PowerShell

PowerShell for Beginners (Part 11): Having fun with PowerShell Drives

Last time we filtered objects with the filter method and with Where-Object.  In this part I would like to go back to the basics, to go back to something we haven’t learned so far. What I am talking about is working with PowerShell Drives. But first, let’s look at the exercise from the last part.

All parts of the series can be found here: PowerShell for Beginners (Series)

Review (Part 10)

Now I will provide the solution from the exercise of part 10.

Where-Object:

Use Get-Service and Where-Object to show only services that are running.

Filter (Active Directory required):

Use the Filter parameter to get all users that are disabled.

Ok. We have the giving that we should use Get-Service and Where-Object to show only services that are running. Remember the 2-Step-Method from PowerShell for Beginners (Part 8): The Power of PowerShell – Getting in Touch with Objects (Get-Member, Select-Object) : But here it’s a bit different: We use Get-Member, but then we don’t use Select-Object, but Where-Object.


Get-Service | Get-Member

There you’ll find the attribute “Status”. And if you run Get-Service without any parameter you’ll find the values for the attribute status: Running and Stopped. And here’s the command that shows all services that are started:


Get-Service | Where-Object {$_.Status -eq 'Running'}

Or shorten it a little:


Get-Service | Where-Object Status -EQ 'Running'

The second exercise asked for filtering Active Directory users that are disabled. This was a bit tricky, but you certainly found out (Get-ADUser xxx | Get-Member) that there is no disabled attribute, but an enabled attribute.


Get-ADUser -Filter {enabled -eq 'False'}

Review Part 10


Filtering is a key technology in PowerShell. If you are working with filters, see the Help section first. Where-Object is always on the right side of the pipe. Filtering on the left. If you have the choice between a filter on the left side of the pipe or Where-Object on the right side, then choose the left side.


PowerShell Drives

What the heck are PowerShell Drives and what are they for?

A Windows PowerShell drive is a data store location that you can access like a file system drive in Windows PowerShell

https://docs.microsoft.com/en-us/powershell/scripting/getting-started/cookbooks/managing-windows-powershell-drives?view=powershell-6

It is a store location. Where is it? Here are the drives we’re talking about:


Get-PSDrive

Unbenannt.PNG

Your screen might differ from mine. The command was executed on a Windows Server 2016 that acts as a Domain Controller for my domain. That’s why we see the AD drive (Active Directory).

A quick PS Drive overview:

  • AD: Active Directory
  • Alias: Built-In Aliases (example: Get-ChildItem ==> ls)
  • C: Drive C
  • Cert: Certificate Location Store
  • D: My D drive
  • Env: The environment variables (example: $env:computername)
  • Function: PowerShell functions are code blocks
  • HKCU, HKLM: Registry
  • Variable
  • WSMan: PowerShell Remoting

That’s a lot of theory. Almost too much to start with. Let’s choose a drive and have a closer look at it, e. g. the Alias drive.


cd Alias:

Unbenannt.PNG

What’s in this drive?

1.PNG

Unbenannt.PNG

We already know the commands with red borders.

So, what we now know is that we can use aliases and all these aliases are stored in a drive. One test:

Unbenannt.PNG

But what is it for? What’s the advantage of saving Aliases, Certificates, the Registry in a drive? First I have to say that this is more useful for scripting and developers. But I’ll provide 2 examples that are in my opinion very useful.

What have we learned so far?


A Windows PowerShell drive is a data store location that you can access like a file system drive in Windows PowerShell. Use Get-PSDrive to show all drives, called providers.


What is it for?

Example 1 – Do something with the registry

Is Remote Desktop enabled? Remember that the remote desktop settings, like almost all windows settings, are located in the Windows registry. We can browse the registry with PowerShell Drives (of course we can’t access the SAM that stores the passwords):


cd hklm:

dir

1.PNG

In this example I check out whether Remote Desktop is enabled (0=enabled):


Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-Name "fDenyTSConnections"

Unbenannt.PNG

I’ll now show you what you what can do if you have moved up to an advanced PowerShell user. With this command I activate Remote Desktop an all Windows Servers of my Active Directory Domain:

Get a list of all servers and store it in a file:


(Get-ADComputer -Filter 'operatingsystem -like "*server*"').Name | Out-File C:\Temp\Servers.txt

Then I do some remote actions to activate Remote Desktop an all Windows Servers that are powered on. And I use the HKLM PowerShell Drive:


Get-Content C:\Temp\Servers.txt | ForEach-Object {Invoke-Command -ComputerName $_ {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-Name "fDenyTSConnections" -Value 0;Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}}

Unbenannt.PNG

Nice one.

Example 2 – Search Something

Is it there? Or is it not there? By using PowerShell drives you can test if something is there.

Is there an ls alias?


Test-Path alias:ls

Yes, it is.

1.PNG

Another example shows you whether there’s a certificate from DigiCert installed on your computer. We’re looking for these 2 certificates:


certmgr.msc

1.PNG

In order to do that we have to navigate to the user’s cert drive and to the root folder (Trusted Root Authorities).


cd cert:

cd currentuser

cd root

1.PNG

And now we call up the two certificates:


Get-ChildItem | ? Subject -like '*DigiCert*'

2.PNG

Remember that “?” is the alias for Where-Object:


Get-Alias -Definition Where-Object

Unbenannt.PNG

Here’s the shorter version of the shown above:


Get-ChildItem Cert:\CurrentUser\Root\ | ? Subject -like '*DigiCert*'

Unbenannt.PNG

Creating PowerShell Drives (Side Note)

The flexibility of PS Drives becomes evident in the creation of new drives.


New-PSDrive -Name Data -PSProvider FileSystem -Root C:\Temp\Important\Data

1.PNG

This allows you to access the sub directory directly via PowerShell Drive:


cd data:

1.PNG

As shown above, I’ve used the PSProvider FileSystem. But there’s more.


Get-PSProvider

Unbenannt.PNG

Review


New-PSDrive enables you to create a new PowerShell Drive. This drive can refer to a Registry Key, Alias, Environment and much more. Get-PSProvider displays all PowerShell Providers.


The Environment PS Drive

All environment variables are stored in the PowerShell Drive env:


Get-ChildItem env:

1.PNG

Remember that some cmd commands do not work in PowerShell.

In cmd, set logonserver displays the Active Directory Domain Controller that authenticated the client.

1.PNG

This does not work in PowerShell.

1.PNG

Here is the solution: The PS Drive Env.

The env PS Drive enables you to show the logon server:


$env:LOGONSERVER

1.PNG

Additionally, some examples of how it works in cmd and PowerShell (I change between cmd and PowerShell in the same session):

Show the current logged on user


$env:username

set username

1.PNG

Showing the user’s home folder


$env:homepath

set homepath

1.PNG

That’s the end of this part. I hope I could give a good overview and motivate you to stay tuned. The next part is already scheduled.

What have we learned so far?


Environment Variables can be accessed using the Env PS Drive. Use $env: and press TAB for exploring.


Exercise

Here is the exercise til next part.

Discovering

Find out how to show the Computername with the PS Drive env.

Creating

Create a new persistent PowerShell Drive that refers to a shared folder on a remote computer. Find out how to make this drive persistent. (Use the Online Help, the Local Help or whatever)

See you next time at the topic: PowerShell for Beginners (Part 12): PowerShell Modules

Patrick Gruenauer, MVP PowerShell

Categories: PowerShell

Tagged as: ,

4 replies »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s