2021 Sep 17

Tips on PowerShell $profile

Extending PowerShell possibilities is a great step beyond the regular usage. For that, we can create the $profile file, which will load every time you start the PowerShell session. You can have a separate profile for each user account, or a generic system one.

To create such file, you can use the following command:

New-Item –Path $Profile –Type File –Force

This will create just an empty text file, and you can open it with notepad or ISE (for example):

notepad $profile

It should be located in %UserProfile%/Documents/WindowsPowerShell/Microsoft.PowerShell_profile.ps1

Once opened, you can modify the file and add whatever you feel right (importing modules, functions, some screen output etc.). PowerShell will execute the commands, and start afterwards, so if you want to check the connectivity to Internet with ping, tracert or whatever, you will have some delay, which might not be great.

You can specify "global" profiles, and of course, the profile could be copied to another machine. The focus of this page is on "local" user profiles.

Just for the reference, here are the names for those variables as described on Microsoft Docs:

Current user, PowerShell ISE $PROFILE.CurrentUserCurrentHost, or $PROFILE
All users, PowerShell ISE $PROFILE.AllUsersCurrentHost
Current user, All hosts $PROFILE.CurrentUserAllHosts
All users, All hosts $PROFILE.AllUsersAllHosts

I will provide some examples you can put in the file below. You can open a new session to reload the profile, but & $profile should work as well.

NOTE: Aliases in PS are not the same as aliases in Bash. You can't replace a whole command with just one word and expect it working, PowerShell aliases is like to replace a longer word with a shorter one (or symbol).

Showing your user info

It is good to see some technical information when you start the session. I have this in my standard user profile:

clear-host
$dc=$env:LOGONSERVER -Replace '\\',''
Write-Host Date:`t`t$(get-date -UFormat "%d.%m.%Y %H:%M")
Write-Host "Logged in as:`t$(whoami)"
Write-Host "Connected to:`t$dc"

Admin profile doesn't have the lines for the logon server (2 and 5) because it is not actually logged on, it's just a PowerShell session started with its rights.

Let's break it down! First line will remove all the extra information which is not necessary, it's the analogue of pressing ^L (Ctrl+L - works starting from PS v5), typing cls in cmd or clear in bash - it clears the screen.

The second line defines the logon server (the domain controller you are connected to), but also removes 2 leading backslashes as they are not relevant and distracting.

Line 3 writes the current date in the format DD.MM.YYYY HH:MM, you can select something else. Reference on Microsoft Docs

Line 4 shows your current username (so you don't confuse the sessions, if anything).

Line 5 writes down the logon server.

Listing the locked out users

As mentioned above, aliases in PowerShell are not like the ones in Bash, so if you want to replace the command with one word, you need to specify a function. If you add it to the profile, you will have that particular function active every time you start the session. Alternatively, you can provide an alias to the function. I used to have the one called "locked" at first, as it fast and easy to type, but good practice is to have the PowerShell naming convention of Verb-Noun.

Just to mention, users get locked out due to the incorrect passwords, so you can check who is currently locked out, so to have Unlock-ADAccount on it (if asked, don't unlock because you think it is right):

function Get-LockedoutUsers {
Search-ADAccount -lockedout | Select-Object Name, SamAccountName
}

The output will be similar to this:

Checking the *real* expiry date of the accounts

This topic was covered in the previous post!

So in general, the profile might look like this (I will try to update the file accordingly whenever the new ideas appear):

They posted on the same topic

Trackback URL : https://dykhl.in/trackback/10

This post's comments feed