Using Windows PowerShell to administer your Windows environment Richard Siddaway MVP Microsoft Practice Leader Centiq Ltd. Rsiddaway@centiq.co.uk Introductions I do not work for Microsoft Microsoft Practice Leader at Centiq Interests are optimisation, migration and management Automation = Script wherever possible Worked with PowerShell since early betas Started and lead UK PowerShell User Group PowerShell MVP Demo heavy Windows Server 2008 PowerShell V2 Questions Who Uses PowerShell ? Has seen PowerShell ? Uses another scripting language? Automates administration Agenda PowerShell Overview Learning PowerShell Using WMI Break Administering Active Directory Administering IIS 7 Security Infrastructure IT Operations Infrastructure Applications Infrastructure Collaboration Infrastructure Administration Styles GUI Interactive Script POWERSHELL OVERVIEW PowerShell Optimise administration Minimise Effort Maximise return on time spent learning PowerShell Automation engine Command Shell and scripting language .NET based DO NOT NEED TO LEARN .NET PROGRAMMING RTW November 2006 2 million+ downloads CTP 2 for Version 2 available PowerShell – Key Features Cmdlets Providers Extensible Composable Pipeline Script Types Text .Net “interpretation” of the traditional Unix scripting model COM WSH/VBScript style scripting .NET Manipulate any native .NET object Commands PowerShell cmdlets emitting objects DataTypes Flat File – CSV etc .NET XML WMI ADSI ADO.NET SQL PowerShell adoption Microsoft Exchange 2007 Windows Server 2008 SC Data Protection Manager SC Operations Manager 2007 Compute Cluster SQL Server 2008 OCS Resource Kit Third party Special Operations Software Quest AD cmdlets PowerGUI PowerGadgets Sdmsoftware IBM Websphere MQ PowerShell Community Extensions PowerShell V2 It is a CTP!! !!!!! DO NOT USE IN PRODUCTION !!!!!!! It will change!! Remoting Background jobs Script Cmdlets Debugging Graphical PowerShell LEARNING POWERSHELL Your four best friends Get-Help Get-Command Get-Member Get-PSDrive Ad Hoc Development Try things out in an interactive shell Stitch things together with utilities Put the results in a script file Realize that the tools are unsuitable and restart with a new set of tools Generalize (e.g., parameterize) Clean it up production-quality Integrate into your environment Share with the community Issues Default install mode won’t run scripts Set-ExecutionPolicy No file association Can’t automatically run scripts Can’t double click script to run it No remoting – coming in V2 Can use .NET and WMI Current working directory is NOT on PATH .\myscript.ps1 Does not load all .NET assemblies Use [Reflection.Assembly]::LoadWithPartialName(" Microsoft.SqlServer.Smo ") Demo Learning PowerShell ADMINISTERING WINDOWS SYSTEMS Administering Windows Processes Services File system Registry Event Logs Demo Administering Windows systems USING WMI WMI Instruments to access management information Common Information Model V2 Windows 2000 onwards Namespaces and classes Local and remote machines WMI Namespaces are hierarchical Default set of namespaces and classes Applications and services add more WMI in VBScript strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") Set colItems = objWMIService.ExecQuery( "SELECT * FROM Win32_Service",,48) For Each objItem in colItems Wscript.Echo "-----------------------------------" Wscript.Echo "Win32_Service instance" Wscript.Echo "-----------------------------------" Wscript.Echo "Name: " & objItem.Name Wscript.Echo "Status: " & objItem.Status Next WMI in PowerShell Get-WMIObject Win32_Service | Select-Object Name, Status | Format-List Or even: gwmi win32_Service | select name, status | fl WMI WMI Type Accelerators [WMI] [WMIClass] [WMISearcher] Improved support in V2 Get-WMIObject improved Invoke-WMIMethod Set-WMIInstance Remove-WMIObject Demo Using WMI through PowerShell Summary PowerShell can Adminsister local machines Adminsiter remote machines WMI .NET Access Services Processes Registry Event logs Applications Break ADMINISTERING ACTIVE DIRECTORY PowerShell and Active Directory NO AD cmdlets in PowerShell v1 or V2 Exchange 2007 has limited AD support Special Operations Software Quest AD cmdlets Sdmsoftware GPO cmdlets Quest PowerGUI PowerShell Community Extensions /nSoftware Scripting Active Directory Provider PowerShell Community Extensions Access AD as “filesystem” Navigation Use core commands Interactive or scripting Associated cmdlets Issues – “open source” Scripting AD in PowerShell System.DirectoryServices DirectoryEntry DirectorySearcher System.DirectoryServices.AccountManagement System.DirectoryServices.ActiveDirectory System.DirectoryServices.Protocols [ADSI] [ADSISearcher] (V2) Psbase issues (V1) Searching AD System.DirectoryServices.DirectorySearcher Wraps ADSI search functionality Faster and more powerful Easier No ADO recordset Search for deleted objects Uses LDAP syntax only (cn=jbloggs) Can search Global Catalog [ADSISearcher] (V2) DirectoryServices.AccountManagement ADSI via .NET Users and Groups Local and AD Not access to complete AD object New in .NET 3.5 DirectoryServices.ActiveDirectory .NET access not ADSI Administration rather than data Only access some objects Not access to complete AD object DirectoryServices.ActiveDirectory Sites, sitelinks, subnets, schedules Forest Domain Trusts Replication Schema Demo Adminsitering Active Directory ADMINISTERING IIS 7 IIS 7 Management tools New managed code API Microsoft.Web.Administration New WMI provider root\webadministration New command line tool Appcmd PowerShell provider GUI IIS 7: .NET Like any managed code assembly M.W.A requires explicit load into PowerShell before use Do not forget to save your changes calling CommitChanges() No access to remote machine Credentials issues IIS 7: WMI Needs packet privacy MUST give credentials to access remotely V1 Get-WMIObject cannot access V2 can Cannot create new objects remotely Alternatives: Access WMI via .NET Use remoting IIS 7: WMI IIS 7.0 introduced a new WMI namespace called “WebAdministration” in Vista, and it was enhanced in SP1 and Windows Server 2008 WebAdministration is greatly simplified compared to IIS 6.0 WMI namespace (“MicrosoftIISv2”) WebAdministration is tightly integrated with IIS 7.0 configuration system, but provides more traditional set of objects: Site, Application, ApplicationPool, in addition to configuration sections IIS 7: PowerShell provider Download from www.iis.net Provider and cmdlets Currently CTP 2 IIS and Config file admin IIS 7: Legacy support The following options can be installed for IIS 7.0: IIS 6 Scripting Tools IIS 6 WMI Compatibility IIS Metabase Compatibility The goal behind these options is to allow existing ABO, ADSI, WMI code to continue to work on IIS 7.0 Legacy scripts can only update legacy settings Settings introduced for IIS 7.0 require the use of new APIs Demo Using IIS 7 through PowerShell Summary/Call to Action PowerShell can be used to administer large and growing parts of your environment Now available at: www.microsoft.com/downloads Search for PowerShell Try it, Deploy it, Use it, Share For More Information User group: http://powershellug.com/ My Blog http://richardsiddaway.spaces.live.com Books Books Any Questions? Name: Richard Siddaway Email: Rsiddaway@centiq.co.uk Reference Slides Scripting with COM Access existing instrumentation Bind to COM objects $fso = New-Object -ComObject Scripting.FileSystemObject $m = [System.Runtime.InteropServices.Marshal] $word = $m::GetActiveObject("Word.Application") Invoke methods/access properties $fso.GetDrive(“C:”) $fso.VolumeName = “System Drive” Understand/extend instrumentation Extend and discover properties/methods Update-TypeData Office.Word.Types.ps1xml $fso | Get-Member Manipulate and format results Define and import custom formating Update-FormatData Office.Word.Format.ps1xml $word.RecentFiles | Sort name | Format-Table Allows more simpler/more powerful COM scripts because of utilities and formatting Scripting with WMI PowerShell provides native WMI support Get-WmiObject Allows for inspection of WMI namespace Get-WmiObject –list [-Namespace xx] Get-WmiObject –Class xx –Namespace xx –Property xxx – Filter xxx –ComputerName xxx –Credential xxx Native language support [WMI] “\\JPSDESK10\root\cimv2:Win32_Process.Handle="0“ [WMICLASS] "ROOT\cimv2:WIN32_PROCESS" [WMISEARCHER]"select * from Win32_process WHERE Name = 'calc.exe'" Scripting with .NET PowerShell provides native access to any .NET class Create any object [reflection.assembly]::LoadWithPartialName("System.Wind ows.Forms") $d = New-Object System.DateTime 2006,12,25 Access Properties/Invoke Methods $d.DayOfWeek $d.AddDays(-30) Access Statics [DateTime]::Now [DateTime]::IsLeapYear(2006) Allows admins to easily access and leverage a huge API set because of scriptability, utilities and formatting Scripting with XML PowerShell provides native XML support Native datatype $x=[xml]"<a><b><c>TEST</c></b></a>“ $b =[xml](type c:\i386\mssecure.xml) Native syntax to access “data” view of properties $b.BulletinDataStore.Bulletins.Bulletin[0] Access to XML methods $b.BulletinDataStore.SelectNodes(“//Patch”) XML properties available through PSBase property $b.BulletinDataStore.PSBase.innerXml Scripting with Text Invoke existing tools Existing command run directly after variables are expanded Harvest data from existing tools Parse output into variables using text utilities. Pipe data to SELECT and use –FIRST and –LAST Select-String <REGEX> <Path> Dir | Select-String <REGEX> [DateTime]”12/25/2006 7:00” ([DateTime]”12/25/2006 7:00”).AddDays(-30) Use functions/scripts to wrap the commands and convert output to objects or provide standard syntax Safely process text Use CLR types via Windows PowerShell to safely parse text [URI]” http://blogs.msdn.com/powershell/archive/2006/04/25/583234.aspx” Allows admins to get 2-10x more power out of existing commands because of scriptability Active Directory AD cmdlets http://www.quest.com/activerolesserver/arms.aspx PowerGUI http://www.powergui.org Special Operations Software http://www.specopssoft.com/ SDMSoftware http://www.sdmsoftware.com/freeware.php IIS 7 The following walkthroughs are available on the www.iis.net web site: PowerShell An Introduction to Windows PowerShell and IIS 7.0 http://www.iis.net/go/1212 Writing PowerShell Command-lets for IIS7 http://www.iis.net/go/1211 AppCmd Getting Started with AppCmd in IIS 7.0 http://www.iis.net/go/1222 Command Line Administration with IIS7 – AppCmd http://www.iis.net/go/954
© Copyright 2024