PowerShell Frequently Asked Questions

PowerShell Frequently Asked Questions2020-05-30T19:39:22+00:00

This page is an ever-growing list of questions we often hear about PowerShell. You’ll find it organized by topic. Need a question answered? Contact us and we’ll add it to the list!

How can I find locked files with PowerShell?2020-05-31T16:50:00+00:00

You can use our FindOpenFile module to locate locked files with PowerShell.

Install-Module FindOpenFile
Find-OpenFile -FilePath C:\myFile.txt
How do I a run a PowerShell script?2020-05-31T02:16:13+00:00

The easiest way to run a PowerShell script is to run it with the PowerShell command line. For Windows PowerShell, you can open PowerShell by pressing Windows+R and then typing PowerShell.exe. This will open the Windows PowerShell prompt. from here you should type or paste the script path. For example: C:\scripts\script.ps1. Be careful with scripts that you find on the internet or receive from someone you don’t know. PowerShell can manage a lot of the features of your system.

To run PowerShell, you will need to first install the latest version from the PowerShell repository. After it has been installed, you can follow the same steps are described above. The only difference is you will type pwsh.exe rather than powershell.exe.

You can also run PowerShell scripts by using the -File parameter of PowerShell.exe or Pwsh.exe.

PowerShell.exe -File .\myscript.ps1
How do I change the directory in PowerShell?2020-05-31T02:07:58+00:00

You can change the directory in any PowerShell provider using the Set-Location, Push-Location, or Pop-Location cmdlets. You can also use the standard cd command from Windows cmd as it is an alias for Set-Location.

To change the directory to the scripts directory. You could use the following command.

cd C:\scripts

The equivalent of this command is to use the full Set-Location command name.

Set-Location C:\scripts

Finally, you can use Push-Location and Pop-Location to move in and out of directories. Push-Location works just like Set-Location but stores the history of the previous directory.

To move into a directory with Push-Location, just do this.

Push-Location C:\scripts

To move back to the previous directory, use Pop-Location. It doesn’t require any arguments.

Pop-Location

 

How do I comment code in PowerShell?2020-05-30T19:18:52+00:00

First, there are a couple of types of comments in PowerShell. There are line comments and block comments. Line comments are denoted with a #. For example, you could include the following comment.

#
#    Hello. This is a comment
#

Everything after the # will not be executed by PowerShell.
The second kind of comment is a block comment. A block comment allows you to comment sections of code with start and end tokens. To start a block token, you should use the <# token. To end the comment, use the #> token. For example, we could create the following comment.

<# 
     Hello. This is a comment.
#>

Everything between the <# and #> will not be executed by PowerShell. You can also use block comments directly in-line with other scripts. For example, you could include a block comment right in a cmdlet call.

Get-Process <# -Id 12 #> -Name 'Notepad'
How do I create a foreach loop in PowerShell?2020-05-30T19:13:45+00:00

To create a foreach loop, you will use the foreach keyword, an iterator variable, and enumerable object and a body for the loop. Here is an example of looping over all the processes on a system using PowerShell.

$Processes = Get-Process
foreach($process in $processes)
{
    Write-Host $process.Name
}

In the above example, the $processes variable contains the list of processes on the machine as returned by Get-Process. The foreach loop will iterate over each item in the loop and store the individual object in the $process variable. We then use Write-Host to print out the name.

How do I disable PowerShell?2020-05-31T03:47:33+00:00

While you cannot completely disable PowerShell, you can take several steps to limit the execution of PowerShell. The first step is that you can enforce execution policies to ensure that users cannot run arbitrary scripts. By default, Windows machines run with a Restricted execution policy. This allows users to run commands but not scripts.

Next, PowerShell has only access to the current system that you grant. Users should not be permitted high-level administrative permissions. PowerShell can only do what you allow the user’s account to have access to.

How do I make a directory in PowerShell?2020-05-31T02:12:23+00:00

You can make a directory in PowerShell by specifying the New-Item cmdlet or by using the mkdir alias. To create a new directory with New-Item, do the following.

New-Item -Path C:\parent -Name child -ItemType Directory

You can also use the mkdir command to create a directory

mkdir child
How do I paste in PowerShell?2020-05-31T02:14:38+00:00

Pasting in PowerShell depends on your environment. If you are using the default PowerShell.exe terminal, you will need to right-click in the command prompt to paste. If you are using a more recent version of PowerShell, you should have PSReadline installed. PSReadline allows you to use the Ctrl+V shortcut to paste.  Finally, if you have the Windows Terminal installed, you will be able to use Ctrl+V.

How do I update PowerShell?2020-05-31T02:10:31+00:00

Windows PowerShell is updated by installing Windows Updates. To update Windows PowerShell, you should search for the Windows Management Framework. The more recent version of the Windows Management Framework is 5.1.

PowerShell is updated simply by deploying the new version from GitHub. PowerShell versions can live side by side. You can install multiple versions at once.

How do I use PowerShell Where-Object?2020-05-31T03:31:43+00:00

PowerShell Where-Object is a cmdlet used to filter objects on the pipeline. You can pass a collection of objects to the cmdlet and then provide a filter to select only the objects that you wish to return. There are two common parameter sets for Where-Object. The first takes advantage of the various parameters on Where-Object. The second allows you to use a script block to compose more advanced queries.

Let’s take a look at the first type of filtering. We will filter the processes on the machine based on name.

Get-Process | Where-Object Name -eq 'Notepad'

The above command line will select the processes where the name is Notepad. When deciding how to filter objects returned from a particular cmdlet, you can use Get-Member to see the properties available on the object.

To create more complex queries, you can use a script block. The following will achieve the same result as the previous object.

Get-Process | Where-Object { $_.Name -eq 'notepad' }

The braces denote the beginning and end of a script block. It is similar to a function. This Where-Object script block is called for each process that is returned from Get-Process. The $_ variable is used to denote the current object in the array of objects returned.

Is PowerShell Secure?2020-05-31T03:19:53+00:00

The recent versions of PowerShell have had a serious investment in security. PowerShell employs several technologies to ensure that it is the most secure shell on Windows. Some of these technologies are execution policies, constrained language mode, Just-Enough-Administration, script logging, and Anti-Malware Scanner Interface integration.

That said, PowerShell has an extensive red team community that employs various techniques to take advantage of its integration with .NET and the fact that it is installed on most recent versions of Windows. Check out some of the security modules on our list of the top 50 modules.

What book should I get to learn PowerShell?2020-05-30T19:34:08+00:00

There are several highly recommended books for people getting started with PowerShell.

Learn Windows PowerShell in a Month of Lunches is a great getting started resource that introduces gradually into PowerShell scripting and the PowerShell environment.

Windows PowerShell in Action was authored by one of the language designers from Microsoft. It provides a very deep level look at all the features of PowerShell. Although it’s focused on Windows PowerShell, the topics discussed still apply to PowerShell 7.

Windows PowerShell Cookbook is authored by one of the software developers at Microsoft. It contains around 100 different recipes.

What does AuthorizationManager check failed mean in PowerShell?2020-06-18T16:08:50+00:00
The AuthorizationManager check failed error can be thrown when importing modules or running scripts that were downloaded from the internet on Windows. You can use the Unblock-File cmdlet to ensure that the file can be run.
What forum should I use to ask a PowerShell question?2020-05-30T19:37:54+00:00

There are various active communities you can use to ask a PowerShell question. We recommend the PowerShell.org Forums, the Reddit PowerShell Subreddit or StackOverflow.

What is a PowerShell profile?2020-05-31T03:35:33+00:00

A PowerShell profile is a PowerShell script that is loaded every time you start a PowerShell command line or PowerShell host. PowerShell hosts, like the PowerShell ISE or the VS Code editor, can have profiles that are specific to those hosts. You can locate your PowerShell profile by looking at the $Profile variable.

What is an execution policy?2020-05-30T19:45:24+00:00

Execution policies in PowerShell help to ensure that users do not run scripts that are not trusted within their environment. Execution policies should not be considered a security boundary but it does help to validate the source of a script. Execution policies can be assigned at the GPO, machine, process, and user level.  To learn more about execution policies, read the Microsoft documentation.

What is PowerShell?2020-05-30T18:59:14+00:00

PowerShell is a command-line tool and scripting language designed for system management and configuration.

PowerShell was originally built for managing Windows systems but is now an open-source, cross-platform language and set of tools managed by Microsoft.

What is the purpose of PowerShell?2020-05-31T03:41:59+00:00

PowerShell is a command-line tool and scripting language designed for system management and configuration.

PowerShell was originally built for managing Windows systems but is now an open-source, cross-platform language and set of tools managed by Microsoft. It enabled the management of heterogeneous systems on-premises and in the cloud.

What is the Windows PowerShell ISE?2020-05-31T02:18:41+00:00

The Window PowerShell ISE is a development environment for Windows PowerShell scripts. The ISE supports debugging, syntax highlighting, IntelliSense and a terminal. The ISE is no longer being updated with new features or bug fixes. Microsoft recommends that you use Visual Studio Code for editing PowerShell scripts. There are other editors such as Visual Studio, PowerShell Studio and PSScriptPad.

What is Windows PowerShell?2020-05-30T19:02:33+00:00

Windows PowerShell is a command-line shell and scripting language developed by Microsoft to manage Windows machines.

Windows PowerShell 5.1 is the current version and last version. The PowerShell language, shell, and accompanying tooling have been rewritten using cross-platform technology. Windows PowerShell has reached the end of life and PowerShell continues to advance as a tool to manage heterogeneous systems.

What version of PowerShell do I have?2020-05-31T02:03:33+00:00

You can check the version of PowerShell by starting the PowerShell command line. This can be done with either PowerShell.exe or Pwsh.exe. Once the command line is open type $PSVersionTable and press enter. The version information will be listed.

What’s new in PowerShell 7?2020-05-31T03:23:14+00:00

PowerShell 7 has better support for Windows PowerShell modules, adds a bunch of language features that make development more productive and increases performance. The Microsoft PowerShell team has put together a great set of videos and resources for learning more about PowerShell 7.

What’s the difference between Windows PowerShell and PowerShell?2020-05-30T19:21:57+00:00

Windows PowerShell is the Windows-specific version of the PowerShell command-line and scripting language. PowerShell is the cross-platform, open-source version of the command-line and script language. New features are no longer being developed for Windows PowerShell. PowerShell has been designed to manage both Windows systems as well as heterogeneous cloud systems.