Powershell is a powerful scripting language Microsoft has employed (and contributed to) on multiple platforms. While it can be used to create different types of programs, it’s most useful for managing and automating Microsoft environments. Powershell is basically a modern Perl for Windows, but without the history.
Once support for Windows 7 (and Server 2008 R2) ended, Powershell became a lot more viable. There is a large difference between the older Powershell versions and the newer ones. Powershell 2 and previous were limited, but you couldn’t depend on every Windows 7 machine to have a newer version. Later versions of Powershell got even better and more useful for all manner of automation and management tasks.
Now that every supported machine in an environment is going to be at least new enough to not have old Powershell bugs or weird behaviors, it is the ideal way to automate tasks for Windows and other Microsoft environments. Let’s see what Powershell can do and why you should learn it to do more for your MSP or IT environment.
Powershell allows you to mix and match with command line utilities as necessary. You can distribute scripts based on older automation techniques but leverage the advantages of Powershell. With Windows 7 out of the way, Powershell is the first thing I reach for when automating remote Windows box.
The language is flexible enough you can do basic data munging, work with CSVs, and parse logs among many other tasks. Powershell is the spiritual successor to Perl with a more modern basis planted in a Microsoft context (for better and for worse).
Most GUI settings on Windows are adjustable from Powershell, you just have to know how (and what to change). You can also use it to check for software or apply updates. It can help automate cleanup from infections. It’s a full featured programming language which is primarily centered around scripting. Our Kaseya instance is littered with countless Powershell scripts which save our technicians and partners thousands of hours of wasted time. Why remote into a machine when you can just run a script across all 50 which need an operation done?
Powershell with Microsoft 365 and Office 365
Not only is Office 365 something which you can administer using Powershell, it’s actually preferred for certain tasks. There are certain tasks which are just a bit easier with Powershell, but there are other tasks which explicitly require Powershell. Ultimately, the more you can learn to do with Powershell, the easier it is to administer your Microsoft 365 instance(s).
Not only can you work with managing Office 365, but you can also send emails, pull reports, etc. with Powershell. If you don’t know how to get started with a specific task, you can always find pre-existing scripts which do what you want and use them as a base to build on. Microsoft 365 and Office 365 have countless options and tools, you just need to know what and where they are.
Powershell just gets more powerful with Office 365 and Microsoft 365 when you consider how much it can tie into. It’s not just that you can work with one tool, you have a predictable interface for multiple products. The object used by one module is often supported in other interfaces allowing reusable pieces.
On-Premise Exchange and Active Directory
Powershell can automate virtually everything with the cloud offerings (we’ll get into Azure below), but more often than not, it’s going to be more convenient (or necessary) to use with on-premise Exchange or Active Directory. Powershell has saved me many times with on-premise Exchange. I’ve dealt with situations where the GUI is completely unusable, but the Powershell interface still works as expected. The Exchange Management Shell is essential for really administering Exchange Server.
Fewer people tend to manage AD with Powershell, but it’s a life-saver when something goes wrong. I’ve had data corruption crash the Active Directory and Users, but Powershell allowed me to resolve it. Being able to pull the data and parse it with a real language made me able to find proof of a breach and to resolve it. Command line wouldn’t have been enough, and doing it by hand would have made it easy to miss the patterns a machine wouldn’t. You can even make scripts to manage complex user settings among many other things.
The power of this form of management is that once you solve a problem, you have a ready fix if you can determine the applicable conditions. Sometimes it’s safe to fully automate, but other times you want someone to look at it first. Just because a person needs to determine what to do doesn’t mean that you can’t script the process. The more common problems you can address, the less time you need to spend babysitting technology and the more you can focus on your business or more important tasks.
Azure is Microsoft’s answer to the cloud. Azure is composed of many services and components which all grow into their greater cloud offering. You can manage them from the console, but some operations can get repetitive. If you’re making a systematic change, why not use programmatic methods to do it?
If you’re publishing a new app, you can also update the firewall with the right bootstrapping. There are all sorts of things Powershell can do with Azure. You can script VM creation and maintenance or firewall rules as necessary among many other tasks.
Azure extends past basic VMs, there are also services such as Azure AD, and many different emulation, virtualization, and abstraction layers. Interfacing into Azure means you can manage AD, virtualization solutions, as well as infrastructure maintenance. The web interface may be good enough, but what happens when you have a predictable process for individual clients?
Automating basic setups is a service that many providers such as Nerdio provide and take to a different level. Azure favors those who know what they’re doing. You can burn money easily if you don’t get how Azure operates. If you play the game, you can come out ahead though. Some basic automation makes the difference between being a user and being an expert.
Windows Update can be a pain if something goes wrong (and with enough agents, it’s not if, but when). While the fix can be easy, it can be hard to automate without proper scripting. You’re typically repeating the same basic commands, maybe with some system specific information.
You can leverage Powershell to handle Windows Updates. While you may not use this for every patch cycle, it can be useful for specific zero-day exploits and similar patches. This framework gives you complete control of the patch process and a non-invasive way to deliver it.
We’ve deployed zero-day fixes and patches en masse by leveraging this methodology. It can rectify the damage done by bad patches, or you can use it to automate removal of a known trouble patches which end users keep reapplying. If you combine this with WMI (Windows Management Instrumentation), you can build scripts which detect known trouble conditions and resolve them.
Most Windows systems use NTFS for storage. Permissions in local NTFS systems can impact your shares and your data (loose lips sink ships). Powershell enables you to manage permissions without having to deal with a mix of standard CMD and GUI tools. You get an easy way to manage permissions that are rule based rather than hierarchical.
Once you get used to automating file system problems, you end up moving away from the GUI. While the GUI is faster for simple problems, it tends to get in the way more than not with more advanced solutions. No one is calling in a tier 3 equivalent because someone added John from accounting to the wrong share, but they are when John has incidentally been granted privileges he shouldn’t have.
Powershell also shines when you have a lot of work to do on disparate files and folders where there is a specific condition you’re targeting. If everything at and below a level will have the same change, the GUI is probably faster, but once you deviate from the norm, the GUI breaks down fast. I’ve used Powershell to fix the fallout from a technician applying the wrong permissions to a set of folders in a way which made sense systematically, but didn’t fit the hierarchy.
Certain Microsoft products like Windows Server Core can only be managed remotely via command line. While licensing costs and methodologies change, Windows Server Core tends to be cheaper to license, but also more stable due to the missing graphical components. Whether or not it works out cheaper now doesn’t matter, sometimes the reduced footprint (security and admistrative) or the grandfathered in infrastructure mean you need to deal with it.
WMI is a powerful tool in its own right, but combining it with Powershell makes it even more useful. WMI can tap into system information, but also manage patches and software installations. I use it in more advanced scripts to manage conditions for automation or for knowing what version of Windows we’re dealing with, or what specific conditions exist on the system. You can pull information about software, hardware, etc. and collate the information to find patterns for more efficient automation. WMI touches of affects almost everything to some degree if you dig deep enough.
Virtually everything you do with the Windows GUI can be accomplished with Powershell, you just need to know how. This is more valuable when you factor in the fact that for many operations, you don’t need to impact the user. Some operations are noticeable, but many are silent (or close enough).
I’ve fixed countless machines remotely using Powershell. It’s even more efficient with a troublesome user who you can’t ever reach. As you encounter common tasks, you can create more and more automation items or even just a collection of scripts to build from. It’s one thing to know where to go in the GUI, it’s another to remotely collect data and run a fix you need without interacting with the end user’s side at all.
Powershell is versatile and near ubiquitous. It allows you to administer and maintain a system in ways that plain command line just can’t. Powershell taps into virtually every system and functionality present on a modern Windows system. You can technically make full programs with it, but you can also make sure that systems or processes you manage are healthy and apply fixes.
This article just scratches the surface of what Powershell can do for an administrator. Modules and methods exist for a staggering number of tasks and interfaces. Powershell is readily available on modern Windows machines without any extra installation, and more than powerful enough for most automation purposes. Gone are the days of worrying if a system has a new enough version of Powershell to be useful. You also don’t need to worry about installing another programming or scripting language just to automate basic tasks without using CMD.
Powershell lets you manage systems without having to resort to jumping onto machines continuously for trivial issues. A little knowledge goes a long way in making your business and your job more efficient and more scalable. It’s more than CMD ever was, and it’s available without installing anything on modern systems. If you’re responsible for maintaining an MSP or even just IT for a few machines, Powershell pays big dividends quickly. Try it out and see what it can do for you, your career, and your business.