Powershell basics part 10 – Interacting with computer resources


Hello everyone,
Just started working this Monday after a two weak holiday and i am very tired :). In this post I will talk more about interacting with windows resources by using powershell. We will talk about interacting with windows processes and services..
I think we have already used the command Get-Process, a short Get-Help Get-Process will tell us that this cmdlet is used to get the processes that run on the local on or a remote machine. This cmdlet is very useful especially for windows administrators that interact frequently with windows processes. A process is an instance of a software that runs on a machine, you can see them by opening task manager on processes tab. You can read more about processes on wikipedia:
http://en.wikipedia.org/wiki/Process_(computing)
Get-Process output:

Get-Process cmdlet
This cmdlet has many parameters, I will write them down and also a little description, you can see them by typing Get-Help Get-Process -full:
    -ComputerName – this parameter is used to get processes that run on the local or on a remote computer

-FileVersionInfo [] – this parameter is used to find out the file version for the program that runs in a specific process
-Id – gets one or more processes by specifying their ID (PID)
 -InputObject – Specifies one or more process objects
 -Module [] – returns the modules that where loaded by a process
 -Name – gets the processes by their names

If you type Get-Process without parameters, powershell will return all the processes that run on your machine, the output looks something like this:

Get-Process Powershell
As you can see chrome runs on my computer, to select only the chrome processes type Get-Process chrome:
Get-Process command
Another useful cmdlets that you can use when interacting with processes are:
 Start-Process – starts a process
 Stop-Process – stops a process
 Wait-Process – puts a process into waiting state
 Debug-Process – debugs a process
You can find out more about each of them by typing Get-Help [cmdlet name]
To stop the chrome process type:
Stop-Process -name chrome
Same thing happens if you type:
Stop-Process 2376 – this is the process ID
To start processes use the same parameters as stop-process cmdlet
Services are used by the operating system to perform certain tasks, they can be seen by looking in the services tab in task manager or by opening the services.msc console:
Windows Services
In  powershell you can see the services by typing Get-Service:
Get-Service command
To find ou more about Get-Service cmdlet Get-Help Get-Service -full:
More cmdlets that are used to interact with windows services:
Start-Service – starts a service
Stop-Service – stops a service
Restart-Service – restarts a service
Resume-Service – resumes a service
Suspend-Servic – suspends a service
Set-Service – used to change services properties
New-Service – creates a new service
I posted I think last week something about creating a new process from an application by using windows powershell you can check that post also:
Another useful cmdlet is Get-Eventlog. This is used to interact with event viewer, one of the most important tools that you use to resolve windows problems. Now let’s type Get-Help Get-Eventlog -full:
Get-Eventlog cmdlet
 
In this output you can see all the parameters that can be used with this cmdlet. To display all the events regarding security type Get-Eventlog -log Security, to get the newest 30 results type
Get-Eventlog -log Security -newest 30. If we want to filter the results to show only the events that have Microsoft-Windows source type Get-Eventlog -log Security -source “Microsoft-Windows*”

 

Other useful cmdlets to interact with event viewer are :
Clear-EventLog – used to clear event viewer
Limit-EventLog – limits events by size or age
New-EventLog – creates a new event log
Remove-EventLog – removes an event log
Show-EventLog – displays the event viewer on the local or on a remote machine
Write-EventLog – writes an event to an event log
Get-WinEvent – gets events from event logs or event tracing log files
 
Get-WmiObject cmdlet is used to “Gets instances of Windows Management Instrumentation (WMI) classes or information about the available classes.” You can see this by typing:
Get-Help Get-WmiObject -full. Here you can see all parameters for this cmdlet. With this cmdlet you can interact with all your machine resources. To display all the wmi classes type Get-WmiObject -list. I will give you some examples of using this cmdlet. You can read more about it on microsoft’s website http://technet.microsoft.com/en-us/library/ee176860.aspx
To display information about your disk-drive type:
Get-WmiObject win32_diskdrive
Get-WmiObject cmdlet
To find out information about your motherboard type:
Get-WmiObject Win32_MotherboardDevice
Get-WmiObject cmdlet
To get information about your BIOS type:
Get-WmiObject Win32_BIOS:
Get-WmiObject Powershell
To find out information about products installed on your computer type:
Get-WmiObject Win32_Product
Get-WmiObject Powershell
To find out information about network protocols type:
Get-WmiObject Win32_NetworkProtocol
Get-WmiObject command
To display information about your processor type:
Get-WmiObject Win32_Processor
Get-WmiObject command
That’s all for this post, I will continue talking about how to interact with resources using powershell in a future post. Hope you’ve enjoyed it, stay tuned for more and have a wonderful day.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s