In this exercise, we explore Windows environmental settings.
Open Windows PowerShell.
Use the Get-WmiObject cmdlet to view the common properties of the WIN32_Environment WMI class. Use the gwmi alias to make it easier to type. This command is shown here:
gwmi win32_environment
The partial output from this command is shown here:
VariableValue Name UserName ------------- ---- -------- C:\PROGRA~1\CA\SHARED~1... AVENGINE <SYSTEM> %SystemRoot%\system32\c... ComSpec <SYSTEM> NO FP_NO_HOST_CHECK <SYSTEM>
To view all the properties of the WIN32_Environment class, pipeline the object returned by the Get-WmiObject cmdlet to the Format-List cmdlet while specifying the asterisk. Use the up arrow to retrieve the previous gwmi command. This command is shown here:
gwmi win32_environment | Format-List *
The output from the previous command will be similar to that shown here:
Status : OK Name : TMP SystemVariable : False __GENUS : 2 __CLASS : Win32_Environment __SUPERCLASS : CIM_SystemResource
Scroll through the results returned by the previous command, and examine the properties and their associated values. It appears that the most important information from the class is Name, UserName, and VariableValue. Use the up arrow to retrieve the previous gwmi command and change Format-List to Format-Table. After the Format-Table cmdlet, type the three variables we want to retrieve: Name, VariableValue, and Username. This command is shown here:
gwmi win32_environment | Format-Table name, variableValue, userName
The results from this command will be similar to the partial results shown here:
name variableValue userName ---- ------------- -------- AVENGINE C:\PROGRA~1\CA\SHARED~1... <SYSTEM> ComSpec %SystemRoot%\system32\c... <SYSTEM> FP_NO_HOST_CHECK NO <SYSTEM> INOCULAN C:\PROGRA~1\CA\ETRUST~1 <SYSTEM>
Use the up arrow to retrieve the previous gwmi command and delete the variable user-Name and the trailing comma. This command is shown here:
gwmi win32_environment | Format-Table name, variableValue
The results from this command will be similar to the ones shown here:
name variableValue ---- ------------- AVENGINE C:\PROGRA~1\CA\SHARED~1\SCANEN~1 ComSpec %SystemRoot%\system32\cmd.exe FP_NO_HOST_CHECK NO INOCULAN C:\PROGRA~1\CA\ETRUST~1
Notice how the spacing is a little strange. To correct this, use the up arrow to retrieve the previous command. Add the autosize argument to the Format-Table command. You can use Tab completion to finish the command by typing -a <tab>. The completed command is shown here:
gwmi win32_environment | Format-Table name, variableValue -AutoSize
Now that we have a nicely formatted list, let’s compare the results with those produced by the Environment provider. To do this, we will use the Env PSdrive. Use the Set-Location cmdlet to set your location to the Env PSdrive. The command to do this is shown here. (You can, of course, use the sl alias if you prefer.)
Set-Location env:
Use the Get-ChildItem cmdlet to produce a listing of all the environmental variables on the computer. The command to do this is shown here:
Get-ChildItem
A partial output from the Get-ChildItem cmdlet is shown here:
Name Value ---- ----- Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys... TEMP C:\DOCUME~1\EDWILS~1.NOR\LOCALS~1\Temp
Set your location back to the C:\ drive. The command to do this is shown here:
Set-Location c:\
Retrieve the alias for the Get-History cmdlet. To do this, use the Get-Alias cmdlet and pipe the resulting object to the Where-Object. Use the special variable $_ to indicate the current pipeline object, and look for a match to the definition property that is equal to the Get-History cmdlet. The command to do this is shown here:
Get-Alias | where {$_.definition -eq "Get-History"}
The resulting output, shown here, tells us there are three aliases defined for Get-History:
CommandType Name Definition ----------- ---- ---------- Alias ghy Get-History Alias h Get-History Alias history Get-History
Use the up arrow and retrieve the previous Get-Alias command. Change the definition from Get-History to Invoke-History. This command is shown here:
Get-Alias | where {$_.definition -eq "Invoke-History"}
The resulting output, shown here, tells us there are two aliases defined for Get-History:
CommandType Name Definition ----------- ---- ---------- Alias ihy Invoke-History Alias r Invoke-History
Use the Get-History cmdlet to retrieve a listing of all the commands you have typed into Windows PowerShell. I prefer to use ghy for Get-History because of similarity with ihy (for Invoke-History). The Get-History command using ghy is shown here:
ghy
Examine the output from the Get-History cmdlet. You will see a list similar to the one shown here:
1 gwmi win32_environment 2 gwmi win32_environment | Format-List * 3 gwmi win32_environment | Format-Table name, variableValue, userName 4 gwmi win32_environment | Format-Table name, variableValue 5 gwmi win32_environment | Format-Table name, variableValue -AutoSize 6 sl env: 7 gci 8 sl c:\ 9 Get-Alias | where {$_.definition -eq "Get-History"} 10 Get-Alias | where {$_.definition -eq "Invoke-History"}
Produce the listing of environmental variables by using the Environment PSdrive. This time, we will do it in a single command. Use Set-Location to set the location to the Env: PSdrive. Then continue the command by using a semicolon and then Get-ChildItem to produce the list. Use the sl alias and the gci alias to type this command. The command is shown here:
sl env:;gci
Note that our PSdrive is still set to the Env: PSdrive. Use the Set-Location cmdlet to change back to the C:\ PSdrive. This command is shown here:
sl c:\
Use the up arrow to bring up the sl env:;gci command, and this time, add another semicolon and another sl command to change back to the C:\ PSdrive. The revised command is shown here:
sl env:;gci;sl c:\
You now have an output similar to the one shown here. You are also back at the C:\ PSdrive.
Name Value ---- ----- Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys... TEMP C:\DOCUME~1\EDWILS~1.NOR\LOCALS~1\Temp SESSIONNAME Console PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;....
Now use the ghy alias to retrieve a history of your commands. Identify the command that contains your previous gwmi command that uses Format-Table with the autosize argument. This command is shown here:
gwmi win32_environment | Format-Table name, variableValue -AutoSize
Use the ihy alias to invoke the history command that corresponds to the command identified in step 25. For me, the command is ihy 5, as shown here:
Ihy 5
When the command runs, it prints out the value of the command you are running on the first line. Then you obtain the results normally associated with the command. A partial output is shown here:
gwmi win32_environment | Format-Table name, variableValue -AutoSize name variableValue ---- ------------- AVENGINE C:\PROGRA~1\CA\SHARED~1\SCANEN~1 ComSpec %SystemRoot%\system32\cmd.exe
Scroll up in Windows PowerShell console, and compare the output from the gwmi command you just ran with the output from the sl env:;gci command.
This concludes this one step further exercise. Commands used in One Step Further: Windows Environment Settings are stored in the OneStepFurtherWindowsEnvironment.txt file.