1. PowerShell
- Command-line shell and scripting language built into Windows
- Unlike the traditional cmd, PowerShell can:
1) work with objects instead of just text
2) interact directly with the Windows API and registry
3) execute powerful scripts and modules
2. PowerShell Syntax
- PowerShell commands are called cmdlets
- They always follow the Verb-Noun format
Get-Process # Lists running processes
Get-Service # Shows active services
Get-Command # Displays all available PowerShell commands
Get-Help Get-Service -Full # Shows detailed documentation
3. PowerShell Execution Policies
- PowerShell scripts (.ps1 files) don't run by default due to security policies
- Check the current execution policy:
Get-ExecutionPolicy
- Possible output:
Restricted # Scripts are not allowed to run (default)
RemoteSigned # Only scripts from the internet need to be signed
Unrestricted # All scripts can run without restrictions (dangerous)
- Change execution policy to allow script execution:
Set-ExecutionPolicy Unrestricted -Scope CurrentUser
4. Running PowerShell Scripts
- execute a script in the current directory:
.\script.ps1
- run a script from an absolute path:
C:\Users\YourUser\Desktop\script.ps1
- if the execution policy blocks it, use:
powershell -ExecutionPolicy Bypass -File script.ps1
5. Working with Processes
- List running processes:
Get-Process
- Stop a process:
Stop-Process -Name chrome -Force
- Start a new process:
Start-Process notepad
6. Working with Services
- List all services:
Get-Service
- Check if a specific service is running:
Get-Service -Name Spooler
- Stop a service:
Stop-Service -Name Spooler -Force
- Start a service:
Start-Service -Name Spooler
7. File System Commands
- Navigate directories: (same as cd in Linux)
Set-Location C:\Users
- List files and folder:
Get-ChildItem
- Create a new file:
New-Item -Path "C:\Users\YourUser\Desktop\test.txt" -ItemType File
- Delete a file:
Remove-Item C:\Users\YourUser\Desktop\test.txt
