PowerShell 009 - Get-Help -ShowWindow

Help... huh... what is it good for?

The help system in PowerShell is one of the features that makes the new shell so accessible. Once you get used to the system you ask PowerShell questions and it gives you answers. You ask it to clarify, and it does. You ask for more details, it gives you more details. You ask for examples, it gives you examples. It is really, really great.

I was working through some best practices by some of the PowerShell MVPs and I was finding some sample scripts and advanced functions on TechNet and realized that often times writing good help is skipped.

I'm optimistic that the amount of help content I consume will burn into my brain the value of taking the time to write good help content.

-ShowWindow

You can write the help content to the screen and read it from the console. You could even send it right out to a printer, but don't! ("I speak for the trees, for the trees have no tongues" - The Lorax) Sending the help content to the console window is great. When working quickly I often will simply look at examples to get me started;

PS> Get-Help Get-CimInstance -Examples

If I want to see all of the content in the console window;

PS> Get-Help Get-CimInstance -Full

Great. Quick, moves the ball forward nicely. But when learning the subtleties of cmdlets there is often an extensive amount of content to go through. PowerShell's ISE provides a way to throw the content into a single window. It also provides some very interesting features to assist. To get the full content in a separate window type;

PS> Get-Help Get-CimInstance -ShowWindow

Your help content is now in a separate windows. Makes research and troubleshooting much easier in my opinion.

My poor eyes! The text is small, my reading glasses are in the other room, my backup reading glasses are in the couch cushions and my backup, backup reading glasses are who knows! But look... in the bottom right hand of the screen there is a slider bar that allows you to magnify the text... nice! Thanks Microsoft! (you can also <CTRL> & + to increase the font size)

Narrow It Down

OK, now there is a lot of content. How do I find what I am looking for. Get-CimInstance (the cmdlet I chose for the example) seems pretty confusing. The first thing I see is syntax. Lots of syntax. There are almost 10 parameter sets to deal with. Seems to be lots of parameters. I'm betting there are lots of examples.

Right at the top left side of the screen you will see a 'Find:' feature. Simply type in the word or phrase you are looking for and let PowerShell (well the ISE) help you.

In the upper right you will find a button called 'Settings'. Click this button and select only the 'type' of content you want displayed in the window.

It is all pretty self-explanatory. Make sure you spend time here. I have surely heard this message from the PowerShell gurus out there and taken it to heart. Another lesson I'm learning the more I develop scripts and tools with PowerShell is the importance of formatting... but that is a discussion for a different day.

PowerShell 008 - $Profile

$Profile - what is it good for?

There are many things you can use the profile for in PowerShell. The variable $profile stores the path to the profile loaded when you launch the console or the ISE.

 

 

If you notice the path above you will see the script is called 'Microsoft.PowerShellISE_Profile.ps1'. It is a profile script that will load when you launch the ISE. I almost exclusively use the ISE these days, I have found very few reasons to use the console. That is a different discussion.

 

What is put in the profile script?

Well, that is really the question I've been asking myself. I find that just about every time I launch the ISE I think of something that I need to have available to me. For example I use the Specops PowerShell cmdlets every day. The cmdlets and functions that come through our Deploy products are PowerShell modules. Our Specops Password products expose their commands through PSSnapIns. PSSnapIns and some modules need to be loaded explicitly.

• Add-PSSnapIn -Module specopssoft.specopspasswordpolicy
• Import-Module -Module specopsdeploy

Another thing I do on a regular basis is update the help content. Now this is a bit much for a profile in my experience but it can catch updated content when available. If there are specific modules that you utilize all the time you can update those individually. This command updates the help content.

• Update-Help
• Update-Help -Module Hyper-V

Many of my friends and colleagues use PowerShell and some are true power users. Their profile scripts include quite a bit of automation. These are just simple examples share yours.

 

Starting the console with the focus on a directory that is used for most tasks is also very helpful.

• Set-Location c:\psstuff

How to Update the profile script

The path to the profile script is stored in the $Profile variable. Above you can see the data stored in this variable for the ISE. When you want to edit your profile script simply type

 

 

 

 

This will launch notepad with the profile script.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

And that is that

Save the script, close the ISE and re-launch it. the configuration your have in the script will run. If you haven't updated help content in a while this one can take a while. So use that with the understanding of what it is doing.

PowerShell 007 - Building the pipe

A Step Back

OK, so I’m a big fan of get-help. I use it just about every time I sit at the PowerShell_ISE. It is partly because I’m old and can’t remember everything, partly because there is simply too much to know, and, as Jeffrey Snover says “I am a flawed human being”. You should check out the Virtual Academy PowerShell Jumpstart session with Jeffrey Snover and Jason Helmick. These two are great Edutainers. So, even if I forget to mention the help system use it and the community to learn.

As you may know, or possibly not yet, PowerShell is a system that returns objects back on request. Even though you may only see a small bit of data returned to the screen the object returned may include much more data. For a quick example, if I want to look at the most recent log entry in my application log I can type;

PS\> Get-EventLog –LogName Application –Newest 1

This returns something like this.

Index, Time, EntryType, Source, InstanceID and Message. It provides some very important data and often this is all I may need to look at. But if I want to see the whole object I can try;

PS\> Get-EventLog –LogName Application –Newest 1 |format-list *

The above means get the same data but display the object in a list, as opposed to a table, and show me the entire (*) object. It looks like this.

Lots more data. For different cmdlets there is going to be different data returned to the screen, which is a sub-set of the entire object.

I actually did something else here. I ‘piped’ the object returned from one cmdlet to another.

Pipeline

Above the simple example takes the single object output from my Get-EventLog cmdlet into the Format-List cmdlet. Great for organizing your output. What happens if you have a cmdlet that returns a lot of data?

PS\> Get-EventLog –LogName Application |Measure

This counts how many objects to output. Right now I would return a measly 2685 events as individual objects. Small application log but way too much to handle. I want to pipe the output to another cmdlet, Select-Object, to trim down the output a bit.

When I pipe the output to Select-Object I can narrow down based on the properties of the object.

PS\> Get-EventLog –LogName Application | Select-Object –Property EventID, MachineName, –First 20

The above uses Select-Object to only show two properties, EventID and MachineName for the first 20 entries in the log.

You can narrow by any data that you are looking for. What if you want to see Source, or EntryType. Just use those properties in your list and you are good.

I find the pipeline to create an incredibly intuitive, readable system that at first glance can look very complex. It reads like a bit of a work flow.

1. Get all events in the application log
2. Select from that list the first 20 events
3. only prepare the EventID, MachineName, Source and EntryType.
4. Export the data to a webpage

PS\> Get-EventLog –LogName Application | Select-Object –Property EventID, MachineName, source, EntryType  –First 20 |Convertto-HTML |Out-File .\eventlog.html

Other than some typos…

SMH - Windows 8, Windows 8.1, Windows 8.1 Update 1

Not what you are expecting?

My rant du jour is not against Windows and its direction since Windows 7, it is a rant for it. More specifically it is a rant against those so called pundits that have built careers spouting opinion filled nonsense because it collects readers. 

I have been reading about Update 1 for a while as most of us have. I had taken a look at the update on one of my tablets, I waited for my main computer and my laptop until today. I was expecting to not like the update. The reason I didn't think I would like the update is because I felt like Microsoft and the Windows team was bailing. It seemed like they were pandering to whiney, I don't like change people and I personally think that is weak! I love Windows 8 + and I love it on my Surface Pro, my RT, my laptop, my desktop. Touch, no-touch, I don't care. I find the OS elegant, fun and interesting. 

I like the management of it, I like PowerShell, I like the dual experience of modern and classic. I like the cloud integration, I like the device management, I just like it. There were some time where I was frustrated with how I used to do something, but learning how a scenario works on this new OS family is interesting.

When I first installed a Windows 8 machine at home, a long time ago (I was working on the Windows Engineering team at the time so very early previews). I had to keep it to myself. But when it was announced I could install an update that exposed the new UI and start talking about it. It took me some time to get efficient but it was still a very cool experience.

I sat my oldest daughter down, she was probably 10 at the time, and I told her to check out my new computer. I walked away and without any instruction she was finding things, she was painting, creating docs, playing games and enjoying herself. No touch screen, just mouse and keyboard and she loved it and found it very intuitive. 

How can some self-proclaimed experts spew nonsense about the OS without any technical backing? How can someone correlate the drop in PC sales with the OS alone and not take into account that computing is changing fundamentally? I read a piece today on Information Week that was not a bad piece. It was 'Windows 8.1 Update 1: 10 key changes'. OK, great, let's see what was important to them. The article began quoting Paul Thurrott and a couple of others on how they hated Windows 8+. 

Now I have been following Windows since the beginning. I was an MCSE in Windows NT 3.5, I was one of the early MCSEs in Windows 2000 and I have been reading Paul and and others for years. Paul built a reputation on being incredibly helpful to those of us who were learning how these systems works. An incredible resource along with his colleagues. At some point it seems like he realized people cared about his opinion and it has been a decline in value since. The quote in the previously mentioned article was "Windows 8 is a disaster in every sense of the word." OK, taken out of context I'm sure but come on, really. Slackware was a disaster. There were so many great things about Windows 8 even for the haters out there from day 1. The willingness for Microsoft to take a pretty aggressive jump forward in the experience by itself is impressive and very, well, non-Microsoft. 'Disaster'? Really? Vista was a disaster. There was some user research regarding Vista that was interesting. Out of the population surveyed for a given study a very high percentage said that Vista was horrible. Out of those who said Vista was horrible a very low percentage had ever personally seen or used a Vista machine. I'm not going to even bother trying to dig that up because even if I did... haters are going to be haters. It is not even worth the argument. 

I was happy to see that the Update, even though it was pandering a bit IMO, has some pretty great changes. Even though the Information Week article started out negative and had a bit of a negative tone, it walks through these 10 changes that are really interesting and make the usability of the system better. Check out that article here. There are a ton of articles going around. Come up with your own opinions. See what you like and what you don't. Don't listen to the haters, and don't be one. Make up your own mind. If you don't like it fine, but justify it with something a bit deeper than it is a disaster.

SMH

PowerShell 006 – WMF v5 and OneGet

Windows Management Framework v5 Preview

WMF V5

Jeffrey Snover posted an announcement of the WMF V5 preview on the Windows Server Blog. The post and a download link to get the new bits is here.

There are a few very interesting pieces here and it is another step in the growth of the framework and PowerShell. I’m personally a little unsure of the reach and extension of the framework into realms ‘unmanaged’ or out of the control of Microsoft. When software vendors provide their modules they take responsibility, with the WFM V5 and especially the OneGet functionality the line is a bit blurred. Who is responsible if OneGet isn’t working? MSFT? Chocolatey? other source providers? At the end of the day, OneGet is pretty cool.

OneGet

From the Windows Server Blog “OneGet is a new way to discover and install software packages from around the Internet. It will simplify the acquisition of all kinds of software and make installation and discovery ‘easy peasy’ as they say.

Much of the OneGet capability is very interesting. I have a few areas that cause me some concern. I’m am willing to be convinced so I’ll spend some time checking it out.  After I setup WMF 5 this morning I used the Get-Command cmdlet to find the OneGet cmdlets. After I found the basics I ran;

PS C:\> Find-Package |Export-csv packages.csv

This first informed me that it needed to retrieve NuGet Package Manager. It then gave me a list of all of the packages available via the provider Chocolatey. There are roughly 1750 packages today (4/4/2014). I wanted to learn more so I decided to check to see if my help files were up to date.

PS C:\> update-help

Uh Oh! update-help throws an error when grabbing help on the ‘OneGet’ and ‘NetworkSwitch’ Modules. Honestly not a great place to start but it is preview! So, learning what parameters are required, mandatory, allow for wildcards etc. may have to wait a bit. Or I can just sit at my computer for hours trying different things!

I did look through my .csv file and found Notepad++ and I decided to set that up.

PS C:\> Install-Package -Name notepadplusplus

After a brief warning about the package not being marked as safe and me ignoring the warning, it downloaded any dependencies and installed the package. Pretty cool if you ask me.

NetworkSwitch

Last year at TechEd I ran into Jeffrey between sessions and had a chance to catch up. Jeffrey is an incredibly accessible guy and so enthusiastic. Just a great person to chat with. I have a few great Jeffrey Snover stories from some projects I had the pleasure of working while at Microsoft, but those are for a different post <G>. During that brief discussion Jeffrey shared with me how one of his visions around Desired State Configuration (DSC) was managing switches, well… here we are! Read through the Windows Server Blog announcement on WMF v5 Preview to learn more about this capability.

PowerShell 005 – Install-ADDSForest

Setting Up a Lab

DCPromo has come a long way in the past 13 + years. Windows Server all up is so incredibly different, more powerful, more intuitive, more manageable. It is simply a great operating system to work with. I have a very specific scenario that I want to talk about here. That is setting up a lab.

There are many ways to do this, and they all have their benefits. I want to start simply. The first machine in the lab, setup as the forest root, your first DC.

The Scenario

This is not simply building a new lab. This is the re-building process that many of us go through every couple of months to get a clear setup to test with. Building the lab manually is a powerful experience especially when you are being introduced to a new OS. In this case I’m running Windows Server 2012 R2. I want to walk through the creation process manually to see if anything noticeable has changed. In this case I have already installed the Active Directory Domain Services Role and now it needs to be configured. This is the DCPromo process we have used for years. The task is initiated from within Server Manager.

After you install the AD DS role you will notice a flag informing you that you now need to ‘promote’ this server to function as a Domain Controller.

Click ‘Promote this server to a domain controller’ and the ‘Deployment Configuration’ Wizard will start.

The purpose of this post is not to walk through the configuration of the domain. In summary you can add a new DC to a domain, add a new domain or create a new forest. I’m going to create a new forest.

After walking through basic configuration, naming your domain, DC options, functional levels, NetBIOS naming, paths to files etc. etc. etc. You will come to a page in the wizard called ‘Review Options’. Along the way there are lots of links to additional information. If you are new to AD or new to Windows Server 2012 R2, take the time to read this information. It will save you time in the future.

Notice the ‘View script’ button in the bottom of the dialog. Hmmm… what could that be?

A simple PowerShell script to configure your first DC. You don’t need to, or want to, run the wizard every time you need to rebuild your lab. Simply save this script as a .ps1 file. Save it in a place that you will keep to use every time you build out a new lab.

I am going to cancel the wizard after I save the script. I want to execute this DC Promotion in PowerShell. I like to use the PowerShell ISE for multiple reasons but when working with scripts you have both the scripting windows right along with the console. Makes things very easy.

You can hit F5 or click the green arrow or get into the ‘Debug’ menu for more options. For the quick and dirty I’m just clicking the green arrow. Provide your SafeModeAdministratorPassword and off it goes.

You may get some messages and warning along the way. PowerShell seems to provide great feedback to help you understand what is going on.

The server will reboot and your DC is setup.

Save the script, store it. You will find many others. I will explore Desired State Configuration (DSC) in the future to really fully leverage PowerShell to manage deployment and configuration of components across your enterprise. I have a long way to go before I’m ready for that! Just getting my feet wet with DSC at this point.

Enjoy!

Group Policy 001: Intro to the GPMC

Tools

There are multiple tools you use when working with Group Policy. The two primary tools have not changed much since Windows Server 2003 R2. The primary reason is they just work great, do what they are supposed to do and focus on key scenarios. This is a quick overview of the Group Policy Management Console or the GPMC, the first of the two primary tools. A follow-up post will explore the editor or the GPME. 

Group Policy Management Console

The Group Policy Management Console or GPMC is the primary tool for managing Group Policy. This is where you create, link, secure, delegate control, report on, monitor status and more. It is a common tool for network administrators and desktop administrators alike and provides for a lot of scenarios. 

GPMC

In the GPMC you will see all domains and sites defined in your forest. Group Policy is primarily a domain specific technology. Keeping your management within a domain makes things easier but being able to apply policy across the enterprise, regardless of which domain a user or computer happens to be in is a very powerful feature.

The tool itself likes to focus its attention on the domain controller that holds the PDC emulator role. Some of us old people actually had to work with actual PDCs. In tools like GPMC if you choose to focus the attention on a different Domain Controller in your enterprise it is an easy change. Simply access the action menu from the Domain you are focused on and choose 'Change Domain Controller..."

Change DC

Create Group Policy Objects

One important aspect to managing Group Policy is where the data is actually stored. This is important because GP is not the most forgiving of technologies. You want to know where you are placing a GPO and who/what it is affecting. There is a container under the Domain node in the GPMC called "Group Policy Objects". This container is where all GPOs are stored if they are 'linked' or not. I like to create my GPOs in this container and manage linking and delegating during my configuration process. To create a GPO;

1. Right click on the "Group Policy Objects" node and select 'New'
2. Give the GPO a Name 
3. Choose to start from scratch or pick a 'Source Starter GPO' (Starter GPOs will have to be another post)
4. Click OK

New GPO

Select the GPO you created in the list under the 'Group Policy Objects' container. The right hand side of the screen will contain the majority of information you need related to this GPO. The 'Scope' tab shows effectively which users and which computers may be affected by this GPO. I say may simply because there are additional caveats to cover in other posts. It will show which OUs the GPO is linked, what security groups will be affected by thsi GPO and even any WMI filters that will more granularly control application of the GPO.

The 'Details' tab shows version information, ownership, versioning and the GUID that references this GPO. This will be very important in other advanced scenarios. 

The 'Settings' tab shows the native Microsoft settings configured in this Group Policy object. The 'Delegation' tab show which users will have access to this GPO for management purposes. 

And the last tab, 'Status' is the newest piece of functionality here and it will show you the replication status of this GPO across other domain controller.

GPO Details

There is a lot more to cover in the GPMC but for this overview that is a good start. Let's look at editing a Group Policy Object in a follow-up post.