When you download ISO files, patches, or software packages, corruption and tampering are real risks. Installing a corrupted infrastructure file, like a VMware ESXi image, will break your system. Don't assume a download finished perfectly—verify it.
Windows has a built-in way to do this using the PowerShell Get-FileHash command.
The Basic Command
To calculate the SHA256 hash of a file, use the following syntax:
Get-FileHash "C:\Path\To\Your\File.iso" -Algorithm SHA256
Real-World Example
Running the command against an ESXi ISO looks like this:
Get-FileHash "C:\Downloads\ESXi.iso" -Algorithm SHA256
Output:
Algorithm Hash Path --------- ---- ---- SHA256 3F2A9C6D5B3... C:\Downloads\ESXi.iso
The Hash value is the unique digital fingerprint of your file.
Extracting Just the Hash
If you only need the raw hash string for a script or a quick comparison, wrap the command in parentheses and call the .Hash property. This drops the formatting and path details:
(Get-FileHash "C:\Downloads\ESXi.iso" -Algorithm SHA256).Hash
Automating the Comparison
Vendors provide the expected checksum on their download pages. Instead of manually comparing a 64-character string, let PowerShell do it:
$expected = "PUT_EXPECTED_HASH_HERE"
$actual = (Get-FileHash "C:\Downloads\ESXi.iso" -Algorithm SHA256).Hash
if ($actual -eq $expected) {
Write-Output "File is valid."
} else {
Write-Output "File is corrupted or modified. Do not use."
}
Key Technical Details
- Case-Insensitive: SHA256 string comparisons do not care about uppercase or lowercase letters.
- Compatibility: This command works natively on PowerShell 5+ and PowerShell 7.
- Primary Use Cases: Validating ISO files, software installers, and critical patch updates.
Verifying hashes is a mandatory step for secure system administration. Use Get-FileHash to confirm file integrity before moving anything into production.