Last time we filtered objects with the filter method and with Where-Object. In this part I would like to go back to the basics, to go back to something we haven’t learned so far. What I am talking about is working with PowerShell Drives. But first, let’s look at the exercise from the last part.
All parts of the series can be found here: PowerShell for Beginners (Series)
Review (Part 10)
Now I will provide the solution from the exercise of part 10.
Where-Object:
Use Get-Service and Where-Object to show only services that are running.
Filter (Active Directory required):
Use the Filter parameter to get all users that are disabled.
Ok. We have the giving that we should use Get-Service and Where-Object to show only services that are running. Remember the 2-Step-Method from PowerShell for Beginners (Part 8): The Power of PowerShell – Getting in Touch with Objects (Get-Member, Select-Object) : But here it’s a bit different: We use Get-Member, but then we don’t use Select-Object, but Where-Object.
Get-Service | Get-Member
There you’ll find the attribute “Status”. And if you run Get-Service without any parameter you’ll find the values for the attribute status: Running and Stopped. And here’s the command that shows all services that are started:
Get-Service | Where-Object {$_.Status -eq 'Running'}
Or shorten it a little:
Get-Service | Where-Object Status -EQ 'Running'
The second exercise asked for filtering Active Directory users that are disabled. This was a bit tricky, but you certainly found out (Get-ADUser xxx | Get-Member) that there is no disabled attribute, but an enabled attribute.
Get-ADUser -Filter {enabled -eq 'False'}
Review Part 10
Filtering is a key technology in PowerShell. If you are working with filters, see the Help section first. Where-Object is always on the right side of the pipe. Filtering on the left. If you have the choice between a filter on the left side of the pipe or Where-Object on the right side, then choose the left side.
PowerShell Drives
What the heck are PowerShell Drives and what are they for?
A Windows PowerShell drive is a data store location that you can access like a file system drive in Windows PowerShell
It is a store location. Where is it? Here are the drives we’re talking about:
Get-PSDrive
Your screen might differ from mine. The command was executed on a Windows Server 2016 that acts as a Domain Controller for my domain. That’s why we see the AD drive (Active Directory).
A quick PS Drive overview:
- AD: Active Directory
- Alias: Built-In Aliases (example: Get-ChildItem ==> ls)
- C: Drive C
- Cert: Certificate Location Store
- D: My D drive
- Env: The environment variables (example: $env:computername)
- Function: PowerShell functions are code blocks
- HKCU, HKLM: Registry
- Variable
- WSMan: PowerShell Remoting
That’s a lot of theory. Almost too much to start with. Let’s choose a drive and have a closer look at it, e. g. the Alias drive.
cd Alias:
What’s in this drive?
We already know the commands with red borders.
So, what we now know is that we can use aliases and all these aliases are stored in a drive. One test:
But what is it for? What’s the advantage of saving Aliases, Certificates, the Registry in a drive? First I have to say that this is more useful for scripting and developers. But I’ll provide 2 examples that are in my opinion very useful.
What have we learned so far?
A Windows PowerShell drive is a data store location that you can access like a file system drive in Windows PowerShell. Use Get-PSDrive to show all drives, called providers.
What is it for?
Example 1 – Do something with the registry
Is Remote Desktop enabled? Remember that the remote desktop settings, like almost all windows settings, are located in the Windows registry. We can browse the registry with PowerShell Drives (of course we can’t access the SAM that stores the passwords):
cd hklm: dir
In this example I check out whether Remote Desktop is enabled (0=enabled):
Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-Name "fDenyTSConnections"
I’ll now show you what you what can do if you have moved up to an advanced PowerShell user. With this command I activate Remote Desktop an all Windows Servers of my Active Directory Domain:
Get a list of all servers and store it in a file:
(Get-ADComputer -Filter 'operatingsystem -like "*server*"').Name | Out-File C:\Temp\Servers.txt
Then I do some remote actions to activate Remote Desktop an all Windows Servers that are powered on. And I use the HKLM PowerShell Drive:
Get-Content C:\Temp\Servers.txt | ForEach-Object {Invoke-Command -ComputerName $_ {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-Name "fDenyTSConnections" -Value 0;Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}}
Nice one.
Example 2 – Search Something
Is it there? Or is it not there? By using PowerShell drives you can test if something is there.
Is there an ls alias?
Test-Path alias:ls
Yes, it is.
Another example shows you whether there’s a certificate from DigiCert installed on your computer. We’re looking for these 2 certificates:
certmgr.msc
In order to do that we have to navigate to the user’s cert drive and to the root folder (Trusted Root Authorities).
cd cert: cd currentuser cd root
And now we call up the two certificates:
Get-ChildItem | ? Subject -like '*DigiCert*'
Remember that “?” is the alias for Where-Object:
Get-Alias -Definition Where-Object
Here’s the shorter version of the shown above:
Get-ChildItem Cert:\CurrentUser\Root\ | ? Subject -like '*DigiCert*'
Creating PowerShell Drives (Side Note)
The flexibility of PS Drives becomes evident in the creation of new drives.
New-PSDrive -Name Data -PSProvider FileSystem -Root C:\Temp\Important\Data
This allows you to access the sub directory directly via PowerShell Drive:
cd data:
As shown above, I’ve used the PSProvider FileSystem. But there’s more.
Get-PSProvider
Review
New-PSDrive enables you to create a new PowerShell Drive. This drive can refer to a Registry Key, Alias, Environment and much more. Get-PSProvider displays all PowerShell Providers.
The Environment PS Drive
All environment variables are stored in the PowerShell Drive env:
Get-ChildItem env:
Remember that some cmd commands do not work in PowerShell.
In cmd, set logonserver displays the Active Directory Domain Controller that authenticated the client.
This does not work in PowerShell.
Here is the solution: The PS Drive Env.
The env PS Drive enables you to show the logon server:
$env:LOGONSERVER
Additionally, some examples of how it works in cmd and PowerShell (I change between cmd and PowerShell in the same session):
Show the current logged on user
$env:username set username
Showing the user’s home folder
$env:homepath set homepath
That’s the end of this part. I hope I could give a good overview and motivate you to stay tuned. The next part is already scheduled.
What have we learned so far?
Environment Variables can be accessed using the Env PS Drive. Use $env: and press TAB for exploring.
Exercise
Here is the exercise til next part.
Discovering
Find out how to show the Computername with the PS Drive env.
Creating
Create a new persistent PowerShell Drive that refers to a shared folder on a remote computer. Find out how to make this drive persistent. (Use the Online Help, the Local Help or whatever)
See you next time at the topic: PowerShell for Beginners (Part 12): PowerShell Modules
Patrick Gruenauer, MVP PowerShell
Categories: PowerShell
My name is Patrick Gruenauer. From Austria.
SID-500.COM 
get-service | Where-Object Status -Like running
LikeLiked by 1 person