Microsoft PowerShell is a great scripting platform. PowerShell is not only used to manage Windows operating systems, but Microsoft has also extended the capability of PowerShell script to Azure Cloud. Azure Automation, a powerful service from Microsoft Azure, is used to automate repeated tasks on the Azure Cloud. PowerShell not only helps in reducing the time it takes to perform the same tasks via GUI but also improves an organization’s overall CAPEX and OPEX. In this article, we will provide some examples of using PowerShell commands for Windows operating systems.

Querying service on Windows computers

Previously, when you needed to query services status on Windows operating systems, you used to use the SC.exe command line tool. The SC.exe command line tool is still being used by many admins considering the fact it doesn’t require PowerShell to be installed on the local computer. But new versions of Windows operating systems already ship with PowerShell. So, if you need to return a list of running services on a local computer, you can execute this PowerShell command:

Get-Service | Where-Object {$_.Status –eq “Running”}

The command above returns only services that are running on the local computer. If you need to see a list of services that begin with a specific string, for example “WMI,” you will execute this command:

Get-Service –DisplayName “*WMI*”

While the above PowerShell commands run against the local computer, the PowerShell command below can be used to retrieve a list of services from a remote computer:

Get-WMIObject Win32_Service –Computer WinServer1

As you can see in the above command, we are using the Get-WMIObject PowerShell cmdlet and calling Win32_Service WMI class to retrieve the services from WinServer1 windows computer. Note that Get-Service PowerShell doesn’t support specifying “-Computer” parameter and can only be executed against the local computer.

Checking event logs using PowerShell

It is worth mentioning that Microsoft Event Viewer snap-in takes a lot of time to search the required events through event logs. For example, if you needed to search through a particular event ID, you will be required to scroll through complete event log files until that particular event ID is found. PowerShell helps solve this problem. You can specify a particular event ID in the PowerShell command and see the result quickly. For example, the PowerShell command below checks to see if Event ID 7036 is logged in the System Event Log.

Get-EventLog “System” | Where-Object {$_.EventID –eq 7036}

If you need to see the latest events reported in the application event log, execute below PowerShell command:

Get-EventLog Application –Newest 10

The above command (also seen in the screenshot below) shows the latest 10 entries recorded in the application event log.


Searching through text files

In case you need to determine whether or not a specific string value exists in a given text file, you can use the “Select-String” PowerShell cmdlet. I have used “Select-String” several times when searching through “Error” and “Warnings” string values in log files during troubleshooting. To search for “Errors” in a log file, execute this PowerShell command:

Get-Content C:\Temp\MVMC.Log | Select-String “Errors” -Quiet

If you wish to perform a case-sensitive search, execute this command:

Get-Content C:\Temp\MVMC.Log | Select-String “ERRORS” –Quiet –Casesensitive

Checking status of network adapters

Using PowerShell you can quickly check the status of network adapters on the local computer. PowerShell provides Get-NetAdapter PowerShell cmdlet that can list all virtual as well as physical network adapters and then show the status of each network adapter as shown in the command below:

Get-NetAdapter | Where Status –eq “Up”

The above command shows all network adapters including virtual adapters such as wireless. In case you wish to reduce the output to only physical network adapters, execute this command:

Get-NetAdapter –Physical | Where Status –eq “Up”

Common environmental PowerShell commands

Not every PowerShell admin knows that when you launch a PowerShell window, PowerShell populates valuable system information in the environment variables. These variables are ready to use and do not require use of any PowerShell cmdlets. PowerShell stores operating system information in the “environment drive.”. You can access information stored in the environment drive by executing “[System.Environment]::” in the PowerShell window. For example, in case you need to see current operating system version, you will execute this command:


When you execute the above command, the result will be displayed in the current PowerShell window. You can check for current directory, whether the current operating system version is 64-bit or not, current working directory, current username, and many other bits of information as shown in the screenshot below:


There are plenty of PowerShell cmdlets available for Windows operating systems alone. About 90 percent of the Windows operating systems operation can be managed using PowerShell. All you need to do is search through the PowerShell cmdlets to get the right cmdlet for use.


Source: TechGenix