PowerShell Drives and Providers

PowerShell Drives and Providers

Windows PowerShell is designed especially for system administration. In this section we will discuss some important PowerShell commands every system administrator must know to make their life easier.

One of the most powerful features of Windows PowerShell is that it lets you navigate through many different data stores by using the same familiar techniques that you use to navigate in the Windows file system.

PowerShell Drives (PSDrives)

In addition to the normal file system drives such as C: and D:, Windows PowerShell includes drives that represent the Environment Variables (Env:), PowerShell Aliases (Alias:), HKEY_LOCAL_MACHINE (HKLM:) and HKEY_CURRENT_USER (HKCU:) Registry Hives, the digital signature certificate store (Cert:), and the functions in the current session (Function:). These are known as Windows PowerShell drives. To see a list of Windows PowerShell drives, use the following command:

PS D:\MyScripts> Get-PSDrive

Name           Used (GB)     Free (GB) Provider      Root                                                           CurrentLocation
----           ---------     --------- --------      ----                                                           ---------------
Alias                                  Alias
C                  58.58         87.39 FileSystem    C:\                                                           Windows\system32
Cert                                   Certificate   \
D                 100.01        219.27 FileSystem    D:\                                                                  MyScripts
E                                      FileSystem    E:\
Env                                    Environment
Function                               Function
HKCU                                   Registry      HKEY_CURRENT_USER
HKLM                                   Registry      HKEY_LOCAL_MACHINE
Variable                               Variable
WSMan                                  WSMan

Windows PowerShell drives can be created in any data store that is available in Windows PowerShell, and they can have any valid name, such as “D” or “MyDrive“, followed by a colon (:). You can navigate in them by using that same methods that you would use in a file system drive. However, the Windows PowerShell drives are visible only in Windows PowerShell. You cannot see them or gain access to them in File Explorer or Cmd.exe.

You can even create your own Windows PowerShell drives by using the New-PsDrive cmdlet. For example, to create a new drive called “MyDrive:” with the root in your D:\MyScripts directory, use the following command:

PS C:\Users\Surender\Documents> New-PSDrive -Name MyDrive -PSProvider FileSystem -Root "D:\MyScripts"

Name           Used (GB)     Free (GB) Provider      Root                                                           CurrentLocation
----           ---------     --------- --------      ----                                                           ---------------
MyDrive                         219.26 FileSystem    D:\MyScripts
PS C:\Users\Surender\Documents> Set-Location MyDrive:
PS MyDrive:\> Get-ChildItem

    Directory: D:\MyScripts

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        19-09-2014  12:05 PM         64 attachScript.txt
-a---        10-09-2014  12:30 PM         53 Close-Outlook.ps1
-a---        11-09-2014  12:53 PM         83 Close-PRTG.ps1
-a---        27-05-2014  11:25 AM         38 Computers.txt
-a---        02-12-2013  02:03 PM        277 Create-Folder.ps1
-a---        02-01-2015  12:11 PM        209 Create-Shadow.ps1
-a---        01-10-2014  02:11 PM        137 Enable-PSRemoting.bat
-a---        01-10-2014  03:12 PM        164 Enable-PSRemoting.ps1

[output cut]

Navigating the File System

If you are already familiar with other command-line shells such as cmd.exe and Linux command-line, you might be tempted to type the familiar commands such as  cd, dir, ls, and cat after opening Windows PowerShell. Well, you can use these commands since Windows PowerShell has built-in aliases created for most popular commands. The cd is an alias for the Set-Location cmdlet, the cmdlet that changes the current location to the specified path. The dir and ls are aliases for the Get-Childitem cmdlet, the cmdlet that lists the contents of a directory. The cat is an alias for Get-Content cmdlet the cmdlet that prints the contents of a file.

To navigate within the file system drive, use the Set-Location (cd) and Get-Childitem (dir, ls) cmdlets. In Windows PowerShell, drives are indicated by the drive name followed by a colon (:), such as D:, and parent items are separated from child item by backslashes (\) or forward slashes (/), such as D:\MyScripts.

As in other command-line shells, you can change locations, create, delete, move, and copy directories and files, and change their properties. You can even use tab-completion feature for path names and cmdlet names. The built-in variables such as $home for your home directory, and $pshome for Windows PowerShell installation directory comes handy while using PowerShell. Windows PowerShell uses following cmdlets to work with files and folders.

PS D:\MyScripts> Get-Command -Noun Item

CommandType     Name                                               ModuleName
-----------     ----                                               ----------
Cmdlet          Clear-Item                                         Microsoft.PowerShell.Management
Cmdlet          Copy-Item                                          Microsoft.PowerShell.Management
Cmdlet          Get-Item                                           Microsoft.PowerShell.Management
Cmdlet          Invoke-Item                                        Microsoft.PowerShell.Management
Cmdlet          Move-Item                                          Microsoft.PowerShell.Management
Cmdlet          New-Item                                           Microsoft.PowerShell.Management
Cmdlet          Remove-Item                                        Microsoft.PowerShell.Management
Cmdlet          Rename-Item                                        Microsoft.PowerShell.Management
Cmdlet          Set-Item                                           Microsoft.PowerShell.Management

For more details on each cmdlet, see the Help for specific cmdlet.

The below mentioned commands change the current working directory to D:\MyScripts, then list the contents of current working directory.

PS C:\Users\Surender\Documents>
PS C:\Users\Surender\Documents> Set-Location D:\MyScripts
PS D:\MyScripts> Get-ChildItem

    Directory: D:\MyScripts

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        19-09-2014  12:05 PM         64 attachScript.txt
-a---        10-09-2014  12:30 PM         53 Close-Outlook.ps1
-a---        11-09-2014  12:53 PM         83 Close-PRTG.ps1
-a---        27-05-2014  11:25 AM         38 Computers.txt
-a---        15-09-2015  12:32 PM         67 Get-DiskUsage.ps1
-a---        28-03-2014  10:48 AM        207 Get-Drives.ps1
-a---        14-05-2014  12:49 PM        176 Get-FSMORoles.ps1
-a---        22-05-2014  12:21 PM        809 Get-InstallDate.ps1
-a---        07-05-2014  04:08 PM        276 Get-OSDetail.ps1
-a---        15-04-2014  02:27 PM        119 Get-OSInfo.ps1
-a---        16-10-2014  11:36 AM        179 Get-OSInstallDate.ps1
-a---        31-03-2015  02:51 PM       1100 Run-SQLBackup.ps1
-a---        08-10-2014  01:32 PM        447 Set-ACL.ps1
-a---        13-05-2014  05:31 PM        158 Set-ADPassword.ps1
-a---        24-09-2014  05:52 PM         75 Set-WinRM.ps1

PS D:\MyScripts> New-Item TestFile.txt -ItemType File


    Directory: D:\MyScripts


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        16-09-2015  04:38 PM          0 TestFile.txt

The New-Item command is used to create a new file with the name TestFile.txt. To create the directory, you need to use New-Item cmdlet with ‘-ItemType Directory‘ parameter.

To delete the file or directory, use Remove-Item cmdlet as shown below:

PS D:\MyScripts> Remove-Item TestFile.txt -Force

Navigating the Windows Registry

You can navigate through the Windows Registry by using the same techniques that you use to navigate in the file system drive. In Windows PowerShell, the HKEY_LOCAL_MACHINE hive maps to the Windows PowerShell HKLM: drive and the HKEY_CURRENT_USER hive maps to HKCU: drive.

PS D:\MyScripts> sl HKCU:
PS HKCU:\> 
PS HKCU:\> cd .\Software\Microsoft\Windows\CurrentVersion
PS HKCU:\Software\Microsoft\Windows\CurrentVersion> gci


    Hive: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion


Name                           Property
----                           --------
AccountPicture                 ADGivenName : Surender
                               ADSurname   : 
                               FirstName   : Surender
                               LastName    : 
                               DisplayName :
                               SourceId    : d0ebddd0a7ba6701
AccountState
Action Center                  ReNotifyCount : 1
App Paths
AppHost
Applets
ApplicationAssociationToasts   jpegfile_.jpg                                      : 0
                               Microsoft.PhotoManager.imagetype_.jpg              : 0
                               Excel.Sheet.12_.xlsx                               : 0
                               Msi.Package_.msi                                   : 0
                               MSCFile_.msc                                       : 0
                               Microsoft.PowerShellModule.1_.psm1                 : 0
                               Microsoft.PowerShellScript.1_.ps1                  : 0

[output cut]

Notice that I have used sl (alias for Set-Location) to change the working directory to HKEY_CURRENT_USER registry hive. The gci (alias for Get-ChildItem) to list the contents for current working directory.

The entries in a registry key are considered to be properties of the key in which they are located. You can use the Get-ItemProperty cmdlet to retrieve the properties of a Registry Key.

For example, if you want to see the value of the Windows PowerShell execution policy, you can use the Get-ExecutionPolicy cmdlet or navigate to the ExecutionPolicy registry entry that stores the value in HKLM:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell.

PS HKCU:\> Set-Location hklm:
PS HKLM:\>
PS HKLM:\> cd .\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
PS HKLM:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell> Get-ItemProperty -Path . -name executionpolicy

ExecutionPolicy : Unrestricted
PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\ShellIds
PSChildName     : Microsoft.PowerShell
PSDrive         : HKLM
PSProvider      : Microsoft.PowerShell.Core\Registry

The New-Item cmdlet is versatile and particularly good for creating files and folders. If you want to create the actual values or leaf items in the Windows registry, then use the cmdlet New-ItemProperty.

Caution: Windows Registry is a critical resource. Therefore registry editing is not recommended if you are a new user. If you want to play with registry items using Windows PowerShell, I would suggest playing around with the values of HKCU: drive, since this will only affect current user profile and not the whole system.

Let’s first navigate to HKEY_CURRENT_USER\SOFTWARE subkey and then create a new subkey with the name TestSoftware. Then we will create a new registry item with the name TestKey and then we will set the value of new registry item.

PS HKLM:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell> sl HKCU:\SOFTWARE
PS HKCU:\SOFTWARE> New-Item TestSoftware -ItemType directory

    Hive: HKEY_CURRENT_USER\SOFTWARE

Name                           Property
----                           --------
TestSoftware


PS HKCU:\SOFTWARE> New-ItemProperty -Path .\TestSoftware -Name TestKey -PropertyType String -Value "D:\MyScripts"


TestKey      : D:\MyScripts
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE\TestSoftware
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE
PSChildName  : TestSoftware
PSDrive      : HKCU
PSProvider   : Microsoft.PowerShell.Core\Registry

After running the above commands, you can verify that the key and values are created in Windows Registry.

Windows Registry Editing via PowerShell
Windows Registry Editing via PowerShell

You can change the registry key values using Set-ItemProperty cmdlet as shown below.

PS HKCU:\SOFTWARE> Set-ItemProperty -Path .\TestSoftware -Name TestKey -Value "C:\Users\surender"
PS HKCU:\SOFTWARE> Get-ItemProperty .\TestSoftware

TestKey      : C:\Users\surender
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE\TestSoftware
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE
PSChildName  : TestSoftware
PSDrive      : HKCU
PSProvider   : Microsoft.PowerShell.Core\Registry

To remove the registry item, use Remove-Item cmdlet. Exercise caution while removing any registry item; you may crash your system if you delete any critical key or value. Fortunately Windows PowerShell gives a -WhatIf parameter with every cmdlet which will tell you what would happen if you run this command without actually running the command. Before deleting files or erasing stuff, I advise you to see what happens with Get-Item before you unleash Remove-Item.

PS HKCU:\SOFTWARE> Remove-Item -Path .\TestSoftware -WhatIf -Force
What if: Performing the operation "Remove Key" on target "Item: HKEY_CURRENT_USER\SOFTWARE\TestSoftware".
PS HKCU:\SOFTWARE>
PS HKCU:\SOFTWARE> Remove-Item -Path .\TestSoftware -Force
PS HKCU:\SOFTWARE> Get-ChildItem .\TestSoftware
Get-ChildItem : Cannot find path 'HKEY_CURRENT_USER\SOFTWARE\TestSoftware' because it does not exist.
At line:1 char:1
+ Get-ChildItem .\TestSoftware
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (HKEY_CURRENT_USER\SOFTWARE\TestSoftware:String) [Get-ChildItem], ItemNotFoundExcept
   ion
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

This is how you can work with Windows Registry. The process is pretty much same as working with file system, files and folders.

Navigating the Certificate Store

You can navigate the digital certificate store on your computer. The certificate store maps to the Windows PowerShell Cert: drive. The following example shows how to use Set-Location (cd) and Get-Childitem (dir, ls) to navigate the Cert: drive.

PS D:\MyScripts> sl cert:
PS Cert:\> ls
Location   : CurrentUser
StoreNames : {TrustedPublisher, ClientAuthIssuer, Root, UserDS...}

Location   : LocalMachine
StoreNames : {TrustedPublisher, ClientAuthIssuer, SPC, Root...}

PS Cert:\> sl .\\CurrentUser
PS Cert:\CurrentUser> ls

Name : TrustedPublisher

Name : ClientAuthIssuer

Name : Root

Name : UserDS

Name : CA

Name : ACRS

Name : AuthRoot

Name : MSIEHistoryJournal

Name : TrustedPeople

Name : ADDRESSBOOK

Name : My

Name : SmartCardRoot

Name : Trust

Name : Disallowed

PS Cert:\CurrentUser> cd .\AuthRoot
PS Cert:\CurrentUser\AuthRoot> ls

    Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\AuthRoot

Thumbprint                                Subject
----------                                -------
F18B538D1BE903B6A6F056435B171589CAF36BF2  CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", ...
E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt ...
DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
D69B561148F01C77C54578C10926DF5B856976AD  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
D4DE20D05E66FC53FE1A50882C78DB2852CAE474  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

[output cut]

PS Cert:\CurrentUser\AuthRoot>
PS Cert:\CurrentUser\AuthRoot> Get-ChildItem F18B538D1BE903B6A6F056435B171589CAF36BF2 | Format-List -Property *

PSPath                   : Microsoft.PowerShell.Security\Certificate::CurrentUser\AuthRoot\F18B538D1BE903B6A6F056435B171589CAF36BF2
PSParentPath             : Microsoft.PowerShell.Security\Certificate::CurrentUser\AuthRoot
PSChildName              : F18B538D1BE903B6A6F056435B171589CAF36BF2
PSDrive                  : Cert
PSProvider               : Microsoft.PowerShell.Security\Certificate
PSIsContainer            : False
EnhancedKeyUsageList     : {Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2), Secure Email
                           (1.3.6.1.5.5.7.3.4), Code Signing (1.3.6.1.5.5.7.3.3)...}
DnsNameList              : {thawte Primary Root CA - G3}
SendAsTrustedIssuer      : False
EnrollmentPolicyEndPoint : 

[output cut]

You can use the same techniques to navigate in other PowerShell drives such as alias (Alias:), environment provider (Env:), function (Function:), and variable (Variable:) drives

PowerShell Providers

Windows PowerShell providers are Microsoft .NET Framework-based programs that make the data in a specialized data store available in Windows PowerShell so that you can view and manage it.

The data that a provider exposes appears in a drive, and you access the data in a path like you would on a hard disk drive. You can use any of the built-in cmdlets that the provider supports to manage the data in the provider drive. And, you can use custom cmdlets that are designed especially for the data.

The providers can also add dynamic parameters to the built-in cmdlets. These are parameters that are available only when you use the cmdlet with the provider data.

Windows PowerShell includes a set of built-in providers that you can use to access the different types of data stores. You can also create your own Windows PowerShell providers, and you can install providers developed by others. To list the providers that are available in your session, use Get-PSProvider cmdlet:

PS MyDrive:\> Get-PSProvider

Name                 Capabilities                                            Drives
----                 ------------                                            ------
Alias                ShouldProcess                                           {Alias}
Environment          ShouldProcess                                           {Env}
FileSystem           Filter, ShouldProcess, Credentials                      {C, D, MyDrive, E}
Function             ShouldProcess                                           {Function}
Registry             ShouldProcess, Transactions                             {HKLM, HKCU}
Variable             ShouldProcess                                           {Variable}
Certificate          ShouldProcess                                           {Cert}
WSMan                Credentials                                             {WSMan}

For getting Help about a particular provider, type the Get-Help cmdlet followed by the name of provider as shown below:

PS MyDrive:\> Get-Help FileSystem

Back



Microsoft Certified Professional | Cisco Certified Network Associate

Leave a Reply