Managing Windows Server 2008 R2 and Windows 7 with Windows PowerShell V2

Corey HynesHynesITe, IncSession Code: SRV317

Objectives

Let you walk out of here, being able to run a script against an OU of computers, to make some sort of global configuration change

Assumption

You understand fundamental PowerShellYou are willing to learn how to write code

What will we cover?

PowerShell V2 toolsRemotingModules

Lots of details about individual modulesPowerShell code to run commands against multiple computersTips and TricksLots of Demos

PowerShell, why you should care?

New model for administration and administrative toolsGives ITPro’s the same ability as a developer to manipulate WindowsGUI now runs on PowerShellScripts, samples, guidance, all come as PowerShell scripts

Tools

PowerShell ConsolePowerShell ISEModulesRemotingForms

PowerShell ISE

Simplify authoring of scripts

SaveExecute partial scriptsDebugColor coding

Default on Win7Add to R2

Remoting

This is what makes this session possibleModule: None, build in.Key Cmdlets

Invoke-CommandNew-PSSessionEnter-PSSessionExit-PSSession

NotesMust be enabled, GUI or Enable-PSRemoting

RunSpace

IP LAN

ScriptBlock

Conceptual Model of Remoting

Get-Service Results

Working in Interactive Sessions

Key CmdletsEnter-PSSession to start a new sessionExit-PSSession to end a new session

Session objectsNew-PSSession

NoteInteractive sessions are not supported on Core

Modules

Discrete collections of cmdletsCan be authored and deployed to give you “packages” of functionalityStored in file system

System32\WindowsPoweshell\1.0\ModulesRoles and Features add new CmdletsYou can use a remote computer’s modules

Working with Modules

Import-Module to load a moduleGet-Module to load a moduleGet-Command –Module <Name> to see what is in a module

How to perform some really simple and easy things…..

Managing Windows

TroubleShooting Packs

Known as the “troubleshooters”Module: TroubleshootingpackKey Cmdlets

Get-Troubleshootingpack <path>Invoke-Troubleshootingpack <path>

NotesC:\Windows\Diagnostics\System contain build-in troubleshooting packs

Role and Feature Management

Replaces ServerManager.exeModule: ServerManagerKey Cmdlets

Get-WindowsFeature <FeatureName>Add-WindowsFeature <FeatureName>Properties Name, Parent, Installed, Dependson

NotesServer Core, have to add ServerManager-PSH-Cmdlets

Group Policy

Replaces: Lots of little tools and scriptsModule: GroupPolicy (part of GPMC)Key CmdLets

Get-GPO, New-GPOBackup-GPOCopy-GPOGet-GPOReport

NotesLimited ability to “edit” GPO.

Active Directory

Replaces: Scripts that were shipped with previous versionsModule: Active DirectoryKey CmdLets:

Way too many to listOver 75 Cmdlets

NotesRequires that you have one 2008 R2 DC running the AD Web Service

Best Practices

Replaces: Nothing, brand newModule: BestPracticesKey Cmdlets

Get-BPAModelInvoke-BPAModel

Notes:Not all roles have BPA models that can be run.Updates via Microsoft Update.

Additional Modules

ADRMS – Rights ManagementADRMSAdmin – Rights Management AdminAppLockerBitsTransferFailoverClustersRemoteDesktopSearvicesWebAdministrationNetworkLoadBalancing

Running commands across many systems

Scaling 1 to Many

Known Systems

If you know the names and quantity of your targetsUse Invoke-Command with –ScriptBlock and multiple computer names

Unknown Systems

If you do not know the names/quantityYou have to query for that information

Many optionsQuery from fileQuery from Active Directory

Query results in a collection of computer namesUse a foreach loop to pass instructions to each computer

Executing more Complicated Scripts

You can’t always write a One-LinerTo complexHard to read

Multi-line ScriptblockUse { and } with ; to separate the linesExectute the script

Loops

Key item to know is ForEach loopSimple Strucure

ForEach ($Object in $Objects) {$Object.DoSomething

}

Running “normal” commands

Not straight forwardNeed to combine command and parametersSuggestion

Shell using Cmd /CProvide/construct string as command to run

Configuration and Requirements

How do I do this?

Enable remote managementServer Manager on WS08 R2PowerShell on ServerCorePowerShell on Win7

Firewall Rules and AuthenticationAuthentication is KerberosSecurity is WMI based securityFirewall rules Allow port 5985 for HTTP

A word on Security

Big topic, not this sessionIn general

Authentication is Kerberos/NTLM or specifiedWire encryption can be HTTPS or IPSec

HTTPS part of WINRM configurationIPSec outside WINRM

Remoting disabled by defaultYou can restrict what remote sessions can do

Query data, make changes, all or none

Related Material

WSV08-HOL - Introduction to Windows PowerShell Fundamentals (40, 88, 3.14)WSV03-HOL - Advanced Windows PowerShell Scripting (38, 54, 3.19)WSV19-HOL - Windows Server 2008 R2: Server Management and Windows PowerShell V2 (39, 29, 3.34)WSV20-HOL - Windows Server 2008 R2: What's New in Microsoft Active Directory (38, 53, 2.76)

Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.