Hey, Scripting Guy! What Improvements Does Windows PowerShell 2.0 Have?


Bookmark and Share

(Editor’s note: Portions of today’s Hey, Scripting Guy! Blog post are excerpted from the Microsoft Press book, Windows PowerShell 2.0 Best Practices by Ed Wilson which is now available for pre-order.)

Hey, Scripting Guy! Question

Hey, Scripting Guy! I am curious about some of the new features of Windows PowerShell 2.0. I know that all of the old cmdlets from Windows PowerShell 1.0 are still around, but have there been any improvements?

— MB

Hey, Scripting Guy! AnswerHello MB,

Microsoft Scripting Guy Ed Wilson here. Today I am listening to Die Zauberflote on my Zune and sipping a cup of Gyokuro green tea. It has a light delicate taste. I put a little lemon grass in the infuser and a fresh cinnamon stick in my cup. When brewing a pot of Gyokuro tea, it is important to not allow it to steep for more than five minutes or else the tea will begin to taste grassy. If the tea is allowed to steep for more than eight minutes, it will begin to taste bitter—which is a shame given the fine nature of the tea. For some reason Gyokuro tea goes well with Mozart. Of course, to really set things off, you need an ANZAC biscuit to go along with the cup of tea.

Several of the cmdlets in Windows PowerShell 2.0 have added new parameters. Perhaps the most immediately useful parameter is the –ComputerName parameter that allows working with computers in a remote fashion. These modified cmdlets are listed here.

·         Get-EventLog: Gets the events in an event log, or a list of the event logs, on the local or remote computers. In the following command we use the –ComputerName with the Get-EventLog cmdlet to allow us to retrieve the most recent event from the application log on a remote computer named berlin.

Get-EventLog -ComputerName berlin -LogName application -Newest 1

·         Get-Process: Gets the processes that are running on the local computer or a remote computer. In the following command, we use the new –ComputerName with the Get-Process cmdlet to obtain a listing of the processes currently running on a remote computer named berlin.

Get-Process -ComputerName berlin

·         Get-Service: Gets the services on a local or remote computer. By using the –ComputerName parameter with the Get-Service cmdlet, we can get a listing of the status of all the services that are defined on a remote computer named berlin. This line of code is shown here.

Get-Service -ComputerName berlin

·         Set-Service: Starts, stops, and suspends a service, and changes its properties. The Set-Service cmdlet has been updated to include the –ComputerName parameter as well. As seen here, we use the new switch to connect to a remote computer named berlin and to change the startup type of the service to manual. Because this is modifying system state, we also decide to use the –Confirm switch to ensure we are working with both the correct computer and the correct service.

Set-Service -ComputerName berlin -Name bits -StartupType manual –Confirm

The –credential parameter was present in Windows PowerShell 1.0 in only one cmdlet, Get-WmiObject. This parameter allows for the use of alternate credentials when making remote connections. This switch has been added to several cmdlets such as Add-Content and Get-Content. However, when I tested this by trying to access a file on a remote computer, it came back with an error as shown here:

Image of error message

We can investigate this by examining the capabilities of the providers. First we need to see what types of capabilities the providers could support. To do this we use the GetValues() static method from the System.Enum .NET Framework class. The GetValues() method takes one argument, the name of the .NET Framework class from which it is to retrieve the enumeration values. The System.Management.Automation.Provider.ProviderCapabilities class contains the enumeration values we are interested in. The code that obtains these values is shown here:


We obtain the following list of provider capabilities:


Now that we have a listing of the capabilities available to the Windows PowerShell providers, we need to see which default Windows PowerShell 2.0 providers support the Credentials capability. To see this, we can use the Get-PSProvider cmdlet. As seen here, only one of the default Windows PowerShell 2.0 providers supports the use of capabilities:

Name                 Capabilities                            Drives
—-                 ————                            ——
Alias                ShouldProcess                           {Alias}
Environment          ShouldProcess                           {Env}
FileSystem           Filter, ShouldProcess                   {C, D, dle, apw…}
Function             ShouldProcess                           {Function}
Registry             ShouldProcess, Transactions             {HKLM, HKCU, HKCR}
Variable             ShouldProcess                           {Variable}
Certificate          ShouldProcess                           {cert, certCU}
WSMan                Credentials                             {WSMan}

The –credential parameter will work only if a provider supports it. Because cmdlets like Add-Content are designed to work on any Windows PowerShell drive, the –credential parameter was added. The WSMan default, PSProvider, supports the use of credentials, but none of the other default PSProviders does so. If you have loaded the Remote Server Administration Tools (RSAT), the Active Directory provider supports credentials. This is shown here:

PS C:> Get-PSProvider -PSProvider activeDirectory | Format-List *

ImplementingType : Microsoft.ActiveDirectory.Management.Provider.ADProvider
HelpFile         : Microsoft.ActiveDirectory.Management.dll-Help.xml
Name             : ActiveDirectory
PSSnapIn         :
ModuleName       : Microsoft.ActiveDirectory.Management
Module           : Microsoft.ActiveDirectory.Management
Description      :
Capabilities     : Include, Exclude, Filter, ShouldProcess, Credentials
Home             :
Drives           : {AD}

In addition to the –credential and the –computername parameters, the cmdlets have been upgraded with additional parameters as well. For example, the Get-Process cmdlet has a new switch called FileVersionInfo. This switched parameter will display file version information for a specific process or all processes. In the example seen here, the file version information for a process named conhost is shown:

PS C:> Get-Process -FileVersionInfo -Name conhost

ProductVersion   FileVersion      FileName
————–   ———–      ——–
6.1.7600.16385   6.1.7600.1638… C:Windowssystem32conhost.exe

If your troubleshooting of a process requires additional information, you may wish to use the –module switched parameter. When the –module switch is used, DLL files and other modules that make up the process are displayed:

PS C:> Get-Process -module -Name conhost

   Size(K) ModuleName                                         FileName
   ——- ———-                                         ——–
       348 conhost.exe                                        C:Windowssystem32…
      1708 ntdll.dll                                          C:WindowsSYSTEM32…
      1148 kernel32.dll                                       C:Windowssystem32…
       428 KERNELBASE.dll                                     C:Windowssystem32…
       412 GDI32.dll                                          C:Windowssystem32…
      1000 USER32.dll                                         C:Windowssystem32…
        56 LPK.dll                                            C:Windowssystem32…
       808 USP10.dll                                          C:Windowssystem32…
       636 msvcrt.dll                                         C:Windowssystem32…
       184 IMM32.dll                                          C:Windowssystem32…
      1060 MSCTF.dll                                          C:Windowssystem32…
      2052 ole32.dll                                          C:Windowssystem32…
      1208 RPCRT4.dll                                         C:Windowssystem32…
       860 OLEAUT32.dll                                       C:Windowssystem32…
        60 CRYPTBASE.dll                                      C:Windowssystem32…

The Get-Service cmdlet has been upgraded with the –DependentServices switch and the –RequiredServices switch. The use of these two switches can be useful when you are trying to determine if a service can be disabled or set to manual. This is illustrated here:

PS C:> Get-Service -Name wudfsvc

Status   Name               DisplayName
——   —-               ———–
Running  wudfsvc            Windows Driver Foundation – User-mo…

PS C:> Get-Service -Name wudfsvc -RequiredServices

Status   Name               DisplayName
——   —-               ———–
Running  PlugPlay           Plug and Play
Running  WudfPf             User Mode Driver Frameworks Platfor…

PS C:> Get-Service -Name wudfsvc -DependentServices

Status   Name               DisplayName
——   —-               ———–
Stopped  WbioSrvc           Windows Biometric Service

The Get-EventLog cmdlet has been upgraded with a number of new parameters. In Windows PowerShell 1.0, you could display the contents of an event log as shown here:

PS C:> Get-EventLog -LogName application

   Index Time          EntryType   Source                 InstanceID Message
   —– —-          ———   ——                 ———- ——-
    1205 Oct 22 14:14  Information Software Protecti…   1073750020 License Acti…
    1204 Oct 22 12:14  Information Software Protecti…   1073750020 License Acti…
    1203 Oct 22 10:14  Information Software Protecti…   1073750020 License Acti…
    1202 Oct 22 08:14  Information Software Protecti…   1073750020 License Acti…
    1201 Oct 22 07:13  Information Software Protecti…   1073750020 License Acti…
    1200 Oct 22 07:08  Information Software Protecti…   1073750020 License Acti…
    1199 Oct 22 06:38  Information Software Protecti…   1073


Comments are closed. Login to edit/delete your existing comments

Feedback usabilla icon