Supported Commands for Remote Shell
This section lists the supported commands to use for the Remote Shell utility in Secure mode.
For more details on these commands, see the PowerShell documentation on MSDN.
Note
Commands that use special characters in the syntax are not supported for use with Remote Shell.
In this topic:
General commands
The following command enables you to learn what commands are available for the machine:
Command |
Description |
Example |
|---|---|---|
Get-Help |
Displays information about PowerShell commands and concepts. |
Get-Help |
Data extraction commands
The following commands enable you to retrieve data on the selected machine:
Command |
Description |
Example |
|---|---|---|
Get-ChildItem |
Retrieves a list of files or MAC timestamps from one or more directories. This command can also identify MAC timestamps. Specify the directories with the path parameter. |
Get-ChildItem -Path C:\Windows\System32\mspaint.exe |
Get-ComputerInfo |
Retrieves system and operating system properties. |
Get-ComputerInfo |
Get-Content |
Lists the contents of a file. List the file with the path parameter. |
Get-Content C:\Windows\System32\drivers\etc\hosts |
Get-History |
Retrieves a list of commands entered in this session. |
Get-History |
Get-HotFix |
Lists the hotfixes applied on the selected machine. |
Get-HotFix |
Get-Item |
Retrieves a list of items from the specified directory. Add a directory with the path parameter. |
Get-Item C:\* |
Get-ItemProperty |
Gets the property of a selected item. This is often used to retrieve the property values of registry entries. |
Get-ItemProperty C:\Windows |
Get-ItemPropertyValue |
Gets a value for one or more properties of an item. |
Get-ItemPropertyValue ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion’ -Name ProductID |
Get-NetTCPConnection |
Retrieves the current TCP connections. Use this command to view the TCP connection properties like local and remote IP addresses, local or remote ports, and the connection state. |
Get-NetTCPConnection |
Get-PnpDevice |
Retrieves a list of storage devices connected to the endpoint machine, including the device details and connection status. The Get-PnpDevice command is commonly used when adding Device control exclusions. Note To enable the Get-PnpDevice command, contact Technical Support. |
Get-PnpDevice -Class “DiskDrive” | Format-Table -Wrap -AutoSize -Property InstanceID Status |
Get-PSDrive |
Gets the list of drives in the current session. |
Get-PSDrive |
Get-Service |
Lists the services currently running on the machine. |
Get-Service | Where-Object {$_.Status -eq ‘Stopped’} |
Get-TimeZone |
Gets the current time zone or a list of available timezones. |
Get-TimeZone |
Get-WinEvent |
Lists the events from event logs and event tracing files. |
Get-WinEvent -ListProvider * |
Write-Host |
Enables you to write messages to the console. This can be used to run a command or script interactively. |
Write-Host ‘test’ |
Process and export commands
The following commands enable you to process and export data on the selected machine:
Command |
Description |
Example |
|---|---|---|
ConvertFrom-Csv |
Converts data from another format to a CSV file format. |
Get-Content C:\Users\user\Documents\Book1.csv | ConvertFrom-Csv |
ConvertTo-Html |
Converts the output to HTML output. You can also use the command to define HEAD, TITLE, and BODY attributes. |
Get-Content C:\Users\user\Documents\Book1.csv | ConvertTo-Html |
ForEach-Object |
Adds a For loop to PowerShell commands. |
Get-Service | ForEach-Object {$_.Status, $_.DisplayName} |
Format-table |
Displays the output in a table. |
Get-Service | Format-Table -Property Name,DependentServices |
Get-Date |
Displays the current date and time. You can also use this command to add or subtract days when filtering the output. |
Get-Date -Format d |
Select-Object |
Selects specific properties from a command. |
Get-Service | Select-Object -Property Name |
Select-String |
Select a specific string from the output. |
Get-ChildItem c:\windows\system32\*.txt -Recurse | Select-String -Pattern ‘Microsoft’ |
Sort-Object |
Sorts the properties in ascending or descending order. |
Get-History | Sort-Object -Descending |
Where-Object |
Filters the output for specific properties. |
Get-Service | Where-Object {$_.Status -eq ‘Stopped’} |
Remediation commands
The following commands enable you to perform remediation on the selected machine:
Command |
Description |
Example |
|---|---|---|
Disable-LocalUser |
Disables local user accounts. When this account is disabled, this prevents the user from logging on. |
Disable-LocalUser -Name ‘username’ |
Remove-Item |
Deletes one or more items. It is possible to use this command to delete many different types of items, including files, folders, registry keys,variables, aliases, and functions. |
Remove-Item C:\Test\*.* |
Remove-ItemProperty |
Deletes a property and its value from an item. You can use this to delete registry values and the data these registry entries store. |
Remove-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\test’ -Name ‘test1’ |
Remove-Job |
Removes PowerShell background jobs. |
Remove-Job -Name .batch -Force |
Remove-LocalUser |
Deletes local user accounts. |
Remove-LocalUser -Name ‘AdminContoso02’ |
Remove-LocalGroupMember |
Removes a user or users from a local group. |
Remove-LocalGroupMember -Group ‘Administrators’ -Member ‘Admin02’ |
Stop-Process |
Stops one or more running processes. You can specify a process by process name or process ID (PID), or pass a process object to this command. |
Stop-Process -Name ‘notepad’ |
Unregister-ScheduledTask |
Unregisters a scheduled task from the Windows Scheduler service on a local computer. |
Unregister-ScheduledTask -TaskName ‘HardwareInventory’ |
Output processing parameters
The following parameters are supported to enable you to better use your commands:
Parameter |
Description |
Example |
|---|---|---|
ErrorAction |
Specifies a custom error action for a command. The most common option is to SilentlyContinue or a value of 0. |
Stop-Process -Name invalidprocess -ErrorAction SilentlyContinue |
FilterHashtable |
Filters the event logs. |
Get-WinEvent -FilterHashtable @{logname=’application’} |
Force |
Forces the command to bypass the file attribute settings for hidden and system. |
Remove-Job -Name .batch -Force |
Include |
Includes a specific set of files in the command. |
Get-ChildItem -Path $env:SystemRootSystem32 -Include e |
Path |
Defines the directory to use in the command. |
Remove-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\test’ -Name ‘test1’ |
Recurse |
Performs an action recursively. |
Get-ChildItem c:\windows\system32\*.txt -Recurse | Select-String -Pattern ‘Microsoft’ |
Supported aliases
The following aliases are supported:
Alias |
Description |
Function |
Example |
|---|---|---|---|
cd |
Changes the location on which to run subsequent commands. |
Set-Location |
|
ps |
Gets the details for a process. |
Get-Process |
|
help |
Displays the Help about supported commands. |
Get-Help |
|
dir |
Retrieves a list of children for a specified item. |
Get-ChildItem |
|
sl |
Sets a specific location for running commands. |
Set-Location |
|
Chdir |
Sets a specific location for running commands. |
Set-Location |
|
% |
Performs an operation against each item in the collection. |
ForEach-Object |
Get-Service | % {$_.Status, $_.DisplayName} |
? |
Selects objects from a collection based on property values. |
Where-Object |
Get-Service | ? {$_.Status -eq ‘Stopped’} |