1. Running PowerShell Scripts
Unlike normal command prompt commands, PowerShell
doesn’t look in the current path to run commands. In other, words, you
have to include a prefix when running a PowerShell script. The
following table shows the different prefixes.
| Running PowerShell Script Named test.ps1 in c:\scripts Folder | Comments |
|---|
Include the full path.
PS C:\> c:\scripts\
test.ps1
| You can run the script by including the full path. |
Use the dot backslash ( .\) prefix.
.\ scriptname .ps1
PS C:\scripts>
.\test.ps1
| If the file is in the current path, you can use the .\ prefix and PowerShell script name.
Note
There are no spaces between the dot, the back slash, or the script name.
|
Use the dot (.) prefix and the path.
. path\scriptname.ps1
PS C:\scripts>
. c:\scripts\test.ps1
| Note
When including the path, you must include a space after the dot.
|
Run from the command prompt.
C:\>powershell c:\
scripts\test.ps1
| You can run PowerShell scripts from the command prompt.
Tip
You can also access PowerShell interactively from the command prompt by just typing PowerShell and pressing Enter. You then have the PowerShell prompt and can enter any PowerShell commands from here.
|
Run from the Start text box.
powershell c:\scripts\
test.ps1
powershell -noexit c:\
scripts\test.ps1
| The -noexit switch leaves the PowerShell command prompt open so that you can see the results of the script, but it is not required. |
2. Logging Processes with a get-process Script
You can create a PowerShell script from any
PowerShell command or group of commands. Just as a batch file is one or
more command-line commands, a PowerShell script is one or more
PowerShell lines.
You can use the script shown in step 3 of the
following table to capture all of the running processes at any given
time. For example, if you suspect a rogue process is running at random
times causing problems, you can schedule this script to run once an
hour for a week to log running processes. At the end of the week, you
can analyze the file.
| Steps | Action |
|---|
| 1. | Launch PowerShell. |
| 2. | At the PowerShell Prompt, type notepad getproc.ps1 and press Enter. When prompted to create the file, click Yes. |
| 3. | Add the following four lines into the Notepad window:
$dt = "Current date and time is: "
$dt = $dt + (get-date).tostring('MMM-dd-yyyy hh:mm')
$dt | out-file c:\data\runningprocesses.txt -append
get-process | out-file c:\data\runningprocesses.txt -append
Note
If the c:\data folder doesn’t exist, either create it or change the path in lines 3 and 4 to a folder that does exist.
|
| 4. | Press Ctrl+S to save the file and close Notepad. |
| 5. | At the PowerShell prompt, type .\getproc.ps1 and press Enter. This runs the script.
Tip
Ensure there is no space between the dot and the backslash.
|
| 6. | In Notepad, type c:\data\runningprocesses.txt and press Enter. |
Tip
You can also use this script to identify a process
with a memory leak. The script records the amount of memory the process
uses, and if a memory leak exists, the memory usage steadily increases.
The following table explains the lines in this script.
| Script Lines | Comments |
|---|
$dt = "Current date
and time is: "
| The script starts by creating a variable ($dt) that is used to record the current date and time in the file. |
$dt = $dt + (get-
date).tostring
('MMM-dd-yyyy
hh:mm')
| The get-date
cmdlet is used with dot notation to get the actual day and time and
convert it to a string. The plus (+) character concatenates (or
appends) the data.
Note
The MMM for Month must be in uppercase, and the mm for minutes must be in lowercase.
You could also use a single line as
$dt = "Current date and time is: " + (get-
date).tostring('MMM-dd-yyyy hh:mm')
|
$dt | out-file
c:\data\
runningprocesses.txt
-append
| This line writes the current date and time to the file using the out-file cmdlet and the variable created in the previous step. The value of the string is something like
Current date and time is: Oct-17-2010_09:02
The -append switch ensures the data is added to the file and it doesn’t overwrite the file. |
get-process | out-
file c:\data\
runningprocesses.txt
-append
| Get a list of all current running processes and output them to the same file using the append switch.
Of course, you can get fancier with the get-process command. For example, if you wanted to record only the top 10 processes based on memory usage, you could use this command:get-process | sort-object -property ws -descending | select-object -first 10 | out-file c:\data\runningprocesses.txt -append |
Tip
You can use the same script to record the activity
of a specific process. For example, if you wanted to see the activity
of the lsass process only, you can modify the last line so that it
looks like this:Get-Process | Where-Object { $_.processname -eq “lsass” } | out-file c:\data\runningprocesses.txt -append.
