www.evs.com

PowerShell Training

David Brabant 08/2014

2

In Windows’ world, PowerShell allows to script and automate everything but the kitchen sink

Windows Server

- Active Directory

- Internet Information Server

- NLBS, fail over clustering, group policies, backups, scheduling tasks …

- HyperV

Windows Management & Instrumentation (WMI)

SQL Server

Exchange Server

SharePoint

Azure

But also outside Windows’ world

Amazon AWS

PowerShell is an essential tool for sysadmins and devOps

3

PowerShell is Everywhere

4

PowerShell Versions

PowerShell 1 PowerShell 2 PowerShell 3 PowerShell 4 PowerShell 5

WXP SP2

WS 2003

Optional on

WS 2008

W7

WS 2008 R2

Installable on:

WXP SP3

WS 2003 SP3

W8

WS 2012

Installable on:

W7 SP1

WS 2008 SP1

WS 2008 R2 SP1

W8.1

WS 2012 R2

Installable on:

W7 SP1

WS 2008 R2 SP1

WS 2012

Installable on

same platforms

as PowerShell 4

5

PowerShell Features

PowerShell 1 PowerShell 2 PowerShell 3 PowerShell 4 PowerShell 5

Initial version

(2006)

New cmdlets

Remoting

Background jobs

Modules

Transactions

Debugging

Eventing

Exception handling

PowerShell ISE

New cmdlets

New modules

Workflows (WWF)

Schedulled jobs

WebAccess

Remote sessions

tolerant to network

failures

Updatable help

Code completion

in ISE

New cmdlets

New modules

Desired state

configuration

(DSC)

Enhanced

debugging

Network

diagnostics

New cmdlets

New modules

Support for

Chocolatey (aka

apt-get for

Windows)

6

PowerShell Hosts

The good ole’ console (real men use the command line)

7

PowerShell Hosts

The PowerShell ISE

PowerGUI

8

PowerShell Hosts

• Free (brought to you by Dell)

• Better debugging than PS ISE

• Plugin for Visual Studio

9

PowerShell Hosts

Based on their own PowerShell host applications

i.e.: they don’t use powershell.exe

SQLPS.exe for SQLServer

Devenv.exe for Visual Studio

Two versions of PowerShell on a 64bit machine

- 32Bit: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

- 64Bit: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Might be important to know when you use some PowerShell modules

E.g.: you have a 32bit SQLServer installed on your 64bit machine and you want to import the SQLPS module.

Wont’ work in PowerShell 64bit, will work like a charm on PowerShell 32bit…

10

Before going further: PowerShell Traps & Pitfalls

Yeah, right!

How do I know which version of PowerShell I’m running?

$PSVersionTable

$Host

How do I know if I’m running the 64bit or the 32bit version?

[IntPtr]::size -eq 8 #64bit

[IntPtr]::size -eq 4 #32bit

11

PowerShell Traps & Pitfalls

Profiles allow to gather things you use frequently (aliases, modules, functions…)

They are loaded when PowerShell starts

4 different profiles

- %windir%\system32\WindowsPowerShell\v1.0\profile.ps1

This profile applies to all users and shells

- %windir%\system32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1

This profile applies to all users, but only to the Microsoft.PowerShell shell

- %UserProfile%\My Documents\WindowsPowerShell\profile.ps1

This profile applies only to the current user, but affects all shells

- %UserProfile%\My Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

This profile applies only to the current user and the Microsoft.PowerShell shell

12

PowerShell Profiles

One thing you should put in your profile

Beware of the formatting gremlins

13

PowerShell Traps & Pitfalls

Scripts are good things, scripts are bad things

- Consistent and repeatable administration of IT resources but …

- PowerShell scripts can do anything in your Windows environment

- … and that’s a wide open door for introducing malware in your walls

- Users can (and will) execute scripts without really understanding what they are doing

PowerShell intends to create a «secure by default» environment for running scripts

- The shell makes it difficult for users to run scripts without realizing they are doing so

- The default configuration is not convenient, but you can reconfigure execution policies

- Multiple security options help you to find a balance between convenience and security

14

PowerShell Security

Policy Name Description

Restricted (default) Scripts won’t run. Period.

RemoteSigned Scripts created locally will run. Those downloaded from Internet won’t unless

they are signed by a trusted publisher (use the 'Zone.Identifier' alternate data

stream)

AllSigned Scripts will only run if they are digitally signed by a trusted publisher

Unrestricted Scripts will run regardless of their provenance, signed or not. You are on your

own, dude

15

PowerShell Execution Policies

• Get-ExecutionPolicy• Set-ExecutionPolicy• Get-Help about_Execution_Policies

Two steps process

1. Create a certificate (if you don’t already have one)

2. Sign your script

Something like this appears at the end of your script

16

Signing Scripts

PowerShell Provider

17

Anatomy of a PowerShell Script

cmdlets

built-in functions

logical constructs

PowerShell commands are implented as cmdlets or as built-in functions

A cmdlet is a lightweight command implented as a .Net class

They are not stand-alone executables (i.e.: they are only available in a PowerShell context)

You can very easily create your owns, with a little bit of C#

Built-in functions are implemented in PowerShell

Tip: How do I get a list of known, globally scoped, functions (builtin/user)?

cd function:

dir

Tip: How do I see the content of a built-in function?

${function:clear-host}

18

Anatomy of a PowerShell Script

PowerShell

Provider

How do I get a list of all known PowerShell commands?

Get-Command | more

How do I get help for a given command?

Get-Help <Command>

How do I get help for a specific topic?

Get-Help about

Example: Get-Help about_Workflows

How can I be sure I’m using the latest help available?

Update-Help # Of course, you need Internet access…

19

PowerShell Help

Will provide a (looong) list of

topics for which you can get

help: things like debugging,

jobs, workflows, parsing,

regexs …

20

PowerShell Verb-Noun Conventions

All PowerShell cmdlets follow some naming conventions

How do I get a list of PowerShell approved verbs and their conventional meaning?

Get-Verb

These conventions are not strictly mandatory, but it is strongly advised to follow them

Commands and variables are case-insensitive

High consistency in parameters naming and conventions across all cmdlets

Get-Help about_CommonParameters

An example: all potentially harmful commands have a –WhatIf parameter

del *.txt –WhatIf will list all files that would be deleted executing the command

POLA (Principle Of Least Astonishment)

The common parameters are a set

of cmdlet parameters that you can

use with any cmdlet. They are

implemented by PowerShell, not

by the cmdlet developer, and they

are automatically available to any

cmdlet.

Variable names start with $

${this variable name is "unusual," but permitted} = "Hello World"

Dynamicaly typed

$x = "5" What will be the result of $x + 3 ?

You can be explicit

[int] $x = "5" What will be the result of $x + 3 ?

Cast

$x = [int] "5"

Once a type has been explicitly set, it cannot be changed

[int] $x = 3; $x = Get-Date

$x = 3; $x = Get-Date

Multiple assignments

$a = $b = $c = 1$Value1, $Value2 = 10,20

21

PowerShell Variables

Any .Net type

Scope modifiers

global, local, script, private

Get-Help about_Scopes

To explicitly modify a scope, the syntax is $<scope>:<name>

$global:xyzzy = 42

$local:foobar = Get-FooBar

function private:Hello { Write-Host ‘Hello’ }

Or

Set-Variable –scope Global –name plugh –value 10

An item you include in a scope is visible in the scope in which it was created and in any child scope, unless you explicitly make it private. You can place variables, aliases, functions in one or more scopes

An item that you created within a scope can be changed only in the scope in which it was created, unless you explicitly specify a different scope

22

PowerShell Scopes

No $ prefix!

How do I know variables defined in a given scope?

Get-Variable -scope <scope>

How do I list global variables and their values?

cd variable:

dir

Special variables$_ – Contains the current pipeline object, used in script blocks, filters, and the where statement

$Args – Contains an array of the parameters passed to a function

$Error – Contains objects for which an error occurred while being processed in a cmdlet

$Home – Specifies the user’s home directory

$PsHome – The directory where the Windows PowerShell is installed

Environment variables

$env:<variable> (ex.: $env:COMPUTERNAME, $env:Path)

23

PowerShell Variables

More on that later

Variables are expanded in double-quoted strings

Variables are not expanded in single-quoted strings

$name = "David"

Write-Host "Howdy $name" # Output: Howdy David

Write-Host 'Ahoy $name' # Output: Ahoy $name

Avoiding expansion in double-quoted strings through escapingWrite-Host "Howdy `$name" # Output: Howdy $name

Backtick ( ` ) as escaping character

Escaping a double quote in a double-quoted string Write-Host "Howdy `"$name`"" # Output: Howdy "David"

Some escaped sequences have special meanings`t = TAB`r = carriage return`r`n = carriage return + line feed

24

PowerShell Variables Expansion and Escaping

Like in Unix, most of cmdlets can be piped

dir –recurse | where { $_.LastWriteTime -gt (Get-Date).AddDays(-5) } | sort Length

User functions can be pipe-able too

25

PowerShell Pipeline

These commands

are aliases

Synonyms for cmdlets and functions

dir = Get-ChildItem

del = Remove-Item

where = Where-Object

sort = Sort-Object

How do I get a list of aliases?

Get-Alias

How do I get definition for a specific alias?

Get-Alias <command> (ex: Get-Alias dir)

How do I define my own aliases?

Set-Alias (ex: Set-Alias n++ "C:\Program Files (x86)\Notepad++\notepad++.exe")

How do I remove an alias

Remove-Item alias:<command> (ex: Remove-Item alias:dir)

26

PowerShell Aliases

• for($i = 0; $i -le 10; ++$i) { Write-Host "Hello World" }

• foreach($i in 0..9) { Write-Host "Hello World" }

• $i = 0; do { Write-Host "Hello World"; ++$i } while ($i -le 10)

• $i = 0; while ($i -le 10) { Write-Host "Hello World"; ++$i }

• break, continue

27

PowerShell Basic Language Constructs: Loops

PowerShell Traps & Pitfalls

$i = 5; if ($i -gt 3 -and $i -lt 8) { Write-Host "Yepeee" }

$a = 5 switch ($a) {

1 {"The color is red."}

2 {"The color is blue."}

3 {"The color is green."}

4 {"The color is yellow."}

5 {"The color is orange."}

6 {"The color is purple."}

7 {"The color is pink."}

8 {"The color is brown."}

default {"The color could not be determined."}

}

28

PowerShell Basic Language Constructs: Conditional Statements

PowerShell Traps & Pitfalls

The value of $true is … True

The value of $false is … False

What is the value of $true -eq $false ?

What is the value of $true -eq "False" ?

29

PowerShell Traps & Pitfalls: $true, $false

$true $false

$true $false

Any string of length > 0 Empty string

Any number > 0 Any number = 0

Array of length > 1 Array of length 0

Array of length 1 whose element is true Array of length 1 whose element is false

A reference to any object $null

30

PowerShell Basic Language Constructs: try/catch/finally

back tick to split single command on multiple lines

catching specific .Net exceptions

One of the common parameters for cmdletsStopContinueSilentlyContinueInquire

31

PowerShell Functions

Not mandatory to specify a type

Alternative (prefered) syntax

PowerShell Traps & Pitfalls

One of the main sources of errors when you learn Powershell

Calling functions with multiple parameters:

NO COMMA, NO PARENTHESIS in function calls, unless you are

calling .Net native functions (more on that later)

Function parameters can be decorated with attributes telling

- Their type

- If they are mandatory or not

- If they have default value

- If they can accept values from pipeline

- If they are « switch » parameters

- Their position and name

- …

$Args inside a function contains an array

with all parameters at call time

32

PowerShell Function Parameters

33

PowerShell Traps & Pitfalls

Comma is the array construction operator

A comma on indicates a collection of objects bound to one parameter

PowerShell tip: use Set-ScrictMode at the beginning of your scripts

Checks the following items:

• References to uninitialized variables, both

directly and from within strings

• References to non-existent properties of an

object

• Calling a function like a method

$states = @{"Washington" = "Olympia"; "Oregon" = "Salem"; California = "Sacramento"}

$states # Let’s display the content of $states

Name Value

---- -----

California Sacramento

Washington Olympia

Oregon Salem

# Let’s add a key/value

$states.Add("Alaska", "Fairbanks")

$states | Get-Member

One of the most usefull and underused

function in PowerShell

34

PowerShell Hashtables

TypeName: System.Collections.Hashtable

Name MemberType Definition ---- ---------- ----------Add Method void Add(System.Object key, System.Object …Clear Method void Clear(), void IDictionary.Clear() Clone Method System.Object Clone(), System.Object ICloneable.Clone() Contains Method bool Contains(System.Object key), bool …ContainsKey Method bool ContainsKey(System.Object key) ContainsValue Method bool ContainsValue(System.Object value) CopyTo Method void CopyTo(array array, int arrayIndex), …Equals Method bool Equals(System.Object obj) GetEnumerator Method System.Collections.IDictionaryEnumerator GetEnumerator(), …GetHashCode Method int GetHashCode() GetObjectData Method void GetObjectData(System.Runtime.Serialization…GetType Method type GetType() OnDeserialization Method void OnDeserialization(System.Object sender), …Remove Method void Remove(System.Object key), void …ToString Method string ToString() Item ParameterizedProperty System.Object Item(System.Object key) {get;set;} Count Property int Count {get;} IsFixedSize Property bool IsFixedSize {get;} IsReadOnly Property bool IsReadOnly {get;} IsSynchronized Property bool IsSynchronized {get;} Keys Property System.Collections.ICollection Keys {get;} SyncRoot Property System.Object SyncRoot {get;} Values Property System.Collections.ICollection Values {get;}

35

Documenting PowerShell Functions

A structured multi-lines

comment in function’s header,

before the param block

HowTo here

36

Documenting PowerShell Functions

Assigning PowerShell code to a variable (aka anonymous functions or lambdas)

Can be used as parameter to functions

$x = { Write-Host "Hello, World!" }$x.GetType()

# IsPublic IsSerial Name BaseType# -------- -------- ---- --------# True False ScriptBlock System.Object

$x # What's the content of $x?# Output: Write-Host "Hello, World!"

# Let's invoke the script block$x.Invoke()# Output: Hello, World!

37

PowerShell Script Blocks

A PowerShell script having .psm1 as its file extension (.ps1 for standard scripts)

Gathering reusable functions, variables, aliases…

Loaded in your scripts through

Import-Module <path to your .psm1 file> -DisableNameChecking –Force

You can put that in your profile.ps1 file

Functions, variables, aliases you want to make available outside your .psm1 file must be explictly exported

At the end of the module file, you typically find

Export-ModuleMember -function * # * = all. But can be comma separated function list

Export-ModuleMember -variable *

38

PowerShell Modules

Avoid warnings if you haven’t

followed PowerShell naming

conventions (verb-noun)

Forces load of your module

(usefull when you modify it

while writing and debugging

your scripts)

39

PowerShell Structured Objects (PSObjects)

PowerShell Traps & Pitfalls

Use $($object.Field) for expanding

structured objects in strings

• PowerShell has no concept of a class, so classical inheritance is not an option

However, PowerShell’s Adaptive Type System (ATS) gives us great power in implementing prototypal objects,

and mixins

• Easily persist PSObjects to files through Export-CliXML / Import-CliXML

40

PowerShell and .CSV Files

Shortcut for foreach

PowerShell is really your friend whent it comes to handle XML files

Anything you can do in .Net (xpath, xquery, xslt…), you can do it simpler in PowerShell

Can’t explain it all on one slide…

Just a small example for changing all connection strings in App.config

41

PowerShell and .XML Files

Get-Content normaly returns

an array of strings.

Here that array is casted to an XML

document

42

PowerShell and .JSON Files

ConvertFrom-JsonConvertTo-Json

Extremely useful with:

Invoke-RESTMethodInvoke-WebRequest

43

PowerShell and WebServices

This is a COM object

… and this is its ComID

Don’t forget about Get-Member$IE | Get-Memberwill produce a list of methods

And properties for IE

44

PowerShell and Invoking .Net Classes

Add-Type –AssemblyName System.EnterpriseServices

is the new PowerShell 3 way. Prefer it when you can.

45

PowerShell and In-line C# Code

Calling a static method

Calling a standard

method requires

an instance

Connects two copies of PowerShell over the network

The «client copy» (where you sit) sends commands to one or more «server copies» (remotemachines)

Remote machines execute commands locally, and send back resulting objects

Relies on PSSession, an object that represents an authenticated connection between two computers

$s1 = New-PSSession -ComputerName Server1 –Authentication <Some Authentication>

Invoke-Command -Session $s1 -ScriptBlock { <Some PS code> } -AsJob

Persists the connection in a variable, persists multiple connections in an array

«Persist» does not mean «constantly send traffic»; it reconnects on demand invisibly

Easy to setup in Windows domains, a little bit trickier for workgroups

46

PowerShell Remoting

47

PowerShell Remoting

• Uses HTTP and HTTPS as the underlying transport, on

port 5985 (default)

• Communications are handled by Windows Remote

Management (WinRM), a service that implements Web

Services for Management (aka WS-MAN)

• PWA (PowerShell Web Acces in Windows Server 2012)

Gives you a PowerShell Console in your web brower

• http://powershell.org/wp/ebooks/

Secrets of PowerShell Remoting (and other free e-books)

$job = Start-Job -ScriptBlock { Get-Process }

Get-job $job.Name

Receive-Job $job.Name

48

PowerShell and Background Jobs

Your background job

Get-Help about_JobsGet-Help about_Job_DetailsGet-Help about_Remote_Jobs

PowerShell 3.0 or later

Integration with Windows Workflow Foundation

Each activity of the workflow can run in its own runspace, possibly remotely

Variables that are created at the top level of the entire workflow are available

throughout the workflow

Workflows can be designed through the Visual Studio Workflow Designer

Get-Help about_Workflow_Common_Parameters

Get-Help about_Workflows

49

PowerShell and Workflows

50

PowerShell and Workflows

«Mount» hierarchical structures as if they were a virtual file system

Get-Help about_Providers

Often used by Microsoft’s PowerShell modules to abstract and ease access to their

own software (Active Directory, Exchange, IIS, SQLServer, SharePoint…)

You can easily implement your own (XT3 PowerShell Provider, anyone?)

51

PowerShell Providers

Import-Module sqlps -DisableNameChecking

Anything you can do from SQL Enterprise manager, you can script it from PowerShell

52

PowerShell and SQLServer Provider

SQL Server data store root SQLSERVER:\

Network root SQLSERVER:\SQL

Instances on selected machine SQLSERVER:\SQL\machine

Top-level objects in selected instance SQLSERVER:\SQL\machine\instance

Databases in selected instance SQLSERVER:\SQL\machine\instance\Databases

Top-level objects in selected database SQLSERVER:\SQL\machine\instance\Databases\database

Tables in selected database SQLSERVER:\SQL\machine\instance\Databases\database\Tables

Views in selected database SQLSERVER:\SQL\machine\instance\Databases\database\Views

Roles in selected database SQLSERVER:\SQL\machine\instance\Databases\database\Roles

Triggers in selected database SQLSERVER:\SQL\machine\instance\Databases\database\Triggers

Virtual drive

53

PowerShell and SQLServer Provider

Import-Module WebAdministration

Get-Command *-Web*

Anything you can do from IIS Manager, you can script it from PowerShell

- CRUD on application pools

- Start, stop, recycle application pools, set their «bitness» or the .Net framework used

- CRUD on virtual directories

- Start, stop web sites

- Security settings

- Start, stop W3S services

- …

See IISHelpers.psm1 in CCast scripts

54

PowerShell and IIS Provider

Think Puppet for Windows

Prevent server configuration drift

Separate configuration from implementation

Continuous server deployment

Manage servers on site or in a cloud

What you can do with DSC

• Install or remove server roles and features

• Manage registry settings

• Manage files and directories

• Start, stop, and manage processes and services

• Manage local groups and user accounts

• Install and manage packages such as .msi and .exe

• Manage environment variables

• Run Windows PowerShell scripts

• Fix a configuration that has drifted away from the desired state

• Discover the actual configuration state on a given node

55

PowerShell Desired State Configuration

56

PowerShell Desired State Configuration Example

Declarative configuration, using all bells and whistles of PowerShell

Separate data from logic: data can be reused for different resources, nodes and

configurations

Continuous deployment: deploy over and over without breaking anything

Only apply diffs in configurations when configurations change

Usable on-premise, in public or private cloud

Works like a charm with Azure

A little bit less so with Amazon

57

Why is DSC so cool?