Share via


Using Windows PowerShell

 

Applies to: Forefront Protection for Exchange

Windows PowerShell is the Windows command-line shell designed especially for system administrators. The shell includes an interactive prompt and a scripting environment that can be used independently or in combination. Windows PowerShell is built on top of the Microsoft .NET common language runtime (CLR) and the .NET Framework, and it accepts and returns .NET objects.

Windows PowerShell is a command-line shell and task-based scripting technology that provides information technology (IT) administrators with comprehensive control and enables the automation of system administration tasks, increasing administrator productivity. Windows PowerShell includes numerous system administration utilities, consistent syntax and naming conventions, and improved navigation of common management data such as the registry, certificate store, or Windows Management Instrumentation (WMI). Windows PowerShell also includes an intuitive scripting language specifically designed for IT administration.

This section provides an introduction to the following elements of Windows PowerShell: the language, the commands (called “cmdlets”), the providers, and the use of objects.

For more information about Windows PowerShell, see Windows PowerShell.

Windows PowerShell is a different kind of shell because of the following:

  • Windows PowerShell does not process text. Instead, it processes objects based on the .NET platform.

  • Windows PowerShell comes with a large set of built-in commands with a consistent interface.

  • All shell commands use the same command parser, instead of different parsers for each tool. This makes it much easier to learn how to use each command.

  • You do not have to give up the tools that you are accustomed to using. You can still use the traditional Windows tools, such as .NET and Reg.exe in Windows PowerShell.

Windows PowerShell is meant to work across a broad range of Microsoft products, including Microsoft Forefront Protection 2010 for Exchange Server (FPE).

Windows PowerShell is a tool that you can use alongside the graphical user interface and any VBScript scripts you have created. Windows PowerShell is a complement to VBScript and other management technologies. You can use Windows PowerShell instead of the Forefront Protection 2010 for Exchange Server Administrator Console, but you will probably find it most useful for specialized repetitive tasks.

Windows PowerShell supports a complete interactive environment. When you type a command at the prompt, the command is processed, and the output is displayed in the shell window. You can send the output of a command to a file or printer, or you can use the pipeline operator (|) in order to send the output to another command.

About cmdlets

Windows PowerShell introduces the concept of a cmdlet (pronounced "command-let"), a simple, single-function command-line tool built into the shell. You can use each cmdlet separately, but their power is realized when you use these simple tools in combination to perform complex tasks. Windows PowerShell includes more than one hundred basic core cmdlets. There are approximately 80 cmdlets for FPE.

A cmdlet is a single-feature command that manipulates objects in Windows PowerShell. You can recognize cmdlets by their name format, which is a verb and noun separated by a dash (-), such as Get-Help, Set-FseSignatureUpdate, and Set-FseRealtimeScan.

Note

Although capitalization is used to make the cmdlet names more readable, Windows PowerShell is not case-sensitive.

In Windows PowerShell, most cmdlets are simple. For example, the "get" cmdlets only retrieve data, and the "set" cmdlets only establish or change data.

About objects

Although you might not realize it at first, when you work in Windows PowerShell, you are working with .NET objects. As you gain experience, the power of object processing becomes more evident, and you will find yourself using the objects and even thinking in terms of objects.

Technically, a .NET object is an instance of a .NET class that consists of data and the operations associated with that data. However, you can think of an object as a data entity that has properties (like characteristics and methods), which are actions that you can perform on the object.

For example, when you get a service in Windows PowerShell, you are really getting an object that represents the service. When you view information about a service, you are viewing the properties of its service object. When you start a service, you are using a method of the service object.

All objects of the same type have the same properties and methods, but each instance of an object can have different values for the properties. For example, every service object has a name and status property. However, each service can have a different name and a different status.

You can use the pipeline operator (|) to send the results of one cmdlet (indicated on the left of the operator) to another (specified on the right of the operator). To find out what type of object a cmdlet is getting, use the Get-Member cmdlet, which gets information about objects or collections of objects. Use the pipeline operator to send the results of a Get command to Get-Member. For example, the following command sends the objects retrieved by a Get-Service command to Get-Member.

Get-Service | Get-Member

This returns information about the service object, such as the following:

     TypeName: System.ServiceProcess.ServiceController
Name                      MemberType    Definition
----                       ----------   ----------
Name                      AliasProperty Name = ServiceName
add_Disposed              Method        System.Void add_Disposed(EventHandler value)
Close                     Method        System.Void Close()
Continue                  Method        System.Void Continue()
...

To find the values of all the properties of a particular object, use the pipeline operator (|) to send the results of a Get command to a Format-List or Format-Table command. (The Format cmdlets are used to make output more readable. For more information, see Formatting output.) Use the -property parameter of the format cmdlet with a value of all (*). For example, to find all the properties of the Schedule service on the system, type the following:

get-service schedule | format-list -property *

This returns information about the properties in a list format, such as:

Name                : Schedule
CanPauseAndContinue : True
CanShutdown         : True
CanStop             : True
DisplayName         : Task Scheduler
DependentServices   : {}
MachineName         : .
ServiceName         : Schedule
ServicesDependedOn  : {RpcSs}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32ShareProcess
Site                :
Container           :

One major advantage of using objects is that it makes it easier to pass the output of one command to another command as input, also known as pipelining.

While communication often requires string manipulation to convert output from one format into another and to remove titles and column headings, Windows PowerShell provides a new interactive model that is based on objects, rather than text. This means that the cmdlet that receives an object can act directly on its properties and methods without any conversion or manipulation. You can refer to the properties and methods of the object by name, rather than by calculating the position of the data in the output.

In the following example, the result of an ipconfig command is passed to a Findstr command. The pipeline operator (|) sends the result of the command on its left to the command on its right. You do not need to manipulate strings or calculate data offsets.

PS> ipconfig | findstr "Address"
        IP Address. . . . . . . . . . . . : 172.28.21.5
        IP Address. . . . . . . . . . . . : 172.30.160.225

About scripting

If you run particular commands or command sequences repeatedly, or if you develop a series of commands to perform a complex task, you will want to save your commands in a file with a .ps1 extension and execute that file (called a “script”), instead of typing commands at the prompt.

In addition to its interactive interface, Windows PowerShell fully supports scripting. To run a script, type the name of the script at the command prompt. Specifying the .ps1 extension is optional.

For example, the following are equivalent:

        c:\test\testscript.ps1
        c:\test\testscript

Note

You must specify the fully qualified path to the script file, even if the script is in the current folder. To indicate the current folder, type the folder name or use a period (.) to represent the current folder. For example:

        .\testscript.ps1

Important

Although scripts are extremely useful, even essential, they can be used to spread malicious code. As a result, the security policy in Windows PowerShell lets you determine whether scripts can run and whether they must include a digital signature. To eliminate an obvious risk, none of the security policies in Windows PowerShell allow you to run a script by double-clicking its icon. For more information, type:

        Get-help about_signing

Windows PowerShell also includes a rich scripting language that enables you to create scripts, from the simplest to the very complex. It supports language constructs for looping, conditions, flow-control, and variable assignment.

Starting Windows PowerShell

To start Windows PowerShell from the Start menu

  • Do one of the following:

    • If FPE is not installed, click Start, point to All Programs, point to Windows PowerShell 1.0, and then click Windows PowerShell.

    • If FPE is installed, click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.

To start Windows PowerShell from a command prompt (cmd.exe) window

  • At a command prompt, type powershell, and then press ENTER.

To view the parameters that you can use when starting Windows PowerShell

  • At a command prompt, type Powershell -?, and then press ENTER.

Since the Windows PowerShell console acts very much like a command prompt console, you can run all your command-line executables from within the Windows PowerShell console (for example: ipconfig); you can even run VBScript scripts and batch files from within the Windows PowerShell console. As with any console, just type in your command and press ENTER.

Getting help

In the Windows PowerShell window, you can use the Get-Help cmdlet to find help.

To use the Get-Help cmdlet

  • To use the Get-Help cmdlet, at a Windows PowerShell command prompt, type gethelp, and then press ENTER.

To view a list of all Windows PowerShell concepts

  • To view a list of all Windows PowerShell concepts, type get-help about_*, and then press ENTER.

To get help about a concept

  • To get help about a concept, type its name after the “about_”. For example, type get-help about_wildcard, and then press ENTER.

To view all the cmdlets available to you

  • To view all the cmdlets available to you, type get-command, and then press ENTER.

    Note

    The Get-Command cmdlet also retrieves commands and command elements other than cmdlets, including aliases, functions, and executable files that are available in Windows PowerShell.

To get help for a particular cmdlet

  • Each cmdlet has a help file that you can access from the Windows PowerShell window. To get help for a particular cmdlet, type get-help cmdlet-name, and then press ENTER.

For example, to see help for Set-FseSignatureUpdate, type

get-help Set-FseSignatureUpdate

To get detailed help for a particular cmdlet

  • Detailed help is available for each cmdlet, including an explanation of each of the parameters and one or more examples. To get detailed help for a particular cmdlet, type get-help cmdlet-name -detailed, and then press ENTER.

For example, to see detailed help for Set-FseSignatureUpdate, type

        get-help Set-FseSignatureUpdate

To view only the examples for a particular cmdlet

  • To view only the examples for a particular cmdlet, type get-help cmdlet-name -examples, and then press ENTER.

For example, to see only the examples for Set-FseSignatureUpdate, type

get-help Set-FseSignatureUpdate -examples

To view only a particular parameter

  • To view only a particular parameter, type get-help cmdlet-name -parameter parameter-name, and then press ENTER.

For example, to see help for only the ScheduleStart parameter of the Set-FseSignatureUpdate cmdlet:

get-help Set-FseSignatureUpdate -parameter ScheduleStart

To view a list of all cmdlets that have a common verb

  • To view a list of all cmdlets that have a common verb, enter the verb, followed by a hyphen (-) and an asterisk (*), and then press ENTER.

For example, to view a list of all Set cmdlets:

get-help set-*

Using cmdlet parameters

Some cmdlets have parameters, beginning with a hyphen (-), that let you indicate various options. For example, the Set-FseSignatureUpdate cmdlet has several parameters, including: Engine, ScheduleStart, and EnableSchedule. Many cmdlets do not have any parameters. Typically, Set cmdlets are the most likely to have parameters.

All cmdlets support a set of parameters that are called common parameters. Examples are Verbose, Debug, and ErrorAction. This feature provides a consistent interface to Windows PowerShell. For a description of the common parameters, type:

        get-help about_commonparameters

Setting true and false conditions

Many of the Set cmdlets have parameters that enable you to turn conditions on and off with true and false indicators. In Windows PowerShell, Boolean true and false are preceded with a dollar sign ($).

For example, to have scan engine definitions updated each time the Forefront service is started, set the -UpdateAtStartup parameter of the SetFseSignatureOptions to true, as follows:

        Set-FseSignatureOptions -UpdateAtStartup $true

Formatting output

You can retrieve output in several different formats by piping your request into one of the optional Format cmdlets listed in the table.

Cmdlet Function

format-list

Formats output in a list, with each property on a separate line

format-table

Formats output in a table with columns

format-wide

Formats output as a wide table that displays only one property of each object

format-custom

Formats output based on views in a PX1XML file

For more information about each, use the Get-Help cmdlet with any of them. The following is an example:

        Get-help format-list

Forefront Protection 2010 for Exchange Server cmdlets

FPE supports the following cmdlets. They are grouped by function so that you may more easily find the correct one.

The following table contains cmdlets used for controlling the scheduled scan.

Cmdlet Function

Set-FseScheduledScan

Sets the configuration of the scheduled scan.

Get-FseScheduledScan

Retrieves the configuration of the scheduled scan.

Start-FseScheduledScan

Starts a scan of the mailbox store immediately.

Stop-FseScheduledScan

Halts a scan of the mailbox store that is currently running.

The following table contains cmdlets used for controlling the realtime scan.

Cmdlet Function

Set-FseRealtimeScan

Sets the configuration of the realtime scan.

Get-FseRealtimeScan

Retrieves the configuration settings of the realtime scan.

The following table contains cmdlets used for controlling the transport scan.

Cmdlet Function

Set-FseTransportScan

Sets the configuration of the transport scan.

Get-FseTransportScan

Retrieves the configuration settings of the transport scan.

The following table contains cmdlets used for controlling the on-demand scan.

Cmdlet Function

Set-FseOnDemandScan

Sets the configuration of the on-demand scan.

Get-FseOnDemandScan

Retrieves the configuration settings of the on-demand scan.

Start-FseOnDemandScan

Starts the on-demand scan.

Stop-FseOnDemandScan

Stops the on-demand scan.

Suspend-FseOnDemandScan

Pauses the currently running on-demand scan.

Resume-FseOnDemandScan

Resumes a paused on-demand scan.

The following table contains cmdlets used for working with filter lists.

Cmdlet Function

New-FseFilterList

Creates a new filter list.

Get-FseFilterList

Retrieves filter lists.

Set-FseFilterList

Changes properties of a filter list.

Clear-FseFilterList

Clears all of the entries in a filter list.

Remove-FseFilterList

Deletes a filter list.

Add-FseFilterListEntry

Adds one or more items to an existing filter list.

Remove-FseFilterListEntry

Removes one or more items from a filter list.

The following table contains cmdlets used for filtering during the scheduled scan.

Cmdlet Function

Set-FseScheduledFilter

Enables a filter, configures it, and associates it with the Scheduled Scan Job.

Get-FseScheduledFilter

Retrieves the configured Scheduled Scan Job filters.

The following table contains cmdlets used for filtering during the realtime scan job.

Cmdlet Function

Set-FseRealtimeFilter

Enables a filter, configures it, and associates it with the Realtime Scan Job.

Get-FseRealtimeFilter

Retrieves the configured Realtime Scan Job filters.

The following table contains cmdlets used for filtering during the transport scan.

Cmdlet Function

Set-FseTransportFilter

Enables a filter, configures it, and associates it with the Transport Scan Job.

Get-FseTransportFilter

Retrieves the configured Transport Scan Job filters.

The following table contains cmdlets used for filtering during the on-demand scan.

Cmdlet Function

Set-FseOnDemandFilter

Enables a filter, configures it, and associates it with the On-Demand Scan Job.

Get-FseOnDemandFilter

Retrieves the configured On-Demand Scan Job filters.

The following table contains cmdlets used for managing engines.

Cmdlet

Function

Set-FseEngineManagement

Configures engine-specific settings.

Get-FseEngineManagement

Retrieves engine-specific settings.

The following table contains cmdlets used for controlling definition updating.

Cmdlet Function

Set-FseSignatureOptions

Sets definition update options.

Get-FseSignatureOptions

Retrieve settings for definition updates.

Set-FseSignatureUpdate

Sets the schedule for updating engine definitions.

Get-FseSignatureUpdate

Retrieves the schedules for updating engine definitions.

Start-FseSignatureUpdate

Initiates definition updating immediately.

The following table contains cmdlets used for controlling miscellaneous settings.

Cmdlet Function

Set-FseAdvancedOptions

Sets the advanced options.

Get-FseAdvancedOptions

Retrieves the advanced options.

Set-FseLoggingOptions

Sets logging and diagnostic options.

Get-FseLoggingOptions

Retrieves the logging options.

Set-FseTracing

Sets tracing options.

Get-FseTracing

Retrieves tracing options.

Get-FseExchangeManagementStatus

Confirms whether antispam functionality is available.

The following table contains cmdlets used for retrieving incidents and quarantined records.

Cmdlet Function

Get-FseIncident

Retrieves records from the incident database.

Remove-FseIncident

Removes an item from the incident database.

Set-FseIncidentOptions

Sets incident database options.

Get-FseIncidentOptions

Retrieves incident database options.

Get-FseQuarantine

Retrieves records from the quarantine database.

Export-FseQuarantine

Saves quarantined items to disk.

Remove-FseQuarantine

Deletes items from the quarantine database.

Send-FseQuarantine

Delivers an item that has been quarantined to the specified recipients.

Set-FseQuarantineOptions

Sets quarantine database options.

Get-FseQuarantineOptions

Retrieves quarantine database options.

The following table contains cmdlets used for configuring notifications.

Cmdlet Function

Set-FseNotification

Sets notification values.

Get-FseNotification

Retrieves notification values.

The following table contains cmdlets used for controlling reports.

Cmdlet Function

Get-FseReport

Retrieves statistical reports about FPE activities.

Clear-FseReport

Resets a report about FPE activities.

Get-FseSpamReport

Retrieves a spam-blocking report.

The following table contains cmdlets used for retrieving Forefront product information.

Cmdlet Function

Get-FseProductInfo

Retrieves server and Forefront product information.

Set-FseLicensing

Sets the necessary licensing parameters for FPE.

Get-FseLicensing

Retrieves the product's current license status.

The following table contains cmdlets used for importing and exporting configuration settings.

Cmdlet Function

Import-FseSettings

Imports the configuration settings from an XML file.

Export-FseSettings

Exports the configuration settings to an XML file.

The following table contains cmdlets used for controlling extended options (used for testing and troubleshooting).

Cmdlet Function

Set-FseExtendedOption

Sets an extended option.

Get-FseExtendedOption

Retrieves an extended option value.

New-FseExtendedOption

Creates a new extended option.

Remove-FseExtendedOption

Deletes an extended option.

The following table contains cmdlets used for controlling spam settings.

Cmdlet Function

Set-FseSpamContentFilter

Sets the configuration options for the spam content filter.

Get-FseSpamContentFilter

Retrieves the settings for the spam content filter.

Set-FseSpamFiltering

Enables or disables Forefront spam filtering.

Get-FseSpamFiltering

Retrieves the status of spam filtering.

Set-FseSpamConnectionFilter

Sets configuration options for the Domain Name System (DNS) Block List (DNSBL).

Get-FseSpamConnectionFilter

Retrieves configuration options for the Forefront DNSBL.

Get-FseSpamAgentLog

Retrieves log records for all spam agents.

The following table contains cmdlets used for controlling backscatter settings.

Cmdlet

Function

Set-FseBackscatterFilter

Configures the anti-backscatter agent.

Get-FseBackscatterFilter

Retrieves the settings of the anti-backscatter agent.

New-FseBackscatterKeys

Generates a new set of backscatter keys.

The following table contains cmdlets used for checking the health of your system.

Cmdlet

Function

Get-FseHealth

Retrieves the current health of the FPE system.