Fotolia
How to automate with PowerShell in Windows Server 2019
Microsoft developed many tools to simplify tasks in Windows Server 2019, but PowerShell skills still remain a staple of an administrator's tool set.
Microsoft developments improved server management with Windows Server 2019, but administrators must still learn how to automate with PowerShell to expand their capabilities.
PowerShell transitioned to an open source model, and it continues to evolve alongside Microsoft products. However, newcomers and even veteran administrators can get overwhelmed by the resources available with new product releases. The growing cross-platform community further expanded PowerShell resources, making it difficult for admins to know where to begin their PowerShell journey.
The book Windows Server 2019 Automation with PowerShell Cookbook by Thomas Lee can help IT pros learn, with step-by-step recipes, how to automate with PowerShell in Windows 2019 and how to take advantage of community modules for Active Directory, file systems and security.
The latest version of Windows Server included Windows PowerShell 5.1, but admins could bypass the need for scripting skills with the Windows Admin Center.
Lee, a senior partner for PS Partnership, has followed the changes to PowerShell since its beginnings in 2003. In this Q&A, Lee discusses why admins still need PowerShell, the expanding use of the configuration tool and the future of the scripting language.
What changes did you see going from Server 2016 to Server 2019?
Thomas Lee: If you know 2016, 2019 is very comfortable. At the time I wrote the last book, the idea was to try and do everything in pure PowerShell. It turns out that a lot of stuff in Windows just doesn't have good PowerShell coverage.
In this book, the big change is using third-party modules. I was trying, for example, to include stuff about .NET objects to set access control lists using the NTFS [New Technology File System] security third-party module that allows you to manage access on file stores. Rather than trying to play around with the underlying .NET framework objects themselves, you just use the module. This book is much more about using the great community stuff that's out there rather than trying to do everything PowerShell out of the box.
Another big difference is the documentation has changed. When we did the 2016 book, the documentation was spread across TechNet at microsoft.com and it was awful. There were bits of work [that were] incorrect, simple typos and stuff that was just plain wrong, so it didn't work.
That now has been replaced by docs.microsoft.com, which is a whole new world. It's all open source and based on GitHub. In light of the first book, I must've fixed 50 errors in the documentation.
That openness of the source of PowerShell, but also the documentation, is just fantastic. IT pros can have a higher confidence level in the documentation. When they do find stuff, they can get it fixed.
Do administrators still need to automate with PowerShell when they can use the Windows Admin Center (WAC) with Windows Server 2019?
Lee: If you are managing a large suite of applications, WAC gives you a lot of flexibility and a lot of features. The Admin Center will be good for some people, but more for reading what's going on rather than changing what's going on.
I'm probably not going to be using it to configure 200 Exchange Servers or 2,000 IIS [Internet Information Services] servers. Windows Admin Center would think that very difficult to do much with. There's just so much value, you wouldn't be able to see the wood from the trees.
For the small media businesses, Windows Admin Center would be great for people that don't want to learn PowerShell, but then you're always going to be limited to what the Windows Admin GUI designer has decided to give you.
What are some third-party modules that are essential to work with Windows Server 2019?
Lee: NTFS security is one of them. There are updates to PSReadLine and if you're using the desired state configurations, almost anything non-trivial is going to require a module that does not ship in the box. A lot of them are actually written by people at Microsoft and are extremely high quality.
The change is really relying on community sponsored things. That reflects the openness that Microsoft has around PowerShell.
What tasks can you use PowerShell to complete in Windows Server 2019?
Lee: My book looks at individual features of Windows and how to do the basic installation setup. That's a challenge.
I want to install the Dynamic Host Configuration Protocol and I know roughly what I want to do. How do I break that down into what I have to do? It's fairly practical.
An example might be securing an SMB [server message block] server in a file server and making that secure so you could disable the SMB1 protocol. You could turn on package signing and package encryption to avoid spoofing man-in-the-middle attacks.
I also show PowerShell techniques not specifically related to Windows, but how to do some operations in PowerShell. For example, there are a couple of ways to remove Active Directory objects. One is Get-Remove. I get the users I'm interested in and I pipe those to remove AD users.
The other way is just doing the remove directly. The two different ways to do it have advantages and disadvantages. I show those different approaches to PowerShell.
We also show some practical uses of some of the internals, like the performance handling, performance logging and alerting subsystem, which allows you to grab performance data. We've got that framework to actually plot that. It's bringing to life stuff that a lot of IT pros probably don't even know exists in the operating system.
In Exchange Online, the GUI does certain things, but not everything. You have to use PowerShell. I suspect that there's probably parity in Windows Server 2019, but the GUI just doesn't scale. There might be some things you can't do.
For example, Hyper-V -- I'm not sure there's a way to enable embedded identity virtualization without PowerShell. There are probably places you have to use PowerShell, but to some degree, that's not the reason we're excited about PowerShell. PowerShell is all about automation, about making things more reliable and so on. The GUI just did not scale. It's not repeatable. It's not reliable.
What is the future of PowerShell?
Lee: Having been involved in PowerShell since the very first presentation in the autumn of 2003, it seems that PowerShell is going in two directions at the same time.
One is cross-platform. We now have PowerShell for Linux and Mac. It's become more and more mainstream. There's no longer 38 incantations and magic spells you have to whisper to get PowerShell installed on those platforms.
Now, why is PowerShell 6.0 such a big deal? It is based on PowerShell Core, which, again, is open source. Taking the Windows out of PowerShell is the other side of a huge push to PowerShell.
A trend, which is not so much PowerShell as industry-wide, is the push to the cloud. The way Microsoft is positioning, the cloud is the future -- when PowerShell can go do an AI job on Office 365 in the cloud. You know that's where Microsoft's going -- away from on premises up to the cloud.
How is the community around PowerShell growing?
Lee: In that dark room back in 2003, what Jeffrey [Snover] was saying about how the community could be useful here, and I can see that there's a framework in PowerShell -- the command structure, the module structure and so on -- that allows for third-party additions. Rather than making it difficult, which any vendor might do to protect themselves, Microsoft just moved out of the way to let the committee go, and you now have fantastic security support.
Spiceworks, PowerShell.org and Reddit today are but a few places you can get great PowerShell help. It's opened up third-party publishing. You've got millions of downloads coming from PS Gallery to the community. There's just an openness there which is all about how to solve problems, not about whether Microsoft is evil or Windows is evil.
The conversation has moved on with cross-platform in a really good way. Part of that is a change in Microsoft themselves.