Using Windows PowerShell to administer your Windows environment Richard Siddaway MVP

Using Windows PowerShell to
administer your Windows environment
Richard Siddaway MVP
Microsoft Practice Leader
Centiq Ltd.
Rsiddaway@centiq.co.uk
Introductions
I do not work for Microsoft
Microsoft Practice Leader at Centiq
Interests are optimisation, migration and
management
Automation = Script wherever possible
Worked with PowerShell since early betas
Started and lead UK PowerShell User Group
PowerShell MVP
Demo heavy
Windows Server 2008
PowerShell V2
Questions
Who
Uses PowerShell ?
Has seen PowerShell ?
Uses another scripting language?
Automates administration
Agenda
PowerShell Overview
Learning PowerShell
Using WMI
Break
Administering Active Directory
Administering IIS 7
Security
Infrastructure
IT Operations
Infrastructure
Applications
Infrastructure
Collaboration
Infrastructure
Administration Styles
GUI
Interactive
Script
POWERSHELL OVERVIEW
PowerShell
Optimise administration
Minimise Effort
Maximise return on time spent learning
PowerShell
Automation engine
Command Shell and scripting language
.NET based
DO NOT NEED TO LEARN .NET
PROGRAMMING
RTW November 2006
2 million+ downloads
CTP 2 for Version 2 available
PowerShell – Key Features
Cmdlets
Providers
Extensible
Composable
Pipeline
Script Types
Text
.Net “interpretation” of the traditional Unix
scripting model
COM
WSH/VBScript style scripting
.NET
Manipulate any native .NET object
Commands
PowerShell cmdlets emitting objects
DataTypes
Flat File – CSV etc
.NET
XML
WMI
ADSI
ADO.NET
SQL
PowerShell adoption
Microsoft
Exchange 2007
Windows Server 2008
SC Data Protection
Manager
SC Operations
Manager 2007
Compute Cluster
SQL Server 2008
OCS Resource Kit
Third party
Special Operations
Software
Quest AD cmdlets
PowerGUI
PowerGadgets
Sdmsoftware
IBM Websphere MQ
PowerShell Community
Extensions
PowerShell V2
It is a CTP!!
!!!!! DO NOT USE IN PRODUCTION !!!!!!!
It will change!!
Remoting
Background jobs
Script Cmdlets
Debugging
Graphical PowerShell
LEARNING POWERSHELL
Your four best friends
Get-Help
Get-Command
Get-Member
Get-PSDrive
Ad Hoc Development
Try things out in an interactive shell
Stitch things together with utilities
Put the results in a script file
Realize that the tools are unsuitable and restart
with a new set of tools
Generalize (e.g., parameterize)
Clean it up  production-quality
Integrate into your environment
Share with the community
Issues
Default install mode won’t run scripts
Set-ExecutionPolicy
No file association
Can’t automatically run scripts
Can’t double click script to run it
No remoting – coming in V2
Can use .NET and WMI
Current working directory is NOT on PATH
.\myscript.ps1
Does not load all .NET assemblies
Use [Reflection.Assembly]::LoadWithPartialName("
Microsoft.SqlServer.Smo ")
Demo
Learning PowerShell
ADMINISTERING
WINDOWS SYSTEMS
Administering Windows
Processes
Services
File system
Registry
Event Logs
Demo
Administering Windows systems
USING WMI
WMI
Instruments to access management information
Common Information Model V2
Windows 2000 onwards
Namespaces and classes
Local and remote machines
WMI
Namespaces are hierarchical
Default set of namespaces and classes
Applications and services add more
WMI in VBScript
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer
& "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( "SELECT * FROM
Win32_Service",,48)
For Each objItem in colItems
Wscript.Echo "-----------------------------------"
Wscript.Echo "Win32_Service instance"
Wscript.Echo "-----------------------------------"
Wscript.Echo "Name: " & objItem.Name
Wscript.Echo "Status: " & objItem.Status
Next
WMI in PowerShell
Get-WMIObject Win32_Service | Select-Object Name, Status |
Format-List
Or even:
gwmi win32_Service | select name, status | fl
WMI
WMI Type Accelerators
[WMI]
[WMIClass]
[WMISearcher]
Improved support in V2
Get-WMIObject improved
Invoke-WMIMethod
Set-WMIInstance
Remove-WMIObject
Demo
Using WMI through PowerShell
Summary
PowerShell can
Adminsister local machines
Adminsiter remote machines
WMI
.NET
Access
Services
Processes
Registry
Event logs
Applications
Break
ADMINISTERING
ACTIVE DIRECTORY
PowerShell and Active Directory
NO AD cmdlets in PowerShell v1 or V2
Exchange 2007 has limited AD support
Special Operations Software
Quest AD cmdlets
Sdmsoftware GPO cmdlets
Quest PowerGUI
PowerShell Community Extensions
/nSoftware
Scripting
Active Directory Provider
PowerShell Community Extensions
Access AD as “filesystem”
Navigation
Use core commands
Interactive or scripting
Associated cmdlets
Issues – “open source”
Scripting AD in PowerShell
System.DirectoryServices
DirectoryEntry
DirectorySearcher
System.DirectoryServices.AccountManagement
System.DirectoryServices.ActiveDirectory
System.DirectoryServices.Protocols
[ADSI]
[ADSISearcher] (V2)
Psbase issues (V1)
Searching AD
System.DirectoryServices.DirectorySearcher
Wraps ADSI search functionality
Faster and more powerful
Easier
No ADO recordset
Search for deleted objects
Uses LDAP syntax only (cn=jbloggs)
Can search Global Catalog
[ADSISearcher] (V2)
DirectoryServices.AccountManagement
ADSI via .NET
Users and Groups
Local and AD
Not access to complete AD object
New in .NET 3.5
DirectoryServices.ActiveDirectory
.NET access not ADSI
Administration rather than data
Only access some objects
Not access to complete AD object
DirectoryServices.ActiveDirectory
Sites, sitelinks, subnets, schedules
Forest
Domain
Trusts
Replication
Schema
Demo
Adminsitering Active Directory
ADMINISTERING IIS 7
IIS 7 Management tools
New managed code API
Microsoft.Web.Administration
New WMI provider
root\webadministration
New command line tool
Appcmd
PowerShell provider
GUI
IIS 7: .NET
Like any managed code assembly M.W.A
requires explicit load into PowerShell before
use
Do not forget to save your changes calling
CommitChanges()
No access to remote machine
Credentials issues
IIS 7: WMI
Needs packet privacy
MUST give credentials to access remotely
V1 Get-WMIObject cannot access
V2 can
Cannot create new objects remotely
Alternatives:
Access WMI via .NET
Use remoting
IIS 7: WMI
IIS 7.0 introduced a new WMI namespace
called “WebAdministration” in Vista, and it
was enhanced in SP1 and Windows Server
2008
WebAdministration is greatly simplified
compared to IIS 6.0 WMI namespace
(“MicrosoftIISv2”)
WebAdministration is tightly integrated with
IIS 7.0 configuration system, but provides
more traditional set of objects: Site,
Application, ApplicationPool, in addition to
configuration sections
IIS 7: PowerShell provider
Download from www.iis.net
Provider and cmdlets
Currently CTP 2
IIS and Config file admin
IIS 7: Legacy support
The following options can be installed for IIS
7.0:
IIS 6 Scripting Tools
IIS 6 WMI Compatibility
IIS Metabase Compatibility
The goal behind these options is to allow
existing ABO, ADSI, WMI code to continue
to work on IIS 7.0
Legacy scripts can only update legacy
settings
Settings introduced for IIS 7.0 require the use of
new APIs
Demo
Using IIS 7 through PowerShell
Summary/Call to Action
PowerShell can be used to administer large
and growing parts of your environment
Now available at:
www.microsoft.com/downloads
Search for PowerShell
Try it, Deploy it, Use it, Share
For More Information
User group:
http://powershellug.com/
My Blog
http://richardsiddaway.spaces.live.com
Books
Books
Any Questions?
Name: Richard Siddaway
Email: Rsiddaway@centiq.co.uk
Reference Slides
Scripting with COM
Access existing instrumentation
Bind to COM objects
$fso = New-Object -ComObject Scripting.FileSystemObject
$m = [System.Runtime.InteropServices.Marshal]
$word = $m::GetActiveObject("Word.Application")
Invoke methods/access properties
$fso.GetDrive(“C:”)
$fso.VolumeName = “System Drive”
Understand/extend instrumentation
Extend and discover properties/methods
Update-TypeData Office.Word.Types.ps1xml
$fso | Get-Member
Manipulate and format results
Define and import custom formating
Update-FormatData Office.Word.Format.ps1xml
$word.RecentFiles | Sort name | Format-Table
Allows more simpler/more powerful COM scripts because of
utilities and formatting
Scripting with WMI
PowerShell provides native WMI support
Get-WmiObject
Allows for inspection of WMI namespace
Get-WmiObject –list [-Namespace xx]
Get-WmiObject –Class xx –Namespace xx –Property
xxx – Filter xxx –ComputerName xxx –Credential xxx
Native language support
[WMI] “\\JPSDESK10\root\cimv2:Win32_Process.Handle="0“
[WMICLASS] "ROOT\cimv2:WIN32_PROCESS"
[WMISEARCHER]"select * from Win32_process WHERE Name =
'calc.exe'"
Scripting with .NET
PowerShell provides native access to any .NET class
Create any object
[reflection.assembly]::LoadWithPartialName("System.Wind
ows.Forms")
$d = New-Object System.DateTime 2006,12,25
Access Properties/Invoke Methods
$d.DayOfWeek
$d.AddDays(-30)
Access Statics
[DateTime]::Now
[DateTime]::IsLeapYear(2006)
Allows admins to easily access and leverage a huge API set because
of scriptability, utilities and formatting
Scripting with XML
PowerShell provides native XML support
Native datatype
$x=[xml]"<a><b><c>TEST</c></b></a>“
$b =[xml](type c:\i386\mssecure.xml)
Native syntax to access “data” view of properties
$b.BulletinDataStore.Bulletins.Bulletin[0]
Access to XML methods
$b.BulletinDataStore.SelectNodes(“//Patch”)
XML properties available through PSBase property
$b.BulletinDataStore.PSBase.innerXml
Scripting with Text
Invoke existing tools
Existing command run directly after variables are expanded
Harvest data from existing tools
Parse output into variables using text utilities.
Pipe data to SELECT and use –FIRST and –LAST
Select-String <REGEX> <Path>
Dir | Select-String <REGEX>
[DateTime]”12/25/2006 7:00”
([DateTime]”12/25/2006 7:00”).AddDays(-30)
Use functions/scripts to wrap the commands and convert output to objects
or provide standard syntax
Safely process text
Use CLR types via Windows PowerShell to safely parse text
[URI]” http://blogs.msdn.com/powershell/archive/2006/04/25/583234.aspx”
Allows admins to get 2-10x more power out of existing commands
because of scriptability
Active Directory
AD cmdlets
http://www.quest.com/activerolesserver/arms.aspx
PowerGUI
http://www.powergui.org
Special Operations Software
http://www.specopssoft.com/
SDMSoftware
http://www.sdmsoftware.com/freeware.php
IIS 7
The following walkthroughs are available on
the www.iis.net web site:
PowerShell
An Introduction to Windows PowerShell and IIS 7.0
http://www.iis.net/go/1212
Writing PowerShell Command-lets for IIS7
http://www.iis.net/go/1211
AppCmd
Getting Started with AppCmd in IIS 7.0
http://www.iis.net/go/1222
Command Line Administration with IIS7 – AppCmd
http://www.iis.net/go/954