What's New in PowerShell 2.0 - Real World Tips and Tricks

If you're reading this, then you're probably like me when it comes to wanting to learn the ins and outs of Microsoft's PowerShell. I've been using the RTM version of Windows 7 for around a month now in my job as a Systems Administrator. The new 2.0 version that currently ships with Windows 7 and Server 2008 can do a lot of new tricks, and there's no way I can cover them all. But in this article I hope to show you how this one addition - Out-GridView -- is revolutionizing how I'm dissecting data on my local and networked computers.

Out-GridView

First of all, Out-GridView is not used by itself, but rather, it is appended at the end of existing PowerShell commands. The best way to see this is to simply try it. First, let's see what a normal output to the command window looks like using a commonly used command, Get-Process.

From a PowerShell 2.0 command prompt type Get-Process and press Return. This will return a list of running processes on either the local or remote system. (Note, when running against a remote system add a "-c and then a computer name". For example, if the remote computer was called "Warp" then the command would look like this: Get-Process -c Warp.)

You'll be presented with a list similar to the following:

PS C:\> get-process

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName

------- ------ ----- ----- ----- ------ -- -----------

681 12 11652 18636 68 3724 CcmExec

69 2 1196 2732 24 4140 CNTAoSMgr

87 3 2168 3448 30 2140 cpqnimgt

48 2 420 1800 16 2200 CpqRcmc

100 4 4104 7004 24 3836 cpqwmgmt

253 6 3672 7468 43 3744 cqmghost

41 2 488 1752 12 2212 cqmgserv

165 5 1884 2560 17 2224 cqmgstor

923 6 1972 4692 27 332 csrss

86 4 848 2452 22 5848 csrss

171 6 2240 5092 35 1468 dfssvc

63 18 740 2896 17 1576 Htexec

56 18 940 2840 18 1560 HTVSSSrv

0 0 0 16 0 0 Idle

124 6 1776 3712 37 1596 ismserv

58 2 720 2344 24 1852 locator

20 1 396 1676 14 4984 logon.scr

1648 109 39704 37292 133 416 lsass

530 26 43380 51124 162 3640 LV_Engine

408 8 8084 11912 52 2264 LV_Super

155 6 1764 4216 23 1332 msdtc

655 20 25004 12360 128 1676 ntfrs

61 3 700 2696 16 3652 NTLGDSCA

1299 20 35264 9300 170 1788 NTRtScan

487 14 5220 139104 187 404 services

88 3 1356 3952 32 1488 slpexec

1039 4 2804 5984 42 1884 SLServer

108 4 2100 6176 38 3468 smsexec

26 1 128 496 3 284 smss

187 7 3132 6248 37 1932 snmp

273 9 8752 14348 67 1208 spoolsv

343 8 40296 73640 1369 1624 sqlservr

142 5 2236 6484 38 1948 sqlwriter

113 5 2392 5128 39 1964 surveyor

130 3 960 3308 20 636 svchost

347 38 1552 4060 22 752 svchost

161 6 3944 5068 42 816 svchost

174 8 5740 7060 27 856 svchost

1675 59 26568 35376 141 872 svchost

71 2 636 2536 17 1536 svchost

238 6 7992 11828 45 1836 svchost

85 3 884 3616 21 2344 svchost

229 8 2872 4120 33 3408 svchost

199 6 2496 4904 58 3892 svchost

42 2 384 1676 11 3676 sysdown

1616 0 0 556 3 4 System

301 9 9836 12620 81 4640 TMBMSRV

34 1 276 1280 8 2060 TMImmuneSvc

348 43 13864 7096 121 3700 TmListen

148 6 2980 6164 44 2908 TmPfw

112 5 6720 10132 34 1428 vcagent

162 3 1824 5544 30 5444 vssvc

605 70 9288 9712 64 356 winlogon

147 4 1580 4860 33 3112 winlogon

88 5 1232 4164 41 2080 WinVNC

141 4 3772 5280 28 272 wmiprvse

241 5 3068 6596 42 2592 wmiprvse

154 4 2976 6792 29 2828 wmiprvse

157 3 1916 5364 27 3196 wmiprvse

130 6 1420 808 38 2112 Wuser32

If you have a lot of processes running (like this system certainly does), you'll likely find the information scrolling beyond the first page. Sure, you could pipe the information to a file, but not this time. Let's put this new 2.0 formatting command to the test.

Change the command to: Get-Process | Out-GridView and press Return.

At this point, a separate window will appear. When I first laid eyes on it, I thought it was a small version of Excel or Access. Then I looked closer. All of the information from the Get-Process command was now showing inside this window. Along the top, the window's title will show the command run. (Helpful if you have several windows open.) Below that is a field labeled "filter". This, by far, is my favorite part of this window. Begin typing into this field, and the information below is instantly filtered and displayed in real time. Typing just "SP" instantly shows only the "SPooler" process, as it is the only process that starts with "SP". When finished, you can backspace out the SP and replace it with any other text. Again the filtering happens in real time.

"Add Criteria" Button

Want even more filtering options? Click on the Add Criteria button and you'll be shown a series of checkboxes (these will change depending on the columns of data returned.) Put a check mark into one and now you have that field that can be specifically searched on. (When done, clicking the red X closes that particular filter option)

More usefulness

In addition to the filtering, each of the columns can be quickly and easily sorted. Just click on them to sort the data alphabetically or numerically. The data instantly responds. In my output example, I clicked on PM(K) which stands for Physical Memory. I quickly learned that of all the processes running, the LV_Engine process was using the most memory: 43380

Conclusion

PowerShell 2.0's Out-GridView has been added to my favorite bag of System Administrator tools. Though found currently only with Windows 7 and Server 2008, it's being reported that PowerShell 2.0 will likely be made available for earlier OS's such as Windows Server 2003 and Windows XP. That suits me just fine, as those are systems I still deal with on a daily basis.

Out-GridView has made sorting, filtering, understanding and comprehending data much easier. What kind of tricks will you find for it to do? Append it to your favorite PowerShell command and give it a test drive.

See you in the trenches.