PowerShell on Linux – bet you wanna know more about Linux

Hey, I know that with all the excitement of PowerShell becoming open-sourced, you might have started to think how you can manage Linux environments. Awesome for you! This should be part of your focus.  I also know that many folks need to update their skills, blow off the rustiness or start from scratch working with Linux.  Well don’t wait to make Linux management a reality — I got something for you.

My friend, Anthony Nocentino, has a great video series to get you started. You can find it here: Understanding and Using Essential Tools for Enterprise Linux 7

And if that wasn’t enough, he also just released this advanced series: LFCE: Advanced Linux Network!

So why not get a jump on everyone else and become a cross platform automation engineer — and it’s cool.  Seriously cool.




Open Source PowerShell – Released today Aug 18 2016

Today was a special day for many of us. In fact, some tears may have rolled down a few faces. The picture shows what happened this morning when PowerShell became open sourced — and now runs on Linux and Mac — one Management platform to managing everything on your network. Here’s the link with Joey Aiello and the team: https://youtu.be/1uGyswOOPdA

So, Jeffrey Snover and the entire PowerShell team deserve more than congratulations. I think we will see in the coming months and after much analysis — this is more than just PowerShell on Linux — I think in the years to come this day will go down as one of the most major milestones in computing. Congrats to all involved in this wonderful day.PoshOpenSource

Implementing PowerShell Just Enough Administration (JEA)

I think that moving forward, implementing JEA is one of the most important tasks to accomplish to drastically increase your companies security. You do not need to wait to upgrade to Windows V-Next — this is available now and already in use by Microsoft and other companies.

And if you looked at xJEA (the DSC Resource) and decided you couldn’t implement yet — – this is the new version – built into the #PowerShell language and ready for you to start creating secured and constrained endpoints and finally take control of over-privileged administrators.

This will immediately impact the security level of your company, and you can rollout over time, gradually improving and revising without impacting the ability of admins to perform their jobs — just removing the massive security holes.

I worked hard on this course from Pluralsight and I hope you find it a useful guide and learning experience so you can successfully take control.

Check it out:  Implementing PowerShell Just Enough Administration (JEA)

Nano Server on TP5

Now’s a great time to start getting your hands dirty managing Nano server.  Go out and download the new Windows Server 2016 TP5 and try it out.  I installed a hyper-v box, then built some Nano servers on it.  Below is not a script, but the commands I typed to build servers.  While I’m not explaining much, I assume you already know how to use Get-Help. Cheers!

Here’s what it looked like when I just typed it in — I’m in such a rush 😉


Configuring IIS Remote Management with DSC

Do you have web servers located throughout your network environment? Do you have admin/devs that need to manage websites and such using the graphical IIS Manager? One of the mistakes made when configuring IIS is failing to install the remote management service and providing a configuration so that admin and devs can use the IIS Manager to remote manage websites. How this problem was solved years ago was simple – walk up to the web server (or RDP), Install the missing component then launch the IIS Manager and configure the management service.  You had to do this AT the web server. Since I only use Server Core – and my servers are remote – this doesn’t work anymore.

Well, PowerShell made this much easier – I could use PowerShell remoting to connect to the web server (no RDP) and install, enable and configure the remote management service. This still works of course, but today, I use DSC to configure pretty much everything – the idea of Infrastructure from Code. So, many people ask me how I would do this using a DSC configuration.

The process to remotely manage IIS with the IIS Manager is the following:

  1. The Management service must be installed
  2. The Management service must be enabled and configured
  3. The WMSVC service must be set to startup type Automatic and Running.

Pretty simple, but if you don’t know how to configure this without the GUI management tool, it can be tricky at first. For sample code, I wrote a simple DSC configuration that installs a default web server (line 3).

Starting with line 10, I add the windows feature Web-Mgmt-Service. When the configuration is run, this will install the required components I need.

Line 17 is where I begin to configure the Management service. First you should know that this service has many configuration options, such things like the port and authentication.  (View the graphical version for more details) Each of these things can be configured at the registry location I describe in the code. But don’t go looking for that registry key until you install the Management service, as it doesn’t exist until after the installation.  You need to perform two tasks. One, enable remote management (as I did) and Two, change the default configuration to whatever you want by adding additional registry keys. In my case I took the defaults, as those work pretty well in most environments.

Line 25 is “Gotcha!” for many folks. You won’t be able to connect to the IIS server using IIS Manager until you start the WMSVC service. Now here is the catch – this service is set to a startup type of ‘Manual’. Which means after the next reboot, your remote management won’t be working. So, it’s important to both start the service and set it a startup type of Automatic.

And there you have it — your can easily use DSC to configure web servers, and the remote management of those servers.