2018-06-15发表2022-07-06更新powershell / tip1 分钟读完 (大约112个字)

PowerShell 技能连载 - 从本地时间以 ISO 格式创建 UTC 时间

如果您的工作是跨国跨时区的，您可能会需要使用 UTC 时间来代替本地时间。要确保时间格式是语言中性的，我们推荐使用 ISO 格式。以下是使用方法：

1 2	$date = Get-Date $date.ToUniversalTime().ToString('yyyy-MM-dd HH:mm:ss')

2018-06-14发表2022-07-06更新powershell / tip4 分钟读完 (大约567个字)

PowerShell 技能连载 - 巧妙地读取事件日志（第 2 部分）

在前一个技能中我们演示了如何使用 ReplacementStrings 读取从 Get-EventLog 中收到的详细的事件日志信息。它工作得很完美，但是 Get-EventLog 职能读取“传统的”Windows 日志。在现代的 Windows 版本中还有许多额外的日志。

这些日志可以通过 Get-WinEvent 读取，而且有许多信息可以发掘。例如，要获取已安装的更新列表，请试试这段代码：

1
2
3

$filter = @{ ProviderName="Microsoft-Windows-WindowsUpdateClient"; Id=19 }

Get-WinEvent -FilterHashtable $filter | Select-Object -ExpandProperty Message -First 4

请注意这只是一个例子。通过以上代码，您可以查询您关心的任意事件 ID 的日志。例如以上代码，可以获取最新安装的 4 条更新：

PS> . 'C:\Users\tobwe\Documents\PowerShell\Untitled5.ps1' <# script is not saved yet #>
Installation Successful: Windows successfully installed the following update: Definitionsupdate für
    Windows Defender Antivirus – KB2267602 (Definition 1.269.69.0)
Installation Successful: Windows successfully installed the following update: 9WZDNCRFJ1XX-FITBIT.F
ITBIT
Installation Successful: Windows successfully installed the following update: Definitionsupdate für
    Windows Defender Antivirus – KB2267602 (Definition 1.269.28.0)
Installation Successful: Windows successfully installed the following update: 9WZDNCRFHVQM-MICROSOF
T.WINDOWSCOMMUNICATIONSAPPS

然而，这只是文本，而且要将它转换为一份已安装的更新的漂亮的报告并不容易。通过 Get-EventLog，类似我们之前的技能介绍的，您可以使用 ReplacementStrings 来方便地存取纯净的信息。但是 Get-WinEvent 没有 ReplacementStrings。

然而，有一个名为 Properties 的属性。以下是如何将属性转换为类似 ReplacementStrings 的数组的方法：

$filter = @{ ProviderName="Microsoft-Windows-WindowsUpdateClient"; Id=19 }

Get-WinEvent -FilterHashtable $filter |
    ForEach-Object {
    # create a ReplacementStrings array
    # this array holds the information that is inserted
    # into the event message template text
    $ReplacementStrings = $_.Properties | ForEach-Object { $_.Value }

    # return a new object with the required information
    [PSCustomObject]@{
        Time = $_.TimeCreated
        # index 0 contains the name of the update
        Name = $ReplacementStrings[0]
        User = $_.UserId.Value
    }
    }

这段代码返回以安装更新的美观的列表：

Time                Name
----                ----
25.05.2018 09:00:20 Definitionsupdate für Windows Defender Antivirus – KB2267602 (Definition 1....
25.05.2018 07:59:44 9WZDNCRFJ1XX-FITBIT.FITBIT
24.05.2018 11:04:15 Definitionsupdate für Windows Defender Antivirus – KB2267602 (Definition 1....
24.05.2018 08:36:26 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS
24.05.2018 08:34:30 9N4WGH0Z6VHQ-Microsoft.HEVCVideoExtension
24.05.2018 08:34:24 9WZDNCRFJ2QK-ZDFGemeinntzigeAnstaltdes.ZDFmediathek
23.05.2018 11:57:42 Definitionsupdate für Windows Defender Antivirus – KB2267602 (Definition 1....
23.05.2018 07:37:11 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS
23.05.2018 07:36:57 9WZDNCRFJ3PT-MICROSOFT.ZUNEMUSIC
23.05.2018 04:01:11 Definitionsupdate für Windows Defender Antivirus – KB2267602 (Definition 1....
22.05.2018 12:26:55 Definitionsupdate für Windows Defender Antivirus – KB2267602 (Definition 1....
22.05.2018 08:34:28 9NBLGGH5FV99-Microsoft.MSPaint
22.05.2018 08:33:25 9WZDNCRFJ364-MICROSOFT.SKYPEAPP

2018-06-13发表2022-07-06更新powershell / tip5 分钟读完 (大约809个字)

PowerShell 技能连载 - 巧妙地读取事件日志（第 1 部分）

当您使用 PowerShell 来查询事件，缺省情况下获取到的是日志信息的文本消息。例如，如果您想知道谁登录了您的计算机，您可以使用类似这样的代码（需要管理员权限）：

1 2	Get-EventLog -LogName Security -InstanceId 4624 \| Select-Object -Property TimeGenerated, Message

结果大概类似这样：

25.04.2018 07:48:41 An account was successfully logged on....
25.04.2018 07:48:40 An account was successfully logged on....
24.04.2018 18:18:17 An account was successfully logged on....
...

这并不是很直观，因为 PowerShell 缩短了输出内容。在类似这样的情况下，您可能需要将结果用管道传给 Format-List：

1
2
3

Get-EventLog -LogName Security -InstanceId 4624 |
    Select-Object -Property TimeGenerated, Message |
    Format-List

它现在可以生成详细的数据了：

PS> Get-EventLog -LogName Security -InstanceId 4624 |
    Select-Object -Property TimeGenerated, Message -first 1 |
    Format-List




TimeGenerated : 25.05.2018 11:39:29
Message       : An account was successfully logged on.

                Subject:
                    Security ID:		S-1-5-18
                    Account Name:		DESKTOP-7AAMJLF$
                    Account Domain:		WORKGROUP
                    Logon ID:		0x3e7

                Logon Information:
                    Logon Type:		5
                    Restricted Admin Mode:	-
                    Virtual Account:		%%1843
                    Elevated Token:		%%1842

                Impersonation Level:		%%1833

                New Logon:
                    Security ID:		S-1-5-18
                    Account Name:		SYSTEM
                    Account Domain:		NT-AUTORITÄT
                    Logon ID:		0x3e7
                    Linked Logon ID:		0x0
                    Network Account Name:	-
                    Network Account Domain:	-
                    Logon GUID:		{00000000-0000-0000-0000-000000000000}

                Process Information:
                    Process ID:		0x328
                    Process Name:		C:\Windows\System32\services.exe

                Network Information:
                    Workstation Name:	-
                    Source Network Address:	-
                    Source Port:		-

                Detailed Authentication Information:
                    Logon Process:		Advapi
                    Authentication Package:	Negotiate
                    Transited Services:	-
                    Package Name (NTLM only):	-
                    Key Length:		0

                This event is generated when a logon session is created. It is
                generated on the computer that was accessed.

                The subject fields indicate the account on the local system
                which requested the logon. This is most commonly a service
                such as the Server service, or a local process such as
                Winlogon.exe or Services.exe.

                The logon type field indicates the kind of logon that
                occurred. The most common types are 2 (interactive) and 3
                (network).

                The New Logon fields indicate the account for whom the new
                logon was created, i.e. the account that was logged on.

                The network fields indicate where a remote logon request
                originated. Workstation name is not always available and may
                be left blank in some cases.

                The impersonation level field indicates the extent to which a
                process in the logon session can impersonate.

                The authentication information fields provide detailed
                information about this specific logon request.
                    - Logon GUID is a unique identifier that can be used to
                correlate this event with a KDC event.
                    - Transited services indicate which intermediate services
                have participated in this logon request.
                    - Package name indicates which sub-protocol was used among
                the NTLM protocols.
                    - Key length indicates the length of the generated session
                key. This will be 0 if no session key was requested.

这个结果很难处理。如果您希望基于这段文本做一些自动化处理，您需要解析这段文本。

有一个简单得多的方法：您见到的消息只是一个文本模板，Windows 以“替换字符串”的方式插入相关的信息。他们是从 Get-0EventLog 接收到的事件数据的一部分。该数据存在一个数组中，整个数组对应一个事件 ID 的信息。

当您确定了哪个信息存放在哪个数组元素中，要解析出您关心的信息十分容易：

Get-EventLog -LogName Security -InstanceId 4624 |
    ForEach-Object {
    # translate the raw data into a new object
    [PSCustomObject]@{
        Time = $_.TimeGenerated
        User = "{0}\{1}" -f $_.ReplacementStrings[5], $_.ReplacementStrings[6]
        Type = $_.ReplacementStrings[10]
        Path = $_.ReplacementStrings[17]
    }
    }

当您运行这一小段代码时，它返回只包含您需要的、美观的验证信息：

12.05.2018 17:38:58 SYSTEM\NT-AUTORITÄT                     Negotiate C:\Windows\System32\services.exe
12.05.2018 17:38:58 tobweltner@zumsel.local\InternalAccount Negotiate C:\Windows\System32\svchost.exe
12.05.2018 17:38:58 SYSTEM\NT-AUTORITÄT                     Negotiate C:\Windows\System32\services.exe
12.05.2018 17:38:58 SYSTEM\NT-AUTORITÄT                     Negotiate C:\Windows\System32\services.exe
12.05.2018 17:38:53 SYSTEM\NT-AUTORITÄT                     Negotiate C:\Windows\System32\services.exe

2018-06-12发表2022-07-06更新powershell / tip2 分钟读完 (大约305个字)

PowerShell 技能连载 - 理解类型加速器（第 2 部分）

PowerShell 带来了一系列硬编码的类型加速器，它们的效果就像通常使用的 .NET 类型，而且由于它们比原始数据类型名称短很多，所以它们“加快了打字速度”。

一个很少人知道的事实是类型加速器列表是可以扩展的。以下代码添加一个新的名为 “SuperArray” 的类型加速器，它指向 “System.Collections.ArrayList”。

您现在可以创建一个新的“超级数组”（它用起来像普通的数组，但是拥有一系列额外的方法来向指定的位置增删元素，而且附加数组元素也比普通的数组快得多）：

1
2
3

[PSObject].Assembly.GetType('System.Management.Automation.TypeAccelerators')::Add('SuperArray', [System.Collections.ArrayList])

$a = [superarray]::new()

您还可以将一个普通数组转换成“超级数组”：

PS> $a = [superarray](1,2,3)

PS> $a.RemoveAt(1)

PS> $a
1
3

请注意虽然不用类型加速器也可以完成这项任务。但是得敲这么长的代码：

PS> $a = [System.Collections.ArrayList](1,2,3)

PS> $a.RemoveAt(1)

PS> $a
1
3

2018-06-11发表2022-07-06更新powershell / tip4 分钟读完 (大约617个字)

PowerShell 技能连载 - 理解类型加速器（第 1 部分）

“类型加速器”类似 .NET 类型别名。它们的目的是节约打字。例如，[ADSI] “类型”实际上并不存在。它只不过是 System.DirectoryServices.DirectoryEntry 的别名。您可以将 [ADSI] 替换为 [System.DirectoryServices.DirectoryEntry]：

PS> [ADSI].FullName
System.DirectoryServices.DirectoryEntry


PS> [System.DirectoryServices.DirectoryEntry].FullName
System.DirectoryServices.DirectoryEntry

由于类型加速器是硬编码进 PowerShell 中的，所以使用它们是安全的。以下这行代码将显示所有预定义的类型加速器，如果您想使用 .NET 类型，您可以选用列表中的内容，因为它们在 PowerShell 中都很重要：

PS> [PSObject].Assembly.GetType('System.Management.Automation.TypeAccelerators')::Get

Key                          Value
---                          -----
Alias                        System.Management.Automation.AliasAttribute
AllowEmptyCollection         System.Management.Automation.AllowEmptyCollecti...
AllowEmptyString             System.Management.Automation.AllowEmptyStringAt...
AllowNull                    System.Management.Automation.AllowNullAttribute
ArgumentCompleter            System.Management.Automation.ArgumentCompleterA...
array                        System.Array
bool                         System.Boolean
byte                         System.Byte
char                         System.Char
CmdletBinding                System.Management.Automation.CmdletBindingAttri...
datetime                     System.DateTime
decimal                      System.Decimal
double                       System.Double
DscResource                  System.Management.Automation.DscResourceAttribute
float                        System.Single
single                       System.Single
guid                         System.Guid
hashtable                    System.Collections.Hashtable
int                          System.Int32
int32                        System.Int32
int16                        System.Int16
long                         System.Int64
int64                        System.Int64
ciminstance                  Microsoft.Management.Infrastructure.CimInstance
cimclass                     Microsoft.Management.Infrastructure.CimClass
cimtype                      Microsoft.Management.Infrastructure.CimType
cimconverter                 Microsoft.Management.Infrastructure.CimConverter
IPEndpoint                   System.Net.IPEndPoint
NullString                   System.Management.Automation.Language.NullString
OutputType                   System.Management.Automation.OutputTypeAttribute
ObjectSecurity               System.Security.AccessControl.ObjectSecurity
Parameter                    System.Management.Automation.ParameterAttribute
PhysicalAddress              System.Net.NetworkInformation.PhysicalAddress
pscredential                 System.Management.Automation.PSCredential
PSDefaultValue               System.Management.Automation.PSDefaultValueAttr...
pslistmodifier               System.Management.Automation.PSListModifier
psobject                     System.Management.Automation.PSObject
pscustomobject               System.Management.Automation.PSObject
psprimitivedictionary        System.Management.Automation.PSPrimitiveDictionary
ref                          System.Management.Automation.PSReference
PSTypeNameAttribute          System.Management.Automation.PSTypeNameAttribute
regex                        System.Text.RegularExpressions.Regex
DscProperty                  System.Management.Automation.DscPropertyAttribute
sbyte                        System.SByte
string                       System.String
SupportsWildcards            System.Management.Automation.SupportsWildcardsA...
switch                       System.Management.Automation.SwitchParameter
cultureinfo                  System.Globalization.CultureInfo
bigint                       System.Numerics.BigInteger
securestring                 System.Security.SecureString
timespan                     System.TimeSpan
uint16                       System.UInt16
uint32                       System.UInt32
uint64                       System.UInt64
uri                          System.Uri
ValidateCount                System.Management.Automation.ValidateCountAttri...
ValidateDrive                System.Management.Automation.ValidateDriveAttri...
ValidateLength               System.Management.Automation.ValidateLengthAttr...
ValidateNotNull              System.Management.Automation.ValidateNotNullAtt...
ValidateNotNullOrEmpty       System.Management.Automation.ValidateNotNullOrE...
ValidatePattern              System.Management.Automation.ValidatePatternAtt...
ValidateRange                System.Management.Automation.ValidateRangeAttri...
ValidateScript               System.Management.Automation.ValidateScriptAttr...
ValidateSet                  System.Management.Automation.ValidateSetAttribute
ValidateTrustedData          System.Management.Automation.ValidateTrustedDat...
ValidateUserDrive            System.Management.Automation.ValidateUserDriveA...
version                      System.Version
void                         System.Void
ipaddress                    System.Net.IPAddress
DscLocalConfigurationManager System.Management.Automation.DscLocalConfigurat...
WildcardPattern              System.Management.Automation.WildcardPattern
X509Certificate              System.Security.Cryptography.X509Certificates.X...
X500DistinguishedName        System.Security.Cryptography.X509Certificates.X...
xml                          System.Xml.XmlDocument
CimSession                   Microsoft.Management.Infrastructure.CimSession
adsi                         System.DirectoryServices.DirectoryEntry
adsisearcher                 System.DirectoryServices.DirectorySearcher
wmiclass                     System.Management.ManagementClass
wmi                          System.Management.ManagementObject
wmisearcher                  System.Management.ManagementObjectSearcher
mailaddress                  System.Net.Mail.MailAddress
scriptblock                  System.Management.Automation.ScriptBlock
psvariable                   System.Management.Automation.PSVariable
type                         System.Type
psmoduleinfo                 System.Management.Automation.PSModuleInfo
powershell                   System.Management.Automation.PowerShell
runspacefactory              System.Management.Automation.Runspaces.Runspace...
runspace                     System.Management.Automation.Runspaces.Runspace
initialsessionstate          System.Management.Automation.Runspaces.InitialS...
psscriptmethod               System.Management.Automation.PSScriptMethod
psscriptproperty             System.Management.Automation.PSScriptProperty
psnoteproperty               System.Management.Automation.PSNoteProperty
psaliasproperty              System.Management.Automation.PSAliasProperty
psvariableproperty           System.Management.Automation.PSVariableProperty

2018-06-08发表2022-07-06更新powershell / tip2 分钟读完 (大约353个字)

PowerShell 技能连载 - Out-Notepad: Send Information to Notepad

您是否曾希望将文本直接发送到记事本，而并不将它保存到文件中？

通常，您需要将文本保存到一个文件，然后通知它读取文件。还有一个更特别的方法：通过 Windows 消息和记事本通信，将文字发送到记事本。这是 Out-Notepad 函数的代码：

#requires -Version 2
function Out-Notepad
{
  param
  (
    [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
    [String]
    [AllowEmptyString()]
    $Text
  )

  begin
  {
    $sb = New-Object System.Text.StringBuilder
  }

  process
  {
    $null = $sb.AppendLine($Text)
  }
  end
  {
    $text = $sb.ToString()

    $process = Start-Process notepad -PassThru
    $null = $process.WaitForInputIdle()


    $sig = '
      [DllImport("user32.dll", EntryPoint = "FindWindowEx")]public static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);
      [DllImport("User32.dll")]public static extern int SendMessage(IntPtr hWnd, int uMsg, int wParam, string lParam);
    '

    $type = Add-Type -MemberDefinition $sig -Name APISendMessage -PassThru
    $hwnd = $process.MainWindowHandle
    [IntPtr]$child = $type::FindWindowEx($hwnd, [IntPtr]::Zero, "Edit", $null)
    $null = $type::SendMessage($child, 0x000C, 0, $text)
  }
}

这是它的使用方法：

1
2
3

PS> Get-Service | Out-Notepad

PS> Get-Service | Out-String | Out-Notepad

这两行代码，都能打开一个全新的 Notepad 实例，所有服务信息都写入 Notepad。请注意它们的不同：第一行代码创建一个对象名称的列表。如果您希望对象的显示像在 PowerShell 中那样详细，请确保将他们通过管道送给 Notepad 之前先将它们用管道送给 Out-String。

2018-06-07发表2022-07-06更新powershell / tip3 分钟读完 (大约472个字)

PowerShell 技能连载 - 使用秘密的 $FormatEnumerationLimit 变量

Format-List 缺省以列表的形式显示对象的属性，如果某个属性包含一个数组，该数组将会转换为文本，而且只显示一小部分数组元素。以下是一个例子：

PS> Get-Process -Id $Pid | Format-List -Property Name, Modules


Name    : powershell_ise
Modules : {System.Diagnostics.ProcessModule (PowerShell_ISE.exe),
            System.Diagnostics.ProcessModule (ntdll.dll), System.Diagnostics.ProcessModule
            (MSCOREE.DLL), System.Diagnostics.ProcessModule (KERNEL32.dll)...}

这行代码获取 PowerShell 的进程，并且显示它的名称和加载的模块。如您所见，输出的结果并没有显示所有加载的模块。

有一个名为 FormatEnumerationLimit 的神秘变量，控制 Format-List 显示多少个数组元素。

缺省情况下，显示个数限制为 4 个，所以输出结果中最多显示 4 个数组元素。如果将限制值设为 -1，事实上相当于关闭了该限制：

PS> $FormatEnumerationLimit
4

PS> $FormatEnumerationLimit = -1

PS> $FormatEnumerationLimit
-1

如果您再次运行相同的命令，Format-List 将显示所有数组元素：

PS> Get-Process -Id $Pid | Format-List -Property Name, Modules


Name    : powershell_ise
Modules : {System.Diagnostics.ProcessModule (PowerShell_ISE.exe),
        System.Diagnostics.ProcessModule (ntdll.dll), System.Diagnostics.ProcessModule
        (MSCOREE.DLL), System.Diagnostics.ProcessModule (KERNEL32.dll),
        System.Diagnostics.ProcessModule (KERNELBASE.dll), System.Diagnostics.ProcessModule
        (ADVAPI32.dll), System.Diagnostics.ProcessModule (msvcrt.dll),
        System.Diagnostics.ProcessModule (sechost.dll), System.Diagnostics.ProcessModule
        (RPCRT4.dll), System.Diagnostics.ProcessModule (mscoreei.dll),
        System.Diagnostics.ProcessModule (SHLWAPI.dll), System.Diagnostics.ProcessModule
        (combase.dll), System.Diagnostics.ProcessModule (ucrtbase.dll),
        System.Diagnostics.ProcessModule (bcryptPrimitives.dll),
        System.Diagnostics.ProcessModule (GDI32.dll), System.Diagnostics.ProcessModule
        (gdi32full.dll), System.Diagnostics.ProcessModule (msvcp_win.dll),
        System.Diagnostics.ProcessModule (USER32.dll), System.Diagnostics.ProcessModule
        (win32u.dll), System.Diagnostics.ProcessModule (IMM32.DLL),
        System.Diagnostics.ProcessModule (kernel.appcore.dll), System.Diagnostics.ProcessModule
        (VERSION.dll), System.Diagnostics.ProcessModule (clr.dll),
        System.Diagnostics.ProcessModule (MSVCR120_CLR0400.dll),
        System.Diagnostics.ProcessModule (mscorlib.ni.dll), System.Diagnostics.ProcessModule
        (ole32.dll), System.Diagnostics.ProcessModule (uxtheme.dll),
        System.Diagnostics.ProcessModule (tiptsf.dll), System.Diagnostics.ProcessModule
        (OLEAUT32.dll), System.Diagnostics.ProcessModule (CRYPTSP.dll),
        System.Diagnostics.ProcessModule (rsaenh.dll), System.Diagnostics.ProcessModule
        (bcrypt.dll), System.Diagnostics.ProcessModule (CRYPTBASE.dll),
(...)

2018-06-06发表2022-07-06更新powershell / tip1 分钟读完 (大约147个字)

PowerShell 技能连载 - 立刻关闭显示器

如果您想运行一个长时间执行的脚本，何不先关闭显示器，而是傻傻地等着超时以后显示屏保呢？

以下是一个简单的函数，能够立即关闭显示器。只需要移动鼠标或按任意键就可以唤醒：

function Set-DisplayOff
{
    $code = @"
using System;
using System.Runtime.InteropServices;
public class API
{
    [DllImport("user32.dll")]
    public static extern
    int SendMessage(IntPtr hWnd, UInt32 Msg, IntPtr wParam, IntPtr lParam);
}
"@
    $t = Add-Type -TypeDefinition $code -PassThru
    $t::SendMessage(0xffff, 0x0112, 0xf170, 2)
}

2018-06-05发表2022-07-06更新powershell / tip1 分钟读完 (大约191个字)

PowerShell 技能连载 - 配置网络适配器

以下是一个简单的例子，演示如何向网络适配器分配 IP 地址、网关，和 DNS 服务器。这段脚本列出所有活动的网络适配器。当您选择一项并点击确认，脚本将把硬编码的地址赋给网络适配器。

请注意一下脚本只是模拟改变网络配置。如果您希望真的改变网络设置，请移除 -WhatIf 参数：

$NewIP = '192.168.2.12'
$NewGateway = '192.168.2.2'
$NewDNS = '8.8.8.8'
$Prefix = 24

$adapter = Get-NetAdapter |
Where-Object Status -eq 'Up' |
Out-GridView -Title 'Select Adapter to Configure' -OutputMode Single
$index = $adapter.InterfaceIndex

New-NetIPAddress -InterfaceIndex $index -IPAddress $NewIP -DefaultGateway $NewGateway -PrefixLength $Prefix -AddressFamily IPv4 -WhatIf
Set-DNSClientServerAddress –InterfaceIndex $index –ServerAddresses $NewDNS -whatIf

2018-06-04发表2022-07-06更新powershell / tip3 分钟读完 (大约392个字)

PowerShell 技能连载 - 免费的 PowerShell 帮助手册

即便是有经验的 PowerShell 用户也会经常忽略 PowerShell 强大的帮助系统，它类似 Linux 中的 man page。您所需要做的只是一次性下载帮助文件。要下载帮助文件，您需要在提升权限的 PowerShell 中运行以下代码：

1	PS> Update-Help -UICulture en-us -Force

当帮助文件下载完以后，以下是一个很棒的基础列表，展示 PowerShell 语言的几乎所有细节：

PS> Get-Help about* | Select Name, Synopsis

Name                                   Synopsis
----                                   --------
about_ActivityCommonParameters         Describes the parameters that Windows...
about_Aliases                          Describes how to use alternate names ...
about_Arithmetic_Operators             Describes the operators that perform ...
about_Arrays                           Describes arrays, which are data stru...
about_Assignment_Operators             Describes how to use operators to ass...
about_Automatic_Variables              Describes variables that store state ...
about_Break                            Describes a statement you can use to ...
about_Checkpoint-Workflow              Describes the Checkpoint-Workflow act...
about_CimSession                       Describes a CimSession object and the...
about_Classes                          Describes how you can use classes to ...
about_Command_Precedence               Describes how Windows PowerShell dete...
about_Command_Syntax                   Describes the syntax diagrams that ar...
about_Comment_Based_Help               Describes how to write comment-based ...
about_CommonParameters                 Describes the parameters
...

您甚至可疑用这行代码创建您自己的 PowerShell 帮助查看器：

Get-Help about* |
    Select-Object -Property Name, Synopsis |
    Out-GridView -Title 'Select Topic' -OutputMode Multiple |
    ForEach-Object {
    Get-Help -Name $_.Name -ShowWindow
    }

当运行这行代码时，PowerShell 将搜索帮助主题并打开一个网格视图。只需要按住 CTRL 并选择所有您想阅读的主题，然后单击确认。选中的主题将会在独立的帮助查看窗口中打开。