- September 16, 2015
- Posted by: Surender Kumar
- Category: PowerShell
PowerShell Drives and Providers
Table of Contents
Windows PowerShell is designed especially for system administration. In this section we will discuss some important PowerShell commands every system administrator must know to make their life easier.
One of the most powerful features of Windows PowerShell is that it lets you navigate through many different data stores by using the same familiar techniques that you use to navigate in the Windows file system.
PowerShell Drives (PSDrives)
In addition to the normal file system drives such as C: and D:, Windows PowerShell includes drives that represent the Environment Variables (Env:), PowerShell Aliases (Alias:), HKEY_LOCAL_MACHINE (HKLM:) and HKEY_CURRENT_USER (HKCU:) Registry Hives, the digital signature certificate store (Cert:), and the functions in the current session (Function:). These are known as Windows PowerShell drives. To see a list of Windows PowerShell drives, use the following command:
PS D:\MyScripts> Get-PSDrive Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- Alias Alias C 58.58 87.39 FileSystem C:\ Windows\system32 Cert Certificate \ D 100.01 219.27 FileSystem D:\ MyScripts E FileSystem E:\ Env Environment Function Function HKCU Registry HKEY_CURRENT_USER HKLM Registry HKEY_LOCAL_MACHINE Variable Variable WSMan WSMan
Windows PowerShell drives can be created in any data store that is available in Windows PowerShell, and they can have any valid name, such as “D” or “MyDrive“, followed by a colon (:). You can navigate in them by using that same methods that you would use in a file system drive. However, the Windows PowerShell drives are visible only in Windows PowerShell. You cannot see them or gain access to them in File Explorer or Cmd.exe.
You can even create your own Windows PowerShell drives by using the New-PsDrive cmdlet. For example, to create a new drive called “MyDrive:” with the root in your D:\MyScripts directory, use the following command:
PS C:\Users\Surender\Documents> New-PSDrive -Name MyDrive -PSProvider FileSystem -Root "D:\MyScripts" Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- MyDrive 219.26 FileSystem D:\MyScripts PS C:\Users\Surender\Documents> Set-Location MyDrive: PS MyDrive:\> Get-ChildItem Directory: D:\MyScripts Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 19-09-2014 12:05 PM 64 attachScript.txt -a--- 10-09-2014 12:30 PM 53 Close-Outlook.ps1 -a--- 11-09-2014 12:53 PM 83 Close-PRTG.ps1 -a--- 27-05-2014 11:25 AM 38 Computers.txt -a--- 02-12-2013 02:03 PM 277 Create-Folder.ps1 -a--- 02-01-2015 12:11 PM 209 Create-Shadow.ps1 -a--- 01-10-2014 02:11 PM 137 Enable-PSRemoting.bat -a--- 01-10-2014 03:12 PM 164 Enable-PSRemoting.ps1 [output cut]
Navigating the File System
If you are already familiar with other command-line shells such as cmd.exe and Linux command-line, you might be tempted to type the familiar commands such as cd, dir, ls, and cat after opening Windows PowerShell. Well, you can use these commands since Windows PowerShell has built-in aliases created for most popular commands. The cd is an alias for the Set-Location cmdlet, the cmdlet that changes the current location to the specified path. The dir and ls are aliases for the Get-Childitem cmdlet, the cmdlet that lists the contents of a directory. The cat is an alias for Get-Content cmdlet the cmdlet that prints the contents of a file.
To navigate within the file system drive, use the Set-Location (cd) and Get-Childitem (dir, ls) cmdlets. In Windows PowerShell, drives are indicated by the drive name followed by a colon (:), such as D:, and parent items are separated from child item by backslashes (\) or forward slashes (/), such as D:\MyScripts.
As in other command-line shells, you can change locations, create, delete, move, and copy directories and files, and change their properties. You can even use tab-completion feature for path names and cmdlet names. The built-in variables such as $home for your home directory, and $pshome for Windows PowerShell installation directory comes handy while using PowerShell. Windows PowerShell uses following cmdlets to work with files and folders.
PS D:\MyScripts> Get-Command -Noun Item CommandType Name ModuleName ----------- ---- ---------- Cmdlet Clear-Item Microsoft.PowerShell.Management Cmdlet Copy-Item Microsoft.PowerShell.Management Cmdlet Get-Item Microsoft.PowerShell.Management Cmdlet Invoke-Item Microsoft.PowerShell.Management Cmdlet Move-Item Microsoft.PowerShell.Management Cmdlet New-Item Microsoft.PowerShell.Management Cmdlet Remove-Item Microsoft.PowerShell.Management Cmdlet Rename-Item Microsoft.PowerShell.Management Cmdlet Set-Item Microsoft.PowerShell.Management
For more details on each cmdlet, see the Help for specific cmdlet.
The below mentioned commands change the current working directory to D:\MyScripts, then list the contents of current working directory.
PS C:\Users\Surender\Documents> PS C:\Users\Surender\Documents> Set-Location D:\MyScripts PS D:\MyScripts> Get-ChildItem Directory: D:\MyScripts Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 19-09-2014 12:05 PM 64 attachScript.txt -a--- 10-09-2014 12:30 PM 53 Close-Outlook.ps1 -a--- 11-09-2014 12:53 PM 83 Close-PRTG.ps1 -a--- 27-05-2014 11:25 AM 38 Computers.txt -a--- 15-09-2015 12:32 PM 67 Get-DiskUsage.ps1 -a--- 28-03-2014 10:48 AM 207 Get-Drives.ps1 -a--- 14-05-2014 12:49 PM 176 Get-FSMORoles.ps1 -a--- 22-05-2014 12:21 PM 809 Get-InstallDate.ps1 -a--- 07-05-2014 04:08 PM 276 Get-OSDetail.ps1 -a--- 15-04-2014 02:27 PM 119 Get-OSInfo.ps1 -a--- 16-10-2014 11:36 AM 179 Get-OSInstallDate.ps1 -a--- 31-03-2015 02:51 PM 1100 Run-SQLBackup.ps1 -a--- 08-10-2014 01:32 PM 447 Set-ACL.ps1 -a--- 13-05-2014 05:31 PM 158 Set-ADPassword.ps1 -a--- 24-09-2014 05:52 PM 75 Set-WinRM.ps1 PS D:\MyScripts> New-Item TestFile.txt -ItemType File Directory: D:\MyScripts Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 16-09-2015 04:38 PM 0 TestFile.txt
The New-Item command is used to create a new file with the name TestFile.txt. To create the directory, you need to use New-Item cmdlet with ‘-ItemType Directory‘ parameter.
To delete the file or directory, use Remove-Item cmdlet as shown below:
PS D:\MyScripts> Remove-Item TestFile.txt -Force
Navigating the Windows Registry
You can navigate through the Windows Registry by using the same techniques that you use to navigate in the file system drive. In Windows PowerShell, the HKEY_LOCAL_MACHINE hive maps to the Windows PowerShell HKLM: drive and the HKEY_CURRENT_USER hive maps to HKCU: drive.
PS D:\MyScripts> sl HKCU: PS HKCU:\> PS HKCU:\> cd .\Software\Microsoft\Windows\CurrentVersion PS HKCU:\Software\Microsoft\Windows\CurrentVersion> gci Hive: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion Name Property ---- -------- AccountPicture ADGivenName : Surender ADSurname : FirstName : Surender LastName : DisplayName : SourceId : d0ebddd0a7ba6701 AccountState Action Center ReNotifyCount : 1 App Paths AppHost Applets ApplicationAssociationToasts jpegfile_.jpg : 0 Microsoft.PhotoManager.imagetype_.jpg : 0 Excel.Sheet.12_.xlsx : 0 Msi.Package_.msi : 0 MSCFile_.msc : 0 Microsoft.PowerShellModule.1_.psm1 : 0 Microsoft.PowerShellScript.1_.ps1 : 0 [output cut]
Notice that I have used sl (alias for Set-Location) to change the working directory to HKEY_CURRENT_USER registry hive. The gci (alias for Get-ChildItem) to list the contents for current working directory.
The entries in a registry key are considered to be properties of the key in which they are located. You can use the Get-ItemProperty cmdlet to retrieve the properties of a Registry Key.
For example, if you want to see the value of the Windows PowerShell execution policy, you can use the Get-ExecutionPolicy cmdlet or navigate to the ExecutionPolicy registry entry that stores the value in HKLM:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell.
PS HKCU:\> Set-Location hklm: PS HKLM:\> PS HKLM:\> cd .\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell PS HKLM:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell> Get-ItemProperty -Path . -name executionpolicy ExecutionPolicy : Unrestricted PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\ShellIds PSChildName : Microsoft.PowerShell PSDrive : HKLM PSProvider : Microsoft.PowerShell.Core\Registry
The New-Item cmdlet is versatile and particularly good for creating files and folders. If you want to create the actual values or leaf items in the Windows registry, then use the cmdlet New-ItemProperty.
Caution: Windows Registry is a critical resource. Therefore registry editing is not recommended if you are a new user. If you want to play with registry items using Windows PowerShell, I would suggest playing around with the values of HKCU: drive, since this will only affect current user profile and not the whole system.
Let’s first navigate to HKEY_CURRENT_USER\SOFTWARE subkey and then create a new subkey with the name TestSoftware. Then we will create a new registry item with the name TestKey and then we will set the value of new registry item.
PS HKLM:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell> sl HKCU:\SOFTWARE PS HKCU:\SOFTWARE> New-Item TestSoftware -ItemType directory Hive: HKEY_CURRENT_USER\SOFTWARE Name Property ---- -------- TestSoftware PS HKCU:\SOFTWARE> New-ItemProperty -Path .\TestSoftware -Name TestKey -PropertyType String -Value "D:\MyScripts" TestKey : D:\MyScripts PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE\TestSoftware PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE PSChildName : TestSoftware PSDrive : HKCU PSProvider : Microsoft.PowerShell.Core\Registry
After running the above commands, you can verify that the key and values are created in Windows Registry.
You can change the registry key values using Set-ItemProperty cmdlet as shown below.
PS HKCU:\SOFTWARE> Set-ItemProperty -Path .\TestSoftware -Name TestKey -Value "C:\Users\surender" PS HKCU:\SOFTWARE> Get-ItemProperty .\TestSoftware TestKey : C:\Users\surender PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE\TestSoftware PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE PSChildName : TestSoftware PSDrive : HKCU PSProvider : Microsoft.PowerShell.Core\Registry
To remove the registry item, use Remove-Item cmdlet. Exercise caution while removing any registry item; you may crash your system if you delete any critical key or value. Fortunately Windows PowerShell gives a -WhatIf parameter with every cmdlet which will tell you what would happen if you run this command without actually running the command. Before deleting files or erasing stuff, I advise you to see what happens with Get-Item before you unleash Remove-Item.
PS HKCU:\SOFTWARE> Remove-Item -Path .\TestSoftware -WhatIf -Force What if: Performing the operation "Remove Key" on target "Item: HKEY_CURRENT_USER\SOFTWARE\TestSoftware". PS HKCU:\SOFTWARE> PS HKCU:\SOFTWARE> Remove-Item -Path .\TestSoftware -Force PS HKCU:\SOFTWARE> Get-ChildItem .\TestSoftware Get-ChildItem : Cannot find path 'HKEY_CURRENT_USER\SOFTWARE\TestSoftware' because it does not exist. At line:1 char:1 + Get-ChildItem .\TestSoftware + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (HKEY_CURRENT_USER\SOFTWARE\TestSoftware:String) [Get-ChildItem], ItemNotFoundExcept ion + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
This is how you can work with Windows Registry. The process is pretty much same as working with file system, files and folders.
Navigating the Certificate Store
You can navigate the digital certificate store on your computer. The certificate store maps to the Windows PowerShell Cert: drive. The following example shows how to use Set-Location (cd) and Get-Childitem (dir, ls) to navigate the Cert: drive.
PS D:\MyScripts> sl cert: PS Cert:\> ls Location : CurrentUser StoreNames : {TrustedPublisher, ClientAuthIssuer, Root, UserDS...} Location : LocalMachine StoreNames : {TrustedPublisher, ClientAuthIssuer, SPC, Root...} PS Cert:\> sl .\\CurrentUser PS Cert:\CurrentUser> ls Name : TrustedPublisher Name : ClientAuthIssuer Name : Root Name : UserDS Name : CA Name : ACRS Name : AuthRoot Name : MSIEHistoryJournal Name : TrustedPeople Name : ADDRESSBOOK Name : My Name : SmartCardRoot Name : Trust Name : Disallowed PS Cert:\CurrentUser> cd .\AuthRoot PS Cert:\CurrentUser\AuthRoot> ls Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\AuthRoot Thumbprint Subject ---------- ------- F18B538D1BE903B6A6F056435B171589CAF36BF2 CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", ... E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt ... DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 CN=GeoTrust Global CA, O=GeoTrust Inc., C=US D69B561148F01C77C54578C10926DF5B856976AD CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 D4DE20D05E66FC53FE1A50882C78DB2852CAE474 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE [output cut] PS Cert:\CurrentUser\AuthRoot> PS Cert:\CurrentUser\AuthRoot> Get-ChildItem F18B538D1BE903B6A6F056435B171589CAF36BF2 | Format-List -Property * PSPath : Microsoft.PowerShell.Security\Certificate::CurrentUser\AuthRoot\F18B538D1BE903B6A6F056435B171589CAF36BF2 PSParentPath : Microsoft.PowerShell.Security\Certificate::CurrentUser\AuthRoot PSChildName : F18B538D1BE903B6A6F056435B171589CAF36BF2 PSDrive : Cert PSProvider : Microsoft.PowerShell.Security\Certificate PSIsContainer : False EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2), Secure Email (1.3.6.1.5.5.7.3.4), Code Signing (1.3.6.1.5.5.7.3.3)...} DnsNameList : {thawte Primary Root CA - G3} SendAsTrustedIssuer : False EnrollmentPolicyEndPoint : [output cut]
You can use the same techniques to navigate in other PowerShell drives such as alias (Alias:), environment provider (Env:), function (Function:), and variable (Variable:) drives
PowerShell Providers
Windows PowerShell providers are Microsoft .NET Framework-based programs that make the data in a specialized data store available in Windows PowerShell so that you can view and manage it.
The data that a provider exposes appears in a drive, and you access the data in a path like you would on a hard disk drive. You can use any of the built-in cmdlets that the provider supports to manage the data in the provider drive. And, you can use custom cmdlets that are designed especially for the data.
The providers can also add dynamic parameters to the built-in cmdlets. These are parameters that are available only when you use the cmdlet with the provider data.
Windows PowerShell includes a set of built-in providers that you can use to access the different types of data stores. You can also create your own Windows PowerShell providers, and you can install providers developed by others. To list the providers that are available in your session, use Get-PSProvider cmdlet:
PS MyDrive:\> Get-PSProvider Name Capabilities Drives ---- ------------ ------ Alias ShouldProcess {Alias} Environment ShouldProcess {Env} FileSystem Filter, ShouldProcess, Credentials {C, D, MyDrive, E} Function ShouldProcess {Function} Registry ShouldProcess, Transactions {HKLM, HKCU} Variable ShouldProcess {Variable} Certificate ShouldProcess {Cert} WSMan Credentials {WSMan}
For getting Help about a particular provider, type the Get-Help cmdlet followed by the name of provider as shown below:
PS MyDrive:\> Get-Help FileSystem