Using Windows PowerShell

Article
07/23/2014

Applies to: Forefront Protection 2010 for SharePoint

Windows PowerShell is the Windows command line shell designed especially for system administrators. The shell includes an interactive prompt and a scripting environment that can be used independently or in combination. Windows PowerShell is built on top of the .NET common language runtime (CLR) and the .NET Framework, and it accepts and returns .NET objects.

Windows PowerShell is a command-line shell and task-based scripting technology that provides information technology (IT) administrators with comprehensive control and enables the automation of system administration tasks, increasing administrator productivity. Windows PowerShell includes numerous system administration utilities, consistent syntax and naming conventions, and improved navigation of common management data such as the registry, certificate store, or Windows Management Instrumentation (WMI). Windows PowerShell also includes an intuitive scripting language specifically designed for IT administration.

This section provides an introduction to the following elements of Windows PowerShell: the language, the commands (called “cmdlets”), the providers, and the use of objects.

For more detailed information about Windows PowerShell, see the Microsoft Windows PowerShell site.

Windows PowerShell is a different kind of shell because of the following:

Windows PowerShell does not process text. Instead, it processes objects based on the .NET platform.
Windows PowerShell comes with a large set of built-in commands with a consistent interface.
All shell commands use the same command parser, instead of different parsers for each tool. This makes it much easier to learn how to use each command.
You do not have to give up the tools that you are accustomed to using. You can still use the traditional Windows tools, such as .NET and Reg.exe in Windows PowerShell.

Windows PowerShell is meant to work across a broad range of Microsoft products, including Microsoft Forefront Protection 2010 for SharePoint (FPSP).

Windows PowerShell is a tool that you can use alongside the graphical user interface and any VBScript scripts you have created. Windows PowerShell is a complement to VBScript and other management technologies. You can use Windows PowerShell instead of the Forefront Protection 2010 for SharePoint Administrator Console, but you will probably find it most useful for specialized repetitive tasks.

Windows PowerShell supports a complete interactive environment. When you type a command at the prompt, the command is processed, and the output is displayed in the shell window. You can send the output of a command to a file or printer, or you can use the pipeline operator (|) in order to send the output to another command.

About cmdlets

Windows PowerShell introduces the concept of a cmdlet (pronounced "command-let"), a simple, single-function command-line tool built into the shell. You can use each cmdlet separately, but their power is realized when you use these simple tools in combination to perform complex tasks. Windows PowerShell includes more than one hundred basic core cmdlets. There are approximately 65 cmdlets for FPSP. A cmdlet is a single-feature command that manipulates objects in Windows PowerShell. You can recognize cmdlets by their name format, which is a verb and noun separated by a dash (-), such as Get-Help, Set-FsspSignatureUpdate, and Set-FsspRealtimeScan.

Note

Although capitalization is used to make the cmdlet names more readable, Windows PowerShell is not case-sensitive.

In Windows PowerShell, most cmdlets are simple. For example, the "get" cmdlets only retrieve data, and the "set" cmdlets only establish or change data.

About objects

Although you might not realize it at first, when you work in Windows PowerShell, you are working with .NET objects. As you gain experience, the power of object processing becomes more evident, and you will find yourself using the objects and even thinking in terms of objects.

Technically, a .NET object is an instance of a .NET class that consists of data and the operations associated with that data. However, you can think of an object as a data entity that has properties (like characteristics and methods), which are actions that you can perform on the object.

For example, when you get a service in Windows PowerShell, you are really getting an object that represents the service. When you view information about a service, you are viewing the properties of its service object. When you start a service, you are using a method of the service object.

All objects of the same type have the same properties and methods, but each instance of an object can have different values for the properties. For example, every service object has a name and status property. However, each service can have a different name and a different status.

You can use the pipeline operator (|) to send the results of one cmdlet (indicated on the left of the operator) to another (specified on the right of the operator). To find out what type of object a cmdlet is getting, use the Get-Member cmdlet, which gets information about objects or collections of objects. Use the pipeline operator to send the results of a Get command to Get-Member. For example, the following command sends the objects retrieved by a Get-Service command to Get-Member.

Get-Service | Get-Member

This returns information about the service object, such as the following:

     TypeName: System.ServiceProcess.ServiceController

Name                      MemberType    Definition
----                       ----------   ----------
Name                      AliasProperty Name = ServiceName
add_Disposed              Method        System.Void add_Disposed(EventHandler value)
Close                     Method        System.Void Close()
Continue                  Method        System.Void Continue()
...

To find the values of all the properties of a particular object, use the pipeline operator (|) to send the results of a Get command to a Format-List or Format-Table command. (The Format cmdlets are used to make output more readable. For more information, see Formatting output.) Use the -property parameter of the format cmdlet with a value of all (*). For example, to find all the properties of the Schedule service on the system, type the following:

get-service schedule | format-list -property *

This returns information about the properties in a list format, such as:

Name                : Schedule
CanPauseAndContinue : True
CanShutdown         : True
CanStop             : True
DisplayName         : Task Scheduler
DependentServices   : {}
MachineName         : .
ServiceName         : Schedule
ServicesDependedOn  : {RpcSs}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32ShareProcess
Site                :
Container           :

One major advantage of using objects is that it makes it easier to pass the output of one command to another command as input, also known as piping.

While communication often requires string manipulation to convert output from one format into another and to remove titles and column headings, Windows PowerShell provides a new interactive model that is based on objects, rather than text. This means that the cmdlet that receives an object can act directly on its properties and methods without any conversion or manipulation. You can refer to the properties and methods of the object by name, rather than by calculating the position of the data in the output.

In the following example, the result of an ipconfig command is passed to a Findstr command. The pipeline operator (|) sends the result of the command on its left to the command on its right. You do not need to manipulate strings or calculate data offsets.

PS> ipconfig | findstr "Address"
        IP Address. . . . . . . . . . . . : 172.28.21.5
        IP Address. . . . . . . . . . . . : 172.30.160.225

About scripting

If you run particular commands or command sequences repeatedly, or if you develop a series of commands to perform a complex task, you will want to save your commands in a file with a .ps1 extension and execute that file (called a “script”), instead of typing commands at the prompt.

In addition to its interactive interface, Windows PowerShell fully supports scripting. To run a script, type the name of the script at the command prompt. Specifying the .ps1 extension is optional.

For example, the following are equivalent:

        c:\test\testscript.ps1
        c:\test\testscript

Note

You must specify the fully qualified path to the script file, even if the script is in the current folder. To indicate the current folder, type the folder name or use a period (.) to represent the current folder. For example:

        .\testscript.ps1

Important

Although scripts are extremely useful, even essential, they can be used to spread malicious code. As a result, the security policy in Windows PowerShell lets you determine whether scripts can run and whether they must include a digital signature. To eliminate an obvious risk, none of the security policies in Windows PowerShell allow you to run a script by double-clicking its icon. For more information, type:

        Get-help about_signing

Windows PowerShell also includes a rich scripting language that enables you to create scripts, from the simplest to the very complex. It supports language constructs for looping, conditions, flow-control, and variable assignment.

Starting Windows PowerShell

To start Windows PowerShell from the Start menu

Do one of the following:
- If FPSP is not installed, click Start, point to All Programs, point to Windows PowerShell 1.0, and then click Windows PowerShell.
- If FPSP is installed, click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.

To start Windows PowerShell from a command prompt (cmd.exe) window

At a command prompt, type powershell, and then press ENTER.

To view the parameters that you can use when starting Windows PowerShell

At a command prompt, type Powershell -?, and then press ENTER.

Since the Windows PowerShell console acts very much like a command prompt console, you can run all your command-line executables from within the Windows PowerShell console (for example: ipconfig); you can even run VBScript scripts and batch files from within the Windows PowerShell console. As with any console, just type in your command and press ENTER.

Getting help

In the Windows PowerShell window, you can use the Get-Help cmdlet to find help.

To use the Get-Help cmdlet

To use the Get-Help cmdlet, at a Windows PowerShell command prompt, type gethelp, and then press ENTER.

To view a list of all Windows PowerShell concepts

To view a list of all Windows PowerShell concepts, type get-help about_*, and then press ENTER.

To get help about a concept

To get help about a concept, type its name after the “about_”. For example, type get-help about_wildcard, and then press ENTER.

To view all the cmdlets available to you

To view all the cmdlets available to you, type get-command, and then press ENTER.

Note

The Get-Command cmdlet also retrieves commands and command elements other than cmdlets, including aliases, functions, and executable files that are available in Windows PowerShell.

To get help for a particular cmdlet

Each cmdlet has a help file that you can access from the Windows PowerShell window. To get help for a particular cmdlet, type get-help cmdlet-name, and then press ENTER.

For example, to see help for Set-FsspSignatureUpdate, type

get-help Set-FsspSignatureUpdate

To get detailed help for a particular cmdlet

Detailed help is available for each cmdlet, including an explanation of each of the parameters and one or more examples. To get detailed help for a particular cmdlet, type get-help cmdlet-name -detailed, and then press ENTER.

For example, to see detailed help for Set-FsspSignatureUpdate, type

get-help Set-FsspSignatureUpdate

To view only the examples for a particular cmdlet

To view only the examples for a particular cmdlet, type get-help cmdlet-name -examples, and then press ENTER.

For example, to see only the examples for Set-FsspSignatureUpdate, type

get-help Set-FsspSignatureUpdate -examples

To view only a particular parameter

To view only a particular parameter, type get-help cmdlet-name -parameter parameter-name, and then press ENTER.

For example, to see help for only the ScheduleStart parameter of the Set-FsspSignatureUpdate cmdlet:

get-help Set-FsspSignatureUpdate -parameter ScheduleStart

To view a list of all cmdlets that have a common verb

To view a list of all cmdlets that have a common verb, enter the verb, followed by a hyphen (-) and an asterisk (*), and then press ENTER.

For example, to view a list of all Set cmdlets:

get-help set-*

Using cmdlet parameters

Some cmdlets have parameters, beginning with a hyphen (-), that let you indicate various options. For example, the Set-FsspSignatureUpdate cmdlet has several parameters, including: Engine, ScheduleStart, and EnableSchedule. Many cmdlets do not have any parameters. Typically, Set cmdlets are the most likely to have parameters.

All cmdlets support a set of parameters that are called common parameters. Examples are Verbose, Debug, and ErrorAction. This feature provides a consistent interface to Windows PowerShell. For a description of the common parameters, type:

        get-help about_commonparameters

Setting true and false conditions

Many of the Set cmdlets have parameters that enable you to turn conditions on and off with true and false indicators. In Windows PowerShell, Boolean true and false are preceded with a dollar sign ($).

For example, to have scan engine definitions updated each time the Forefront service is started, set the -UpdateAtStartup parameter of the Set-FsspSignatureOptions to true, as follows:

        Set-FsspSignatureOptions -UpdateAtStartup $true

Formatting output

You can retrieve output in several different formats by piping your request into one of the optional Format cmdlets listed in the table.

Cmdlet	Function
format-list	Formats output in a list, with each property on a separate line
format-table	Formats output in a table with columns
format-wide	Formats output as a wide table that displays only one property of each object
format-custom	Formats output based on views in a PS1XML file

For more information about each, use the Get-Help cmdlet with any of them. The following is an example:

        Get-help format-list

Forefront Protection 2010 for SharePoint cmdlets

FPSP supports the following cmdlets. They are grouped by function so that you may more easily find the correct one.

The following table contains cmdlets used for controlling the scheduled scan.

Cmdlet	Function
Set-FsspScheduledScan	Sets the configuration of the scheduled scan.
Get-FsspScheduledScan	Retrieves the configuration of the scheduled scan.
Start-FsspScheduledScan	Starts a scan of the database store immediately.
Stop-FsspScheduledScan	Halts a scan of the database store that is currently running.
Suspend-FsspScheduledScan	Pauses a scan of the database store that is currently running.
Resume-FsspScheduledScan	Resumes a suspended scan of the database store.

The following table contains cmdlets used for controlling the realtime scan.

Cmdlet	Function
Set-FsspRealtimeScan	Sets the configuration of the realtime scan.
Get-FsspRealtimeScan	Retrieves the configuration settings of the realtime scan.

The following table contains cmdlets used for controlling the on-demand scan.

Cmdlet	Function
Set-FsspOnDemandScan	Sets configuration options for the on-demand scan.
Get-FsspOnDemandScan	Retrieves the configuration settings for the on-demand scan.
Start-FsspOnDemandScan	Starts the on-demand scan.
Stop-FsspOnDemandScan	Stops a running on-demand scan.
Suspend-FsspOnDemandScan	Pauses a currently running on-demand scan.
Resume-FsspOnDemandScan	Resumes a paused on-demand scan.

The following table contains cmdlets used for working with filter lists.

Cmdlet	Function
New-FsspFilterList	Creates a new filter list.
Get-FsspFilterList	Retrieves filter lists.
Set-FsspFilterList	Changes properties of a filter list.
Clear-FsspFilterList	Clears all of the entries in a filter list.
Remove-FsspFilterList	Deletes a filter list.
Add-FsspFilterListEntry	Adds one or more items to an existing filter list.
Remove-FsspFilterListEntry	Removes one or more items from a filter list.

The following table contains cmdlets used for filtering during the scheduled scan.

Cmdlet	Function
Set-FsspScheduledFilter	Enables a filter, configures it, and associates it with the scheduled scan.
Get-FsspScheduledFilter	Retrieves the configured scheduled scan filters.

The following table contains cmdlets used for filtering during the realtime scan.

Cmdlet	Function
Set-FsspRealtimeFilter	Enables a filter, configures it, and associates it with the realtime scan.
Get-FsspRealtimeFilter	Retrieves the configured realtime scan filters.

The following table contains cmdlets used for filtering during the on-demand scan.

Cmdlet	Function
Set-FsspOnDemandFilter	Enables a filter, configures it, and associates it with the on-demand scan.
Get-FsspOnDemandFilter	Retrieves the configured on-demand scan filters.

The following table contains cmdlets used for managing engines.

Cmdlet	Function
Set-FsspEngineManagement	Configures engine-specific settings.
Get-FsspEngineManagement	Retrieves engine-specific settings.

The following table contains cmdlets used for controlling definition updating.

Cmdlet	Function
Set-FsspSignatureOptions	Sets definition update options.
Get-FsspSignatureOptions	Retrieve settings for definition updates.
Set-FsspSignatureUpdate	Sets the schedule for updating engine definitions.
Get-FsspSignatureUpdate	Retrieves the schedules for updating engine definitions.
Start-FsspSignatureUpdate	Initiates definition updating immediately.

The following table contains cmdlets used for controlling miscellaneous settings.

Cmdlet	Function
Set-FsspAdvancedOptions	Sets the advanced options.
Get-FsspAdvancedOptions	Retrieves the advanced options.
Set-FsspLoggingOptions	Sets logging and diagnostic options.
Get-FsspLoggingOptions	Retrieves the logging options.
Set-FsspTracing	Sets tracing options.
Get-FsspTracing	Retrieves tracing options.

The following table contains cmdlets used for retrieving incidents and quarantined records.

Cmdlet	Function
Get-FsspIncident	Retrieves records from the incident database.
Remove-FsspIncident	Removes an item from the incident database.
Set-FsspIncidentOptions	Sets incident database options.
Get-FsspIncidentOptions	Retrieves incident database options.
Get-FsspQuarantine	Retrieves records from the quarantine database.
Export-FsspQuarantine	Saves quarantined items to disk.
Remove-FsspQuarantine	Deletes items from the quarantine database.
Set-FsspQuarantineOptions	Sets quarantine database options.
Get-FsspQuarantineOptions	Retrieves quarantine database options.

The following table contains cmdlets used for configuring notifications.

Cmdlet	Function
Set-FsspNotification	Sets notification values.
Get-FsspNotification	Retrieves notification values.
Set-FsspNotificationOptions	Sets the SMTP settings for sending e-mail notifications.
Get-FsspNotificationOptions	Retrieves the SMTP settings for sending e-mail notifications.

The following table contains cmdlets used for controlling reports.

Cmdlet	Function
Get-FsspReport	Retrieves statistical reports about FPSP activities.
Clear-FsspReport	Resets a report about FPSP activities.

The following table contains cmdlets used for retrieving Forefront product information.

Cmdlet	Function
Get-FsspProductInfo	Retrieves server and Forefront product information.
Set-FsspLicensing	Sets the necessary licensing parameters for FPSP.
Get-FsspLicensing	Retrieves the product's current license status.

The following table contains cmdlets used for importing and exporting configuration settings.

Cmdlet	Function
Import-FsspSettings	Imports the configuration settings from an XML file.
Export-FsspSettings	Exports the configuration settings to an XML file.

The following table contains cmdlets used for controlling extended options (used for testing and troubleshooting)

Cmdlet	Function
Set-FsspExtendedOption	Sets an extended option.
Get-FsspExtendedOption	Retrieves an extended option value.
New-FsspExtendedOption	Creates a new extended option.
Remove-FsspExtendedOption	Deletes an extended option.

The following table contains cmdlets used for checking the health of your system.

Cmdlet	Function
Get-FsspHealth	Retrieves the current health of the FPSP system.