Useful Powershell Commands

PowerShell Section¶

Gets the Aliases of Get-ChildItem¶

Get-Alias -Definition Get-ChildItem

Requesting Online Help for a Command¶

Get-Help Get-Process -online

Measuring Objects of a File in Powershell¶

Get-Content .\test.txt | Measure-Object -Word

Getting a Windows Service and Grabbing Description¶

Get-CimInstance Win32_Service -Filter "Name like 'SOMETHING'" | Select Description

Selecting Two files comparing and outputting the lines that are different.¶

$result= Compare-Object -ReferenceObject $(Get-Content .\new.txt) -DifferenceObject $(Get-Con
tent .\old.txt) | Select -Property InputObject
$result.InputObject

Sort a Text File Descending then Select Line ( Example Line 21)¶

Get-Content .\words.txt | Sort-Object -Descending | Out-File sorted.txt
(Get-Content -Path .\sorted.txt -TotalCount 21)[-1]

Checking a file for some type of Alternate Data Stream, $DATA is the default but if anything else listed then you can get content and take that stream out.¶

Get-Item .\some_file -Stream *
## Call the Stram
Get-Content .\some_file -Stream hidden

This will show the Processes and sort then by lowest to highest. The process ids increment in sets of 4. It will always be a even number.¶

Get-Process | Select-Object name,id | Sort-Object id

Search a Text file for "Unique" words and measure by word¶

Get-Content -Path .\sorted.txt | Sort-Object -Unique | Measure-Object -Word

Grab Content, Sort by words with A or Z and Measure¶

Get-Content .\words_dsc_sorted.txt | Select-String -Pattern "a","z" | Measure-Object -Word

Get Directories and then Measure¶

Get-ChildItem -Directory -Recurse | Measure-Object
ls

Get Permission info on a file and format into a list¶

get-acl hosts | Format-List *

Getting the MD5 Hash. By default SHA will be the hash produced.¶

 Get-FileHash -Algorithm MD5 .\some_file

Recursively search a directory and then read the file.¶

Get-ChildItem -ErrorAction SilentlyContinue -Recurse C:\Users\Folder -Filter "readme" | Get-Content

Get the processes and sort by method and then measure¶

Get-Process | Get-Member -MemberType Method | Measure-Object

Read the content of a file and then sort by any words that have the pattern 12xT in it.¶

Get-Content .\sorted.txt | Select-String -Pattern '12xT'

Get Content then match the pattern of double "a" followed by any a-g and then measure.¶

Get-Content .\some_file.txt | Select-String -pattern '[AAaa]{2}[a-gA-G]' | Measure-Object

Check for any profiles that have used this windows machine.¶

gwmi win32_userprofile | select localpath, sid

Useful Registry Keys for Windows¶

Finding USBs¶

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\MOUNTPOINTS2

List out the USBs connect to a machine.¶

Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\