Tag Archives: WarningAction

Get-WinEvent

NAME
    Get-WinEvent

SYNOPSIS
    Gets events from event logs and event tracing log files on local and remote computers.

SYNTAX
    Get-WinEvent [-LogName] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [-FilterXPath <string>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

    Get-WinEvent [-Path] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [-FilterXPath <string>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

    Get-WinEvent [-ProviderName] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [-FilterXPath <string>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

    Get-WinEvent -FilterHashTable <Hashtable[]> [-ComputerName <string>] [-Credential <PSCredential>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

    Get-WinEvent [-ListLog] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [<CommonParameters>]

    Get-WinEvent [-ListProvider] <string[]> [-ComputerName <string>] [-Credential <PSCredential>] [<CommonParameters>]

    Get-WinEvent -FilterXml <XmlDocument> [-ComputerName <string>] [-Credential <PSCredential>] [-Force <switch>] [-MaxEvents <int64>] [-Oldest] [<CommonParameters>]

DESCRIPTION
    The Get-WinEvent cmdlet gets events from event logs, including classic logs, such as the System and Application logs, and the event logs that are generated by the new Windows Event Log technology introduced in Windows Vista. It also gets events in log files generated by Event Tracing for Windows (ETW).

    Without parameters, a Get-WinEvent command gets all the events from all the event logs on the computer. To interrupt the command, press CTRL + C.

    Get-WinEvent also lists event logs and event log providers. You can get events from selected logs or from logs generated by selected event providers. And, you can combine events from multiple sources in a single command. Get-WinEvent allows you to filter events by using XPath queries, structured XML queries, and simplified hash-table queries.

    Note: Get-WinEvent requires Windows Vista, Windows Server 2008 R2, or later versions of Windows. And, it requires the Microsoft .NET Framework 3.5 or a later version.

PARAMETERS
    -ComputerName <string>
        Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.

        This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.

        To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.

        This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Credential <PSCredential>
        Specifies a user account that has permission to perform this action. The default value is the current user.

        Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.

        Required?                    false
        Position?                    named
        Default value                Current user
        Accept pipeline input?     false
        Accept wildcard characters? false

    -FilterHashTable <Hashtable[]>
        Uses a query in hash table format to select events from one or more event logs. The query contains a hash table with one or more key-value pairs.

        Hash table queries have the following rules:
        — Keys and values are case-insensitive.
        — Wildcard characters are valid only in the values associated with the LogName and ProviderName keys.
        — Each key can be listed only once in each hash-table.
        — The Path value takes paths to .etl, .evt, and .evtx log files.
        — The LogName, Path, and ProviderName keys can be used in the same query.
        — The UserID key can take a valid security identifier (SID) or a domain account name that can be used to construct a valid System.Security.Principal.NTAccount object.
        — The Data value takes event data in an unnamed field. This is for events in classic event logs.
        — The * key represents a named event data field.
        When Get-WinEvent cannot interpret a key-value pair, it interprets the key as a case-sensitive name for the event data in the event.

        The valid key-value pairs are as follows:
        — LogName=<String[]>
        — ProviderName=<String[]>
        — Path=<String[]>
        — Keywords=<Long[]>
        — ID=<Int32[]>
        — Level=<Int32[]>
        — StartTime=<DateTime>
        — EndTime=<DataTime>
        — UserID=<SID>
        — Data=<String[]>
        — *=<String[]>

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    -FilterXml <XmlDocument>
        Uses a structured XML query to select events from one or more event logs.

        To generate a valid XML query, use the Create Custom View and Filter Current Log features in Event Viewer. Use the items in the dialog box to create a query, and then click the XML tab to view the query in XML format. You can copy the XML from the XML tab into the value of the FilterXml parameter. For more information about the Event Viewer features, see Event Viewer Help.

        Typically, you use an XML query to create a complex query that contains several XPath statements. The XML format also allows you to use a “Suppress” XML element that excludes events from the query. For more information about the XML schema for event log queries, see the following topics in the MSDN (Microsoft Developer Network) library.

        — “Query Schema”: http://go.microsoft.com/fwlink/?LinkId=143685

        — “XML Event Queries” in “Event Selection”: http://go.microsoft.com/fwlink/?LinkID=143608

        Required?                    true
        Position?                    named
        Default value                None
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    -FilterXPath <string>
        Uses an XPath query to select events from one or more logs.

        For more information about the XPath language, see “Selection Filters” in “Event Selection” and in the “XPath Reference” in the MSDN library.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Force <switch>
        Gets debug and analytic logs, in addition to other event logs. The Force parameter is required to get a debug or analytic log when the value of the name parameter includes wildcard characters.

        By default, Get-WinEvent excludes these logs unless you specify the full name of a debug or analytic log.

        Required?                    false
        Position?                    named
        Default value                Debugging and analytic logs are not returned in response to queries that use wildcard characters.
        Accept pipeline input?     false
        Accept wildcard characters? false

    -ListLog <string[]>
        Gets the specified event logs. Enter the event log names in a comma-separated list. Wildcards are permitted. To get all the logs, enter a value of *.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? true

    -ListProvider <string[]>
        Gets the specified event log providers. An event log provider is a program or service that writes events to the event log.

        Enter the provider names in a comma-separated list. Wildcards are permitted. To get the providers of all the event logs on the computer, enter a value of *.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? true

    -LogName <string[]>
        Gets events from the specified event logs. Enter the event log names in a comma-separated list. Wildcards are permitted. You can also pipe log names to Get-WinEvent.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? true

    -MaxEvents <int64>
        Specifies the maximum number of events that Get-WinEvent returns. Enter an integer. The default is to return all the events in the logs or files.

        Required?                    false
        Position?                    named
        Default value                All events
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Oldest [<SwitchParameter>]
        Returns the events in oldest-first order. By default, events are returned in newest-first order.

        This parameter is required to get events from .etl and .evt files and from debug and analytic logs. In these files, events are recorded in oldest-first order, and the events can be returned only in oldest-first order.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Path <string[]>
        Gets events from the specified event log files. Enter the paths to the log files in a comma-separated list, or use wildcard characters to create file path patterns.

        Get-WinEvent supports files with the .evt, .evtx, and .etl file name extensions. You can include events from different files and file types in the same command.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? true

    -ProviderName <string[]>
        Gets events written by the specified event log providers. Enter the provider names in a comma-separated list, or use wildcard characters to create provider name patterns.

        An event log provider is a program or service that writes events to the event log. It is not a Windows PowerShell provider.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? true

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.String, System.Xml.XmlDocument, System.Collections.Hashtable.
        You can pipe a LogName (string), a FilterXML query, or a FilterHashTable query to Get-WinEvent.

OUTPUTS
    System.Diagnostics.Eventing.Reader.EventLogConfiguration, System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader.ProviderMetadata
        With the ListLog parameter, Get-WinEvent returns System.Diagnostics.Eventing.Reader.EventLogConfiguration objects. With the ListProvider parameter, Get-WinEvent returns
        System.Diagnostics.Eventing.Reader.ProviderMetadata objects. With all other parameters, Get-WinEvent returns System.Diagnostics.Eventing.Reader.EventLogRecord objects.

NOTES

        Get-WinEvent is designed to replace the Get-EventLog cmdlet on computers running Windows Vista and later versions of Windows. Get-EventLog gets events only in classic event logs. Get-EventLog is retained in Windows PowerShell 2.0 for systems earlier than Windows Vista.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-WinEvent -listlog *

    Description
    ———–
    This command gets all the logs on the local computer.

    Logs are listed in the order that Get-WinEvent gets them. Classic logs are usually retrieved first, followed by the new Windows Eventing logs.

    Because there are typically more than a hundred event logs, this parameter requires a log name or name pattern. To get all the logs, use *.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-WinEvent -listlog Setup | Format-List -property *

        FileSize                     : 69632
        IsLogFull                     : False
        LastAccessTime                 : 2/14/2008 12:55:12 AM
        LastWriteTime                 : 7/9/2008 3:12:05 AM
        OldestRecordNumber             : 1
        RecordCount                    : 3
        LogName                        : Setup
        LogType                        : Operational
        LogIsolation                 : Application
        IsEnabled                     : True
        IsClassicLog                 : False
        SecurityDescriptor             : O:BAG:SYD:(A;;0xf0007;;;SY)(A;
                                         (A;;0x1;;;S-1-5-32-573)
        LogFilePath                    : %SystemRoot%\System32\Winevt\L
        MaximumSizeInBytes             : 1052672
        LogMode                        : Circular
        OwningProviderName             : Microsoft-Windows-Eventlog
        ProviderNames                 : {Microsoft-Windows-WUSA, Micro
        ProviderLevel                 :
        ProviderKeywords             :
        ProviderBufferSize             : 64
        ProviderMinimumNumberOfBuffers : 0
        ProviderMaximumNumberOfBuffers : 64
        ProviderLatency                : 1000
        ProviderControlGuid            :

    Description
    ———–
    These commands get an object that represents the classic System log on the local computer. The object includes useful information about the log, including its size, event log provider, file path, and whether it is enabled.

    ————————– EXAMPLE 3 ————————–

    C:\PS>Get-WinEvent -listlog * -ComputerName Server01| where {$_.recordcount}

    Description
    ———–
    This command gets only event logs on the Server01 computer that contain events. Many logs might be empty.

    The command uses the RecordCount property of the EventLogConfiguration object that Get-WinEvent returns when you use the ListLog parameter.

    ————————– EXAMPLE 4 ————————–

    C:\PS>$s = “Server01”, “Server02”, “Server03”

    C:\PS> foreach ($server in $s)
         {$server; Get-WinEvent -listlog “Windows PowerShell” -ComputerName $server}

    Description
    ———–
    The commands in this example get objects that represent the Windows PowerShell event logs on the Server01, Server02, and Server03 computers. This command uses the Foreach keyword because the ComputerName parameter takes only one value.

    The first command saves the names of the computers in the $s Variable.

    The second command uses a Foreach statement. For each of the computers in the $s Variable, it performs the command in the script block (within the braces). First, the command prints the name of the computer. Then, it runs a Get-WinEvent command to get an object that represents the Windows PowerShell log.

    ————————– EXAMPLE 5 ————————–

    C:\PS>Get-WinEvent -listprovider *

    Description
    ———–
    This command gets the event log providers on the local computer and the logs to which they write, if any.

    ————————– EXAMPLE 6 ————————–

    C:\PS>(Get-WinEvent -listlog Application).providernames

    Description
    ———–
    This command gets all of the providers that write to the Application log on the local computer.

    ————————– EXAMPLE 7 ————————–

    C:\PS>>Get-WinEvent -listprovider *policy*

    Description
    ———–
    This command gets the event log providers whose names include the word “policy.”

    ————————– EXAMPLE 8 ————————–

    C:\PS>(Get-WinEvent -listprovider microsoft-windows-grouppolicy).events | Format-Table id, description -auto

    Description
    ———–
    This command lists the event IDs that the Microsoft-Windows-GroupPolicy event provider generates along with the event description.

    It uses the Events property of the object that Get-WinEvent returns when you use the ListProvider parameter, and it uses the ID and Description properties of the object in the Events property.

    ————————– EXAMPLE 9 ————————–

    C:\PS>$events = Get-WinEvent -LogName “Windows PowerShell”

    C:\PS> $events.count
    195

    C:\PS> $events | Group-Object id -noelement | Sort-Object count -desc
    Count Name
    —– —-
     147 600
     22 400
     21 601
        3 403
        2 103

     C:\PS> $events | Group-Object leveldisplayname -noelement
    Count Name
    —– —-
        2 Warning
     193 Information

    Description
    ———–
    This example shows how to use the properties of the event objects that Get-WinEvent returns to learn about the events in an event log.

    The first command uses the Get-WinEvent cmdlet to get all of the events in the Windows PowerShell event log. Then, it saves them in the $events Variable. The log name is enclosed in quotation marks because it contains a space.

    The second command uses the Count property of object collections to find the number of entries in the event log.

    The third command displays the incidence of each event in the log, with the most frequent events first. In this example, event ID 600 is the most frequent event.

    The fourth command groups the items by the value of their LevelDisplayName property to show how many Error, Warning, and Information events are in the log.

    ————————– EXAMPLE 10 ————————–

    C:\PS>Get-WinEvent -LogName *disk*, Microsoft-Windows-Kernel-WHEA

    Description
    ———–
    This command gets the error events whose names include “disk” from all of the event logs on the computer and from the Microsoft-Windows-Kernel-WHEA event log.

    ————————– EXAMPLE 11 ————————–

    C:\PS>Get-WinEvent -path ‘c:\ps-test\Windows PowerShell.evtx’

    Description
    ———–
    This command gets events from a copy of the Windows PowerShell event log file in a test directory. The path is enclosed in quotation marks because the log name includes a space.

    ————————– EXAMPLE 12 ————————–

    C:\PS>Get-WinEvent -path ‘c:\tracing\tracelog.etl’ -MaxEvents 100 -Oldest

    C:\PS> Get-WinEvent -path ‘c:\tracing\tracelog.etl’ -Oldest | Sort-Object -property timecreated -desc | Select-Object -first 100

    Description
    ———–
    These commands get the first 100 events from an Event Tracing for Windows (ETW) event trace log file.

    The first command gets the 100 oldest events in the log. It uses the Get-WinEvent cmdlet to get events from the Tracelog.etl file. It uses the MaxEvents parameter to limit the retrieval to 100 events. Because the events are listed in the order in which they are written to the log (oldest first), the Oldest parameter is required.

    The second command gets the 100 newest events in the log. It uses the Get-WinEvent cmdlet to get all the events from the Tracing.etl file. It passes
    the events to the Sort-Object cmdlet, which sorts them in descending order by the value of the TimeCreated property. Then, it sends the sorted events to the Select-Object cmdlet to select the newest 100 events.

    ————————– EXAMPLE 13 ————————–

    C:\PS>Get-WinEvent -path “c:\tracing\tracelog.etl”, “c:\Logs\Windows PowerShell.evtx” -Oldest | where {$_.id -eq “103”}

    Description
    ———–
    This example shows how to get the events from an event trace log file (.etl) and from a copy of the Windows PowerShell log file (.evtx) that was saved to a test directory.

    You can combine multiple file types in a single command. Because the files contain the same type of .NET Framework object (an EventLogRecord object), you can use the same properties to filter them.

    Note that the command requires the Oldest parameter because it is reading from an .etl file, but the Oldest parameter applies to both of the files.

    ————————– EXAMPLE 14 ————————–

    C:\PS># Use the Where-Object cmdlet
    C:\PS> $yesterday = (Get-Date) – (New-TimeSpan -day 1)
    C:\PS> Get-WinEvent -LogName “Windows PowerShell” | where {$_.timecreated -ge $yesterday}

    # Uses FilterHashTable
    C:\PS> $yesterday = (Get-Date) – (New-TimeSpan -day 1)
    C:\PS> Get-WinEvent -FilterHashTable @{LogName=’Windows PowerShell’; Level=3; StartTime=$yesterday}

    # Use FilterXML
    C:\PS> Get-WinEvent -FilterXML “<QueryList><Query><Select Path=’Windows PowerShell’>*[System[Level=3 and TimeCreated[timediff(@SystemTime) <= 86400000]]]</Select></Query></QueryList>”

    # Use FilterXPath
    C:\PS> Get-WinEvent -LogName “Windows Powershell” -FilterXPath “*[System[Level=3 and TimeCreated[timediff(@SystemTime) <= 86400000]]]”

    Description
    ———–
    This example shows different filtering methods for selecting events from an event log. All of these commands get events that occurred in the last 24 hours from the Windows PowerShell event log.

    The filter methods are more efficient than using the Where-Object cmdlet because the filters are applied while the objects are being retrieved, rather than retrieving all the objects and then filtering them.

    Because dates are difficult to formulate in the XML and XPath formats, to create the XML content for the date, the Filter Current Log feature of Event Viewer is used. For more information about this feature, see Event Viewer Help.

    ————————– EXAMPLE 15 ————————–

    C:\PS>$date = (Get-Date).AddDays(-2)

    C:\PS> $events = Get-WinEvent -FilterHashTable @{ logname = “Microsoft-Windows-Diagnostics-Performance/Operational”; StartTime = $date; ID = 100 }

    Description
    ———–
    This example uses a filter hash table to get events from the performance log.

    The first command uses the Get-Date cmdlet and the AddDays method to get a date that is two days before the current date. It saves the date in the $date Variable.

    The second command uses the Get-WinEvent cmdlet with the FilterHashTable parameter. The keys in the hash table define a filter that selects events from the performance log that occurred within the last two days and that have event ID 100.

    The LogName key specifies the event log, the StartTime key specifies the date, and the ID key specifies the event ID.

    ————————– EXAMPLE 16 ————————–

    C:\PS>$starttime = (Get-Date).adddays(-7)

    C:\PS> $ie-error = Get-WinEvent -FilterHashtable @{logname=”application”; providername=”Application Error”; data=”iexplore.exe”; starttime=$starttime}

    Description
    ———–
    This example uses a filter hash table to find Internet Explorer application errors that occurred within the last week.

    The first command gets the date that is seven days before the current date and stores it in the $starttime Variable.

    The second command uses the Get-WinEvent cmdlet with the FilterHashTable parameter. The keys in the hash table define a filter that selects events from the Application log that were written by the Application Error provider and include the phrase “iexplore.exe”.

    The LogName key specifies the event log. The ProviderName key specifies the event provider, the StartTime key specifies the starting date of the events, and the Data key specifies the text in the event message.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=138336
    Get-EventLog
    Get-Counter
    about_eventlogs

Get-WmiObject

NAME
    Get-WmiObject

SYNOPSIS
    Gets instances of Windows Management Instrumentation (WMI) classes or information about the available classes.

SYNTAX
    Get-WmiObject [-Authority <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

    Get-WmiObject [[-Class] <string>] [-Authority <string>] [-List] [-Recurse] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

    Get-WmiObject [-Authority <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

    Get-WmiObject [-Class] <string> [[-Property] <string[]>] [-Authority <string>] [-DirectRead] [-Filter <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

    Get-WmiObject -Query <string> [-Authority <string>] [-DirectRead] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]

DESCRIPTION
    The Get-WmiObject cmdlet gets instances of WMI classes or information about the available WMI classes. The ComputerName parameter can always be used to specify a remote computer. If the List parameter is specified, the cmdlet gets information about the WMI classes that are available in a specified namespace. If the Query parameter is specified, the cmdlet runs a WMI query language (WQL) statement.

    The Get-WmiObject cmdlet does not use the Windows PowerShell remoting infrastructure to perform remote operations. You can use the ComputerName parameter of the Get-WmiObject cmdlet even if your computer does not meet the requirements for Windows PowerShell remoting and even if your computer is not configured for remoting in Windows PowerShell.

PARAMETERS
    -Amended [<SwitchParameter>]
        Gets or sets a value that indicates whether the objects that are returned from WMI should contain amended information. Typically, amended information is localizable information, such as object and property descriptions, that is attached to the WMI object..

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -AsJob [<SwitchParameter>]
        Runs the command as a background job. Use this parameter to run commands that take a long time to finish.

        When you use the AsJob parameter, the command returns an object that represents the background job and then displays the command prompt. You can continue to work in the session while the job finishes. If Get-WmiObject is used against a remote computer, the job is created on the local computer, and the results from remote computers are automatically returned to the local computer. To manage the job, use the cmdlets that contain the Job noun (the Job cmdlets). To get the job results, use the Receive-Job cmdlet.

        Note: To use this parameter with remote computers, the local and remote computers must be configured for remoting. Additionally, you must start Windows PowerShell by using the “Run as administrator” option in Windows Vista and later versions of Windows,. For more information, see about_remote_requirements.

        For more information about Windows PowerShell background jobs, see about_jobs and about_remote_Jobs.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Authentication <AuthenticationLevel>
        Specifies the authentication level to be used with the WMI connection. Valid values are:

        -1: Unchanged
        0: Default
        1: None (No authentication in performed.)
        2: Connect (Authentication is performed only when the client establishes a relationship with the application.)
        3: Call (Authentication is performed only at the beginning of each call when the application receives the request.)
        4: Packet (Authentication is performed on all the data that is received from the client.)
        5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.)
        6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.)

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Authority <string>
        Specifies the authority to use to authenticate the WMI connection. You can specify standard NTLM or Kerberos authentication. To use NTLM, set the authority setting to ntlmdomain:<DomainName>, where <DomainName> identifies a valid NTLM domain name. To use Kerberos, specify kerberos:<DomainName>\<ServerName>”. You cannot include the authority setting when you connect to the local computer.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Class <string>
        Specifies the name of a WMI class. When this parameter is used, the cmdlet retrieves instances of the WMI class.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -ComputerName <string[]>
        Specifies the computer against which you want to run the management operation. The value can be a fully qualified domain name, a NetBIOS name, or an IP address. Use the local computer name, use localhost, or use a dot (.) to specify the local computer. The local computer is the default. When the remote computer is in a different domain from the user, you must use a fully qualified domain name. This parameter can also be piped to the cmdlet.

        This parameter does not rely on Windows PowerShell remoting, which uses WS-Management ). You can use the ComputerName parameter of Get-WmiObject even if your computer is not configured to run WS-Management remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Credential <PSCredential>
        Specifies a user account that has permission to perform this action. The default is the current user. Type a user name, such as “User01”, “Domain01\User01”, or User@Contoso.com. Or, enter a PSCredential object, such as an object that is returned by the Get-Credential cmdlet. When you type a user name, you will be prompted for a password.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -DirectRead [<SwitchParameter>]
        Specifies whether direct access to the WMI provider is requested for the specified class without any regard to its base class or to its derived classes.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -EnableAllPrivileges [<SwitchParameter>]
        Enables all the privileges of the current user before the command makes the WMI call.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Filter <string>
        Specifies a Where clause to use as a filter. Uses the syntax of the WMI Query Language (WQL).

        Important: Do not include the Where keyword in the value of the parameter. For example, the following commands return only the logical disks that where the DeviceID equals ‘c:’ and the services where the name equals ‘WinRM’, without using the Where keyword:

        Get-WmiObject Win32_LogicalDisk -Filter “DeviceID = ‘c:’ ”
        Get-WmiObject win32_service -Filter “name=’WinRM'”

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Impersonation <ImpersonationLevel>
        Specifies the impersonation level to use. Valid values are:

        0: Default (reads the local Registry for the default impersonation level , which is usually set to “3: Impersonate”.)
        1: Anonymous (Hides the credentials of the caller.)
        2: Identify (Allows objects to query the credentials of the caller.)
        3: Impersonate (Allows objects to use the credentials of the caller.)
        4: Delegate (Allows objects to permit other objects to use the credentials of the caller.)

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -List [<SwitchParameter>]
        Specifies whether to retrieve and display the names of the WMI classes in the WMI repository namespace that is specified in the Namespace parameter. The Default Namespace Registry entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting Registry key is not used by this cmdlet to determine the default namespace. If you specify the List parameter but not the Namespace parameter, the root\CIMV2 namespace is used by default.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Locale <string>
        Specifies the preferred locale for WMI objects. Specify the value of the Locale parameter as an array in the MS_<LCID> format in the preferred order .

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Namespace <string>
        When used with the Class parameter, this parameter specifies the WMI repository namespace where the referenced WMI class is located. When used with the List parameter, it specifies the namespace from which to gather WMI class information.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Property <string[]>
        Specifies the WMI class property or set of properties to retrieve.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Query <string>
        Specifies a WMI Query Language (WQL) statement to run. Event queries are not supported by this parameter.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Recurse [<SwitchParameter>]
        Makes the command search the current namespace and all other namespaces for the class name that is specified in the Class parameter.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -ThrottleLimit <int>
        Allows the user to specify a throttling value for the number of WMI operations that can be executed simultaneously. This parameter is used together with the AsJob parameter.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    None
        You cannot pipe input to Get-WmiObject.

OUTPUTS
    PSObject or System.Management.Automation.RemotingJob
        When you use the AsJob parameter, the cmdlet returns a job object. Otherwise, the object that Get-WmiObject returns depends on the value of the Class parameter.

NOTES

        To access WMI information on a remote computer, the cmdlet must run under an account that is a member of the local administrators group on the remote computer. Alternatively, the default access control on the WMI namespace of the remote repository can be changed to give other account access rights.

        By default, only some of the properties of a WMI class are displayed. The set of properties that will be displayed for each WMI class is specified in the Types.ps1xml configuration file. One of the examples included in this Help topic demonstrates how to override this behavior by using the Format-List cmdlet.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-WmiObject win32_process

    __GENUS                    : 2
    __CLASS                    : Win32_Process
    __SUPERCLASS             : CIM_Process
    __DYNASTY                 : CIM_ManagedSystemElement
    __RELPATH                 : Win32_Process.Handle=”0″
    __PROPERTY_COUNT         : 45
    __DERIVATION             : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER                 : SYSTEM01
    __NAMESPACE                : root\cimv2
    __PATH                     : \\SYSTEM01\root\cimv2:Win32_Process.Handle=”0″
    Caption                    : System Idle Process
    CommandLine                :
    CreationClassName         : Win32_Process
    CreationDate             :
    CSCreationClassName        : Win32_ComputerSystem
    CSName                     : SYSTEM01
    Description                : System Idle Process
    ExecutablePath             :
    ExecutionState             :
    Handle                     : 0
    HandleCount                : 0
    InstallDate                :
    KernelModeTime             : 6138394740432
    MaximumWorkingSetSize     :
    MinimumWorkingSetSize     :
    Name                     : System Idle Process
    OSCreationClassName        : Win32_OperatingSystem
    OSName                     : Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition3
    OtherOperationCount        : 0
    OtherTransferCount         : 0
    PageFaults                 : 0
    PageFileUsage             : 0
    ParentProcessId            : 0
    PeakPageFileUsage         : 0
    PeakVirtualSize            : 0
    PeakWorkingSetSize         : 0
    Priority                 : 0
    PrivatePageCount         : 0
    ProcessId                 : 0
    QuotaNonPagedPoolUsage     : 0
    QuotaPagedPoolUsage        : 0
    QuotaPeakNonPagedPoolUsage : 0
    QuotaPeakPagedPoolUsage    : 0
    ReadOperationCount         : 0
    ReadTransferCount         : 0
    SessionId                 : 0
    Status                     :
    TerminationDate            :
    ThreadCount                : 2
    UserModeTime             : 0
    VirtualSize                : 0
    WindowsVersion             : 6.0.6001
    WorkingSetSize             : 24576
    WriteOperationCount        : 0
    WriteTransferCount         : 0
    ProcessName                : System Idle Process
    Handles                    : 0
    VM                         : 0
    WS                         : 24576
    Path                     :

    …

    Description
    ———–
    This command displays information about all the processes that are running on a computer.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-WmiObject win32_service -ComputerName 127.0.0.1

    __GENUS                    : 2
    __CLASS                    : Win32_Process
    __SUPERCLASS             : CIM_Process
    __DYNASTY                 : CIM_ManagedSystemElement
    __RELPATH                 : Win32_Process.Handle=”0″
    __PROPERTY_COUNT         : 45
    __DERIVATION             : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER                 : SYSTEM02
    __NAMESPACE                : root\cimv2
    __PATH                     : \\SYSTEM02\root\cimv2:Win32_Process.Handle=”0″
    Caption                    : System Idle Process
    CommandLine                :
    CreationClassName         : Win32_Process
    CreationDate             :
    CSCreationClassName        : Win32_ComputerSystem
    CSName                     : SYSTEM02
    Description                : System Idle Process
    ExecutablePath             :
    ExecutionState             :
    Handle                     : 0
    HandleCount                : 0
    InstallDate                :
    KernelModeTime             : 6138394740432
    MaximumWorkingSetSize     :
    MinimumWorkingSetSize     :
    Name                     : System Idle Process
    OSCreationClassName        : Win32_OperatingSystem
    OSName                     : Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition3
    OtherOperationCount        : 0
    OtherTransferCount         : 0
    PageFaults                 : 0
    PageFileUsage             : 0
    ParentProcessId            : 0
    PeakPageFileUsage         : 0
    PeakVirtualSize            : 0
    PeakWorkingSetSize         : 0
    Priority                 : 0
    PrivatePageCount         : 0
    ProcessId                 : 0
    QuotaNonPagedPoolUsage     : 0
    QuotaPagedPoolUsage        : 0
    QuotaPeakNonPagedPoolUsage : 0
    QuotaPeakPagedPoolUsage    : 0
    ReadOperationCount         : 0
    ReadTransferCount         : 0
    SessionId                 : 0
    Status                     :
    TerminationDate            :
    ThreadCount                : 2
    UserModeTime             : 0
    VirtualSize                : 0
    WindowsVersion             : 6.0.6001
    WorkingSetSize             : 24576
    WriteOperationCount        : 0
    WriteTransferCount         : 0
    ProcessName                : System Idle Process
    Handles                    : 0
    VM                         : 0
    WS                         : 24576
    Path                     :

    …

    Description
    ———–
    This command displays information about the services on the remote computer. It displays the information by specifying the Internet Protocol (IP) address 127.0.0.1. You can change this IP address to any other valid IP address on your network so that you can display information about the services on that remote computer. By default, the account you are running under must be a member of the local administrators group on the remote computer that you specify .

    ————————– EXAMPLE 3 ————————–

    C:\PS>Get-WmiObject -Namespace “root/default” -list

     NameSpace: ROOT\default

    Name                                Methods             Properties
    —-                                ——-             ———-
    __NotifyStatus                     {}                 {StatusCode}
    __ExtendedStatus                    {}                 {Description, Operation, ParameterInfo, ProviderName…}
    __SecurityRelatedClass             {}                 {}
    __Trustee                         {}                 {Domain, Name, SID, SidLength…}
    __NTLMUser9X                        {}                 {Authority, Flags, Mask, Name…}
    __ACE                             {}                 {AccessMask, AceFlags, AceType, GuidInheritedObjectType…}
    __SecurityDescriptor                {}                 {ControlFlags, DACL, Group, Owner…}
    __PARAMETERS                        {}                 {}
    __SystemClass                     {}                 {}
    __ProviderRegistration             {}                 {provider}
    __EventProviderRegistration         {}                 {EventQueryList, provider}
    __ObjectProviderRegistration        {}                 {InteractionType, provider, QuerySupportLevels, SupportsBat…
    __ClassProviderRegistration         {}                 {CacheRefreshInterval, InteractionType, PerUserSchema, prov…
    __InstanceProviderRegistration     {}                 {InteractionType, provider, QuerySupportLevels, SupportsBat…
    __MethodProviderRegistration        {}                 {provider}
    __PropertyProviderRegistration     {}                 {provider, SupportsGet, SupportsPut}
    __EventConsumerProviderRegistration {}                 {ConsumerClassNames, provider}
    __thisNAMESPACE                     {}                 {SECURITY_DESCRIPTOR}
    __NAMESPACE                         {}                 {Name}
    __IndicationRelated                 {}                 {}
    __FilterToConsumerBinding         {}                 {Consumer, CreatorSID, DeliverSynchronously, DeliveryQoS…}
    __EventConsumer                     {}                 {CreatorSID, MachineName, MaximumQueueSize}
    LogFileEventConsumer                {}                 {CreatorSID, Filename, IsUnicode, MachineName…}
    ActiveScriptEventConsumer         {}                 {CreatorSID, KillTimeout, MachineName, MaximumQueueSize…}
    NTEventLogEventConsumer             {}                 {Category, CreatorSID, EventID, EventType…}
    SMTPEventConsumer                 {}                 {BccLine, CcLine, CreatorSID, FromLine…}
    CommandLineEventConsumer            {}                 {CommandLineTemplate, CreateNewConsole, CreateNewProcessGro…
    __AggregateEvent                    {}                 {NumberOfEvents, Representative}
    __TimerNextFiring                 {}                 {NextEvent64BitTime, TimerId}
    __EventFilter                     {}                 {CreatorSID, EventAccess, EventNamespace, Name…}
    __Event                             {}                 {SECURITY_DESCRIPTOR, TIME_CREATED}
    __NamespaceOperationEvent         {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __NamespaceModificationEvent        {}                 {PreviousNamespace, SECURITY_DESCRIPTOR, TargetNamespace, T…
    __NamespaceDeletionEvent            {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __NamespaceCreationEvent            {}                 {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED}
    __ClassOperationEvent             {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __ClassDeletionEvent                {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __ClassModificationEvent            {}                 {PreviousClass, SECURITY_DESCRIPTOR, TargetClass, TIME_CREA…
    __ClassCreationEvent                {}                 {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED}
    __InstanceOperationEvent            {}                 {SECURITY_DESCRIPTOR, TargetInstance, TIME_CREATED}
    __InstanceCreationEvent             {}                 {SECURITY_DESCRIPTOR, TargetInstance, TIME_CREATED}

    …

    Description
    ———–
    This command displays the WMI classes in the root or default namespace of the local computer.

    ————————– EXAMPLE 4 ————————–

    C:\PS>Get-WmiObject -query “select * from win32_service where name=’WinRM'” -ComputerName server01, server02

    ExitCode : 0
    Name     : WinRM
    ProcessId : 1708
    StartMode : Auto
    State     : Running
    Status    : OK

    ExitCode : 0
    Name     : WinRM
    ProcessId : 948
    StartMode : Auto
    State     : Running
    Status    : OK

    Description
    ———–
    This command displays information about the WinRM service on the computers that are specified in the ComputerName parameter.

    ————————– EXAMPLE 5 ————————–

    C:\PS>(Get-WmiObject win32_service -Filter “name=’WinRM'” -ComputerName server01).StopService()

    __GENUS         : 2
    __CLASS         : __PARAMETERS
    __SUPERCLASS     :
    __DYNASTY        : __PARAMETERS
    __RELPATH        :
    __PROPERTY_COUNT : 1
    __DERIVATION     : {}
    __SERVER         :
    __NAMESPACE     :
    __PATH         :
    ReturnValue     : 0

    Another query using Get-WmiObject -query “select * from win32_service where name=’WinRM'” -ComputerName server01, shows the service as stopped.

    ExitCode : 0
    Name     : WinRM
    ProcessId : 0
    StartMode : Auto
    State     : Stopped
    Status    : OK

    Description
    ———–
    This command stops the WinRM service on the Server01 remote computer. The command uses the standard Get-WmiObject command and adds a call to the StopService method of the Win32_Service WMI class.

    ————————– EXAMPLE 6 ————————–

    C:\PS>Get-WmiObject win32_bios | Format-List *

    Status                : OK
    Name                 : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    Caption             : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    SMBIOSPresent         : True
    __GENUS             : 2
    __CLASS             : Win32_BIOS
    __SUPERCLASS         : CIM_BIOSElement
    __DYNASTY             : CIM_ManagedSystemElement
    __RELPATH             : Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementID=”Phoenix ROM BIOS
                             PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSystem=0,Version=”DELL – 14”
    __PROPERTY_COUNT     : 27
    __DERIVATION         : {CIM_BIOSElement, CIM_SoftwareElement, CIM_LogicalElement, CIM_ManagedSystemElement}
    __SERVER             : SERVER01
    __NAMESPACE         : root\cimv2
    __PATH                : \\SERVER01\root\cimv2:Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,Software
                            ElementID=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSys
                            tem=0,Version=”DELL – 14”
    BiosCharacteristics : {7, 9, 10, 11…}
    BIOSVersion         : {DELL – 14, Phoenix ROM BIOS PLUS Version 1.10 2.3.1 , Phoenix ROM BIOS PLUS Version 1.10 2.3
                            .1 , Phoenix ROM BIOS PLUS Version 1.10 2.3.1 }
    BuildNumber         :
    CodeSet             :
    CurrentLanguage     : en|US|iso8859-1
    Description         : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    IdentificationCode    :
    InstallableLanguages : 1
    InstallDate         :
    LanguageEdition     :
    ListOfLanguages     : {en|US|iso8859-1}
    Manufacturer         : Dell Inc.
    OtherTargetOS         :
    PrimaryBIOS         : True
    ReleaseDate         : 20070521000000.000000+000
    SerialNumber         : 8PWRVD1
    SMBIOSBIOSVersion     : 2.3.1
    SMBIOSMajorVersion    : 2
    SMBIOSMinorVersion    : 3
    SoftwareElementID     : Phoenix ROM BIOS PLUS Version 1.10 2.3.1
    SoftwareElementState : 3
    TargetOperatingSystem : 0
    Version             : DELL – 14
    Scope                 : System.Management.ManagementScope
    Path                 : \\SERVER01\root\cimv2:Win32_BIOS.Name=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,Software
                            ElementID=”Phoenix ROM BIOS PLUS Version 1.10 2.3.1 “,SoftwareElementState=3,TargetOperatingSys
                            tem=0,Version=”DELL – 14”
    Options             : System.Management.ObjectGetOptions
    ClassPath             : \\SERVER01\root\cimv2:Win32_BIOS
    Properties            : {BiosCharacteristics, BIOSVersion, BuildNumber, Caption…}
    SystemProperties     : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY…}
    Qualifiers            : {dynamic, Locale, provider, UUID}
    Site                 :
    Container             :

    Description
    ———–
    This command displays BIOS information. It displays all the properties of the WMI class, not just the properties that are specified in the Types.ps1xml configuration file.

    ————————– EXAMPLE 7 ————————–

    C:\PS>Get-WmiObject win32_service -Credential FABRIKAM\administrator -computer fabrikam

    ExitCode : 0
    Name     : AeLookupSvc
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 1077
    Name     : ALG
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 1077
    Name     : AppIDSvc
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    ExitCode : 0
    Name     : Appinfo
    ProcessId : 888
    StartMode : Manual
    State     : Running
    Status    : OK

    ExitCode : 1077
    Name     : AppMgmt
    ProcessId : 0
    StartMode : Manual
    State     : Stopped
    Status    : OK

    …

    Description
    ———–
    This command displays service information on a computer named Fabrikam. It specifies a user account name by using the Credential parameter, which causes a dialog box to be displayed in which you enter the corresponding password.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113337
    Invoke-WmiMethod
    Remove-WmiObject
    Set-WmiInstance
    Get-WSManInstance
    Invoke-WSManAction
    New-WSManInstance
    Remove-WSManInstance

Get-Variable

NAME
    Get-Variable

SYNOPSIS
    Gets the Variables in the current console.

SYNTAX
    Get-Variable [[-Name] <string[]>] [-Exclude <string[]>] [-Include <string[]>] [-Scope <string>] [-ValueOnly] [<CommonParameters>]

DESCRIPTION
    The Get-Variable cmdlet gets the Windows PowerShell Variables in the current console. You can retrieve just the values of the Variables by specifying the ValueOnly parameter, and you can filter the Variables returned by name.

PARAMETERS
    -Exclude <string[]>
        Omits the specified items. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Include <string[]>
        Specifies only the items upon which the cmdlet will act, excluding all others. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Name <string[]>
        Specifies the name of the Variable.

        Required?                    false
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue, ByPropertyName)
        Accept wildcard characters? false

    -Scope <string>
        Gets only the Variables in the specified scope. Valid values are “Global”, “Local”, or “Script”, or a number relative to the current scope (0 through the number of scopes, where 0 is the current scope and 1 is its parent). “Local” is the default. For more information, see about_scopes.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -ValueOnly [<SwitchParameter>]
        Gets only the value of the Variable.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.String
        You can pipe a string that contains the Variable name to Get-Variable.

OUTPUTS
    Variable object
        Get-Variable returns a System.Management.Automation Variable object for each Variable that it gets. The object type depends on the Variable.

NOTES

        This cmdlet does not manage Environment Variables. To manage Environment Variables, you can use the Environment Variable provider.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-Variable m*

    Description
    ———–
    This command displays Variables with names that begin with the letter “m”. The value of the Variables is also displayed.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-Variable m* -ValueOnly

    Description
    ———–
    This command displays only the values of the Variables with names that begin with the letter “m”.

    ————————– EXAMPLE 3 ————————–

    C:\PS>Get-Variable -Include M*,P* | Sort-Object name

    Description
    ———–
    This command gets information about the Variables that begin with either the letter “M” or the letter “P”. The results are piped to the Sort-Object cmdlet, sorted by name, and displayed.

    ————————– EXAMPLE 4 ————————–

    C:\PS>Get-Variable -Scope 0

    C:\PS> Compare-Object (Get-Variable -Scope 0) (Get-Variable -Scope 1)

    Description
    ———–
    The first command gets only the Variables that are defined in the local scope. It is equivalent to “Get-Variable -Scope local” and can be abbreviated as “gv -s 0”.

    The second command uses the Compare-Object cmdlet to find the Variables that are defined in the parent scope (Scope 1) but are visible only in the local scope (Scope 0).

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113336
    Set-Variable
    New-Variable
    Clear-Variable
    Remove-Variable

Get-UICulture

NAME
    Get-UICulture

SYNOPSIS
    Gets the current user interface (UI) culture settings in the operating system.

SYNTAX
    Get-UICulture [<CommonParameters>]

DESCRIPTION
    The Get-UICulture cmdlet gets information about the current UI culture settings for Windows. The UI culture determines which text strings are used for user interface elements, such as menus and messages.

    You can also use the Get-Culture cmdlet, which gets the current culture on the system. The culture determines the display format of items such as numbers, currency, and dates.

PARAMETERS
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    None
        You cannot pipe input to this cmdlet.

OUTPUTS
    System.Globalization.CultureInfo
        Get-UICulture returns an object that represents the current UI culture.

NOTES

        You can also use the $PsCulture and $PsUICulture Variables. The $PsCulture Variable stores the name of the current culture, and the $PsUICulture Variable stores the name of the current UI culture.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-UICulture

    Description
    ———–
    This command gets the current UI culture information.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-UICulture | Format-List *

    Description
    ———–
    This command displays the values of all of the properties of the current UI culture in a list.

    ————————– EXAMPLE 3 ————————–

    C:\PS>(Get-UICulture).calendar

    Description
    ———–
    This command displays the current values for the Calendar property of the current UI culture. Calendar is just one property of UI culture. To see all of the properties, type “Get-UICulture | Get-Member“.

    ————————– EXAMPLE 4 ————————–

    C:\PS>(Get-UICulture).datetimeformat.shortdatepattern

    Description
    ———–
    This command displays the short date pattern for the current UI culture. To see all of the subproperties of the DateTimeFormat property of the UI culture, type “(Get-UICulture).datetimeformat | gm”.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113334

Get-Unique

NAME
    Get-Unique

SYNOPSIS
    Returns the unique items from a sorted list.

SYNTAX
    Get-Unique [-AsString] [-InputObject <psobject>] [<CommonParameters>]

    Get-Unique [-OnType] [-InputObject <psobject>] [<CommonParameters>]

DESCRIPTION
    The Get-Unique cmdlet compares each item in a sorted list to the next item, eliminates duplicates, and returns only one instance of each item. The list must be sorted for the cmdlet to work properly.

PARAMETERS
    -AsString [<SwitchParameter>]
        Treats the data as a string. Without this parameter, data is treated as an object, so when you submit a collection of objects of the same type to Get-Unique, such as a collection of files, it returns just one (the first). You can use this parameter to find the unique values of object properties, such as the file names.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -InputObject <psobject>
        Accepts input for Get-Unique. Enter a Variable that contains the objects or type a command or expression that gets the objects.

        Get-Unique treats the input submitted by using InputObject as a collection; it does not enumerate individual items in the collection. Because the collection is a single item, input submitted by using InputObject is always returned unchanged.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    -OnType [<SwitchParameter>]
        Returns only one object of each type.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.Management.Automation.PSObject
        You can pipe any type of object to Get-Unique.

OUTPUTS
    System.Management.Automation.PSObject
        The type of object that Get-Unique returns is determined by the input.

NOTES

        You can also refer to Get-Unique by its built-in Alias, “gu”. For more information, see about_aliases.

        To sort a list, use Sort-Object. You can also use the Unique parameter of Sort-Object to find the unique items in a list.

    ————————– EXAMPLE 1 ————————–

    C:\PS>$a = $(foreach ($line in Get-Content C:\Test1\File1.txt) {$line.tolower().split(” “)}) | sort | Get-Unique

    C:\PS> $a.count

    Description
    ———–
    These commands find the number of unique words in a text file.

    The first command gets the content of the File.txt file. It converts each line of text to lowercase letters and then splits each word onto a separate line at the space (” “). Then, it sorts the resulting list alphabetically (the default) and uses the Get-Unique cmdlet to eliminate any duplicate words. The results are stored in the $a Variable.

    The second command uses the Count property of the collection of strings in $a to determine how many items are in $a.

    ————————– EXAMPLE 2 ————————–

    C:\PS>1,1,1,1,12,23,4,5,4643,5,3,3,3,3,3,3,3 | Sort-Object | Get-Unique

    Description
    ———–
    This command finds the unique members of the set of integers. The first command takes an array of integers typed at the command line, pipes them to the Sort-Object cmdlet to be sorted, and then pipes them to Get-Unique, which eliminates duplicate entries.

    ————————– EXAMPLE 3 ————————–

    C:\PS>Get-ChildItem | Sort-Object {$_.GetType()} | unique -OnType

    Description
    ———–
    This command uses the Get-ChildItem cmdlet to retrieve the contents of the local directory, which includes files and directories. The pipeline operator (|) sends the results to the Sort-Object cmdlet. The “$_.GetType()” statement applies the GetType method to each file or directory. Then, Sort-Object sorts the items by type. Another pipeline operator sends the results to Get-Unique. The OnType parameter directs Get-Unique to return only one object of each type.

    ————————– EXAMPLE 4 ————————–

    C:\PS>Get-Process | Sort-Object | select processname | Get-Unique -AsString

    Description
    ———–
    This command gets the names of processes running on the computer with duplicates eliminated.

    The Get-Process command gets all of the processes on the computer. The pipeline operator (|) passes the result to Sort-Object, which, by default, sorts the processes alphabetically by ProcessName. The results are piped to the Select-Object cmdlet, which selects only the values of the ProcessName property of each object. The results are then piped to Get-Unique to eliminate duplicates.

    The AsString parameter tells Get-Unique to treat the ProcessName values as strings. Without this parameter, Get-Unique treats the ProcessName values as objects and returns only one instance of the object, that is, the first process name in the list.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113335
    Select-Object
    Sort-Object

Get-Random

NAME
    Get-Random

SYNOPSIS
    Gets a random number, or selects objects randomly from a collection.

SYNTAX
    Get-Random [-InputObject] <Object[]> [-Count <int>] [-SetSeed <int>] [<CommonParameters>]

    Get-Random [[-Maximum] <Object>] [-Minimum <Object>] [-SetSeed <int>] [<CommonParameters>]

DESCRIPTION
    The Get-Random cmdlet gets a randomly selected number. If you submit a collection of objects to Get-Random, it gets one or more randomly selected objects from the collection.

    Without parameters or input, a Get-Random command returns a randomly selected 32-bit unsigned integer between 0 (zero) and Int32.MaxValue (0x7FFFFFFF, 2,147,483,647).

    You can use the parameters of Get-Random to specify a seed number, minimum and maximum values, and the number of objects returned from a submitted collection.

PARAMETERS
    -Count <int>
        Determines how many objects are returned. The default is 1. If the value of Count exceeds the number of objects in the collection, Get-Random returns all of the objects in random order.

        Required?                    false
        Position?                    named
        Default value                1
        Accept pipeline input?     false
        Accept wildcard characters? false

    -InputObject <Object[]>
        Specifies a collection of objects. Get-Random gets randomly selected objects in random order from the collection. Enter the objects, a Variable that contains the objects, or a command or expression that gets the objects. You can also pipe a collection of objects to Get-Random.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    -Maximum <Object>
        Specifies a maximum value for the random number. Get-Random returns a value that is less than the maximum (not equal). Enter a 32-bit integer or a double-precision floating-point number, or an object that can be converted to an integer or double, such as a numeric string (“100”). The value of Maximum must be greater than (not equal to) the value of Minimum.

        If the value of Maximum or Minimum is a floating-point number, Get-Random returns a randomly selected floating-point number.

        If the value of Minimum is a double (a floating-point number), the default value of Maximum is Double.MaxValue. Otherwise, the default value is Int32.MaxValue (2,147,483,647 or 0x7FFFFFFF).

        Required?                    false
        Position?                    1
        Default value                Int32.MaxValue
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Minimum <Object>
        Specifies a minimum value for the random number. Enter a 32-bit integer or a double-precision floating-point number, or an object that can be converted to an integer or double, such as a numeric string (“100”). The default value is 0 (zero).

        The value of Minimum must be less than (not equal to) the value of Maximum. If the value of Maximum or Minimum is a floating-point number, Get-Random returns a randomly selected floating-point number.

        Required?                    false
        Position?                    named
        Default value                0
        Accept pipeline input?     false
        Accept wildcard characters? false

    -SetSeed <int>
        Specifies a seed value for the random number generator. This seed value is used for the current command and for all subsequent Get-Random commands in the current session until you use SetSeed again or close the session. You cannot reset the seed to its default, clock-based value.

        The SetSeed parameter is not required. By default, Get-Random uses the system clock to generate a seed value. Because SetSeed results in non-random behavior, it is typically used only when trying to reproduce behavior, such as when debugging or analyzing a script that includes Get-Random commands.

        Required?                    false
        Position?                    named
        Default value                System clock
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.Object
        You can pipe one or more objects to Get-Random. Get-Random selects values randomly from the piped objects.

OUTPUTS
    System.Object
        Get-Random returns an integer or floating-point number, or an object selected randomly from a submitted collection.

NOTES

        Get-Random sets a default seed for each session based on the system time clock when the session starts.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-Random

    3951433

    Description
    ———–
    This command gets a random integer between 0 (zero) and Int32.MaxValue.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-Random -Maximum 100

    47

    Description
    ———–
    This command gets a random integer between 0 (zero) and 99.

    ————————– EXAMPLE 3 ————————–

    C:\PS>Get-Random -Minimum -100 -Maximum 100

    -56

    Description
    ———–
    This command gets a random integer between -100 and 99.

    ————————– EXAMPLE 4 ————————–

    C:\PS>Get-Random -min 10.7 -max 20.93

    18.08467273887

    Description
    ———–
    This command gets a random floating-point number greater than or equal to 10.7 and less than 20.92.

    ————————– EXAMPLE 5 ————————–

    C:\PS>Get-Random -input 1, 2, 3, 5, 8, 13

    8

    Description
    ———–
    This command gets a randomly selected number from the specified array.

    ————————– EXAMPLE 6 ————————–

    C:\PS>Get-Random -input 1, 2, 3, 5, 8, 13 -count 3

    3
    1
    13

    Description
    ———–
    This command gets three randomly selected numbers in random order from the array.

    ————————– EXAMPLE 7 ————————–

    C:\PS>Get-Random -input 1, 2, 3, 5, 8, 13 -count ([int]::MaxValue)

    2
    3
    5
    1
    8
    13

    Description
    ———–
    This command returns the entire collection in random order. The value of the Count parameter is the MaxValue static property of integers.

    To return an entire collection in random order, enter any number that is greater than or equal to the number of objects in the collection.

    ————————– EXAMPLE 8 ————————–

    C:\PS>Get-Random -input “red”, “yellow”, “blue”

    yellow

    Description
    ———–
    This command returns a random value from a non-numeric collection.

    ————————– EXAMPLE 9 ————————–

    C:\PS>Get-Process | Get-Random

    Handles NPM(K)    PM(K)     WS(K) VM(M) CPU(s)     Id ProcessName
    ——- ——    —–     —– —– ——     — ———–
        144     4     2080        488    36     0.48 3164 wmiprvse

    Description
    ———–
    This command gets a randomly selected process from the collection of processes on the computer.

    ————————– EXAMPLE 10 ————————–

    C:\PS>Get-Content servers.txt | Get-Random -count (Get-Content servers.txt).count | foreach {Invoke-Expression -computer $_ -command ‘Get-Process powershell’}

    Description
    ———–
    This command runs a command on a series of remote computers in random order.

    ————————– EXAMPLE 11 ————————–

    C:\PS>Get-Random -max 100 -SetSeed 23

    # Commands with the default seed are pseudorandom
    PS C:\ps-test> Get-Random -max 100
    59
    PS C:\ps-test> Get-Random -max 100
    65
    PS C:\ps-test> Get-Random -max 100
    21

    # Commands with the same seed are not random
    PS C:\ps-test> Get-Random -max 100 -SetSeed 23
    74
    PS C:\ps-test> Get-Random -max 100 -SetSeed 23
    74
    PS C:\ps-test> Get-Random -max 100 -SetSeed 23
    74

    # SetSeed results in a repeatable series
    PS C:\ps-test> Get-Random -max 100 -SetSeed 23
    74
    PS C:\ps-test> Get-Random -max 100
    56
    PS C:\ps-test> Get-Random -max 100
    84
    PS C:\ps-test> Get-Random -max 100
    46
    PS C:\ps-test> Get-Random -max 100 -SetSeed 23
    74
    PS C:\ps-test> Get-Random -max 100
    56
    PS C:\ps-test> Get-Random -max 100
    84
    PS C:\ps-test> Get-Random -max 100
    46

    Description
    ———–
    This example shows the effect of using the SetSeed parameter. Because SetSeed produces non-random behavior, it is typically used only to reproduce results, such as when debugging or analyzing a script.

    ————————– EXAMPLE 12 ————————–

    C:\PS>$files = dir -path c:\* -recurse

    C:\PS> $sample = $files | Get-Random -count 50

    Description
    ———–
    These commands get a randomly selected sample of 50 files from the C: drive of the local computer.

    ————————– EXAMPLE 13 ————————–

    C:\PS>Get-Random 10001

    7600

    Description
    ———–
    This command gets a random integer less than 10001. Because the Maximum parameter has position 1, you can omit the parameter name when the value is the first or only unnamed parameter in the command.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113446

Get-Service

NAME
    Get-Service

SYNOPSIS
    Gets the services on a local or remote computer.

SYNTAX
    Get-Service [[-Name] <string[]>] [-ComputerName <string[]>] [-DependentServices] [-Exclude <string[]>] [-Include <string[]>] [-RequiredServices] [<CommonParameters>]

    Get-Service -DisplayName <string[]> [-ComputerName <string[]>] [-DependentServices] [-Exclude <string[]>] [-Include <string[]>] [-RequiredServices] [<CommonParameters>]

    Get-Service [-InputObject <ServiceController[]>] [-ComputerName <string[]>] [-DependentServices] [-Exclude <string[]>] [-Include <string[]>] [-RequiredServices] [<CommonParameters>]

DESCRIPTION
    The Get-Service cmdlet gets objects that represent the services on a local computer or on a remote computer, including running and stopped services.

    You can direct Get-Service to get only particular services by specifying the service name or display name of the services, or you can pipe service objects to Get-Service.

PARAMETERS
    -ComputerName <string[]>
        Gets the services running on the specified computers. The default is the local computer.

        Type the NetBIOS name, an IP address, or a fully qualified domain name of a remote computer. To specify the local computer, type the computer name, a dot (.), or “localhost”.

        This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Service even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value                Localhost
        Accept pipeline input?     true (ByPropertyName)
        Accept wildcard characters? false

    -DependentServices [<SwitchParameter>]
        Gets only the services that depend upon the specified service.

        By default, Get-Service gets all services.

        Required?                    false
        Position?                    named
        Default value                False
        Accept pipeline input?     false
        Accept wildcard characters? false

    -DisplayName <string[]>
        Specifies the display names of services to be retrieved. Wildcards are permitted. By default, Get-Service gets all services on the computer.

        Required?                    true
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Exclude <string[]>
        Omits the specified services. The value of this parameter qualifies the Name parameter. Enter a name element or pattern, such as “s*”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Include <string[]>
        Retrieves only the specified services. The value of this parameter qualifies the Name parameter. Enter a name element or pattern, such as “s*”. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -InputObject <ServiceController[]>
        Specifies ServiceController objects representing the services to be retrieved. Enter a Variable that contains the objects, or type a command or expression that gets the objects. You can also pipe a service object to Get-Service.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    -Name <string[]>
        Specifies the service names of services to be retrieved. Wildcards are permitted. By default, Get-Service gets all of the services on the computer.

        Required?                    false
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue, ByPropertyName)
        Accept wildcard characters? true

    -RequiredServices [<SwitchParameter>]
        Gets only the services that this service requires.

        This parameter gets the value of the ServicesDependedOn property of the service. By default, Get-Service gets all services.

        Required?                    false
        Position?                    named
        Default value                False
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.ServiceProcess.ServiceController, System.String
        You can pipe a service object or a service name to Get-Service.

OUTPUTS
    System.ServiceProcess.ServiceController
        Get-Service returns objects that represent the services on the computer.

NOTES

        You can also refer to Get-Service by its built-in Alias, “gsv”. For more information, see about_aliases.

        Get-Service can display services only when the current user has permission to see them. If Get-Service does not display services, you might not have permission to see them.

        To find the service name and display name of each service on your system, type “Get-Service“. The service names appear in the Name column, and the display names appear in the DisplayName column.

        When you sort in ascending order by status value, “Stopped” services appear before “Running” services. The Status property of a service is an enumerated value in which the names of the statuses represent integer values. The sort is based on the integer value, not the name. “Running” appears before “Stopped” because “Stopped” has a value of “1”, and “Running” has a value of “4”.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-Service

    Description
    ———–
    This command retrieves all of the services on the system. It behaves as though you typed “Get-Service *”. The default display shows the status, service name, and display name of each service.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-Service wmi*

    Description
    ———–
    This command retrieves services with service names that begin with “WMI” (the acronym for Windows Management Instrumentation).

    ————————– EXAMPLE 3 ————————–

    C:\PS>Get-Service -displayname *network*

    Description
    ———–
    This command displays services with a display name that includes the word
    “network”. Searching the display name finds network-related services even when the service name does not include “Net”, such as xmlprov, the Network Provisioning Service.

    ————————– EXAMPLE 4 ————————–

    C:\PS>Get-Service -Name win* -Exclude winrm

    Description
    ———–
    These commands get only the services with service names that begin with “win”, except for the WinRM service.

    ————————– EXAMPLE 5 ————————–

    C:\PS>Get-Service | Where-Object {$_.Status -eq “Running”}

    Description
    ———–
    This command displays only the services that are currently running. It uses the Get-Service cmdlet to get all of the services on the computer. The pipeline operator (|) passes the results to the Where-Object cmdlet, which selects only the services with a Status property that equals “Running”.

    Status is only one property of service objects. To see all of the properties, type “Get-Service | Get-Member“.

    ————————– EXAMPLE 6 ————————–

    C:\PS>Get-Service -ComputerName Server02

    Description
    ———–
    This command gets the services on the Server02 remote computer.

    Because the ComputerName parameter of Get-Service does not use Windows PowerShell remoting, you can use this parameter even if the computer is not configured for remoting in Windows PowerShell.

    ————————– EXAMPLE 7 ————————–

    C:\PS>Get-Service | Where-Object {$_.DependentServices} | Format-List -property Name, DependentServices, @{Label=”NoOfDependentS
    ervices”; Expression={$_.dependentservices.count}}

    Name                 : AudioEndpointBuilder
    DependentServices     : {AudioSrv}
    NoOfDependentServices : 1

    Name                 : Dhcp
    DependentServices     : {WinHttpAutoProxySvc}
    NoOfDependentServices : 1
    …

    Description
    ———–
    These commands list the services on the computer that have dependent services.

    The first command uses the Get-Service cmdlet to get the services on the computer. A pipeline operator (|) sends the services to the Where-Object cmdlet, which selects the services whose DependentServices property is not null.

    Another pipeline operator sends the results to the Format-List cmdlet. The command uses its Property parameter to display the name of the service, the name of the dependent services, and a calculated property that displays the number of dependent services that each service has.

    ————————– EXAMPLE 8 ————————–

    C:\PS>C:\PS> Get-Service s* | Sort-Object status

    Status Name             DisplayName
    —— —-             ———–
    Stopped stisvc             Windows Image Acquisition (WIA)
    Stopped SwPrv             MS Software Shadow Copy Provider
    Stopped SysmonLog         Performance Logs and Alerts
    Running Spooler            Print Spooler
    Running srservice         System Restore Service
    Running SSDPSRV            SSDP Discovery Service
    Running ShellHWDetection Shell Hardware Detection
    Running Schedule         Task Scheduler
    Running SCardSvr         Smart Card
    Running SamSs             Security Accounts Manager
    Running SharedAccess     Windows Firewall/Internet Connectio…
    Running SENS             System Event Notification
    Running seclogon         Secondary Logon

    C:\PS> Get-Service s* | Sort-Object status -descending

    Status Name             DisplayName
    —— —-             ———–
    Running ShellHWDetection Shell Hardware Detection
    Running SharedAccess     Windows Firewall/Internet Connectio…
    Running Spooler            Print Spooler
    Running SSDPSRV            SSDP Discovery Service
    Running srservice         System Restore Service
    Running SCardSvr         Smart Card
    Running SamSs             Security Accounts Manager
    Running Schedule         Task Scheduler
    Running SENS             System Event Notification
    Running seclogon         Secondary Logon
    Stopped SysmonLog         Performance Logs and Alerts
    Stopped SwPrv             MS Software Shadow Copy Provider
    Stopped stisvc             Windows Image Acquisition (WIA)

    Description
    ———–
    This command shows that when you sort services in ascending order by the value of their Status property, stopped services appear before running services. This happens because the value of Status is an enumeration, in which “Stopped” has a value of “1”, and “Running” has a value of 4.

    To list running services first, use the Descending parameter of the Sort-Object cmdlet.

    ————————– EXAMPLE 9 ————————–

    C:\PS>Get-Service -Name winrm -ComputerName localhost, Server01, Server02 | Format-Table -property MachineName, Status, Name, DisplayName -auto

    MachineName    Status Name DisplayName
    ———— —— —- ———–
    localhost     Running WinRM Windows Remote Management (WS-Management)
    Server01     Running WinRM Windows Remote Management (WS-Management)
    Server02     Running WinRM Windows Remote Management (WS-Management)

    Description
    ———–
    This command uses the Get-Service cmdlet to run a “Get-Service Winrm” command on two remote computers and the local computer (“localhost”).

    The Get-Service command runs on the remote computers, and the results are returned to the local computer. A pipeline operator (|) sends the results to the Format-Table cmdlet, which formats the services as a table. The Format-Table command uses the Property parameter to specify the properties displayed in the table, including the MachineName property.

    ————————– EXAMPLE 10 ————————–

    C:\PS>Get-Service winrm -RequiredServices

    Description
    ———–
    This command gets the services that the WinRM service requires.

    The command returns the value of the ServicesDependedOn property of the service.

    ————————– EXAMPLE 11 ————————–

    C:\PS>”winrm” | Get-Service

    Description
    ———–
    This command gets the WinRM service on the local computer. This example shows that you can pipe a service name string (enclosed in quotation marks) to Get-Service.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113332
    Start-Service
    Stop-Service
    Restart-Service
    Resume-Service
    Suspend-Service
    Set-Service
    New-Service

Get-TraceSource

NAME
    Get-TraceSource

SYNOPSIS
    Gets the Windows PowerShell components that are instrumented for tracing.

SYNTAX
    Get-TraceSource [[-Name] <string[]>] [<CommonParameters>]

DESCRIPTION
    The Get-TraceSource cmdlet gets the trace sources for Windows PowerShell components that are currently in use. You can use the data to determine which Windows PowerShell components you can trace. When tracing, the component generates detailed messages about each step in its internal processing. Developers use the trace data to monitor data flow, program execution, and errors. The tracing cmdlets were designed for Windows PowerShell developers, but they are available to all users.

PARAMETERS
    -Name <string[]>
        Gets only the specified trace sources. Wildcards are permitted. The parameter name (“Name”) is optional.

        Required?                    false
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue, ByPropertyName)
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.String
        You can pipe a string that contains the name of a trace source to Get-TraceSource.

OUTPUTS
    System.Management.Automation.PSTraceSource
        Get-TraceSource returns objects that represent the trace sources.

NOTES

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-TraceSource *provider*

    Description
    ———–
    This command gets all of the trace sources that have names that include “provider”.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-TraceSource

    Description
    ———–
    This command gets all of the Windows PowerShell components that can be traced.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113333
    Set-TraceSource
    Trace-Command

Get-Transaction

NAME
    Get-Transaction

SYNOPSIS
    Gets the current (active) transaction.

SYNTAX
    Get-Transaction [<CommonParameters>]

DESCRIPTION
    The Get-Transaction cmdlet gets an object that represents the current transaction in the session.

    This cmdlet never returns more than one object, because only one transaction is active at a time. If you start one or more independent transactions (by using the Independent parameter of Start-Transaction), the most recently started transaction is active, and that is the transaction that Get-Transaction returns.

    When all active transactions have either been rolled back or committed, Get-Transaction shows the transaction that was most recently active in the session.

    The Get-Transaction cmdlet is one of a set of cmdlets that support the transactions feature in Windows PowerShell. For more information, see about_transactions.

PARAMETERS
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    None
        You cannot pipe objects to this cmdlet.

OUTPUTS
    System.Management.Automation.PSTransaction
        Get-Transaction returns an object that represents the current transaction.

NOTES

    ————————– EXAMPLE 1 ————————–

    C:\PS>Start-Transaction

    C:\PS> Get-Transaction

    RollbackPreference SubscriberCount Status
    —————— ————— ——
    Error                1                 Active

    Description
    ———–
    This command uses the Get-Transaction cmdlet to get the current transaction.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-Transaction | Get-Member

    Name             MemberType Definition
    —-             ———- ———-
    Dispose            Method     System.Void Dispose(), System.Void Dispose(Boolean disposing)
    Equals             Method     System.Boolean Equals(Object obj)
    GetHashCode        Method     System.Int32 GetHashCode()
    GetType            Method     System.Type GetType()
    ToString         Method     System.String ToString()
    IsCommitted        Property System.Boolean IsCommitted {get;}
    IsRolledBack     Property System.Boolean IsRolledBack {get;}
    RollbackPreference Property System.Management.Automation.RollbackSeverity RollbackPreference {get;}
    SubscriberCount    Property System.Int32 SubscriberCount {get;set;}

    Description
    ———–
    This command uses the Get-Member cmdlet to show the properties and methods of the transaction object.

    ————————– EXAMPLE 3 ————————–

    C:\PS>cd hklm:\software
    HKLM:\SOFTWARE> Start-Transaction
    HKLM:\SOFTWARE> New-Item MyCompany -UseTransaction
    HKLM:\SOFTWARE> Undo-Transaction
    HKLM:\SOFTWARE> Get-Transaction

    RollbackPreference SubscriberCount Status
    —————— ————— ———-
    Error                0                 RolledBack

    Description
    ———–
    This command shows the property values of a transaction object for a transaction that has been rolled back.

    ————————– EXAMPLE 4 ————————–

    C:\PS>cd hklm:\software
    HKLM:\SOFTWARE> Start-Transaction
    HKLM:\SOFTWARE> New-Item MyCompany -UseTransaction
    HKLM:\SOFTWARE> Complete-Transaction
    HKLM:\SOFTWARE> Get-Transaction

    RollbackPreference SubscriberCount Status
    —————— ————— ———
    Error                1                 Committed

    Description
    ———–
    This command shows the property values of a transaction object for a transaction that has been committed.

    ————————– EXAMPLE 5 ————————–

    C:\PS>cd hklm:\software
    HKLM:\SOFTWARE> Start-Transaction
    HKLM:\SOFTWARE> New-Item MyCompany -UseTransaction

    HKLM:\SOFTWARE> Start-Transaction
    HKLM:\SOFTWARE> New-Item MyCompany2 -UseTransaction

    HKLM:\SOFTWARE> Get-Transaction

    RollbackPreference SubscriberCount Status
    —————— ————— ——
    Error                2                 Active

    HKLM:\SOFTWARE> Complete-Transaction
    HKLM:\SOFTWARE> Get-Transaction

    RollbackPreference SubscriberCount Status
    —————— ————— ——
    Error                1                 Active

    HKLM:\SOFTWARE> Complete-Transaction
    HKLM:\SOFTWARE> Get-Transaction

    RollbackPreference SubscriberCount Status
    —————— ————— ———
    Error                1                 Committed

    Description
    ———–
    This example shows the effect on the transaction object of starting a transaction while another transaction is in progress. Typically, this happens when a script that runs a transaction includes a Function or calls a script that contains another complete transaction.

    Unless the second Start-Transaction command includes the Independent parameter, Start-Transaction does not create a new transaction. Instead, it adds a second subscriber to the original transaction.

    The first Start-Transaction command starts the transaction. A New-Item command with the UseTransaction parameter is part of the transaction.

    A second Start-Transaction command adds a subscriber to the transaction. The next New-Item command is also part of the transaction.

    The first Get-Transaction command shows the multi-subscriber transaction. Notice that the subscriber count is 2.

    The first Complete-Transaction command does not commit the transaction, but it reduces the subscriber count to 1.

    The second Complete-Transaction command commits the transaction.

    ————————– EXAMPLE 6 ————————–

    C:\PS>HKLM:\SOFTWARE> Start-Transaction

    HKLM:\SOFTWARE> Get-Transaction

    RollbackPreference SubscriberCount IsRolledBack IsCommitted
    —————— ————— ———— ———–
    Error                1                 False         False

    HKLM:\SOFTWARE> Start-Transaction -Independent
    HKLM:\SOFTWARE> Get-Transaction

    RollbackPreference SubscriberCount IsRolledBack IsCommitted
    —————— ————— ———— ———–
    Error                1                 False         False

    HKLM:\SOFTWARE> Complete-Transaction
    HKLM:\SOFTWARE> Get-Transaction

    HKLM:\SOFTWARE> Complete-Transaction
    HKLM:\SOFTWARE> Get-Transaction

    Description
    ———–
    This example shows the effect on the transaction object of starting an independent transaction while another transaction is in progress.

    The first Start-Transaction command starts the transaction. A New-Item command with the UseTransaction parameter is part of the transaction.

    A second Start-Transaction command adds a subscriber to the transaction. The next New-Item command is also part of the transaction.

    The first Get-Transaction command shows the multi-subscriber transaction. Note that the subscriber count is 2.

    The Complete-Transaction command reduces the subscriber count to 1, but it does not commit the transaction.

    The second Complete-Transaction command commits the transaction.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=135220
    about_transactions
    about_providers
    Start-Transaction
    Complete-Transaction
    Undo-Transaction
    Use-Transaction

Get-PSSessionConfiguration

NAME
    Get-PSSessionConfiguration

SYNOPSIS
    Gets the registered session configurations on the computer.

SYNTAX
    Get-PSSessionConfiguration [[-Name] <string[]>] [<CommonParameters>]

DESCRIPTION
    The Get-PSSessionConfiguration cmdlet gets the session configurations that have been registered on the local computer. This is an advanced cmdlet that is designed to be used by system administrators to manage customized session configurations for their users.

    To create and register a session configuration, use the Register-PSSessionConfiguration cmdlet.

PARAMETERS
    -Name <string[]>
        Gets only the session configurations with the specified name or name pattern. Enter one or more session configuration names. Wildcards are permitted.

        Required?                    false
        Position?                    1
        Default value                All session configurations on the local computer
        Accept pipeline input?     false
        Accept wildcard characters? true

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    None
        You cannot pipe input to this cmdlet.

OUTPUTS
    Microsoft.PowerShell.Commands.PSSessionConfigurationCommands#PSSessionConfiguration

NOTES

        To run this cmdlet on Windows Vista, Windows Server 2008, and later versions of Windows, you must open Windows PowerShell with the “Run as administrator” option.

        To view the session configurations on the computer, you must be a member of the Administrators group on the computer.

        To run a Get-PSSessionConfiguration command on a remote computer, Credential Security Service Provider (CredSSP) authentication must be enabled in the client settings on the local computer (by using the Enable-WSManCredSSP cmdlet) and in the service settings on the remote computer, and you must use the CredSSP value of the Authentication parameter when establishing the remote session. Otherwise, access is denied.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-PSSessionConfiguration

    Description
    ———–
    This command gets the session configurations on the computer.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-PSSessionConfiguration -Name Microsoft*

    Name                     PSVersion StartupScript        Permission
    —-                     ——— ————-        ———-
    microsoft.powershell     2.0                             BUILTIN\Administrators AccessAll…
    microsoft.powershell32    2.0                             BUILTIN\Administrators AccessAll…

    Description
    ———–
    This command uses the Name parameter of Get-PSSessionConfiguration to get only the session configurations with names that begin with “Microsoft”.

    This command gets the two default session configurations that come with Windows PowerShell.

    ————————– EXAMPLE 3 ————————–

    C:\PS>Get-PSSessionConfiguration -Name microsoft.powershell | Get-Member

     TypeName: Microsoft.PowerShell.Commands.PSSessionConfigurationCommands#PSSessionConfiguration

    Name                 MemberType     Definition
    —-                 ———-     ———-
    Equals                 Method         bool Equals(System.Object obj)
    GetHashCode            Method         int GetHashCode()
    GetType                Method         type GetType()
    ToString             Method         string ToString()
    Capability             NoteProperty System.Object[] Capability=System.Object[]
    ExactMatch             NoteProperty System.String ExactMatch=False
    Filename             NoteProperty System.String Filename=%windir%\system32\pwrshplugin.dll
    lang                 NoteProperty System.String lang=en-US
    Name                 NoteProperty System.String Name=microsoft.powershell
    PSVersion             NoteProperty System.String PSVersion=2.0
    ResourceUri            NoteProperty System.String ResourceUri=http://schemas.microsoft.com/powershell/microsoft.powershell
    SDKVersion             NoteProperty System.String SDKVersion=1
    SecurityDescriptorSddl NoteProperty System.String SecurityDescriptorSddl=O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    SupportsOptions        NoteProperty System.String SupportsOptions=true
    Uri                    NoteProperty System.String Uri=http://schemas.microsoft.com/powershell/microsoft.powershell
    xmlns                 NoteProperty System.String xmlns=http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration
    XmlRenderingType     NoteProperty System.String XmlRenderingType=text
    Permission             ScriptProperty System.Object Permission {get=trap { continue; }…

    C:\PS> Get-PSSessionConfiguration -Name microsoft.powershell | Format-List -property *

    Name                 : microsoft.powershell
    Filename             : %windir%\system32\pwrshplugin.dll
    SDKVersion             : 1
    XmlRenderingType     : text
    lang                 : en-US
    PSVersion             : 2.0
    ResourceUri            : http://schemas.microsoft.com/powershell/microsoft.powershell
    SupportsOptions        : true
    Capability             : {Shell}
    Uri                    : http://schemas.microsoft.com/powershell/microsoft.powershell
    SecurityDescriptorSddl : O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    ExactMatch             : False
    xmlns                 : http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration
    Permission             : BUILTIN\Administrators AccessAllowed

    Description
    ———–
    These commands examine the PSSessionConfiguration object that Get-PSSessionConfiguration returns.

    The first command uses the Get-PSSessionConfiguration cmdlet to get the Microsoft.PowerShell default configuration.

    The second command uses a pipeline operator (|) to send the object that Get-PSSessionConfiguration returns to the Get-Member cmdlet. The output shows the properties and methods of the object.

    The third command sends the same object to the Format-List cmdlet. The Property parameter with a value of * (all) directs Format-List to display all of the properties and property values of the object in a list.

    The output of this command has very useful information, including the location of the .dll that implements the configuration type, the resource Uniform Resource Identifier (URI) for the endpoint that is created, and the Security Descriptor Definition Language (SDDL) for the configuration.

    ————————– EXAMPLE 4 ————————–

    C:\PS>dir WSMan:\localhost\plugin

     WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Plugin

    Name                     Type                 Keys
    —-                     —-                 —-
    Event Forwarding Plugin Container            {Name=Event Forwarding Plugin}
    MaintenanceShell         Container            {Name=MaintenanceShell}
    microsoft.powershell     Container            {Name=microsoft.powershell}
    microsoft.powershell32    Container            {Name=microsoft.powershell32}
    WMI Provider             Container            {Name=WMI Provider}

    Description
    ———–
    This command uses the Get-ChildItem cmdlet (alias = dir) in the WSMan: provider drive to look at the content of the Plugin node.

    This is another way to look at the session configurations on the computer.

    The PlugIn node contains ContainerElement objects (Microsoft.WSMan.Management.WSManConfigContainerElement) that represent the registered Windows PowerShell session configurations, along with other plug-ins for WS-Management.

    ————————– EXAMPLE 5 ————————–

    C:\PS>Enable-WSManCredSSP -delegate server02

    C:\PS> Connect-WSMan server02

    C:\PS> Set-Item WSMan:\server02*\service\auth\credSSP -value $true

    C:\PS> Invoke-Command -scriptblock {Get-PSSessionConfiguration} -computername Server02 -authentication CredSSP -credential Domain01\Admin01

    Name                     PSVersion StartupScript        Permission                         PSComputerName
    —-                     ——— ————-        ———-                         ————–
    microsoft.powershell     2.0                             BUILTIN\Administrators AccessAll… server02.corp.fabrikam.com
    microsoft.powershell32    2.0                             BUILTIN\Administrators AccessAll… server02.corp.fabrikam.com
    MyX86Shell                2.0        c:\test\x86Shell.ps1 BUILTIN\Administrators AccessAll… server02.corp.fabrikam.com

    Description
    ———–
    This example shows how to run a Get-PSSessionConfiguration command on a remote computer. The command requires that CredSSP delegation be enabled in the client settings on the local computer and in the service settings on the remote computer. To run the commands in this example, you must be a member of the Administrators group on the local computer and the remote computer.

    The first command uses the Enable-WSManCredSSP cmdlet to enable CredSSP delegation from the Server01 local computer to the Server02 remote computer. This configures the CredSSP client setting on the local computer.

    The second command uses the Connect-WSMan cmdlet to connect to the Server02 computer. This action adds a node for the Server02 computer to the WSMan: drive on the local computer, allowing you to view and change the WS-Management settings on the Server02 computer.

    The third command uses the Set-Item cmdlet to change the value of the CredSSP item in the Service node of the Server02 computer to True. This configures the service settings on the remote computer.

    The fourth command uses the Invoke-Command cmdlet to run a Get-PSSessionConfiguration command on the Server02 computer. The command uses the Credential parameter, and it uses the Authentication parameter with a value of CredSSP.

    ————————– EXAMPLE 6 ————————–

    C:\PS>(Get-PSSessionConfiguration -Name CustomShell).resourceURI

    http://schemas.microsoft.com/powershell/microsoft.CustomShell

    Description
    ———–
    This command uses the Get-PSSessionConfiguration cmdlet to get the resource URI of a session configuration.

    This command is useful when setting the value of the $PSSessionConfigurationName preference Variable, which takes a resource URI.

    The $PSSessionConfiguationName Variable specifies the default configuration that is used when you create a session. This Variable is set on the local computer, but it specifies a configuration on the remote computer. For more information about the $PSSessionConfiguration Variable, see about_preference_variables.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=144304
    about_Session_Configurations
    Disable-PSSessionConfiguration
    Enable-PSSessionConfiguration
    Register-PSSessionConfiguration
    Set-PSSessionConfiguration
    Unregister-PSSessionConfiguration
    WS-Management Provider