330 likes | 678 Views
Managing Windows Server 2008 R2 and Windows 7 with Windows PowerShell V2. Corey Hynes HynesITe, Inc Session Code: SRV317. Objectives. Let you walk out of here, being able to run a script against an OU of computers, to make some sort of global configuration change. Assumption.
E N D
Managing Windows Server 2008 R2 and Windows 7 with Windows PowerShell V2 Corey Hynes HynesITe, Inc Session Code: SRV317
Objectives • Let you walk out of here, being able to run a script against an OU of computers, to make some sort of global configuration change
Assumption • You understand fundamental PowerShell • You are willing to learn how to write code
What will we cover? • PowerShell V2 tools • Remoting • Modules • Lots of details about individual modules • PowerShell code to run commands against multiple computers • Tips and Tricks • Lots of Demos
PowerShell, why you should care? • New model for administration and administrative tools • Gives ITPro’s the same ability as a developer to manipulate Windows • GUI now runs on PowerShell • Scripts, samples, guidance, all come as PowerShellscripts
Tools • PowerShell Console • PowerShell ISE • Modules • Remoting • Forms
PowerShell ISE • Simplify authoring of scripts • Save • Execute partial scripts • Debug • Color coding • Default on Win7 • Add to R2
Remoting • This is what makes this session possible • Module: None, build in. • Key Cmdlets • Invoke-Command • New-PSSession • Enter-PSSession • Exit-PSSession • Notes • Must be enabled, GUI or Enable-PSRemoting
Conceptual Model of Remoting RunSpace ScriptBlock Results Get-Service IP LAN
Working in Interactive Sessions • Key Cmdlets • Enter-PSSession to start a new session • Exit-PSSession to end a new session • Session objects • New-PSSession • Note • Interactive sessions are not supported on Core
Modules • Discrete collections of cmdlets • Can be authored and deployed to give you “packages” of functionality • Stored in file system • System32\WindowsPoweshell\1.0\Modules • Roles and Features add new Cmdlets • You can use a remote computer’s modules
Working with Modules • Import-Module to load a module • Get-Module to load a module • Get-Command –Module <Name> to see what is in a module
Managing Windows How to perform some really simple and easy things…..
TroubleShooting Packs • Known as the “troubleshooters” • Module: Troubleshootingpack • Key Cmdlets • Get-Troubleshootingpack <path> • Invoke-Troubleshootingpack <path> • Notes • C:\Windows\Diagnostics\System contain build-in troubleshooting packs
Role and Feature Management • Replaces ServerManager.exe • Module: ServerManager • Key Cmdlets • Get-WindowsFeature <FeatureName> • Add-WindowsFeature <FeatureName> • Properties Name, Parent, Installed, Dependson • Notes • Server Core, have to add ServerManager-PSH-Cmdlets
Group Policy • Replaces: Lots of little tools and scripts • Module: GroupPolicy (part of GPMC) • Key CmdLets • Get-GPO, New-GPO • Backup-GPO • Copy-GPO • Get-GPOReport • Notes • Limited ability to “edit” GPO.
Active Directory • Replaces: Scripts that were shipped with previous versions • Module: Active Directory • Key CmdLets: • Way too many to list • Over 75 Cmdlets • Notes • Requires that you have one 2008 R2 DC running the AD Web Service
Best Practices • Replaces: Nothing, brand new • Module: BestPractices • Key Cmdlets • Get-BPAModel • Invoke-BPAModel • Notes: • Not all roles have BPA models that can be run. • Updates via Microsoft Update.
Additional Modules • ADRMS – Rights Management • ADRMSAdmin – Rights Management Admin • AppLocker • BitsTransfer • FailoverClusters • RemoteDesktopSearvices • WebAdministration • NetworkLoadBalancing
Scaling 1 to Many Running commands across many systems
Known Systems • If you know the names and quantity of your targets • Use Invoke-Command with –ScriptBlockand multiple computer names
Unknown Systems • If you do not know the names/quantity • You have to query for that information • Many options • Query from file • Query from Active Directory • Query results in a collection of computer names • Use a foreach loop to pass instructions to each computer
Executing more Complicated Scripts • You can’t always write a One-Liner • To complex • Hard to read • Multi-line Scriptblock • Use { and } with ; to separate the lines • Exectute the script
Loops • Key item to know is ForEach loop • Simple Strucure ForEach ($Object in $Objects) { $Object.DoSomething }
Running “normal” commands • Not straight forward • Need to combine command and parameters • Suggestion • Shell using Cmd /C • Provide/construct string as command to run
How do I do this? • Enable remote management • Server Manager on WS08 R2 • PowerShell on ServerCore • PowerShell on Win7 • Firewall Rules and Authentication • Authentication is Kerberos • Security is WMI based security • Firewall rules Allow port 5985 for HTTP
A word on Security • Big topic, not this session • In general • Authentication is Kerberos/NTLM or specified • Wire encryption can be HTTPS or IPSec • HTTPS part of WINRM configuration • IPSec outside WINRM • Remoting disabled by default • You can restrict what remote sessions can do • Query data, make changes, all or none
Related Material • WSV08-HOL - Introduction to Windows PowerShell Fundamentals (40, 88, 3.14) • WSV03-HOL - Advanced Windows PowerShell Scripting (38, 54, 3.19) • WSV19-HOL - Windows Server 2008 R2: Server Management and Windows PowerShell V2 (39, 29, 3.34) • WSV20-HOL - Windows Server 2008 R2: What's New in Microsoft Active Directory (38, 53, 2.76)
Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!
Required Slide © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.