Sharing common PowerShell profiles for a PowerShell admin team

(This article works with PowerShell V2 and PowerShell V3)

I work with other PowerShell Admins and having separate profiles on our machines that load the same settings, functions and modules can be a pain to keep current. I started using a common profile; one that is shared from a server so making changes and additions was one step. I also wanted to start placing our Tool modules in a central location. I thought I would take a minute and show how I did it and some of the problems I ran into.

Also, I wanted to finally get the execution policy changed to “AllSigned”.  A common profile, whether on a network share or Dropbox, needs to be signed if you’re using an execution policy of “RemoteSigned” or “AllSigned”, so I’ll show you how I solved this as well.

The Tools 

You don’t need much in the way of tools for this exercise. You can use Notepad to edit the profiles and PowerShell to sign them. I’m going to be using a new tool from SAPIEN called the “PowerShell Profile Editor”. I’ve been playing with it for a while and I really like it for managing local and remote profiles. If you have any registered SAPIEN software you can download it for free from your account, but you can also get it from one of their ToolKit CD’s. I have some of these CD’s if your going to be at TechMentor and I’ll give you one. Here is the blog from SAPIEN explaining more about it.

The Shared Profile

So, making a shared profile is fairly straightforward. Create a network share on a local server (or Dropbox if you want). Make sure to set permissions for only you and your administrative friends.

Create a profile (text file with a .ps1 extension) and you’re good. In my case, I also wanted the shared profile to load a ToolsModule that we all use. I copied the ToolsModule to the same network share and added the last line to import the module. 

Figure 1 – My new shared profile located on a server share

The local Profile

Now, how to get that darn shared profile to load on my computer when I launch a PowerShell console…

Easy, have each PowerShell admin change their local profile to load the shared profile. Did you know that you could do that? Take a look at my example. Pretty cool huh?

Figure 2 – Configuring the local profile to open the shared profile from the server share

The Test #1 

So, to test to see if it worked I opened a PowerShell console. Notice I also used tab completion to see if the function in the profile and a function from the module worked.

Figure 3 – Testing the shared profile and module

Problem #1

The problem is that I’m using a very bad and very unsafe execution policy of “unrestricted”. I want to change this to “AllSigned” but as soon as you do you will receive the following error:

Figure 4 – Execution policy error when I attempt to use AllSigned

Solution #1

The solution is to sign the profile and any additional modules. This is not a hard task but if you haven’t done it before it can be a little confusing. You first need a code-signing certificate on your computer. I chose to use Active Directory Certificate Services for this because all the Admins could install the cert. If you haven’t done this with ADCS before check out this article written by friend Mike Pfeiffer.

You can use PowerShell to the sign the profile, but SAPIEN’s Profile Editor already has this feature (like PrimalScript and PowerShell Studio). Open the File menu and click Options after you have installed the code-signing certificate. Select the option “Sign Scripts when saving” like my example below:

Figure 5 – Setting the options for PowerShell Profile Editor to sign scripts when saving

Now just save the shared profile again and notice that it gets signed.

 

Figure 6 – The signed profile

NOTE: If you’re loading modules from this share, you will need to sign those as well. That’s why I love SAPIEN’s Profile Editor, it makes it easy to “Save and Sign”!

 

Figure 7 – The signed tools module

NOTE: If you’re using “AllSigned” you will need to save and sign the local profile with the code-signing certificate!

With the execution policy set to “RemoteSigned” or “AllSigned”, start the PowerShell console and enjoy!

Figure 8 – Working shared profile and module with AllSigned execution policy

Problem #2

My next problem was no surprise I just hadn’t planned on dealing with it yet. With all the admins using a shared profile and tool module change-control quickly became an issue. If one admin makes a breaking change, then everyone has a problem! I need the ability to quickly rollback to previous version and be able to track changes.

This is a problem that developers have solved for a long time with Source Control. For most admins using PowerShell this is a new concept, however one that is going to grow as more shared scripts, module and profiles become the norm.

Unfortunately, implementing a good source control solution can range from big complex products designed for development teams to Duct-Tape-and-Bailing-Wire solutions using Dropbox. What I need is a simple solution that’s easy for admins to use that also is a professional product that doesn’t have all the cost and complexity involved with other solutions.

Solution #2

My solution? I don’t have one yet but I’m trying one out that I think is going to fit perfectly. I’ll share the details in a later blog post on my experience but since I already own many SAPIEN tools I’m going to use SAPIEN’s ChangeVue. It’s designed to be easy (especially for guys like me) but still provide the professional qualities I’m looking for without a complicated setup. 

I’ll let you know how it goes! I hope you found the article helpful for using shared profiles and module.

Knowledge is PowerShell,

Jason

 

Getting started with SAPIEN PowerShell Studio

You guys know how I love SAPIEN’s PrimalScript, but have you checked out PowerShell Studio? I get admins asking me all the time, “What’s the best way I can make a simple GUI tool for helpdesk?” or “I want a better scripting tool than the ISE.” Well,  the not-so-obvious problem of learning to use development software such as Studio can be confusing at first if you haven’t worked with such an extensive tool like this before. So, I started writing some small Startup Guides to help my friends and students get started with Studio. It just so happens that the great folks over at SAPIEN have been kind enough to post my first article on their blog.

image_thumb

So, The first article is about getting the software installed and configured quickly to start using Studio for PowerShell scripting.  I’m going to write additional articles on using some of the cool features of Studio such as saving your scripts as an .exe and digital signing.

If you like the article, let me and SAPIEN know, plus tell me what you want to know about so I can include it in a future article.

Now go out and download the evaluation copy, grab the article, and get started using PowerShell Studio!

Knowledge is PowerShell,

Jason

Sapien launches PowerShell Studio and PrimalScript 2012!

Now look, I’m not a gadget guy, nor do I run out and get the latest phone just because its new. I know, I’m  a little weird for an IT guy.  But when it comes to a new release of a high quality scripting editor, I stumble all over myself to find out if I want to buy it. Sapien Technologies just released a new version of the premier editor PrimalScript 2012 and a new product not seen from them before called PowerShell Studio. After a few hours with the evaluation versions, I’m buying

Yes, I’m gushing a little bit, it’s not often that I’m so initially impressed, so forgive me my excitement

PowerShell Studio

Think of PowerShell Studio as PrimalForms-meets-PrimalScript-meets-BugattiVeyron. 

studio

This is a PowerShell only Editor, but it has amazing features (plus many I’m just starting to figure out) from PrimalScript combined with PrimalForms.  Kind of an All-in-one.  After installing the evaluation version, I was amazed at how fast this puppy loads.  For a full fledged IDE like this to load so fast is remarkable.  Now, I’m just getting started working with it, but you have to check out the feature list!

PrimalScript 2012

I grew up with this IDE and it seems that PrimalScript has matured much better than I have.  For those of you that have been living the life of a scripter in your company for a long time you have scripts written in many different languages.  I know, I wish all my customers had their scripts in PowerShell too, but it’s just not cost effective to sit around and rewrite them. For this reason,  PrimalScript has always been installed on my laptop because it supports so many languages, the amount of parsers in this tool means I never have to use notepad.

primal

Check out the PrimalScript page for the feature list.  This new version got an upgrade to its “look”, but it’s the under-the-hood stuff that really has got me going.  Even PrimalScript loads amazingly fast, fully operational for whatever task I need.  I know I keep saying how impressive the performance is for both new IDE’s, but you have to see it to believe it.  I don’t know about you, but I can’t spend my entire day in front of a script editor.  I’m jumping in and out, all the time, so load time matters.

Enough drooling for now.  I want to stop writing this blog and go back to playing. I’m going to dig into these new releases and I’ll let you know what I find out.  I have a feeling there is more in here than I have seen after just a few hours of playing.  Now it’s time to put them to work in a real environment. 

If you try them out, let me know what you think!

Knowledge is PowerShell,

Jason

 

Am I a Shill?

I worked in the Enterprise as a consultant for a large firm, recommended many products based on performance versus cost, sold solutions (I think good solutions) regardless of the company that manufactured them.  My customer was my client, not the manufacturer of the software/hardware.

Now, I’m retired from the constant nightmare that is customer support, product implementation, network design, solution design, deployment, management, troubleshooting outages, etc…….

Now, I’m a teacher.  I’m too young to sit by a pond fishing and I love teaching.  I teach for a wonderful company that focuses on teaching professional IT people in the latest products and solutions.   We don’t teach “new-comers” to IT which means that we don’t waste time on basic stuff.

I’m proud of being a teacher.  I try to help my students focus on the “right” solutions, not a marketing slogan by one manufacturer or another.

I’m a Microsoft teacher. (and I use a Mac) Yes, I admit it.  I teach primarily Microsoft technologies.  Now some of you are wondering how Microsoft could possibly compete with unix ( or some flavor), but they actually do.  While I could discuss the over-powering reasons that MS Exchange 2010 is far superior, my primary technology that I teach is PowerShell.

I teach it every month.  The demand has risen from a few, to 20, to hundreds.  I teach in one week how to be an expert, even if you know nothing.  I love PowerShell and its Enterprise management capabilities.

So, I was recently asked “which tool do you use to write and manage your network scripts with?”  It didn’t even take a second of thought.

Primal Script by Sapien Technologies.

WindowsLiveWriter-GeniusesatSapienTechnologies_10857-

Now before you start yelling at me, I also love PowerGui, but only for the occasional one-off script. (yes, PowerGui Pro is great, I’ll do a blog on it)  the “free” version of PowerGui is best for the small network scripter.

The real power of scripting, dealing with multiple types of scripts, dealing with source control and more, really has always been PrimalScript.  If you have been scripting in the past, you know PrimalScript.  It’s the Porsche in a world of Toyota Corolla’s (Help! Stop! My brakes don’t work!)

PowerShell and PrimalScript (especially Primal Forms) brings an enterprise scripting environment alive and manageable.

WindowsLiveWriter-GeniusesatSapienTechnologies_10857--1

If your waiting for the Visual Studio team to help, well screw that.  They could care less about you scripter!  They only like “Developers”.  While there are add-ons from other people to help with basic syntax coloring, Sapien has given you a complete development environment, including Intellisence and source control, for PowerShell!!  Plus, you can easily manage and convert the rest of your scripts!  Even those not from Microsoft!

The best solution (in my humble opinion is PrimalScript).

Now for the Shill part.  PrimalScript is not free.  In fact, it’s expensive if your an individual, but cheap if you are an Enterprise guy/gal.

Go see at: www.sapien.com

Am I shill?  The first meeting of the Arizona PowerShell User Group will have it’s first speaker, the CEO (Dr. Ferdinand Rios) of Sapien Technologies, presiding and discussing PrimalScript and PowerShell.

You might walk away and say I’m sucking-up to Dr. Rios and Sapien.  If you know me, then you know I’m just promoting what I believe to be the best solution.

If you have a chance, and want to hear Dr. Rios (which has been a major player in the scripting industry longer than Microsoft,) than attend the first meeting of AZPOSH April 7th.  For more details, www.azposh.com

Be well!

(Ugly dog picture for the fans…..)

dog

Jason,

Knowledge is PowerShell