Getting Started with Powershell Scripts

Page 1
November 3, 2010

For those of you who are restricted to using Windows (and thus, unable to use BaSH), Powershell makes for a suprisingly powerfull scripting alternative. Here I have put-together a few beginner-level scripts that make life easier for me.


First thing is first, you need to open a Powershell command window. The easiest way to accomplish this, is to click on your "Start" menu, select "Run" and type "powershell" in the text well. This will send you into the "shell". Here, you can enter various Powershell and DOS-based commands, but you can't create and run your own scripts...yet.


Before you can begin, your local Powershell execution policy needs to be set accordingly. By default, it is set to "restricted", which means that no Powershell scripts (*.ps1 files) will be allowed to execute. This default setting was done so as a means of protecting the average user (who will never write a Powershell script) from malicious scripts that might harm their system. The best one for a programmer or developer to use, is "RemoteSigned". This will allow all locally-created scripts to run unabated, and will require any scripts from a remote source to be digitally-signed with a certificate from a trusted source.


To alter the executionpolicy for your account on your system, enter the following into your Powershell command prompt:

PS E:\powershell> set-executionpolicy <policy_name>


PS E:\powershell> set-executionpolicy remotesigned

    NOTES:
  • In the interest of security, you should never set your executionpolicy to "Bypass" or "Unrestricted". You should always have "RemoteSigned" enabled (at a minimum).
  • For a production, enterprise environment you should use the "AllSigned" policy, and sign your scripts with a certificate (Hanselman 2006).

If you are in an enterprise environment, you may also have to set your Powershell group execution policy. Open the Group Policy Editor and navigate to "Computer Configuration" -> "Administrative Templates" -> "Windows Components" -> "Windows PowerShell" to alter that setting. More information on Powershell execution policies can be found in this Microsoft TechNet article.


Now that we have our execution policy set, let's get down to business. An easy (and still frequently-used) script that I started with is called "isActive.ps1". Essentially, it takes a user ID as a parameter, and tells you whether or not that user is "active" or "locked-out". Now, there are a few ways to go about creating a new Powershell script, including the use of IDE's or GUI's. The simplest way is to just create a new file in your favorite text-editor (please note that I said "text editor" and not "word processor") and enter the following code:

$userName = $args[0]

net user $userName /domain | select-string "account active"

Essentially, the first line captures the first parameter in the argument list and assigns it to the local variable "$userName". The next line does two things. First, it sends the $userName variable into the "net user" command. It then "pipes" the data to the "select-string" command, which returns only the lines containing the text "account active". Run the script in the following way:

PS E:\powershell> .\isActive aploetz

Account active               Yes

PS E:\powershell>

Note that in order to run a Powershell script, the path of that script must be provided (and the .ps1 file extention is optional). Simply typing the name of the script is not enough. In this case, leading the script's name is a dot-backslash (".\"), which specifies to Powershell that the script to be run is in the current directory. Note that for security reasons, *.ps1 files cannot be run by a double-click from a desktop or file explorer. They must be explicitly typed from within a Powershell prompt.


Page: 1 2 <Next Page>
Copyright © Aaron Ploetz 2010 -
All corporate trademarks are property of their respective owners, and are shown here for reference only.