6 using windows powershell to manage group policy
DESCRIPTION
6TRANSCRIPT
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 1/16
6 Using Windows PowerShell to Manage Group Policy
Section Topics
Introducing Windows PowerShell
Windows PowerShell Library for Group Policy
Windows PowerShell-Based Logon Scripts
Section Objectives
After completing this section, you will be able to:
Describe the Windows PowerShell features
Explain how to perform the basic Windows PowerShell operations
Explain how to access the Windows PowerShell library for Group Policy
List the third-party Windows PowerShell-based logon script tools
Section Overview
Windows PowerShell allows for automation in a more powerful form than previous scripting
methods such as VBScript or batch files. This section explains how to navigate and use basic
Windows PowerShell commands and how to use Windows PowerShell to manage Group
Policy.
It also explains how you can use PowerShell logon scripts with Group Policy.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 2/16
Introducing Windows PowerShell
Figure 134: Introducing Windows PowerShell
Windows PowerShell is a new Windows command-line shell designed to perform system
administration tasks. Windows PowerShell is both an interactive prompt and a scripting
environment that you can use separately or in conjunction with each other.
Windows PowerShell is built on the .NET CLR and the .NET Framework, and interacts with
.NET objects. This change in the environment brings entirely new capabilities to the
management and configuration of Windows.
Windows PowerShell includes more than a hundred basic core cmdlets, and you can write
customized cmdlets and share them with other users.
Important Terms
Cmdlets are single-function tools built into the shell.
As with the command-prompt, Windows PowerShell gives you access to the file system on
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 3/16
the computer. Additional Windows PowerShell providers enable you to access the registry and
the digital signature certificate stores as easily as you access the file system.
Windows PowerShell also allows the management of roles in Windows Server 2008 and later,
such as IIS 7.0, Terminal Server, Microsoft Exchange Server 2007 and Microsoft Operations
Manager 2007. Third-party vendors have also provided Windows PowerShell commands that
improve manageability.
This topic describes the features of Windows PowerShell. It explains the different ways that
you can use Windows PowerShell, and finally, how to use the tool.
Windows PowerShell Features
Figure 135: Windows PowerShell Features
Windows PowerShell goes far beyond the standard command-prompt interface in terms of
capabilities. Some of the Windows PowerShell features are:
Thousands of command-line tools (called cmdlets) for performing administrative tasks, such
as managing the registry, services, processes, event logs, certificates, WMI, and much more
Scripting language that accelerates automation of repetitive tasks due to its integration with
the command-line shell
Support for existing scripts, existing command-line tools, and multiple operating systems,
including Windows XP and later versions
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 4/16
Commands that follow standard naming conventions and work with a small set of intuitive
utilities (where, select, sort, format, measure, compare, group) in order to provide
consistency and improve efficiency
Standardized tools for accessing many of the Windows data structures, including Active
Directory (ADSI) data, WMI, COM objects, ADO, HTML, and XML data
Simplified, command-based navigation of the operating system that lets users navigate the
registry, certificate store, and other data by using the same commands they use to navigate
the file system
New logging and error-handling capabilities for script execution tracking and error handling
Simple access to objects and system administration data, and the ability to pipe objects
between command-line tools
Extensible interface that allows third-party vendors to quickly build custom tools and
utilities to administer Windows
Windows PowerShell Scenarios
Figure 136: Windows PowerShell Scenarios
You can use Windows PowerShell to perform a variety of administrative tasks. Some
common scenarios in which Windows PowerShell can be used are:
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 5/16
Managing services, processes, registry, and WMI data: Common administration tasks,
such as enumerating running services or processes, viewing the registry, and modifying data
stored in WMI, are simplified with the built-in command-line tools.
Terminal Server management: Through data stored in WMI, Windows PowerShell scripts
can automate Terminal Server configuration changes. With Windows PowerShell you can
easily automate the management of Terminal Server farms.
Managing IIS 7.0: Windows PowerShell is a powerful tool for managing IIS 7.0 (Internet
Information Services 7.0) and you can use it to manage any aspect of IIS 7.0, including
deploying and configuring IIS 7 across a Web farm.
Managing Group Policy: You can now use Windows PowerShell to create and manage
group policy with a new library of cmdlets.
Logon Scripts: Since Windows PowerShell is installed by default on Windows 7 and later,
you can now use it for logon scripts in those operating systems.
And much more! There are so many new capabilities of PowerShell 3.0 that it is
impossible to cover them all in the one section. PowerShell ultimately has the ability to
perform most of the activities available in the graphical interface and more.
Using Windows PowerShell
Figure 137: Using Windows PowerShell
Using Windows PowerShell is not very different from using the command prompt. However,
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 6/16
Windows PowerShell supports thousands of additional commands.
Opening Windows PowerShell
Figure 138: Opening Windows PowerShell
You can open Windows PowerShell in any of the three ways shown in Figure 138.
Chaining Commands
Figure 139: Chaining Commands
One of the more powerful features of the Windows PowerShell interface is the ability to chain
several commands together on the same line. Try typing the command as shown in Figure 139
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 7/16
in Windows PowerShell.
This lists all available cmdlets to an HTML conversion cmdlet and outputs the results to a
Web page called cmdlets.htm. It then launches the Web page using the registered handler of
.htm files.
The pipe symbol | tells PowerShell to send the object output of one cmdlet to the next
cmdlet in line. The semicolon ; tells PowerShell to execute the next command as a separate
command, as if it were typed on a separate line.
Writing Scripts
Figure 140: Writing Scripts
You can compose scripts directly at the command-line within Windows PowerShell. For
simple scripts, you do not need to type them into a text file first and execute them later.
Try typing the code as shown in Figure 140.
Running Scripts
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 8/16
Figure 141: Running Scripts
For complex scripts, you can save them to a text file with a .ps1 extension. You must run
scripts by typing the full path to the file, or, if the current directory is where the scripts are
located, by typing .\ before the file name.
However, Windows PowerShell scripts cannot be run by default due to security constraints in
the operating system. To permit the .ps1 file to run, open a Windows PowerShell prompt and
type:
Set-ExecutionPolicy RemoteSigned
Core Cmdlets
The following cmdlets are some of the Core cmdlets used on a routine basis in Windows
PowerShell:
Add-History Appends entries to the session history.
Add-PSSnapin Adds one or more Windows PowerShell snap-ins to the
current
session.
Clear-History Deletes entries from the command history.
Clear-Host Deletes entries from the command history.
Connect-PSSession Reconnects to disconnected sessions.
Disable-PSRemoting Prevents the computer from receiving remote Windows
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize= 9/16
PowerShell
commands.
Disable-
PSSessionConfiguration
Denies access to the session configurations on the local
computer.
Disconnect-PSSession Disconnects from a session.
Enable-PSRemoting Configures the computer to receive remote commands.
Enable-
PSSessionConfiguration
Configures the computer to receive remote commands.
Enter-PSSession Starts an interactive session with a remote computer.
Exit-PSSession Ends an interactive session with a remote computer.
Export-Console Exports the names of snap-ins in the current session to a
console file.
Export-ModuleMember Specifies the module members that are exported.
ForEach-Object Performs an operation against each of a set of input objects.
Get-Command Gets all commands.
Get-Help Displays information about Windows PowerShell cmdlets and
concepts.
Get-History Gets a list of the commands entered during the current session.
Get-Job Gets Windows PowerShell background jobs (PsJobs) that are
running
in the current console.
Get-Module Gets the modules that have been imported, or can be imported,
into
the current session.
Get-PSSession Gets the Windows PowerShell sessions (PSSessions) in the
current
session.
Get-PSSessionConfiguration Gets the session configurations registered on the computer.
Get-PSSnapin Gets the Windows PowerShell snap-ins on the computer.
Get-Verb Gets approved Windows PowerShell verbs.
Import-Module Adds modules to the current session.
Invoke-Command Runs commands on local and remote computers.
Invoke-History Runs commands from the session history.
New-Module Creates a new dynamic module that exists only in memory.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize 10/16
New-ModuleManifest Creates a new module manifest.
New-PSSession Creates a persistent connection to a local or remote computer.
New-
PSSessionConfigurationFile
Creates a file that defines a session configuration.
New-PSSessionOption Creates an object that contains advanced options for a session.
New-PSTransportOption Creates an object that contains advanced options for a session
configuration.
Out-Default Sends the output to the default formatter and the default output
cmdlet. It is a placeholder that lets you write your own Out-Default function or cmdlet.
Out-Host Sends output to the console.
Out-Null Deletes output instead of sending it to the console.
Receive-Job Gets the results of the Windows PowerShell background jobs
in the
current session.
Register-
PSSessionConfiguration
Creates and registers a new session configuration.
Remove-Job Deletes a Windows PowerShell background job.
Remove-Module Removes modules from the current session.
Remove-PSSession Closes one or more Windows PowerShell sessions
(PSSessions).
Remove-PSSnapin Removes Windows PowerShell snap-ins from the current
session.
Resume-Job Restarts a suspended job.
Save-Help Downloads and saves the newest help files to a file system
directory.
Set-PSDebug Turns script debugging features on and off, sets the trace level
and
toggles strict mode.
Set-PSSessionConfiguration Changes the properties of a registered session configuration.
Set-StrictMode Establishes and enforces coding rules in expressions, scripts,
and
script blocks.
Start-Job Starts a Windows PowerShell background job.
Stop-Job Stops a Windows PowerShell background job.
Suspend-Job Temporarily stops workflow jobs.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize 11/16
Test-ModuleManifest Verifies that a module manifest accurately describes the
contents of a
module.
Test-
PSSessionConfigurationFile
Verifies the keys and values in a session configuration file.
Unregister-
PSSessionConfiguration
Deletes a registered session configurations from the computer.
Update-Help Downloads and installs the newest help files on your
computer.
Wait-Job Suppresses the command prompt until one or all of the
Windows
PowerShell background jobs are complete.
Where-Object Creates a filter that controls which objects will be passed
along a
command pipeline.
Figure 142: Available Cmdlets
Windows PowerShell Library for Group Policy
Figure 143: Windows PowerShell Library for Group Policy
Windows PowerShell now includes a library of routines for specifically managing group
policies.
The Group Policy module for Windows PowerShell is not loaded by default. To load this
module, open Windows PowerShell and type: import-module grouppolicy.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize 12/16
To see this list of Group Policy related commands, open Windows PowerShell and type get-
command -module grouppolicy. This will display a list of all the cmdlets (Figure 144) that
are available in the Group Policy module.
Windows PowerShell Cmdlets for Group Policy
Figure 144: Windows PowerShell Commands for Group Policy
Windows PowerShell-Based Logon Scripts
Figure 145: Windows PowerShell Logon Scripts
Since Windows PowerShell is now installed by default on Windows 7 and later, it is possible
to use Windows PowerShell-based logon scripts to affect those computers.
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize 13/16
Windows PowerShell logon scripts can be far more powerful than their batch file and
VBScript counterparts. With PowerShell, you can map drives, create shortcuts, change
registry values, create activity logs, copy files, map printers and much more! The code for
performing these operations is often simpler than VBscript.
The built-in PowerShell ISE is invaluable in assisting you when creating any kind of
PowerShell script. It supports colorized code, intellisense and code completion.
There are also third-party tools can help you to create and manage Windows PowerShell
logon scripts:
Specops Command (http://www.specopssoft.com)
Admin Script Editor (ASE) (http://adminscripteditor.com)
PowerGUI (http://www.powergui.org)
Acronyms
The following acronyms are used in this section:
ACL access control list
ADO ActiveX Data Objects
ADSI Active Directory Service Interfaces
ASE Admin Script Editor
CLR Common Language Runtime
COM Component Object Model
GPO Group Policy object
HTML Hypertext Markup Language
IIS Internet Information Services
WMI Windows Management
Instrumentation
XML Extensible Markup Language
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize 14/16
Section Review
Summary
Some of the Windows PowerShell features are:
Cmdlets for performing administrative tasks
Scripting language that accelerates automation of repetitive tasks due to its integration
with the command-line shell
Support for existing scripts, existing command-line tools, and multiple operating systems
Commands that follow standard naming conventions and work with a small set of
intuitive utilities
Simple access to objects and system administration data, and the ability to pipe objects
between command-line tools
Extensible interface that allows third-party vendors to quickly build custom tools and
utilities to administer applications running Windows
You should know how to perform some of the following basic Windows PowerShell tasks:
Open Windows PowerShell: Three different methods: 1) Click Start, All Programs,
Windows PowerShell, and Windows PowerShell shortcut. 2) Type powershell at the
command prompt. 3) Click Start, select Run, and type powershell.
Chain commands: Chain several commands together on the same line.
Write scripts: Compose scripts at the command-line within Windows PowerShell.
Run scripts: Type the full path to the file, or, if the current directory is where the scripts
are located, type .\ before the file name.
To access the Windows PowerShell library for Group Policy, first load the Group Policy
module (open Windows PowerShell and type import-module grouppolicy). To display
the list of Group Policy commands, open Windows PowerShell and type get-command -
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize 15/16
module grouppolicy.
Some of the third-party Windows PowerShell-based logon script tools are:
Specops command
Admin Scipt Editor
PowerGUI
Knowledge Check
1. What must you do in Windows PowerShell before you can display the list of Group
Policy commands?
2. Which of the following is a feature of Windows PowerShell? (Choose all that apply.)
a. Simple access to objects and system administration data, and provides the ability to
pipe objects between command-line tools
b. Cmdlets for performing administrative tasks
c. Run PowerShell commands against Windows 2000 operating systems
d. Logging and error-handling capabilities for script execution tracking and error
handling
3. Which extension is used to save a Windows PowerShell script file?
4. List some of the third-party Windows PowerShell-based logon script tools.
Knowledge Check Answer Key
The correct answers to the Knowledge Check questions are bolded.
1. What must you do in Windows PowerShell before you can display the list of Group
Policy commands?
-
16/11/2014 6 Using Windows PowerShell to Manage Group Policy
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize 16/16
Load the Group Policy module
2. Which of the following is a feature of Windows PowerShell? (Choose all that apply.)
a. Simple access to objects and system administration data, and provides the
ability to pipe objects between command-line tools
b. Cmdlets for performing administrative tasks
c. Run PowerShell commands against Windows 2000 operating systems
d. Logging and error-handling capabilities for script execution tracking and
error handling
3. Which extension is used to save a Windows PowerShell script file?
.ps1
4. List some of the third-party Windows PowerShell-based logon script tools.
Specops command
Admin Script Editor
PowerGUI