Lab: COMP3103 PowerShell Providers

Objectives
In this lab, you will learn how to work with Windows PowerShell providers.

Windows PowerShell providers enable you to access data that would not otherwise be easily
accessible at the command line. The data that a provider exposes appears in a drive, much like
a hard drive, and is presented in a consistent format that resembles the file system. You can use
any of the built-in cmdlets that the provider supports to manage the data in the provider drive,
in addition to custom cmdlets that are designed especially for the data. By default, Windows
PowerShell includes several providers that allow you to access common data stores in
Windows, such as the file system, registry, and certificate store.

 Alias - Windows PowerShell aliases {Alias}

 Certificate - X509 certificates for digital signatures {cert}
 Environment - Windows environment variables {Env}
 FileSystem - File system drives, directories and files {filesystem}
 Function - Windows PowerShell functions {Function}
 Registry - Windows registry {HKLM, HKCU}
 Variable - Windows PowerShell variables {Variable}

Steps:
1. To start, turn on Windows computer (either PC/laptop host or VM), and open Windows
PowerShell command window.

2. List the available providers and the drives which make use of these providers. You will
also create a new drive using the registry provider.

a. On the Taskbar, click Windows PowerShell.

b. To display a list of the available providers, type the following command, and then
press ENTER. Do you have the same output? Yes.

Get-PSProvider
Note down the difference based on your outputs.

I just have one extra certificate.

3. To display a list of the available drives, type the following command, and then press
ENTER. Do you have the same output? ____ .

Get-PSDrive
Note down the difference based on your outputs.

I have two extra drives out f which one is empty and the other(F) is having usage of 3.31 GB.

How to find the PSdrive key word related cmdlets? We can use the command Get-
Command *PSDrive*.

4. Run regedit.msc. Use the Registry Editor window as reference. In next steps, you will
create new PSDrives based on Registry.

To create a new drive for the HKEY_CLASSES_ROOT hive in the registry using the Registry
provider, type the following command, and then press ENTER.

New-PSDrive -Name HKCS -PSProvider Registry -Root "HKEY_CLASSES_ROOT"

 NOTE: As with the file system, the registry can also be modified using Windows
PowerShell drives. Be aware that when modifying the registry, changes may cause the
system to fail.

Do you see the adding of a new Windows PowerShell drive? Yes.

5. To browse to the newly created drive, called HKCS, as if you were working with a drive in
the file system, type the following commands, pressing ENTER after each one.

cd HKCS:

dir .ht*

Verify the output by checking the Registry Editor window HKEY_CLASSES_ROOT hive.

Same content? Yes.

NOTE: This will set the current location to the newly created HKCS drive, and then
display the list of registry entries that match the filter expression. IMPORTANT: The
trailing colon (:) after the drive name indicates a drive change which is different from a
 folder change. The colon is necessary; otherwise, Windows PowerShell will display an
error.

To change the current folder to another folder inside the HKCS drive, and then list its
contents, type the following commands, pressing ENTER after each line.

cd .html

dir

Do you see the listing of a key of the registry as if it were a folder in the file system? Yes.
 6. Now, create a new drive for the HKEY_CURRENT_CONFIG hive in the registry and verify it.

New-PSDrive -Name HKCS -PSProvider Registry -Root "HKEY_CLASSES_ROOT"

Cd hkcc:

Dir

Verify the output by checking the Registry Editor window HKEY_CURRENT_CONFIG hive.

Same content? Yes.

Key in get-psdrive, do you see the newly created PSdrives-HKCS? Yes.

Paste the SCREENSHOT of output here:

Key in the following command to verify all the regedit process.

Get-Process |where name -like regedit*

List and test your command (one line) to end the regedit processes.

Command line: Get-Process | Where-Object { $_.Name -like 'regedit*' } | Stop-Process

Do you see any error? How would you explain the error?

No my command ran successfully without any errors.

Close the Registry Editor window manually if any error occurs.

7. Now get into HKCU: drive, and change Notepad item properties by the following.

Cd hkcu:

Cd .\software\microsoft (notice the prompt change)

Dir (or get-childitem or dir |where pschildname -like note*)

Do you see Notepad? YEs. (In case you don’t have it in the output, skip this step and move
to Step 8.)

Get-ItemProperty notepad

Fill up the following notepad Property value table:

iWindowPosX 662
iWindowPosY 325
IWindowPosDX 529
iWindowPosDY 470
lfItalic 0
lfUnderline 0

Run the notepad program and verify the above properties.

Change Notepad Property as:

Set-ItemProperty -Path Notepad -Name iWindowPosX -Value 300

Run the notepad program again, and verify the above property change. Do you see thee
customized Notepad window frame? Yes.
Key in any text in the notepad page, notice that Italic and Underline are not set.

Set-ItemProperty -Path Notepad -Name iWindowPosy -Value 200

Set-ItemProperty -Path Notepad -Name iWindowPosDX -Value 200

Set-ItemProperty -Path Notepad -Name iWindowPosDY -Value 200

Again, run the notepad program, and verify the above property change. Do you see the
newly customized Notepad window frame? Yes.
Verify the change by the following cmdlet.

Get-ItemProperty notepad

Do you see the changes? Yes

Now test the change of Properties one more time as:

Set-ItemProperty -Path Notepad -Name iWindowPosX -Value 10

Set-ItemProperty -Path Notepad -Name iWindowPosY -Value 10

Set-ItemProperty -Path Notepad -Name iWindowPosDX -Value 1000

Set-ItemProperty -Path Notepad -Name iWindowPosDY -Value 500

Set-ItemProperty -Path Notepad -Name lfunderline 1

Set-ItemProperty -Path Notepad -Name lfitalic 1

Again, verify the change by the following cmdlet.

Get-ItemProperty notepad

Do you see the changes? Yes

Now, run Notepad program again and key in any text in the new notepad page.

Key in any text in the new notepad page, notice that Italic and Underline are now set.

Key in the following command to verify all the open Notepad processes.

gps note* |select name, id, starttime

List and test your command (one line) to end of the Notepad processes.

Command line: get-process notepad | stop-process

Reset Italic and Underline as default before you proceed to the next step.

Set-ItemProperty -Path Notepad -Name lfunderline 0

Set-ItemProperty -Path Notepad -Name lfitalic 0

8. Now, work with Alias: PSdrive.

Cd alias:

Dir or get-childitem

What have you noticed? List of alias

What is full cmdlet name for alias “cd”? Set-location

Create a new alias item (pro) as:

new-item -name pro -Value get-process

Issue Dir or get-childitem, do you see the new alias in this PSdrive? _____ .

Verify by command “get-alias pro”, and also type in pro, do you see the same output same
as the cmdlet “get-process” output? Yes it seems same.

Create a new alias item (ser) as:

new-item -name ser -value gsv

Verify by command “get-alias ser”, and also type in ser, do you see the same output same
as the cmdlet “get-service” output? Yes.

Verify if “del” is an alias by get-alias del.

Issue the following to remove the two newly defined aliases.

Remove-item pro

Del ser

To verify the existence, issue the command of dir pro, ser

9. Now, work with Env: PSdrive. Note down the outputs of related command lines.

We use PowerShell to manipulate the System variables, this is an alternative to using the
Windows GUI and navigating to the Control Panel, System and Advanced System Settings.

Cd env:
Dir or get-childitem

What have you noticed? Bunch of files located in the laptop.

Note: The environment settings in this drive will be used frequently in other labs.

Note: You need that $ dollar sign. Plain Env:name does not work here.

This script will find temporary files:

Get-Childitem $Env:Temp -Recurse

PSModulePath lists all the paths that PowerShell searches for modules and includes in its
module auto-loading:

$env:PSModulePath

The following take information in an environmental variable and using it in a script.

"Hello " + $env:UserName + "!"

"This computer is $env:computername, reserved for user $env:username."

$Email = $Env:Username + '@COMP3103lab.com'

$email

“The Application Data Folder is $env:appdata. "

Create and Set Environment Variables

new-item env:location -value Toronto

new-item env:team -value ITS_Server

new-item env:tel -value 180012345678

Verify the two new variables by dir. Available? Yes

Now set a new value by the following, and verify it:

Set-item env:team -value ITS_Support

"This computer is $env:computername, reserved for team of $env:team."

10. Now, work with Variable: PSdrive. Note down the outputs of related command lines.

cd variable:

dir
There are group of default variables predefined in PowerShell. Read the variable list
carefully, and figure out the value of the following variables:

Name Value
Home C:\Users\aneen

MaximumAliasCount 4096

PSEdition Desktop

ErrorActionPreference Continue

True True

You can also get variables by cmdlet of get-variable. Test it.

new-item -name tvar -Value testing

$tvar

new-item -name ADDS -value 172.16.1.10

$adds

new-item -name GBC -value www.georgebrown.ca

$gbc

"GBCURL is $gbc, its ADDS IP address is $adds."

Close your current PowerShell window, and open it again. Check the Alias, Env: and

variable: PSdrives, do you see those newly created items still available? Yes.

Check the two new PSdrives HKCC and HKCS (by get-psdrive). Are they still available? No.

11. Now, work with filesystem PSdrive. Create and verify the new file and directory by
PowerShell commands.

Note down the outputs of related command lines.

Cd c:

new-item -type File -name test1.txt -value "Here is the test file1."

get-content test1.txt or type test1.txt

new-item -type Directory -name testdir1

Copy-Item test1.txt .\testdir1

Close your current PowerShell window, and open it again. Check the test1.txt and testdir1
items, do you see two newly created items still available in file system? Yes I can see them

12. Now, work with Certificate PSprovider. Based on the above steps, answer and test the
following. (Test before reading the Hints at the end of this file.)

How to enter the certificate PowerShell drive? Get-ChildItem cert:\

List the content of the main certificate drive:

Get into CurrentUser\Root directory, how many certificate items are there? 65.

Issue dir|gm (under CurrentUser\Root directory) to display certificate members.

How many methods? 28.

How many properties (including NoteProperty and ScriptProperty)? 30

dir c* |select subject, issuer, dnsnamelist, SignatureAlgorithm, version |fl

List output:

(dir c*).getpublickeystring()
Explain what the above command does? The above mentioned command retrieves the
public key string for all certificates that match the wildcard pattern c*. It calls the
GetPublicKeyString() method on each certificate, which returns the public key of the
certificate in a readable format.

Note: The certificate settings in this drive will be used frequently in security tasks.

13. Free practice on Alias:, Env: and Variable: PSdrives. Make notes.
Summary
In this lab, you have learned how to work with different Windows PowerShell providers, and
how to add new items and change items properties.

Hints for step 12.

dir |gm |where membertype -like *property |measure

dir |gm |where membertype -eq method |measure