Tag Archives: Credential

Move-Item

February 26, 2014 Adam

SYNOPSIS
Moves an item from one location to another.

SYNTAX
Move-Item [-LiteralPath] <string[]> [[-Destination] <string>] [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Force] [-Include <string[]>] [-PassThru] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

Move-Item [-Path] <string[]> [[-Destination] <string>] [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Force] [-Include <string[]>] [-PassThru] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

DESCRIPTION
The Move-Item cmdlet moves an item, including its properties, contents, and child items, from one location to another location. The locations must be supported by the same provider. For example, it can move a file or subdirectory from one directory to another or move a Registry subkey from one key to another. When you move an item, it is added to the new location and deleted from its original location.

PARAMETERS
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

Type a user name, such as “User01” or “Domain01\User01”, or enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password.

This parameter is not supported by any providers installed with Windows PowerShell.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Destination <string>
Specifies the path to the location where the items are being moved. The default is the current directory. Wildcards are permitted, but the result must specify a single location.

To rename the item being moved, specify a new name in the value of the Destination parameter.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Exclude <string[]>
Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Filter <string>
Specifies a filter in the provider’s format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects, rather than having Windows PowerShell filter the objects after they are retrieved.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Force [<SwitchParameter>]
Allows the cmdlet to move an item that writes over an existing read-only item. Implementation varies from provider to provider. For more information, see about_providers. Even using the Force parameter, the cmdlet cannot override security restrictions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Include <string[]>
Moves only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-LiteralPath <string[]>
Specifies the path to the current location of the items. Unlike Path, the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-PassThru [<SwitchParameter>]
Passes an object representing the item to the pipeline. By default, this cmdlet does not generate any output.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Path <string[]>
Specifies the path to the current location of the items. The default is the current directory. Wildcards are permitted.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue, ByPropertyName)
        Accept wildcard characters? false

-Confirm [<SwitchParameter>]
Prompts you for confirmation before executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-WhatIf [<SwitchParameter>]
Describes what would happen if you executed the command without actually executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-UseTransaction [<SwitchParameter>]
Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_transactions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
System.String
You can pipe a string that contains a path to Move-Item.

OUTPUTS
None or an object representing the moved item.
When you use the Passthru parameter, Move-Item generates an object representing the moved item. Otherwise, this cmdlet does not generate any output.

NOTES

Move-Item will move files between drives that are supported by the same provider, but it will move directories only within the same drive.

Because a Move-Item command moves the properties, contents, and child items of an item, all moves are recursive by default.

You can also refer to Move-Item by its built-in Aliases, “move”, “mv”, and “mi”. For more information, see about_aliases.

The Move-Item cmdlet is designed to work with the data exposed by any provider. To list the providers available in your session, type “Get-PSProvider“. For more information, see about_providers.

————————– EXAMPLE 1 ————————–

C:\PS>Move-Item -Path C:\test.txt -Destination E:\Temp\tst.txt

    Description
    ———–
    This command moves the Test.txt file from the C: drive to the E:\Temp directory and renames it from “test.txt” to “tst.txt”.

————————– EXAMPLE 2 ————————–

C:\PS>Move-Item -Path C:\Temp -Destination C:\Logs

    Description
    ———–
    This command moves the C:\Temp directory and its contents to the C:\Logs directory. The Temp directory, and all of its subdirectories and files, then appear in the Logs directory.

————————– EXAMPLE 3 ————————–

C:\PS>Move-Item -Path .\*.txt -Destination C:\Logs

    Description
    ———–
    This command moves all of the text files (*.txt) in the current directory (represented by a dot (.)) to the C:\Logs directory.

————————– EXAMPLE 4 ————————–

C:\PS>Get-ChildItem -Path . -recurse -Include *.txt | Move-Item -Destination C:\TextFiles

    Description
    ———–
    This command moves all of the text files from the current directory and all subdirectories, recursively, to the C:\TextFiles directory.

The command uses the Get-ChildItem cmdlet to get all of the child items in the current directory (represented by the dot [.]) and its subdirectories that have a *.txt file name extension. It uses the Recurse parameter to make the retrieval recursive and the Include parameter to limit the retrieval to *.txt files.

The pipeline operator (|) sends the results of this command to Move-Item, which moves the text files to the TextFiles directory.

If files being moved to C:\Textfiles have the same name, Move-Item displays an error and continues, but it moves only one file with each name to C:\Textfiles. The other files remain in their original directories.

If the Textfiles directory (or any other element of the destination path) does not exist, the command fails. The missing directory is not created for you, even if you use the Force parameter. Move-Item moves the first item to a file called “Textfiles” and then displays an error explaining that the file already exists.

Also, by default, Get-ChildItem does not move hidden files. To move hidden files, use the Force parameter with Get-ChildItem.

————————– EXAMPLE 5 ————————–

C:\PS>Move-Item hklm:\software\mycompany\* hklm:\software\mynewcompany

    Description
    ———–
    This command moves the Registry keys and values within the MyCompany Registry key in HKLM\Software to the MyNewCompany key. The wildcard character (*) indicates that the contents of the MyCompany key should be moved, not the key itself. In this command, the optional Path and Destination parameter names are omitted.

————————– EXAMPLE 6 ————————–

C:\PS>Move-Item -literalpath ‘Logs[Sept`06]’ -Destination ‘Logs[2006]’

    Description
    ———–
    This command moves the Logs[Sept`06] directory (and its contents) into the Logs[2006] directory.

The LiteralPath parameter is used instead of Path, because the original directory name includes left bracket and right bracket characters (“[” and “]”). The path is also enclosed in single quotation marks (‘ ‘), so that the backtick symbol (`) is not misinterpreted.

The Destination parameter does not require a literal path, because the Destination Variable also must be enclosed in single quotation marks, because it includes brackets that can be misinterpreted.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113350
    about_providers
    Clear-Item
    Get-Item
    Invoke-Item
    Set-Item
    New-Item
    Remove-Item
    Rename-Item
    Copy-Item

cmdlet, ItemProperty, Move

Move-ItemProperty

February 26, 2014 Adam

NAME
Move-ItemProperty

SYNOPSIS
Moves a property from one location to another.

SYNTAX
Move-ItemProperty [-LiteralPath] <string[]> [-Destination] <string> [-Name] <string[]> [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Force] [-Include <string[]>] [-PassThru] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

Move-ItemProperty [-Path] <string[]> [-Destination] <string> [-Name] <string[]> [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Force] [-Include <string[]>] [-PassThru] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

DESCRIPTION
The Move-ItemProperty cmdlet moves a property of an item from one item to another item. For example, it can move a Registry entry from one Registry key to another Registry key. When you move an item property, it is added to the new location and deleted from its original location.

PARAMETERS
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

This parameter is not supported by any providers installed with Windows PowerShell.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Destination <string>
Specifies the path to the destination location.

        Required?                    true
        Position?                    2
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Exclude <string[]>
Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Filter <string>
Specifies a filter in the provider’s format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects rather than having Windows PowerShell filter the objects after they are retrieved.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Force [<SwitchParameter>]
Allows the cmdlet to move properties to or from items that cannot otherwise be accessed by the user. Implementation varies from provider to provider. For more information, see about_providers.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Include <string[]>
Moves only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-LiteralPath <string[]>
Specifies the path to the current location of the property. Unlike Path, the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Name <string[]>
Specifies the name of the property to be moved.

        Required?                    true
        Position?                    3
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-PassThru [<SwitchParameter>]
Passes an object representing the item property. By default, this cmdlet does not generate any output.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Path <string[]>
Specifies the path to the current location of the property. Wildcards are permitted.

-Confirm [<SwitchParameter>]
Prompts you for confirmation before executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-WhatIf [<SwitchParameter>]
Describes what would happen if you executed the command without actually executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-UseTransaction [<SwitchParameter>]
Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_transactions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
System.String
You can pipe a string that contains a path to Move-ItemProperty.

OUTPUTS
None or System.Management.Automation.PSCustomObject
When you use the PassThru parameter, Move-ItemProperty generates a PSCustomObject representing the moved item property. Otherwise, this cmdlet does not generate any output.

NOTES

The names of the Path, Destination, and Name parameters are optional. If you omit the parameter names, the unnamed parameter values must appear in this order: Path, Destination, Name. If you include the parameter names, the parameters can appear in any order.

You can also refer to Move-ItemProperty by its built-in Alias, “mp”. For more information, see about_aliases.

The Move-ItemProperty cmdlet is designed to work with the data exposed by any provider. To list the providers available in your session, type “Get-PSProvider“. For more information, see about_providers.

————————– EXAMPLE 1 ————————–

C:\PS>Move-Itemproperty HKLM:\Software\MyCompany\MyApp -Name `
Version -Destination HKLM:\Software\MyCompany\NewApp

    Description
    ———–
    This command moves the “Version” Registry value, and its data, from the MyApp subkey to the NewApp subkey of the HKLM\Software\MyCompany Registry key.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113351
    about_providers
    Clear-ItemProperty
    New-ItemProperty
    Copy-ItemProperty
    Rename-ItemProperty
    Get-ItemProperty
    Set-ItemProperty
    Remove-ItemProperty

cmdlet, Item, New

New-Item

February 26, 2014 Adam

NAME
New-Item

SYNOPSIS
Creates a new item.

SYNTAX
New-Item [-Path] <string[]> [-Credential <PSCredential>] [-Force] [-ItemType <string>] [-Value <Object>] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

New-Item -Name <string> [[-Path] <string[]>] [-Credential <PSCredential>] [-Force] [-ItemType <string>] [-Value <Object>] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

DESCRIPTION
The New-Item cmdlet creates a new item and sets its value. The types of items that can be created depend upon the location of the item. For example, in the file system, New-Item is used to create files and folders. In the Registry, New-Item creates Registry keys and entries.

New-Item can also set the value of the items that it creates. For example, when creating a new file, New-Item can add initial content to the file.

PARAMETERS
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

This parameter is not supported by any providers installed with Windows PowerShell

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Force [<SwitchParameter>]
Allows the cmdlet to create an item that writes over an existing read-only item. Implementation varies from provider to provider. For more information, see about_providers. Even using the Force parameter, the cmdlet cannot override security restrictions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ItemType <string>
Specifies the provider-specified type of the new item.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Name <string>
Specifies the name of the new item. You can use this parameter to specify the name of the new item, or include the name in the value of the Path parameter.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Path <string[]>
Specifies the path to the location of the new item. Wildcards are permitted.

You can specify the name of the new item in the Name parameter, or include it in the Path parameter.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Value <Object>
Specifies the value of the new item. You can also pipe a value to New-Item.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByValue, ByPropertyName)
        Accept wildcard characters? false

-Confirm [<SwitchParameter>]
Prompts you for confirmation before executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-WhatIf [<SwitchParameter>]
Describes what would happen if you executed the command without actually executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-UseTransaction [<SwitchParameter>]
Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_transactions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
System.Object
You can pipe a value for the new item to the New-Item cmdlet.

OUTPUTS
System.Object
New-Item returns the item that it creates.

NOTES

The New-Item cmdlet is designed to work with the data exposed by any provider. To list the providers available in your session, type “Get-PSProvider“. For more information, see about_providers.

————————– EXAMPLE 1 ————————–

C:\PS>New-Item -Path . -name testfile1.txt -type “file” -Value “This is a text string.”

    Description
    ———–
    This command creates a text file named testfile1.txt in the current directory. The dot (.) in the value of the Path parameter indicates the current directory. The quoted text that follows the Value parameter is added to the file as content.

————————– EXAMPLE 2 ————————–

C:\PS>New-Item -Path c:\ -name logfiles -type directory

    Description
    ———–
    This command creates a directory named Logfiles in the C: drive. The Type parameter specifies that the new item is a directory, not a file or other file system object.

————————– EXAMPLE 3 ————————–

C:\PS>New-Item -Path $profile -type file -Force

    Description
    ———–
    This command creates a Windows PowerShell profile in the path that is specified by the $profile Variable.

You can use profiles to customize Windows PowerShell. $Profile is an automatic (built-in) Variable that stores the path and file name of the CurrentUser/CurrentHost profile. By default, the profile does not exist, even though Windows PowerShell stores a path and file name for it.

In this command, the $profile Variable represents the path to the file. The Type parameter (or InfoType) specifies that the command creates a file. The Force parameter lets you create a file in the profile path, even when the directories in the path do not exist (Windows PowerShell creates them).

After you use this command to create a profile, you can enter Aliases, Functions, and scripts in the profile to customize your shell.

For more information, see about_Automatic_Variables and about_profiles.

————————– EXAMPLE 4 ————————–

C:\PS>New-Item -type directory -Path c:\ps-test\scripts

    Description
    ———–
    This command creates a new Scripts directory in the C:\PS-Test directory.

The name of the new directory item, Scripts, is included in the value of the Path parameter, instead of being specified in the value of the Name parameter. As indicated by the syntax, either command form is valid.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113353
    about_providers
    Get-Item
    Set-Item
    Remove-Item
    Clear-Item
    Invoke-Item
    Rename-Item
    Move-Item
    Copy-Item

cmdlet, ItemProperty, New

New-ItemProperty

February 26, 2014 Adam

NAME
New-ItemProperty

SYNOPSIS
Creates a new property for an item and sets its value. For example, you can use New-ItemProperty to create and change Registry values and data, which are properties of a Registry key.

SYNTAX
New-ItemProperty [-LiteralPath] <string[]> [-Name] <string> [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Force] [-Include <string[]>] [-PropertyType <string>] [-Value <Object>] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

New-ItemProperty [-Path] <string[]> [-Name] <string> [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Force] [-Include <string[]>] [-PropertyType <string>] [-Value <Object>] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

DESCRIPTION
The New-ItemProperty cmdlet creates a new property for a specified item and sets its value. Typically, this cmdlet is used to create new Registry values, because Registry values are properties of a Registry key item.

This cmdlet does not add properties to an object. To add a property to an instance of an object, use the Add-Member cmdlet. To add a property to all objects of a particular type, edit the Types.ps1xml file.

PARAMETERS
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

This parameter is not supported by any providers installed with Windows PowerShell.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Exclude <string[]>
Omits the specified items. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Filter <string>
Specifies a filter in the provider’s format or language. The value of this parameter qualifies the Path parameter.

The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects rather than having Windows PowerShell filter the objects after they are retrieved.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Force [<SwitchParameter>]
Allows the cmdlet to create a property on an object that cannot otherwise be accessed by the user. Implementation varies from provider to provider. For more information, see about_providers.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Include <string[]>
The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-LiteralPath <string[]>
Specifies a path to the item property. The value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Name <string>
Specifies a name for the new property. If the property is a Registry entry, this parameter specifies the name of the entry.

        Required?                    true
        Position?                    2
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Path <string[]>
Specifies the path to the item. This parameter identifies the item to which the new property will be added.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-PropertyType <string>
Specifies the type of property that will be added.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Value <Object>
Specifies the property value. If the property is a Registry entry, this parameter specifies the value of the entry.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Confirm [<SwitchParameter>]
Prompts you for confirmation before executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-WhatIf [<SwitchParameter>]
Describes what would happen if you executed the command without actually executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-UseTransaction [<SwitchParameter>]
Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_transactions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
None
You cannot pipe input to New-ItemProperty.

OUTPUTS
System.Management.Automation.PSCustomObject
New-ItemProperty returns a custom object that contains the new property.

NOTES

The New-ItemProperty cmdlet is designed to work with the data exposed by any provider. To list the providers available in your session, type “Get-PSProvider“. For more information, see about_providers.

————————– EXAMPLE 1 ————————–

C:\PS>New-Itemproperty -Path HKLM:\Software\MyCompany -Name NoOfEmployees -Value 822

C:\PS> Get-Itemproperty hklm:\software\mycompany

    PSPath        : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\software\mycompany
    PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\software
    PSChildName : mycompany
    PSDrive     : HKLM
    PSProvider    : Microsoft.PowerShell.Core\Registry
    NoOfLocations : 2
    NoOfEmployees : 822

    Description
    ———–
    This command adds a new Registry entry, NoOfEmployees, to the MyCompany key of the HKLM:\Software hive.

The first command uses the Path parameter to specify the path to the MyCompany Registry key. It uses the Name parameter to specify a name for the entry and the Value parameter to specify its value.

The second command uses the Get-ItemProperty cmdlet to see the new Registry entry.

————————– EXAMPLE 2 ————————–

C:\PS>Get-Item -Path HKLM:\Software\MyCompany | New-Itemproperty -Name NoOfLocations -Value 3

    Description
    ———–
    This command adds a new Registry entry to a Registry key. To specify the key, it uses a pipeline operator (|) to send an object representing the key to the New-ItemProperty cmdlet.

The first part of the command uses the Get-Item cmdlet to get the MyCompany Registry key. The pipeline operator (|) sends the results of the command to the New-ItemProperty cmdlet, which adds the new Registry entry, NoOfLocations, and its value, 3, to the MyCompany key.

This command works because the parameter-binding feature of Windows PowerShell associates the path of the RegistryKey object that Get-Item returns with the LiteralPath parameter of New-ItemProperty. For more information, see about_pipelines.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113354
    about_providers
    Clear-ItemProperty
    Copy-ItemProperty
    Move-ItemProperty
    Rename-ItemProperty
    Get-ItemProperty
    Set-ItemProperty
    Remove-ItemProperty

cmdlet, Invoke, Item

Invoke-Item

February 26, 2014 Adam

NAME
Invoke-Item

SYNOPSIS
Performs the default action on the specified item.

SYNTAX
Invoke-Item [-LiteralPath] <string[]> [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Include <string[]>] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

Invoke-Item [-Path] <string[]> [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Include <string[]>] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]

DESCRIPTION
The Invoke-Item cmdlet performs the default action on the specified item. For example, it runs an executable file or opens a document file in the application associated with the document file type. The default action depends on the type of item and is determined by the Windows PowerShell provider that provides access to the data.

PARAMETERS
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

This parameter is not supported by any providers installed with Windows PowerShell.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Exclude <string[]>
Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Filter <string>
Specifies a filter in the provider’s format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects rather than having Windows PowerShell filter the objects after they are retrieved.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Include <string[]>
Performs the default action only on the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-LiteralPath <string[]>
Specifies a path to the item. The value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Path <string[]>
Specifies the path to the selected item.

-Confirm [<SwitchParameter>]
Prompts you for confirmation before executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-WhatIf [<SwitchParameter>]
Describes what would happen if you executed the command without actually executing the command.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-UseTransaction [<SwitchParameter>]
Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_transactions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
System.String
You can pipe a string that contains a path to Invoke-Item.

OUTPUTS
None
The command does not generate any output. However, output might be generated by the item that it invokes.

NOTES

The Invoke-Item cmdlet is designed to work with the data exposed by any provider. To list the providers available in your session, type “Get-PsSProvider”. For more information, see about_providers.

————————– EXAMPLE 1 ————————–

C:\PS>Invoke-Item C:\Test\aliasApr04.doc

    Description
    ———–
    This command opens the file AliasApr04.doc in Microsoft Office Word. In this case, opening in Word is the default action for .doc files.

————————– EXAMPLE 2 ————————–

C:\PS>Invoke-Item “C:\Documents and Settings\Lister\My Documents\*.xls”

    Description
    ———–
    This command opens all of the Microsoft Office Excel spreadsheets in the C:\Documents and Settings\Lister\My Documents folder. Each spreadsheet is opened in a new instance of Excel. In this case, opening in Excel is the default action for .xls files.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113345
    about_providers
    Clear-Item
    Get-Item
    Move-Item
    Set-Item
    New-Item
    Remove-Item
    Rename-Item
    Copy-Item

cmdlet, Get, WSManInstance

Get-WSManInstance

February 26, 2014 Adam

NAME
Get-WSManInstance

SYNOPSIS
Displays management information for a resource instance specified by a Resource URI.

SYNTAX
Get-WSManInstance -SelectorSet <hashtable> [-ApplicationName <string>] [-ComputerName <string>] [-Credential <PSCredential>] [-Fragment <string>] [-Port <int>] [-UseSSL] [-ResourceURI] <Uri> [-Authentication <Authentication>] [-Dialect <Uri>] [-OptionSet <hashtable>] [-SessionOption <hashtable>] [<CommonParameters>]

Get-WSManInstance [-ApplicationName <string>] [-BasePropertiesOnly <switch>] [-ComputerName <string>] [-Credential <PSCredential>] [-Enumerate] [-filter <string>] [-Port <int>] [-References <switch>] [-ReturnType <string>] [-Shallow <switch>] [-UseSSL] [-ResourceURI] <Uri> [-Authentication <Authentication>] [-Dialect <Uri>] [-OptionSet <hashtable>] [-SessionOption <hashtable>] [<CommonParameters>]

Get-WSManInstance -ConnectionURI <Uri> -SelectorSet <hashtable> [-Fragment <string>] [-ResourceURI] <Uri> [-Authentication <Authentication>] [-Dialect <Uri>] [-OptionSet <hashtable>] [-SessionOption <hashtable>] [<CommonParameters>]

Get-WSManInstance -ConnectionURI <Uri> [-BasePropertiesOnly <switch>] [-Enumerate] [-filter <string>] [-References <switch>] [-ReturnType <string>] [-Shallow <switch>] [-ResourceURI] <Uri> [-Authentication <Authentication>] [-Dialect <Uri>] [-OptionSet <hashtable>] [-SessionOption <hashtable>] [<CommonParameters>]

DESCRIPTION
The Get-WSManInstance cmdlet retrieves an instance of a management resource that is specified by a resource URI. The information that is retrieved can be a complex XML information set (an object) or a simple value. This cmdlet is the equivalent to the standard WS-Management Get command.

This cmdlet uses the WS-Management connection/transport layer to retrieve information.

PARAMETERS
-ApplicationName <string>
Specifies the application name in the connection. The default value of the ApplicationName parameter is “WSMAN”. The complete identifier for the remote endpoint is in the following format:

For example:

http://server01:8080/WSMAN

Internet Information Services (IIS), which hosts the session, forwards requests with this endpoint to the specified application. This default setting of “WSMAN” is appropriate for most uses. This parameter is designed to be used when numerous computers establish remote connections to one computer that is running Windows PowerShell. In this case, IIS hosts Web Services for Management (WS-Management) for efficiency.

        Required?                    false
        Position?                    named
        Default value                WSMan
        Accept pipeline input?     false
        Accept wildcard characters? false

-Authentication <Authentication>
Specifies the authentication mechanism to be used at the server. Possible values are:

        – Basic: Basic is a scheme in which the user name and password are sent in clear text to the server or proxy.
        – Default : Use the authentication method implemented by the WS-Management protocol. This is the default.
        – Digest: Digest is a challenge-response scheme that uses a server-specified data string for the challenge.
        – Kerberos: The client computer and the server mutually authenticate by using Kerberos Certificates.
        – Negotiate: Negotiate is a challenge-response scheme that negotiates with the server or proxy to determine the scheme to use for authentication. For example, this parameter value allows negotiation to determine whether the Kerberos protocol or NTLM is used.
        – CredSSP: Use Credential Security Service Provider (CredSSP) authentication, which allows the user to delegate credentials. This option is designed for commands that run on one remote computer but collect data from or run additional commands on other remote computers.

Caution: CredSSP delegates the user’s credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.

        Required?                    false
        Position?                    named
        Default value                Default
        Accept pipeline input?     false
        Accept wildcard characters? false

-BasePropertiesOnly <switch>
Enumerates only the properties that are part of the base class that is specified by the ResourceURI parameter. This parameter has no effect if the Shallow parameter is specified.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ComputerName <string>
Specifies the computer against which you want to run the management operation. The value can be a fully qualified domain name, a NetBIOS name, or an IP address. Use the local computer name, use localhost, or use a dot (.) to specify the local computer. The local computer is the default. When the remote computer is in a different domain from the user, you must use a fully qualified domain name must be used. You can pipe a value for this parameter to the cmdlet.

        Required?                    false
        Position?                    named
        Default value                localhost
        Accept pipeline input?     false
        Accept wildcard characters? false

-ConnectionURI <Uri>
Specifies the connection endpoint. The format of this string is:

The following string is a properly formatted value for this parameter:

http://Server01:8080/WSMAN

The URI must be fully qualified.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user. Type a user name, such as “User01”, “Domain01\User01”, or “User@Domain.com”. Or, enter a PSCredential object, such as one returned by the Get-Credential cmdlet. When you type a user name, you will be prompted for a password.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Dialect <Uri>
Specifies the dialect to use in the filter predicate. This can be any dialect that is supported by the remote service. The following Aliases can be used for the dialect URI:

        – WQL: http://schemas.microsoft.com/wbem/wsman/1/WQL
        – Selector: http://schemas.microsoft.com/wbem/wsman/1/wsman/SelectorFilter
        – Association: http://schemas.dmtf.org/wbem/wsman/1/cimbinding/associationFilter

        Required?                    false
        Position?                    named
        Default value                http://schemas.microsoft.com/wbem/wsman/1/WQL
        Accept pipeline input?     false
        Accept wildcard characters? false

-Enumerate [<SwitchParameter>]
Returns all of the instances of a management resource.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-filter <string>
Specifies the filter expression for the enumeration. If you use this parameter, you must also specify the Dialect parameter.

The valid values of this parameter depend on the dialect that is specified in the Dialect parameter. For example, if the Dialect parameter is set to WQL, the Filter parameter must contain a string, and the string must contain a valid WQL query such as the following query:

“Select * from Win32_Service where State != Running”

If the Dialect parameter is set to Association, the Filter parameter must contain a string, and the string must contain a valid filter, such as the following filter:

-filter:Object=EPR[;AssociationClassName=AssocClassName][;ResultClassName=ClassName][;Role=RefPropertyName][;ResultRole=RefPropertyName]}

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Fragment <string>
Specifies a section inside the instance that is to be updated or retrieved for the specified operation. For example, to get the status of a spooler service, specify “-Fragment Status”.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-OptionSet <hashtable>
Passes a set of switches to a service to modify or refine the nature of the request. These are similar to switches used in command-line shells because they are service specific. Any number of options can be specified.

The following example demonstrates the syntax that passes the values 1, 2, and 3 for the a, b, and c parameters:

-OptionSet @{a=1;b=2;c=3}

-Port <int>
Specifies the port to use when the client connects to the WinRM service. When the transport is HTTP, the default port is 80. When the transport is HTTPS, the default port is 443. When you use HTTPS as the transport, the value of the ComputerName parameter must match the server’s Certificate common name (CN). However, if the SkipCNCheck parameter is specified as part of the SessionOption parameter, then the Certificate common name of the server does not have to match the host name of the server. The SkipCNCheck parameter should be used only for trusted computers.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-References <switch>
Indicates that association instances (not associated instances) should be retrieved. You can use this parameter only when the Dialect parameter is set to a value of “Association”.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ResourceURI <Uri>
Contains the Uniform Resource Identifier (URI) of the resource class or instance. The URI is used to identify a specific type of resource, such as disks or processes, on a computer.

A URI consists of a prefix and a path to a resource. For example:

http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_LogicalDisk
http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_NumericSensor

-ReturnType <string>
Specifies the type of data to be returned. The valid values are:

            Object (the default)
            EPR
            ObjectAndEPR

If Object is specified or if this parameter is not used, only objects are returned. If EPR (endpoint reference) is specified, only the endpoint references of the objects are returned. Endpoint references contain information about the resource URI and the selectors for the instance. If ObjectAndEPR is specified, both the object and its associated endpoint references are returned.

        Required?                    false
        Position?                    named
        Default value                Object
        Accept pipeline input?     false
        Accept wildcard characters? false

-SelectorSet <hashtable>
Specifies a set of value pairs that are used to select particular management resource instances. The SelectorSet parameter is used when more than one instance of the resource exists. The value of the SelectorSet parameter must be a hash table.

The following example shows how to enter a value for this parameter:

-SelectorSet @{Name=”WinRM”;ID=”yyy”}

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-SessionOption <hashtable>
Defines a set of extended options for the WS-Management session. Enter a SessionOption object that you create by using the New-WSManSessionOption cmdlet. For more information about the options that are available, see New-WSManSessionOption.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Shallow <switch>
Causes only instances of the base class that is specified in the resource URI to be returned. If this switch is not specified, instances of the base class that is specified in the URI and in all its derived classes is returned.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-UseSSL [<SwitchParameter>]
Specifies that the Secure Sockets Layer (SSL) protocol should be used to establish a connection to the remote computer. By default, SSL is not used.

WS-Management encrypts all the Windows PowerShell content that is transmitted over the network. The UseSSL parameter lets you specify the additional protection of HTTPS instead of HTTP. If SSL is not available on the port that is used for the connection and you specify this parameter, the command fails.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
None
This command does not accept any input.

OUTPUTS
System.Xml.XmlElement
The Get-WSManInstance cmdlet generates an XMLElement object.

NOTES

————————– EXAMPLE 1 ————————–

C:\PS>Get-WSManInstance wmicimv2/win32_service -SelectorSet @{name=”winrm”} -ComputerName server01

    xsi                     : http://www.w3.org/2001/XMLSchema-instance
    p                     : http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_Service
    cim                     : http://schemas.dmtf.org/wbem/wscim/1/common
    type                    : p:Win32_Service_Type
    lang                    : en-US
    AcceptPause             : false
    AcceptStop             : true
    Caption                 : Windows Remote Management (WS-Management)
    CheckPoint             : 0
    CreationClassName     : Win32_Service
    Description             : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote
                             management. WS-Management is a standard web services protocol used for remote software and
                             hardware management. The WinRM service listens on the network for WS-Management requests
                             and processes them. The WinRM Service needs to be configured with a listener using the
                             winrm.cmd command line tool or through Group Policy in order for it to listen over the
                             network. The WinRM service provides access to WMI data and enables event collection. Event
                             collection and subscription to events require that the service is running. WinRM messages
                             use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is
                             preconfigured to share a port with IIS on the same machine. The WinRM service reserves the
                             /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any
                             websites hosted on IIS do not use the /wsman URL prefix.
    DesktopInteract         : false
    DisplayName             : Windows Remote Management (WS-Management)
    ErrorControl            : Normal
    ExitCode                : 0
    InstallDate             : InstallDate
    Name                    : winrm
    PathName                : C:\Windows\System32\svchost.exe -k NetworkService
    ProcessId             : 948
    ServiceSpecificExitCode : 0
    ServiceType             : Share Process
    Started                 : true
    StartMode             : Auto
    StartName             : NT AUTHORITY\NetworkService
    State                 : Running
    Status                 : OK
    SystemCreationClassName : Win32_ComputerSystem
    SystemName             : SERVER01
    TagId                 : 0
    WaitHint                : 0

    Description
    ———–
    This command returns all of the information that Windows Management Instrumentation (WMI) exposes about the WinRM service on the remote server01 computer.

————————– EXAMPLE 2 ————————–

C:\PS>Get-WSManInstance wmicimv2/win32_service -SelectorSet @{name=”spooler”} -Fragment status -ComputerName server01

XmlFragment=OK

    Description
    ———–
    This command returns only the status of the Spooler service on the remote server01 computer.

————————– EXAMPLE 3 ————————–

C:\PS>Get-WSManInstance -enumerate wmicimv2/win32_process

    OSName                     : Microsoft Windows Vista Ultimate |C:\Windows|\Device\Harddisk0\Partition3
    OtherOperationCount        : 11441
    OtherTransferCount         : 428570
    PageFaults                 : 27346
    PageFileUsage             : 16428
    ParentProcessId            : 604
    PeakPageFileUsage         : 17588
    PeakVirtualSize            : 93876224
    PeakWorkingSetSize         : 12472
    Priority                 : 8
    PrivatePageCount         : 16822272
    ProcessId                 : 1160
    QuotaNonPagedPoolUsage     : 14
    QuotaPagedPoolUsage        : 126
    QuotaPeakNonPagedPoolUsage : 16
    QuotaPeakPagedPoolUsage    : 159
    ReadOperationCount         : 29568
    ReadTransferCount         : 1660581404
    SessionId                 : 0
    Status                     : Status
    TerminationDate            : TerminationDate
    ThreadCount                : 23
    UserModeTime             : 763156892
    VirtualSize                : 80846848
    WindowsVersion             : 6.0.6001
    WorkingSetSize             : 11624448
    WriteOperationCount        : 1913
    WriteTransferCount         : 6825768

    xsi                        : http://www.w3.org/2001/XMLSchema-instance
    p                         : http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_Process
    cim                        : http://schemas.dmtf.org/wbem/wscim/1/common
    type                     : p:Win32_Process_Type
    lang                     : en-US
    Caption                    : svchost.exe
    CommandLine                : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    CreationClassName         : Win32_Process
    CreationDate             : CreationDate
    CSCreationClassName        : Win32_ComputerSystem
    CSName                     : COMPUTER01
    Description                : svchost.exe
    ExecutablePath             : C:\Windows\System32\svchost.exe
    ExecutionState             : ExecutionState
    Handle                     : 1192
    HandleCount                : 832

…

    Description
    ———–
    This command returns all the instances of the WMI Win32_Process class on the local computer.

————————– EXAMPLE 4 ————————–

C:\PS>Get-WSManInstance -enumerate wmicimv2/win32_service -returntype epr

…

    Description
    ———–
    This command returns endpoint references that correspond to all the services on the local computer.

————————– EXAMPLE 5 ————————–

C:\PS>Get-WSManInstance -Enumerate wmicimv2/* -filter “select * from win32_service where StartMode = ‘Auto’ and State = ‘Stopped'” -ComputerName server01

…

    Description
    ———–
    This command lists all of the services that meet the following criteria on the remote server01 computer:

– The startup type of the service is “Automatic”.
– The service is stopped.

————————– EXAMPLE 6 ————————–

C:\PS>Get-WSManInstance winrm/config/listener -SelectorSet @{Address=”*”;Transport=”http”}

    cfg                 : http://schemas.microsoft.com/wbem/wsman/1/config/listener
    xsi                 : http://www.w3.org/2001/XMLSchema-instance
    lang                 : en-US
    Address             : *
    Transport             : HTTP
    Port                 : 80
    Hostname             :
    Enabled             : true
    URLPrefix             : WSMan
    CertificateThumbprint :
    ListeningOn         : {100.0.0.1, 123.123.123.123, ::1, 2001:4898:0:fff:0:5efe:123.123.123.123…}

    Description
    ———–
    This command lists the WS-Management listener configuration on the local computer for the listener that matches the criteria in the selector set.

————————– EXAMPLE 7 ————————–

C:\PS>Get-WSManInstance winrm/config/listener -SelectorSet @{Address=”*”;Transport=”http”} -ComputerName server01

    Description
    ———–
    This command lists the WS-Management listener configuration on the remote server01 computer for the listener that matches the criteria in the selector set.

————————– EXAMPLE 8 ————————–

C:\PS>Get-WSManInstance -Enumerate -Dialect association -filter “{Object=win32_service?name=winrm}” -res wmicimv2/*

    xsi                     : http://www.w3.org/2001/XMLSchema-instance
    p                         : http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_ComputerSystem
    cim                     : http://schemas.dmtf.org/wbem/wscim/1/common
    type                     : p:Win32_ComputerSystem_Type
    lang                     : en-US
    AdminPasswordStatus     : 1
    AutomaticManagedPagefile : true
    AutomaticResetBootOption : true
    AutomaticResetCapability : true
    BootOptionOnLimit         : BootOptionOnLimit
    BootOptionOnWatchDog     : BootOptionOnWatchDog
    BootROMSupported         : true
    BootupState             : Normal boot
    Caption                 : SERVER01
    ChassisBootupState        : 3
    CreationClassName         : Win32_ComputerSystem
    CurrentTimeZone         : -480
    DaylightInEffect         : false
    Description             : AT/AT COMPATIBLE
    DNSHostName             : server01
    Domain                    : site01.corp.fabrikam.com
    DomainRole                : 1
    EnableDaylightSavingsTime : true
    FrontPanelResetStatus     : 2
    InfraredSupported         : false
    InstallDate             : InstallDate
    KeyboardPasswordStatus    : 2
    LastLoadInfo             : LastLoadInfo
    Manufacturer             : Dell Inc.
    Model                     : OptiPlex 745
    Name                     : SERVER01
    NameFormat                : NameFormat
    NetworkServerModeEnabled : true
    NumberOfLogicalProcessors : 2
    NumberOfProcessors        : 1
    OEMStringArray            : www.dell.com
    PartOfDomain             : true
    PauseAfterReset         : -1
    PCSystemType             : 5
    PowerManagementSupported : PowerManagementSupported
    PowerOnPasswordStatus     : 1
    PowerState                : 0
    PowerSupplyState         : 3
    PrimaryOwnerContact     : PrimaryOwnerContact
    PrimaryOwnerName         : testuser01
    ResetCapability         : 1
    ResetCount                : -1
    ResetLimit                : -1
    Roles                     : {LM_Workstation, LM_Server, SQLServer, NT}
    Status                    : OK
    SystemStartupDelay        : SystemStartupDelay
    SystemStartupSetting     : SystemStartupSetting
    SystemType                : X86-based PC
    ThermalState             : 3
    TotalPhysicalMemory     : 3217760256
    UserName                 : FABRIKAM\testuser01
    WakeUpType                : 6
    Workgroup                 : Workgroup

    xsi                     : http://www.w3.org/2001/XMLSchema-instance
    p                     : http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_SystemDriver
    cim                     : http://schemas.dmtf.org/wbem/wscim/1/common
    type                    : p:Win32_SystemDriver_Type
    lang                    : en-US
    AcceptPause             : false
    AcceptStop             : true
    Caption                 : HTTP
    CreationClassName     : Win32_SystemDriver
    Description             : HTTP
    DesktopInteract         : false
    DisplayName             : HTTP
    ErrorControl            : Normal
    ExitCode                : 0
    InstallDate             : InstallDate
    Name                    : HTTP
    PathName                : C:\Windows\system32\drivers\HTTP.sys
    ServiceSpecificExitCode : 0
    ServiceType             : Kernel Driver
    Started                 : true
    StartMode             : Manual
    StartName             :
    State                 : Running
    Status                 : OK
    SystemCreationClassName : Win32_ComputerSystem
    SystemName             : SERVER01
    TagId                 : 0

    Description
    ———–
    This command gets the associated instances that are related to the specified instance (winrm).

Important: You must enclose the filter in quotation marks, as shown in the example.

————————– EXAMPLE 9 ————————–

C:\PS>Get-WSManInstance -Enumerate -Dialect association -References -filter “{Object=win32_service?name=winrm}” -res wmicimv2/*

    Description
    ———–
    This command gets association instances that are related to the specified instance (winrm). Because the Dialect parameter is set to “association” and the Reference parameter is used, this command returns association instances, not associated instances.

Important: You must enclose the filter in quotation marks, as shown in the example.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkId=141444
    Connect-WSMan
    Disable-WSManCredSSP
    Disconnect-WSMan
    Enable-WSManCredSSP
    Get-WSManCredSSP
    Invoke-WSManAction
    New-WSManInstance
    New-WSManSessionOption
    Remove-WSManInstance
    Set-WSManInstance
    Set-WSManQuickConfig
    Test-WSMan

cmdlet, Get, WinEvent

Get-WinEvent

February 26, 2014 Adam

NAME
Get-WinEvent

SYNOPSIS
Gets events from event logs and event tracing log files on local and remote computers.

SYNTAX
Get-WinEvent [-LogName] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [-FilterXPath <string>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

Get-WinEvent [-Path] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [-FilterXPath <string>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

Get-WinEvent [-ProviderName] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [-FilterXPath <string>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

Get-WinEvent -FilterHashTable <Hashtable[]> [-ComputerName <string>] [-Credential <PSCredential>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

Get-WinEvent [-ListLog] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [<CommonParameters>]

Get-WinEvent [-ListProvider] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [<CommonParameters>]

Get-WinEvent -FilterXml <XmlDocument> [-ComputerName <string>] [-Credential <PSCredential>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

DESCRIPTION
The Get-WinEvent cmdlet gets events from event logs, including classic logs, such as the System and Application logs, and the event logs that are generated by the new Windows Event Log technology introduced in Windows Vista. It also gets events in log files generated by Event Tracing for Windows (ETW).

Without parameters, a Get-WinEvent command gets all the events from all the event logs on the computer. To interrupt the command, press CTRL + C.

Get-WinEvent also lists event logs and event log providers. You can get events from selected logs or from logs generated by selected event providers. And, you can combine events from multiple sources in a single command. Get-WinEvent allows you to filter events by using XPath queries, structured XML queries, and simplified hash-table queries.

Note: Get-WinEvent requires Windows Vista, Windows Server 2008 R2, or later versions of Windows. And, it requires the Microsoft .NET Framework 3.5 or a later version.

PARAMETERS
-ComputerName <string>
Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.

This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.

To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default value is the current user.

Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.

        Required?                    false
        Position?                    named
        Default value                Current user
        Accept pipeline input?     false
        Accept wildcard characters? false

-FilterHashTable <Hashtable[]>
Uses a query in hash table format to select events from one or more event logs. The query contains a hash table with one or more key-value pairs.

        Hash table queries have the following rules:
        — Keys and values are case-insensitive.
        — Wildcard characters are valid only in the values associated with the LogName and ProviderName keys.
        — Each key can be listed only once in each hash-table.
        — The Path value takes paths to .etl, .evt, and .evtx log files.
        — The LogName, Path, and ProviderName keys can be used in the same query.
        — The UserID key can take a valid security identifier (SID) or a domain account name that can be used to construct a valid System.Security.Principal.NTAccount object.
        — The Data value takes event data in an unnamed field. This is for events in classic event logs.
        — The * key represents a named event data field.
        When Get-WinEvent cannot interpret a key-value pair, it interprets the key as a case-sensitive name for the event data in the event.

        The valid key-value pairs are as follows:
        — LogName=<String[]>
        — ProviderName=<String[]>
        — Path=<String[]>
        — Keywords=<Long[]>
        — ID=<Int32[]>
        — Level=<Int32[]>
        — StartTime=<DateTime>
        — EndTime=<DataTime>
        — UserID=<SID>
        — Data=<String[]>
        — *=<String[]>

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

-FilterXml <XmlDocument>
Uses a structured XML query to select events from one or more event logs.

To generate a valid XML query, use the Create Custom View and Filter Current Log features in Event Viewer. Use the items in the dialog box to create a query, and then click the XML tab to view the query in XML format. You can copy the XML from the XML tab into the value of the FilterXml parameter. For more information about the Event Viewer features, see Event Viewer Help.

Typically, you use an XML query to create a complex query that contains several XPath statements. The XML format also allows you to use a “Suppress” XML element that excludes events from the query. For more information about the XML schema for event log queries, see the following topics in the MSDN (Microsoft Developer Network) library.

— “Query Schema”: http://go.microsoft.com/fwlink/?LinkId=143685

— “XML Event Queries” in “Event Selection”: http://go.microsoft.com/fwlink/?LinkID=143608

        Required?                    true
        Position?                    named
        Default value                None
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

-FilterXPath <string>
Uses an XPath query to select events from one or more logs.

For more information about the XPath language, see “Selection Filters” in “Event Selection” and in the “XPath Reference” in the MSDN library.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

-Force <switch>
Gets debug and analytic logs, in addition to other event logs. The Force parameter is required to get a debug or analytic log when the value of the name parameter includes wildcard characters.

By default, Get-WinEvent excludes these logs unless you specify the full name of a debug or analytic log.

        Required?                    false
        Position?                    named
        Default value                Debugging and analytic logs are not returned in response to queries that use wildcard characters.
        Accept pipeline input?     false
        Accept wildcard characters? false

-ListLog <string[]>
Gets the specified event logs. Enter the event log names in a comma-separated list. Wildcards are permitted. To get all the logs, enter a value of *.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? true

-ListProvider <string[]>
Gets the specified event log providers. An event log provider is a program or service that writes events to the event log.

Enter the provider names in a comma-separated list. Wildcards are permitted. To get the providers of all the event logs on the computer, enter a value of *.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? true

-LogName <string[]>
Gets events from the specified event logs. Enter the event log names in a comma-separated list. Wildcards are permitted. You can also pipe log names to Get-WinEvent.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? true

-MaxEvents <int64>
Specifies the maximum number of events that Get-WinEvent returns. Enter an integer. The default is to return all the events in the logs or files.

        Required?                    false
        Position?                    named
        Default value                All events
        Accept pipeline input?     false
        Accept wildcard characters? false

-Oldest [<SwitchParameter>]
Returns the events in oldest-first order. By default, events are returned in newest-first order.

This parameter is required to get events from .etl and .evt files and from debug and analytic logs. In these files, events are recorded in oldest-first order, and the events can be returned only in oldest-first order.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Path <string[]>
Gets events from the specified event log files. Enter the paths to the log files in a comma-separated list, or use wildcard characters to create file path patterns.

Get-WinEvent supports files with the .evt, .evtx, and .etl file name extensions. You can include events from different files and file types in the same command.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? true

-ProviderName <string[]>
Gets events written by the specified event log providers. Enter the provider names in a comma-separated list, or use wildcard characters to create provider name patterns.

An event log provider is a program or service that writes events to the event log. It is not a Windows PowerShell provider.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? true

INPUTS
System.String, System.Xml.XmlDocument, System.Collections.Hashtable.
You can pipe a LogName (string), a FilterXML query, or a FilterHashTable query to Get-WinEvent.

OUTPUTS
    System.Diagnostics.Eventing.Reader.EventLogConfiguration, System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader.ProviderMetadata
        With the ListLog parameter, Get-WinEvent returns System.Diagnostics.Eventing.Reader.EventLogConfiguration objects. With the ListProvider parameter, Get-WinEvent returns
        System.Diagnostics.Eventing.Reader.ProviderMetadata objects. With all other parameters, Get-WinEvent returns System.Diagnostics.Eventing.Reader.EventLogRecord objects.

NOTES

Get-WinEvent is designed to replace the Get-EventLog cmdlet on computers running Windows Vista and later versions of Windows. Get-EventLog gets events only in classic event logs. Get-EventLog is retained in Windows PowerShell 2.0 for systems earlier than Windows Vista.

————————– EXAMPLE 1 ————————–

C:\PS>Get-WinEvent -listlog *

    Description
    ———–
    This command gets all the logs on the local computer.

Logs are listed in the order that Get-WinEvent gets them. Classic logs are usually retrieved first, followed by the new Windows Eventing logs.

Because there are typically more than a hundred event logs, this parameter requires a log name or name pattern. To get all the logs, use *.

————————– EXAMPLE 2 ————————–

C:\PS>Get-WinEvent -listlog Setup | Format-List -property *

        FileSize                     : 69632
        IsLogFull                     : False
        LastAccessTime                 : 2/14/2008 12:55:12 AM
        LastWriteTime                 : 7/9/2008 3:12:05 AM
        OldestRecordNumber             : 1
        RecordCount                    : 3
        LogName                        : Setup
        LogType                        : Operational
        LogIsolation                 : Application
        IsEnabled                     : True
        IsClassicLog                 : False
        SecurityDescriptor             : O:BAG:SYD:(A;;0xf0007;;;SY)(A;
                                         (A;;0x1;;;S-1-5-32-573)
        LogFilePath                    : %SystemRoot%\System32\Winevt\L
        MaximumSizeInBytes             : 1052672
        LogMode                        : Circular
        OwningProviderName             : Microsoft-Windows-Eventlog
        ProviderNames                 : {Microsoft-Windows-WUSA, Micro
        ProviderLevel                 :
        ProviderKeywords             :
        ProviderBufferSize             : 64
        ProviderMinimumNumberOfBuffers : 0
        ProviderMaximumNumberOfBuffers : 64
        ProviderLatency                : 1000
        ProviderControlGuid            :

    Description
    ———–
    These commands get an object that represents the classic System log on the local computer. The object includes useful information about the log, including its size, event log provider, file path, and whether it is enabled.

————————– EXAMPLE 3 ————————–

C:\PS>Get-WinEvent -listlog * -ComputerName Server01| where {$_.recordcount}

    Description
    ———–
    This command gets only event logs on the Server01 computer that contain events. Many logs might be empty.

The command uses the RecordCount property of the EventLogConfiguration object that Get-WinEvent returns when you use the ListLog parameter.

————————– EXAMPLE 4 ————————–

C:\PS>$s = “Server01”, “Server02”, “Server03”

C:\PS> foreach ($server in $s)
{$server; Get-WinEvent -listlog “Windows PowerShell” -ComputerName $server}

    Description
    ———–
    The commands in this example get objects that represent the Windows PowerShell event logs on the Server01, Server02, and Server03 computers. This command uses the Foreach keyword because the ComputerName parameter takes only one value.

The first command saves the names of the computers in the $s Variable.

The second command uses a Foreach statement. For each of the computers in the $s Variable, it performs the command in the script block (within the braces). First, the command prints the name of the computer. Then, it runs a Get-WinEvent command to get an object that represents the Windows PowerShell log.

————————– EXAMPLE 5 ————————–

C:\PS>Get-WinEvent -listprovider *

    Description
    ———–
    This command gets the event log providers on the local computer and the logs to which they write, if any.

————————– EXAMPLE 6 ————————–

C:\PS>(Get-WinEvent -listlog Application).providernames

    Description
    ———–
    This command gets all of the providers that write to the Application log on the local computer.

————————– EXAMPLE 7 ————————–

C:\PS>>Get-WinEvent -listprovider *policy*

    Description
    ———–
    This command gets the event log providers whose names include the word “policy.”

————————– EXAMPLE 8 ————————–

C:\PS>(Get-WinEvent -listprovider microsoft-windows-grouppolicy).events | Format-Table id, description -auto

    Description
    ———–
    This command lists the event IDs that the Microsoft-Windows-GroupPolicy event provider generates along with the event description.

It uses the Events property of the object that Get-WinEvent returns when you use the ListProvider parameter, and it uses the ID and Description properties of the object in the Events property.

————————– EXAMPLE 9 ————————–

C:\PS>$events = Get-WinEvent -LogName “Windows PowerShell”

C:\PS> $events.count
195

    C:\PS> $events | Group-Object id -noelement | Sort-Object count -desc
    Count Name
    —– —-
     147 600
     22 400
     21 601
        3 403
        2 103

     C:\PS> $events | Group-Object leveldisplayname -noelement
    Count Name
    —– —-
        2 Warning
     193 Information

    Description
    ———–
    This example shows how to use the properties of the event objects that Get-WinEvent returns to learn about the events in an event log.

The first command uses the Get-WinEvent cmdlet to get all of the events in the Windows PowerShell event log. Then, it saves them in the $events Variable. The log name is enclosed in quotation marks because it contains a space.

The second command uses the Count property of object collections to find the number of entries in the event log.

The third command displays the incidence of each event in the log, with the most frequent events first. In this example, event ID 600 is the most frequent event.

The fourth command groups the items by the value of their LevelDisplayName property to show how many Error, Warning, and Information events are in the log.

————————– EXAMPLE 10 ————————–

C:\PS>Get-WinEvent -LogName *disk*, Microsoft-Windows-Kernel-WHEA

    Description
    ———–
    This command gets the error events whose names include “disk” from all of the event logs on the computer and from the Microsoft-Windows-Kernel-WHEA event log.

————————– EXAMPLE 11 ————————–

C:\PS>Get-WinEvent -path ‘c:\ps-test\Windows PowerShell.evtx’

    Description
    ———–
    This command gets events from a copy of the Windows PowerShell event log file in a test directory. The path is enclosed in quotation marks because the log name includes a space.

————————– EXAMPLE 12 ————————–

C:\PS>Get-WinEvent -path ‘c:\tracing\tracelog.etl’ -MaxEvents 100 -Oldest

C:\PS> Get-WinEvent -path ‘c:\tracing\tracelog.etl’ -Oldest | Sort-Object -property timecreated -desc | Select-Object -first 100

    Description
    ———–
    These commands get the first 100 events from an Event Tracing for Windows (ETW) event trace log file.

The first command gets the 100 oldest events in the log. It uses the Get-WinEvent cmdlet to get events from the Tracelog.etl file. It uses the MaxEvents parameter to limit the retrieval to 100 events. Because the events are listed in the order in which they are written to the log (oldest first), the Oldest parameter is required.

The second command gets the 100 newest events in the log. It uses the Get-WinEvent cmdlet to get all the events from the Tracing.etl file. It passes
the events to the Sort-Object cmdlet, which sorts them in descending order by the value of the TimeCreated property. Then, it sends the sorted events to the Select-Object cmdlet to select the newest 100 events.

————————– EXAMPLE 13 ————————–

C:\PS>Get-WinEvent -path “c:\tracing\tracelog.etl”, “c:\Logs\Windows PowerShell.evtx” -Oldest | where {$_.id -eq “103”}

    Description
    ———–
    This example shows how to get the events from an event trace log file (.etl) and from a copy of the Windows PowerShell log file (.evtx) that was saved to a test directory.

You can combine multiple file types in a single command. Because the files contain the same type of .NET Framework object (an EventLogRecord object), you can use the same properties to filter them.

Note that the command requires the Oldest parameter because it is reading from an .etl file, but the Oldest parameter applies to both of the files.

————————– EXAMPLE 14 ————————–

    C:\PS># Use the Where-Object cmdlet
    C:\PS> $yesterday = (Get-Date) – (New-TimeSpan -day 1)
    C:\PS> Get-WinEvent -LogName “Windows PowerShell” | where {$_.timecreated -ge $yesterday}

    # Uses FilterHashTable
    C:\PS> $yesterday = (Get-Date) – (New-TimeSpan -day 1)
    C:\PS> Get-WinEvent -FilterHashTable @{LogName=’Windows PowerShell’; Level=3; StartTime=$yesterday}

# Use FilterXML
C:\PS> Get-WinEvent -FilterXML “<QueryList><Query><Select Path=’Windows PowerShell’>*[System[Level=3 and TimeCreated[timediff(@SystemTime) <= 86400000]]]</Select></Query></QueryList>”

# Use FilterXPath
C:\PS> Get-WinEvent -LogName “Windows Powershell” -FilterXPath “*[System[Level=3 and TimeCreated[timediff(@SystemTime) <= 86400000]]]”

    Description
    ———–
    This example shows different filtering methods for selecting events from an event log. All of these commands get events that occurred in the last 24 hours from the Windows PowerShell event log.

The filter methods are more efficient than using the Where-Object cmdlet because the filters are applied while the objects are being retrieved, rather than retrieving all the objects and then filtering them.

Because dates are difficult to formulate in the XML and XPath formats, to create the XML content for the date, the Filter Current Log feature of Event Viewer is used. For more information about this feature, see Event Viewer Help.

————————– EXAMPLE 15 ————————–

C:\PS>$date = (Get-Date).AddDays(-2)

C:\PS> $events = Get-WinEvent -FilterHashTable @{ logname = “Microsoft-Windows-Diagnostics-Performance/Operational”; StartTime = $date; ID = 100 }

    Description
    ———–
    This example uses a filter hash table to get events from the performance log.

The first command uses the Get-Date cmdlet and the AddDays method to get a date that is two days before the current date. It saves the date in the $date Variable.

The second command uses the Get-WinEvent cmdlet with the FilterHashTable parameter. The keys in the hash table define a filter that selects events from the performance log that occurred within the last two days and that have event ID 100.

The LogName key specifies the event log, the StartTime key specifies the date, and the ID key specifies the event ID.

————————– EXAMPLE 16 ————————–

C:\PS>$starttime = (Get-Date).adddays(-7)

C:\PS> $ie-error = Get-WinEvent -FilterHashtable @{logname=”application”; providername=”Application Error”; data=”iexplore.exe”; starttime=$starttime}

    Description
    ———–
    This example uses a filter hash table to find Internet Explorer application errors that occurred within the last week.

The first command gets the date that is seven days before the current date and stores it in the $starttime Variable.

The second command uses the Get-WinEvent cmdlet with the FilterHashTable parameter. The keys in the hash table define a filter that selects events from the Application log that were written by the Application Error provider and include the phrase “iexplore.exe”.

The LogName key specifies the event log. The ProviderName key specifies the event provider, the StartTime key specifies the starting date of the events, and the Data key specifies the text in the event message.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=138336
    Get-EventLog
    Get-Counter
    about_eventlogs

cmdlet, Get, WmiObject

Get-WmiObject

February 26, 2014 Adam

NAME
Get-WmiObject

SYNOPSIS
Gets instances of Windows Management Instrumentation (WMI) classes or information about the available classes.

SYNTAX
Get-WmiObject [-Authority <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

Get-WmiObject [[-Class] <string>] [-Authority <string>] [-List] [-Recurse] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

Get-WmiObject [-Authority <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

Get-WmiObject [-Class] <string> [[-Property] <string[]>] [-Authority <string>] [-DirectRead] [-Filter <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

Get-WmiObject -Query <string> [-Authority <string>] [-DirectRead] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

DESCRIPTION
The Get-WmiObject cmdlet gets instances of WMI classes or information about the available WMI classes. The ComputerName parameter can always be used to specify a remote computer. If the List parameter is specified, the cmdlet gets information about the WMI classes that are available in a specified namespace. If the Query parameter is specified, the cmdlet runs a WMI query language (WQL) statement.

The Get-WmiObject cmdlet does not use the Windows PowerShell remoting infrastructure to perform remote operations. You can use the ComputerName parameter of the Get-WmiObject cmdlet even if your computer does not meet the requirements for Windows PowerShell remoting and even if your computer is not configured for remoting in Windows PowerShell.

PARAMETERS
-Amended [<SwitchParameter>]
Gets or sets a value that indicates whether the objects that are returned from WMI should contain amended information. Typically, amended information is localizable information, such as object and property descriptions, that is attached to the WMI object..

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-AsJob [<SwitchParameter>]
Runs the command as a background job. Use this parameter to run commands that take a long time to finish.

When you use the AsJob parameter, the command returns an object that represents the background job and then displays the command prompt. You can continue to work in the session while the job finishes. If Get-WmiObject is used against a remote computer, the job is created on the local computer, and the results from remote computers are automatically returned to the local computer. To manage the job, use the cmdlets that contain the Job noun (the Job cmdlets). To get the job results, use the Receive-Job cmdlet.

Note: To use this parameter with remote computers, the local and remote computers must be configured for remoting. Additionally, you must start Windows PowerShell by using the “Run as administrator” option in Windows Vista and later versions of Windows,. For more information, see about_remote_requirements.

For more information about Windows PowerShell background jobs, see about_jobs and about_remote_Jobs.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Authentication <AuthenticationLevel>
Specifies the authentication level to be used with the WMI connection. Valid values are:

        -1: Unchanged
        0: Default
        1: None (No authentication in performed.)
        2: Connect (Authentication is performed only when the client establishes a relationship with the application.)
        3: Call (Authentication is performed only at the beginning of each call when the application receives the request.)
        4: Packet (Authentication is performed on all the data that is received from the client.)
        5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.)
        6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.)

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Authority <string>
Specifies the authority to use to authenticate the WMI connection. You can specify standard NTLM or Kerberos authentication. To use NTLM, set the authority setting to ntlmdomain:<DomainName>, where <DomainName> identifies a valid NTLM domain name. To use Kerberos, specify kerberos:<DomainName>\<ServerName>”. You cannot include the authority setting when you connect to the local computer.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Class <string>
Specifies the name of a WMI class. When this parameter is used, the cmdlet retrieves instances of the WMI class.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ComputerName <string[]>
Specifies the computer against which you want to run the management operation. The value can be a fully qualified domain name, a NetBIOS name, or an IP address. Use the local computer name, use localhost, or use a dot (.) to specify the local computer. The local computer is the default. When the remote computer is in a different domain from the user, you must use a fully qualified domain name. This parameter can also be piped to the cmdlet.

This parameter does not rely on Windows PowerShell remoting, which uses WS-Management ). You can use the ComputerName parameter of Get-WmiObject even if your computer is not configured to run WS-Management remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user. Type a user name, such as “User01”, “Domain01\User01”, or User@Contoso.com. Or, enter a PSCredential object, such as an object that is returned by the Get-Credential cmdlet. When you type a user name, you will be prompted for a password.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-DirectRead [<SwitchParameter>]
Specifies whether direct access to the WMI provider is requested for the specified class without any regard to its base class or to its derived classes.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-EnableAllPrivileges [<SwitchParameter>]
Enables all the privileges of the current user before the command makes the WMI call.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Filter <string>
Specifies a Where clause to use as a filter. Uses the syntax of the WMI Query Language (WQL).

Important: Do not include the Where keyword in the value of the parameter. For example, the following commands return only the logical disks that where the DeviceID equals ‘c:’ and the services where the name equals ‘WinRM’, without using the Where keyword:

Get-WmiObject Win32_LogicalDisk -Filter “DeviceID = ‘c:’ ”
Get-WmiObject win32_service -Filter “name=’WinRM'”

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Impersonation <ImpersonationLevel>
Specifies the impersonation level to use. Valid values are:

        0: Default (reads the local Registry for the default impersonation level , which is usually set to “3: Impersonate”.)
        1: Anonymous (Hides the credentials of the caller.)
        2: Identify (Allows objects to query the credentials of the caller.)
        3: Impersonate (Allows objects to use the credentials of the caller.)
        4: Delegate (Allows objects to permit other objects to use the credentials of the caller.)

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-List [<SwitchParameter>]
Specifies whether to retrieve and display the names of the WMI classes in the WMI repository namespace that is specified in the Namespace parameter. The Default Namespace Registry entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting Registry key is not used by this cmdlet to determine the default namespace. If you specify the List parameter but not the Namespace parameter, the root\CIMV2 namespace is used by default.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Locale <string>
Specifies the preferred locale for WMI objects. Specify the value of the Locale parameter as an array in the MS_<LCID> format in the preferred order .

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Namespace <string>
When used with the Class parameter, this parameter specifies the WMI repository namespace where the referenced WMI class is located. When used with the List parameter, it specifies the namespace from which to gather WMI class information.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Property <string[]>
Specifies the WMI class property or set of properties to retrieve.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Query <string>
Specifies a WMI Query Language (WQL) statement to run. Event queries are not supported by this parameter.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Recurse [<SwitchParameter>]
Makes the command search the current namespace and all other namespaces for the class name that is specified in the Class parameter.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-ThrottleLimit <int>
Allows the user to specify a throttling value for the number of WMI operations that can be executed simultaneously. This parameter is used together with the AsJob parameter.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
None
You cannot pipe input to Get-WmiObject.

OUTPUTS
PSObject or System.Management.Automation.RemotingJob
When you use the AsJob parameter, the cmdlet returns a job object. Otherwise, the object that Get-WmiObject returns depends on the value of the Class parameter.

NOTES

To access WMI information on a remote computer, the cmdlet must run under an account that is a member of the local administrators group on the remote computer. Alternatively, the default access control on the WMI namespace of the remote repository can be changed to give other account access rights.

By default, only some of the properties of a WMI class are displayed. The set of properties that will be displayed for each WMI class is specified in the Types.ps1xml configuration file. One of the examples included in this Help topic demonstrates how to override this behavior by using the Format-List cmdlet.

————————– EXAMPLE 1 ————————–

C:\PS>Get-WmiObject win32_process

    __GENUS                    : 2
    __CLASS                    : Win32_Process
    __SUPERCLASS             : CIM_Process
    __DYNASTY                 : CIM_ManagedSystemElement
    __RELPATH                 : Win32_Process.Handle=”0″
    __PROPERTY_COUNT         : 45
    __DERIVATION             : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER                 : SYSTEM01
    __NAMESPACE                : root\cimv2
    __PATH                     : \\SYSTEM01\root\cimv2:Win32_Process.Handle=”0″
    Caption                    : System Idle Process
    CommandLine                :
    CreationClassName         : Win32_Process
    CreationDate             :
    CSCreationClassName        : Win32_ComputerSystem
    CSName                     : SYSTEM01
    Description                : System Idle Process
    ExecutablePath             :
    ExecutionState             :
    Handle                     : 0
    HandleCount                : 0
    InstallDate                :
    KernelModeTime             : 6138394740432
    MaximumWorkingSetSize     :
    MinimumWorkingSetSize     :
    Name                     : System Idle Process
    OSCreationClassName        : Win32_OperatingSystem
    OSName                     : Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition3
    OtherOperationCount        : 0
    OtherTransferCount         : 0
    PageFaults                 : 0
    PageFileUsage             : 0
    ParentProcessId            : 0
    PeakPageFileUsage         : 0
    PeakVirtualSize            : 0
    PeakWorkingSetSize         : 0
    Priority                 : 0
    PrivatePageCount         : 0
    ProcessId                 : 0
    QuotaNonPagedPoolUsage     : 0
    QuotaPagedPoolUsage        : 0
    QuotaPeakNonPagedPoolUsage : 0
    QuotaPeakPagedPoolUsage    : 0
    ReadOperationCount         : 0
    ReadTransferCount         : 0
    SessionId                 : 0
    Status                     :
    TerminationDate            :
    ThreadCount                : 2
    UserModeTime             : 0
    VirtualSize                : 0
    WindowsVersion             : 6.0.6001
    WorkingSetSize             : 24576
    WriteOperationCount        : 0
    WriteTransferCount         : 0
    ProcessName                : System Idle Process
    Handles                    : 0
    VM                         : 0
    WS                         : 24576
    Path                     :

…

    Description
    ———–
    This command displays information about all the processes that are running on a computer.

————————– EXAMPLE 2 ————————–

C:\PS>Get-WmiObject win32_service -ComputerName 127.0.0.1

    __GENUS                    : 2
    __CLASS                    : Win32_Process
    __SUPERCLASS             : CIM_Process
    __DYNASTY                 : CIM_ManagedSystemElement
    __RELPATH                 : Win32_Process.Handle=”0″
    __PROPERTY_COUNT         : 45
    __DERIVATION             : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER                 : SYSTEM02
    __NAMESPACE                : root\cimv2
    __PATH                     : \\SYSTEM02\root\cimv2:Win32_Process.Handle=”0″
    Caption                    : System Idle Process
    CommandLine                :
    CreationClassName         : Win32_Process
    CreationDate             :
    CSCreationClassName        : Win32_ComputerSystem
    CSName                     : SYSTEM02
    Description                : System Idle Process
    ExecutablePath             :
    ExecutionState             :
    Handle                     : 0
    HandleCount                : 0
    InstallDate                :
    KernelModeTime             : 6138394740432
    MaximumWorkingSetSize     :
    MinimumWorkingSetSize     :
    Name                     : System Idle Process
    OSCreationClassName        : Win32_OperatingSystem
    OSName                     : Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition3
    OtherOperationCount        : 0
    OtherTransferCount         : 0
    PageFaults                 : 0
    PageFileUsage             : 0
    ParentProcessId            : 0
    PeakPageFileUsage         : 0
    PeakVirtualSize            : 0
    PeakWorkingSetSize         : 0
    Priority                 : 0
    PrivatePageCount         : 0
    ProcessId                 : 0
    QuotaNonPagedPoolUsage     : 0
    QuotaPagedPoolUsage        : 0
    QuotaPeakNonPagedPoolUsage : 0
    QuotaPeakPagedPoolUsage    : 0
    ReadOperationCount         : 0
    ReadTransferCount         : 0
    SessionId                 : 0
    Status                     :
    TerminationDate            :
    ThreadCount                : 2
    UserModeTime             : 0
    VirtualSize                : 0
    WindowsVersion             : 6.0.6001
    WorkingSetSize             : 24576
    WriteOperationCount        : 0
    WriteTransferCount         : 0
    ProcessName                : System Idle Process
    Handles                    : 0
    VM                         : 0
    WS                         : 24576
    Path                     :

…

    Description
    ———–
    This command displays information about the services on the remote computer. It displays the information by specifying the Internet Protocol (IP) address 127.0.0.1. You can change this IP address to any other valid IP address on your network so that you can display information about the services on that remote computer. By default, the account you are running under must be a member of the local administrators group on the remote computer that you specify .

————————– EXAMPLE 3 ————————–

C:\PS>Get-WmiObject -Namespace “root/default” -list

NameSpace: ROOT\default

    Name                                Methods             Properties
    —-                                ——-             ———-
    __NotifyStatus                     {}                 {StatusCode}
    __ExtendedStatus                    {}                 {Description, Operation, ParameterInfo, ProviderName…}
    __SecurityRelatedClass             {}                 {}
    __Trustee                         {}                 {Domain, Name, SID, SidLength…}
    __NTLMUser9X                        {}                 {Authority, Flags, Mask, Name…}
    __ACE                             {}                 {AccessMask, AceFlags, AceType, GuidInheritedObjectType…}
    __SecurityDescriptor                {}                 {ControlFlags, DACL, Group, Owner…}
    __PARAMETERS                        {}                 {}
    __SystemClass                     {}                 {}
    __ProviderRegistration             {}                 {provider}
    __EventProviderRegistration         {}                 {EventQueryList, provider}
    __ObjectProviderRegistration        {}                 {InteractionType, provider, QuerySupportLevels, SupportsBat…
    __ClassProviderRegistration         {}                 {CacheRefreshInterval, InteractionType, PerUserSchema, prov…
    __InstanceProviderRegistration     {}                 {InteractionType, provider, QuerySupportLevels, SupportsBat…
    __MethodProviderRegistration        {}                 {provider}
    __PropertyProviderRegistration     {}                 {provider, SupportsGet, SupportsPut}
    __EventConsumerProviderRegistration {}                 {ConsumerClassNames, provider}
    __thisNAMESPACE                     {}                 {SECURITY_DESCRIPTOR}
    __NAMESPACE                         {}                 {Name}
    __IndicationRelated                 {}                 {}
    __FilterToConsumerBinding         {}                 {Consumer, CreatorSID, DeliverSynchronously, DeliveryQoS…}
    __EventConsumer                     {}                 {CreatorSID, MachineName, MaximumQueueSize}
    LogFileEventConsumer                {}                 {CreatorSID, Filename, IsUnicode, MachineName…}
    ActiveScriptEventConsumer         {}                 {CreatorSID, KillTimeout, MachineName, MaximumQueueSize…}
    NTEventLogEventConsumer             {}                 {Category, CreatorSID, EventID, EventType…}
    SMTPEventConsumer                 {}                 {BccLine, CcLine, CreatorSID, FromLine…}
    CommandLineEventConsumer            {}                 {CommandLineTemplate, CreateNewConsole, CreateNewProcessGro…
    __AggregateEvent                    {}                 {NumberOfEvents, Representative}
    __TimerNextFiring                 {}                 {NextEvent64BitTime, TimerId}
    __EventFilter                     {}                 {CreatorSID, EventAccess, EventNamespace, Name…}
    __Event                             {}                 {SECURITY_DESCRIPTOR, TIME_CREATED}
    __NamespaceOperationEvent         {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __NamespaceModificationEvent        {}                 {PreviousNamespace, SECURITY_DESCRIPTOR, TargetNamespace, T…
    __NamespaceDeletionEvent            {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __NamespaceCreationEvent            {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __ClassOperationEvent             {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __ClassDeletionEvent                {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __ClassModificationEvent            {}                 {PreviousClass, SECURITY_DESCRIPTOR, TargetClass, TIME_CREA…
    __ClassCreationEvent                {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __InstanceOperationEvent            {}                 {SECURITY_DESCRIPTOR, TargetInstance, TIME_CREATED}
    __InstanceCreationEvent             {}                 {SECURITY_DESCRIPTOR, TargetInstance, TIME_CREATED}

…

    Description
    ———–
    This command displays the WMI classes in the root or default namespace of the local computer.

————————– EXAMPLE 4 ————————–

C:\PS>Get-WmiObject -query “select * from win32_service where name=’WinRM'” -ComputerName server01, server02

    ExitCode : 0
    Name     : WinRM
    ProcessId : 1708
    StartMode : Auto
    State     : Running
    Status    : OK

    ExitCode : 0
    Name     : WinRM
    ProcessId : 948
    StartMode : Auto
    State     : Running
    Status    : OK

    Description
    ———–
    This command displays information about the WinRM service on the computers that are specified in the ComputerName parameter.

————————– EXAMPLE 5 ————————–

C:\PS>(Get-WmiObject win32_service -Filter “name=’WinRM'” -ComputerName server01).StopService()

    __GENUS         : 2
    __CLASS         : __PARAMETERS
    __SUPERCLASS     :
    __DYNASTY        : __PARAMETERS
    __RELPATH        :
    __PROPERTY_COUNT : 1
    __DERIVATION     : {}
    __SERVER         :
    __NAMESPACE     :
    __PATH         :
    ReturnValue     : 0

Another query using Get-WmiObject -query “select * from win32_service where name=’WinRM'” -ComputerName server01, shows the service as stopped.

    ExitCode : 0
    Name     : WinRM
    ProcessId : 0
    StartMode : Auto
    State     : Stopped
    Status    : OK

    Description
    ———–
    This command stops the WinRM service on the Server01 remote computer. The command uses the standard Get-WmiObject command and adds a call to the StopService method of the Win32_Service WMI class.

————————– EXAMPLE 6 ————————–

C:\PS>Get-WmiObject win32_bios | Format-List *

    Status                : OK
    Name                 : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    Caption             : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    SMBIOSPresent         : True
    __GENUS             : 2
    __CLASS             : Win32_BIOS
    __SUPERCLASS         : CIM_BIOSElement
    __DYNASTY             : CIM_ManagedSystemElement
    __RELPATH             : Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementID=”Phoenix ROM BIOS
                             PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSystem=0,Version=”DELL – 14”
    __PROPERTY_COUNT     : 27
    __DERIVATION         : {CIM_BIOSElement, CIM_SoftwareElement, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER             : SERVER01
    __NAMESPACE         : root\cimv2
    __PATH                : \\SERVER01\root\cimv2:Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,Software
                            ElementID=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSys
                            tem=0,Version=”DELL – 14”
    BiosCharacteristics : {7, 9, 10, 11…}
    BIOSVersion         : {DELL – 14, Phoenix ROM BIOS PLUS Version 1.10 2.3.1 , Phoenix ROM BIOS PLUS Version 1.10 2.3
                            .1 , Phoenix ROM BIOS PLUS Version 1.10 2.3.1 }
    BuildNumber         :
    CodeSet             :
    CurrentLanguage     : en|US|iso8859-1
    Description         : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    IdentificationCode    :
    InstallableLanguages : 1
    InstallDate         :
    LanguageEdition     :
    ListOfLanguages     : {en|US|iso8859-1}
    Manufacturer         : Dell Inc.
    OtherTargetOS         :
    PrimaryBIOS         : True
    ReleaseDate         : 20070521000000.000000+000
    SerialNumber         : 8PWRVD1
    SMBIOSBIOSVersion     : 2.3.1
    SMBIOSMajorVersion    : 2
    SMBIOSMinorVersion    : 3
    SoftwareElementID     : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    SoftwareElementState : 3
    TargetOperatingSystem : 0
    Version             : DELL – 14
    Scope                 : System.Management.ManagementScope
    Path                 : \\SERVER01\root\cimv2:Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,Software
                            ElementID=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSys
                            tem=0,Version=”DELL – 14”
    Options             : System.Management.ObjectGetOptions
    ClassPath             : \\SERVER01\root\cimv2:Win32_BIOS
    Properties            : {BiosCharacteristics, BIOSVersion, BuildNumber, Caption…}
    SystemProperties     : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY…}
    Qualifiers            : {dynamic, Locale, provider, UUID}
    Site                 :
    Container             :

    Description
    ———–
    This command displays BIOS information. It displays all the properties of the WMI class, not just the properties that are specified in the Types.ps1xml configuration file.

————————– EXAMPLE 7 ————————–

C:\PS>Get-WmiObject win32_service -Credential FABRIKAM\administrator -computer fabrikam

    ExitCode : 0
    Name     : AeLookupSvc
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 1077
    Name     : ALG
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 1077
    Name     : AppIDSvc
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 0
    Name     : Appinfo
    ProcessId : 888
    StartMode : Manual
    State     : Running
    Status    : OK

    ExitCode : 1077
    Name     : AppMgmt
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

…

    Description
    ———–
    This command displays service information on a computer named Fabrikam. It specifies a user account name by using the Credential parameter, which causes a dialog box to be displayed in which you enter the corresponding password.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113337
    Invoke-WmiMethod
    Remove-WmiObject
    Set-WmiInstance
    Get-WSManInstance
    Invoke-WSManAction
    New-WSManInstance
    Remove-WSManInstance

cmdlet, Get, Item

Get-Item

February 26, 2014 Adam

NAME
Get-Item

SYNOPSIS
Gets the item at the specified location.

SYNTAX
Get-Item [-LiteralPath] <string[]> [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Force] [-Include <string[]>] [-UseTransaction] [<CommonParameters>]

Get-Item [-Path] <string[]> [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Force] [-Include <string[]>] [-UseTransaction] [<CommonParameters>]

DESCRIPTION
The Get-Item cmdlet gets the item at the specified location. It does not get the contents of the item at the location unless you use a wildcard character (*) to request all the contents of the item.

The Get-Item cmdlet is used by Windows PowerShell providers to enable you to navigate through different types of data stores.

PARAMETERS
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

Type a user-name, such as “User01” or “Domain01\User01”, or enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password.

This parameter is not supported by any providers installed with Windows PowerShell.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Exclude <string[]>
Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

The Exclude parameter is effective only when the command includes the contents of an item, such as C:\Windows\*, where the wildcard character specifies the contents of the C:\Windows directory.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Force [<SwitchParameter>]
Allows the cmdlet to get items that cannot otherwise be accessed, such as hidden items. Implementation varies from provider to provider. For more information, see about_providers. Even using the Force parameter, the cmdlet cannot override security restrictions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Include <string[]>
Retrieves only the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as “*.txt”. Wildcards are permitted.

The Include parameter is effective only when the command includes the contents of an item, such as C:\Windows\*, where the wildcard character specifies the contents of the C:\Windows directory.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-LiteralPath <string[]>
Specifies a path to the item. Unlike Path, the value of LiteralPath is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Path <string[]>
Specifies the path to an item. Get-Item gets the item at the specified location. Wildcards are permitted. This parameter is required, but the parameter name (“Path”) is optional.

Use a dot (.) to specify the current location. Use the wildcard character (*) to specify all the items in the current location.

-UseTransaction [<SwitchParameter>]
Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_transactions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
System.String
You can pipe a string that contains a path to Get-Item.

OUTPUTS
Object
Get-Item returns the objects that it gets. The type is determined by the type of objects in the path.

NOTES

You can also refer to Get-Item by its built-in Alias, “gi”. For more information, see about_aliases.

Get-Item does not have a Recurse parameter, because it gets only an item, not its contents. To get the contents of an item recursively, use Get-ChildItem.

To navigate through the Registry, use Get-Item to get Registry keys and Get-ItemProperty to get Registry values and data. The Registry values are considered to be properties of the Registry key.

The Get-Item cmdlet is designed to work with the data exposed by any provider. To list the providers available in your session, type “Get-PSProvider“. For more information, see about_providers.

————————– EXAMPLE 1 ————————–

C:\PS>Get-Item .

Directory: C:\

    Mode                LastWriteTime     Length Name
    —-                ————-     —— —-
    d—-         7/26/2006 10:01 AM            ps-test

    Description
    ———–
    This command gets the current directory. The dot (.) represents the item at the current location (not its contents).

————————– EXAMPLE 2 ————————–

C:\PS>Get-Item *

Directory: C:\ps-test

    Mode                LastWriteTime     Length Name
    —-                ————-     —— —-
    d—-         7/26/2006 9:29 AM            Logs
    d—-         7/26/2006 9:26 AM            Recs
    -a—         7/26/2006 9:28 AM         80 date.csv
    -a—         7/26/2006 10:01 AM         30 filenoext
    -a—         7/26/2006 9:30 AM     11472 process.doc
    -a—         7/14/2006 10:47 AM         30 test.txt

    Description
    ———–
    This command gets all the items in the current directory. The wildcard character (*) represents all the contents of the current item.

————————– EXAMPLE 3 ————————–

C:\PS>Get-Item C:\

    Description
    ———–
    This command gets the current directory of the C: drive. The object that is retrieved represents only the directory, not its contents.

————————– EXAMPLE 4 ————————–

C:\PS>Get-Item C:\*

    Description
    ———–
    This command gets the items in the C: drive. The wildcard character (*) represents all the items in the container, not just the container.

In Windows PowerShell, use a single asterisk (*) to get contents, instead of the traditional “*.*”. The format is interpreted literally, so “*.*” would not retrieve directories or file names without a dot.

————————– EXAMPLE 5 ————————–

C:\PS>(Get-Item C:\Windows).LastAccessTime

    Description
    ———–
    This command gets the LastAccessTime property of the C:\Windows directory. LastAccessTime is just one property of file system directories. To see all of the properties of a directory, type “(Get-Item <directory-name>) | Get-Member“.

————————– EXAMPLE 6 ————————–

C:\PS>Get-Item hklm:\software\microsoft\powershell\1\shellids\microsoft.powershell\*

    Description
    ———–
    This command shows the contents of the Microsoft.PowerShell Registry key. You can use Get-Item with the Windows PowerShell Registry provider to get Registry keys and subkeys, but you must use Get-ItemProperty to get the Registry values and data.

————————– EXAMPLE 7 ————————–

C:\PS>Get-Item c:\Windows\* -Include *.* -Exclude w*

    Description
    ———–
    This command gets items in the Windows directory with names that include a dot (.), but do not begin with w*. This command works only when the path includes a wildcard character (*) to specify the contents of the item.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113319
    about_providers
    Clear-Item
    Copy-Item
    Invoke-Item
    Move-Item
    Set-Item
    New-Item
    Remove-Item
    Rename-Item

cmdlet, Get, ItemProperty

Get-ItemProperty

February 26, 2014 Adam

NAME
Get-ItemProperty

SYNOPSIS
Gets the properties of a specified item.

SYNTAX
Get-ItemProperty [-LiteralPath] <string[]> [[-Name] <string[]>] [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Include <string[]>] [-UseTransaction] [<CommonParameters>]

Get-ItemProperty [-Path] <string[]> [[-Name] <string[]>] [-Credential <PSCredential>] [-Exclude <string[]>] [-Filter <string>] [-Include <string[]>] [-UseTransaction] [<CommonParameters>]

DESCRIPTION
The Get-ItemProperty cmdlet gets the properties of the specified items. For example, you can use Get-ItemProperty to get the value of the LastAccessTime property of a file object. You can also use Get-ItemProperty to view Registry entries and their values.

PARAMETERS
-Credential <PSCredential>
Specifies a user account that has permission to perform this action. The default is the current user.

This parameter is not supported by any providers installed with Windows PowerShell.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Exclude <string[]>
Omits the specified items. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Filter <string>
Specifies a filter in the provider’s format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters are more efficient than other parameters, because the provider applies them when retrieving the objects rather than having Windows PowerShell filter the objects after they are retrieved.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Include <string[]>
Includes the specified items.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

-Name <string[]>
Specifies the name of the property or properties to retrieve.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

-Path <string[]>
Specifies the path to the item or items.

-UseTransaction [<SwitchParameter>]
Includes the command in the active transaction. This parameter is valid only when a transaction is in progress. For more information, see about_transactions.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

INPUTS
System.String
You can pipe a string that contains a path to Get-ItemProperty.

OUTPUTS
Object
Get-ItemProperty returns an object for each item property that it gets. The object type depends on the object that is retrieved.

NOTES

The Get-ItemProperty cmdlet is designed to work with the data exposed by any provider. To list the providers available in your session, type “Get-PSProvider“. For more information, see about_providers.

————————– EXAMPLE 1 ————————–

C:\PS>Get-Itemproperty C:\Windows

    Description
    ———–
    This command gets information about the C:\Windows directory.

————————– EXAMPLE 2 ————————–

C:\PS>Get-Itemproperty C:\Test\Weather.xls | Format-List

    Description
    ———–
    This command gets the properties of the C:\Test\Weather.xls file. The result is piped to the Format-List cmdlet to display the output as a list.

————————– EXAMPLE 3 ————————–

C:\PS>Get-Itemproperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion

    Description
    ———–
    This command displays the value name and data of each of the Registry entries contained in the CurrentVersion Registry subkey. Note that the command requires that there is a Windows PowerShell drive named HKLM: that is mapped to the HKEY_LOCAL_MACHINE hive of the Registry. A drive with that name and mapping is available in Windows PowerShell by default. Alternatively, the path to this Registry subkey can be specified by using the following alternative path that begins with the provider name followed by two colons:
    Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.

————————– EXAMPLE 4 ————————–

C:\PS>Get-Itemproperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion `
-Name “ProgramFilesDir”

    Description
    ———–
    This command gets the value name and data of the ProgramFilesDir Registry entry in the CurrentVersion Registry subkey. The command uses the Path parameter to specify the subkey and the Name parameter to specify the value name of the entry.

————————– EXAMPLE 5 ————————–

C:\PS>Get-Itemproperty -Path HKLM:\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine

    ApplicationBase         : C:\Windows\system32\WindowsPowerShell\v1.0\
    ConsoleHostAssemblyName : Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad
                             364e35, ProcessorArchitecture=msil
    PowerShellVersion     : 2.0
    RuntimeVersion         : v2.0.50727
    CTPVersion             : 5
    PSCompatibleVersion     : 1.0,2.0

    Description
    ———–
    This command gets the value names and data of the Registry entries in the PowerShellEngine Registry key. The results are shown in the following sample output.

————————– EXAMPLE 6 ————————–

C:\PS>Get-Itemproperty -Path HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

    Path                                                        ExecutionPolicy
    —-                                                        —————
    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe RemoteSigned

C:\PS>Get-Itemproperty -Path HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell | Format-List -property *

    PSPath         : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\ShellIds\Micro
                     soft.PowerShell
    PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\ShellIds
    PSChildName     : Microsoft.PowerShell
    PSDrive         : HKLM
    PSProvider     : Microsoft.PowerShell.Core\Registry
    Path            : C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    ExecutionPolicy : RemoteSigned

    Description
    ———–
    This example shows how to format the output of a Get-ItemProperty command in a list to make it easy to see the Registry values and data and to make it easy to interpret the results.

The first command uses the Get-ItemProperty cmdlet to get the Registry entries in the Microsoft.PowerShell subkey. This subkey stores options for the default shell for Windows PowerShell. The results are shown in the following sample output.

The output shows that there are two Registry entries, Path and ExecutionPolicy. When a Registry key contains fewer than five entries, by default it is displayed in a table, but it is often easier to view in a list.

The second command uses the same Get-ItemProperty command. However, this time, the command uses a pipeline operator (|) to send the results of the command to the Format-List cmdlet. The Format-List command uses the Property parameter with a value of * (all) to display all of the properties of the objects in a list. The results are shown in the following sample output.

The resulting display shows the Path and ExecutionPolicy Registry entries, along with several less familiar properties of the Registry key object. The other properties, prefixed with “PS”, are properties of Windows PowerShell custom objects, such as the objects that represent the Registry keys.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113320
    about_providers
    Set-ItemProperty
    Clear-ItemProperty
    Copy-ItemProperty
    Move-ItemProperty
    New-ItemProperty
    Remove-ItemProperty
    Rename-ItemProperty