As I mentioned in the Group Policy Administrative Templates post a while back, I was recently looking to enable running PowerShell scripts. I had run into a task where a VBScript would not quite do the trick. With a little bit of research and cramming, I was able to write a quick PowerShell script that would do the task perfectly. In this article, I have jotted down the notes I walked away with to learn the very basics of using PowerShell and getting it up and running quickly.
PowerShell is included with Windows 7 at version 2.0. Before that, PowerShell v1.0 was released in 2006 for Windows XP, Vista, and Server 2003. Part of the Windows Management Framework, PowerShell 3.0 will be coming out with Windows 8/Server 2012. Previews of WMF 3.0 Beta are available for download now or you can download the latest RTM version.
You will find PowerShell under the Start Menu, All Programs, Accessories, Windows Powershell or just type PowerShell.
Enabling PowerShell Scripts
When running PowerShell for the first time, the Restricted execution policy is default. It does not permit scripts to run. To learn about signing scripts, type the following in PowerShell: get-help about_signing
To view your current execution policy status, type: get-executionpolicy
The options are Restricted (no scripts or config files may run), AllSigned, RemoteSigned (scripts downloaded from the Internet must be signed by a trusted publisher), and Unrestricted.
To run unsigned scripts that you write on your local computer and signed scripts from other users, use the following command to change the execution policy on the computer to RemoteSigned from PowerShell run as Administrator: set-executionpolicy remotesigned
You can set the execution policy centrally through a group Policy using the ‘Turn on Script Execution’ setting under Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows PowerShell. You may need to grab this .admx file from a Server 2008 computer in order to configure it.
This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run. If you enable this policy setting, the scripts selected in the drop-down list are allowed to run. The “Allow only signed scripts” policy setting allows scripts to execute only if they are signed by a trusted publisher. The “Allow local scripts and remote signed scripts” policy setting allows any local scrips to run; scripts that originate from the Internet must be signed by a trusted publisher. The “Allow all scripts” policy setting allows all scripts to run. If you disable this policy setting, no scripts are allowed to run. Note: This policy setting exists under both “Computer Configuration” and “User Configuration” in the Local Group Policy Editor. The “Computer Configuration” has precedence over “User Configuration.” If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is “No scripts allowed.”
Obviously you won’t be able to use a PowerShell script to change the setting. If the Group Policy setting doesn’t work for your environment, you may be able to issue the command: Powershell.exe -command “set-executionpolicy remotesigned” I ended up using this command as a task in my Microsoft Deployment Toolkit setup to enable the computers to run my scripts before they had joined the domain.
Running PowerShell Scripts
PowerShell scripts retain opening in Notepad as their default action with the .ps1 file extension. If you double-click a PowerShell script, you will see the code in Notepad. Instead, right-click on the file and choose ‘Run with PowerShell’.
You can run a script within PowerShell by typing the entire path to the script (or using Tab for auto-complete). From outside of PowerShell, you can run the script but as an argument to PowerShell.exe like PowerShell.exe -noexit -command “C:ScriptsTest.ps1” The -noexit parameter allows you to read the output before the window closes.
Writing PS Scripts
Since PowerShell 2.0, PowerShell ISE has been included. ISE stands for Integrated Scripting Environment. While you can use any text editor like Notepad or Notepad++, ISE includes syntax highlighting, a debugger, tab completion, and a tabbed UI. ISE in WMF 3.0 includes Snippets to help script more accurately and faster.
If you are moving from Batch scripts to PowerShell, various easy functions may seem more difficult. For example, here is the equivalent to Pause or “Press any key to continue”: http://technet.microsoft.com/en-us/library/ff730938.aspx
You can find out more about PowerShell by typing Get-Help in the PowerShell window.
You can also read up on PowerShell support in Windows 8.
For more details, check out the book Windows PowerShell Scripting Guide by Microsoft Press.