The Basics of Managing a Windows 10 System with PowerShell
PowerShell isn’t just a command-line tool for system administrators. Even savvy Windows 10 users can take advantage of the capabilities built-in. There are many cmdlets that expose advanced functionality built within Windows or just make performing GUI based operations even simpler.
In this article, we are going to group these commands into two buckets, gathering information and performing operations.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
To use PowerShell, simply type Start→Run→”powershell” in the run dialog box. The version that will launch, by default, will be PowerShell 5.1, which is the last built-in version of PowerShell. Running the latest version, with its many performance enhancements and features, is recommended. You will want to navigate to the PowerShell development page, click on the Windows (x64) .msi under Downloads (Stable) and install the package.
At this point, you can type Start→Run→”pwsh” in the run dialog box, and you will be running the latest version of PowerShell, 7.0.3 at the time of this writing.
PowerShell has a number of great commands for gathering information on a system. The ones listed below are some of them. In case you want to go further into the Windows operating system, reading through the help for PowerShell should point you in the right direction.
Built-in to Windows is a function that allows you to easily pull specific system information all at once. As you can see from the screenshot below,
Get-ComputerInfo shows information related to system information, user information, and the Windows installation itself.
Of course, things can and will go wrong on your Windows 10 system. Most of these failures are recorded in the Application and System event logs. Although you can parse and filter those logs in the GUI, sometimes it is much easier to just pull those from the command line.
Get-EventLog will easily show those details for you, and you can even filter by the
-Newest number of entries, or the type of record, such as
Get-EventLog -LogName Application -Newest 5 -EntryType Error
If you find that
Get-EventLogis not available, you may be running PowerShell 7 (Core), as recommended. If this is the case, you simply need to install the
WindowsCompatibilitymodule and import the
[Microsoft.PowerShell.Management](<http://microsoft.PowerShell.Management>)Windows PowerShell module.
Install-Module WindowsCompatibility Import-WinModule Microsoft.PowerShell.Management
One of the big enhancements to Windows 10 was the new packaging model that was created for Windows Store packages, known as AppX. If you use the Windows Store GUI, it’s possible to manage these applications, but it is often far quicker to do so on the command line.
In the example below, we are filtering out Microsoft applications, as there are many, and also returning only the Name and Version properties to make the output easier to read.
Get-AppXPackage | Where-Object Publisher -NotMatch "Microsoft" | Select-Object Name, Version
To see all of the AppX packages, simply remove the
Where-Object command in the pipeline and you will see all Microsoft Packages as well.
When your system starts to runs slowly, many folks will reach to see what is in the Task Manager. This is useful, especially to see a constantly updated graph of usage. But if you need to see more in depth information on a given process, then the
Get-Process command will show much more than can be seen in the Task Manager.
As you can see, running
Get-Process by itself will show a similar view to task manager, but by telling it to retrieve all properties of a single process, you can discover much more. As seen in the image below, you can see the process path, it’s version, when it was started, and much more that isn’t shown in the screenshot below.
Every time you login to Windows you are using a user that is contained within a group or groups. Sometimes these are local users, those that are not in a domain (if you are in a corporate environment), or Microsoft Accounts. In the example below, we are selecting specific properties, one of which is
PrincipalSource and is very useful to enumerate what type of account you are looking at, such as a Microsoft Account.
Get-LocalUser | Select-Object Name, FullName, Enabled, PrincipalSource, Description | Format-Table -AutoSize
Finally, we will look at
Get-MpComputerStatus for when you need to see if the Windows Defender antivirus is functioning properly, and to make sure that all relevant scans have been running as intended.
As useful as gathering information is, sometimes you do need to take action to perform an operation based on what you have learned.
Restart-Computer will tell the system to start a restart process. You can use the
-Force command to not wait for any processes and force an immediate system restart.
Like using the Start→Run dialog, you can similarly start processes using the
Start-Process cmdlet. This could be applications such as Notepad, Calculator, or even the modern control panel, as seen below. In the example, the following command will directly open the Display dialog.
Previously, we explored listing out AppX Packages that were installed on the system. What if we want to simply remove one of those packages? First we would find the package, using the same
Get-AppXPackage command and then “pipe” the results to the
Remove-AppXPackage command. As you can see in the example below, we are removing the
Microsoft.ZuneMusic package, as it’s not needed.
Get-AppxPackage Microsoft.ZuneMusic | Remove-AppxPackage
Finally, it’s important to make sure that your antivirus is kept up to date. To make sure the latest signatures are installed for Windows Defender, you can run the
Update-MpSignature cmdlet to force the signatures to update to the latest version.
As you can see there are many different ways that PowerShell can be used to gather information, perform operations, and manage your system. This article only scratches the surface of the different ways that PowerShell can enhance how you use your Windows 10 system!