PowerShell Integrated Scripting Environment

You can always type directly into PowerShell, however if you're newer to PowerShell, I recommend using the PowerShell Integrated Scripting Environment (ISE). It makes suggestions based on what you’re typing and is very handy if you aren’t sure. As you can see in Figure 1-5, PowerShell ISE is correctly suggesting Get-Member based on what I started typing. Plus, you can look up commands in the right-side pane. PowerShell ISE is being deprecated; it still exists in PowerShell v5, but it will be removed in PowerShell v6. At the time of this writing, it is still included in Windows Server 2022.

Text editors

For some system administrators, the simplicity of a simple text editor can be really tempting. Notepad is available by default in the Windows Server operating system. Personally, I love Notepad ++ because it’s a simple interface, but it still provides color coding and, with the installation of an extension, you can check the differences between two files. Notepad ++ is an open-source project, and you do have to download and install it (go to https://notepad-plus-plus.org).

Visual Studio Code

Visual Studio Code is a code editor that is designed to be a light version of the traditional and more complex products. It’s optimized for quick code development and available on Windows, Linux, and macOS, free of charge. It features many of the useful features that you’re used to if you’ve used PowerShell ISE in the past, but it adds some new features that make it a better organizational tool. It can complete commands with IntelliSense and has a much more user-friendly method of browsing PowerShell commands when you install the PowerShell extension.

For system administrators who have some familiarity with Visual Studio, or who want integration with GitHub or other code repositories, Visual Studio Code is a great option. It brings support for Git commands out of the box and can be customized with other extensions past the core PowerShell extension. Going forward, it’s what Microsoft recommends using for work in PowerShell, given that the PowerShell ISE is being deprecated.

You can download Visual Studio Code at https://code.visualstudio.com. Installation and configuration are relatively simple:

1. Download the Visual Studio Code installer from https://code.visualstudio.com.
2. Navigate to your Downloads folder and double-click the VS Code executable to begin installation.
3. On the Setup – Visual Studio Code screen, click Next.
4. On the License Agreement screen, select the I Accept the Agreement radio button, and then click Next.
5. On the Select Destination Location screen, select where you want the software to install to, and then click Next.

6. On the Select Start Menu Folder screen, choose a folder in the Start menu if you want the application to be stored somewhere other than the default, and click Next.

   You can also opt to not create a Start menu folder. I’ll accept the defaults.

7. On the Select Additional Tasks screen, select the Create a Desktop Icon check box, the Add “Open with Code” Action to Windows Explorer File Context Menu check box, and the Register Code as an Editor for Supported File Types check box; leave the Add to PATH check box selected (see Figure 1-6).
8. On the Ready to Install screen, click Install.
9. On the Completing the Visual Studio Code Setup Wizard screen, leave Launch Visual Studio Code check box selected, and click Finish.

10. After VS Code has launched, click Extensions on the left side menu.

    It looks like a small box being added to three other boxes.

11. Type PowerShell into the search box, and click Install on the extension for PowerShell, as shown in Figure 1-7.

    In the figure, you can see PowerShell is the first in the list. Make sure you select the one developed by Microsoft.

With the PowerShell extension installed in VS Code, you can open the PowerShell Command Explorer (see Figure 1-8). This is helpful when looking up commands. To open it, click Help and then click Show All Commands. Type PowerShell into the search box and select PowerShell Command Explorer. If you click the question mark next to a cmdlet, your browser opens to the online help page for that cmdlet. Clicking the pencil icon inserts the cmdlet into the coding window.

Properties and methods

Properties and methods are used along with cmdlets to refine what you want the cmdlet to do. Properties are used to view the data that applies to an object, such as checking to see if an object is read-only, or to verify that data regarding an object exists. Properties are prefixed with a dash like this:

• Get-Command -version: Returns the version numbers on everything returned by the Get-Command cmdlet
• Get-Command -verb Get: Returns aliases, cmdlets, and functions that use the verb Get

Methods are different from properties. You call them by putting a period (.) before the method name. Methods are typically used to specify some kind of action you want to take on an object. Consider the Replace method in the following example:

'This is a great For Dummies book!'.Replace('great','super')

Here, you're using the Replace method to change the word great to the word super.

Variables

As I mention earlier, variables are used to store values. They can store commands, values, and strings. You’ll use variables extensively if you do any amount of scripting because they make things simpler. You can call a variable instead of having to type a long command, for example.

Arrays

An array is a type of variable. When you create the array variable, you assign multiple values to the same variable. For instance:

$Alphabet = "A,B,C,D,E,F"

This code creates an array variable named $alphabet, which contains the letters A, B, C, D, E, and F.

To read back the contents of the array, you do the same thing that you would do to display the contents of a variable. You call the variable in the PowerShell window — in this case, $Alphabet. You get a display similar to Figure 1-9 if you use my example.

Arrays are a very useful type of variable for system administration work. For example, when you want to store a list of usernames or computer names that you exported from Active Directory so that you can run commands against each of them, an array is a perfect fit. I haven't covered loops yet, but you can run a command against each entry in an array with a loop, instead of having to run a command against an individual system.

Browsing available modules

Modules are pretty cool, right? Your next question may be: How do I find out what modules are available to me? I’m glad you asked. The command is simple:

Get-Module -ListAvailable

If you run the command by itself, you’ll get a list of the modules that are available currently within your session. By adding the -ListAvailable parameter, you can get a list of modules that are installed on your computer and available for use. This command will take some time to return results, but when it does, you’ll have a nice list of all the PowerShell modules that are available to you on your system. I’ve included an example of the output in Figure 1-11. Please note that your output may look different because you’ll have additional modules listed based on the roles and features installed on your system.

Browsing the properties of a module

Get-Member is the simplest method to find out what properties are available to you with modules. The following line of code will give you a printout of all the properties associated with Get-Module. The last part of the command cuts the results down to just the name column because you aren't interested in the other columns for this purpose.

Get-Module | Get-Member -MemberType Property | Format-Table Name

-eq and -ne

Equal to (-eq) and not equal to (-ne) are used when you need to find an exact match to something, or when you want to ensure your results do not match. The response you get back is a true/false response. Consider the following code sample:

$num = 2
$othernum = 3
$num -eq $othernum

When the last line runs, it will return a false because 2 does not equal 3. Let's run not equal to (-ne) now, which returns a true:

$num -ne $othernum

You can see these little snippets in Figure 1-12 with their outputs.

-gt and -lt

Greater than (-gt) and less than (-lt) are also comparison operators that return a true/false response. You can play with a really simple version of this by setting a variable to a value and then testing it. For example:

$x = 4
$x -gt 8

The preceding code will check to see if the value of x (in this case 4) is greater than 8. It is not, so the response will be false.

-and and -or

-and and -or also return true/false responses based on the conditions that they're given. -and, for example, returns a true if both statements it is fed are true. -or returns a true if one of the statements it is given is true.

For example, the following statement will be true if $a is less than $b, and $b is less than 50:

($a -lt $b) -and ($b -lt 50)

This equation is similar but will be true if $a is less than $b, or if $b is less than 50:

($a -lt $b) -or ($b -lt 50)

Write-Host

Write-Host is used to write things onscreen. This command is very helpful when you want to give the result of something some context.

For example, you can set the value of a variable, in this case, $x to 2:

$x = 2

Then you can use Write-Host to print a sentence and the output of the variable:

Write-Host "The value of x is:" $x

This will end up printing out, “The value of x is: 2.”

Write-Output

Write-Output prints the value of a variable to a screen, much like simply typing the variable does. The main reason to use this particular command is that you can tell it not to enumerate data. If you're working with arrays, this can be helpful because the array will be passed down the pipeline as a single object rather than multiple objects.

An example from Microsoft’s web documentation for PowerShell showcases this perfectly. In both instances, you create an array with three values inside of it. If you measure the array, you get a count returned of 3, which makes sense. When you add -NoEnumerate, you get a count of 1. The three values are still there, but the array is simply being treated as one object rather than a collection of three, shown in Figure 1-13.

Out-File

Out-File is another method to export data from PowerShell into a file outside of PowerShell. This is especially helpful when you need to compile the data from a script, for instance, for analysis later on.

To get a list of processes running on a system so that you can dump them to file, you could do something like this:

Get-Process | Out-File -filepath C:PSTempprocesses.txt

If

The If statement tests a condition to see if it's true. If it is true, it will execute the code in the block. If it isn’t true, it will check the next condition or execute the instructions in the final block. Here is a silly example:

$server = 'Windows'
If ($server -eq 'Linux') {
Write-Host 'This is a Linux server.'
}
ElseIf ($server -eq 'Solaris') {
Write-Host 'This is a Solaris system.'
}
ElseIf ($server -eq 'Windows') {
Write-Host 'This is a Windows system.'
}
Else {
Write-Host "Don't know what kind of system this is."
}

In this instance, because $server was initialized as Windows, the first two blocks will be skipped, but the third block will execute. The last block is ignored because it was not reached.

ForEach-Object

Using ForEach-Object allows you to enumerate multiple objects that have been passed through the pipeline or even imported from arrays and CSV files, just to name a few. Let's say you want to gather the names of all the processes running on your system, but you don’t want any of the other information that goes along with it. You could use ForEach-Object to accomplish this:

Get-Process | ForEach-Object {$_.ProcessName}

While

While loops are known as pretest loops because the code is not executed if the condition set for the loop is not true. Basically, the code will be executed until the expression it's evaluating becomes false. These can be very useful when you need to increment or decrement a counter. Look at the following example:

$myint = 1
DO
{
"Starting loop number $myint"
$myint
$myint++
"Now my integer is $myint"
} While ($myint -le 5)

You may be thinking, “Okay, it will count from 1 to 5.” But that’s not quite true. On the fifth loop, the While loop sees that 5 is less than or equal to 5 so it will allow it to continue. Only when it’s presented with 6 will it stop execution because 6 is not less than or equal to 5. So it will count from 1 through 6. Give it a try!

Exporting and importing CSV files

Exporting a CSV is very handy when you have output that contains multiple columns. This is my go-to command when I’m doing an export from Active Directory because it keeps everything neat and organized.

Here’s how to export the processes on a system, similar to what you did with Out-File to get to a text file:

Get-Process | Export-Csv -Path C:PSTempprocesses.csv

Importing a CSV can be the answer to a system administrator's prayers when you need to work with a lot of data and you don’t want to type it in manually. Expanding on the example earlier where you exported a process list, you can import that same list and then format it nicely. Formatting is discussed in “Formatting your output” later in this chapter.

$Procs = Import-Csv -Path c:PSTempprocesses.csv

You only need to specify -Path if you want to save output or import output from somewhere other than the directory you’re currently in.

Exporting HTML/XML

This one isn’t exactly a true export. You’re actually converting the output of a command to HTML and then using Out-File to write it to that file. Consider the following example:

Get-Process | ConvertTo-Html | Out-File c:PSTempprocesses.html

You can see this example in Figure 1-14, where I've used the Invoke-Item command to actually open my created HTML file that contains the output of the Get-Process command.

Sorting through objects

Telling PowerShell how you want it to sort objects can be very useful. For example, you may want to sort on memory usage so you can see which processes are using the most resources. The Sort-Object cmdlet will sort processes in the order of least CPU-intensive to most CPU-intensive:

Get-Process | Sort-Object -Property CPU

Filtering through objects

Examples like sorting can be very useful, but it's highly unlikely that you would want to look through all the results for CPU. You probably just want to know what the most resource-intensive processes are. The Select-Object cmdlet will return the last five results from that CPU listing, which is a much more manageable and useful list if you’re troubleshooting issues.

Get-Process | Sort-Object -Property CPU | Select-Object -Last 5

Formatting your output

You’ve probably noticed from playing in PowerShell that sometimes the output isn’t as readable as it could be. So let’s look at some of the ways to format output to be a little prettier.

Run the Get-Process cmdlet to get a baseline for appearance. Figure 1-15 gives you an idea of what the cmdlet's output looks like.

FORMAT-TABLE

Format-Table can take data in a list format and convert it into a table. With the Get-Process cmdlet I've been using in this chapter, it wouldn’t change the output because Get-Process is already outputting a table. You can add the -AutoSize parameter so that the column sizes in the table adjust automatically.

FORMAT-WIDE

Format-Wide will display data in a table format, but it will only show one property of the data that it's presented. You can specify how many columns, and you can specify which property you want it to display. The example in Figure 1-17 is the output of Get-Process split into three columns. I haven’t specified a property name, but you can see that it’s using the Process Name as the property.

Creating a Code Signing Certificate

To be able to sign a PowerShell script, you need a Code Signing Certificate (CSC). If you're publishing certificates for use on the Internet, you can purchase CSCs from some of the large public certificate authorities like GoDaddy and DigiCert. If you’re creating certificates for internal usage, then you can create a CSC using your internal certificate authority. That’s the workflow you can walk through here:

1. Click Start and then type CertMgr.msc and press Enter.
2. Right-click Personal, then select All Tasks, then Request New Certificate.
3. On the Before You Begin screen, click Next.
4. On the Select Certificate Enrollment Policy screen, choose Active Directory Enrollment Policy, and then click Next.

5. Select the CSC template, and then click Enroll.

   On the Certificate Installation Results screen, you should see Succeeded.

6. Click Finish.

Importing the certificate into the Trusted Publishers Certificate Store

If you’re only going to run scripts on your local system, you can get away with manually exporting the certificate from your Personal Store and adding it to your Trusted Publishers Certificate Store. In an Enterprise situation, you’ll want to use Group Policy to push your certificate to the Trusted Publishers Certificate Store on any system you’ll run the script from. Follow these steps to do add your code signing certificate to your Trusted Publishers Certificate Store:

1. Click Start, type CertMgr.msc, and press Enter.
2. Select Personal, right-click your CSC, and choose All Tasks ⇒ Export.
3. On the Welcome to the Certificate Export Wizard, click Next.
4. On the Export Private Key screen, leave the selection on No, and click Next.
5. Leave the file format on the default .DER and click Next.
6. On the File Export screen, click Browse.

7. Select a location, name your cert, and click Next.

   I’ll name mine Demo CSC and save it to my Desktop.

8. On the Completing the Certificate Export Wizard, click Finish.

   You get a pop-up that says “The export was successful.”

9. Click OK.
10. Navigate to where you saved the certificate, and double-click it.
11. Click the Install Certificate button.
12. On the Welcome to the Certificate Import Wizard screen, select Local Machine and click Next.
13. On the Certificate Store screen, select Place All Certificates in the Following Store, and click Browse.
14. Choose Trusted Publishers and click OK; then click Next.

15. On the Completing the Certificate Import Wizard screen, click Finish.

    You’ll get a pop-up that says “The import was successful.”

16. Click OK.

Signing your script

After you’ve created the certificate, and you’ve imported it into the Trusted Publishers Certificate Store, you can sign your certificate, and your system will trust it. So let’s sign the simple Do While script that I created earlier.

Set-AuthenticodeSignature c:DoWhile.ps1 @(Get-ChildItem cert:CurrentUserMy -codesign)[0]

This signs the script with the certificate that is in my Personal Store. After the script is signed, I can run it. I’m not prompted and it runs without issue. If you look at Figure 1-20, you can see what the script looks like with the signature added to it.

In the example in Figure 1-21, I show you the whole thing from start to finish. I set the Execution Policy to AllSigned. Then I try to run an unsigned script. You can see I get an ugly error message saying that the script is not digitally signed. I run the PowerShell cmdlet to sign my script, and then I run the script again and it executes successfully. Pretty cool, right?