In the previous tip, we created cheat sheets for PowerShell commands, and as a reminder, this line would create a sheet for network commands (provided you have access to the NetAdapter module that was browsed in this example):

 
PS> Get-Command -Module NetAdapter | Get-Help | Select-Object -Property Name, Synopsis

Name                                            Synopsis                       
----                   …

Here is a clever trick to create cheat sheets for your favorite PowerShell commands.

Any PowerShell command ships via a module, so if you have a PowerShell command that is useful to you, you might want to list all the other (and possibly related) commands that ship in the same module. This line shows how to find the module name for any given command, and lists the module name that ships the Get-WmiObject cmdlet:

 
PS…

In Windows 10, PowerShell can be launched via WIN+X (or by right-clicking the start menu icon). If your Windows 10 offers to open the outdated cmd.exe instead, it’s time for a quick settings change.

Click the start menu icon (or press WIN). In the start menu, click the “gear” icon to open Windows Settings. You now see a window full of symbols called “Windows Settings”, and a text box on top labelled “Find a setting…

If you’d need to find out whether a given Active Directory user exists, and provided you have installed the ActiveDirectory PowerShell module which is part of RSAT (Remote Server Administration Toolkit), here is a clever way:

function Test-UserExists
{
    param
    (
        [Parameter(Mandatory)]
        [string]
        $SAMAccountName 
    )
 
    @(Get-ADUser -LDAPFilter "(samaccountname=$SAMAccountName)"…

Typically, WMI objects contain properties with valuable information. This line would retrieve all information about all running Notepad instances (make sure you launch Notepad before running this):

Get-WmiObject -Class Win32_Process -Filter 'Name LIKE "%notepad%"'

Likewise, this would use Get-CimInstance to get the same information:

Get-CimInstance -Class Win32_Process -Filter 'Name LIKE "%notepad…

In the previous tip we explained why Get-CimInstance may have advantages over the older Get-WmiObject cmdlet.

Now here is another example that illustrates just why Get-CimInstance may be much faster than Get-WmiObject.

When you need to query multiple WMI classes from a remote machine, for example because you are building an inventory report, Get-WmiObject needs to connect and disconnect each time you run the cmdlet. Get…

There are two cmdlets you can use to retrieve WMI data: the older Get-WmiObject cmdlet, and the more modern Get-CimInstance cmdlet. When used locally, they both behave very similarly. When used remotely, however, the differences can be drastic.

Here are two example calls that both retrieve information about file shares from a remote system (make sure you adjust the computer name):

Get-WmiObject -Class Win32_Share -Co…

WMI is an awesome information source for admins. All you need is the name of a WMI class that represents something you find interesting. The easiest way to find a valid WMI class name is to search for it.

This returns all classes with “Share” in their name:

Get-WmiObject -Class *share* -List

Next, use Get-WmiObject to retrieve all instances of a class:

Get-WmiObject -Class win32_share 

Don’t forget to pipe…

When you want to inspect individual objects and their properties, piping an object to Out-GridView is of limited use: the grid view window will display a single (very long) line with the properties. Try this and see for yourself:

 
PS> Get-Process -Id $pid | Select-Object -Property * | Out-GridView  
 

We have used the below function before to sort out all properties that have no value. But the function can do more…

In the previous tip we introduced a new function called Remove-EmptyProperty that removes properties that have no value. Let’s expand it a bit so that object properties are alphabetically sorted:

# Only list output fields with content

function Remove-EmptyProperty  {
    param (
        [Parameter(Mandatory,ValueFromPipeline)]
            $InputObject,
            
            [Switch]
            $AsHashTable

Objects are filled with rich information, yet objects may contain empty properties. This is especially true for objects retrieved from Active Directory.

Here is a useful function called Remove-EmptyProperty which accepts arbitrary objects and removes all empty properties:

# Only list output fields with content

function Remove-EmptyProperty  {
    param (
        [Parameter(Mandatory,ValueFromPipeline)]
            $…

There are many ways how cmdlets can get remote information from another computer. Here are just a few:

# try and connect to this computer
# (adjust it to a valid name in your network)
$destinationServer = "SERVER12"

# PowerShell remoting
$result1 = Invoke-Command { Get-Service } -ComputerName $destinationServer

# built-in
$result2 = Get-Service -ComputerName $destinationServer
$result3 = Get-Process -Comp…

In the previous tip we created a function called ConvertFrom-ErrorRecord that makes it easy to retrieve all relevant error information from PowerShell’s ErrorRecord objects.

You can use this function inside catch clauses as well. Just be sure you ran the function below:

function ConvertFrom-ErrorRecord
{
  [CmdletBinding(DefaultParameterSetName="ErrorRecord")]
  param
  (
    [Management.Automation.ErrorRecord]…

Whenever PowerShell raises an error, an error record is written to $error which is an array storing the last errors that occurred.

You can try and manually extract relevant error information from ErrorRecord objects, or you can use the function below:

function ConvertFrom-ErrorRecord
{
  [CmdletBinding(DefaultParameterSetName="ErrorRecord")]
  param
  (
    [Management.Automation.ErrorRecord]
    [Parameter(Mandatory

In the previous tip we illustrated how to download files from the internet using Invoke-WebRequest. However, this works for HTTP addresses only. Once you start using HTTPS addresses, it fails:

$url = "https://github.com/PowerShellConferenceEU/2018/raw/master/Agenda_psconfeu_2018.pdf"
$destination = "$home\agenda.pdf"

Invoke-WebRequest -Uri $url -OutFile $destination -UseBasicParsing
Invoke-Item -…

In this part of this mini-series, we are showing you how Invoke-WebRequest can download files from the internet for you. Simply use the parameter -OutFile. This code downloads a PowerShell icon as PNG image onto your desktop:

$url = "http://www.dotnet-lexikon.de/grafik/Lexikon/Windowspowershell.png"
$destination = "$home\powershell.png"

Invoke-WebRequest -Uri $url -OutFile $destination -UseBasicP…

In the previous tip we explained how you can retrieve XML data from webpages using either Invoke-WebRequest or Invoke-RestMethod. For XML data, there is also another approach which uses the built-in methods found in the XML object itself.

This was the approach with Invoke-RestMethod:

$url = 'http://www.ecb.europa.eu/stats/eurofxref/eurofxref-daily.xml'
(Invoke-RestMethod -Uri $url -UseBasicParsing).Envelope.C…

In the previous tip we illustrated how Invoke-WebRequest can be used to download JSON or XML data from a web page. This example downloads the psconf.eu agenda in JSON format:

$page = Invoke-WebRequest -Uri powershell.beer -UseBasicParsing 
$($page.Content | ConvertFrom-Json) | Out-GridView

And this example downloads currency exchange rates in XML format:

$url = 'http://www.ecb.europa.eu/stats/eurofxref/eurofxref…

In the previous tip we explained how you can use Invoke-WebRequest to download data from webpages, and for example retrieve excuses from a webpage that serves random excuses. However, when you try this, you might get back always the same excuse (or data).

$url = 'http://pages.cs.wisc.edu/~ballard/bofh/bofhserver.pl'
$page = Invoke-WebRequest -Uri $url -UseBasicParsing
$content = $page.Content

$pattern = '…

In previous tips, we showed how to use Invoke-WebRequest to download data from webpages, and process data delivered in JSON or XML format. Most webpages contain plain HTML data, however. You can use regular expressions to pick information from plain HTML.

This is how you get to webpage content:

$url = 'http://pages.cs.wisc.edu/~ballard/bofh/bofhserver.pl'
$page = Invoke-WebRequest -Uri $url -UseBasicParsing
$…

Invoke-WebRequest can download any type of information, and it is up to you to convert it into the format of choice. In the previous tip, we illustrated how to deal with JSON data. Now let’s take a look at webpages that deliver XML data:

This example retrieves current currency exchange rates from the European Central Bank:

$url = 'http://www.ecb.europa.eu/stats/eurofxref/eurofxref-daily.xml'
$result = Invoke…

PowerShell comes with two powerful cmdlets that you can use to retrieve information from the internet. Today, we focus on Invoke-WebRequest.

This cmdlet serves as a simple web client. Pass it a URL, and it downloads the webpage for you. These simple lines download the psconf.eu agenda for you:

$page = Invoke-WebRequest -Uri powershell.beer -UseBasicParsing 
$page.Content

Since it is in JSON format, pipe it to ConvertFrom…

In the previous tip we covered klist.exe and how it can be used to purge all Kerberos tickets for the current user so that new permissions will take effect immediately.

While PowerShell can run external apps like klist.exe just fine, things become even more useful when you combine this with other PowerShell commands. This code gets you all logon sessions that do not use NTLM (i.e. Kerberos sessions):

Get-WmiObject -C…

No need to reboot a system just to apply new permission settings. Instead, purge your Kerberos tickets so that you will get a new ticket based on the current permissions.

In PowerShell, use this command to purge all cached Kerberos tickets:

 
PS> klist purge

Current LogonId is 0:0x2af9a
	Deleting all tickets:
	Ticket(s) purged!

PS>  
 

ReTweet this Tip!

Here are a couple of ways to convert decimal to hexadecimal notation:

$value = 255

[Convert]::ToString($value, 16)
'{0:x}' -f $value
'{0:X}' -f $value
'{0:x10}' -f $value
'{0:X10}' -f $value

ReTweet this Tip!