Loading...

Follow Windows PowerShell Blog | Automating the world .. on Feedspot

Continue with Google
Continue with Facebook
or

Valid

PowerShell is very suitable for CI/CD scenarios due to its easy and well understood scripting paradigm,
and its cross-platform support makes it great for building and testing cross-platform applications.
A .NET Global Tool is a special NuGet package that contains a console application.

A .NET Core application can be developed for various platforms like Windows, various distributions of Linux and macOS, while the same PowerShell scripts can be used for building, testing and deployment across all platforms.

Installing PowerShell Global tool

If you already have the .NET Core SDK installed, it’s easy to install PowerShell as a .NET global tool!

dotnet tool install --global PowerShell

Once installed, you can run it with pwsh.

PowerShell in .NET SDK docker containers

PowerShell has already been included as a global tool within the .NET Core 3.0 Preview Docker images since Preview.4.
These images are a great starting point for building a .NET Core CI/CD image
(you can find some awesome samples
over at the dotnet-docker repo.)

Docker files with PowerShell syntax

As PowerShell comes pre-installed, Docker files can have PowerShell syntax.
This allows you to run scripts or cmdlets as part of your Docker file.

FROM mcr.microsoft.com/dotnet/core/sdk:3.0
RUN pwsh -c Get-Date
RUN pwsh -c "Get-Module -ListAvailable | Select-Object -Property Name, Path"

Build scenarios in Docker

In addition to enabling PowerShell syntax, PowerShell scripts in the container can be easily invoked through Docker:

docker run -it -v c:\myrepo:/myrepo -w /myrepo mcr.microsoft.com/dotnet/core/sdk:3.0 pwsh ./build.ps1

The NuGet package for the global tool can be found at: https://www.nuget.org/packages/PowerShell/

Please report issues or suggestions at: https://github.com/PowerShell/PowerShell/issues/new/choose

Thank you!

Aditya Patwardhan
Senior Software Engineer
PowerShell Team
@adityapatward13

The post Introducing PowerShell as .NET Global Tool appeared first on PowerShell.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We just released the DSC Resource Kit!

This release includes updates to 8 DSC resource modules. In the past 6 weeks, 95 pull requests have been merged and 55 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

  • CertificateDsc
  • NetworkingDsc
  • PSDscResources
  • SharePointDsc
  • SqlServerDsc
  • xActiveDirectory
  • xDnsServer
  • xPSDesiredStateConfiguration

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our latest community call for the DSC Resource Kit was last Wednesday, June 19. A recording of the call with be posted on the PowerShell YouTube channel soon. You can join us for the next call at 12PM (Pacific time) on July 31 to ask questions and give feedback about your experience with the DSC Resource Kit.

The next DSC Resource Kit release will be on Wednesday, August 7.

We strongly encourage you to update to the newest version of all modules using the PowerShell Gallery, and don’t forget to give us your feedback in the comments below, on GitHub, or on Twitter (@PowerShell_Team)!

Please see our documentation here for information on the support of these resource modules.

Included in this Release

You can see a detailed summary of all changes included in this release in the table below. For past release notes, go to the README.md or CHANGELOG.md file on the GitHub repository page for a specific module (see the How to Find DSC Resource Modules on GitHub section below for details on finding the GitHub page for a specific module).

Module Name Version Release Notes
CertificateDsc 4.7.0.0
  • Opted into Common Tests “Common Tests – Validate Localization” – fixes Issue 195.
  • Combined all CertificateDsc.ResourceHelper module functions into CertificateDsc.Common module and renamed to CertificateDsc.CommonHelper module.
  • CertReq:
    • Fix error when ProviderName parameter is not encapsulated in double quotes – fixes Issue 185.
  • Refactor integration tests to update to latest standards.
  • Refactor unit tests to update to latest standards.
  • CertificateImport:
    • Refactor to use common functions and share more code with PfxImport resource.
    • Resource will now only throw an exception if the PFX file does not exist and it needs to be imported.
    • Removed file existence check from Path parameter to enable the resource to remove a certificate from the store without the need to have the access to the certificate file.
    • Removed ShouldProcess because it is not required by DSC Resources.
  • CertificatePfx:
    • Refactor to use common functions and share more code with CertificateImport resource.
    • Resource will now only throw an exception if the certificate file does not exist and it needs to be imported.
  • CertificateImport:
    • Added FriendlyName parameter to allow setting the certificate friendly name of the imported certificate – fixes Issue 194.
  • CertificatePfx:
    • Added FriendlyName parameter to allow setting the certificate friendly name of the imported certificate – fixes Issue 194.
NetworkingDsc 7.3.0.0
  • DnsClientGlobalSettings:
    • Fixed SuffixSearchList Empty String Handling – fixes Issue 398.
  • NetAdapterAdvancedProperty:
    • Removed validation from RegistryKeyword parameter because the list of valid registry keywords is not fixed and will depend on adapter driver – fixes Issue 388.
  • MSFT_WinsServerAddress Added MSFT_WinsServerAddress to control the WINS servers for a given network adapter.
  • Test-DscParameterState:
    • This function was enhanced with an optional reversecheck, optional internal sorting for arrays.
    • The functions ConvertTo-CimInstance and ConvertTo-Hashtable were added required by Test-DscParameterState.
  • Fix missing context message content in unit tests – fixes Issue 405.
  • Correct style violations in unit tests:
    • Adding Get, Set and Test tags to appropriate describe blocks.
    • Removing uneccesary region blocks.
    • Conversion of double quotes to single quotes where possible.
    • Replace variables with string litterals in describe block description.
  • Firewall:
    • Fix bug when LocalAddress or RemoteAddress is specified using CIDR notation with number of bits specified in subnet mask (e.g. 10.0.0.1/8) rather than using CIDR subnet mask notation (e.g 10.0.0.1/255.0.0.0) – fixes Issue 404.
PSDscResources 2.12.0.0
  • Ports style fixes that were recently made in xPSDesiredStateConfiguration on test related files.
  • Ports most of the style upgrades from xPSDesiredStateConfiguration that have been made in files in the DscResources folder.
  • Ports fixes for the following issues: Issue 505 Issue 590 Changes to test helper Enter-DscResourceTestEnvironment so that it only updates DSCResource.Tests when it is longer than 120 minutes since it was last pulled. This is to improve performance of test execution and reduce the likelihood of connectivity issues caused by inability to pull DSCResource.Tests.
  • Fixes issue where MsiPackage Integration tests fail if the test HttpListener fails to start. Moves the test HttpListener objects to dynamically assigned, higher numbered ports to avoid conflicts with other services, and also checks to ensure that the ports are available before using them. Adds checks to ensure that no outstanding HTTP server jobs are running before attempting to setup a new one. Also adds additional instrumentation to make it easier to troubleshoot issues with the test HttpListener objects in the future. Specifically fixes Issue 142
  • Improved speed of Test-IsNanoServer function
  • Remove the Byte Order Mark (BOM) from all affected files
  • Opt-in to “Validate Module Files” and “Validate Script Files” common meta-tests
  • Opt-in to “Common Tests – Relative Path Length” common meta-test
  • Fix README markdownlint validation failures
  • Move change log from README.md to CHANGELOG.md
SharePointDsc 3.5.0.0
  • SharePointDsc generic
    • Improved logging in all resource. They are now outputting the current and targeted values in the Test method.
    • Updated various resources to comply with coding style guidelines.
    • Updated the following resources to not return Null from the Get method anymore, but an hashtable which contains null values: SPDesignerSettings, SPDiagnosticLoggingSettings, SPFarmAdministrators, SPHealthAnalyzerRuleState, SPIrmSettings, SPOutgoingEmailSettings, SPPasswordChangeSettings, SPSearchTopology, SPServiceAppProxyGroup, SPTimerJobState, SPUserProfileSection, SPUserProfileSyncConnection, SPWebAppBlockedFileTypes, SPWebApplicationAppDomain, SPWebAppPolicy, SPWebAppSiteUseAndDeletion, SPWebAppThrottlingSettings, SPWordAutomationServiceApp.
  • SPConfigWizard
    • Added check to make sure the Config Wizard is only executed when all servers have the binaries installed.
  • SPDistributedCacheService
    • Added ability to check for incorrect service account.
  • SPExcelServiceApp
    • Fixes issue where Get method throws an error when the value of PrivateBytesMax and UnusedObjectAgeMax are negative values.
  • SPFarm
    • Throw error in Get method if CentralAdministrationUrl is HTTP.
  • SPInstallPrereqs
    • Fixed bug in version check, where lower versions would be detected as higher versions.
  • SPProductUpdate
    • Updated Readme to reflect the new patching possibilities added in v3.3.
  • SPSecureStore
    • Fixed issue where the test issue returned false is the service application didn’t exist, but the database name/server parameter was specified.
  • SPUserProfileSyncConnection
    • Fixed issue where the parameter Server was checked in SP2016 but isn’t used there and therefore always fails.
  • SPWebAppAuthentication
    • Updated the documentation to better explain the use of this resource when using Classic authentication.
SqlServerDsc 13.0.0.0
  • Changes to SqlServerDsc
    • Added SqlAgentAlert resource.
    • Opt-in to the common test “Common Test – Validation Localization”.
    • Opt-in to the common test “Common Test – Flagged Script Analyzer Rules” (issue 1101).
    • Removed the helper function New-TerminatingError, New-WarningMessage and New-VerboseMessage in favor of the the new localization helper functions.
    • Combine DscResource.LocalizationHelper and DscResource.Common into SqlServerDsc.Common (issue 1357).
    • Update Assert-TestEnvironment.ps1 to not error if strict mode is enabled and there are no missing dependencies (issue 1368).
  • Changes to SqlServerDsc.Common
    • Added StatementTimeout to function “Connect-SQL” with default 600 seconds (10mins).
    • Added StatementTimeout to function “Invoke-Query” with default 600 seconds (10mins) (issue 1358).
    • Changes to helper function Connect-SQL
      • The function now make it more clear that when using the parameter SetupCredential is impersonates that user, and by default it does not impersonates a user but uses the credential that the resource is run as (for example the built-in credential parameter PsDscRunAsCredential). @kungfu71186
      • Added parameter alias -DatabaseCredential for the parameter -SetupCredential. @kungfu71186
  • Changes to SqlAG
    • Added en-US localization.
  • Changes to SqlAGReplica
    • Added en-US localization.
    • Improved verbose message output when creating availability group replica, removing a availability group replica, and joining the availability group replica to the availability group.
  • Changes to SqlAlwaysOnService
    • Now outputs the correct verbose message when restarting the service.
  • Changes to SqlServerMemory
    • Now outputs the correct verbose messages when calculating the dynamic memory, and when limiting maximum memory.
  • Changes to SqlServerRole
    • Now outputs the correct verbose message when the members of a role is not in desired state.
  • Changes to SqlAgentOperator
    • Fix minor issue that when unable to connect to an instance. Instead of showing a message saying that connect failed another unrelated error message could have been shown, because of an error in the code.
    • Fix typo in test it block.
  • Changes to SqlDatabaseRole
  • Changes to SqlSetup
    • Add an Action type of “Upgrade”. This will ask setup to do a version upgrade where possible (issue 1368).
    • Fix an error when testing for DQS installation (issue 1368).
    • Changed the logic of how default value of FailoverClusterGroupName is set since that was preventing the resource to be able to be debugged (issue 448).
    • Added RSInstallMode parameter (issue 1163).
  • Changes to SqlWindowsFirewall
    • Where a version upgrade has changed paths for a database engine, the existing firewall rule for that instance will be updated rather than another one created (issue 1368). Other firewall rules can be fixed to work in the same way later.
  • Changes to SqlAGDatabase
    • Added new parameter “ReplaceExisting” with default false. This allows forced restores when a database already exists on secondary.
    • Added StatementTimeout to Invoke-Query to fix Issue1358
    • Fix issue where calling Get would return an error because the database name list may have been returned as a string instead of as a string array (issue 1368).
xActiveDirectory 3.0.0.0
  • Changes to xActiveDirectory
    • Added new helper functions in xADCommon, see each functions comment-based help for more information.
      • Convert-PropertyMapToObjectProperties
      • Compare-ResourcePropertyState
      • Test-DscPropertyState
    • Move the examples in the README.md to Examples folder.
    • Fix Script Analyzer rule failures.
    • Opt-in to the following DSC Resource Common Meta Tests:
      • Common Tests – Custom Script Analyzer Rules
      • Common Tests – Required Script Analyzer Rules
      • Common Tests – Flagged Script Analyzer Rules
      • Common Tests – Validate Module Files (issue 282)
      • Common Tests – Validate Script Files (issue 283)
      • Common Tests – Relative Path Length (issue 284)
      • Common Tests – Validate Markdown Links (issue 280)
      • Common Tests – Validate Localization (issue 281)
      • Common Tests – Validate Example Files (issue 279)
      • Common Tests – Validate Example Files To Be Published (issue 311)
    • Move resource descriptions to Wiki using auto-documentation (issue 289)
    • Move helper functions from MSFT_xADCommon to the module xActiveDirectory.Common (issue 288).
      • Removed helper function Test-ADDomain since it was not used. The helper function had design flaws too.
      • Now the helper function Test-Members outputs all the members that are not in desired state when verbose output is enabled.
    • Update all unit tests to latest unit test template.
    • Deleted the obsolete xActiveDirectory_TechNetDocumentation.html file.
    • Added new resource xADObjectEnabledState. This resource should be used to enforce the Enabled property of computer accounts. This resource replaces the deprecated Enabled property in the resource xADComputer.
    • Cleanup of code
      • Removed semicolon throughout where it is not needed.
      • Migrate tests to Pester syntax v4.x (issue 322).
      • Removed -MockWith {} in unit tests.
      • Use fully qualified type names for parameters and variables (issue 374).
    • Removed unused legacy test files from the root of the repository.
    • Updated Example List README with missing resources.
    • Added missing examples for xADReplicationSubnet, xADServicePrincipalName and xWaitForADDomain. (issue 395).
  • Changes to xADComputer
    • Refactored the resource and the unit tests.
    • BREAKING CHANGE: The Enabled property is DEPRECATED and is no longer set or enforces with this resource. If this parameter is used in a configuration a warning message will be outputted saying that the Enabled parameter has been deprecated. The new resource xADObjectEnabledState can be used to enforce the Enabled property.
    • BREAKING CHANGE: The default value of the enabled property of the computer account will be set to the default value of the cmdlet New-ADComputer.
    • A new parameter was added called EnabledOnCreation that will control if the computer account is created enabled or disabled.
    • Moved examples from the README.md to separate example files in the Examples folder.
    • Fix the RestoreFromRecycleBin description.
    • Fix unnecessary cast in Test-TargetResource (issue 295).
    • Fix ServicePrincipalNames property empty string exception (issue 382).
  • Changes to xADGroup
    • Change the description of the property RestoreFromRecycleBin.
    • Code cleanup.
  • Changes to xADObjectPermissionEntry
    • Change the description of the property IdentityReference.
    • Fix failure when applied in the same configuration as xADDomain.
    • Localize and Improve verbose messaging.
    • Code cleanup.
  • Changes to xADOrganizationalUnit
    • Change the description of the property RestoreFromRecycleBin.
    • Code cleanup.
    • Fix incorrect verbose message when this resource has Ensure set to Absent (issue 276).
  • Changes to xADUser
    • Change the description of the property RestoreFromRecycleBin.
    • Added ServicePrincipalNames property (issue 153).
    • Added ChangePasswordAtLogon property (issue 246).
    • Code cleanup.
    • Added LogonWorkstations property
    • Added Organization property
    • Added OtherName property
    • Added AccountNotDelegated property
    • Added AllowReversiblePasswordEncryption property
    • Added CompoundIdentitySupported property
    • Added PasswordNotRequired property
    • Added SmartcardLogonRequired property
    • Added ProxyAddresses property (Issue 254).
    • Fix Password property being updated whenever another property is changed (issue 384).
    • Replace Write-Error with the correct helper function (Issue 331).
  • Changes to xADDomainController
    • Change the Requires statement in the Examples to require the correct module.
    • Suppressing the Script Analyzer rule PSAvoidGlobalVars since the resource is using the $global:DSCMachineStatus variable to trigger a reboot.
    • Code cleanup.
  • Changes to xADDomain
    • Suppressing the Script Analyzer rule PSAvoidGlobalVars since the resource is using the $global:DSCMachineStatus variable to trigger a reboot.
    • Code cleanup.
  • Changes to xADDomainTrust
    • Replaced New-TerminatingError with Standard Function.
    • Code cleanup.
  • Changes to xWaitForADDomain
    • Suppressing the Script Analyzer rule PSAvoidGlobalVars since the resource is using the $global:DSCMachineStatus variable to trigger a reboot.
    • Added missing property schema descriptions (issue 369).
    • Code cleanup.
  • Changes to xADRecycleBin
    • Remove unneeded example and resource designer files.
    • Added missing property schema descriptions (issue 368).
    • Code cleanup.
    • It now sets back the $ErrorActionPreference that was set prior to setting it to "Stop".
    • Replace Write-Error with the correct helper function (issue 327).
  • Changes to xADReplicationSiteLink
    • Fix ADIdentityNotFoundException when creating a new site link.
    • Code cleanup.
  • Changes to xADReplicationSubnet
    • Remove `{ Present
xDnsServer 1.13.0.0
  • Added resource xDnsServerConditionalForwarder
  • Added xDnsServerDiagnostics resource to this module.
xPSDesiredStateConfiguration 8.8.0.0
  • Ports fix for the following issue: Issue 142 Fixes issue where MsiPackage Integration tests fail if the test HttpListener fails to start. Moves the test HttpListener objects to dynamically assigned, higher numbered ports to avoid conflicts with other services, and also checks to ensure that the ports are available before using them. Adds checks to ensure that no outstanding HTTP server jobs are running before attempting to setup a new one. Also adds additional instrumentation to make it easier to troubleshoot issues with the test HttpListener objects in the future.
How to Find Released DSC Resource Modules

To see a list of all released DSC Resource Kit modules, go to the PowerShell Gallery and display all modules tagged as DSCResourceKit. You can also enter a..

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Overview

PSScriptAnalyzer (PSSA) 1.18.1 is now available on the PSGallery and fixes not only a lot of the issues reported for 1.18.0 but has also been made twice as faster compared to 1.18.0. Additionally, the -SaveDscDependency switch on Invoke-ScriptAnalyzerhas been improved to be platform agnostic and should now also work on Linux systems if DSC has been set up. A long standing concurrency bug related to analysing module manifest has also been fixed. Analysis showed that Test-ModuleManifest is not thread-safe due to a bug either in the cmdlet or in the PowerShell engine itself, we resolved it by having a lock around calls to this cmdlet.

Formatter Fixes

This applies especially to its usage within the VS Code PowerShell extension:

  • The new PSUseCorrectCasing formatting rule had to be adjusted to not expand/change paths and to treat wildcard characters correctly. Under the hood the rule calls Get-Command and because Get-Command ? returns all commands that have a name of length 1, it returned ForEach-Object first, which made PSSA incorrectly change the ? alias for Where-Object to ForEach-Object. The PowerShell VS Code extension has the powershell.codeFormatting.useCorrectCasing setting that wraps around this configuration and the setting is currently defaulting to false due to those issues that were found. With PSSA 1.18.1, we’d encourage you to enable the setting again as we think that we have fixed all issues and pending feedback we plan to enable the setting by default. Although the VS Code extension ships a backup version of PSSA (currently 1.18.0), one can always install PSScriptAnalyzer locally and the extension will pick it up. You can install the newer PSScriptAnalyzer version and start using it without having to wait for the extension to release an update.
  • The new PipelineIndentation configuration setting of the PSUseConsistentIndentation formatting rule had a bug when it was set to IncreaseIndentationForFirstPipeline or IncreaseIndentationAfterEveryPipeline and in certain cases, indentation of code following the pipeline could be incorrectly indented. Currently the VS Code setting powershell.codeFormatting.pipelineIndentationStyle for it is set to NoIndentation to avoid this bug. We encourage you here as well to try out the options again so that we can get feedback before we set the default of the VS Code setting to IncreaseIndentationForFirstPipeline (which is the default when calling Invoke-Formatter without parameters). This desired default was voted for by the community here.
Conclusion and Future Outlook

Please try out this new patch, if you install it using Install-Module then the VS Code extension will automatically use it after a restart of the integrated terminal session or just by re-opening VS Code. Getting feedback in this period is very important so that the PowerShell team can make a decision on when to include 1.18.1 by default in one of the next updates of the PowerShell extension. After feedback of this phased rollout, we will consider changing the default settings in the extension as mentioned above. It is hard to anticipate all the use cases, so we chose to make features configurable behind new flags and rollout the changes to a smaller user group first.

The Changelog has more details if you want to dig further.

On behalf of the Script Analyzer team,

Christoph Bergmeister, Project Maintainer from the community
Jim Truher, Senior Software Engineer, Microsoft

The post Release of PowerShell Script Analyzer 1.18.1 appeared first on PowerShell.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

It has been almost a year since the last DSC Planning update. There has been a lot going on, many decisions being made, and it just didn’t make sense to post earlier in this calendar year. In this post we will review what has been shipped and the high-level direction we are heading. 

I am accompanying this post with write-ups that are for the more technical audience. In two parts, I would like to explain the implementation of the Guest Configuration client/service and exactly how the new DSC engine functions. 

If you take nothing else away, here are the top-level items: 

  • The new implementation of DSC is Azure Policy Guest Configuration 
  • The solution is GA for built-in content and is moving towards a preview for custom content 
  • Your skill set and your DSC scripts/modules can be used in a new way 
Azure Policy Guest Configuration 

Previously we have referred to the new DSC codebase under different names. “DSC Core” and “the new LCM”. We also disclosed that the platform would be used in Azure Policy Guest Configuration

What have we shipped? 

The DSC codebase we have been working on is now fully GA as Azure Policy Guest Configuration but this is not the DSC you have known up to this point. It is best to think of Azure Policy Guest Configuration as based on the DSC syntax but functionally a new platform. 

The intention for this service is to build confidence so application developers/owners are free to deploy servers when they need them without putting the organization at risk. Building this platform on a tool that was designed with operations in mind helps us to look beyond the types of settings that we thought about in platforms such as Group Policy. We can include operational requirements such as making sure all servers have a healthy monitoring agent, logging configuration, and the correct certificates in place to function in an enterprise environment. 

DSC has been the basis for other Azure solutions such as the Azure DSC Extension and Azure Automation State Configuration, that help you to configure virtual machines. Azure Policy Guest Configuration currently provides an audit platform to validate settings inside virtual machines. 

The full documentation for this service is available at the following short url. 

https://aka.ms/gcpol 

If you would like to continue reading about how this service is technically implemented, the two technical write-ups are published to accompany this post. 

Azure Policy Guest Configuration – Service

Azure Policy Guest Configuration – Client

High level direction forward 

For the next semester (the second half of 2019 calendar year) we are focused on iterating upon our first release of this solution, introducing the ability for you to use your own content for auditing machines, and to enable you to also enforce settings inside virtual machines using Azure Policy. 

It is important for many people to understand what the options will be to use DSC in disconnected scenarios going forward.  We are considering our options in this area and taking the feedback seriously.  I hope to have more to share on this area in the future. 

Iterating upon our first release of the solution includes multiple areas where we believe we can make life easier for customers. One of the patterns we have observed is customers assigning an audit policy but forgetting to assign the policy that handles automatically onboarding servers.  In the future we believe we can make this simpler.  We have also heard from customers that they would like to have the option to bulk export data about virtual machine compliance so it can be used in other tools, and that they would like to use the solution to audit servers running outside of Azure. 

We hope to enable customers to use their own content, and the tools of their choice, when auditing settings inside virtual machines. As an example, we have heard from Chef customers that they would like to be able to use InSpec to audit Windows Servers. As a result, we announced in our session at Chef Conference that we will be co-maintaining a Guest Configuration provider for InSpec as a collaborative open source project that customers can use in Azure Policy Guest Configuration. More information can be found here

We are investing in getting the user experience right for developing custom content, cross platform for the developer workstation, and having a validation and troubleshooting experience that improves on lessons we learned with DSC. We will soon be moving into a public preview of custom content. In the meantime, you are welcome to give us feedback in our “request for comments” public GitHub repo here

Finally, we are investigating the right approaches for enforcing settings inside virtual machines using Azure Policy. With this scope in mind, I would like to invite you to respond to a (an anonymous) survey to provide feedback on your top requirements. 

Survey link 

Thank you!
Michael Greene
Principal Program Manger
Microsoft Azure
@migreene 

The post DSC Planning Update – June 2019 appeared first on PowerShell.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This post builds upon the introduction published earlier to the PowerShell blog. In this post we are going to explore the Azure Policy Guest Configuration service. 

The full documentation for this service is available at the following short url. 

https://aka.ms/gcpol

Resource provider 

At a fundamental level, this solution includes a new resource provider in Azure named “Microsoft.GuestConfiguration” and new virtual machine extensions named “Microsoft.GuestConfiguration.GuestConfigurationforLinux” and “Microsoft.GuestConfiguration.GuestConfigurationforWindows”. 

The new engine is delivered to the virtual machine by the extension. When the service/daemon starts, it queries the service to see if there are any jobs for the virtual machine. If so, it downloads the content (DSC mof/modules, packaged in the same way as DSC extension), performs the work, and reports status. Behind the scenes, microservices and big data platforms ensure data remains geographically local. 

The following diagram demonstrates the flow of requests as a Guest Assignment is published, the list of assignments are requested from the VM, the VM downloads and runs the configuration, status is returned to a regional location, and summary information is presented to Azure Policy. 

Diagram: 

 

You can think of the resource provider as surfacing VM scenarios in to Azure Resource Manager API. If you require that only one group of users should have administrative privilege inside a server, you can express that requirement as a Guest Assignment in Azure Resource Manager. This is just a reference to a configuration that checks (“Test”) whether only that group has the intended access and return who currently has access (“Get”). The scenario is given as a property of the virtual machine through a provider resource “Microsoft.GuestConfiguration”. 

Here is an example of that in code: 

{
                    "apiVersion": "2018-11-20",
                    "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments",
                    "name": "[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]",
                    "location": "[parameters('location')]",
                    "properties": {
                      "guestConfiguration": {
                        "name": "[parameters('configurationName')]",
                        "version": "1.*",
                        "configurationParameter": [
                          {
                            "name": "[LocalGroup]AdministratorsGroup;Members",
                            "value": "[parameters('Members')]"
                          }
                        ]
                      }
                    }
                  }, 

Using built-in policies 

One of our learnings from DSC has been to reduce complexity. We are aiming for a solution that you can just enable and immediately see value. A good example of this approach was Active Directory Group Policy. While Group Policy presented challenges for developers looking to rapidly iterate between builds, the concept of just picking the settings you need and turning them on has been popular with large enterprises. 

Our current list of built-in content is below.  This is growing nearly every week.  You can view this list in the Azure Portal by opening Policy and clicking Definitions, then changing the ‘Type’ filter to ‘Initiative’ and the ‘Category’ filter to ‘Guest Configuration’.  You can also run the following command to get a current list using PowerShell with the Az cmdlet. 

Get-AzPolicySetDefinition -Builtin | ? {$_.Properties.Metadata.Category -eq "Guest Configuration"} | % {$_.Properties.DisplayName} 

NOTE: it is important when assigning these policies to use the Initiative.  The DeployIfNotExists policy loads the VM extension, which is a requirement for Audit/AuditIfNotExists policies in Guest Configuration to work properly. 

Policy initiative display name 
Audit Windows VMs in which the Administrators group does not contain only the specified members 
[Preview]: Audit Windows VMs on which the Log Analytics agent is not connected as expected 
Audit Windows VMs in which the Administrators group does not contain all of the specified members 
Audit Windows VMs that do not have the specified applications installed 
[Preview]: Audit VMs with insecure password security settings 
Audit Windows VMs that are not set to the specified time zone 
Audit Windows VMs that are not joined to the specified domain 
Audit Windows web servers that are not using secure communication protocols 
[Preview]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabled 
Audit Windows Server VMs on which Windows Serial Console is not enabled 
Audit Windows VMs in which the Administrators group contains any of the specified members 
[Preview]: Audit Windows VMs that contain certificates expiring within the specified number of days 
[Preview]: Audit Windows VMs that have not restarted within the specified number of days 
[Preview]: Audit Windows VMs on which the DSC configuration is not compliant 
Audit Linux VMs that do not have the specified applications installed 
Audit Windows VMs with a pending reboot 
Audit Windows VMs that do not have the specified Windows PowerShell modules installed 
[Preview]: Audit Windows VMs that do not contain the specified certificates in Trusted Root 
Audit Windows VMs that have the specified applications installed 
Audit Linux VMs that have the specified applications installed 
Viewing results 

You can view the results of the policy in Azure Portal (as described here) and you also can get results using the cmdlets provided by a new module named Az.GuestConfiguration. A step by step gudie for using these cmdlets is available here

The key scenario for the cmdlets is to use the Get-AzVmGuestPolicyStatusHistory cmdlet with the -ShowOnlyChange parameter. This will tell you every time a VM was out of compliance over the reporting period and why. 

The Az Guest Configuration cmdlets are documented here

You can also directly query the Azure Policy Guest Configuration REST API to see the results of your audits. This includes the “Compliance Reasons” data the returns the raw information from the tool used to perform the audit. For Windows this data includes the name of the DSC resource used to run Test and Get, and the data returned. For Linux this includes the fully formatted output from InSpec. For both platforms, we intend to be open and extensible going forward. 

The API for getting compliance details is documented here

Thank you!
Michael Greene
Principal Program Manger
Microsoft Azure
@migreene 

The post Azure Policy Guest Configuration – Service appeared first on PowerShell.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This post builds upon the introduction published earlier to the PowerShell blog. In this post we are going to explore the Azure Policy Guest Configuration client and how configuration content is consumed. 

The full documentation for this service is available at the following short url. 

https://aka.ms/gcpol 

DSC service/daemon 

Inside Azure Policy Guest Configuration, you will find the new DSC engine as part of the extension for virtual machines. You can see this using the “Run Command” feature in Azure for any virtual machine that is being audited by Azure Policy using one of the Guest Configuration initiatives. 

The structure of the agent folders is the same for both operating systems. You will find a folder named “DSC” that contains the binaries for the engine, a folder named “logs” containing logs generated by the engine, and a subfolder named “downloads” that is used to support additional requirements. 

Here are some example commands you can use to take a look at the DSC engine yourself. 

Windows 

The Guest Configuration extension for Windows has not been published to GitHub yet.

List the DSC binaries in Guest Configuration in Windows 

Command (note the version is current at this time but could change): 

ls C:\Packages\Plugins\Microsoft.GuestConfiguration.ConfigurationforWindows\1.13.0.0\dsc\DSC\dsc_* 

Result: 

    Directory: C:\Packages\Plugins\Microsoft.GuestConfiguration.Configurationfo
    rWindows\1.13.0.0\dsc\DSC

Mode                LastWriteTime         Length Name                          
----                -------------         ------ ----                          
-a----         5/1/2019   1:16 PM         622592 dsc_client.exe                
-a----         5/1/2019   1:14 PM         532992 dsc_diagnostics.dll           
-a----         5/1/2019   1:14 PM         906752 dsc_infrastructure.dll        
-a----         5/1/2019   1:16 PM        1840640 dsc_pull_client.dll           
-a----         5/1/2019   1:17 PM         360960 dsc_reporting.dll             
-a----         5/1/2019   1:28 PM        1252864 dsc_rest_server.dll           
-a----         5/1/2019   1:28 PM         393216 dsc_service.exe               
-a----         5/1/2019   1:26 PM         956928 dsc_timer.dll   

You will also find an instance of pwsh.exe and supporting files in this same (version specific) folder. That is because Guest Configuration includes the portable installation of PowerShell Core so there is no need to manage PowerShell versions for the system. 

View the details of the DSC service in Guest Configuration in Windows 

Command: 

Get-Service DscService | fl * 

Result: 

Name                : DscService
RequiredServices    : {}
CanPauseAndContinue : False
CanShutdown         : False
CanStop             : True
DisplayName         : Guest Configuration Service
DependentServices   : {}
MachineName         : .
ServiceName         : DscService
ServicesDependedOn  : {}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32OwnProcess
StartType           : Automatic
Site                :
Container           : 

Linux 

The Guest Configuration extension for Linux is published in GitHub here

List the DSC binaries in Guest Configuration in Linux 

Command (note the version is current at this time but could change): 

ls /var/lib/waagent/Microsoft.GuestConfiguration.ConfigurationforLinux-1.11.0/GCAgent/DSC/dsc_* 

Result: 

[stdout]
/var/lib/waagent/Microsoft.GuestConfiguration.ConfigurationforLinux-1.11.0/GCAgent/DSC/dsc_client
/var/lib/waagent/Microsoft.GuestConfiguration.ConfigurationforLinux-1.11.0/GCAgent/DSC/dsc_linux_service 

Currently, Guest Configuration in Linux is only supporting content in the format of Chef InSpec profiles. We expect this to soon open to PowerShell-based resources and other tool formats. 

View the details of the DSC service in Guest Configuration in Linux 

Command: 

systemctl status dscd.service 

Result: 

  • dscd.service- DSC Service
       Loaded: loaded (/lib/systemd/system/dscd.service; enabled; vendor preset: enabled)
       Active: active (running) since Tue 2019-06-04 18:13:28 UTC; 1h 48min ago
    Main PID: 22327 (dsc_linux_servi)
        Tasks: 42
       Memory: 11.9M
          CPU: 1.483s
       CGroup: /system.slice/dscd.service
               └─22327 /var/lib/waagent/Microsoft.GuestConfiguration.ConfigurationforLinux-1.11.0/GCAgent/DSC/dsc_linux_serviceJun 04 18:13:28 linux systemd[1]: Started DSC Service.
    Jun 04 18:13:28 linux dsc_linux_service[22327]: Running DSC rest server... 
Configurations 

Configurations in Guest Configuration are managed in a whole new way. There is no longer a need for partial configurations because many configurations can be managed independently. 

Please keep in mind that currently, configurations are used only for auditing settings and not enforcing the configuration. 

The model for Guest Configuration takes lessons learned from both the DSC Extension and State Configuration service. The Guest Configuration service does not require or support uploading and storing assets in the service, or a compilation service. Configurations are packaged in .zip format as they were for DSC Extension. A Guest Assignment in the Guest Configuration resource provider includes a reference to the location of the package, a hash value of the package file, and a table of parameters to be passed to the engine when the configuration is executed. 

For content provided by Microsoft, the configuration content managed and replicated globally. When the package is downloaded to the machine, it is decompressed and extracted to a local folder. 

Each folder contains everything needed for DSC to manage the configuration including the mof, any resources required, and the metaconfiguration to use for that configuration. This means the mode, frequency, and other LCM settings can be unique per configuration. 

View configuration content in Windows 

In this test case, the server is in scope of multiple audit policies. 

Command: 

ls c:\programdata\GuestConfig\Configuration\ 

Result: 

 Directory: C:\programdata\GuestConfig\Configuration

Mode                LastWriteTime         Length Name                          
----                -------------         ------ ----                          
d-----         6/5/2019   1:03 PM                WindowsDefenderExploitGuard   
d-----         6/5/2019   1:03 PM                WindowsDscConfiguration       
d-----         6/5/2019   1:03 PM                windowsfirewallenabled        
d-----         6/5/2019   1:03 PM                WindowsLogAnalyticsAgentConnection                          
d-----         6/5/2019   1:03 PM                WindowsPendingReboot          
d-----         6/5/2019   1:04 PM                WindowsPowerShellModules      
d-----         6/5/2019   1:04 PM                WindowsTimeZone                

View configuration content in Linux 

In this test case, the server is in scope of only one audit policy. 

Command: 

ls /var/lib/GuestConfig/Configuration 

Result: 

[stdout]
firewalldenabled 

Logs 

Log output is available on each node within the agent folder named “Logs”. This can also be returned using “Run Command”, however the output is limited to the last 4096 bytes so it is best to filter the logs to only what you are looking for. Examples approaches are given below. 

View error messages in Windows logs 

Command (note the version is current at this time but could change): 

Select-String -Path 'C:\Packages\Plugins\Microsoft.GuestConfiguration.ConfigurationforWindows\1.13.0.0\dsc\logs\dsc.log' -pattern 'DSC*Engine' -CaseSensitive -Context 0,5 

Result (this is a short snippet of the actual output): 

 [INFO] [00000000-0000-0000-0000-000000000000] Job 
3af0538a-35f4-415f-b5b8-70ae3099e6a2 : Operation Get-DscConfiguration 
completed successfully. 

View error messages in Linux logs 

Command (note the version is current at this time but could change): 

grep -A 5 'DSC*Engine' '/var/lib/waagent/Microsoft.GuestConfiguration.ConfigurationforLinux-1.11.0/GCAgent/logs/dsc.log' 

Result (this is a short snippet of the actual output): 

 [2019-06-05 18:14:22.772] [PID 30775] [TID 30824] [DSCEngine] [INFO] [00000000-0000-0000-0000-000000000000] Job 6ae51953-24aa-44e8-8abb-4ec522cc5b1f : Method CU_TestConfiguration ended successfully 

Thank you!
Michael Greene
Principal Program Manger
Microsoft Azure
@migreene 

 

The post Azure Policy Guest Configuration – Client appeared first on PowerShell.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We have improved the experience with PowerShell Get and private nuget feeds by focusing on pain points using an Azure Artifacts feed.
We addressed pain points by enabling/documenting the following features:

  • Non-PAT authentication for package management
  • Credential persistence in Register-PSRepository

These improvements will effect the following cmdlets:

  • Register-PSRepository
  • Set-PSRepository
  • Find-Module/Script
  • Install-Module/Script
  • Update-Module/Script
  • Save-Module/Script
  • Publish-Module/Script
What is Azure Artifacts and Why would I use it?

Azure Artifacts is an Azure Dev Ops service which introduces the concept of multiple feeds that you can use to organize and control access to your packages. In other words it is a place for storing and sharing packages with controlled access through Azure Dev Ops. A common use scenario for Azure Artifacts with PowerShellGet is for organizations which need a controlled access feed for sharing their private internal packages and vetted external packages within their organization. Package owners may also want to use Azure Artifacts as part of their CI/CD pipeline in Azure Dev Ops. For more information on Azure Artifacts, check out their documentation.

Getting started with Azure Artifacts with PowerShellGet

Since these fixes were introduced into PackageManagement, verify you have at least version 1.4.1 of the PackageManagement module
to do this run Get-InstalledModule PackageManagement . If you do not have this version 1.4.1 or higher run the command
Update-Module PackageManagement and then refresh your PowerShell session.

The next step is to create an Azure Artifacts feed, since Azure Artifacts is an Azure Dev Ops service you will need to create an Azure Dev Ops account if you don’t already have one.

Once you gave an account you can create an Azure Artifacts feed. To do this, follow these steps. Return here for instructions on how to connect to the feed and publish packages.

The other component you will need is the Azure Artifacts credential provider. The credential provider comes pre-installed with Visual studio, so if you have VS 15.9, you don’t need to install anything. Otherwise the steps for installing the credential provider, which are platform dependent are provided here.

To register your feed as a PSRepository you will need a name, source location,
publish location, and credential. The name is what you will call the PSRepository and can be anything you chose
in this example we call it “myAzArtifactsRepo”. Your source location, and publish location will be the same uri and will be the
format: “https://pkgs.dev.azure.com/’yourorganizationname’/_packaging/’yourfeedname’/nuget/v2“. You have a couple of options for your credential, you can either use a personal access token (PAT) or you can enable non-PAT authentication.
For more information on this check out the documentation.

You are now ready to register your Az Dev Ops feed as a PSRepository using the
following command:

Register-PsRepository myAzArtifactsRepo -SourceLocation  "https://pkgs.dev.azure.com/'yourorganizationname'/_packaging/'yourfeedname'/nuget/v2" -PublishLocation "https://pkgs.dev.azure.com/'yourorganizationname'/_packaging/'yourfeedname'/nuget/v2" -credential $credentials

Let’s publish a PowerShell Gallery package to our Azure Dev Ops feed.
To do this, you need to first save the module then, publish it using the following commands:

Save-Module -Name SHiPS -Repository PSGallery -Path '.'
Publish-Module -path "path\to\module"\SHiPS -Repository myAzArtifactsRepo -NuGetApiKey <key-- any arbitrary string>

Now that we have some packages let’s find and install them:

Find-module  -name SHiPS -Repository myAzArtifactsRepo

Install-Module -name SHiPS -Repository myAzArtifactsRepo

Now that you can manage packages on your feed, you may want to share it with other users. To manage the access to your feed use the feed settings in Azure Artifacts. For more information on this check out the documentation.

Getting Feedback

If you encounter any issues we would love to hear about it on our GitHub page.
Please file an issue letting us know what we can do to make your experience better.

The post Using PowerShellGet with Azure Artifacts appeared first on PowerShell.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Last month we announced that PowerShell 7 will be the next release of PowerShell.

Here I will provide more details of areas we’ll be investing in for the PowerShell 7 release.

When will I get it?!

Today, we’re releasing our first preview of PowerShell 7. Keeping with our monthly cadence, expect new preview releases approximately every month.

This first preview contains some of the changes that didn’t make it in time for the 6.2 GA release, and marks our move to .NET Core 3.0. For more details on what’s new, check out our changelog on GitHub.

As mentioned in the PowerShell 7 announcement blog, we will be changing the support life-cycle to align with .NET Core. This means that we expect PowerShell 7 to be generally available (GA) about a month after .NET Core 3.0 GA.

.NET Core 3.0

The biggest immediate change is moving to .NET Core 3.0 (from .NET Core 2.1). Not only are there significant performance improvements, but many new APIs are available including WPF and WinForms (Windows only, though!).

This means that (eventually) we can bring back Out-GridView.

Windows Compatibility

A big focus of PowerShell 7 is making it a viable replacement for Windows PowerShell 5.1. This means it must have near parity with Windows PowerShell in terms of compatibility with modules that ship with Windows.

The PowerShell Team will be working with Windows teams to validate and update their modules to work with PowerShell 7. This also means that to use PowerShell 7 with the breadth of Windows PowerShell modules, you will need to be using the latest builds of Windows 10 (and equivalent Windows Server).

Feature Investigations

We are looking at investing in three specific feature areas. Expect RFCs (Request For Comments specifications) to be published on how we intend to implement these features and the scope of the problem we intended to solve. Feedback is greatly appreciated!

Simplify Secure Credentials Management

Whether you are using PowerShell to automate resources in the cloud, local resources on premise, or a hybrid, you will generally need to have different credentials to access different resources.

The best practice is to never put credentials within your script. So we intend to introduce a way to securely use credentials from a local or remote based credential store.

Logging Off the Box

Part of the security of PowerShell is that it can log everything. However, logging today is purely local onto the machine. For each OS, there are ways to forward those events to a remote system, but it requires different configurations per OS.

We want to introduce a way to easily configure PowerShell through policy to automatically send the logs to a remote target regardless of the OS.

New Version Notification

Looking at our PowerBI dashboard, we see a large number of instances using older versions (some of which are no longer supported). It is important to inform our customers if there is a newer version available that may have security fixes so we need a way to inform the user that a newer version is available politely.

There is already a RFC published for this feature. Please take a look and provide us feedback!

GitHub Issues

We have a number of GitHub issues marked to be considered to be addressed for PowerShell 7. Although we would like to fix everything, we do have limited resources so not every issue marked for consideration will be fixed.

Popular Requested Features

There are a number of requested features we’d like to address in PowerShell 7. Some of these may show up as experimental features so that we can get feedback before we lock in the design.

This list is larger than what we will be able to fix, but these are the ones we’d like to investigate:

Other Investments

My team will also be involved in some other related investments during the time frame of working on PowerShell 7.

PowerShell in Azure Functions to generally available

A few weeks ago, Joey Aiello announced the Public Preview of PowerShell in Azure Functions 2.0. As we get feedback, my team will continue to work with the Azure Functions team to address that feedback and eventually move from public preview to being generally available.

PSReadLine 2.0

Jason Shirk has done a great job with PSReadLine. As part of Windows PowerShell 5, we decided to have it as the default interactive shell experience. As a side project to Jason, he’s made many improvements, but the project is bigger than one person. We’ve agreed to move the PSReadLine project to the PowerShell team where we can have some dedicated resources to get the 2.0.0 release to GA.

PowerShell Editor Services / Visual Studio Code PowerShell extension

We will continue to make progress on PowerShell Editor Services 2.0 release improving reliability, performance, and PSReadLine integration.

PSScriptAnalyzer

As part of improving performance for PSEditorServices, we need to make PSScriptAnalyzer 2.0 host-able so that PS Editor Services can simply call an API rather than calling PSScriptAnalyzer using a PowerShell runspace.

Summary

As you can see, we have a ton of work ahead of us. Not everything will make it in the same time frame of PowerShell 7 and some of the popular requested features may have to wait for PowerShell 7.1, but the more feedback you give us, the more we can be sure we’re doing the right thing to help you succeed.

Thanks!

Steve Lee
Principal Software Engineering Manager
PowerShell Team
https://twitter.com/Steve_MSFT

The post PowerShell 7 Road Map appeared first on PowerShell.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The other day I was writing a script and decided that I wanted to break it into a couple of files and have the main script dot-source a library script in the same directory. Here is the problem that I ran into:
PS> Get-ChildItem

Directory: Microsoft.PowerShell.Core\FileSystem::C:\Temp\test

Mode LastWriteTime Length Name
—- ————- —— —-
d—- 6/19/2007 6:12 AM subdir
-a— 6/19/2007 6:12 AM 47 Invoke-Test.ps1
-a— 6/19/2007 6:12 AM 47 LibraryTest.ps1

PS> Get-Content Invoke-Test.ps1
. .\LibraryTest.ps1
echo “I Love PowerShell”
PS>
PS> Get-Content LibraryTest.ps1
function echo ($msg)
{ write-host $msg
}
PS>
PS> C:\temp\test\Invoke-Test.ps1
I Love PowerShell
PS>
PS> Set-Location subdir
PS> C:\temp\test\Invoke-Test.ps1
The term ‘.\LibraryTest.ps1’ is not recognized as a cmdlet, function, opera
ble program, or script file. Verify the term and try again.
At C:\temp\test\Invoke-Test.ps1:1 char:2
+ . # That tells us that the function has access to 72 variables but 17 are in its scope.
PS> # PowerShell populates these for each scope automatically.
PS>
PS> function t { Get-Variable -Scope 0 |sort Name}
PS> t

Name Value
—- —–
? True
args {}
ConsoleFileName
Culture en-US
ExecutionContext System.Management.Automation.EngineIntrin…
false False
HOME E:\Users\jsnover.NTDEV
Host System.Management.Automation.Internal.Hos…
input System.Array+SZArrayEnumerator
MaximumVariableCount 4096
MyInvocation System.Management.Automation.InvocationInfo
null
PID 960
PSHOME E:\Windows\system32\WindowsPowerShell\v1.0\
ShellId Microsoft.PowerShell
true True
UICulture en-US
The variable $MyInvocation is the one I was looking for so let’s explore it and see how it can help me solve this problem. Notice that I’m going to use both test scripts and the interactive shell to explore this. I’m leveraging the fact that all scopes have $MyInvocation so I can use the interactive session to explore its structure but I need a test script to test the actual values for an external script.
PS>
Get-Content t1.ps1
$MyInvocation | Format-List *
PS>
.\t1.ps1

MyCommand : t1.ps1
ScriptLineNumber : 1
OffsetInLine : 9
ScriptName :
Line : .\t1.ps1
PositionMessage :
At line:1 char:9
+ .\t1.ps1 $MyInvocation |Get-Member -type Property

TypeName: System.Management.Automation.InvocationInfo

Name MemberType Definition
—- ———- ———-
InvocationName Property System.String InvocationName {get;}
Line Property System.String Line {get;}
MyCommand Property
System.Management.Automation.CommandInfo
MyC…
OffsetInLine Property System.Int32 OffsetInLine {get;}
PipelineLength Property System.Int32 PipelineLength {get;}
PipelinePosition Property System.Int32 PipelinePosition {get;}
PositionMessage Property System.String PositionMessage {get;}
ScriptLineNumber Property System.Int32 ScriptLineNumber {get;}
ScriptName Property System.String ScriptName {get;}

PS>
# Notice that MyCommand is a structure (not a simple type) so let’s explore it.
PS> $MyInvocation.MyCommand |Get-Member -Type Property

TypeName: System.Management.Automation.ScriptInfo

Name MemberType Definition
—- ———- ———-
CommandType Property System.Management.Automation.CommandTypes Command…
Definition Property System.String Definition {get;}
Name Property System.String Name {get;}
ScriptBlock Property System.Management.Automation.ScriptBlock ScriptBl…

PS>
# Looks promising.
PS>
Get-Content t2.ps1
$MyInvocation.MyCommand | Format-List *
PS> .\t2.ps1

Path : C:\Temp\test\subdir\t2.ps1
Definition : C:\Temp\test\subdir\t2.ps1
Name : t2.ps1
CommandType : ExternalScript

PS>
# BINGO!
So with that knowledge I can now write my Get-ScriptDirectory function and use it dot-source a local library properly. Now think about this a second, if you write a function Get-ScriptDirectory and call it, $MyInvocation is going to be changed and reflect the call to that function. So what this function has to do is to work on the $MyInvocation of its parent! Luckly, the PowerShell team thought of that and the Get-Variable cmdlet allows you to specify a SCOPE. If you specify 0, it means the current scope (you saw this earlier). If you specify 1, it means the parent scope (2 means the grandparent and so on). So here it is:
PS> Get-Content Invoke-Test.ps1
function Get-ScriptDirectory
{
$Invocation = (Get-Variable MyInvocation -Scope 1).Value
Split-Path $Invocation.MyCommand.Path
}

$path = Join-Path (Get-ScriptDirectory) LibraryTest.ps1
. $path
echo “I Love PowerShell”
PS>
PS> C:\Temp\test\Invoke-Test.ps1
I Love PowerShell
PS>
PS> Set-Location subdir
PS>
PS> C:\Temp\test\Invoke-Test.ps1
I Love PowerShell
PS>
PS>
# If it can work there, it can work anywhere!
I just love this stuff!!!!
Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at: http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at: http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

The post Get-ScriptDirectory to the Rescue appeared first on PowerShell.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We just released the DSC Resource Kit! This release includes updates to 14 DSC resource modules. In the past 6 weeks, 87 pull requests have been merged and 36 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

  • ActiveDirectoryCSDsc
  • CertificateDsc
  • ComputerManagementDsc
  • NetworkingDsc
  • OfficeOnlineServerDsc
  • PSDscResources
  • SharePointDsc
  • SqlServerDsc
  • StorageDsc
  • xActiveDirectory
  • xDnsServer
  • xFirefox
  • xPSDesiredStateConfiguration
  • xWebAdministration

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our latest community call for the DSC Resource Kit was last Wednesday, May 8. A recording of the call is available here. You can join us for the next call at 12PM (Pacific time) on June 19 to ask questions and give feedback about your experience with the DSC Resource Kit.

The next DSC Resource Kit release will be on Wednesday, June 26.

We strongly encourage you to update to the newest version of all modules using the PowerShell Gallery, and don’t forget to give us your feedback in the comments below, on GitHub, or on Twitter (@PowerShell_Team)!

Please see our documentation here for information on the support of these resource modules.

Included in this Release

You can see a detailed summary of all changes included in this release in the table below. For past release notes, go to the README.md or CHANGELOG.md file on the GitHub repository page for a specific module (see the How to Find DSC Resource Modules on GitHub section below for details on finding the GitHub page for a specific module).

Module Name Version Release Notes
ActiveDirectoryCSDsc 3.3.0.0
  • Remove reference to StorageDsc in README.md – fixes Issue 76.
  • Combined all ActiveDirectoryCSDsc.ResourceHelper module functions into ActiveDirectoryCSDsc.Common module and renamed to ActiveDirectoryCSDsc.CommonHelper module.
  • Opted into Common Tests “Common Tests – Validate Localization” – fixes Issue 82.
CertificateDsc 4.6.0.0
  • CertReq:
    • Added Compare-CertificateIssuer function to checks if the Certificate Issuer matches the CA Root Name.
    • Changed Compare-CertificateSubject function to return false if ReferenceSubject is null.
    • Fixed exception when Certificate with empty Subject exists in Certificate Store – fixes Issue 190.
    • Fixed bug matching existing certificate when Subject Alternate Name is specified and machine language is not en-US – fixes Issue 193.
    • Fixed bug matching existing certificate when Template Name is specified and machine language is not en-US – fixes Issue 193.
    • Changed Import-CertificateEx function to use X509Certificate2Collection instead of X509Certificate2 to support importing certificate chains
ComputerManagementDsc 6.4.0.0
  • ScheduledTask:
    • IdleWaitTimeout returned from Get-TargetResource always null – Fixes Issue 186.
    • Added BuiltInAccount Property to allow running task as one of the build in service accounts – Fixes Issue 130.
  • Refactored module folder structure to move resource to root folder of repository and remove test harness – fixes Issue 188.
  • Added a CODE_OF_CONDUCT.md with the same content as in the README.md and linked to it from README.MD instead.
  • Updated test header for all unit tests to version 1.2.4.
  • Updated test header for all imtegration to version 1.3.3.
  • Enabled example publish to PowerShell Gallery by adding gallery_api environment variable to AppVeyor.yml.
NetworkingDsc 7.2.0.0
  • NetAdapterAdvancedProperty:
    • Added support for RegistryKeyword MaxRxRing1Length and NumRxBuffersSmall – fixes Issue 387.
  • Firewall:
    • Prevent “Parameter set cannot be resolved using the specified named parameters” error when updating rule when group name is specified – fixes Issue 130 and Issue 191.
  • Opted into Common Tests “Common Tests – Validate Localization” – fixes Issue 393.
  • Combined all NetworkingDsc.ResourceHelper module functions into NetworkingDsc.Common module – fixes Issue 394.
  • Renamed all localization strings so that they are detected by “Common Tests – Validate Localization”.
  • Fixed issues with mismatched localization strings.
  • Updated all common functions with the latest versions from DSCResource.Template.
  • Fixed an issue with the helper function Test-IsNanoServer that prevented it to work. Though the helper function is not used, so this issue was not caught until now when unit tests was added.
  • Corrected style violations in NetworkingDsc.Common.
OfficeOnlineServerDsc 1.4.0.0
  • OfficeOnlineServerInstall
    • Updated resource to make sure the Windows Environment variables are loaded into the PowerShell session;
  • OfficeOnlineServerMachine
    • Updated resource to make sure the Windows Environment variables are loaded into the PowerShell session;
  • Created LICENSE file to match the Microsoft Open Source Team standard.
PSDscResources 2.11.0.0
  • Fix Custom DSC Resource Kit PSSA Rule Failures
SharePointDsc 3.4.0.0
  • SPDistributedCacheClientSettings
    • Added 15 new SharePoint 2016 parameters.
  • SPFarm
    • Implemented Null check in Get method to prevent errors
    • Add support to provision Central Administration on HTTPS
  • SPInfoPathFormsServiceConfig
    • Added the AllowEventPropagation parameter.
  • SPInstall
    • Improved logging ouput
    • Updated blocked setup file check to prevent errors when BinaryDir is a CD-ROM drive or mounted ISO
  • SPInstallLanguagePack
    • Improved logging ouput
    • Updated blocked setup file check to prevent errors when BinaryDir is a CD-ROM drive or mounted ISO
  • SPInstallPrereqs
    • Improved logging ouput
    • Added the updated check to unblock setup file if it is blocked because it is coming from a network location. This to prevent endless wait.
    • Added ability to install from a UNC path, by adding server to IE Local Intranet Zone. This will prevent an endless wait caused by security warning.
    • Fixed an issue that would prevent the resource failing a test when the prerequisites have been installed successfully on Windows Server 2019
  • SPManagedMetadataServiceApp
    • Fixed issue where Get-TargetResource method throws an error when the service app proxy does not exist and no proxy name is specified.
  • SPProductUpdate
    • Improved logging ouput
    • Updated blocked setup file check to prevent errors when SetupFile is a CD-ROM drive or mounted ISO
  • SPSearchContent Source
    • Removed check that prevents configuring an incremental schedule when using continuous crawl.
  • SPSitePropertyBag
    • Fixed issue where properties were set on the wrong level.
  • SPSubscriptionSettingsServiceApp
    • Fixed issue where the service app proxy isn’t created when it wasn’t created during initial deployment.
  • SPTrustedRootAuthority
    • Added possibility to get certificate from file.
SqlServerDsc 12.5.0.0
  • Changes to SqlServerSecureConnection
    • Updated README and added example for SqlServerSecureConnection, instructing users to use the “SYSTEM” service account instead of “LocalSystem”.
  • Changes to SqlScript
    • Correctly passes the $VerbosePreference to the helper function Invoke-SqlScript so that PRINT statements is outputted correctly when verbose output is requested, e.g Start-DscConfiguration -Verbose.
    • Added en-US localization (issue 624).
    • Added additional unit tests for code coverage.
  • Changes to SqlScriptQuery
    • Correctly passes the $VerbosePreference to the helper function Invoke-SqlScript so that PRINT statements is outputted correctly when verbose output is requested, e.g Start-DscConfiguration -Verbose.
    • Added en-US localization.
    • Added additional unit tests for code coverage.
  • Changes to SqlSetup
    • Concatenated Robocopy localization strings (issue 694).
    • Made the error message more descriptive when the Set-TargetResource function calls the Test-TargetResource function to verify the desired state.
  • Changes to SqlWaitForAG
  • Changes to SqlServerPermission
  • Changes to SqlServerMemory
    • Added en-US localization (issue 617).
    • No longer will the resource set the MinMemory value if it was provided in a configuration that also set the Ensure parameter to “Absent” (issue 1329).
    • Refactored unit tests to simplify them add add slightly more code coverage.
  • Changes to SqlServerMaxDop
  • Changes to SqlRS
    • Reporting Services are restarted after changing settings, unless $SuppressRestart parameter is set (issue 1331). $SuppressRestart will also prevent Reporting Services restart after initialization.
    • Fixed one of the error handling to use localization, and made the error message more descriptive when the Set-TargetResource function calls the Test-TargetResource function to verify the desired state. This was done prior to adding full en-US localization.
    • Fixed (issue 1258). When initializing Reporting Services, there is no need to execute InitializeReportServer CIM method, since executing SetDatabaseConnection CIM method initializes Reporting Services.
    • issue 864 SqlRs can now initialise SSRS 2017 instances
  • Changes to SqlServerLogin
    • Added en-US localization (issue 615).
    • Added unit tests to improved code coverage.
  • Changes to SqlWindowsFirewall
  • Changes to SqlServerEndpoint
  • Changes to SqlServerEndpointPermission
  • Changes to SqlServerEndpointState
  • Changes to SqlDatabaseRole
  • Changes to SqlDatabaseRecoveryModel
  • Changes to SqlDatabasePermission
  • Changes to SqlDatabaseOwner
  • Changes to SqlDatabase
  • Changes to SqlAGListener
  • Changes to SqlAlwaysOnService
  • Changes to SqlAlias
    • Added en-US localization (issue 602).
    • Removed ShouldProcess for the code, since it has no purpose in a DSC resource (issue 242).
  • Changes to SqlServerReplication
    • Added en-US localization (issue 620).
    • Refactored Get-TargetResource slightly so it provide better verbose messages.
StorageDsc 4.7.0.0
  • DiskAccessPath:
    • Added a Get-Partition to properly handle setting the NoDefaultDriveLetter parameter – fixes Issue 198.
xActiveDirectory 2.26.0.0
  • Changes to xActiveDirectory
    • Added localization module -DscResource.LocalizationHelper* containing the helper functions Get-LocalizedData, New-InvalidArgumentException, New-InvalidOperationException, New-ObjectNotFoundException, and New-InvalidResultException (issue 257). For more information around these helper functions and localization in resources, see Localization section in the Style Guideline.
    • Added common module DscResource.Common containing the helper function Test-DscParameterState. The goal is that all resource common functions are moved to this module (functions that are or can be used by more than one resource) (issue 257).
    • Added xADManagedServiceAccount resource to manage Managed Service Accounts (MSAs). Andrew Wickham (@awickham10) and @kungfu71186
    • Removing the Misc Folder, as it is no longer required.
    • Added xADKDSKey resource to create KDS Root Keys for gMSAs. @kungfu71186
    • Combined DscResource.LocalizationHelper and DscResource.Common Modules into xActiveDirectory.Common
  • Changes to xADReplicationSiteLink
    • Make use of the new localization helper functions.
  • Changes to xAdDomainController
    • Added new parameter to disable or enable the Global Catalog (GC) (issue 75). Eric Foskett @Merto410
    • Fixed a bug with the parameter InstallationMediaPath that it would not be added if it was specified in a configuration. Now the parameter InstallationMediaPath is correctly passed to Install-ADDSDomainController.
    • Refactored the resource with major code cleanup and localization.
    • Updated unit tests to latest unit test template and refactored the tests for the function “Set-TargetResource”.
    • Improved test code coverage.
  • Changes to xADComputer
    • Restoring a computer account from the recycle bin no longer fails if there is more than one object with the same name in the recycle bin. Now it uses the object that was changed last using the property whenChanged (issue 271).
  • Changes to xADGroup
    • Restoring a group from the recycle bin no longer fails if there is more than one object with the same name in the recycle bin. Now it uses the object that was changed last using the property whenChanged (issue 271).
  • Changes to xADOrganizationalUnit
    • Restoring an organizational unit from the recycle bin no longer fails if there is more than one object with the same name in the recycle bin. Now it uses the object that was changed last using the property whenChanged (issue 271).
  • Changes to xADUser
    • Restoring a user from the recycle bin no longer fails if there is more than one object with the same name in the recycle bin. Now it uses the object that was changed last using the property whenChanged (issue 271).
xDnsServer 1.12.0.0
  • Update appveyor.yml to use the default template.
  • Added default template files .codecov.yml, .gitattributes, and .gitignore, and .vscode folder.
  • Added UseRootHint property to xDnsServerForwarder resource.
xFirefox 1.3.0.0
  • Update appveyor.yml to use the default template.
  • Added default template files .codecov.yml, .gitattributes, and .gitignore, and .vscode folder.
  • The module manifest now contains the correct PowerShell version.
  • Added xFirefoxPreference Resource to automate Firefox Preference Configuration
xPSDesiredStateConfiguration 8.7.0.0
  • MSFT_xWindowsProcess:
    • Fixes issue where a process will fail to be created if a $Path is passed that contains one or more spaces, and the resource is using $Credentials.
    • Fixes issue where a process will fail to be created if $Arguments are passed that contain one or more spaces (with or without credentials).
    • Fixes issue where Integration tests fail if empty Arguments are passed. issue 605
    • Heavily refactors MSFT_xWindowsProcess.Integration.Tests.ps1 and adds more Path and Arguments related test cases.
    • Removes reliance on test file WindowsProcessTestProcess.
  • Fixes test failures in xWindowsOptionalFeatureSet.Integration.Tests.ps1 due to accessing the windowsOptionalFeatureName variable before it is assigned. issue 612
  • MSFT_xDSCWebService
    • Fixes issue 536 and starts the deprecation process for configuring a windows firewall (exception) rule using xDSCWebService
    • Fixes issue 463 and fixes some bugs introduced with the new firewall rule handling
xWebAdministration 2.6.0.0
  • Changed order of classes in schema.mof files to workaround 423
  • Fix subject comparison multiple entries for helper function Find-Certificate that could not find the test helper function Install-NewSelfSignedCertificateExScript.
  • Updated unit test for helper function Find-Certificate to check for multiple subject names in different orders.
How to Find Released DSC Resource Modules

To see a list of all released DSC Resource Kit modules, go to the PowerShell Gallery and display all modules tagged as DSCResourceKit. You can also enter a module’s name in the search box in the upper right corner of the PowerShell Gallery to find a specific module.

Of course, you can also always use PowerShellGet (available starting in WMF 5.0) to find modules with DSC Resources:

#To list all modules that tagged as DSCResourceKit
Find-Module -Tag DSCResourceKit 
#To list all DSC resources from all sources
Find-DscResource

Please note only those modules released by the PowerShell Team are currently considered part of the ‘DSC Resource Kit’ regardless of the presence of the ‘DSC Resource Kit’ tag in the PowerShell Gallery.

To find a specific module, go directly to its URL on the PowerShell Gallery:
http://www.powershellgallery.com/packages/< module name >
For example:
http://www.powershellgallery.com/packages/xWebAdministration

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource
How to Find DSC Resource Modules on GitHub

All resource modules in the DSC Resource Kit are available open-source on GitHub.

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview