We meet the third PowerShell (part I)

the Pace of development of modern technologies is such that we barely keep up. But today we'll jump ahead a little, learn about the new PowerShell v3, and look around not only the eyes but also let us touch hands.

Stand

I gathered under Hyper-V two machines on Windows Server 2012 RC, created a single-domain forest called litware.inc. Two machines in the domain are called, respectively, w2012dc1.litware.inc and w2012cl1.litware.inc. On w2012dc1 revolve domain services and DNS, and w2012cl1 turns anything but, in fact, most OSes. Also in the domain there is a user user1, the member domain users. You can, of course, was to install on a second machine Windows 8 RC, so to speak, for beauty, but I decided to save a little disk space by taking one parent virtual hard disk, and to him they put two child instead of using two independent virtual hard disks.
Also, should mention that not all the terminology I use has already been localized and is in Microsoft language portal, so I give their translation exactly as I understand these terms, and in brackets give the original title in English.

what's New

First, let's simply list is:

the

    workflows (eng. Workflows) is some processes running sequentially or in parallel, performing complex management tasks. Actually in PowerShell v3 now includes support for Windows Workflow Foundation, and do PowerShell workflows are repeatable, parallelisme, interruptible, and recoverable.

    Reliable session (eng. Robust sessions) is a session of PowerShell, automatically recover after network problems and the like interrupts. Also this technology allows you to disconnect from a session on one machine and connect to the same session to another.

    Scheduled tasks (eng. Scheduled jobs) is a PowerShell job that can be performed with a certain interval, or in response to some event.

    Special configuration for session (eng. Custom session configurations) – For every PowerShell session you can predefine a specific set of parameters and save them in a special configuration file, then to enter the given session.

    Simplified the language syntax (eng. Simplified language syntax) is allegedly a simplified syntax allows the PowerShell script to look less like a program and more similar to natural human language.

    cmdlets (eng. Cmdlet discovery) – automatic loading of the module containing the cmdlet if this module is of course installed on the machine.

    Show-Command is just one of the new cmdlets that we, perhaps, begin.


Show-Command

After it starts, without arguments, a window appears from which emanates the grandeur and glamour:
If you had to look for TechNet a particular cmdlet, and then use the objects .NET, here here please, all modules, all the cmdlets that look – don't want to.



Here, if you please, cmdlets managing DNS server and DNS client service, and if you choose a module, such as a network, you can view the cmdlets configure the routing table or, say, the TCP/IP settings for network interfaces.



I also tried to look for the word "share", "user", "acl", "policy", "adapter", and so on and so forth, it is interesting.

Cmdlet discovery

Related to the previous, but not directly independent. In PowerShell v2 in Windows Server 2008 R2, in order to perform certain operations, you need to connect a particular module, PowerShell v3 automatically determines which module is responsible for the cmdlet runs in the background of this module loads without any issues.

the
Get-GPO-All | ft Id #Let us just interested in the Id column, no frills

We get an error, because it is not loaded module GroupPolicy:

the
Import-Module GroupPolicy

Now, if you repeat, then all is fine:



In PowerShell v3 are all well initially:



Simplified language syntax

Then, as I thought, the developers have decided to bring the language to SQL, well at least traced some analogy. The fact that they introduced a new syntax for the Foreach-Object and Where-Object. Although the practical value of the Foreach:

the
Get-Service | Foreach Name

instead of

the
Get-Service | Foreach {$_.Name}

in my opinion, questionable.
Another thing is the Where:

the
Get-Service | Where Status -eq Running

instead of

the
Get-Service | Where {$_.Status-eq "Running"}

nothing, without any curly brackets with dollars-quotes.
Also, there are a couple of new operators: In and NotIn, indicating the range. With them, I think it is more than clear:



Custom session configurations

The great innovation that I want to tell in the first part of this configuration session in conjunction with the administrative delegation. Actually the file is a configuration file with the extension .pssc, which just contains a hash table of properties and values: authorship, language, variables, function definitions, etc. In the same configuration session, there are other properties:

the
Get-PSSessionConfiguration | Get-Member

Get the picture, like this:



You can see how many adjustable parameters? You can even compare with the picture that appears when you run this command in PowerShell v2 and feel the difference.
But how to use it? And I'll show you, I confess, I long enough was picked to write these few lines. So, sequentially executed:

the
$defSSDL = (Get-Item WSMan:\localhost\Service\RootSDDL).Value #Take SSDL "default"
$SecDescriptor = New-Object -TypeName Security.AccessControl.CommonSecurityDescriptor $false, $false, $defSSDL #Create a security descriptor
$user = Get-ADUser user1 #Find the Active Directory user you want, but better, of course, the power to give groups
$SecDescriptor.DiscretionaryAcl.AddAccess([System.Security.AccessControl.AccessControlType]::Allow $user.SID.Value 268435456, [System.Security.AccessControl.InheritanceFlags]::None, [System.Security.AccessControl.PropagationFlags]::None) #Add our user SID
$sddl = $SecDescriptor.GetSddlForm("All") #Pick up what happened
$creds = Get-Credential "administrator@litware.inc" #Enter credentials of the administrator

New-PSSessionConfigurationFile -Path .\DnsRead.pssc -SessionType RestrictedRemoteServer -VisibleCmdlets "Show-DnsServer*" -ModulesToImport DnsServer #Create configuration file
Register-PSSessionConfiguration -Name DnsRead -Path .\DnsRead.pssc -AccessMode Remote-securitydescriptorsddl parameter $sddl RunAsCredential $creds #Register the configuration


Mind you, I have limited configuration only the module DnsServer and only the cmdlets that begin with Show-DnsServer, this ensures that although the shell and will be executed with the privileges of user administrator@litware.inc, but the remote user user1 from a remote machine w2012cl1 will not be able to do anything, except perhaps this:



Easy stuff, right? Limiting the modules and cmdlets inside PowerShell, we can easily in our team of administrators some employees to make responsible for DNS, others for network, and users, for example, to give the right to make snapshots of their machines on Hyper-V in VDI, and no one will know the credentials of the user under which the task is running! And the finished configuration file is only transferred from one place to all other servers with similar functions.
In the next part we will go forth, or rather up the list, analyze reliable session, scheduled jobs and, of course, workflows. Well, maybe a little touch on the new PowerShell ISE, there is also something to look at.
Article based on information from habrahabr.ru

Популярные сообщения из этого блога

Approval of WSUS updates: import, export, copy

Kaspersky Security Center — the fight for automation

The Hilbert curve vs. Z-order