Monthly Archives: March 2012

PowerShell: Enhance a CMDLET (Proxy/Wrapper)

I have this task to do, and well, I’m easily side tracked.

I find that I often times (especially with WMI calls) do a count and a Get-Member on the return just to see what I’m working with. So I thought, why not simplify that task?

function dwmi {
$rtn = iex "gwmi $([string]$args)"
$rtn | gm | ?{$ -notlike "__*"} | out-host
write-host "Count: $($rtn.count)"
return $rtn
$share = dwmi win32_share

This is a good example of where to use Invoke-Expression (IEX) as well as a good use of $args rather than named params. You could have this function use your own args as well, you’d just need to rip them out of $args before passing them to the CMDLET you are wrapping.

Just thought this was neat and worth sharing, hope you enjoy.


PowerShell: Microsoft Releases Script Explorer! Here is the ISE Fix

Microsoft has a pre-release of the Script Explorer which allows you to search poshcode, technet gallery as well as local repositories. Its kinda neat.

It ties in to ISE but not so nicely, however, with most things PowerShell, you can fix that.

This will work for a 64 bit system, I think you can easily see the change if you have a 32 bit system.

$filepath=  'c:\Program Files (x86)\Microsoft Script Explorer for Windows PowerShell\Microsoft.ScriptExplorer.ps1'

$content = gc $filepath

$content[4] += " | out-null"
$content | Out-File $filepath

No more spew on the screen!

PowerShell ISE addon for “Running” tabs

If you are like me then you have multiple PowerShell tabs open when you are working, partly to keep organized and partly to run longer tasks. I often scan all of my servers for something which can some times be a lengthy process. Rather than going back and forth between tabs to see if the job has completed I wrote this little script that you can toss in your profile that will change the tab name.

Register-ObjectEvent $psise.CurrentPowerShellTab PropertyChanged -Action {
If($Event.SourceArgs[1].PropertyName -eq "StatusText")
{ $tab = $event.Sender $name = $tab.displayname
if($Event.SourceArgs[0].StatusText -like "Running*")
 { $tab.displayname = "* $name" }
elseif($Event.SourceArgs[0].StatusText -eq "Completed" -or $Event.SourceArgs[0].StatusText -eq "Stopped")
{ $Tab.DisplayName = $name -replace "\* " }
 } }

Its up on Technet as well


PowerShell: Loading and Unloading Registry Hives

PowerShell will by default expose your HKLM and HKCU hives via drives which work because of the Registry PSProvider.



Since we see that it’s the provider that allows us to map these hives we can take it a step further and map a hive from a file (update user hives on a remote system). The problem with this is that the Registry PSProvider doesn’t extend to files. However this doesn’t stop us.

reg load 'HKLM\TempUser' $ntuserlocation

cd hklm:\TempUser


New-PSDrive -Name HKMyUser -PSProvider Registry -Root HKLM\TempUser

cd HKMyUser:\


cd c:

Remove-PSDrive HKMyUser

reg unload hklm\TempUser

This all works great until we attempt to unload that hive file or in some cases the unload works ok but we still have handles to the hive file (you can use sysinternals Handle.exe to see this)

Why is that if we removed the drive and asked Reg.exe to unload the hive? The problem is that the system has not released the memory which still has pointers in to that file, preventing us from unloading the hive or stopping us from doing other things.

So whats the trick you ask?

Ask the system to clean up those references that are no longer in use.


This uses the static method Collect from the GC class in .NET which is used for forcing the garbage collector to run and removing those unused references.