Learn windows powershell in a month of lunches

new edition available

this edition is free when you purchase

Learn PowerShell in a Month of Lunches, Fourth Edition

Chapter 1: Before You Begin

1.1. Why You Can’t Afford to Ignore PowerShell
The transition from previous scripting languages like VBScript to PowerShell marks a significant development for Windows administrators. PowerShell is designed not just for scripting but as a command-line shell to run utilities efficiently. Its growing popularity is due to the need for enhanced administration capabilities.

1.1.1. Life Without PowerShell
Before PowerShell, administrators relied on GUIs for task execution, resulting in inefficiency. While scripting languages like VBScript improved productivity for certain tasks, they fell short due to inconsistent support from Microsoft.

1.1.2. Life with PowerShell
PowerShell enables full access to a product’s administrative functions, allowing automation of repetitive tasks. This integration signifies a shift in administration practices, promoting efficiency and command-line operations.

1.2. And Now, It’s Just “PowerShell”
In 2016, Microsoft open-sourced PowerShell, extending its availability to macOS and Linux, thereby fostering a broader community for its evolution.

1.3. Is This Book for You?
The book targets three PowerShell user categories: command executors, process combiners, and tool developers, focusing primarily on new users to enhance command-line skills and automation understanding.

1.4. How to Use This Book
Designed for a daily reading routine, the book comprises main chapters, hands-on labs, and supplementary materials for effective learning and practice, encouraging exploration beyond initial content.

1.5. Setting Up Your Lab Environment
Users need a lab environment with PowerShell v3 or later for practice. Recommendations include using Windows 8.1 or later on a 64-bit system and avoiding production environments for practice.

1.6. Installing Windows PowerShell
PowerShell v3 is preinstalled on newer Windows versions, and users should check and install the appropriate version to ensure compatibility with book content.

1.7. Contacting Us
Feedback is encouraged through social media and forums for support and additional resources related to PowerShell.

1.8. Being Immediately Effective with PowerShell
The book emphasizes practical application over extensive theory, aiming to make users effective immediately by focusing on real-world tasks and gradually introducing nuanced details.

Chapter 2: Meet PowerShell

This chapter introduces PowerShell and guides users on choosing the appropriate interface for Windows PowerShell.

2.1. Choose Your Weapon

Microsoft offers multiple ways to access PowerShell on Windows, including four main icons depending on whether the system is 32-bit or 64-bit. Users are encouraged to use the 64-bit versions for better compatibility with extensions.

2.1.1. The Console Window

The PowerShell console window is the most standard way to interact with PowerShell. Though it has limitations, such as inconsistent character support and non-standard keystrokes for clipboard operations, it can be essential for server environments without a GUI. There are tips for configuring the console for better usability, including increasing the font size, adjusting the command history buffer, and setting a high-contrast color scheme.

2.1.2. The Integrated Scripting Environment (ISE)

The PowerShell ISE provides a more user-friendly interface, supporting features like double-byte character sets and traditional copy-paste operations. Key areas include the Script Editor, Console pane, and Command Explorer. Configuration options are available to customize user experience through color schemes and layouts.

2.2. It’s Typing Class All Over Again

Effective typing is crucial in PowerShell, and both the console and ISE offer features to minimize typing errors, such as Tab completion and IntelliSense in the ISE. Accuracy in command typing is emphasized to avoid common errors.

2.3. Common Points of Confusion

Several common issues may trip users up, including configuring the console to avoid horizontal scrollbars, understanding the importance of using the correct 32-bit versus 64-bit applications, and ensuring the application window is running with administrative privileges.

2.4. What Version Is This?

It’s important to verify the PowerShell version in use. Users can check their version with the `$PSVersionTable` command. Users are urged to ensure they are running at least version 3.0.

2.5. Lab

This lab aims to set up the console and ISE according to user preferences. Users should adjust fonts and colors, eliminate horizontal scrollbars in the console, maximize the console pane in ISE, and ensure characters like quotes and brackets are distinguishable. These steps reinforce the learning objectives of setting up a user-friendly environment in PowerShell.

Chapter 3 | Using the help system

Install Bookey App to unlock full text and audio

Chapter 4: Running Commands

This chapter introduces PowerShell’s command execution, emphasizing its functionality as a shell rather than a traditional scripting language. The focus is on executing commands directly in the shell, using built-in cmdlets and external command-line utilities without needing to write scripts.

4.1. Not Scripting, but Running Commands
PowerShell operates as a shell, akin to Cmd.exe and UNIX shells. Users can simply type commands and parameters and see results immediately, rather than developing scripts. Although PowerShell accommodates advanced scripting complexities, beginners are encouraged to run commands directly for effectiveness.

4.2. The Anatomy of a Command
Understanding the structure of a PowerShell command is crucial. Key elements include:
— Cmdlet names follow a verb-noun format (e.g., Get-EventLog).
— Parameters can be named (with values) or switch parameters (without values).
— Accurate spacing, dashes, and parameter names are essential to avoid errors.

4.3. The Cmdlet Naming Convention
Cmdlets, native to PowerShell, follow a naming convention of verb followed by a noun (e.g., Get-Service). Microsoft’s standardization aids in anticipating command names, helping users guess and validate command functionality.

4.4. Aliases: Nicknames for Commands
Aliases provide shorter command names (e.g., gsv for Get-Service) and can be created or accessed in PowerShell. Unlike Linux, aliases in PowerShell do not carry parameters.

4.5. Taking Shortcuts
PowerShell allows command shortcuts in three ways:
— Truncating Parameter Names: Use abbreviated names as long as they’re distinguishable.
— Using Parameter Name Aliases: Some parameters have aliases not documented in help files.
— Using Positional Parameters: Parameters can be provided by their position, but this method increases the risk of errors.

4.6. Cheating a Bit: Show-Command
The Show-Command cmdlet provides a graphical interface for constructing commands, making it easier to ensure correct syntax and usage.

4.7. Support for External Commands
PowerShell can execute traditional command-line utilities (e.g., Ping, Ipconfig) along with its cmdlets. Users are encouraged to continue using familiar commands when appropriate, while PowerShell also offers enhanced cmdlets for certain tasks.

4.8. Dealing with Errors
PowerShell generates error messages that often indicate the source of the problem, encouraging users to consult help and type commands accurately to find solutions.

4.9. Common Points of Confusion
Key common mistakes include:
— Incorrect formatting of cmdlet names and parameters.
— Forgetting spaces or dashes when typing commands can lead to errors.

4.10. Lab
Users are tasked with practical exercises to apply their understanding of command execution in PowerShell, such as listing processes, creating aliases, and querying firewall rules.

4.11. Lab Answers
Answers are provided for the lab tasks, reinforcing the concepts covered in the chapter and encouraging users to refine their command-line skills.

Chapter 5. Working with Providers

Overview of Providers
PowerShell uses providers to manage various types of data storage, similar to how file systems work. Understanding this concept simplifies the use of PowerShell, especially for users already familiar with command prompts.

5.1. What are Providers?
A PowerShell provider (PSProvider) acts as an adapter to represent different data stores, such as the filesystem, environment variables, and the Windows Registry, as drives within PowerShell. Users can list installed providers with the `Get-PSProvider` command, which reveals each provider’s capabilities such as filtering and credential support.

5.2. Understanding Filesystem Organization
The Windows filesystem is structured around drives, folders, and files. PowerShell refers to these components as «items,» allowing for more generic operations that can apply to various data stores. This generic approach enables the use of item-related cmdlets across different providers.

5.3. Filesystem as a Model for Other Data Stores
PowerShell’s treatment of the filesystem serves as a model for other stores, including the Windows Registry. Although they share similarities, each form of storage has unique characteristics and operational support.

5.4. Navigating the Filesystem
Cmdlets like `Set-Location` help users navigate within the filesystem. PowerShell also provides the ability to create new items, but the cmdlet `New-Item` requires explicit type definitions for different item types, unlike the more user-friendly `mkdir` command.

5.5. Using Wildcards and Literal Paths
Wildcards are supported in many cmdlets, allowing users to specify multiple items with patterns. However, in cases where special characters are part of item names, the `-LiteralPath` parameter must be used to treat these characters literally.

5.6. Working with Other Providers
To gain proficiency with different providers, users can practice with the Registry provider, which is available on all systems. By navigating through the Registry structure, users can modify values similarly to how they would work with filesystem drives.

5.7. Lab
This section includes hands-on tasks for users to familiarize themselves with PowerShell commands related to providers, such as modifying Registry entries, creating directories, and understanding file content changes.

5.8. Further Exploration
PowerShell providers are also utilized in other software like IIS and SQL Server, which allows for dynamic interaction with their configurations. Users are encouraged to explore these providers to understand how different software systems implement provider concepts.

5.9. Lab Answers
The section provides solutions to the lab exercises, reinforcing the knowledge gained about cmdlets and providers while clarifying potential errors and their reasons.

This chapter emphasizes the importance of understanding providers in PowerShell for efficient data management and interaction with different types of storage systems.

Chapter 6 | The pipeline: connecting commands

Install Bookey App to unlock full text and audio

New titles added every week

Chapter 7: Adding Commands

Overview
PowerShell’s extensibility is accentuated through various commands developed for Microsoft products. These can be accessed through management tools like Exchange Server and SQL Server.

7.1 How One Shell Can Do Everything
— PowerShell and the Microsoft Management Console (MMC) share extensibility.
— MMC requires additional components called snap-ins, similar to how PowerShell requires extensions.
— When management tools are installed, their corresponding PowerShell extensions become available.

7.2 About Product-Specific “Management Shells”
— There is only one version of Windows PowerShell, regardless of the product.
— Example: The Active Directory Module runs within standard PowerShell but includes preloaded commands for convenience.

7.3 Extensions: Finding and Adding Snap-ins
— PowerShell extensions come as snap-ins (PSSnapins) and modules.
— You can view registered snap-ins using `Get-PSSnapin -registered`.
— Load a snap-in using `Add-PSSnapin`, and explore added cmdlets with `Get-Command`.

7.4 Extensions: Finding and Adding Modules
— Modules are easier to manage and do not require advanced registration.
— PowerShell auto-discovers modules via PSModulePath.
— Commands from modules can be used without preloading them explicitly.

7.5 Command Conflicts and Removing Extensions
— Naming conventions with prefixes help avoid command conflicts.
— If conflicts arise, either `Remove-PSSnapin` or `Remove-Module` can be used to unload extensions.

7.6 On Non-Windows Operating Systems
— Some commands and modules may not function on Linux or macOS due to missing dependencies.

7.7 Playing with a New Module
— Experimenting with commands in PowerShell to discover functionalities (e.g., clearing DNS cache).

7.8 Profile Scripts: Preloading Extensions When the Shell Starts
— To streamline shell usage, create a profile script that loads necessary snap-ins and modules upon startup.

7.9 Getting Modules from the Internet
— PowerShellGet simplifies searching, installing, and updating modules from online repositories like PowerShell Gallery.

7.10 Common Points of Confusion
— New users often fail to utilize the help system effectively; using the `-example` or `-full` switches enhances learning.

7.11 Lab
— Task: Run Networking troubleshooting pack on supported Windows versions and troubleshoot connectivity using PowerShell.

7.12 Lab Answers
— Suggested commands for accomplishing the lab task, highlighting the discovery of relevant modules and commands.

Chapter 8: Objects: Data by Another Name

In this chapter, we explore the critical concept of objects within PowerShell, which can be confusing but is vital for effective use of the shell. Readers with programming experience can skip to section 8.2, while novices should start from section 8.1.

8.1 What are Objects?
When you run commands like `Get-Process`, PowerShell returns a set of information about processes constructed in memory as a table. Each row (object) corresponds to a process, with columns (properties) representing various information attributes. PowerShell limits the visible columns based on its configuration, but using `ConvertTo-HTML` allows you to view all properties available for an object. Key terminology includes:
— Object: A row in the table representing a single entity, like a process.
— Property: A column in the table representing attributes of the object.
— Method: Actions that can be performed on objects, such as killing a process.
— Collection: The entirety of objects, equating to the table.

8.2 Understanding Why PowerShell Uses Objects
PowerShell uses objects because Windows is an object-oriented operating system, which makes this structure more intuitive and powerful for users. By leveraging objects, PowerShell reduces the need for complex text manipulation typically seen in UNIX/Linux, allowing for simpler and more efficient command execution without dependency on output formatting or text parsing.

8.3 Discovering Objects: Get-Member
To understand the properties and methods available for an object, you use `Get-Member` (alias `Gm`). This command reveals a list of an object’s members—properties and methods—allowing administrators to effectively manipulate and understand the objects they are working with.

8.4 Using Object Attributes, or Properties
In PowerShell, objects can contain different types of properties, including ScriptProperty, NoteProperty, and AliasProperty. Generally, properties provide descriptive values about an object. Most properties are read-only in PowerShell, with about 90% of usage revolving around retrieving these properties.

8.5 Using Object Actions, or Methods
Objects often have methods that allow users to execute actions on them, although casual PowerShell users typically interact with cmdlets rather than directly calling methods. This book focuses on using cmdlets for task management and simplifies the process for users.

8.6 Sorting Objects
PowerShell’s `Sort-Object` cmdlet allows sorting of object collections in a defined order. For example, you can sort processes by virtual memory usage in descending order. This cmdlet supports sorting by multiple properties as well.

8.7 Selecting the Properties You Want
The `Select-Object` cmdlet lets users specify which properties to display from an object, helping to filter out undesired data. It also allows for selecting a subset of objects with `-First` and `-Last` parameters.

8.8 Objects Until the End
The pipeline in PowerShell retains objects throughout the processing of a command line until the final command executes. Understanding how objects transition through the pipeline is essential, enabling users to manipulate data effectively at each stage.

8.9 Common Points of Confusion
New users often make mistakes in understanding object properties and handling commands. It’s important to remember to use `Gm` to view properties and to ensure proper syntax in command lines.

8.10 Lab
This section includes hands-on exercises designed to reinforce the concepts covered in the chapter, encouraging experimentation with various cmdlets.

8.11 Lab Answers
The answers provided to the lab exercises help users verify their understanding of the material and clarify any concepts that may be confusing.

Chapter 9 | The pipeline, deeper

Install Bookey App to unlock full text and audio

Chapter 10: Formatting—and Why It’s Done on the Right

Overview of PowerShell Formatting
PowerShell cmdlets produce objects with potentially numerous properties, not all of which are displayed by default. Users can utilize `Get-Member` to see a full list of properties and `Select-Object` to choose specific ones. This chapter focuses on customizing output formatting, enabling users to override default configurations.

10.1. Formatting: Making What You See Prettier
While PowerShell is not a comprehensive reporting tool, it can effectively gather and format information for reports. This section explains how the PowerShell formatting system works and highlights common traps new users may encounter.

10.2. Working with the Default Formatting
The default display of cmdlet outputs includes specific column headers and alignments determined by `.format.ps1xml` files. For example, the formatting for process objects is found in `DotNetTypes.format.ps1xml`. Users are guided to navigate this XML file to understand the intrinsic formatting rules.

10.3. Formatting Tables
The `Format-Table` cmdlet, or its alias `Ft`, is key for daily formatting tasks. Important parameters include:
— `-autoSize` for adjusting column widths automatically.
— `-property` to specify which properties to include.
— `-groupBy` to create new column headers based on property values.
— `-wrap` to prevent truncation of information.

10.4. Formatting Lists
The `Format-List` cmdlet (`Fl`) is used to display detailed property information vertically, ideal for instances where horizontal space is limited.

10.5. Formatting Wide Lists
`Format-Wide` (`Fw`) presents a single property’s values across multiple columns, useful for quickly viewing lists of items.

10.6. Creating Custom Columns and List Entries
Custom properties can be added to the output using hash tables, allowing users to re-label columns or perform calculations directly in the output.

10.7. Going Out: To a File, a Printer, or the Host
Formatted output can be directed to various destinations: the console (Out-Host), files (Out-File), or printers (Out-Printer). It is vital to follow the correct configuration to ensure the output appears as intended.

10.8. Another Out: GridViews
`Out-GridView` displays output in a grid format, bypassing the formatting subsystem, which enhances readability for handling larger datasets.

10.9. Common Points of Confusion
Two major pitfalls include:
— Always Format Right: `Format-` cmdlets should be the last command in a pipeline, except when followed by `Out-File` or `Out-Printer`.
— One Type of Object at a Time: Mixing different object types can lead to improper formatting results.

10.10. Lab
A series of tasks encourages readers to practice new formatting skills using various cmdlets and configurations.

10.11. Further Exploration
Encouragement to experiment with formatting capabilities in PowerShell to enhance proficiency and prepare for future labs.

10.12. Lab Answers
A collection of solutions to the lab exercises provides users with clear examples to check their understanding and skills.

Chapter 11: Filtering and Comparisons

In this chapter, you’ll learn how to narrow down the output in PowerShell to focus on specific items of interest rather than working with the entire dataset.

11.1. Making the Shell Give You Just What You Need

PowerShell offers two primary filtering methods:
— Early Filtering: Instruct cmdlets to retrieve only the specified data.
— Iterative Filtering: Use a second cmdlet to filter unwanted results after retrieving all data.

For example, to get only running services with `Get-Service`, you’d use a command like `Get-Service | Where-Object { $_.Status -eq ‘Running’ }`.

11.2. Filtering Left

Filtering left means applying your filtering criteria as early in the command as possible to minimize the workload on subsequent cmdlets. Each cmdlet can have different filtering abilities. Knowing how to effectively filter can lead to better performance but may require a deeper understanding of cmdlet functionalities.

11.3. Using Comparison Operators

Comparison operators allow you to test relationships between values, yielding Boolean results (True or False). The common PowerShell comparison operators include:
— `-eq` (equal), `-ne` (not equal)
— `-gt`, `-lt` (greater than, less than)
— Comparison for strings: `-like`, `-notlike`, `-match`, `-notmatch`.

Boolean operators such as `-and`, `-or`, and `-not` can evaluate multiple conditions together.

11.4. Filtering Objects Out of the Pipeline

You can apply filters directly using cmdlets like `Where-Object`. This allows you to filter as objects pass through the pipeline, e.g., `Get-Service | Where-Object { $_.Status -eq ‘Running’ }`. The `$_.` represents the current object in the pipeline.

11.5. Using the Iterative Command-Line Model

The PowerShell Iterative Command-Line Model enables you to build commands step-by-step, testing results after each command. This method encourages active engagement with output, refining commands iteratively.

11.6. Common Points of Confusion

— Filter Left: Always try to filter as close to the source of data as possible.
— Deferred Placeholders (`$_`): This placeholder is only valid in specific contexts (like `Where-Object`).

11.7. Lab

The lab includes exercises focused on filtering tasks such as retrieving non-virtual network adapters, DNS client cache records, and specific hotfixes.

11.8. Further Exploration

Practice filtering the output from previously learned cmdlets (e.g., `Get-Hotfix`, `Get-Process`). Challenge yourself to use filtering effectively and to identify when to use `Where-Object`.

11.9. Lab Answers

A set of practical answers is provided for lab exercises focused on gaining familiarity with command syntax and filtering capabilities.

Chapter 12 | A practical interlude

Install Bookey App to unlock full text and audio

New titles added every week

Chapter 13: Remote Control: One-to-One and One-to-Many

Overview of PowerShell Remoting
— Early PowerShell versions had limited functionality with the `-computerName` parameter.
— PowerShell remoting allows any cmdlet to run on a remote machine without needing local cmdlet availability.
— Focus on practical usage scenarios, though remoting is a complex topic.

13.1 Remote PowerShell Concept
— Remote PowerShell operates similarly to Telnet, using WS-MAN over HTTP/HTTPS.
— WinRM facilitates this communication, installed by default on Windows operating systems.
— SSH-based remoting is now also supported, but this chapter primarily discusses WS-MAN.

13.2 WinRM Overview
— WinRM needs to be configured on receiving computers for remoting.
— It handles traffic and can be set up to listen for commands on defined ports.
— Enable remoting using `Enable-PSRemoting` for automatic configuration.

13.3 One-to-One Remoting
— One-to-one remoting provides a remote shell prompt via `Enter-PSSession`.
— Commands are run directly on the remote computer, with results returned back.
— Exiting remoting is done with `Exit-PSSession`.

13.4 One-to-Many Remoting
— `Invoke-Command` allows for issuing commands to multiple computers simultaneously.
— Syntax requires proper use of curly braces to define command scope.
— Supports automation via script files rather than individual commands.

13.5 Differences in Execution
— `Invoke-Command` executes commands in parallel and allows for efficient remote processing.
— Local and remote command executions differ, especially in output handling and efficiency.
— Emphasis on performing as much processing as possible on the remote machine.

13.6 Considerations for Persistent Connections
— Establishing reusable connections can improve efficiency for repeated tasks.
— Security considerations are important in corporate environments; RDP may be an alternative.

13.7 Session Options
— `-SessionOption` parameter in remoting commands allows tweaks in session behavior.

13.8 Common Confusions
— Remoting operates using real computer names; DNS aliases or IP addresses may not work.
— Proper domain configurations simplify remoting.
— Understand that subsequent commands begin afresh unless grouped within a single invocation.

13.9 Lab Activities
— Suggested lab tasks to experiment with one-to-one and one-to-many remoting functionality.

13.10 Further Exploration
— Recommend resources for deeper understanding, including a free mini e-book on PowerShell Remoting.

13.11 Lab Answers
— Offers solutions to the lab tasks to help validate understanding of the concepts discussed.

Chapter 14: Using Windows Management Instrumentation and CIM

Introduction
This chapter focuses on Windows Management Instrumentation (WMI) and its integration with PowerShell. WMI is a powerful tool for system information gathering but can be complex due to its documentation and functionality nuances. The chapter aims to clarify how to effectively use WMI through PowerShell and offers insights into overcoming its limitations.

14.1. WMI Essentials
WMI organizes vast amounts of management information into namespaces and classes. Each namespace functions as a directory for specific technologies, while classes represent manageable components. Users can query instances of these classes to retrieve system information, although the availability of classes varies by system.

14.2. The Bad News About WMI
Despite its potential, WMI has been inconsistently implemented across products, leading to confusion. Some classes are read-only, and not all components are accessible via WMI. Furthermore, documentation is often lacking, causing additional challenges for administrators.

14.3. Exploring WMI
Hands-on exploration of WMI can be facilitated through tools like WMI Explorer, allowing users to browse namespaces and classes more efficiently. Search engines also provide valuable resources for discovering the right WMI classes.

14.4. Choose Your Weapon: WMI or CIM
PowerShell v3 introduces both traditional WMI cmdlets and newer CIM cmdlets. The latter communicates over WS-MAN, providing a more modern and flexible option for accessing WMI data.

14.5. Using Get-WmiObject
The Get-WmiObject cmdlet retrieves instances from specified namespaces and classes, allowing users to filter results and view detailed properties. It offers a straightforward but slightly outdated method for interacting with WMI data.

14.6. Using Get-CimInstance
Get-CimInstance, introduced in PowerShell v3, offers a similar approach to Get-WmiObject but with improved syntax and functionality. It integrates better with modern systems and provides a cleaner method for accessing remote data.

14.7. WMI Documentation
Comprehensive documentation for WMI classes can often be found through web searches, particularly on Microsoft’s MSDN site. However, many users face challenges finding specific information.

14.8. Common Points of Confusion
Users often struggle with WMI’s filter criteria, which differs from standard PowerShell syntax. Additionally, WMI’s external nature means it doesn’t always behave like native PowerShell cmdlets.

14.9. Lab
The chapter includes practical exercises designed to familiarize users with querying WMI classes. Tasks focus on locating information such as IP addresses, operating systems, and service statuses.

14.10. Further Exploration
WMI is a complex technology deserving deeper study. Recommendations include resources that clarify its use and functionality, highlighting that the newer CIM cmdlets often simplify the experience.

14.11. Lab Answers
The chapter concludes with answers to the lab exercises, providing users with guidance on using WMI and CIM effectively to achieve their administrative goals.

Chapter 15 | Multitasking with background jobs

Install Bookey App to unlock full text and audio

Chapter 16: Working with Many Objects, One at a Time

This chapter focuses on automating administration tasks in PowerShell, specifically dealing with multiple targets. Key techniques are demonstrated for executing tasks across batch cmdlets, WMI (Windows Management Instrumentation), and object enumeration.

16.1 Automation for Mass Management

— Concept Overview: Introduces the idea of managing multiple objects simultaneously (mass management).
— Example: A comparison is made with VBScript where a `For Each` loop is used to process multiple items one by one.

16.2 The Preferred Way: “Batch” Cmdlets

— Batch Administration: Emphasizes the importance of using batch cmdlets which handle collections of objects efficiently.
— Examples: Commands such as `Get-Service` piped to `Set-Service` for changing service settings across multiple machines are detailed. The `-passThru` parameter is introduced for output verification.

16.3 The CIM/WMI Way: Invoking Methods

— Using WMI: Discusses the challenge when there’s no cmdlet available to perform an action on WMI objects.
— Example Process: Walks through enabling DHCP for Intel network adapters using WMI, demonstrating how to retrieve configurations and invoke methods like `EnableDHCP` through `Invoke-WmiMethod`.

16.4 The Backup Plan: Enumerating Objects

— Fallback Method: Describes when to revert to enumerating objects using cmdlets like `ForEach-Object` when other methods fail.
— Illustrative Command: Uses the `Change()` method on WMI services with a detailed example showcasing handling service password changes.

16.5 Common Points of Confusion

— Which Method to Use: Clarifies the choice between batch cmdlets and WMI methods based on the retrieval method of the objects.
— WMI Methods vs. Cmdlets: Distinguishes when to use each, recommending `ForEach-Object` for executing methods when no cmdlet exists.
— Documentation of Methods: Emphasizes that PowerShell’s built-in help doesn’t cover methods well, recommending online searches for detailed documentation.

16.6 Lab

— Practice Exercises: Encourages readers to answer questions related to methods in ServiceController and Process objects, and demonstrate the use of PowerShell to manipulate these objects.

16.7 Lab Answers

— Answers Provided: Gives correct answers to the lab questions, reinforcing the knowledge and providing references to commands and methods covered in the chapter.

This chapter illustrates various effective techniques for managing multiple objects in PowerShell, emphasizing the importance of batch processing and understanding WMI.

Chapter 17: Security Alert!

In this chapter, we explore the security implications of PowerShell and how to balance security with its powerful capabilities.

17.1 Keeping the Shell Secure

PowerShell, introduced in 2006, has a rich scripting capability. However, it was developed post the Trustworthy Computing Initiative, ensuring better security compared to its predecessors like VBScript. PowerShell’s security relies on existing user permissions; if a user lacks permissions through other means, PowerShell cannot override them. The focus is preventing unintentional script execution rather than stopping determined actions by knowledgeable users.

17.2 Windows PowerShell Security Goals

PowerShell does not add extra permission layers; it operates within the existing security framework. If a user can’t perform an action via traditional means, they can’t perform it in PowerShell either. The system primarily prevents users from accidentally executing untrusted scripts and is not a layer of defense against malware once it is present on a system.

17.3 Execution Policy and Code Signing

The execution policy restricts script execution by default, preventing script runs without explicit configuration. The five execution policy settings include:
— Restricted: No scripts run.
— AllSigned: Only scripts with a valid digital signature run.
— RemoteSigned: Local scripts run; remote scripts must be signed.
— Unrestricted: All scripts run.
— Bypass: For application developers; does not enforce any policy.

It is emphasized that execution policy is for protecting uninformed users and does not prevent knowledgeable users from executing commands intentionally.

17.3.2 Digital Code Signing

Digital code signing helps verify the source of scripts. A valid code-signing certificate is essential to sign scripts securely. This certificate acts as a digital ID for organizations, providing assurance about the script’s integrity and origin.

17.4 Other Security Measures

PowerShell includes fundamental security measures, such as treating .PS1 files as non-executables and requiring scripts to be called with a specific path, thus preventing easy execution which could lead to command hijacking.

17.5 Other Security Holes?

PowerShell’s design doesn’t prevent users from manually typing potentially harmful commands. The focus is on preventing unintentional running of scripts, but knowledgeable users can still execute harmful commands through various means.

17.6 Security Recommendations

For optimal balance, Microsoft suggests using RemoteSigned or AllSigned execution policies. Users can create self-signed certificates for internal use and should sign scripts regularly. Importantly, users should maintain caution with unverified scripts, ensuring proper review before execution.

17.7 Lab

The lab encourages users to enable script execution using the Set-ExecutionPolicy cmdlet, primarily suggesting the RemoteSigned policy while being mindful of organizational security policies.

Chapter 18 | Variables: a place to store your stuff

Install Bookey App to unlock full text and audio

New titles added every week

Chapter 19: Input and Output

Overview
This chapter focuses on managing input and output in PowerShell, particularly while creating scripts that interact with users. It emphasizes that techniques discussed here are for scripts that require human interaction, not for unattended scripts.

19.1. Prompting for and Displaying Information
PowerShell operates through various host applications (like console and ISE), affecting how it prompts for information and displays output. Each host application (console, ISE, third-party editors) uses different methods for input collection and output display.

19.2. Read-Host
The Read-Host cmdlet collects text input from users via a prompt. It can be used to store user input in a variable. The graphical representation of input may vary across PowerShell versions and hosts. For graphical input boxes, .NET Framework can be used to load Visual Basic components.

19.3. Write-Host
Write-Host displays output directly to the screen without passing through the pipeline. It allows for color formatting but should only be used for messages directed at users, as it cannot capture output for further processing. Instead, Write-Verbose or other cmdlets are recommended for standard output.

19.4. Write-Output
Write-Output sends objects into the pipeline, allowing further processing or filtering. Unlike Write-Host, it doesn’t directly display output but relies on the pipeline’s processing to show results.

19.5. Other Ways to Write
PowerShell includes several cmdlets (e.g., Write-Warning, Write-Verbose, Write-Debug, Write-Error) to produce output that can be suppressed through configuration variables. These cmdlets can enhance the output experience, especially concerning warnings, messages, and debugging info.

19.6. Lab
The lab exercises encourage readers to practice using Write-Host and Write-Output by displaying calculations, prompting for user input, and filtering results based on user input criteria.

19.7. Further Exploration
Readers should familiarize themselves with the cmdlets introduced in this chapter and consult their help files for deeper understanding. Regular practice will enhance proficiency with user input and output management in PowerShell.

19.8. Lab Answers
This section provides sample answers for the lab tasks, reinforcing the techniques learned in the chapter.

Chapter 20: Sessions — Remote Control with Less Work

In this chapter, we explore PowerShell’s remoting features, specifically focusing on making remote connections easier and more reusable through sessions.

20.1. Making PowerShell Remoting Easier

Connecting to remote computers often involves repeating the specification of computer names, credentials, and other parameters. To simplify this process, reusable sessions are introduced, allowing for persistent connections without constant reconfiguration.

20.2. Creating and Using Reusable Sessions

A session is a persistent link between a local PowerShell instance and a remote one. PowerShell maintains a list of opened sessions which can be used to execute commands. Sessions are created using the `New-PSSession` cmdlet and can be stored in variables to streamline future operations. It is crucial to manage resources by closing sessions when no longer needed, using `Remove-PSSession`.

20.3. Using Sessions with Enter-PSSession

The `Enter-PSSession` cmdlet allows users to engage in a remote interactive shell with a single remote computer by specifying a session object. For convenience, session objects can be filtered and accessed through specific properties, or retrieved directly using `Get-PSSession` if you forget index numbers.

20.4. Using Sessions with Invoke-Command

`Invoke-Command` is a powerful feature that allows for parallel command execution across multiple remote machines via sessions. This method simplifies command execution while handling process workload independently, enhancing efficiency.

20.5. Implicit Remoting: Importing a Session

Implicit remoting allows users to execute commands from a remote module without installing it locally. It involves establishing a session with a remote machine, importing commands with a prefix to avoid conflicts, and executing them as if they were local.

20.6. Using Disconnected Sessions

PowerShell v3 introduced disconnected sessions, which remain active even after disconnection from the remote machine. Users can manage these sessions and configure settings through the WSMan drive, ensuring control over idle timeouts and active connections.

20.7. Lab Exercise

A lab exercise is provided to practice creating sessions, using remote shells, executing commands, and importing modules, demonstrating the practical applications of remoting techniques in a controlled environment.

20.8. Further Exploration

Readers are encouraged to assess their environments for PowerShell-enabled products, as many can be managed through remoting capabilities.

20.9. Lab Answers

Detailed answers are provided to the lab activities, allowing users to verify their understanding and application of PowerShell remoting techniques.

Chapter 21 | You call this scripting?

Install Bookey App to unlock full text and audio

Chapter 22: Improving Your Parameterized Script

22.1 Starting Point
In this section, the chapter establishes a starting point with a parameterized script, `Get-DiskInventory.ps1`, which retrieves logical disk information using WMI. The script includes comment-based help and two input parameters: `computername` and `drivetype`. The output is modified to show selected objects rather than a formatted table, enhancing flexibility for future data exports.

22.2 Getting PowerShell to Do the Hard Work
Adding `[CmdletBinding()]` at the beginning of the script transforms it into an advanced script, enabling additional PowerShell capabilities. This enhancement allows for better handling of parameters and output options while maintaining the script’s core functionality.

22.3 Making Parameters Mandatory
The chapter suggests making the `-ComputerName` parameter mandatory instead of providing a default value. This prompts users for the required input, enhancing clarity and usability. The `Param()` block syntax is explained for better understanding, including how to define mandatory parameters and specify data types.

22.4 Adding Parameter Aliases
To improve usability, aliases can be added to parameters. The parameter `-computername` receives the alias `-hostname`, allowing users to reference the parameter in a way that might be more intuitive for them.

22.5 Validating Parameter Input
The chapter discusses validating the input for the `-drivetype` parameter to ensure that only acceptable values (2 and 3) are used. This validation prevents errors by restricting acceptable input according to the WMI class specifications.

22.6 Adding the Warm and Fuzzies with Verbose Output
Introducing `Write-Verbose` allows scripts to communicate progress more effectively than using `Write-Host`. The chapter shows how to implement verbose output to inform users about the script’s actions, enhancing its interactivity and usability.

22.7 Lab
The lab exercise tasks the reader with creating a new script named `Get-PhysicalAdapters.ps1`, requiring the parameterization of the `-computerName`, making it mandatory, adding an alias, and including verbose output.

22.8 Lab Answer
The chapter concludes with a sample solution for the lab, showcasing a well-documented and parameterized script that retrieves physical network adapter information from a specified computer, utilizing the skills learned throughout the chapter.

Chapter 23: Advanced Remoting Configuration

In this chapter, we explore the advanced features of PowerShell remoting that were not covered in Chapter 13. While not all features will be applicable to everyone, it is important to be aware of them for future use. The content focuses on PowerShell v3 and later versions.

23.1. Using Other Endpoints

PowerShell allows multiple endpoints (session configurations) per computer. The default endpoint for remoting commands is «Microsoft.PowerShell,» which corresponds to the 64-bit shell on a 64-bit machine, with an additional «Microsoft.PowerShell32» for backward compatibility.

To connect to an alternative endpoint, use the `-ConfigurationName` parameter in commands like `Enter-PSSession`.

23.2. Creating Custom Endpoints

Creating a custom endpoint involves two main steps:
1. Creating a Session Configuration File: Utilize `New-PSSessionConfigurationFile` to define an endpoint’s characteristics, such as commands and capabilities.
2. Registering the Session Configuration: Use `Register-PSSessionConfiguration` to load the file into the WinRM service, where you can also set user connection permissions.

An example is given for creating an endpoint for a HelpDesk group with restricted access, only allowing them to see network adapter management commands without granting them permissions.

23.3. Enabling Multihop Remoting

Multihop remoting allows connection to multiple computers in sequence. By default, PowerShell can only delegate credentials for one hop. To enable multihop, perform the following on the respective computers:
1. For the client: `Enable-WSManCredSSP -Role Client -DelegateComputer

`
2. For the server: `Enable-WSManCredSSP -Role Server`.

These settings can also be managed via Group Policy.

23.4. Digging Deeper into Remoting Authentication

PowerShell uses mutual authentication, ensuring the remote machine verifies its identity to the user. This is crucial for security, as it prevents impersonation through DNS spoofing.

23.4.1. Defaults for Mutual Authentication

Most PowerShell usage assumes an Active Directory environment for mutual authentication, which requires resolving a computer name to an accurate IP address.

23.4.2. Mutual Authentication via SSL

To use SSL for mutual authentication:
— Obtain an SSL certificate issued to the destination machine.
— Install it under the computer account’s Personal certificate store and create an HTTPS listener.

23.4.3. Mutual Authentication via TrustedHosts

Using TrustedHosts is simpler than SSL but compromises security. It disables mutual authentication for specified hosts. Configure TrustedHosts in Local Security Policy or Group Policy for trusted environments, remembering to include the `-Credential` parameter in remoting commands.

23.5. Lab

Create a remoting endpoint named «TestPoint» that loads the SmbShare module and restricts visibility to only the `Get-SmbShare` cmdlet. Test the connection using `Enter-PSSession` to ensure only the allowed commands are accessible.

23.6. Lab Answer

An example is provided to create the configuration and register it successfully. Users can then enter the restricted endpoint and run `Get-Command`.

Chapter 24 | Using regular expressions to parse text files

Install Bookey App to unlock full text and audio

New titles added every week

Chapter 25: Additional Random Tips, Tricks, and Techniques

In this chapter, various tips and techniques to enhance PowerShell usage are discussed, helping users customize their environment, manipulate data, and improve efficiency.

25.1. Profiles, Prompts, and Colors: Customizing the Shell

25.1.1. PowerShell Profiles
PowerShell profiles allow users to customize their environment by setting up scripts that execute whenever a new shell session is started. Users can load modules, change directories, and define functions in these profiles. The order of profile execution is crucial, especially on systems that run both 32-bit and 64-bit versions of PowerShell.

25.1.2. Customizing the Prompt
Users can redefine the PowerShell prompt by creating a custom `Prompt` function that executes in profile scripts. For example, a new prompt can display the current time and computer name.

25.1.3. Tweaking Colors
PowerShell’s default colors can be modified for better readability. Users can change the colors for errors, warnings, and other types of messages either through the Properties interface or by executing commands in their profile scripts.

25.2. Operators: -as, -is, -replace, -join, -split, -in, -contains

These operators allow for more efficient manipulation of data types, strings, and collections.

25.2.1. -as and -is
The `-as` operator converts an object to a specified type, while `-is` checks an object’s type, returning a Boolean value.

25.2.2. -replace
The `-replace` operator finds and replaces occurrences of a string within another string.

25.2.3. -join and -split
The `-join` operator combines array elements into a single string, while `-split` breaks a string into an array based on a specified delimiter.

25.2.4. -contains and -in
The `-contains` operator checks for an object’s existence in a collection, while `-in` reverses operand order for similar checks.

25.3. String Manipulation
Strings in PowerShell are objects with various methods for manipulation, such as changing case or trimming whitespace. Common methods include `ToUpper()`, `ToLower()`, `Trim()`, and `IndexOf()`.

25.4. Date Manipulation
DateTime objects also include numerous methods for date manipulation. Users can perform calculations easily, such as adding days or converting to different formats.

25.5. Dealing with WMI Dates
WMI classes often store date information in complex formats. PowerShell provides `ConvertFromDateTime()` and `ConvertToDateTime()` methods to simplify handling these values.

25.6. Setting Default Parameter Values
In PowerShell v3, users can set default parameters for commands using the `$PSDefaultParameterValues` variable, enhancing command efficiency.

25.7. Playing with Script Blocks
Script blocks are versatile in PowerShell and can be defined and executed easily. They can be used with various cmdlets and functions to encapsulate reusable code.

25.8. More Tips, Tricks, and Techniques
Continual learning through various resources, including social media and forums, is emphasized. Users are encouraged to engage with the community for ongoing tips and improvements in PowerShell skills.

Chapter 26: Using Someone Else’s Script

Overview
In this chapter, the importance of reusing and modifying PowerShell scripts from external sources is discussed. The readers are guided on how to understand and adapt someone else’s script effectively.

Understanding Scripts
The chapter introduces a script titled `New-WebProject.ps1`, designed to interface with Microsoft’s IIS cmdlets for server management. The script showcases advanced PowerShell features, which may not have been previously covered. The focus is on breaking down its components for better comprehension.

Key Components of the Script
1. Parameter Block: The script begins by defining mandatory parameters, `$Path` and `$Name`, which users need to provide.

2. Variable Initialization: The script sets up variables to establish paths for the system and the hosts file, vital for the script’s operations.

3. Functions:
— `New-LocalWebsite`: This primary function creates an IIS website and its associated application pool. It also checks for existing paths and manages the hosts file.
— `AddEntryToHosts`: This utility function appends a host entry to the hosts file.
— `HostsFileContainsEntry`: This function checks if the hosts file already has a specified entry.

Line-by-Line Examination
Readers are encouraged to analyze each line of the script:
— Identify and document variable values.
— Use PowerShell help commands to understand unfamiliar commands.
— Experiment with commands in a safe environment to see outcomes.

Lab Exercise
The chapter includes a lab to practice understanding a different script, `Get-LastOn.ps1`, which analyzes recent logon and logoff events from the event log. Users are tasked with predicting potential errors and adjustments needed for their environment.

Conclusion
The chapter emphasizes the need for thorough comprehension when using external scripts, encouraging exploration and testing to customize scripts for specific user scenarios. The process of understanding scripts aids in effective PowerShell scripting and troubleshooting.

Chapter 27 | Never the end

Install Bookey App to unlock full text and audio