File Search Related Operations
Microsoft help on items in this section.
- Get-ChildItem (alias – ls, gci)
- Select-String (alias – sls)
- Microsoft Regex – Used for Select-String operations.
# Display contents of current folder PS> ls # Find all library folders. (-r = recurse into child folders, -dir = directories only) PS> ls *lib -r -dir # Display contents of different folder. PS> ls -path c:\temp # Display files matching file name criteria. PS> ls *.txt # Display files matching file name criteria in different folder. PS> ls *.txt -path c:\temp # Display files matching file name criteria in this and child folders. PS> ls *.txt -r # Display file lines with file contents matching criteria. PS> ls *.config -rec | sls "nuget" PS> ls * | sls "[hy]ou" # Find "you", "should", etc. # Display file names/lines matching text criteria. PS> ls * | sls "hou" # Can include duplicate lines from same file. PS> ls * | sls "hou" -list # Only display first matching line from file (no duplicate filenames) PS> ls * | sls "hou" -list | ft path # Just display unique filenames
Find Processes
Get-Process (alias gps) allows you to get all running processes on your machine. It can also be used to create a filtered list.
Find all processes with name that matches “mmc”. We are looking for an exact match so don’t need double quotes. All of the following commands will find the “mmc” process. Those filters with an asterisk may find additional matches. “Id” is the process ID you can use with the kill command to terminate the thread.
> gps mmc
> gps mm*
> gps *mc
Example console output:
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
831 50 80500 22008 255.28 1824 1 mmc
654 45 37632 12052 2.50 42736 1 mmc
Get all the gps information available on the items found by using a Format-List view.
> gps mmc | fl *
Example console output (Only interesting rows displayed below. All others omitted.)
Name : mmc
Id : 1824
PriorityClass : Normal
FileVersion : 10.0.19041.1 (WinBuild.160101.0800)
Path : C:\Windows\system32\mmc.exe
MainWindowTitle : Event Viewer
MainModule : System.Diagnostics.ProcessModule (mmc.exe)
ProcessName : mmc
Responding : True
StartTime : 2/26/2024 10:51:17 AM
Threads : {15640, 17324, 26116, 31184...}
UserProcessorTime : 00:01:42.1250000
Name : mmc
Id : 42736
...
Have multiple mmc based applications running but one is locked up? If you want to make sure you kill the correct one, display just the id and window title as results. Make the output prettier with Format-Table command.
> gps mmc | ft Name, Id, MainWindowTitle Name Id MainWindowTitle ---- -- --------------- mmc 26224 Event Viewer mmc 26448 OLEChannelWnd mmc 37456 SoftPro Select Services
Start/Stop Services
This set of commands will provide control over services.
RDShell C:\Users\brichards\Downloads>get-service spssvr Status Name DisplayName ------ ---- ----------- Running spssvr SoftPro Select Server RDShell C:\Users\brichards\Downloads>stop-service spssvr (Alias - spsv) RDShell C:\Users\brichards\Downloads>spsv spssvr RDShell C:\Users\brichards\Downloads>start-service spssvr (Alias - sasv) WARNING: Waiting for service 'SoftPro Select Server (spssvr)' to start...
Unblock Files
If you have downloaded a file from an untrusted location, the file is blocked by Windows to protect the system from malicious activity. You can unblock a file easily.
> Unblock-File .\PowerShellTips.chm
If you want to unblock an entire folder, try this.
> ls "Lib" -Recurse | Unblock-File