SEC505
  • Welcome to "Securing Windows with PowerShell: A Deep Dive into SEC505"
    • Sec 505.1
      • Intro to Ps
      • Tips for Executing Commands
      • Getting Help in PowerShell
      • Aliases in PowerShell
      • Objects, Properties, and Methods
      • Get-Member (Alias: gm)
      • Drives and Environment Variables
      • Your Profile Script(s)
      • Functions, Cmdlets, and Modules
      • The PowerShell Gallery
      • Exporting, Importing, an d Converting Pages Reusable content Files Object Data
        • Select-Object (Alias: Select)
          • Arrays Are like In-Memory Database Tables
      • Search Event Logs
      • Hashtables and Splatting
      • Flow Control (All in one)
      • Functions
Powered by GitBook
On this page
  • 2. Navigating Drives
  • 3. Environment Variables in PowerShell
  • 4. Built-In PowerShell Variables
  • 5. Creating Custom Drives
  1. Welcome to "Securing Windows with PowerShell: A Deep Dive into SEC505"
  2. Sec 505.1

Drives and Environment Variables

In PowerShell, a drive is a top-level container that represents a hierarchical data structure. These structures can include:

  • File systems (e.g., C:\, D:\)

  • Registry hives (e.g., HKLM:\, HKCU:\)

  • Environment variables (e.g., env:\)

  • Certificates (e.g., cert:\)

  • Variables (e.g., variable:\)

  • Aliases (e.g., alias:\)

  • Functions (e.g., function:\)

Each drive is a logical representation of a data store, allowing you to interact with it using familiar commands like Get-ChildItem (aliased as dir or ls).

Why Use Drives?

The concept of drives simplifies navigation and manipulation of hierarchical data structures. Instead of using different tools for the filesystem, registry, or environment variables, PowerShell provides a unified interface. This consistency reduces the learning curve and makes scripting more intuitive.

For example:

  • In the filesystem, you navigate folders and files.

  • In the registry, you navigate keys and values.

  • In environment variables, you navigate variable names and their values.

PowerShell treats all these structures as "drives," so you can use the same commands (cd, dir, New-Item, etc.) across different data stores.

Listing Available Drives

To see the drives currently available in your PowerShell session, use the Get-PSDrive command:

Get-PSDrive

This command lists all drives, including filesystem drives (C:, D:), registry drives (HKLM:, HKCU:), and others like env: and cert:.

Providers: The Backbone of Drives

Each drive is backed by a provider, which is a .NET assembly that exposes a data store to PowerShell. Providers enable PowerShell to interact with different types of data stores in a consistent way.

To list the available providers, use:

Get-PSProvider

Common providers include:

  • FileSystem: Manages files and folders.

  • Registry: Manages registry keys and values.

  • Environment: Manages environment variables.

  • Alias: Manages PowerShell aliases.

  • Variable: Manages PowerShell variables.

2. Navigating Drives

Changing Locations

PowerShell provides the Set-Location cmdlet (aliased as cd or chdir) to change your current location within a drive. For example:

cd C:\Windows  # Navigate to the Windows directory
cd HKLM:\Software  # Navigate to the Software registry hive
cd env:  # Navigate to the environment variables drive

You can also use relative paths (. for the current directory, .. for the parent directory) and tab completion for convenience.

Viewing Contents

To view the contents of a drive or directory, use the Get-ChildItem cmdlet (aliased as dir or ls):

dir C:\  # List files and folders in the root of C:
dir HKLM:\Software  # List registry keys under Software
dir env:  # List all environment variables

3. Environment Variables in PowerShell

What Are Environment Variables?

Environment variables are dynamic values that affect the behavior of processes and programs running on your system. Examples include:

  • PATH: Specifies directories where executable programs are located.

  • TEMP: Specifies the directory for temporary files.

  • USERNAME: Specifies the current user's name.

Accessing Environment Variables

In PowerShell, environment variables are accessed through the env: drive. To list all environment variables:

dir env:

To access a specific variable, use the $env: prefix:

$env:PATH  # View the PATH variable
$env:USERNAME  # View the current username

Modifying Environment Variables

Creating a New Variable

To create a new environment variable:

New-Item -Path env:\MY_VARIABLE -Value "MyValue"

Updating an Existing Variable

To change the value of an existing variable:

Set-Item -Path env:\MY_VARIABLE -Value "NewValue"

Deleting a Variable

To remove an environment variable:

Remove-Item -Path env:\MY_VARIABLE

Why Environment Variable Changes Are Not Permanent

Changes to environment variables in PowerShell are session-specific. If you close PowerShell, all changes are lost. To make permanent changes, you must modify your system's environment variables through the Control Panel or by editing your PowerShell profile.

4. Built-In PowerShell Variables

PowerShell automatically creates several variables, known as automatic variables, that provide useful information and functionality. To see a list of these variables:

help about_automatic_variables

Some commonly used automatic variables include:

  • $_: Represents the current object in the pipeline.

  • $?: Indicates whether the last operation succeeded ($true or $false).

  • $HOME: Stores the path to the user's home directory.

  • $PROFILE: Stores the path to the user's PowerShell profile script.

5. Creating Custom Drives

You can create custom drives using the New-PSDrive cmdlet. For example, to map a network share as a drive:

New-PSDrive -Name Share -PSProvider FileSystem -Root \\Server\Share
cd Share:

This creates a new drive called Share: that points to the specified network path.

PreviousGet-Member (Alias: gm)NextYour Profile Script(s)

Last updated 2 months ago

Page cover image