-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
1/16
6 Using Windows PowerShell to Manage Group Policy
Section Topics
Introducing Windows PowerShell
Windows PowerShell Library for Group Policy
Windows PowerShell-Based Logon Scripts
Section Objectives
After completing this section, you will be able to:
Describe the Windows PowerShell features
Explain how to perform the basic Windows PowerShell
operations
Explain how to access the Windows PowerShell library for Group
Policy
List the third-party Windows PowerShell-based logon script
tools
Section Overview
Windows PowerShell allows for automation in a more powerful form
than previous scripting
methods such as VBScript or batch files. This section explains
how to navigate and use basic
Windows PowerShell commands and how to use Windows PowerShell to
manage Group
Policy.
It also explains how you can use PowerShell logon scripts with
Group Policy.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
2/16
Introducing Windows PowerShell
Figure 134: Introducing Windows PowerShell
Windows PowerShell is a new Windows command-line shell designed
to perform system
administration tasks. Windows PowerShell is both an interactive
prompt and a scripting
environment that you can use separately or in conjunction with
each other.
Windows PowerShell is built on the .NET CLR and the .NET
Framework, and interacts with
.NET objects. This change in the environment brings entirely new
capabilities to the
management and configuration of Windows.
Windows PowerShell includes more than a hundred basic core
cmdlets, and you can write
customized cmdlets and share them with other users.
Important Terms
Cmdlets are single-function tools built into the shell.
As with the command-prompt, Windows PowerShell gives you access
to the file system on
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
3/16
the computer. Additional Windows PowerShell providers enable you
to access the registry and
the digital signature certificate stores as easily as you access
the file system.
Windows PowerShell also allows the management of roles in
Windows Server 2008 and later,
such as IIS 7.0, Terminal Server, Microsoft Exchange Server 2007
and Microsoft Operations
Manager 2007. Third-party vendors have also provided Windows
PowerShell commands that
improve manageability.
This topic describes the features of Windows PowerShell. It
explains the different ways that
you can use Windows PowerShell, and finally, how to use the
tool.
Windows PowerShell Features
Figure 135: Windows PowerShell Features
Windows PowerShell goes far beyond the standard command-prompt
interface in terms of
capabilities. Some of the Windows PowerShell features are:
Thousands of command-line tools (called cmdlets) for performing
administrative tasks, such
as managing the registry, services, processes, event logs,
certificates, WMI, and much more
Scripting language that accelerates automation of repetitive
tasks due to its integration with
the command-line shell
Support for existing scripts, existing command-line tools, and
multiple operating systems,
including Windows XP and later versions
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
4/16
Commands that follow standard naming conventions and work with a
small set of intuitive
utilities (where, select, sort, format, measure, compare, group)
in order to provide
consistency and improve efficiency
Standardized tools for accessing many of the Windows data
structures, including Active
Directory (ADSI) data, WMI, COM objects, ADO, HTML, and XML
data
Simplified, command-based navigation of the operating system
that lets users navigate the
registry, certificate store, and other data by using the same
commands they use to navigate
the file system
New logging and error-handling capabilities for script execution
tracking and error handling
Simple access to objects and system administration data, and the
ability to pipe objects
between command-line tools
Extensible interface that allows third-party vendors to quickly
build custom tools and
utilities to administer Windows
Windows PowerShell Scenarios
Figure 136: Windows PowerShell Scenarios
You can use Windows PowerShell to perform a variety of
administrative tasks. Some
common scenarios in which Windows PowerShell can be used
are:
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
5/16
Managing services, processes, registry, and WMI data: Common
administration tasks,
such as enumerating running services or processes, viewing the
registry, and modifying data
stored in WMI, are simplified with the built-in command-line
tools.
Terminal Server management: Through data stored in WMI, Windows
PowerShell scripts
can automate Terminal Server configuration changes. With Windows
PowerShell you can
easily automate the management of Terminal Server farms.
Managing IIS 7.0: Windows PowerShell is a powerful tool for
managing IIS 7.0 (Internet
Information Services 7.0) and you can use it to manage any
aspect of IIS 7.0, including
deploying and configuring IIS 7 across a Web farm.
Managing Group Policy: You can now use Windows PowerShell to
create and manage
group policy with a new library of cmdlets.
Logon Scripts: Since Windows PowerShell is installed by default
on Windows 7 and later,
you can now use it for logon scripts in those operating
systems.
And much more! There are so many new capabilities of PowerShell
3.0 that it is
impossible to cover them all in the one section. PowerShell
ultimately has the ability to
perform most of the activities available in the graphical
interface and more.
Using Windows PowerShell
Figure 137: Using Windows PowerShell
Using Windows PowerShell is not very different from using the
command prompt. However,
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
6/16
Windows PowerShell supports thousands of additional
commands.
Opening Windows PowerShell
Figure 138: Opening Windows PowerShell
You can open Windows PowerShell in any of the three ways shown
in Figure 138.
Chaining Commands
Figure 139: Chaining Commands
One of the more powerful features of the Windows PowerShell
interface is the ability to chain
several commands together on the same line. Try typing the
command as shown in Figure 139
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
7/16
in Windows PowerShell.
This lists all available cmdlets to an HTML conversion cmdlet
and outputs the results to a
Web page called cmdlets.htm. It then launches the Web page using
the registered handler of
.htm files.
The pipe symbol | tells PowerShell to send the object output of
one cmdlet to the next
cmdlet in line. The semicolon ; tells PowerShell to execute the
next command as a separate
command, as if it were typed on a separate line.
Writing Scripts
Figure 140: Writing Scripts
You can compose scripts directly at the command-line within
Windows PowerShell. For
simple scripts, you do not need to type them into a text file
first and execute them later.
Try typing the code as shown in Figure 140.
Running Scripts
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
8/16
Figure 141: Running Scripts
For complex scripts, you can save them to a text file with a
.ps1 extension. You must run
scripts by typing the full path to the file, or, if the current
directory is where the scripts are
located, by typing .\ before the file name.
However, Windows PowerShell scripts cannot be run by default due
to security constraints in
the operating system. To permit the .ps1 file to run, open a
Windows PowerShell prompt and
type:
Set-ExecutionPolicy RemoteSigned
Core Cmdlets
The following cmdlets are some of the Core cmdlets used on a
routine basis in Windows
PowerShell:
Add-History Appends entries to the session history.
Add-PSSnapin Adds one or more Windows PowerShell snap-ins to
the
current
session.
Clear-History Deletes entries from the command history.
Clear-Host Deletes entries from the command history.
Connect-PSSession Reconnects to disconnected sessions.
Disable-PSRemoting Prevents the computer from receiving remote
Windows
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=
9/16
PowerShell
commands.
Disable-
PSSessionConfiguration
Denies access to the session configurations on the local
computer.
Disconnect-PSSession Disconnects from a session.
Enable-PSRemoting Configures the computer to receive remote
commands.
Enable-
PSSessionConfiguration
Configures the computer to receive remote commands.
Enter-PSSession Starts an interactive session with a remote
computer.
Exit-PSSession Ends an interactive session with a remote
computer.
Export-Console Exports the names of snap-ins in the current
session to a
console file.
Export-ModuleMember Specifies the module members that are
exported.
ForEach-Object Performs an operation against each of a set of
input objects.
Get-Command Gets all commands.
Get-Help Displays information about Windows PowerShell cmdlets
and
concepts.
Get-History Gets a list of the commands entered during the
current session.
Get-Job Gets Windows PowerShell background jobs (PsJobs) that
are
running
in the current console.
Get-Module Gets the modules that have been imported, or can be
imported,
into
the current session.
Get-PSSession Gets the Windows PowerShell sessions (PSSessions)
in the
current
session.
Get-PSSessionConfiguration Gets the session configurations
registered on the computer.
Get-PSSnapin Gets the Windows PowerShell snap-ins on the
computer.
Get-Verb Gets approved Windows PowerShell verbs.
Import-Module Adds modules to the current session.
Invoke-Command Runs commands on local and remote computers.
Invoke-History Runs commands from the session history.
New-Module Creates a new dynamic module that exists only in
memory.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize
10/16
New-ModuleManifest Creates a new module manifest.
New-PSSession Creates a persistent connection to a local or
remote computer.
New-
PSSessionConfigurationFile
Creates a file that defines a session configuration.
New-PSSessionOption Creates an object that contains advanced
options for a session.
New-PSTransportOption Creates an object that contains advanced
options for a session
configuration.
Out-Default Sends the output to the default formatter and the
default output
cmdlet. It is a placeholder that lets you write your own
Out-Default function or cmdlet.
Out-Host Sends output to the console.
Out-Null Deletes output instead of sending it to the
console.
Receive-Job Gets the results of the Windows PowerShell
background jobs
in the
current session.
Register-
PSSessionConfiguration
Creates and registers a new session configuration.
Remove-Job Deletes a Windows PowerShell background job.
Remove-Module Removes modules from the current session.
Remove-PSSession Closes one or more Windows PowerShell
sessions
(PSSessions).
Remove-PSSnapin Removes Windows PowerShell snap-ins from the
current
session.
Resume-Job Restarts a suspended job.
Save-Help Downloads and saves the newest help files to a file
system
directory.
Set-PSDebug Turns script debugging features on and off, sets the
trace level
and
toggles strict mode.
Set-PSSessionConfiguration Changes the properties of a
registered session configuration.
Set-StrictMode Establishes and enforces coding rules in
expressions, scripts,
and
script blocks.
Start-Job Starts a Windows PowerShell background job.
Stop-Job Stops a Windows PowerShell background job.
Suspend-Job Temporarily stops workflow jobs.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize
11/16
Test-ModuleManifest Verifies that a module manifest accurately
describes the
contents of a
module.
Test-
PSSessionConfigurationFile
Verifies the keys and values in a session configuration
file.
Unregister-
PSSessionConfiguration
Deletes a registered session configurations from the
computer.
Update-Help Downloads and installs the newest help files on
your
computer.
Wait-Job Suppresses the command prompt until one or all of
the
Windows
PowerShell background jobs are complete.
Where-Object Creates a filter that controls which objects will
be passed
along a
command pipeline.
Figure 142: Available Cmdlets
Windows PowerShell Library for Group Policy
Figure 143: Windows PowerShell Library for Group Policy
Windows PowerShell now includes a library of routines for
specifically managing group
policies.
The Group Policy module for Windows PowerShell is not loaded by
default. To load this
module, open Windows PowerShell and type: import-module
grouppolicy.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize
12/16
To see this list of Group Policy related commands, open Windows
PowerShell and type get-
command -module grouppolicy. This will display a list of all the
cmdlets (Figure 144) that
are available in the Group Policy module.
Windows PowerShell Cmdlets for Group Policy
Figure 144: Windows PowerShell Commands for Group Policy
Windows PowerShell-Based Logon Scripts
Figure 145: Windows PowerShell Logon Scripts
Since Windows PowerShell is now installed by default on Windows
7 and later, it is possible
to use Windows PowerShell-based logon scripts to affect those
computers.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize
13/16
Windows PowerShell logon scripts can be far more powerful than
their batch file and
VBScript counterparts. With PowerShell, you can map drives,
create shortcuts, change
registry values, create activity logs, copy files, map printers
and much more! The code for
performing these operations is often simpler than VBscript.
The built-in PowerShell ISE is invaluable in assisting you when
creating any kind of
PowerShell script. It supports colorized code, intellisense and
code completion.
There are also third-party tools can help you to create and
manage Windows PowerShell
logon scripts:
Specops Command (http://www.specopssoft.com)
Admin Script Editor (ASE) (http://adminscripteditor.com)
PowerGUI (http://www.powergui.org)
Acronyms
The following acronyms are used in this section:
ACL access control list
ADO ActiveX Data Objects
ADSI Active Directory Service Interfaces
ASE Admin Script Editor
CLR Common Language Runtime
COM Component Object Model
GPO Group Policy object
HTML Hypertext Markup Language
IIS Internet Information Services
WMI Windows Management
Instrumentation
XML Extensible Markup Language
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize
14/16
Section Review
Summary
Some of the Windows PowerShell features are:
Cmdlets for performing administrative tasks
Scripting language that accelerates automation of repetitive
tasks due to its integration
with the command-line shell
Support for existing scripts, existing command-line tools, and
multiple operating systems
Commands that follow standard naming conventions and work with a
small set of
intuitive utilities
Simple access to objects and system administration data, and the
ability to pipe objects
between command-line tools
Extensible interface that allows third-party vendors to quickly
build custom tools and
utilities to administer applications running Windows
You should know how to perform some of the following basic
Windows PowerShell tasks:
Open Windows PowerShell: Three different methods: 1) Click
Start, All Programs,
Windows PowerShell, and Windows PowerShell shortcut. 2) Type
powershell at the
command prompt. 3) Click Start, select Run, and type
powershell.
Chain commands: Chain several commands together on the same
line.
Write scripts: Compose scripts at the command-line within
Windows PowerShell.
Run scripts: Type the full path to the file, or, if the current
directory is where the scripts
are located, type .\ before the file name.
To access the Windows PowerShell library for Group Policy, first
load the Group Policy
module (open Windows PowerShell and type import-module
grouppolicy). To display
the list of Group Policy commands, open Windows PowerShell and
type get-command -
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize
15/16
module grouppolicy.
Some of the third-party Windows PowerShell-based logon script
tools are:
Specops command
Admin Scipt Editor
PowerGUI
Knowledge Check
1. What must you do in Windows PowerShell before you can display
the list of Group
Policy commands?
2. Which of the following is a feature of Windows PowerShell?
(Choose all that apply.)
a. Simple access to objects and system administration data, and
provides the ability to
pipe objects between command-line tools
b. Cmdlets for performing administrative tasks
c. Run PowerShell commands against Windows 2000 operating
systems
d. Logging and error-handling capabilities for script execution
tracking and error
handling
3. Which extension is used to save a Windows PowerShell script
file?
4. List some of the third-party Windows PowerShell-based logon
script tools.
Knowledge Check Answer Key
The correct answers to the Knowledge Check questions are
bolded.
1. What must you do in Windows PowerShell before you can display
the list of Group
Policy commands?
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize
16/16
Load the Group Policy module
2. Which of the following is a feature of Windows PowerShell?
(Choose all that apply.)
a. Simple access to objects and system administration data, and
provides the
ability to pipe objects between command-line tools
b. Cmdlets for performing administrative tasks
c. Run PowerShell commands against Windows 2000 operating
systems
d. Logging and error-handling capabilities for script execution
tracking and
error handling
3. Which extension is used to save a Windows PowerShell script
file?
.ps1
4. List some of the third-party Windows PowerShell-based logon
script tools.
Specops command
Admin Script Editor
PowerGUI