5 PowerShell Get Commands You Should Know About

In previous posts we listed few commands used for automating repetitive tasks and managing Windows operating systems. One of the most commonly used PowerShell commands is the “Get” command. The Get command is used to retrieve information about various system resources, such as processes, files, registry keys, and much more. In this blog post, we will discuss five essential PowerShell Get commands that every system administrator should know.

Get-Process

The Get-Process command is used to retrieve information about running processes on a Windows machine. This command can be used to display information such as the process name, ID, CPU usage, memory usage, and much more. For example, to display a list of all running processes, you can simply run the following command: Get-Process. You can also filter the results by using various parameters such as the process name, ID, or CPU usage.

Get-Process
 NPM(K)    PM(M)      WS(M)     CPU(s)      Id  SI ProcessName
 ------    -----      -----     ------      --  -- -----------
      8     1.87       8.20       0.00    8652   0 AggregatorHost
     11     1.68       8.04       0.41   11112   1 ApMsgFwd
      8     1.13       6.45       0.12   10616   1 ApntEx
     17     3.34      17.28       1.09    9516   1 Apoint
     22    10.07      31.59       0.08    2788   1 ApplicationFrameHost
      6     0.78       4.73       0.03   11200   1 ApRemote
      9     1.65       7.08       0.00    5928   0 armsvc
     13     1.91       8.66       0.05   16044   1 BMDStreamingServer
     18     5.63      20.55       1.66   16348   1 CDSBupd
      5     2.09       4.27       0.00   16144   1 cmd
     29    29.86      43.94       0.00    7360   0 com.docker.service
     10     5.58      12.95       0.00    9016   0 conhost
     10     5.57      12.94       0.00    9492   0 conhost
     10     5.62      12.20       0.05   11344   1 conhost
     10     5.58      12.95       0.00   11452   0 conhost
     10     5.57      12.93       0.00   13132   0 conhost
     10     5.68      12.19       0.00   16152   1 conhost
     25     2.85       5.75       0.00     724   1 csrss
     32     2.14       5.28       0.00     948   0 csrss
     17     3.73      17.78       4.33   11460   1 ctfmon

Get-ChildItem

The Get-ChildItem command is used to retrieve information about files and directories on a Windows machine. This command can be used to display information such as the file name, size, creation date, and much more. For example, to display a list of all files in a directory, you can simply run the following command: Get-ChildItem C:\temp\*.*. You can also filter the results by using various parameters such as the file extension, creation date, or size.

Get-ChildItem
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d----            9/3/2022  7:29 PM                .aws
d----            9/3/2022  7:29 PM                .azure
d----           7/29/2019 11:15 AM                .cache
d----            5/5/2021  9:48 AM                .cisco

Get-Service

The Get-Service command is used to retrieve information about Windows services on a Windows machine. This command can be used to display information such as the service name, status, display name, and much more. For example, to display a list of all running services, you can simply run the following command: Get-Service | Where-Object {$_.Status -eq "Running"}. You can also filter the results by using various parameters such as the service name, status, or display name.

Get-Service | ogv
List of services in out-grid view

Get-EventLog

The Get-EventLog command is used to retrieve information about events in the Windows event log. This command can be used to display information such as the event ID, source, message, and much more. For example, to display a list of all events in the system event log, you can simply run the following command: Get-EventLog -LogName System. You can also filter the results by using various parameters such as the event ID, source, or message.

Get-EventLog -List
 Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20,480      0 OverwriteAsNeeded      19,449 Application

  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 IntelAudioServiceLog
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
  20,480      0 OverwriteAsNeeded      31,735 System
  15,360      0 OverwriteAsNeeded         409 Windows PowerShell
Get-EventLog -LogName System -Newest 5
 Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
   31736 Feb 24 08:22  Error       Schannel                    36881 The certificate received from the remote server h…
   31735 Feb 24 08:17  Information Service Control Man…   1073748864 The start type of the Background Intelligent Tran…

Get-LocalUser

The Get-LocalUser command is used to retrieve information about local users on a Windows machine. This command can be used to display information such as the user name, full name, description, and much more. For example, to display a list of all local users, you can simply run the following command: Get-LocalUser. You can also filter the results by using various parameters such as the username or full name.

Get-LocalUser 

List all local usernames those are enabled

Get-LocalUser -Name * | Where-Object Enabled

Conclusion

In conclusion, PowerShell provides a powerful set of commands for managing Windows operating systems. The “Get” commands are particularly useful for retrieving information about various system resources. In this blog post, we discussed five essential PowerShell Get commands that every system administrator should know. By mastering these commands, you can efficiently manage and automate various system administration tasks.

Additional resource for further reading is available on Microsoft learning portal here

Thank you for reading!