard characters are not permitted. This parameter is required.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Message <string>
Gets events that have the specified string in their messages. You can use this property to search for messages that contain certain words or phrases. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? true

-Newest <int>
Specifies the maximum number of events retrieved. Get-EventLog gets the specified number of events, beginning with the newest event in the log.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Source <string[]>
Gets events that were written to the log by the specified sources. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? true

-UserName <string[]>
Gets only the events that are associated with the specified user names. Enter names or name patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? true

INPUTS
None.
You cannot pipe input to this cmdlet.

OUTPUTS
System.Diagnostics.EventLogEntry. System.Diagnostics.EventLog. System.String
If the LogName parameter is specified, the output is a collection of EventLogEntry objects (System.Diagnostics.EventLogEntry).

If only the List parameter is specified, the output is a collection of EventLog objects (System.Diagnostics.EventLog).

If both the List and AsString parameters are specified, the output is a collection of Strings (System.String).

NOTES

————————– EXAMPLE 1 ————————–

C:\PS>Get-Eventlog -list

    Description
    ———–
    This command displays information about the event logs on the computer.

————————– EXAMPLE 2 ————————–

C:\PS>Get-Eventlog -Newest 5 -LogName application

    Description
    ———–
    This command displays the five most recent entries in the Application event log.

————————– EXAMPLE 3 ————————–

C:\PS>$events = Get-Eventlog -LogName system -Newest 1000

C:\PS> $events | Group-Object -property source -noelement | Sort-Object -property count -descending

    Count Name
    —– —-
     75 Service Control Manager
     12 Print
        6 UmrdpService
        2 DnsApi
        2 DCOM
        1 Dhcp
        1 TermDD
        1 volsnap

    Description
    ———–
    This example shows how to find all of the sources that are represented in the 1000 most recent entries in the System event log.

The first command gets the 1,000 most recent entries from the System event log and stores them in the $events Variable.

The second command uses a pipeline operator (|) to send the events in $events to the Group-Object cmdlet, which groups the entries by the value of the Source property. The command uses a second pipeline operator to send the grouped events to the Sort-Object cmdlet, which sorts them in descending order, so the most frequently appearing source is listed first.

Source is just property of event log entries. To see all of the properties of an event log entry, pipe the events to the Get-Member cmdlet.

————————– EXAMPLE 4 ————————–

C:\PS>Get-Eventlog -LogName System -EntryType Error

    Description
    ———–
    This command gets only error events from the System event log.

————————– EXAMPLE 5 ————————–

C:\PS>Get-Eventlog -LogName System -InstanceId 3221235481 -Source “DCOM”

    Description
    ———–
    This command gets events from the System log that have an InstanceID of 3221235481 and a Source value of “DCOM.”

————————– EXAMPLE 6 ————————–

C:\PS>Get-Eventlog -LogName “Windows PowerShell” -ComputerName localhost, Server01, Server02

    Description
    ———–
    This command gets the events from the “Windows PowerShell” event log on three computers, Server01, Server02, and the local computer, known as “localhost”.

————————– EXAMPLE 7 ————————–

C:\PS>Get-Eventlog -LogName “Windows PowerShell” -Message “*failed*”

    Description
    ———–
    This command gets all the events in the Windows PowerShell event log that have a message value that includes the word “failed”.

————————– EXAMPLE 8 ————————–

C:\PS>$a = Get-Eventlog -log System -Newest 1

C:\PS> $a | Format-List -property *

    EventID            : 7036
    MachineName        : Server01
    Data             : {}
    Index             : 10238
    Category         : (0)
    CategoryNumber     : 0
    EntryType         : Information
    Message            : The description for Event ID
    Source             : Service Control Manager
    ReplacementStrings : {WinHTTP Web Proxy Auto-Disco
    InstanceId         : 1073748860
    TimeGenerated     : 4/11/2008 9:56:05 PM
    TimeWritten        : 4/11/2008 9:56:05 PM
    UserName         :
    Site             :
    Container         :

    Description
    ———–
    This example shows how to display all of the property values of an event.

The first command gets the newest event from the System event log and saves it in the $a Variable.

The second command uses a pipeline operator (|) to send the event in $a to the Format-List command, which displays all (*) of the event properties.

————————– EXAMPLE 9 ————————–

C:\PS>Get-Eventlog -log application -Source outlook | where {$_.eventID -eq 34}

    Description
    ———–
    This command gets events in the Application event log where the source is Outlook and the event ID is 34. Even though Get-EventLog does not have an EventID parameter, you can use the Where-Object cmdlet to select events based on the value of any event property.

————————– EXAMPLE 10 ————————–

C:\PS>Get-Eventlog -log system -UserName NT* | Group-Object -property username -noelement | Format-Table Count, Name -auto

    Count Name
    —– —-
     6031 NT AUTHORITY\SYSTEM
     42 NT AUTHORITY\LOCAL SERVICE
        4 NT AUTHORITY\NETWORK SERVICE

    Description
    ———–
    This command returns the events in the system log grouped by the value of their UserName property. The Get-EventLog command uses the UserName parameter to get only events in which the user name begins with “NT*”.

————————– EXAMPLE 11 ————————–

C:\PS>$May31 = Get-Date 5/31/08

C:\PS> $July1 = Get-Date 7/01/08

C:\PS> Get-Eventlog -log “Windows PowerShell” -EntryType Error -After $may31 -Before $july1

    Description
    ———–
    This command gets all of the errors in the Windows PowerShell event log that occurred in June 2008.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113314
    Get-WinEvent
    Clear-EventLog
    Limit-EventLog
    New-EventLog
    Remove-EventLog
    Show-EventLog
    Write-EventLog
    Get-WinEvent

cmdlet, Counter, Get

Get-Counter

February 26, 2014 Adam

NAME
Get-Counter

SYNOPSIS
Gets performance counter data from local and remote computers.

SYNTAX
Get-Counter [-Counter] <string[]> [-ComputerName <string[]>] [-Continuous] [-MaxSamples <Int64>] [-SampleInterval <int>] [<CommonParameters>]

Get-Counter -ListSet <string[]> [-ComputerName <string[]>] [<CommonParameters>]

DESCRIPTION
The Get-Counter cmdlet gets live, real-time performance counter data directly from the performance monitoring instrumentation in Windows. You can use it to get performance data from the local or remote computers at the sample interval that you specify.

Without parameters, a “Get-Counter” command gets counter data for a set of system counters.

You can use the parameters of Get-Counter to specify one or more computers, to list the performance counter sets and the counters that they contain, and to set the sample size and interval.

PARAMETERS
-ComputerName <string[]>
Gets data from the specified computers. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain names of the computers. The default value is the local computer.

Note: Get-Counter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Counter even if your computer is not configured for remoting in Windows PowerShell.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Continuous [<SwitchParameter>]
Gets samples continuously until you press CTRL+C. By default, Get-Counter gets only one counter sample. You can use the SampleInterval parameter to set the interval for continuous sampling.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Counter <string[]>
Gets data from the specified performance counters. Enter one or more counter paths. Wildcards are permitted only in the Instance value. You can also pipe counter path strings to Get-Counter.

Each counter path has the following format:
“[\\<ComputerName>]\<CounterSet>(<Instance>)\<CounterName>”

For example:
“\\Server01\Processor(2)\% User Time”.

The <ComputerName> element is optional. If you omit it, Get-Counter uses the value of the ComputerName parameter.

Note: To get correctly formatted counter paths, use the ListSet parameter to get a performance counter set. The Paths and PathsWithInstances properties of each performance counter set contain the individual counter paths formatted as a string. You can save the counter path strings in a Variable or pipe the string directly to another Get-Counter command. For a demonstration, see the examples.

        Required?                    true
        Position?                    2
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? true

-ListSet <string[]>
Gets the specified performance counter sets on the computers. Enter the names of the counter sets. Wildcards are permitted. You can also pipe counter set names to Get-Counter.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     true (ByValue, ByPropertyName)
        Accept wildcard characters? true

-MaxSamples <Int64>
Specifies the number of samples to get from each counter. The default is 1 sample. To get samples continuously (no maximum sample size), use the Continuous parameter.

To collect a very large data set, consider running a Get-Counter command as a Windows PowerShell background job. For more information, see about_jobs and Start-Job.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-SampleInterval <int>
Specifies the time between samples in seconds. The minimum value and the default value are 1 second.

        Required?                    false
        Position?                    named
        Default value                1
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
System.String[]
You can pipe counter paths and counter set (ListSet) names to Get-Counter.

OUTPUTS
Microsoft.PowerShell.Commands.GetCounter.CounterSet, Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet, Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSample
The ListSet parameter gets Microsoft.PowerShell.Commands.GetCounter.CounterSet objects. The Counter parameter gets Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet objects. Each counter value is a Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSample object.

NOTES

Performance counters are often protected by access control lists (ACLs). To get all available performance counters, open Windows PowerShell with the “Run as administrator” option.

By default, Get-Counter gets one sample during a one-second sample interval. To change this behavior, use the MaxSamples and Continuous parameters.

The MaxSamples and SampleInterval values that you set apply to all the counters on all the computers in the command. To set different values for different counters, enter separate Get-Counter commands for each counter.

————————– EXAMPLE 1 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This command gets all of the counter sets on the local computer.

C:\PS> Get-Counter -ListSet *

Because many of the counter sets are protected by access control lists (ACLs), to see all counter sets, open Windows PowerShell with the “Run as administrator” option before using the Get-Counter command.

————————– EXAMPLE 2 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This command gets the current “% Processor Time” combined values for all processors on the local computer. It collects data every two seconds until it has three values.

C:\PS> Get-Counter -Counter “\Processor(_Total)\% Processor Time” -SampleInterval 2 -MaxSamples 3

————————– EXAMPLE 3 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This command gets an alphabetically sorted list of the names of all of the counter sets on the local computer.

C:\PS> Get-Counter -listset * | Sort-Object countersetname | Format-Table countersetname

————————– EXAMPLE 4 ————————–

C:\PS># Get-Counter

    Description
    ———–
    These commands use the Path property of a counter set to find the correctly formatted path names for the performance counters. You can use a command like this one to get the correct counter path names.

The first command gets the path names of the performance counters in the Memory counter set on the local computer.

C:\PS> (Get-Counter -listset memory).paths

    \Memory\Page Faults/sec
    \Memory\Available Bytes
    \Memory\Committed Bytes
    \Memory\Commit Limit
    \Memory\Write Copies/sec
    \Memory\Transition Faults/sec
    \Memory\Cache Faults/sec
    \Memory\Demand Zero Faults/sec
    \Memory\Pages/sec
    \Memory\Pages Input/sec
    …

The second command gets the path names that include “cache”.

C:\PS> (Get-Counter -listset memory).paths | where {$_ -like “*cache*”}

    \Memory\Cache Faults/sec
    \Memory\Cache Bytes
    \Memory\Cache Bytes Peak
    \Memory\System Cache Resident Bytes
    \Memory\Standby Cache Reserve Bytes
    \Memory\Standby Cache Normal Priority Bytes
    \Memory\Standby Cache Core Bytes

————————– EXAMPLE 5 ————————–

C:\PS># Get-Counter

    Description
    ———–
    These commands get the Disk Reads/sec counter data from the Server01 and Server02 computers.

The first command saves the Disk Reads/sec counter path in the $diskreads Variable.

C:\PS> $diskreads = “\LogicalDisk(C:)\Disk Reads/sec”

The second command uses a pipeline operator (|) to send the counter path in the $diskreads Variable to the Get-Counter cmdlet. The command uses the MaxSamples parameter to limit the output to 10 samples.

C:\PS> $diskreads | Get-Counter -computer Server01, Server02 -MaxSamples 10

————————– EXAMPLE 6 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This command gets the correctly formatted path names for the PhysicalDisk performance counters, including the instance names.

C:\PS> (Get-Counter -list physicaldisk).pathswithinstances

————————– EXAMPLE 7 ————————–

C:\PS># Get-Counter

    Description
    ———–
    These commands get the value of the “% DPC Time” performance counter on 50 randomly select computers in the enterprise.

The first command uses the Get-Content cmdlet to get the list of enterprise servers from the Servers.txt file. It uses the Get-Random cmdlet to select 50 server names randomly from the Servers.txt file contents. The results are saved in the $servers Variable.

C:\PS> $servers = Get-Random (Get-Content servers.txt) -count 50

The second command saves the counter path to the “% DPC Time” cmdlet in the $Counter Variable. The counter path includes a wildcard character in the instance name to get the data on all of the processors on each of the computers.

C:\PS> $counter = “\Processor(*)\% DPC Time”

The third command uses the Get-Counter cmdlet to get the counter values. It uses the Counter parameter to specify the counters and the ComputerName parameter to specify the computers saved in the $servers Variable.

C:\PS> Get-Counter -Counter $counter -ComputerName $servers

————————– EXAMPLE 8 ————————–

C:\PS># Get-Counter

    Description
    ———–
    These commands get a single value for all of the performance counters in the memory counter set on the local computer.

The first command gets the counter paths and saves them in the $memCounters Variable.

C:\PS> $memCounters = (Get-Counter -list memory).paths

The second command uses the Get-Counter cmdlet to get the counter data for each counter. It uses the Counter parameter to specify the counters in $memCounters.

C:\PS> Get-Counter -Counter $memCounters

————————– EXAMPLE 9 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This example shows the property values in the PerformanceCounterSample object that represents each data sample.

The first command saves a counter path in the $counter Variable.

C:\PS> $counter = “\\SERVER01\Process(Idle)\% Processor Time”

The second command uses the Get-Counter cmdlet to get one sample of the counter values. It saves the results in the $data Variable.

C:\PS> $data = Get-Counter $counter

The third command uses the Format-List cmdlet to display all the properties of the CounterSamples property of the sample set object as a list.

C:\PS> $data.countersamples | Format-List -property *

    Path             : \\SERVER01\process(idle)\% processor time
    InstanceName     : idle
    CookedValue     : 198.467899571389
    RawValue         : 14329160321003
    SecondValue     : 128606459528326201
    MultipleCount    : 1
    CounterType     : Timer100Ns
    Timestamp        : 7/15/2008 6:39:12 PM
    Timestamp100NSec : 128606207528320000
    Status         : 0
    DefaultScale     : 0
    TimeBase         : 10000000

You can use the properties of the CounterSamples object to examine, select, sort, and group the data.

————————– EXAMPLE 10 ————————–

C:\PS># Get-Counter

    Description
    ———–
    The command runs a Get-Counter command as background job. For more information, see Start-Job.

C:\PS> $counters = “\LogicalDisk(_Total)\% Free Space”

C:\PS> Start-Job -scriptblock {Get-Counter -Counter $counters -MaxSamples 1000)

————————– EXAMPLE 11 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This command uses the Get-Counter and Get-Random cmdlets to find the percentage of free disk space on 50 computers selected randomly from the Servers.txt file.

C:\PS> Get-Counter -ComputerName (Get-Random servers.txt -count 50) -Counter “\LogicalDisk(*)\% Free Space”

————————– EXAMPLE 12 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This example shows how to associate counter data with the computer on which it originated, and how to manipulate the data.

The first command uses the Get-Counter cmdlet to get the “LogicalDisk\% Free Space” counter value from two remote computers, S1 and S2. It saves the result in the $a Variable.

$a = Get-Counter “\LogicalDisk(_Total)\% Free Space” -comp s1, s2

The second command displays the results in the $a Variable. All of the data is stored in the object, but it is not easy to see it in this form.

C:\PS> $a

Counter Paths: \\s1\\logicaldisk(c:)\% free space, \\s1\\logicaldisk(d:)\% free space, \\s1\\logicaldisk(_total)\% free space, \\s2\\logicaldisk(c:)\% free space, \\s2\\logicaldisk(_total)\% free space

Timestamp : 7/15/2008 5:09:08 PM
Cooked Values : “0.327058823529412”, “17.8952248493278”, “12.9994033060778”, “75.0754805595626”, “75.0754805595626”

The third command displays in a table the value of the CounterSamples property of the PerformanceCounterSampleSet object that Get-Counter returns. (To see all of the properties and methods of the object, pipe it to the Get-Member cmdlet.)

C:\PS> $a.countersamples | Format-Table -auto

    Path                                     InstanceName     CookedValue
    —-                                     ————     ———–
    \\s1\\logicaldisk(c:)\% free space     c:         0.327058823529412
    \\s1\\logicaldisk(d:)\% free space     d:            17.8952248493278
    \\s1\\logicaldisk(_total)\% free space _total        12.9994033060778
    \\s2\\logicaldisk(c:)\% free space     c:            75.0754805595626
    \\s2\\logicaldisk(_total)\% free space _total        75.0754805595626

The CounterSamples property contains a PerformanceCounterSample object with its own properties and methods. The fourth command uses array notation to get the first counter sample and a pipeline operator to send the counter sample object to the Format-List cmdlet, which displays all of its properties and methods in a list. This display shows the richness of the data in each counter sample object.

The fourth command shows how to select data from the counter samples. It uses the Where-Object cmdlet to get only the counter samples with a CookedValue of less than 15.

C:\PS> $a.countersamples | where {$_.cookedvalue -lt 15}

    Path                                     InstanceName     CookedValue
    —-                                     ————     ———–
    \\s1\\logicaldisk(c:)\% free space     c:         0.327058823529412
    \\s1\\logicaldisk(_total)\% free space _total        12.9994033060778

————————– EXAMPLE 13 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This example shows how to sort the performance counter data that you retrieve. The example finds the processes on the computer that are using the most processor time during the sampling.

The first command gets the “Process\% Processor Time” counter for all the processes on the computer. The command saves the results in the $p Variable.

C:\PS> $p = Get-Counter ‘\Process(*)\% Processor Time’

The second command gets the CounterSamples property of the sample set object in $p and it sorts the samples in descending order based on the cooked value of the sample. The command uses the Format-Table cmdlet and its AutoFormat parameter to position the columns in the table.

C:\PS> $p.CounterSamples | Sort-Object -property CookedValue -Descending | Format-Table -auto

    Path                                             InstanceName     CookedValue
    —-                                             ————     ———–
    \\server01\process(_total)\% processor time        _total        200.00641042078
    \\server01\process(idle)\% processor time         idle         200.00641042078
    \\server01\process(explorer#1)\% processor time    explorer                    0
    \\server01\process(dwm#1)\% processor time         dwm                         0
    \\server01\process(taskeng#1)\% processor time     taskeng                     0
    \\server01\process(taskhost#1)\% processor time    taskhost                    0
    \\server01\process(winlogon)\% processor time     winlogon                    0
    \\server01\process(csrss)\% processor time         csrss                     0

————————– EXAMPLE 14 ————————–

C:\PS># Get-Counter

    Description
    ———–
    These commands find the processes on the computer with the largest working sets. They list the processes in descending order based on their working set size.

The first command gets one sample of the “Process\Working Set – Private” counter for each process. The command saves the counter data in the $ws Variable.

C:\PS> $ws = Get-Counter “\Process(*)\Working Set – Private”

The second command uses a pipeline operator (|) to send the data in the CounterSamples property of the $ws Variable to the Sort-Object cmdlet, where the process data is sorted in descending order by the value of the CookedValue property. Another pipeline sends the sorted data to the Format-Table cmdlet, where the data is formatted as a table with InstanceName and CookedValue columns.

C:\PS> $ws.countersamples | Sort-Object -property cookedvalue -descending | Format-Table -property InstanceName, CookedValue -auto

    InstanceName CookedValue
    ———— ———–
    _total         162983936
    svchost         40370176
    powershell     15110144
    explorer         14135296
    svchost         10928128
    svchost         9027584
    …

————————– EXAMPLE 15 ————————–

C:\PS># Get-Counter

    Description
    ———–
    This command gets a series of samples of the Processor\% Processor Time counter at the default one second interval. To stop the command, press CTRL + C.

C:\PS> Get-Counter -Counter “\processor(_total)\% processor time” -Continuous

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=138335
    Import-Counter
    Export-Counter

cmdlet, Enter, PSSession

Enter-PSSession

February 26, 2014 Adam

NAME
Enter-PSSession

SYNOPSIS
Starts an interactive session with a remote computer.

SYNTAX
Enter-PSSession [-ComputerName] <string> [-ApplicationName <string>] [-Authentication {Default | Basic | Negotiate | NegotiateWithImplicitCredential | Credssp | Digest | Kerberos}] [-CertificateThumbprint <string>] [-ConfigurationName <string>] [-Credential <PSCredential>] [-Port <int>] [-SessionOption <PSSessionOption>] [-UseSSL] [<CommonParameters>]

Enter-PSSession [[-Id] <int>] [<CommonParameters>]

Enter-PSSession [-InstanceId <Guid>] [<CommonParameters>]

Enter-PSSession [-Name <string>] [<CommonParameters>]

Enter-PSSession [[-Session] <PSSession>] [<CommonParameters>]

Enter-PSSession [[-ConnectionURI] <Uri>] [-AllowRedirection] [-Authentication {Default | Basic | Negotiate | NegotiateWithImplicitCredential | Credssp | Digest | Kerberos}] [-CertificateThumbprint <string>] [-ConfigurationName <string>] [-Credential <PSCredential>] [-SessionOption <PSSessionOption>] [<CommonParameters>]

DESCRIPTION
The Enter-PSSession cmdlet starts an interactive session with a single remote computer. During the session, the commands that you type run on the remote computer, just as though you were typing directly on the remote computer. You can have only one interactive session at a time.

Typically, you use the ComputerName parameter to specify the name of the remote computer. However, you can also use a session that you create by using New-PSSession for the interactive session.

To end the interactive session and disconnect from the remote computer, use the Exit-PSSession cmdlet, or type “exit”.

PARAMETERS
-AllowRedirection [<SwitchParameter>]
Allows redirection of this connection to an alternate Uniform Resource Identifier (URI).

When you use the ConnectionURI parameter, the remote destination can return an instruction to redirect to a different URI. By default, Windows PowerShell does not redirect connections, but you can use this parameter to allow it to redirect the connection.

Allows redirection of this connection to an alternate URI.

When you use the ConnectionURI parameter, the remote destination can return an instruction to redirect to a different URI. By default, Windows PowerShell does not redirect connections, but you can use the AllowRedirection parameter to allow it to redirect the connection.

You can also limit the number of times that the connection is redirected by setting the MaximumConnectionRedirectionCount property of the $PSSessionOption preference Variable, or the MaximumConnectionRedirectionCount property of the value of the SessionOption parameter. The default value is 5. For more information, see the description of the SessionOption parameter, and see New-PSSessionOption.

-ApplicationName <string>
Specifies the application name segment of the connection URI. Use this parameter to specify the application name when you are not using the ConnectionURI parameter in the command.

The default value is the value of the $PSSessionApplicationName preference Variable on the local computer. If this preference Variable is not defined, the default value is WSMan. This value is appropriate for most uses. For more information, see about_preference_variables.

The WinRM service uses the application name to select a listener to service the connection request. The value of this parameter should match the value of the URLPrefix property of a listener on the remote computer.

        Required?                    false
        Position?                    named
        Default value                WSMan
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Authentication <AuthenticationMechanism>
Specifies the mechanism that is used to authenticate the user’s credentials. Valid values are “Default”, “Basic”, “Credssp”, “Digest”, “Kerberos”, “Negotiate”, and “NegotiateWithImplicitCredential”. The default value is “Default”.

CredSSP authentication is available only in Windows Vista, Windows Server 2008, and later versions of Windows.

For information about the values of this parameter, see the description of the System.Management.Automation.Runspaces.AuthenticationMechanism enumeration in the MSDN (Microsoft Developer Network) library at http://go.microsoft.com/fwlink/?LinkId=144382.

Caution: Credential Security Service Provider (CredSSP) authentication, in which the user’s credentials are passed to a remote computer to be authenticated, is designed for commands that require authentication on more than one resource, such as accessing a remote network share. This mechanism increases the security risk of the remote operation. If the remote computer is compromised, the credentials that are passed to it can be used to control the network session.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-CertificateThumbprint <string>
Specifies the digital public key Certificate (X509) of a user account that has permission to perform this action. Enter the Certificate thumbprint of the Certificate.

Certificates are used in client Certificate-based authentication. They can be mapped only to local user accounts; they do not work with domain accounts.

To get a Certificate thumbprint, use the Get-Item or Get-ChildItem command in the Windows PowerShell Cert: drive.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ComputerName <string>
Starts an interactive session with the specified remote computer. Enter only one computer name. The default is the local computer.

Type the NetBIOS name, an IP address, or a fully qualified domain name of one or more remote computers. You can also pipe a computer name to Enter-PSSession.

To use an IP address in the value of the ComputerName parameter, the command must include the Credential parameter. Also, the computer must be configured for HTTPS transport or the IP address of the remote computer must be included in the WinRM TrustedHosts list on the local computer. For instructions for adding a computer name to the TrustedHosts list, see “How to Add a Computer to the Trusted Host List” in about_remote_TroubleShooting.

Note: In Windows Vista and later versions of Windows, to include the local computer in the value of the ComputerName parameter, you must start Windows PowerShell with the “Run as administrator” option.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue, ByPropertyName)
        Accept wildcard characters? false

-ConfigurationName <string>
Specifies the session configuration that is used for the interactive session.

Enter a configuration name or the fully qualified resource URI for a session configuration. If you specify only the configuration name, the following schema URI is prepended: http://schemas.microsoft.com/powershell.

The session configuration for a session is located on the remote computer. If the specified session configuration does not exist on the remote computer, the command fails.

The default value is the value of the $PSSessionConfigurationName preference Variable on the local computer. If this preference Variable is not set, the default is Microsoft.PowerShell. For more information, see about_preference_variables.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-ConnectionURI <Uri>
Specifies a Uniform Resource Identifier (URI) that defines the connection endpoint for the interactive session. The URI must be fully qualified.

The format of this string is as follows:
<Transport>://<ComputerName>:<Port>/<ApplicationName>

The default value is as follows:
http://localhost:80/WSMAN

Valid values for the Transport segment of the URI are HTTP and HTTPS. If you do not specify a ConnectionURI, you can use the UseSSL, ComputerName, Port, and ApplicationName parameters to specify the URI values.

If the destination computer redirects the connection to a different URI, Windows PowerShell prevents the redirection unless you use the AllowRedirection parameter in the command.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

Type a user name, such as “User01”, “Domain01\User01”, or “User@Domain.com”, or enter a PSCredential object, such as one returned by the Get-Credential cmdlet.

When you type a user name, you will be prompted for a password.

        Required?                    false
        Position?                    named
        Default value                Current user
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Id <int>
Specifies the ID of an existing session. Enter-PSSession uses the specified session for the interactive session.

To find the ID of a session, use the Get-PSSession cmdlet.

        Required?                    false
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-InstanceId <Guid>
Specifies the instance ID of an existing session. Enter-PSSession uses the specified session for the interactive session.

The instance ID is a GUID. To find the instance ID of a session, use the Get-PSSession cmdlet. You can also use the Session, Name, or ID parameters to specify an existing session. Or, you can use the ComputerName parameter to start a temporary session.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Name <string>
Specifies the friendly name of an existing session. Enter-PSSession uses the specified session for the interactive session.

If the name that you specify matches more than one session, the command fails. You can also use the Session, InstanceID, or ID parameters to specify an existing session. Or, you can use the ComputerName parameter to start a temporary session.

To establish a friendly name for a session, use the Name parameter of the New-PSSession cmdlet.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Port <int>
Specifies the network port on the remote computer used for this command. The default is port 80 (the HTTP port).

Before using an alternate port, you must configure the WinRM listener on the remote computer to listen at that port. Use the following commands to configure the listener:

1. winrm delete winrm/config/listener?Address=*+Transport=HTTP
2. winrm create winrm/config/listener?Address=*+Transport=HTTP @{Port=”<port-number>”}

Do not use the Port parameter unless you must. The port setting in the command applies to all computers or sessions on which the command runs. An alternate port setting might prevent the command from running on all computers.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Session <PSSession>
Specifies a Windows PowerShell session (PSSession) to use for the interactive session. This parameter takes a session object. You can also use the Name, InstanceID, or ID parameters to specify a PSSession.

Enter a Variable that contains a session object or a command that creates or gets a session object, such as a New-PSSession or Get-PSSession command. You can also pipe a session object to Enter-PSSession. You can submit only one PSSession with this parameter. If you enter a Variable that contains more than one PSSession, the command fails.

When you use Exit-PSSession or the EXIT keyword, the interactive session ends, but the PSSession that you created remains open and available for use.

-SessionOption <PSSessionOption>
Sets advanced options for the session. Enter a SessionOption object that you create by using the New-PSSessionOption cmdlet.

The default values for the options are determined by the value of the $PSSessionOption preference Variable, if it is set. Otherwise, the session uses the system defaults.

For a description of the session options, including the default values, see New-PSSessionOption. For information about the $PSSessionOption preference Variable, see about_preference_variables.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-UseSSL [<SwitchParameter>]
Uses the Secure Sockets Layer (SSL) protocol to establish a connection to the remote computer. By default, SSL is not used.

WS-Management encrypts all Windows PowerShell content transmitted over the network. UseSSL is an additional protection that sends the data across an HTTPS connection instead of an HTTP connection.

If you use this parameter, but SSL is not available on the port used for the command, the command fails.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
System.String or System.Management.Automation.Runspaces.PSSession
You can pipe a computer name (a string) or a session object to Enter-PSSession.

OUTPUTS
None
The cmdlet does not return any output.

NOTES

— To connect to a remote computer, you must be a member of the Administrators group on the remote computer.

— In Windows Vista and later versions of Windows, to start an interactive session on the local computer, you must start Windows PowerShell with the “Run as administrator” option.

— When you use Enter-PSSession, your user profile on the remote computer is used for the interactive session. The commands in the remote user profile, including commands to add Windows PowerShell snap-ins and to change the command prompt, run before the remote prompt is displayed.

— Enter-PSSession uses the UI culture setting on the local computer for the interactive session. To find the local UI culture, use the $UICulture automatic Variable.

— Enter-PSSession requires the Get-Command, Out-Default, and Exit-PSSession cmdlets. If these cmdlets are not included in the session configuration on the remote computer, the Enter-PSSession commands fails.

— Unlike Invoke-Command, which parses and interprets the commands before sending them to the remote computer, Enter-PSSession sends the commands directly to the remote computer without interpretation.

————————– EXAMPLE 1 ————————–

C:\PS>Enter-PSSession

LocalHost\PS>

    Description
    ———–
    This command starts an interactive session on the local computer. The command prompt changes to indicate that you are now running commands in a different session.

The commands that you enter run in the new session, and the results are returned to the default session as text.

————————– EXAMPLE 2 ————————–

C:\PS>Enter-PSSession -computer Server01

Server01\PS> Get-Process powershell > C:\ps-test\process.txt

Server01\PS> Exit-PSSession
C:\PS>

    C:\PS> dir C:\ps-test\process.txt
    Get-ChildItem : Cannot find path ‘C:\ps-test\process.txt’ because it does not exist.
    At line:1 char:4
    + dir <<<< c:\ps-test\process.txt

    Description
    ———–
    This command shows how to work in an interactive session with a remote computer.

The first command uses the Enter-PSSession cmdlet to start an interactive session with Server01, a remote computer. When the session starts, the command prompt changes to include the computer name.

The second command gets the PowerShell process and redirects the output to the Process.txt file. The command is submitted to the remote computer, and the file is saved on the remote computer.

The third command uses the Exit keyword to end the interactive session and close the connection.

The fourth command confirms that the Process.txt file is on the remote computer. A Get-ChildItem (“dir”) command on the local computer cannot find the file.

————————– EXAMPLE 3 ————————–

C:\PS>$s = New-PSSession -ComputerName Server01

C:\PS> Enter-PSSession -session $s

Server01\PS>

    Description
    ———–
    These commands use the Session parameter of Enter-PSSession to run the interactive session in an existing Windows PowerShell session (PSSession).

————————– EXAMPLE 4 ————————–

C:\PS>Enter-PSSession -ComputerName Server01 -Port 90 -Credential domain01\user01

Server01\PS>

    Description
    ———–
    This command starts an interactive session with the Server01 computer. It uses the Port parameter to specify the port and the Credential parameter to specify the account of a user with permission to connect to the remote computer.

————————– EXAMPLE 5 ————————–

C:\PS>Enter-PSSession -ComputerName Server01

Server01:\PS> Exit-PSSession

C:\PS>

    Description
    ———–
    This example shows how to start and stop an interactive session. The first command uses the Enter-PSSession cmdlet to start an interactive session with the Server01 computer.

The second command uses the Exit-PSSession cmdlet to end the session. You can also use the Exit keyword to end the interactive session. Exit-PSSession and Exit have the same effect.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=135210
    about_pssessions
    about_remote
    New-PSSession
    Get-PSSession
    Exit-PSSession
    Remove-PSSession
    Invoke-Command

cmdlet, Disconnect, WSMan

Disconnect-WSMan

February 26, 2014 Adam

NAME
Disconnect-WSMan

SYNOPSIS
Disconnects the client from the WinRM service on a remote computer.

SYNTAX
Disconnect-WSMan [-ComputerName <string>] [<CommonParameters>]

DESCRIPTION
The Disconnect-WSMan cmdlet disconnects the client from the WinRM service on a remote computer. If you saved the WS-Management session in a Variable, the session object remains in the Variable, but the state of the WS-Management session is “Closed”. You can use this cmdlet within the context of the WS-Management provider to disconnect the client from the WinRM service on a remote computer. However, you can also use this cmdlet to disconnect from the WinRM service on remote computers before you change to the WS-Management provider.

For more information about how to connect to the WinRM service on a remote computer, see Connect-WSMan.

PARAMETERS
-ComputerName <string>
Specifies the computer from which you want to disconnect. The value can be a fully qualified domain name, a NetBIOS name, or an IP address. Use the local computer name, use localhost, or use a dot (.) to specify the local computer. The local computer is the default. When the remote computer is in a different domain from the user, you must use a fully qualified domain name must be used. You can pipe a value for this parameter to the cmdlet.

Note: You cannot disconnect from the local host (the default connection to the local computer). However, if a separate connection is made to the local computer (for example, by using the computer name), you can remove that connection by using the Disconnect-WSMan cmdlet .

        Required?                    false
        Position?                    named
        Default value                localhost
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
None
This cmdlet does not accept any input.

OUTPUTS
None
This cmdlet does not generate any output.

NOTES

————————– EXAMPLE 1 ————————–

C:\PS>Disconnect-WSMan -computer server01

    C:\PS> cd WSMan:
    PS WSMan:\>
    PS WSMan:\> dir

WSManConfig: Microsoft.WSMan.Management\WSMan::WSMan

    ComputerName                                 Type
    ————                                 —-
    localhost                                     Container

    Description
    ———–
    This command deletes the connection to the remote server01 computer.

This cmdlet is generally used within the context of the WS-Management provider to disconnect from a remote computer, in this case the server01 computer. However, you can also use the Disconnect-WSMan cmdlet to remove connections to remote computers before you change to the WSMan provider. Those connections will not appear in the ComputerName list.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkId=141439
    Connect-WSMan
    Disable-WSManCredSSP
    Enable-WSManCredSSP
    Get-WSManCredSSP
    Get-WSManInstance
    Invoke-WSManAction
    New-WSManInstance
    New-WSManSessionOption
    Remove-WSManInstance
    Set-WSManInstance
    Set-WSManQuickConfig
    Test-WSMan

cmdlet, Connect, WSMan

Connect-WSMan

February 26, 2014 Adam

NAME
Connect-WSMan

SYNOPSIS
Connects to the WinRM service on a remote computer.

SYNTAX
Connect-WSMan [-ApplicationName <string>] [-ComputerName <string>] [-Port <int>] [-UseSSL] [-Authentication <Authentication>] [-ComputerName <string>] [-Credential <PSCredential>] [-Port <int>] [-SessionOption <hashtable>] [<CommonParameters>]

Connect-WSMan [-ConnectionURI <Uri>] [-Authentication <Authentication>] [-ComputerName <string>] [-Credential <PSCredential>] [-Port <int>] [-SessionOption <hashtable>] [<CommonParameters>]

DESCRIPTION
The Connect-WSMan cmdlet connects to the WinRM service on a remote computer, and it establishes a persistent connection to the remote computer. You can use this cmdlet within the context of the WS-Management provider to connect to the WinRM service on a remote computer. However, you can also use this cmdlet to connect to the WinRM service on a remote computer before you change to the WS-Management provider. The remote computer will appear in the root directory of the WS-Management provider.

For more information about how to disconnect from the WinRM service on a remote computer, see Disconnect-WSMan.

PARAMETERS
    -ApplicationName <string>
        Specifies the application name in the connection. The default value of the ApplicationName parameter is “WSMAN”. The complete identifier for the remote endpoint is in the following format:
             <transport>://<server>:<port>/<ApplicationName>
        For example:
             http://server01:8080/WSMAN

Internet Information Services (IIS), which hosts the session, forwards requests with this endpoint to the specified application. This default setting of “WSMAN” is appropriate for most uses. This parameter is designed to be used when numerous computers establish remote connections to one computer that is running Windows PowerShell. In this case, IIS hosts Web Services for Management (WS-Management) for efficiency.

        Required?                    false
        Position?                    named
        Default value                WSMan
        Accept pipeline input?     false
        Accept wildcard characters? false

-Authentication <Authentication>
Specifies the authentication mechanism to be used at the server. Possible values are:

        – Basic: Basic is a scheme in which the user name and password are sent in clear text to the server or proxy.
        – Default : Use the authentication method implemented by the WS-Management protocol. This is the default.
        – Digest: Digest is a challenge-response scheme that uses a server-specified data string for the challenge.
        – Kerberos: The client computer and the server mutually authenticate by using Kerberos Certificates.
        – Negotiate: Negotiate is a challenge-response scheme that negotiates with the server or proxy to determine the scheme to use for authentication. For example, this parameter value allows negotiation to determine whether the Kerberos protocol or NTLM is used.
        – CredSSP: Use Credential Security Service Provider (CredSSP) authentication, which allows the user to delegate credentials. This option is designed for commands that run on one remote computer but collect data from or run additional commands on other remote computers.

Caution: CredSSP delegates the user’s credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.

        Required?                    false
        Position?                    named
        Default value                Default
        Accept pipeline input?     false
        Accept wildcard characters? false

-ComputerName <string>
Specifies the computer against which you want to run the management operation. The value can be a fully qualified domain name, a NetBIOS name, or an IP address. Use the local computer name, use localhost, or use a dot (.) to specify the local computer. The local computer is the default. When the remote computer is in a different domain from the user, you must use a fully qualified domain name must be used. You can pipe a value for this parameter to the cmdlet.

-ConnectionURI <Uri>
Specifies the connection endpoint. The format of this string is:

<Transport>://<Server>:<Port>/<ApplicationName>.

The following string is a properly formatted value for this parameter:

http://Server01:8080/WSMAN. The URI must be fully qualified .

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user. Type a user name, such as “User01”, “Domain01\User01”, or “User@Domain.com”. Or, enter a PSCredential object, such as one returned by the Get-Credential cmdlet. When you type a user name, you will be prompted for a password.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-OptionSet <hashtable>
Passes a set of switches to the service to modify or refine the nature of the request. These are similar to switches used in command-line shells in that they are service specific. Any number of options can be specified.

The following example demonstrates the syntax that passes the values 1, 2, and 3 for the a, b, and c parameters:

-OptionSet @{a=1;b=2;c=3}

        Required?
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Port <int>
Specifies the port to use when the client connects to the WinRM service. When the transport is HTTP, the default port is 80. When the transport is HTTPS, the default port is 443. When you use HTTPS as the transport, the value of the ComputerName parameter must match the server’s Certificate common name (CN). However, if the SkipCNCheck parameter is specified as part of the SessionOption parameter, then the Certificate common name of the server does not have to match the host name of the server. The SkipCNCheck parameter should be used only for trusted computers.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-SessionOption <hashtable>
Defines a set of extended options for the WS-Management session. Enter a SessionOption object that you create by using the New-WSManSessionOption cmdlet. For more information about the options that are available, see New-WSManSessionOption.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-UseSSL [<SwitchParameter>]
Specifies that the Secure Sockets Layer (SSL) protocol should be used to establish a connection to the remote computer. By default, SSL is not used.

WS-Management encrypts all the Windows PowerShell content that is transmitted over the network. The UseSSL parameter lets you specify the additional protection of HTTPS instead of HTTP. If SSL is not available on the port that is used for the connection and you specify this parameter, the command fails.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
None
This cmdlet does not accept any input.

OUTPUTS
None
This cmdlet does not generate any output.

NOTES

You can run management commands or query management data on a remote computer without creating a WS-Management session. You can do this by using the ComputerName parameters of Invoke-WSManAction and Get-WSManInstance. When you use the ComputerName parameter, Windows PowerShell creates a temporary connection that is used for the single command. After the command runs, the connection is closed.

————————– EXAMPLE 1 ————————–

C:\PS>Connect-WSMan -computer server01

    PS C:\Users\testuser> cd WSMan:
    PS WSMan:\>
    PS WSMan:\> dir

WSManConfig: Microsoft.WSMan.Management\WSMan::WSMan

    ComputerName                                 Type
    ————                                 —-
    localhost                                     Container
    server01                                     Container

    Description
    ———–
    This command creates a connection to the remote server01 computer.

The Connect-WSMan cmdlet is generally used within the context of the WS-Management provider to connect to a remote computer, in this case the server01 computer. However, you can use the cmdlet to establish connections to remote computers before you change to the WS-Management provider. Those connections will appear in the ComputerName list.

————————– EXAMPLE 2 ————————–

C:\PS>$cred = Get-Credential Administrator
Connect-WSMan -computer server01 -Credential $cred

    PS C:\Users\testuser> cd WSMan:
    PS WSMan:\>
    PS WSMan:\> dir

WSManConfig: Microsoft.WSMan.Management\WSMan::WSMan

    Description
    ———–
    This command creates a connection to the remote system server01 using the Administrator account credentials.

The first command uses the Get-Credential cmdlet to get the Administrator credentials and then stores them in the $cred Variable. The Get-Credential cmdlet prompts the user for a password of username and password. Users are prompted throught a dialog box
or at the command line, depending on system Registry settings.

The second command uses the Credential parameter to pass the credentials stored in $cred to Connect-WSMan. Connect-WSMan then connects to the remote system server01 using the Administrator credentials.

The Connect-WSMan cmdlet is generally used within the context of the WS-Management provider to connect to a remote computer, in this case server01. However, the cmdlet can be used establish connections to remote computers before changing to the WS-Management provider and those connections will show up in the ComputerName list.

————————– EXAMPLE 3 ————————–

C:\PS>Connect-WSMan -computer server01 -Port 80

    PS C:\Users\testuser> cd WSMan:
    PS WSMan:\>
    PS WSMan:\> dir

WSManConfig: Microsoft.WSMan.Management\WSMan::WSMan

    Description
    ———–
    This command creates a connection to the remote server01 computer over port 80.

————————– EXAMPLE 4 ————————–

C:\PS>$a = New-WSManSessionOption -operationtimeout 30000
Connect-WSMan -computer server01 -SessionOption $a

    PS C:\Users\testuser> cd WSMan:
    PS WSMan:\>
    PS WSMan:\> dir

WSManConfig: Microsoft.WSMan.Management\WSMan::WSMan

    Description
    ———–
    This command creates a connection to the remote server01 computer by using the connection options that are defined in the New-WSManSessionOption command.

The first command uses the New-WSManSessionOption cmdlet to store a set of connection setting options in the $a Variable. In this case, the session options set a connection time out of 30 seconds (30,000 milliseconds).

The second command uses the SessionOption parameter to pass the credentials that are stored in the $a Variable to Connect-WSMan. Then, Connect-WSMan connects to the remote server01 computer by using the specified session options.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkId=141437
    Disable-WSManCredSSP
    Disconnect-WSMan
    Enable-WSManCredSSP
    Get-WSManCredSSP
    Get-WSManInstance
    Invoke-WSManAction
    New-WSManInstance
    New-WSManSessionOption
    Remove-WSManInstance
    Set-WSManInstance
    Set-WSManQuickConfig
    Test-WSMan