Energized About Technology

One of the biggest features that sets Powershell aside from all other scripting Languages is the ability to ensure the code CAN be trusted.  By signing that script with a Certificate you can ensure that scripts meant to run on a particular machine are only from that machine or more particularly from within your department, division or company.

What stops most of us from doing this are usually cost (Certificates usually cost money) or just a lack of knowledge.

Well guess what?  We’re going to put that knowledge in your hands, and it DOESN’T have to cost anything.   You don’t even need a Domain or Certificate infrastructure just to USE this.

Because the tool is free, the instructions are free.   You can buy a certificate of course but if you’re a small business, you may not want to incur that cost to run scripts on a single server.

What do you need to do this?

The freely downloadable SDK for your version of Windows (I don’t think you need to download the entire kit) and Powershell

That’s it.   Oh and a few minutes time.

The instructions are sitting right inside Powershell too if you want to read up on them.   I found the easiest way was to just use the Powershell ISE Help System and search for “digital” or “signature” and you’ll see a reference to “about_signing”.   There’s your instructions.   But here’s the quick version.

Run these two commands, and when prompted for a password, key one in. 

makecert -n "CN=PowerShell Local Certificate Root" -a sha1 ` -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer ` -ss Root -sr localMachine

makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 ` -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

To verify it was created correctly

get-childitem cert:\CurrentUser\my –codesigning

Once you know the Cert is there and running well You can Digitally Sign your Powershell Scripts

$cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]

Set-AuthenticodeSignature NAMEOFSCRIPT.PS1 $cert

Which will take the script called NAMEOFSCRIPT.PS1 and digitally sign it.  That’s it! 

Now you can lock down execution of Powershell scripts on that environment

SET-EXECUTIONPOLICY –ExecutionPolicy AllSigned

You now have a Server running the scripts securely.  And in such a way that that unless the scripts are signed with a certificate they can’t run automatically.

And I wasn’t kidding either.  It WAS easy!

Sean
The Energized Tech

I had a good friend the other day ask the Community. 

“I want to learn Powershell?  What books should I read?  Where do I start?”

And the problem is that you will get 100 answers, all of them correct.

The problem is that Powershell, as it’s name implies is incredibly POWERFUL.  And to a new person taking a look at the online community and the features it has, it can be overwhelming at the amount of available scripts written by people.  

And you may have the same reaction I had.  “Oh I could NEVER do ANYTHING like those scripts, I should just shut up so I don’t look stupid…”

And that’s the flaw.

The material online for Powershell all started somewhere.  Everybody knew NOTHING about it at one point or another.   And your best resource is those magic six words.

“I don’t know, I’ll go ask…”

What actually seems to work for me is something as simple as (and that’s how I started learning) “I have a need to repeat something en masse or for consistency.”

If it can be done in a Login Script, it gets done there.  GPO there.

If' it has anything at all on ANY level to do with WMI, Active Directory, working with the Registry, manipulating files, date, logs, Powershell.

So what helped me learn Powershell was that magic thing that drives all ITPros and Devs.  “I NEED a solution.  I need one I can easily repeat and replicate with consistency.”

What I found worked best for me was to realize I was “repeating something” and could this be scripted in any way?  The reason for this was with an automated solution, the results were more consistent and faster.   So to learn Powershell, find a need you have.   Learn how to do that NEED in Powershell.   The solution is probably online.   And once have it full filled, you may want to understand how that solution works, and why.

The Syntax of the language is simple.   A “VERB-NOUN” structure.  Running a “GET-COMMAND” will show you all the commands, “ALIAS” will show you all the Aliases.

That doesn’t teach you Powershell.  What teaches you Powershell is just using it, for something simple.   Get comfortable with just ONE feature.  Even if it’s just using “GET-CHILDITEM” to navigate the file System.   Get really comfortable with using that one feature with a “GET-MEMBER” to learn how to pull out properties (information) and Methods (functions which modify the output)

In short, Play with Powershell on a small level and get comfortable with it.  Because ALL of the fancy stuff, all the nifty stuff all works the same way.

And don’t be afraid to ask, nobody in the Powershell community thinks there are silly questions.

Because one day, we were all asking them ourselves.

Sean
The Energized Tech 

This might seem like such a simple command to be ecstatic about, that is unless you’ve ever tried to script emailing log files.

Oh it’s doable.  There’s vbScripts that do it.    They just, well… they’re ‘wordy’

They’re not horribly complex to be honest, but it seemed to me at the time there had to be an easier way.  Since the vbScripts themselves weren’t exactly in ‘English’

But now There is

Powershell V2’s new “SEND-MAILMESSAGE”

The Syntax of the command is a little eye popping as it any piece of software at the command level.

Send-MailMessage [-To] <string[]> [-Subject] <string> -From <string> [[-Body] <string>] [[-SmtpServer] <string>] [-Attachments <string[]>] [-Bcc <string[]>] -BodyAsHtml] [-Cc <string[]>] [-Credential <PSCredential>] [-DeliveryNotificationOption {None | OnSuccess | OnFailure | Delay | Never}] [-Encoding <Encoding>] [-Priority {Normal | Low | High}] [-UseSsl] [<CommonParameters>]

But really, it’s very easy.  

SEND-MAILMESSAGE –to johnqsmith@contoso.com –subject ‘BackupLogs’ –from backup@contoso.com SmtpServer 10.0.0.10

There you’ve sent a simple mail message of nothing from one line.  And read it.  You don’t have to be a developer to understand what that means!

SEND an eMAILMESSAGE to johnqsmith@contoso.com from backup@contoso.com with a SUBJECT of ‘BackupLogs’ to the SMTP Server which was 10.0.0.10

And if you need to tuck in an attachment like those backup logs, just plug in the –attachment parameter with the location of the file in question.

SEND-MAILMESSAGE –to johnqsmith@contoso.com –subject ‘BackupLogs’ –from backup@contoso.com SmtpServer 10.0.0.10 –attachment ‘C:\BackupLog\Logfile.log’

That’s the beauty of this, a command that just makes dead simple sense.  So there you have it, Powershell the nicest “MAIL”man you’ve ever met

Sean
The Energized Tech

It was brought to me the other day.  

“We have this file buried in an old server, only thing we know about it is the day it was created.  But we need it now…”

*** NOW ***

Ever had one of those?

Well this was not an issue.  We did know the type of file it was, we just had to dig through 125,641 copies in hundreds of subfolders, Sure, easy…

But it was actually, because I had Powershell.

Now I could have sat down and done some really cool script but you don’t have to get fancy with Powershell to get the job done.  And remember you can ALWAYS refine it later.

So I needed to just put this down as I was thinking it

“I want a list of ALL the files in the Archive.”

GET-CHILDITEM D:\BIGHONKINARCHIVE –recurse

“Ooops… wait a minute… I want a listing of all WORD documents in that structure.”

GET-CHILDITEM D:\BIGHONKINARCHIVE –include *.DOC recurse

“Better…but actually just the ones made in 2003…”

GET-CHILDITEM D:\BIGHONKINARCHIVE –include *.DOC –recurse | where { $_.LastWriteTime.Year –eq ‘2003’ }

“Ok this is nice smaller list, but really I want the stuff done in November 2003”

GET-CHILDITEM D:\BIGHONKINARCHIVE –recurse | where { ($_.LastWriteTime.Year –eq ‘2003’) –and ($_.LastWriteTime.Month –eq ‘11’)}

“Ooooo, now could I just have the ones done on the 26th?”

GET-CHILDITEM D:\BIGHONKINARCHIVE –recurse | where { ($_.LastWriteTime.Year –eq ‘2003’) –and ($_.LastWriteTime.Month –eq ‘11’) –and ($_.LastWriteTime.Day –eq ‘26’) }

Now the first part I should state is this is NOT the most efficient way to do it.  But what it DOES show is you can easily use Powershell as an amazing search tool to mine through your folders.   And more importantly, you can write it out as you’re thinking about it the WAY you’re thinking about it.

You could even (with a little pipe) have Powershell examine the contents of those files and determine which ones might have the content you needed.

Oh somedays I wonder, what was life like BEFORE Powershell?

Oh yes, right.  I forgot.

It was horrid.

Thanks Powershell!

Sean
The Energized Tech

Day One of Techdays_CA in Calgary

Up at 5:00am.  5:00am MOUNTAIN STANDARD TIME.

The day began actually at 4:48am with me up BEFORE the alarm clock.   The excitement was unbearable.

I was up running about the room, getting ready to go out the door.  Up before the alarm clock could go off and out the door.

And in the early hours before 8:00am where it was still dark, final preparations were still ongoing. Volunteers scrambling about to make sure everything was setup, demos loaded up, machines powered.   A last few Internet connections to double check and batteries to plug in

And the day began.  

The crowds began to move in, past the registration desk into the main dining Area.   One thing I will say about Calgary, they REALLY know how to get things done!  I looked at the layout of the room and my jaw dropped.   Such an amazing dining area including the Windows 7 area prepped with various renditions of Multi Touch PC’s from Dell and HP.   The new Ford Flex.

And truly the community showed it’s support and interest.   Each and every session at Techdays_CA Calgary was packed not only with information but people intensely interested in that session.    It also reflected the intense desire of people wanting to know just how that technology COULD be (but not necessarily SHOULD be) leveraged.

And it showed one other small thing.

Common interests.  

I’m from Toronto (Much farther east) and you could hear people talking about similar problems and issues.   People were looking for answers, or in some cases pieces to the puzzle.    There were some things that might be unique to their particular area but for the most part, people were very curious about Windows 7, especially the newer UAC or Multitouch.   Many people genuinely didn’t know about the Media Center Extender and were very impressed when all the content was accessible from a single location.   People were very impressed that a computer in the house could interface in that manner.

I for one, would VERY much like to see that technology extended to OEM’s.   I think if the market was to have a pile of systems that could interact in that manner with people, the face of computing would change.   I personally can’t wait to see “Project Natal” released for the Xbox360.   I expect it to have issues (like first generation Voice Recognition did) being a VERY new technology.   But sit and think for a moment.

A computer where YOU go to it, and *IT* immediately begins to work with YOU on YOUR terms rather the classic “type type, click click”.   MultiTouch and “Project Natal” (If that were to extend to the PC world) would COMPLETELY change the face of computing as we know it.  Security, Login, Interaction.  

Many didn’t realize about how many free tools Microsoft offers to the public to make their jobs easier, there were some *I* didn’t know about! And although we all understand the value of getting it for free, there is also greater value in having an Enterprise level solution you can easily manage.

For a full TWO DAYS this continued.   Interest did not fall back, it continued.  Especially in both sessions at Day end that I was involved in.   In both Toronto and Calgary I personally noticed that the room was full each time with people tired from a long day but so intensely interesting in learning something, they would stick it out to the end.

For my part I found many of us had a common nemesis, Mr. “Murphy S. Law, Attorney in Troublemaking”.   And we fight the unknown and unexpected daily.   All of us.

And of course Techdays_CA brought forth Community.   I ended meeting a few new people and maybe (just maybe) inspiring a few new people to “Try something different” even if that something is Microsoft technology OR more importantly, stepping out and getting involved with the IT Community.

Getting involved not because Microsoft says you should, getting involved because it’s an extension of yourself and some of us are afraid to take chances and look foolish.

Well I’ll tell you one thing.

Take the chances, look foolish, make mistakes.   Because if you try and fail or try and succeed, you always learn something.  Take that to heart from one guy who spent his entire life afraid to try.  It is WORTH it on levels beyond describing to take that “dip in the pool”

And at Techdays_CA one thing I have learned is there truly *IS* always something more to learn.

Even as people

Sean
The Energized Tech