Introduction to providers
A provider in PowerShell is a specialized interface to a service or dataset that presents items to the end user in the same style as a file system.
All operating systems include the following providers:
- Alias: PowerShell aliases
- Environment: Environment variables (for the process)
- FileSystem: Files and folders
- Function: Any functions in the session
- Variable: Any variables in the session
Windows operating systems also include Windows-specific providers:
- Registry: All loaded registry hives
- Certificate: The LocalMachineandCurrentUsercertificate stores
- WSMan: Windows remoting configuration
Several modules, such as the ActiveDirectory and WebAdministration modules, add service-specific providers when imported.
A longer description of Providers can be seen by viewing the about file:
Get-Help about_Providers
The available providers can be viewed in the current PowerShell session by running Get-PSProvider, as shown in the following example:
PS> Get-PSProvider
Name           Capabilities                       Drives
----           ------------                       ------
Registry       ShouldProcess, Transactions        {HKLM, HKCU}
Alias          ShouldProcess                      {Alias}
Environment    ShouldProcess                      {Env}
FileSystem     Filter, ShouldProcess, Credentials {C, D}
Function       ShouldProcess                      {Function}
Variable       ShouldProcess                      {Variable}
Certificate    ShouldProcess                      {Cert}
WSMan          Credentials                        {WSMan}
Each of the previous providers has a help file associated with it. In PowerShell, the help files are named about_<ProviderName>_Provider; for example:
Get-Help -Name about_Certificate_Provider
A list of all help files for providers in PowerShell 7 can be seen by running the following command:
Get-Help -Name About_*_Provider
In Windows PowerShell, the help files have a special category and are accessed by name, for example:
Get-Help -Name Certificate -Category Provider
Or, the provider help files can be listed by category:
Get-Help -Category Provider
The provider-specific help documents describe the additional parameters added to *-Item and *-ChildItem, as well as Test-Path, Get-Content, Set-Content, Add-Content, Get-Acl, Set-Acl, and so on.
Provider-specific parameters, when added to the preceding commands, allow provider-specific values for filtering, making changes to existing items, and creating new items.
PowerShell offers tab completion for parameters when the Path parameter has been defined. For example, entering the following partial command and then pressing Tab will cycle through the parameters available to the certificate provider:
Get-ChildItem -Path cert:\LocalMachine\Root -
For example, pressing Tab several times after the hyphen is entered offers up the CodeSigningCert parameter.
The items within a provider can be accessed by following the name of a provider with two colons. For example, the content of the variable provider can be shown as follows:
Get-ChildItem variable::
The same approach can be used to view the top-level items available in the Registry provider on Windows:
Get-ChildItem registry::
Child items can be accessed by adding a name; for example, a variable:
Get-Item variable::true
The preceding command is equivalent to running Get-Variable true.
The FileSystem provider returns an error when attempting to access FileSystem:: without specifying a path. A child item must be specified, for example:
Get-ChildItem FileSystem::C:\Windows
While it is possible to access providers directly using the preceding notation, several of the providers are given names and are presented in the same manner as a Windows disk drive.
Drives and providers
Drives are labels used to access data from providers by name. Drives are automatically made available for FileSystem based on the drive letters used for mounted partitions in Windows.
The output from Get-PSProvider in the previous section shows that each provider has one or more drives associated with it.
Alternatively, the list of drives can be seen using Get-PSDrive, as shown in the following example:
PS> Get-PSDrive
Name     Used (GB) Free (GB) Provider       Root
----     --------- --------- --------       ----
Alias                        Alias
C            89.13    111.64 FileSystem     C:\
Cert                         Certificate    \
D             0.45     21.86 FileSystem     D:\
Env                          Environment
Function                     Function
HKCU                         Registry       HKEY_CURRENT_USER
HKLM                         Registry       HKEY_LOCAL_MACHINE
Variable                     Variable
WSMan                        WSMan
As providers present data in a similar manner to a file system, accessing a provider is like working with a disk drive. This example shows how Get-ChildItem changes when exploring the Cert drive. The first few certificates are shown:
PS C:\> Set-Location Cert:\LocalMachine\Root
PS Cert:\LocalMachine\Root> Get-ChildItem
 Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root
Thumbprint                                  Subject
----------                                  -------
CDD4EEAE6000AC7F40C3802C171E30148030C072    CN=Microsoft Root Certif...
BE36A4562FB2EE05DBB3D32323ADF445084ED656    CN=Thawte Timestamping C...
A43489159A520F0D93D032CCAF37E7FE20A8B419    CN=Microsoft Root Author...
By default, drives are available for the current user, HKEY_CURRENT_USER (HKCU), and local machine, HKEY_LOCAL_MACHINE (HKLM), registry hives.
A new drive named HKCC might be created for HKEY_CURRENT_CONFIG with the following command:
New-PSDrive HKCC -PSProvider Registry -Root HKEY_CURRENT_CONFIG
After running the preceding command, a new drive may be used to view the content of the hive, as demonstrated by the following example:
PS C:\> Get-ChildItem HKCC:
    Hive: HKEY_CURRENT_CONFIG
Name                           Property
----                           --------
Software
System
Functions for drive letters
Running C: or D: in the PowerShell console changes to a new drive letter. This is possible because C: is a function that calls the Set-Location command. This can be seen by looking at the definition of one of the functions:
(Get-Command C:).Definition
Every letter of the alphabet (A to Z) has a predefined function (Get-Command *:).
Set-Location must be explicitly used to change to any other drive, for example:
Set-Location HKCU:
Providers are an important part of PowerShell, especially the FileSystem provider. Providers are explored in greater detail in Chapter 10, Files, Folders, and the Registry.
 
                                             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
     
         
                 
                 
                 
                 
                 
                 
                 
                 
                