Blog

Powershell Vergleichs-Operatoren Beispiele

Beispiel: Liste der ersten 10 Prozesse mit bekanntem Pfad (Pfad nicht leer).
Get-Process | Where-Object { $_.Path -ne $null} | Select-Object -first 10 | FT Name, Company, Path -AutoSize

PS C:\> Get-Process | Where-Object { $_.Path -ne $null} | Select-Object -first 10 | FT Name, Company, Path -AutoSize

Name                 Company                 Path
----                 -------                 ----
AnyDesk              philandro Software GmbH C:\Program Files (x86)\AnyDesk\AnyDesk.exe
ApplicationFrameHost Microsoft Corporation   C:\WINDOWS\system32\ApplicationFrameHost.exe
conhost              Microsoft Corporation   C:\WINDOWS\system32\conhost.exe
conhost              Microsoft Corporation   C:\WINDOWS\system32\conhost.exe
dllhost              Microsoft Corporation   C:\WINDOWS\system32\DllHost.exe
dllhost              Microsoft Corporation   C:\WINDOWS\system32\DllHost.exe
epic                 Hidden Reflex Authors   C:\Users\smoretti\AppData\Local\Epic Privacy Browser\Application\epic.exe
epic                 Hidden Reflex Authors   C:\Users\smoretti\AppData\Local\Epic Privacy Browser\Application\epic.exe
epic                 Hidden Reflex Authors   C:\Users\smoretti\AppData\Local\Epic Privacy Browser\Application\epic.exe
epic                 Hidden Reflex Authors   C:\Users\smoretti\AppData\Local\Epic Privacy Browser\Application\epic.exe

Beispiel: Liste der ersten zehn Prozesse von 32 Bit Programmen.
Hinweis: 32 Bit Programme sind im Ordner „…Program Files (x86)…“ installiert.
Get-Process | Where-Object { $_.Path -match „(x86)“} | Select-Object -First 10 | FT Name, Company, Path -AutoSize

PS C:\> Get-Process | Where-Object { $_.Path -match "(x86)"} | Select-Object -First 10 | FT Name, Company, Path -AutoSize

Name       Company                 Path
----       -------                 ----
AnyDesk    philandro Software GmbH C:\Program Files (x86)\AnyDesk\AnyDesk.exe
TeamViewer TeamViewer GmbH         C:\Program Files (x86)\TeamViewer\TeamViewer.exe
VCDDaemon  Elaborate Bytes AG      C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

Beispiel: Liste aller Prozesse die 64 Bit Programme sind.
Get-Process | Where-Object { $_.Path -like „*Program Files\*“} | FT Name, Company, Path -AutoSize

PS C:\> Get-Process | Where-Object { $_.Path -like „*Program Files\*“} | FT Name, Company, Path -AutoSize

Name                Company               Path
----                -------               ----
Microsoft.Photos    Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.P...
MSASCuiL            Microsoft Corporation C:\Program Files\Windows Defender\MSASCuiL.exe
notepad++           Don HO don.h@free.fr  C:\Program Files\Notepad++\notepad++.exe
SkypeApp            Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
SkypeBackgroundHost Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

PS C:> Get-Process | Where-Object { $_.Path -like „*Program Files*“} | FT Name, Company, Path -AutoSize

PS C:> Get-Process | Where-Object { $_.Path -like „*Program Files*“} | FT Name, Company, Path -AutoSize

PS C:\> Get-Process | Where-Object { $_.Path -like „*Program Files*“} | FT Name, Company, Path -AutoSize

Name                Company                 Path
----                -------                 ----
AnyDesk             philandro Software GmbH C:\Program Files (x86)\AnyDesk\AnyDesk.exe
Microsoft.Photos    Microsoft Corporation   C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft...
MSASCuiL            Microsoft Corporation   C:\Program Files\Windows Defender\MSASCuiL.exe
notepad++           Don HO don.h@free.fr    C:\Program Files\Notepad++\notepad++.exe
SkypeApp            Microsoft Corporation   C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
SkypeBackgroundHost Microsoft Corporation   C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
TeamViewer          TeamViewer GmbH         C:\Program Files (x86)\TeamViewer\TeamViewer.exe
VCDDaemon           Elaborate Bytes AG      C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

Beispiel: Liste aller Commandlets mit eingebautem Fernaufruf.
Get-Command | Where-Object { $_.Parameters.keys -contains „ComputerName“ -and $_.Parameters.keys -notcontains „Session“} | FT Name, ModuleName -AutoSize

 PS C:\> Get-Command | Where-Object { $_.Parameters.keys -contains "ComputerName" -and  $_.Parameters.keys -notcontains "Session"} | FT Name, ModuleNa
me -AutoSize

Name              ModuleName
----              ----------
Add-Computer      Microsoft.PowerShell.Management
Clear-EventLog    Microsoft.PowerShell.Management
Get-EventLog      Microsoft.PowerShell.Management
Get-HotFix        Microsoft.PowerShell.Management
Get-Process       Microsoft.PowerShell.Management
Get-PSSession     Microsoft.PowerShell.Core
Get-Service       Microsoft.PowerShell.Management
Get-WmiObject     Microsoft.PowerShell.Management
Invoke-WmiMethod  Microsoft.PowerShell.Management
Limit-EventLog    Microsoft.PowerShell.Management
New-EventLog      Microsoft.PowerShell.Management
Register-WmiEvent Microsoft.PowerShell.Management
Remove-Computer   Microsoft.PowerShell.Management
Remove-EventLog   Microsoft.PowerShell.Management
Remove-WmiObject  Microsoft.PowerShell.Management
Rename-Computer   Microsoft.PowerShell.Management
Restart-Computer  Microsoft.PowerShell.Management
Set-Service       Microsoft.PowerShell.Management
Set-WmiInstance   Microsoft.PowerShell.Management
Show-EventLog     Microsoft.PowerShell.Management
Stop-Computer     Microsoft.PowerShell.Management
Test-Connection   Microsoft.PowerShell.Management
Write-EventLog    Microsoft.PowerShell.Management