Require License Acceptance Support in PowerShellGet

October 22, 2017, 12:45 pm

≫ Next: Defending Against PowerShell Attacks

≪ Previous: Navigate Azure Resources Just Like a File System

PowerShellGet version 1.5.0 has added support for module publishers to require explicit license acceptance from users before installing a module. This feature has been requested by several of our partners, in order to meet their legal requirements.

If a user installs, updates, or saves a module using PowerShellGet, and the publisher of that module requires the user to agree to a license, the user must indicate they accept the license or the operation fails. This works whether the module is installed directly or if it is installed because it is a dependency for another module.

Publishing Requirements for Modules

Publishers that would like to require license acceptance for their modules should fulfil the following requirements:

Set RequireLicenseAcceptance = $True in PSData section of module manifest.
Add license.txt in root directory of module.
Include License Uri in module manifest.

Install-Module, Save-Module, Update-Module

The PowerShellGet commands Install-Module, Save-Module, and Update-Module have all been modified to support license acceptance. When run, the command will show the license terms from license.txt and prompt the user to accept the license. Module will be delivered to the user system only if the user accepts the license terms. An example using Install-Module is shown below:

Install-Module, Save-Module, and Update-Module support a new parameter -AcceptLicense. This enables scripting, as users will not be prompted if -AcceptLicense is specified. Users who specify this flag are accepting all license terms for all modules that are installed when their command is run, including modules that are installed as dependencies.

-Force

Specifying -Force is NOT sufficient to accept a license. -AcceptLicense is required for permission to install. If -Force is specified and -AcceptLicense is not specified and license acceptance is required, the operation will fail.

Scripts Cannot Require License Acceptance

License Acceptance is not available for publishers to use with scripts. The feature requires a separate license.txt file, and scripts are published as single files. However, the scenario where a script depends on a module that requires license acceptance is supported. Save-Script, Install-Script, Update-Script will show license.txt for dependent modules(that require license acceptance) and prompt user to accept the license. They also support -AcceptLicense parameter.

Additional Resources

The documentation for this feature is included in the PowerShellGet documentation.

We always welcome and appreciate your feedback. The best places to give feedback for these changes are in the PowerShellGet Github Issues, and in Uservoice area for the PowerShell Gallery.

Fareha Rashid
PowerShell Community and Tools

↧

Defending Against PowerShell Attacks

October 23, 2017, 6:58 am

≫ Next: PowerShell Constrained Language Mode

≪ Previous: Require License Acceptance Support in PowerShellGet

The security industry is ablaze with news about how PowerShell is being used by both commodity malware and attackers alike. Surely there’s got to be a way to defend yourself against these attacks!

There absolutely is. PowerShell is – by far – the most securable and security-transparent shell, scripting language, or programming language available.

Our recommendations are:

Deploy PowerShell v5, built into Windows 10. Alternatively, you can deploy the Windows Management Framework, available down to and including Windows 7 / Windows Server 2008r2.
Enable, and collect PowerShell logs, optionally including Protected Event Logging. Incorporate these logs into your signatures, hunting, and incident response workflows.
Implement Just Enough Administration on high-value systems to eliminate or reduce unconstrained administrative access to those systems.
Deploy Device Guard / Application Control policies to allow pre-approved administrative tasks to use the full capability of the PowerShell language, while limiting interactive and unapproved use to a limited subset of the PowerShell language.
Deploy Windows 10 to give your antivirus provider full access to all content (including content generated or de-obfuscated at runtime) processed by Windows Scripting Hosts including PowerShell.

For further information about these steps and solutions, please see the much more detailed presentation: “Defending Against PowerShell Attacks“.

You can also download the slide deck used for this video: Defending-Against-PowerShell-Attacks.

For further details about PowerShell’s Security features, please see our post: PowerShell ♥ the Blue Team.
For further details about implementing Just Enough Administration, please see http://aka.ms/jeadocs.

Lee Holmes [MSFT]
Lead Security Architect
Azure Management

↧

PowerShell Constrained Language Mode

November 2, 2017, 3:19 pm

≫ Next: Azure Automation DSC Pricing Flexibility

≪ Previous: Defending Against PowerShell Attacks

PowerShell Constrained Language Mode

What is PowerShell Constrained Language?

PowerShell Constrained Language is a language mode of PowerShell designed to support day-to-day administrative tasks, yet restrict access to sensitive language elements that can be used to invoke arbitrary Windows APIs.

You can place a PowerShell session into Constrained Language mode simply by setting a property:

PS C:\> $ExecutionContext.SessionState.LanguageMode
FullLanguage
PS C:\> $ExecutionContext.SessionState.LanguageMode = "ConstrainedLanguage"
PS C:\> $ExecutionContext.SessionState.LanguageMode
ConstrainedLanguage

PS C:\> [System.Console]::WriteLine("Hello")
Cannot invoke method. Method invocation is supported only on core types in this language mode.
At line:1 char:1
+ [System.Console]::WriteLine("Hello")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage

Of course, this is not secure. A user can simply start another PowerShell session which will run in Full Language mode and have full access to PowerShell features. As part of the implementation of Constrained Language, PowerShell included an environment variable for debugging and unit testing called __PSLockdownPolicy. While we have never documented this, some have discovered it and described this as an enforcement mechanism. This is unwise because an attacker can easily change the environment variable to remove this enforcement. In addition, there are also file naming conventions that enable FullLanguage mode on a script, effectively bypassing Constrained Language. Again, this is for unit testing. These test hooks cannot override a Device Guard UMCI policy and can only be used when no policy enforcement is applied.

Then what is it for?

PowerShell Constrained Language mode was designed to work with system-wide application control solutions such as Device Guard User Mode Code Integrity (UMCI). Application control solutions are an incredibly effective way to drastically reduce the risk of viruses, ransomware, and unapproved software. For DeviceGuard UMCI the approved applications are determined via a UMCI policy. PowerShell automatically detects when a UMCI policy is being enforced on a system and will run only in Constrained Language mode. So PowerShell Constrained Language mode becomes more interesting when working in conjunction with system-wide lockdown policies.

PowerShell’s detection of system policy enforcement through DeviceGuard is supported only for Windows platform running Windows PowerShell version 5.1. It is not currently implemented in Open Source PowerShell Core 6 beta, and it does not work on non-Windows platforms. So this is currently very much a Windows security feature. However, we will continue to enhance this for non-Windows platforms where feasible.

These lockdown policies are important for high-value systems that need to be protected against malicious administrators or compromised administrator credentials. With a policy enforced even administrators are limited to what they can do on the system.

Since Constrained Language is so limited, you will find that many of the approved scripts that you use for advanced systems management no longer work. The solution to this is simple: add these scripts (or more effectively: your code signing authority that signed them) to your Device Guard policy. This will allow your approved scripts to run in Full Language mode.

For example, all PowerShell module files shipped with Windows (e.g., Install-WindowsFeature) are trusted and signed. The UMCI policy allowing signed Windows files lets PowerShell run these modules in Full Language mode. But if you create a custom PowerShell module that is not allowed by the policy then it will be considered untrusted and run with Constrained Language restrictions.

Consequently, any PowerShell module marked as trusted in the policy needs to be carefully reviewed for security vulnerabilities. A vulnerability could allow code injection, or leak private functions not intended for public use. In either case it could allow a user to run arbitrary code in Full Language mode, thus bypassing the system policy protections.

We have described these dangers in much more detail in our post, “Writing Secure PowerShell Scripts” (coming soon).

What does Constrained Language constrain?

Constrained Language consists of a number of restrictions that limit unconstrained code execution on a locked-down system. These restrictions are:

PowerShell module script files must explicitly export functions by name without the use of wildcard characters.
This is to prevent inadvertently exposing powerful helper function not meant to be used publicly.
PowerShell module manifest files must explicitly export functions by name without the use of wildcards.
Again, to prevent inadvertent exposure of functions.
COM objects are blocked.
They can expose Win32 APIs that have likely never been rigorously hardened as part of an attack surface.
Only approved .NET types are allowed.
Many .NET types can be used to invoke arbitrary Win32 APIs. As a result only specific whitelisted types are allowed.
Add-Type is blocked.
It allows the creation of arbitrary types defined in different languages.
The use of PowerShell classes are disallowed.
PowerShell classes are just arbitrary C# type definitions.
PowerShell type conversion is not allowed.
Type conversion implicitly creates types and runs type constructors.
Dot sourcing across language modes is disallowed.
Dot sourcing a script file brings all functions, variables, aliases from that script into the current scope.
So this blocks a trusted script from being dot sourced into an untrusted script and exposing all of its internal functions.
Similarly, an untrusted script is prevented from being dot sourced into a trusted script so that it cannot pollute the trusted scope.
Command resolution automatically hides commands you cannot run.
For example, a function created in Constrained Language mode is not visible to script running in Full Language mode.
XAML based workflows are blocked since they cannot be constrained by PowerShell.
But script based workflows and trusted XAML based workflows shipped in-box are allowed.
The SupportedCommand parameter for Import-LocalizedData is disabled.
It allows additional commands prevented by Constrained Language.
Invoke-Expression cmdlet always runs in Constrained Language.
Invoke-Expression cannot validate input as trusted.
Set-PSBreakpoint command is blocked unless there is a system-wide lockdown through UMCI.
Command completers are always run in Constrained Language.
Command completers are not validated as trustworthy.
Commands and script run within the script debugger will always be run in Constrained Language if there is a system-wide lockdown.
The DSC Configuration keyword is disabled.
Supported commands and Statements are not allowed in script DATA sections.
Start-Job is unavailable if the system is not locked-down.
Start-Job starts PowerShell in a new process and if the system is not locked-down the new process runs in Full Language mode.

As we can see, Constrained Language mode imposes some significant restrictions on PowerShell. Nevertheless, it remains a formidable and capable shell and scripting language. You can run native commands and PowerShell cmdlets and you have access to the full scripting features: variables, statements, loops, functions, arrays, hashtables, error handling, etc.

How is this different from JEA?

PowerShell Constrained Language restricts only some elements of the PowerShell language along with access to Win32 APIs. It provides full shell access to all native commands and many cmdlets. It is not designed to operate independently and needs to work with application control solutions such as UMCI to fully lockdown a system and prevent access to unauthorized applications. Its purpose is to provide PowerShell on a locked-down system without compromising the system.

JEA (Just Enough Administration) is a sandboxed PowerShell remote session that is designed to strictly limit what the logged on user can do. It is configured in ‘no language mode’, has no access to file or other drive providers, and makes only a small set of cmdlets available. These cmdlets are often custom and designed to perform specific management functions without giving unfettered access to the system. The set of cmdlets provided in the session is role based (RBAC) and the session can be run in virtual or Group Managed Service accounts.

The JEA scenario is where an administrator needs to perform a management task on a high-value machine (such as collect logs or restart a specific service). The administrator creates a remote PowerShell session to the machine’s JEA endpoint. Within that session the user has access to only those commands needed to perform the task and cannot directly access the file system or the registry or run arbitrary code.

Summary

PowerShell Constrained Language is designed to work with application whitelisting solutions in order to restrict what can be accessed in an interactive PowerShell session with policy enforcement. You configure which scripts are allowed full system access through the whitelisting solution policy. In contrast, JEA is a sandboxed PowerShell remote session that restricts an interactive session to specific commands based on user role.

Paul Higinbotham [MSFT]
PowerShell Team

↧

Azure Automation DSC Pricing Flexibility

November 14, 2017, 11:00 am

≫ Next: DSC Resource Kit Release November 2017

≪ Previous: PowerShell Constrained Language Mode

Today we would like to share a new flexible pricing strategy for managing server nodes using Azure Automation to deliver PowerShell Desired State Configuration, giving you greater control over costs of managing on-premises nodes.

As you might already know, Azure Automation DSC (Azure DSC) is a managed service that is free when used to manage virtual machines running in Microsoft Azure. This provides the functionality of the in-box DSC Pull server without needing to maintain a server to host the capability, plus a lot of additional features. Some of the goodies that you get with Azure DSC are as follows:

Features include

Configuration as Code hosted service (no infrastructure for you to manage)
Highly Scalable with no database maintenance tasks or tuning required
Complete management experience including GUI, ARM API, and command line tools
All configuration data is encrypted in transit and at rest
Encryption and certificate management is automated across clients
Central store for maintaining environment variables and secrets such as credentials
Detailed node status reporting to the per-resource level
Centrally manage client settings such as intervals, automatic reboots, and automatic drift correction
Centrally diagnose configuration errors from a browser
Highly extensible to custom scenarios through integration with Automation Runbooks
Fast release cycle so you get new features and fixes faster
Integration with the Log Analytics service in OMS for detailed reporting and alerting, including notifications to a mobile app
And the most recent feature announced at Ignite 2017 – Canary releases to groups of server nodes

Now, Azure DSC will only charge you when a node communicates with the service (and keep in mind, there is no charge to use the DSC Pull Service for nodes running in Azure). Ok, so what counts as a node communicating with the service? Pulling configurations, pulling resources, and sending reports. Since DSC gives you the ability to control how often a node communicates with the service, you can control how much you pay per node per month.

The pricing breakdown for Azure DSC is $.0083 / node / hr with a maximum of $6 / node / month.

Let’s look at a couple of example scenarios and what it will mean in terms of how much you will pay per node per month.

Example scenarios

Starting with your on-premises business-critical servers, you might wish to have the maximum level of visibility in to the state of the machine, which is to say, has the machine drifted from the configuration you assigned. By default, the node will report every 15 minutes which would reach the maximum cost during months with 31 days, meaning you would pay a total of $6 for managing the configuration of that server during that month. The same would be true for business critical servers running in other cloud environments, such as Azure AWS or Google Cloud.

Now let’s envision a node where 15-minute reporting interval is unnecessary. Consider a file server at a remote office location where changes rarely occur to the system configuration and a daily report that verifies the machine follows the configuration you assigned is sufficient.

To set up DSC this way, you will change the following properties in the meta-configuration, assuming the node is already configured to communicate with AA DSC:

ConfigurationModeFrequencyMins 	= 1440
RefreshFrequencyMins 		= 1440

With DSC configured this way, your normal charge would be for 1 hr per day of usage per node.On a monthly basis, one hour per day would be $0.25 per node per month.

Similarly, let’s say your requirements are to confirm only once per week that the server has not changed and is still in compliance with the assigned configuration. This would mean setting the meta-configuration with the following values:

ConfigurationModeFrequencyMins 	= 10080
RefreshFrequencyMins 		= 10080

With DSC configured this way, your normal charge would be for 1 hr per week of usage per node.On a monthly basis, one hour per week would be $0.036 per node per month.

The billing granularity is for one hour, so the machine can reconnect within that same hour within incurring additional charges (such as if a new configuration has been published). Outside of the scheduled cycle, the other trigger to connect with the service would be a reboot, which would impact the predicted costs per month.

If you decide to add additional management services such as Inventory or Change Tracking, the cost returns to $6 per month plus the storage of data in your OMS workspace.

Multiple Options

As you can see from the above examples, without any additional automation or processes, you can make use of AA DSC and all its features and benefits while giving you greater control over how much you pay per month.

We do recognize that some customers require their network to operate in isolation so we will continue to support the in-box pull server that shipped in Windows Server 2012R2 and 2016. There are also community maintained Pull Service solutions such as Tug. For customers that can utilize a whitelisted IP range for network traffic but where concerned about the cost of a cloud service to manage configuration of on-premises nodes, hopefully this greater degree of control will allow more organizations to reap the benefits of AA DSC.

For more on setting up and using Azure Automation DSC see our documentation.

Michael Greene
Principle Program Manager
Microsoft PowerShell Desired State Configuration

↧

DSC Resource Kit Release November 2017

November 15, 2017, 6:14 pm

≫ Next: PowerShell Core 6 Release Candidate

≪ Previous: Azure Automation DSC Pricing Flexibility

We just released the DSC Resource Kit!

This release includes updates to 10 DSC resource modules. In these past 6 weeks, 53 pull requests have been merged and 50 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

SecurityPolicyDsc
xAdcsDeployment
xComputerManagement
xDnsServer
xExchange
xNetworking
xPSDesiredStateConfiguration
xSQLServer
xStorage
xWebAdministration

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our last community call for the DSC Resource Kit was last week on Novemeber 8. A recording of our updates as well as summarizing notes will be available soon. Join us for the next call at 12PM (Pacific time) on December 20 to ask questions and give feedback about your experience with the DSC Resource Kit.
Also, due to the Christmas holiday, the next DSC Resource Kit release will go out on Decemeber 20 instead of the normal 6-week cadence which would be December 27.

We strongly encourage you to update to the newest version of all modules using the PowerShell Gallery, and don’t forget to give us your feedback in the comments below, on GitHub, or on Twitter (@PowerShell_Team)!

All resources with the ‘x’ prefix in their names are still experimental – this means that those resources are provided AS IS and are not supported through any Microsoft support program or service. If you find a problem with a resource, please file an issue on GitHub.

Included in this Release

You can see a detailed summary of all changes included in this release in the table below. For past release notes, go to the README.md or Changelog.md file on the GitHub repository page for a specific module (see the How to Find DSC Resource Modules on GitHub section below for details on finding the GitHub page for a specific module).

Module Name	Version	Release Notes
SecurityPolicyDsc	2.1.0.0	Updated SecurityOption to handle multi-line logon messages SecurityOption: Added logic and example to handle scenario when using Interactive_logon_Message_text_for_users_attempting_to_log_on
xAdcsDeployment	1.3.0.0	Updated to meet HQRM guidelines – fixes issue 33. Fixed markdown rule violations in README.MD. Change examples to meet HQRM standards and optin to Example validation tests. Replaced examples in README.MD to links to Example files. Added the VS Code PowerShell extension formatting settings that cause PowerShell files to be formatted as per the DSC Resource kit style guidelines. Opted into Common Tests “Validate Module Files” and “Validate Script Files”. Corrected description in manifest. Added .github support files: CONTRIBUTING.md ISSUE_TEMPLATE.md PULL_REQUEST_TEMPLATE.md Resolved all PSScriptAnalyzer warnings and style guide warnings. Converted all tests to meet Pester V4 guidelines – fixes issue 32. Fixed spelling mistakes in README.MD. Fix to ensure exception thrown if failed to install or uninstall service – fixes issue 3. Converted AppVeyor.yml to use shared AppVeyor module in DSCResource.Tests – fixes issue 29.
xComputerManagement	3.1.0.0	xOfflineDomainJoin: Updated to meet HQRM guidelines.
xDnsServer	1.9.0.0	Added resource xDnsServerSetting MSFT_xDnsRecord: Added DnsServer property
xExchange	1.17.0.0	Fix issue where test for Unlimited quota fails if quota is not already set at Unlimited
xNetworking	5.3.0.0	MSFT_xProxySettings: Created new resource configuring proxy settings. MSFT_xDefaultGatewayAddress: Correct `2-SetDefaultGateway.md` address family and improve example description – fixes Issue 275. MSFT_xIPAddress: Corrected style and formatting to meet HQRM guidelines. Converted exceptions to use ResourceHelper functions. Changed unit tests so that they can be run in any order. MSFT_xNetAdapterBinding: Corrected style and formatting to meet HQRM guidelines. Converted exceptions to use ResourceHelper functions.
xPSDesiredStateConfiguration	8.0.0.0	xDSCWebService BREAKING CHANGE: The Pull Server will now run in a 64 bit IIS process by default. Enable32BitAppOnWin64 needs to be set to TRUE for the Pull Server to run in a 32 bit process.
xSQLServer	9.0.0.0	Changes to xSQLServer Updated Pester syntax to v4 Fixes broken links to issues in the CHANGELOG.md. Changes to xSQLServerDatabase Added parameter to specify collation for a database to be different from server collation (issue 767). Fixed unit tests for Get-TargetResource to ensure correctly testing return values (issue 849) Changes to xSQLServerAlwaysOnAvailabilityGroup Refactored the unit tests to allow them to be more user friendly and to test additional SQLServer variations. Each test will utilize the Import-SQLModuleStub to ensure the correct module is loaded (issue 784). Fixed an issue when setting the SQLServer parameter to a Fully Qualified Domain Name (FQDN) (issue 468). Fixed the logic so that if a parameter is not supplied to the resource, the resource will not attempt to apply the defaults on subsequent checks (issue 517). Made the resource cluster aware. When ProcessOnlyOnActiveNode is specified, the resource will only determine if a change is needed if the target node is the active host of the SQL Server instance (issue 868). Changes to xSQLServerAlwaysOnAvailabilityGroupDatabaseMembership Made the resource cluster aware. When ProcessOnlyOnActiveNode is specified, the resource will only determine if a change is needed if the target node is the active host of the SQL Server instance (issue 869). Changes to xSQLServerAlwaysOnAvailabilityGroupReplica Made the resource cluster aware. When ProcessOnlyOnActiveNode is specified, the resource will only determine if a change is needed if the target node is the active host of the SQL Server instance (issue 870). Added the CommonTestHelper.psm1 to store common testing functions. Added the Import-SQLModuleStub function to ensure the correct version of the module stubs are loaded (issue 784). Changes to xSQLServerMemory Made the resource cluster aware. When ProcessOnlyOnActiveNode is specified, the resource will only determine if a change is needed if the target node is the active host of the SQL Server instance (issue 867). Changes to xSQLServerNetwork BREAKING CHANGE: Renamed parameter TcpDynamicPorts to TcpDynamicPort and changed type to Boolean (issue 534). Resolved issue when switching from dynamic to static port. configuration (issue 534). Added localization (en-US) for all strings in resource and unit tests (issue 618). Updated examples to reflect new parameters. Changes to xSQLServerRSConfig Added examples Added resource xSQLServerDatabaseDefaultLocation (issue 656) Changes to xSQLServerEndpointPermission Fixed a problem when running the tests locally in a PowerShell console it would ask for parameters (issue 897). Changes to xSQLServerAvailabilityGroupListener Fixed a problem when running the tests locally in a PowerShell console it would ask for parameters (issue 897). Changes to xSQLServerMaxDop Made the resource cluster aware. When ProcessOnlyOnActiveNode is specified, the resource will only determine if a change is needed if the target node is the active host of the SQL Server instance (issue 882).
xStorage	3.3.0.0	Opted into common tests for Module and Script files – See Issue 115. xDisk: Added support for Guid Disk Id type – See Issue 104. Added parameter AllowDestructive – See Issue 11. Added parameter ClearDisk – See Issue 50. xDiskAccessPath: Added support for Guid Disk Id type – See Issue 104. xWaitForDisk: Added support for Guid Disk Id type – See Issue 104. Added .markdownlint.json file to configure markdown rules to validate. Clean up Badge area in README.MD – See Issue 110. Disabled MD013 rule checking to enable badge table. Added .github support files: CONTRIBUTING.md ISSUE_TEMPLATE.md PULL_REQUEST_TEMPLATE.md Changed license year to 2017 and set company name to Microsoft Corporation in LICENSE.MD and module manifest – See Issue 111. Set Visual Studio Code setting “powershell.codeFormatting.preset” to “custom” – See Issue 108 Added `Documentation and Examples` section to Readme.md file – see issue 116. Prevent unit tests from DSCResource.Tests from running during test execution – fixes Issue 118.
xWebAdministration	1.19.0.0	xWebAppPoolDefaults now returns values. Fixes 311. Added unit tests for xWebAppPoolDefaults. Fixes 183.

How to Find Released DSC Resource Modules

To see a list of all released DSC Resource Kit modules, go to the PowerShell Gallery and display all modules tagged as DSCResourceKit. You can also enter a module’s name in the search box in the upper right corner of the PowerShell Gallery to find a specific module.

Of course, you can also always use PowerShellGet (available in WMF 5.0) to find modules with DSC Resources:

# To list all modules that are part of the DSC Resource Kit
Find-Module -Tag DSCResourceKit
# To list all DSC resources from all sources 
Find-DscResource

To find a specific module, go directly to its URL on the PowerShell Gallery:
http://www.powershellgallery.com/packages/< module name >
For example:
http://www.powershellgallery.com/packages/xWebAdministration

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource

How to Find DSC Resource Modules on GitHub

All resource modules in the DSC Resource Kit are available open-source on GitHub.
You can see the most recent state of a resource module by visiting its GitHub page at:
https://github.com/PowerShell/< module name >
For example, for the xCertificate module, go to:
https://github.com/PowerShell/xCertificate.

All DSC modules are also listed as submodules of the DscResources repository in the xDscResources folder.

How to Contribute

If you would like to help, please take a look at the list of open issues for the DscResources repository.
You can also check issues for specific resource modules by going to:
https://github.com/PowerShell/< module name >/issues
For example:
https://github.com/PowerShell/xPSDesiredStateConfiguration/issues

Your help in developing the DSC Resource Kit is invaluable to us!

Questions, comments?

If you’re looking into using PowerShell DSC, have questions or issues with a current resource, or would like a new resource, let us know in the comments below, on Twitter (@PowerShell_Team), or by creating an issue on GitHub.

Katie Keim
Software Engineer
PowerShell DSC Team
@katiedsc (Twitter)
@kwirkykat (GitHub)

↧

PowerShell Core 6 Release Candidate

November 17, 2017, 5:03 pm

≫ Next: Prerelease Versioning Added to PowerShellGet and PowerShell Gallery

≪ Previous: DSC Resource Kit Release November 2017

PowerShell Core 6 Release Candidate

Last year, we announced that PowerShell was not only Open Source, but also cross platform. The finish line is in sight and we recently published the Release Candidate for PowerShell Core 6!

PowerShell Team ♥ Community

It has been an amazing experience for the team working with the community on PowerShell Core 6! Being able to work openly and transparently meant that we could address customer concerns much more quickly than in the days of Windows PowerShell. The contributions from the community have also enabled PowerShell Core 6 to be more agile and richer in capability, particularly for cmdlets. In fact, the community has contributed just over half of the pull requests (PRs)!

This really shows the benefit of Open Source and an active community and we certainly wouldn’t have gotten as far as we have without such a passionate and helpful community!

Roadmap to General Availability and the Future

When the PowerShell Team started working through all the work required to publish a release, we also created a branch for the eventual PowerShell Core 6.0.0 final release. There are still some issues and work items needed to be completed for the GA (General Availability) release. General Available simply means a supported release (replaces the legacy term Release to Manufacturing!).

This means that any changes merged to the master branch will show up in the 6.1.0 release. I encourage the community to continue to make contributions to PowerShell Core with the expectation that it will be part of 6.1.0 and not 6.0.0. Only issues (and associated pull requests) approved for 6.0.0 GA with milestone set to `6.0.0-GA` will be taken for the 6.0.0 release.

If you find any deployment or adoption blockers, please open issues on GitHub (or up vote existing ones with a thumbs up) and mention me (using `@SteveL-MSFT`) so I will be notified and those issues will be triaged and a decision will be made if we need to make or take a fix before 6.0.0 GA.

We are currently targeting having the GA release on January 10th, 2018.

The first PowerShell Core 6.1.0 beta release will be published after PowerShell Core 6.0.0 GA and we plan to continue a 3 week cadence for beta releases. Note that if you use the install-powershell.ps1 script to install daily builds, it will be from the master branch (aka 6.1.0) and not from our 6.0.0 Release Candidate or GA.

PowerShell Core 6 Support

PowerShell Core 6.0.0 will adopt the Microsoft Modern Lifecycle for support. Essentially, this means that barring any critical security fixes, customer are expected to install the latest released version of PowerShell Core. In general, if you find an issue, please open it on GitHub. We’ll be providing more information on the specifics of this lifecycle and what it means for PowerShell Core soon.

Thanks to everyone for their support and contributions!

Steve Lee
Principal Engineer Manager
PowerShell Team

↧

Prerelease Versioning Added to PowerShellGet and PowerShell Gallery

December 5, 2017, 4:59 pm

≫ Next: DSC Resource Naming Guidelines

≪ Previous: PowerShell Core 6 Release Candidate

With the release of PowerShellGet 1.6.0, PowerShellGet cmdlets and the PowerShell Gallery have added support for prerelease strings for prerelease versions of modules and scripts. You can now publish items to the PowerShell Gallery with a version like 1.0.0-alpha, and you can download items identified as a prerelease. Items can be filtered using prerelease version strings, in both the Gallery UI and via Find-* cmdlets.

Before this feature, if publishers wished to publish a prerelease version of an item, they had to use a version lower than 1.0.0 (ex. 0.0.1). This meant it was not possible to publish a prerelease version of a 2.0.0 item. The other workaround was to change the name of the item to contain the word “prerelease” (ex. MyAwesomeModule-Prerelease), but that required code changes for users when the production version was ready, because it changed the name of the item.

Now, users can mark their items as prerelease, following the SemVer v1.0.0 guidelines, without affecting the item name or constraints on the version.

Publishers simply add the prerelease string (ie. the part that comes after “2.0.0”) in the metadata, and the version will be considered prerelease. For example:

@{
   ModuleVersion = '2.0.0'
   #---
      PrivateData = @{
         PSData = @{
            Prerelease = '-alpha'
      }
   }
}

To acquire or interact with prerelease items using the PowerShellGet cmdlets, users must add the -AllowPrerelease flag. For example, to find prerelease versions of a module:

   PS:> Find-Module PSReadline -AllowPrerelease -Allversions

To install a prerelease version from the gallery:

   PS:> Install-Module PSReadline -RequiredVersion 2.0.0-beta1 -AllowPrerelease
   PS:> # Note that you may need to add -SkipPublisherCheck for this update to proceed.

To update a module to a prerelease version from the gallery:

   PS:> Update-Module PSReadline -RequiredVersion 2.0.0-beta1 -AllowPrerelease
   PS:> # Updates to 2.0.0-beta1. You may need to add -SkipPublisherCheck.

The PowerShell Gallery UI has also been updated to support prerelease items. In the Items page, a new dropdown under “Filter By” gives control over whether or not to list prerelease items. The options available are “Include Prerelease”, and “Stable Only”.

Additional changes appear on the pages for individual items. If an item is a prerelease, there will be a banner at the top of the page stating that this is a prerelease version:

The following banner was added to show that the current item is the latest stable version of an item, but a prerelease item exists with a higher version:

Finally, the item history on the same page has been updated to show the latest stable (or non-prerelease) version available, as shown below:

Some important things to note:

If -AllowPrerelease is not specified, the behavior of the cmdlets is the same as one would see with older versions of PowerShellGet: no prerelease versions will be returned. This ensures these changes are backwards compatible with previous PowerShellGet versions.
This change only affects the PowerShellGet cmdlets and the PowerShell Gallery. As of the writing of this blog, PowerShell does not support prerelease strings in version identifiers, so prerelease strings are provided as a separate element in the module manifest.
There are limitations on what the prerelease string can contain, see the Documentation for more details.
Prerelease support follows the SemVer v1.0.0 guidelines. We chose to align with SemVer 1.0.0 to maintain parity with the current NuGet server used by many of our customers as an on-premise gallery.

To start using prerelease versions in your modules and scripts with the PowerShell Gallery, update to the latest PowerShellGet module. You must install the update in order to use the -AllowPrerelease flag, which is required for finding or downloading any prerelease items in the PowerShell Gallery.

We would love to hear your feedback on this new feature. Please submit any questions or comments in either the PowerShellGet GiHub repo issues , or the PowerShell Gallery feedback area on UserVoice.

↧

DSC Resource Naming Guidelines

December 8, 2017, 10:00 am

≫ Next: Using the OpenSSH Beta in Windows 10 Fall Creators Update and Windows Server 1709

≪ Previous: Prerelease Versioning Added to PowerShellGet and PowerShell Gallery

When DSC was announced at TechEd 2013, one of the goals was to “Create an ecosystem”.

The ecosystem for DSC has grown tremendously in the last 4 years.

At worldwide events for PowerShell (PowerShell + DevOps Global Summit, PowerShell Conference EU, PowerShell Conference Asia) there have been presentations lead by people actively using DSC to discuss real world, success, challenges, and community projects to resolve common issues. In addition there are community projects to build solutions for DSC entirely driven by the community, such as Datum to manage configuration data at scale, BaselineManagement to convert Group Policy to DSC configurations, and ReverseDSC to replicate known environments.

The PowerShell Gallery includes 1100 DSC Resources across 254 unique modules. Of those 1100 DSC Resources, 411 are currently released by the DSC team from the DSC Resource Kit.

During events and the monthly DSC Resource Kit community calls over the past year, I have heard consistently that the naming convention for DSC Resources is ready for an update. Most notably, the experimental “x” prefix and HQRM guidance could be confusing and does not match the approach used in other similar community ecosystems.

The Old Naming Convention

The original recommendation was to name resources using the following prefixes:

“x” to identify a resource that is experimental and not supported
“c” to identify a community modification

Resources that met a community agreed upon quality bar, or “High Quality Resource Modules”, have been using a naming suffix “Dsc”.

The New Naming Convention

The community has discussed and agreed upon a new simplified standard, explained in a recent update to the documentation.

DSC Resources going forward are no longer required to use the “x” or “c” naming conventions.

Instead, the guideline is that resources should use either the existing module name (if DSC Resources are combined with an existing module containing PowerShell functions) or the “Dsc” suffix. The best practices for finding a DSC Resource module is to search the PowerShell Gallery using the “DSC Resource” filter, or use the cmdlet:

Find-DscResource

The project name will not have any relationship with how or whether the project is supported. The documentation merged today also addresses this topic.

Why is it the right time to make this change

This is only possible because the DSC community, especially the DSC Resource project maintainers, are so passionate and actively working with DSC users to make the ecosystem better for everyone. The maintainers hold each other accountable to quality and technically enforce this through test automation.

The first community contributions to the DSC Resource Kit contained only the PowerShell code for the DSC module. The expectation for a contribution today includes following best practices, style guidelines, documentation, and test automation to demonstrate quality. As an example, the SharePointDsc module includes 2102 tests that must pass to accept a new contribution, and anyone can review the results of a new build. Similarly, SQLServerDsc includes 2507 tests (and has already adopted the new naming standard), xWebAdministration has 1032, and xActiveDirectory includes 653.

How do I know if a DSC Resource is supported

The old naming convention using “x” and “c” prefixes required users to modify their code when switching from experimental to stable versions of a module. Support for DSC Resources should come from the organization supporting the technology that is being managed. The best way to make that clear is to express it in the project Readme. Just as someone interested in consuming the resource should review the project code and make sure it is suitable for their environment, they should review the entire project documentation.

When will this change happen

Finally, this change does not need to be implemented “overnight”. As maintainers release future versions of their projects and determine they are ready, they can choose to retire the “x” convention. The PowerShell Gallery will provide access to future releases by the new name and the history of previous releases by the old name. The project repository will be the source of truth.

Thank you!
Michael Greene @migreene
Principal Program Manager
PowerShell DSC, Azure Automation DSC, and Azure Management Community

↧

Using the OpenSSH Beta in Windows 10 Fall Creators Update and Windows Server 1709

December 15, 2017, 3:05 pm

≫ Next: DSC Resource Kit Release December 2017

≪ Previous: DSC Resource Naming Guidelines

I’m thrilled to share that a Beta OpenSSH client and server daemon are available as a Feature-on-Demand in Windows 10 Fall Creators Update and Windows Server 1709. Since our last update blog, we’ve been working hard on a Win32 port of OpenSSH and working closely with members of the OpenSSH Portable and OpenBSD projects with the eventual goal of bringing Win32 support upstream into OpenSSH Portable.

Until then, you should expect OpenSSH support in Windows to continue to improve in future updates of Windows, including upcoming Windows Insider builds. You can track our progress on GitHub where you can find our wiki and the latest builds that include tons of fixes and support for operating systems downlevel to Windows 7 and Server 2008 R2.

Overview

OpenSSH is a collection of client/server utilities that enable secure remote login, remote file transfer, and public/private key pair management. It’s an extremely powerful tool that originated as part of the OpenBSD project, and has been used for many years across the BSD, Linux, macOS, and Unix ecosystems.

Note: The OpenSSH client and server are still very much in Beta, so we do not recommend using them in production environments.

Installation

Great! So how do I install the bits?

Installing with the Settings UI

To install it using the Settings UI, go to Apps -> Apps and Features -> Manage optional features -> Add a feature:

Then select OpenSSH Client (Beta) or OpenSSH Server (Beta) and Install:

Installing with PowerShell

To install OpenSSH using PowerShell, first launch PowerShell as an Administrator.

To make sure that the OpenSSH features are available for install:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

This should return the following output:

Name  : OpenSSH.Client~~~~0.0.1.0
State : NotPresent

Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

Then, install the server and/or client features:

# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Both of these should return the following output:

Path          :
Online        : True
RestartNeeded : False

Installing with DISM.exe

To install OpenSSH with DISM.exe, first open CMD as an Administrator.

To make sure that OpenSSH features are available for install:

dism /Online /Get-Capabilities | findstr OpenSSH

This should return the following output:

Capability Identity : OpenSSH.Client~~~~0.0.1.0
Capability Identity : OpenSSH.Server~~~~0.0.1.0

Then, install the server and/or client features:

dism /Online /Add-Capability /CapabilityName:OpenSSH.Client~~~~0.0.1.0
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0

Configuration

Great! You’ve installed OpenSSH. What now?

Configuring the SSH Client (ssh.exe)

Password-based authentication

If you want to use the SSH client with password authentication, no configuration is necessary. Just pop open PowerShell or cmd, and use ssh to connect to your SSH server:

ssh user1@contoso.com

# You can also use domain accounts to login

# UPN syntax works...
ssh user1@domain1@contoso.com
# ...as does NetBIOS syntax
ssh user1\domain1@contoso.com

Key-based authentication

If you want to use key-based authentication, you first need to generate some public/private key pairs for your client. From PowerShell or cmd, use ssh-keygen to generate some key files.

cd ~\.ssh\
ssh-keygen

This should output something like:

Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\user1\.ssh\id_ed25519):

You can hit Enter to accept the default or specify a path where you’d like your keys to be generated. At this point, you’ll be prompted to use a passphrase to encrypt your private key files.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\user1\.ssh\id_ed25519.
Your public key has been saved in C:\Users\user1\.ssh\id_ed25519.pub.
The key fingerprint is:
SHA256:OIzc1yE7joL2Bzy8/gS0j8eGK7bYaH1FmF3sDuMeSj8 user1@CONTOSO@LOCAL-HOSTNAME
The key's randomart image is:
+--[ED25519 256]--+
|        .        |
|         o       |
|    . + + .      |
|   o B * = .     |
|   o= B S .      |
|   .=B O o       |
|  + =+% o        |
| *oo.O.E         |
|+.o+=o. .        |
+----[SHA256]-----+

Now you have a public/private ED25519 key pair
(the .pub files are public keys and the rest are private keys):

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        11/8/2017  11:09 AM           1679 id_ed25519
-a----        11/8/2017  11:09 AM            414 id_ed25519.pub

Your private key files are the equivalent of a password. You should protect them under any and all circumstances. If someone acquires your private key, they can log in to any SSH server as an identity that authorizes the corresponding public key to log in.

For that reason, we should take advantage of ssh-agent to securely store the private keys within a Windows security context. To do that, we simply start the ssh-agent service (as Administrator) and use ssh-add to store our private key. Then, whenever a private key is needed for authentication, ssh-agent will automatically retrieve your local user’s private key and pass it to your SSH client.

# Make sure you're running as an Administrator
Start-Service ssh-agent

# This should return a status of Running
Get-Service ssh-agent

# Now load your key files into ssh-agent
ssh-add ~\.ssh\id_ed25519

# Now that it's loaded into ssh-agent,
# we don't have to keep the key file anymore
Remove-Item ~\.ssh\id_ed25519

Move the contents of your public key (~\.ssh\id_ed25519.pub) into a text file called authorized_keys in ~\.ssh\ on your server/host.

Note: these directions assume your sshd server is a Windows-based machine using our OpenSSH-based server, and that you’ve properly configured it based on the instructions below (including the installation of the OpenSSHUtils PowerShell module). If you’re using a non-Windows machine, you should replace all remote instances of C:\users\user1 with something like /home/user1. Additionally, the ACL line should be unnecessary that uses PowerShell should be unnecessary.

# Make sure that the .ssh directory exists in your server's home folder
ssh user1@domain1@contoso.com mkdir C:\users\user1\.ssh\

# Copy your public key file to authorized_keys on your server
scp C:\Users\user1\.ssh\id_ed25519.pub user1@domain1@contoso.com:C:\Users\user1\.ssh\authorized_keys

# Appropriately ACL the authorized_keys file on your server
ssh --% user1@domain1@contoso.com powershell -c $ConfirmPreference = 'None'; Repair-AuthorizedKeyPermission C:\Users\user1\.ssh\authorized_keys

Congrats! You should no longer need a password when authenticating as User1 against contoso.com.

Configuring the OpenSSH Server (sshd)

First, it’s worth noting again that this OpenSSH for Windows is still very much in beta form. It should only be used in safe, testing environments.

To enable authentication into an SSH server on Windows, you first have to generate host keys. As an Administrator:

Start-Service ssh-agent

cd C:\Windows\System32\OpenSSH
.\ssh-keygen -A
# C:\Windows\System32\OpenSSH\ssh-keygen.exe: generating new host keys: ED25519
.\ssh-add ssh_host_ed25519_key
# Identity added: .\ssh_host_ed25519_key (User1@CONTOSO@LOCAL-HOSTNAME)

Due to certain security requirements, you will also have to install our OpenSSHUtils helper module to appropriately ACL your host keys. As an Administrator:

Install-Module -Force OpenSSHUtils

Repair-SshdHostKeyPermission -FilePath C:\Windows\System32\OpenSSH\ssh_host_ed25519_key

# Use A or Y as your response to the prompts to set file owners

Then you can start sshd and your server is ready to go:

Start-Service sshd

# This should return a Status of Running
Get-Service sshd

Note: currently only the built-in ED25519 authentication key type is supported. In the future, we plan to add support for LibreSSL which will enable additional authentication key types. In the meantime, you can experiment with LibreSSL builds on GitHub.

You may also need to add a firewall rule like this one that allows traffic on port 22 (though your requirements may vary based on your environment, e.g. Domain might be Private):

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow -Profile Domain

Stay tuned!

Enjoy playing with OpenSSH on Windows, and keep your eyes peeled on the PowerShell blog for upcoming news.

↧

DSC Resource Kit Release December 2017

December 20, 2017, 4:18 pm

≫ Next: PowerShell Core 6.0: Generally Available (GA) and Supported!

≪ Previous: Using the OpenSSH Beta in Windows 10 Fall Creators Update and Windows Server 1709

We just released the DSC Resource Kit!

This release includes updates to 16 DSC resource modules. In these past 5 weeks, 68 pull requests have been merged and 59 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

OfficeOnlineServerDsc
SecurityPolicyDsc
SharePointDsc
SqlServerDsc (previously xSqlServer)
SystemLocaleDsc
xAdcsDeployment
xCertificate
xComputerManagement
xExchange
xHyper-V
xNetworking
xPowerShellExecutionPolicy
xRemoteDesktopSessionHost
xStorage
xSystemSecurity
xTimeZone

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our last community call for the DSC Resource Kit was today on December 20. A recording of our updates as well as summarizing notes will be available soon. Join us for the next call at 12PM (Pacific time) on January 31 to ask questions and give feedback about your experience with the DSC Resource Kit.

Included in this Release

Module Name	Version	Release Notes
OfficeOnlineServerDsc	1.1.0.0	Added support for Language Packs installation;
SecurityPolicyDsc	2.2.0.0	Fixed bug in UserRightAssignment where Get-DscConfiguration would fail if it returns $Identity as single string
SharePointDsc	2.0.0.0	General Added VSCode workspace settings to meet coding guidelines Corrected comment in CodeCov.yml Fixed several PSScriptAnalyzer warnings SPAppManagementServiceApp Fixed an issue where the instance name wasn’t detected correctly SPBCSServiceApp Added custom Proxy Name support Fixed an issue where the instance name wasn’t detected correctly SPBlobCacheSettings Update to set non-default or missing blob cache properties SPContentDatabase Fixed localized issue SPDesignerSettings Fixed issue where URL with capitals were not accepted correctly SPDistributedCacheService Fixed issue where reprovisioning the Distributed Cache did not work SPFarm Implemented ToDo to return Central Admin Auth mode Fixed an issue where the instance name wasn’t detected correctly SPInstall Updated to document the requirements for an English ISO SPInstallPrereqs Updated to document which parameter is required for which version of SharePoint Added SharePoint 2016 example SPLogLevel New resource SPMachineTranslationServiceApp Added custom Proxy Name support Fixed an issue where the instance name wasn’t detected correctly SPManagedMetadataAppDefault New resource SPManagedMetadataServiceApp Update to allow the configuration of the default and working language Fixed issue where the termstore could not be retrieved if the MMS service instance was stopped Fixed an issue where the instance name wasn’t detected correctly SPMinRoleCompliance New resource SPPerformancePointServiceApp Fixed an issue where the instance name wasn’t detected correctly SPProjectServer New resources to add Project Server 2016 support: SPProjectServerLicense, SPProjectServerAdditionalSettings, SPProjectServerADResourcePoolSync, SPProjectServerGlobalPermissions, SPProjectServerGroup, SPProjectServerTimeSheetSettings, SPProjectServerUserSyncSettings, SPProjectServerWssSettings SPSearchContentSource Fixed examples SPSearchIndexPartition Fixed to return the RootFolder parameter SPSearchServiceApp Fixed an issue where the instance name wasn’t detected correctly SPSearchTopology Updated to better document how the resource works Fixed issue to only return first index partition to prevent conflicts with SPSearchIndexPartition SPSecureStoreServiceApp Fixed issue with not returning AuditEnabled parameter in Get method Fixed an issue where the instance name wasn’t detected correctly SPServiceAppSecurity Fixed issue with NullException when no accounts are configured in SharePoint SPStateServiceApp Added custom Proxy Name support Fixed an issue where the instance name wasn’t detected correctly SPSubscriptionSettings Fixed an issue where the instance name wasn’t detected correctly SPTrustedRootAuthority Updated to enable using private key certificates. SPUsageApplication Fixed an issue where the instance name wasn’t detected correctly SPUserProfileProperty Fixed two NullException issues SPUserProfileServiceApp Fixed an issue where the instance name wasn’t detected correctly SPUserProfileSynConnection Fix an issue with ADImportConnection SPWeb Update to allow the management of the access requests settings SPWebAppGeneralSettings Added DefaultQuotaTemplate parameter SPWebApplicationExtension Update to fix how property AllowAnonymous is returned in the hashtable SPWebAppPeoplePickerSettings New resource SPWebAppPolicy Fixed issue where the SPWebPolicyPermissions couldn’t be used twice with the exact same values SPWebAppSuiteBar New resource SPWebApplication.Throttling Fixed issue with where the RequestThrottling parameter was not applied SPWordAutomationServiceApp Fixed an issue where the instance name wasn’t detected correctly SPWorkflowService New resource The following changes will break 1.x configurations that use these resources: SPAlternateUrl Added the Internal parameter, which implied a change to the key parameters SPCreateFarm Removed resource, please update your configurations to use SPFarm. See http://aka.ms/SPDsc-SPFarm for details. SPJoinFarm Removed resource, please update your configurations to use SPFarm. See http://aka.ms/SPDsc-SPFarm for details. SPManagedMetadataServiceApp Changed implementation of resource. This resource will not set any defaults for the keyword and site collection term store. The new resource SPManagedMetadataServiceAppDefault has to be used for this setting. SPShellAdmin Updated so it also works for non-content databases SPTimerJobState Updated to make the WebAppUrl parameter a key parameter. The resource can now be used to configure the same job for multiple web applications. Also changed the Name parameter to TypeName, due to a limitation with the SPTimerJob cmdlets SPUserProfileProperty Fixed an issue where string properties were not created properly SPUSerProfileServiceApp Updated to remove the requirement for CredSSP SPUserProfileSyncService Updated to remove the requirement for CredSSP SPWebAppAuthentication New resource SPWebApplication Changed implementation of the Web Application authentication configuration. A new resource has been added and existing properties have been removed SPWebApplicationExtension Updated so it infers the UseSSL value from the URL Changed implementation of the Web Application authentication configuration. A new resource has been added and existing properties have been removed
SqlServerDsc (previously xSqlServer)	10.0.0.0	BREAKING CHANGE: Resource module has been renamed to SqlServerDsc (issue 916). BREAKING CHANGE: Significant rename to reduce length of resource names See issue 851 for a complete table mapping rename changes. Impact to all resources. Changes to CONTRIBUTING.md Added details to the naming convention used in SqlServerDsc. Changes to SqlServerDsc The examples in the root of the Examples folder are obsolete. A note was added to the comment-based help in each example stating it is obsolete. This is a temporary measure until they are replaced (issue 904). Added new common test (regression test) for validating the long path issue for compiling resources in Azure Automation. Fix resources in alphabetical order in README.md (issue 908). Changes to SqlAG BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). BREAKING CHANGE: The read-only property SQLServerNetName was removed in favor of EndpointHostName (issue 924). Get-TargetResource will now return the value of property NetName for the property EndpointHostName. Changes to SqlAGDatabase BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changed the Get-MatchingDatabaseNames function to be case insensitive when matching database names (issue 912). Changes to SqlAGListener BREAKING CHANGE: Parameter NodeName has been renamed to ServerName (issue 308). Changes to SqlAGReplica BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). BREAKING CHANGE: Parameters PrimaryReplicaSQLServer and PrimaryReplicaSQLInstanceName has been renamed to PrimaryReplicaServerName and PrimaryReplicaInstanceName respectively (issue 922). BREAKING CHANGE: The read-only property SQLServerNetName was removed in favor of EndpointHostName (issue 924). Get-TargetResource will now return the value of property NetName for the property EndpointHostName. Changes to SqlAlwaysOnService BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlDatabase BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes SqlDatabaseDefaultLocation BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlDatabaseOwner BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlDatabasePermission BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlDatabaseRecoveryModel BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlDatabaseRole BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlRS BREAKING CHANGE: Parameters RSSQLServer and RSSQLInstanceName has been renamed to DatabaseServerName and DatabaseInstanceName respectively (issue 923). Changes to SqlServerConfiguration BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlServerEndpoint BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlServerEndpointPermission BREAKING CHANGE: Parameter NodeName has been renamed to ServerName (issue 308). Now the examples files have a shorter name so that resources will not fail to compile in Azure Automation (issue 934). Changes to SqlServerEndpointState BREAKING CHANGE: Parameter NodeName has been renamed to ServerName (issue 308). Changes to SqlServerLogin BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlServerMaxDop BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlServerMemory BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlServerNetwork BREAKING CHANGE: Parameters SQLServer has been renamed to ServerName (issue 308). Changes to SqlServerPermission BREAKING CHANGE: Parameter NodeName has been renamed to ServerName (issue 308). Changes to SqlServerRole BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308). Changes to SqlServerServiceAccount BREAKING CHANGE: Parameters SQLServer and SQLInstanceName has been renamed to ServerName and InstanceName respectively (issue 308).
SystemLocaleDsc	1.2.0.0	Added resource helper module. Change examples to meet HQRM standards and optin to Example validation tests. Replaced examples in README.MD to links to Example files. Added the VS Code PowerShell extension formatting settings that cause PowerShell files to be formatted as per the DSC Resource kit style guidelines. Opted into Common Tests “Validate Module Files” and “Validate Script Files”. Converted files with UTF8 with BOM over to UTF8. Updated Year to 2017 in License and Manifest. Added .github support files: CONTRIBUTING.md ISSUE_TEMPLATE.md PULL_REQUEST_TEMPLATE.md Resolved all PSScriptAnalyzer warnings and style guide warnings.
xAdcsDeployment	1.4.0.0	xAdcsCertificateAuthority: CertFilePassword invalid type – fixes issue 36
xCertificate	3.1.0.0	xCertReq: Fixed behaviour to allow certificate templates with spaces in the name Added `Documentation and Examples` section to Readme.md file – see issue 98. Changed description in Credential parameter of xPfxImport resource to correctly generate parameter documentation in Wiki – see Issue 103. Changed description in Credential parameter of xCertReq resource to clarify that a PSCredential object should be used. Updated tests to meet Pester V4 guidelines – fixes Issue 105. Add support for Windows Server 2008 R2 which does not contain PKI module so is missing `Import-PfxCertificate` and `Import-Certificate` cmdlets – fixes Issue 46.
xComputerManagement	3.2.0.0	xScheduledTask: Enable Execution Time Limit of task to be set to indefinite by setting `ExecutionTimeLimit` to “00:00:00” – See Issue 115 xPowerPlan: Updated to meet HQRM guidelines. Converted calls to `throw` to use `New-InvalidOperationException` in CommonResourceHelper. Move Common Resource Helper functions into modules folder. Changed resources to use Common Resource Helper functions. Moved strings for Common Resource Helper functions into separate strings file. Added unit tests for Common Helper functions.
xExchange	1.18.0.0	Fix issue 203 and add additional test for invalid ASA account format
xHyper-V	3.10.0.0	MSFT_xVMHyperV: Added support for configuring automatic snapshots
xNetworking	5.4.0.0	MSFT_xIPAddressOption: Added a new resource to set the SkipAsSource option for an IP address. MSFT_xWeakHostSend: Created the new Weak Host Send resource. MSFT_xWeakHostReceive: Created the new Weak Host Receive resource. MSFT_xRoute: Corrected style and formatting to meet HQRM guidelines. Converted exceptions to use ResourceHelper functions. Changed unit tests so that they can be run in any order. Included default values in MOF file so that they are displayed in Wiki documentation. Converted tests to meet Pester V4 standards.
xPowerShellExecutionPolicy	2.0.0.0	Converted appveyor.yml to install Pester from PSGallery instead of from Chocolatey. Added optional -Scope parameter
xRemoteDesktopSessionHost	1.5.0.0	Fix issue where DSC configuration gets into a reboot loop because sessionhost does not match (casing) and RDMS service is not started in time
xStorage	3.4.0.0	xDisk: Removed duplicate integration tests for Guid Disk Id type. Added new contexts to integration tests improve clarity. Fix bug when size not specified and disk partitioned and formatted but not assigned drive letter – See Issue 103. xDiskAccessPath: Added new contexts to integration tests improve clarity. Fix bug when size not specified and disk partitioned and formatted but not assigned to path – See Issue 103.
xSystemSecurity	1.3.0.0	Updated FileSystemACL Set
xTimeZone	1.7.0.0	Added resource helper module. Changed resource file names to include MSFT_*. Added MSFT_ to MOF file classname. Change examples to meet HQRM standards and optin to Example validation tests. Replaced examples in README.MD to links to Example files. Added the VS Code PowerShell extension formatting settings that cause PowerShell files to be formatted as per the DSC Resource kit style guidelines. Opted into Common Tests “Validate Module Files” and “Validate Script Files”. Converted files with UTF8 with BOM over to UTF8. Updated Year to 2017 in License and Manifest. Added .github support files: CONTRIBUTING.md ISSUE_TEMPLATE.md PULL_REQUEST_TEMPLATE.md Resolved all PSScriptAnalyzer warnings and style guide warnings.

How to Find Released DSC Resource Modules

Of course, you can also always use PowerShellGet (available in WMF 5.0) to find modules with DSC Resources:

# To list all modules that are part of the DSC Resource Kit
Find-Module -Tag DSCResourceKit
# To list all DSC resources from all sources 
Find-DscResource

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource

How to Find DSC Resource Modules on GitHub

All DSC modules are also listed as submodules of the DscResources repository in the xDscResources folder.

How to Contribute

Your help in developing the DSC Resource Kit is invaluable to us!

Questions, comments?

Katie Keim
Software Engineer
PowerShell DSC Team
@katiedsc (Twitter)
@kwirkykat (GitHub)

↧

PowerShell Core 6.0: Generally Available (GA) and Supported!

January 10, 2018, 2:22 pm

≫ Next: PowerShell Core 6.1 Roadmap

≪ Previous: DSC Resource Kit Release December 2017

PowerShell Core 6.0 is a new edition of PowerShell that is cross-platform (Windows, macOS, and Linux), open-source, and built for heterogeneous environments and the hybrid cloud.

First and foremost, thank you to all of our amazing community, especially our open-source contributors (the most recent of which you can find on our community dashboard at https://aka.ms/PSGitHubBI) for donating your time and energy to PowerShell Core. Whether you contributed code, tests, documentation, issues, or even just your feedback and opinions, we are extremely grateful for the sweat and tears that you’ve invested in PowerShell. (For those interested in contributing, hop and over to our Contribution Guide on GitHub. You don’t have to be a guru to help out!)

FAQ

Where do I get PowerShell Core 6.0?

To download PowerShell Core on Windows, see https://aka.ms/getps6-windows.
To download PowerShell Core on macOS and Linux, see https://aka.ms/getps6-linux.

I already had PowerShell Core on my Linux machine, and it’s not updating. How do I get the latest version?

We’re currently working through a known issue where powershell-6.0.0 is viewed by package managers as a lower version than powershell-6.0.0-rc2.

In the meantime, a clean install will get you the latest version:

sudo apt remove powershell && sudo apt-get install powershell

sudo yum remove powershell && sudo yum install powershell

What’s the difference between Windows PowerShell and PowerShell Core?

There are now two editions of PowerShell:

Windows PowerShell is the edition of PowerShell built on top of .NET Framework
(sometimes referred to as “FullCLR”):

This is the PowerShell that has been in widespread use for the last ~10 years.
Because of it’s dependency on the .NET Framework, Windows PowerShell is only available on Windows (hence the name).
The released versions of Windows PowerShell include 1.0, 2.0, 3.0, 4.0, 5.0, and 5.1.
Windows PowerShell is available as a built-in component in Windows client and Windows Server.
Windows PowerShell is launched as powershell.exe.
On Windows PowerShell 5.0/5.1, $PSVersionTable.PSEdition is set to Desktop.
Any usage of .NET-based functionality (e.g. C# cmdlets, Add-Type, and the invocation of static .NET Methods), relies on the .NET Framework runtime. This means Windows PowerShell’s .NET usage is limited to the functionality exposed by the .NET Framework and .NET Standard.
Continues to be supported via critical bug fixes in the newest releases of Windows and Windows Server

PowerShell Core is the edition of PowerShell built on top of .NET Core
(sometimes simplified to “CoreCLR”).

PowerShell Core is cross-platform, available on Windows, macOS, and Linux, thanks to the cross-platform nature of .NET Core.
PowerShell Core is launched as pwsh.exe on Windows and pwsh on macOS and Linux
On PowerShell Core, $PSVersionTable.PSEdition is set to Core.
Note: while PowerShell Core 6.0 is cross-platform, there is also a PowerShell Core 5.0/5.1 released exclusively as part of Microsoft Nano Server.
Any usage of .NET-based functionality (e.g. C# cmdlets, Add-Type, and the invocation of static .NET Methods), relies on the .NET Core runtime. This means PowerShell Core is limited to the functionality exposed by .NET Core and .NET Standard.

What platforms are supported?

PowerShell Core is officially supported on the following platforms:

Windows 7, 8.1, and 10
Windows Server 2008 R2, 2012 R2, 2016
Windows Server Semi-Annual Channel
Ubuntu 14.04, 16.04, and 17.04
Debian 8.7+, and 9
CentOS 7
Red Hat Enterprise Linux 7
OpenSUSE 42.2
Fedora 25, 26
macOS 10.12+

Our community has also contributed packages for the following platforms,
but they are not officially supported:

Arch Linux
Kali Linux
AppImage (works on multiple Linux platforms)

We also have experimental (unsupported) releases for the following platforms:

Windows on ARM32/ARM64
Raspbian (Stretch)

What’s new in PowerShell Core? Why should I use it?

Check out What’s New in PowerShell Core 6.0 for a complete list!

Does PowerShell Core affect my Windows PowerShell installation?

Nope! PowerShell Core is completely side-by-side with Windows PowerShell. In fact, an awesome feature of PowerShell Core is that you can test new versions without affecting existing workloads. Whether it’s installed via an MSI or installed portably from the ZIP package, your Windows PowerShell installation is not affected by PowerShell Core.

What modules work with PowerShell Core?

Today, we ship the following set of “built-in” modules as part of PowerShell Core:

CimCmdlets
Microsoft.PowerShell.Archive
Microsoft.PowerShell.Diagnostics
Microsoft.PowerShell.Host
Microsoft.PowerShell.Management
Microsoft.PowerShell.Security
Microsoft.PowerShell.Utility
Microsoft.WSMan.Management
PackageManagement
PowerShellGet
PSDesiredStateConfiguration
PSDiagnostics
PSReadLine

You can browse the reference for these modules via the PowerShell Module Browser. To see the commands available in these modules you can run Get-Command:

Get-Command -Module Microsoft.PowerShell.Management

Some cmdlets that shipped as part of these modules in Windows PowerShell are not available today in PowerShell Core. For a complete list of these cmdlets, the most up-to-date list is currently maintained in this cmdlet discovery test.

What about other 1st-party Microsoft modules?

1st-party Microsoft modules are generally in one of three categories:

Modules that ship as part of Windows client or Windows Server:
these are the modules you see after installing Windows and running Get-Module -ListAvailable (less the modules that in the “built-in” list above).
Modules that ship as a part of a Microsoft product. For example, System Center applications include PowerShell modules as part of their installation.
Modules that ship on the PowerShell Gallery. For example, Azure PowerShell is delivered via the Gallery.

For all of these categories, unless a module is explicitly supported in PowerShell Core by Windows or by the product group, there is no guarantee that it will work with PowerShell Core.

However, because of the guarantees of .NET Standard and CDXML,
many modules designed for Windows PowerShell are highly compatible with PowerShell Core. For more information on how to add Windows PowerShell modules to your PSModulePath for usage in PowerShell Core,
see Backwards compatibility with Windows PowerShell.

How do I know which modules on the PowerShell Gallery work with PowerShell Core?

The PowerShell Gallery is the community repository for PowerShell modules.

You can find modules that have been tagged with PowerShell Core support by searching for the tag PSEdition_Core.

You can learn more about PSEditions on the Gallery with our doc on Items with compatible PowerShell Editions

How do I build modules and scripts that are compatible with PowerShell Core?

If you’re building a C#-based cmdlet, you should build your cmdlets against .NET Standard 2.0 and PowerShell Standard. For more info on how to do this, check out:

Note: PowerShell Standard is currently in preview with a 3.0 version for PowerShell versions 3 through 6. We will soon have a version 5.0 that supports a wider set of APIs included PowerShell versions 5 through 6.

If you’re building a PowerShell-based cmdlet or script, you should make sure you’re using .NET types/assemblies, and that you’re using cmdlets and modules available on the platform you’re targeting. We’ll be adding PSScriptAnalyzer rules soon that will help you target sets of operating systems and PowerShell editions/versions.

Can I host PowerShell Core in a .NET Core application?

Absolutely! For more information, check out this doc on Hosting PowerShell Core in .NET Core Applications.

Does PowerShell Core support remoting?

Yes! PowerShell Core supports remoting over the PowerShell Remoting Protocol (PSRP) via both WSMan and SSH, and is interoperable with Windows PowerShell over WSMan. However, some authentication types are not supported for WSMan-based remoting clients on non-Windows platforms. Also, hosting a WSMan-based server on non-Windows platforms is still currently an experimental scenario.

For more information on setting this up, see:

How is PowerShell Core supported?

PowerShell Core is adopting the Microsoft Modern Lifecycle Policy, a new support lifecycle intended to keep customers up-to-date with the latest versions.

In general, Microsoft support agreements cover support for PowerShell Core. You can read more about the specifics of this policy and how it applies to PowerShell Core at https://aka.ms/pslifecycle.

What’s missing from PowerShell Core?

As part of the move to .NET Core and other operating systems,
we were forced to leave behind some technologies that were being used by Windows PowerShell.

In other cases, we took the opportunity of PowerShell being refactored to stop supporting lesser used technologies. Some of these technologies may eventually return to PowerShell Core, but many will not.

At a high-level, these include:

PowerShell Workflows
PowerShell Snap-ins
WMIv1 cmdlets (Get-WmiObject, Invoke-WmiMethod, etc.)
- We recommend using the CIM/WMIv2 cmdlets (Get-CimInstance, Invoke-CimMethod, etc.)
Executing Desired State Configuration (DSC) resources using PowerShell Core

We’ve also made a longer tail of small changes to the PowerShell language, engine, and cmdlets that technically qualify as breaking changes.

For more information on why we made these changes/removals, see our document on Breaking Changes in PowerShell Core.

What’s happening to Windows PowerShell?

The short answer is that it’s still useful and supported!

Windows PowerShell 3.0, 4.0, and 5.1 will continue to be supported on supported versions of Windows and Windows Server.
(Note: While Windows PowerShell 2.0 is still in support, it has been deprecated, and it’s recommend that workloads be migrated to newer versions of PowerShell.)

However, there are currently no plans to introduce new functionality to Windows PowerShell. This means that the risk of regression will be very low for Windows PowerShell, so you can count on it as a stable platform for your existing workloads. There are also no plans to provide a new Windows Management Framework (WMF) package for downlevel operating systems.

Where can I provide feedback?

First, we’re having an “Ask Me Anything” (AMA) with Jeffrey Snover and the PowerShell Team at https://aka.ms/powershellama on Microsoft Tech Communities on Thursday, January 11th at 9:00 AM PST (GMT-8).

You can also file issues on GitHub where we track, prioritize, and discus all our work on PowerShell Core. We’re usually very good about responding to issues there, as are many of the contributors outside Microsoft that help out in our repository.

Thanks!

Thanks again to everyone for all the contributions and support. I hope you enjoy PowerShell Core 6.0 as much as we do.

Joey Aiello
Program Manager, PowerShell

↧

PowerShell Core 6.1 Roadmap

January 24, 2018, 5:09 pm

≫ Next: Desired State Configuration (DSC) Planning Update – January 2018

≪ Previous: PowerShell Core 6.0: Generally Available (GA) and Supported!

The release of PowerShell Core 6.0 is only the beginning and we are already thinking about the next leg of our journey.

Most of the effort of the team with PowerShell Core 6.0 was in these areas:

Learning how to work in an Open Source project (and we are still learning)
Complete the port of PowerShell to CoreCLR
Add test coverage for PowerShell Core
Build/integrate tooling for automating builds, packaging, test execution, and releases

The community did some amazing work to add new capabilities in both the engine as well as cmdlets!

If you participated in the January 2018 Community Call you already got an early preview of this content.

Timeline

First, we’re publishing PowerShell Core 6.0.1 as a servicing release by the end of January in order to update to .NET Core 2.0.5. There are no other changes in the 6.0.1 release.

After that, the plan going forward is to have new supported minor releases every 6 months. This means that we’re targeting a late June, early July 2018 release for PSCore 6.1.

We will continue to have preview releases approximately every 3 weeks.

RFCs for new features we plan to deliver will be published in February.

Milestone Quality

There’s some work that we deferred and will be a focus to be completed in February:

Complete PowerShell Standard SDK – including guidance on converting Windows PowerShell modules to portable modules that are also PowerShell Core compatible
Author documentation in the Docs Repo for issues/PRs labeled with Documentation Needed
Backport changes in PowerShell Core 6.0 to Windows PowerShell 5.1 for issues/PRs labeled with Consider-WindowsPowerShell51
- Note that depending on the risk of the change,
  even if an issue/PR has this labeled,
  it doesn’t guarantee it’ll be backported
Enable automated test runs for all supported distros/platforms
Build infrastructure and tooling for cross system remoting tests
Have consistency and meet compliance requirements for the following repos:

New Features

Being an open source project means that different people can invest in different priorities and submit their changes via pull requests, these are the areas that the PowerShell team will be focusing on. Some of these will be complete while others may be just the start of something bigger.

Security Parity with Windows PowerShell

The original port of PowerShell stubbed out support for DeviceGuard/AppLocker because those APIs were not available on Nano Server. This work will ensure that DeviceGuard/AppLocker policies are enforced in PowerShell Core 6.0 on Windows systems.

Run Signed Script Blocks Remotely

PowerShell supports restricting access using constrained language mode and only allowing signed scripts with a trusted certificate to run with Full Language mode. This new capability will allow using Invoke-Command to remotely execute a signed script block on a target locked down system with Full Language mode.

Windows PowerShell Compatibility Pack

With the announcement of the Windows Compatibility Pack for .NET Core for .NET Core, PowerShell Core will regain some APIs that had been dropped in the transition to .NET Core. This means we can re-enable some cmdlets that weren’t part of the PowerShell Core 6.0 release: WMI, EventLog, and PerfCounters. In addition, some highly requested APIs will be available which means that some existing Windows PowerShell modules might just work in PowerShell Core 6.0. This module will replace the WindowsPSModulePath module to add the Windows PowerShell $env:PSModulePath to PowerShell Core 6.0. Finally, we can use this module to optionally add back some aliases that we removed from PowerShell Core 6.0 that exist in Windows PowerShell.

Concurrency in PowerShell Script

You can do threading today in PowerShell using runspaces, however, it may be complex for some users. Rather than spend time creating something from scratch, we’re evaluating two existing modules that might already meet our needs:

PSThreadJob created by one of engineers on my team, Paul
PoshRSJob created by a PowerShell MVP, Boe

PSReadLine 2.0 GA

PSReadLine is our default interactive experience on Windows PowerShell 5.1 and PowerShell Core 6.0. This is a side project by Jason Shirk who recently put out a Beta1 release of 2.0. Some of my engineers will be spending time contributing to this project to get it to production quality so we can include it in PowerShell Core 6.0.

Machine Learning and PowerShell

A new area that we want to explore is leveraging the cloud and machine learning to provide inline suggestions at the interactive command-line. The two primary scenarios I want to target is to support both local and cloud based suggestions. This is a completely new area for the team so expect the initial release to be limited, but something we can build upon going forward.

An RFC will be published for this feature.

Experimental Feature Flags

As we build new capabilities, some features may not be fully complete where we don’t have sufficient community feedback. Being experimental, we may make large design changes that would not be backwards compatible. Users can choose to not use these features by not opting into turning on these feature flags. Feature flags can also allow us to have two different implementations of the same feature (that could not work side-by-side) and collect feedback that way.

An RFC will be published for this feature.

HelpSystem as a Module

This is the start of a bigger work item to componentize PowerShell so that we can have a smaller distribution of PowerShell Core for managed targets that don’t need all of the interactive experience components.

PowerShell help content today is written in XML. However, our docs are maintained as Markdown and we have platyPS that converts the Markdown to XML. We want to remove the need to convert to XML and have the HelpSystem use Markdown natively. After this work is done, the help system would still be included with the general distribution of PowerShell Core as an independent module.

An RFC for this has already been published.

Markdown Rendering Support

In addition to help being in Markdown natively, we would like to be able to render in the console any Markdown. For example, error messages or script output can leverage Markdown to provide emphasis. Initially there will be limited rendering support, but this is something we can improve over time. For example, eventually supporting plug-able syntax highlighting for code fencing.

An RFC will be published for this feature.

Enable `sudo` to Work Over PowerShell Remoting (for non-Windows)

On Unix-based systems, administrators use sudo to elevate themselves to run administrator tasks requiring higher privilege. Due to how sudo works, PowerShell remoting is not able to pass the request for the administrator password prompt from sudo. Note that sudo works perfectly fine locally in PowerShell Core 6.0.

Enable-SSHRemoting

PowerShell includes a Enable-PSRemoting command on Windows to make it easy to enable PowerShell remoting over WSMan using WinRM. This feature adds a new Enable-SSHRemoting command that would initially identify missing dependencies (like OpenSSH) and also configure sshd_config to enable PowerShell remoting over SSH.

An RFC for this has already been published.

PowerShell Module for IoT (Internet of Things)

PowerShell Core 6.0 has experimental support for ARM systems running Windows 10 IoT or Raspbian (Stretch).

To help bootstrap the community to develop more interesting uses for IoT using PowerShell, we want to provide the start of a module to enable using PowerShell script to interact with sensors attached to your IoT device. We would then work with the community to increase capability of this module over time.

An RFC will be published for this feature.

Closing

As you can see, we have a large set of work ahead of us for the 6.1 release.

The feature set was decided based on:

Existing customer feedback or known customer pain points
Driving towards longer goals through strategic investments
Specific partner/customer asks
Interests within the PSCore engineering team

The next 6 months will be lots of work, but it’ll also be fun. I also expect the community to continue to contribute new features beyond this list for 6.1. My team will continue to fix bugs, respond to issues, review PRs, and merge PRs while working on 6.1.

Please feel free to provide feedback on the PowerShell Core 6.1 Roadmap via GitHub!

Steve Lee
Principal Engineering Manager
PowerShell

↧

Desired State Configuration (DSC) Planning Update – January 2018

January 26, 2018, 4:00 pm

≫ Next: DSC Resource Kit Release February 2018

≪ Previous: PowerShell Core 6.1 Roadmap

In September 2017 we communicated some of our plans for PowerShell Desired State Configuration (DSC). Over the past few months, we have been executing on these plans and collecting feedback from customers and partners. The intent of this blog is to provide an update on the plans we shared back in September. I will have additional posts in the near future to discuss updates for Azure DSC Extension and Windows Pull Server.

Specifically:

What is the relationship between the next version of DSC and PowerShell Core?
Will DSC be Open Source?
What does this mean for my skillset and my existing projects?

We appreciate the continued feedback and look forward to working with the DSC community to make incremental improvements as we progress together.

What Are We Trying to Achieve?

The mission for DSC is to provide a platform for server configuration management that is maintained together with the community, releasing at an agile cadence, to meet the demands of hybrid cloud environments.

Local Configuration Manager (LCM)

LCM is the engine that runs DSC so it is a logical place for us to start work on a new version. For DSC in Windows, this shipped in Windows Server 2012 R2 and later and has been updated through the WMF release cycle.

The work going on by the DSC team since the last major update has been focused on making LCM a small, lightweight, cross-platform, and portable engine that can meet the requirements for cloud management capabilities long term. In fact, the new codebase is already in use by some of the Management services available in Azure such as Inventory and Change Tracking, and is scaling to hundreds of thousands of servers.

The team’s plan is to make LCM an open source project in GitHub within the next 12 months. We want to make sure we are prepared when we reach that milestone. Our team has gained experience through management of many open source projects including the DSC Resource community and from shipping PowerShell Core as an open source language. We understand that the onramp to open source projects includes a complex set of requirements, so we can be respectful and responsive to community contributions. We are working through creation of the repository with the appropriate assets such as governance and documentation. I will have more to share in a few months at the PowerShell Summit events happening around the world.

Initially, the new LCM would be distributed as compiled binaries via GitHub releases and through Azure Services. It will need to be installed on systems where the current DSC platform exists today, and we will need to offer conflict detection across versions.

To be crystal clear, we do not plan for LCM to require .NET, .NET Core, or PowerShell Core. The project is written in C++ and will be able to be compiled for multiple platforms.

Provider Model

The community has been providing valuable feedback regarding backward compatibility with existing DSC Resources. To deliver DSC provided by LCM, we anticipate a provider model with the ability to work with multiple languages.

To make sure we are not creating unnecessary work for community maintainers, the first implementation of the provider model for LCM will be Windows PowerShell. This means that in the future a new open source LCM would be able to manage configurations that include the existing community-maintained DSC Resources authored using Windows PowerShell. Our intention is that no changes to the resources will be required.

We also expect to have LCM providers for PowerShell Core, C++, and Python. These providers will introduce the ability to Get/Set/Test across Windows, Linux, and MacOS, by a common LCM. Leveraging cross-platform languages, authors will have the opportunity to create DSC resources that can be used on multiple operating systems. For resources written in PowerShell Core, there are built-in Boolean variables $IsWindows, $IsLinux, and $IsMacOS that will simplify OS detection for resource authors.

Feature Backlog

The feedback in User Voice will not be lost as we transition to the new project. Examples of top requests include support for maintenance windows, intermediate state, sharing information between resources, and support for managed service accounts. These will be moved to GitHub to be the top items in the new DSC project and we will carry forward any existing work in these areas.

What is The Impact?

By following a provider model that can leverage Windows PowerShell and multiple other languages, we honor our commitment to existing versions of Windows, while introducing new choices such as the latest versions of PowerShell. The development of your skillset around DSC and the investment you have made in custom resources will carry forward, while enabling more agility to releasing incremental updates and the features you have requested.

Feedback

We look forward to hearing your feedback and suggestions. Please leave blog comments here, or via Twitter using tag #PSDSC. I look forward to more in depth conversation in the DSC forum, PowerShell User Groups, and the community-led PowerShell Summits in 2018.

Michael Greene
@migreene
Principal Program Manager
Microsoft PowerShell DSC and Azure Configuration Management

↧

DSC Resource Kit Release February 2018

February 7, 2018, 6:44 pm

≫ Next: DSC Resource Kit Release March 2018

≪ Previous: Desired State Configuration (DSC) Planning Update – January 2018

We just released the DSC Resource Kit! This release includes updates to 12 DSC resource modules. In these past 7 weeks, 83 pull requests have been merged and 70 issues have been closed, all thanks to our amazing community! The modules updated in this release are:

OfficeOnlineServerDsc
SharePointDsc
SqlServerDsc
StorageDsc (previously xStorage)
xActiveDirectory
xCertificate
xComputerManagement
xDatabase
xExchange
xFailOverCluster
xHyper-V
xNetworking

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below. Our last community call for the DSC Resource Kit was on January 31. A recording of our updates is coming soon. Join us for the next call at 12PM (Pacific time) on March 14 to ask questions and give feedback about your experience with the DSC Resource Kit. We strongly encourage you to update to the newest version of all modules using the PowerShell Gallery, and don’t forget to give us your feedback in the comments below, on GitHub, or on Twitter (@PowerShell_Team)! Please see our new documentation here for information on the support of these resource modules.

Included in this Release

Module Name	Version	Release Notes
OfficeOnlineServerDsc	1.2.0.0	Added fix for Multiple Language Pack Installs
SharePointDsc	2.1.0.0	General Updated the integration tests for building the Azure environment Works in any Azure environment. Updated the SqlServer configuration to use SqlServerDsc version 10.0.0.0. SPAlternateURL Added the ability to manage the Central Administration AAMs SPDiagnosticsProvider Added the resource SPFarm Corrected issue where ServerRole parameter is returned in SP2013 SPInfoPathFormsServiceConfig Added the resource SPInstallPrereqs Fixed two typos in to be installed Windows features for SharePoint 2016 SPSearchAutoritativePage Added missing readme.md SPSearchCrawlerImpactRule Fixed issue where an error was thrown when retrieving Crawl Impact rules Added missing readme.md SPSearchCrawlMapping Added missing readme.md SPSecureStoreServiceApp Fixed issue in Get-TargetResource to return AuditingEnabled property SPSecurityTokenServiceConfig Added the resource SPServiceIdentity Fixed issue with correctly retrieving the process identity for the Search instance Added support for LocalSystem, LocalService and NetworkService SPUserProfileProperty Fixed issues with the User Profile properties for 2016 SPUserProfileServiceAppPermissions Removed the mandatory requirement from secondary parameters SPUserProfileSyncConnection Fixed issues with the User Profile Sync connection for SharePoint 2016 SPUserProfileSyncService Added returning the FarmAccount to the Get method SPWebAppAuthentication Corrected issue where parameter validation wasn’t performed correctly SPWebApplicationExtension Fixed issue with test always failing when Ensure was set to Absent SPWorkManagementServiceApp Added check for SharePoint 2016, since this functionality has been removed in SharePoint 2016
SqlServerDsc	11.0.0.0	Changes to SqlServerDsc BREAKING CHANGE: Resource SqlRSSecureConnectionLevel was remove (issue 990). The parameter that was set using that resource has been merged into resource SqlRS as the parameter UseSsl. The UseSsl parameter is of type boolean. This change was made because from SQL Server 2008 R2 this value is made an on/off switch. Read more in the article ConfigurationSetting Method – SetSecureConnectionLevel. Updated so that named parameters are used for New-Object cmdlet. This was done to follow the style guideline. Updated manifest and license to reflect the new year (issue 965). Added a README.md under Tests\Integration to help contributors to write integration tests. Added “Integration tests” section in the CONTRIBUTING.md. The complete examples were removed. They were no longer accurate and some referenced resources that no longer exist. Accurate examples can be found in each specific resource example folder. Examples for installing Failover Cluster can be found in the resource examples folders in the xFailOverCluster resource module (issue 462). A README.md was created under the Examples folder to be used as reference how to install certain scenarios (issue 462). Removed the local specific common test for compiling examples in this repository and instead opted-in for the common test in the “DscResource.Tests” repository (issue 669). Added new resource SqlServerDatabaseMail for configuring SQL Server Database Mail (issue 155). Updated the helper function Test-SQLDscParameterState to handle the data type UInt16. Fixed typo in SqlServerDscCommon.Tests. Updated README.md with known issue section for each resource. Resources that did not have a description in the README.md now has one. Resources that missed links to the examples in the README.md now has those links. Style changes in all examples, removing type [System.Management.Automation.Credential()] from credential parameters (issue 1003), and renamed the credential parameter so it is not using abbreviation. Updated the security token for AppVeyor status badge in README.md. When we renamed the repository the security token was changed (issue 1012). Now the helper function Restart-SqlService, after restarting the SQL Server service, does not return until it can connect to the SQL Server instance, and the instance returns status “Online” (issue 1008). If it fails to connect within the timeout period (defaults to 120 seconds) it throws an error. Fixed typo in comment-base help for helper function Test-AvailabilityReplicaSeedingModeAutomatic. Style cleanup in helper functions and tests. Changes to SqlAG Fixed typos in tests. Style cleanup in code and tests. Changes to SqlAGDatabase Style cleanup in code and tests. Changes to SqlAGListener Fixed typo in comment-based help. Style cleanup in code and tests. Changes to SqlAGReplica Minor code style cleanup. Removed unused variable and instead piped the cmdlet Join-SqlAvailabilityGroup to Out-Null. Fixed minor typos in comment-based help. Fixed minor typos in comment. Style cleanup in code and tests. Updated description for parameter Name in README.md and in comment-based help (issue 1034). Changes to SqlAlias Fixed issue where exception was thrown if reg keys did not exist (issue 949). Style cleanup in tests. Changes to SqlAlwaysOnService Refactor integration tests slightly to improve run time performance (issue 1001). Style cleanup in code and tests. Changes to SqlDatabase Fix minor Script Analyzer warning. Changes to SqlDatabaseDefaultLocation Refactor integration tests slightly to improve run time performance (issue 1001). Minor style cleanup of code in tests. Changes to SqlDatabaseRole Style cleanup in tests. Changes to SqlRS Replaced Get-WmiObject with Get-CimInstance to fix Script Analyzer warnings (issue 264). Refactored the resource to use Invoke-CimMethod. Added parameter UseSsl which when set to $true forces connections to the Reporting Services to use SSL when connecting (issue 990). Added complete example for SqlRS (based on the integration tests) (issue 634). Refactor integration tests slightly to improve run time performance (issue 1001). Style cleanup in code and tests. Changes to SqlScript Style cleanup in tests. Updated examples. Added integration tests. Fixed minor typos in comment-based help. Added new example based on integration test. Changes to SqlServerConfiguration Fixed minor typos in comment-based help. Now the verbose message say what option is changing and to what value (issue 1014). Changed the RestartTimeout parameter from type SInt32 to type UInt32. Added localization (issue 605). Style cleanup in code and tests. Changes to SqlServerEndpoint Updated README.md with links to the examples (issue 504). Style cleanup in tests. Changes to SqlServerLogin Added integration tests (issue 748). Minor code style cleanup. Removed unused variable and instead piped the helper function Connect-SQL to Out-Null. Style cleanup in tests. Changes to SqlServerMaxDop Minor style changes in the helper function Get-SqlDscDynamicMaxDop. Changes to SqlServerMemory Style cleanup in code and tests. Changes to SqlServerPermission Fixed minor typos in comment-based help. Style cleanup in code. Changes to SqlServerReplication Fixed minor typos in verbose messages. Style cleanup in tests. Changes to SqlServerNetwork Added sysadmin account parameter usage to the examples. Changes to SqlServerReplication Fix Script Analyzer warning (issue 263). Changes to SqlServerRole Added localization (issue 621). Added integration tests (issue 756). Updated example to add two server roles in the same configuration. Style cleanup in tests. Changes to SqlServiceAccount Default services are now properly detected (issue 930). Made the description of parameter RestartService more descriptive (issue 960). Added a read-only parameter ServiceAccountName so that the service account name is correctly returned as a string (issue 982). Added integration tests (issue 980). The timing issue that the resource returned before SQL Server service was actually restarted has been solved by a change in the helper function Restart-SqlService (issue 1008). Now Restart-SqlService waits for the instance to return status “Online” or throws an error saying it failed to connect within the timeout period. Style cleanup in code and tests. Changes to SqlSetup Added parameter `ASServerMode` to support installing Analysis Services in Multidimensional mode, Tabular mode and PowerPivot mode (issue 388). Added integration tests for testing Analysis Services Multidimensional mode and Tabular mode. Cleaned up integration tests. Added integration tests for installing a default instance of Database Engine. Refactor integration tests slightly to improve run time performance (issue 1001). Added PSSA rule “PSUseDeclaredVarsMoreThanAssignments” override in the function Set-TargetResource for the variable $global:DSCMachineStatus. Style cleanup in code and tests. Changes to SqlWaitForAG Style cleanup in code. Changes to SqlWindowsFirewall Fixed minor typos in comment-based help. Style cleanup in code.
StorageDsc	4.0.0.0	BREAKING CHANGE: Renamed xStorage to StorageDsc Renamed MSFT_xDisk to MSFT_Disk Renamed MSFT_xDiskAccessPath to MSFT_DiskAccessPath Renamed MSFT_xMountImage to MSFT_MountImage Renamed MSFT_xOpticalDiskDriveLetter to MSFT_OpticalDiskDriveLetter Renamed MSFT_xWaitForDisk to MSFT_WaitForDisk Renamed MSFT_xWaitForVolume to MSFT_WaitforVolume Deleted xStorage folder under StorageDsc/Modules See [Issue 129](https://github.com/PowerShell/xStorage/issues/129)
xActiveDirectory	2.17.0.0	Converted AppVeyor.yml to use DSCResource.tests shared code. Opted-In to markdown rule validation. Readme.md modified resolve markdown rule violations. Added CodeCov.io support. Added xADServicePrincipalName resource.
xCertificate	3.2.0.0	Get-CertificateTemplateName: Fix missing template name
xComputerManagement	4.0.0.0	BREAKING CHANGE: xScheduledTask: Breaking change because `Get-TargetResource` no longer outputs `ActionExecutable` and `ScheduleType` properties when the scheduled task does not exist. It will also include `TaskPath` in output when scheduled task does not exist. xScheduledTask: Add support to disable built-in scheduled tasks – See Issue 74. Fix unit test mocked schedule task object structure. Fix error message when trigger type is unknown – See Issue 121. Moved strings into separate strings file. Updated to meet HQRM guidelines. xComputer: Resolved bug in Get-ComputerDomain where LocalSystem doesn”t have rights to the domain. Updated tests to meet Pester V4 guidelines – See Issue 106. Converted module to use auto documentation format.
xDatabase	1.7.0.0	Added support SQL Server 2016
xExchange	1.19.0.0	Added missing parameters to xExchActiveSyncVirtualDirectory Added missing parameters to xExchAutoDiscoverVirtualDirectory Added missing parameters to xExchWebServicesVirtualDirectory
xFailOverCluster	1.9.0.0	Changes to xFailoverCluster Update Pester syntax to v4 Updated year to 2018 in license file and module manifest (issue 167). Changes to xClusterNetwork Updated readme to describe process for adding and removing additional networks on clusters Changes to xCluster Allow the cluster to be assigned an IP address from a DHCP (issue 109). When the parameter StaticIPAddress is not specified then the cluster will be configured to use an IP address from a DHCP. Get-TargetResource now correctly returns the IP address instead of throwing and error (issue 28). Added -IgnoreNetwork parameter (issue 143). Changes to xClusterQuorum When using NodeAndFileShareMajority on Windows Server 2016 any subsequent run failed when Test-TargetResource validated the configuration. Cleaned up tests which was using over complicated evaluation code. Added cloud witness (Azure storage) functionality on Windows 2016 (issue 37).
xHyper-V	3.11.0.0	Added the following resources: MSFT_xVMHardDiskDrive to manage additional attached VHD/Xs. MSFT_xVMScsiController to manage virtual machine SCSI controllers. MSFT_xVMSwitch: Added parameter ot specify the Load Balancing Algorithm of a vSwitch with Switch Embedded Teaming (SET)
xNetworking	5.5.0.0	MSFT_xNetAdapterAdvancedProperty: Created new resource configuring AdvancedProperties for NetAdapter MSFT_xNetAdapterLso: Corrected style and formatting to meet HQRM guidelines. Updated tests to meet Pester v4 guidelines. MSFT_xNetAdapterName: Corrected style and formatting to meet HQRM guidelines. Updated tests to meet Pester v4 guidelines. MSFT_xNetAdapterRDMA: Corrected style and formatting to meet HQRM guidelines. Updated tests to meet Pester v4 guidelines. Converted exceptions to use ResourceHelper functions. Improved integration tests to preserve system status and run in more scenarios. MSFT_xNetBIOS: Corrected style and formatting to meet HQRM guidelines. Updated tests to meet Pester v4 guidelines. Converted exceptions to use ResourceHelper functions. Improved integration tests to preserve system status, run in more scenarios and more effectively test the resource. Changed to report back error if unable to set NetBIOS setting. MSFT_xWinsSetting: Created new resource for enabling/disabling LMHOSTS lookup and enabling/disabling WINS name resoluton using DNS. MSFT_xNetworkTeam: Corrected style and formatting to meet HQRM guidelines. Updated tests to meet Pester v4 guidelines. Converted exceptions to use ResourceHelper functions.

How to Find Released DSC Resource Modules

# To list all modules that tagged as DSCResourceKit
Find-Module -Tag DSCResourceKit
# To list all DSC resources from all sources 
Find-DscResource

Please note only those modules released by the PowerShell Team are currently considered part of the ‘DSC Resource Kit’ regardless of the presence of the ‘DSC Resource Kit’ tag in the PowerShell Gallery. To find a specific module, go directly to its URL on the PowerShell Gallery: http://www.powershellgallery.com/packages/< module name > For example: http://www.powershellgallery.com/packages/xWebAdministration

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource

How to Find DSC Resource Modules on GitHub

All resource modules in the DSC Resource Kit are available open-source on GitHub. You can see the most recent state of a resource module by visiting its GitHub page at: https://github.com/PowerShell/< module name > For example, for the xCertificate module, go to: https://github.com/PowerShell/xCertificate. All DSC modules are also listed as submodules of the DscResources repository in the xDscResources folder.

How to Contribute

You are more than welcome to contribute to the development of the DSC Resource Kit! There are several different ways you can help. You can create new DSC resources or modules, add test automation, improve documentation, fix existing issues, or open new ones. See our contributing guide for more info on how to become a DSC Resource Kit contributor. If you would like to help, please take a look at the list of open issues for the DscResources repository. You can also check issues for specific resource modules by going to: https://github.com/PowerShell/< module name >/issues For example: https://github.com/PowerShell/xPSDesiredStateConfiguration/issues Your help in developing the DSC Resource Kit is invaluable to us!

Questions, comments?

↧

DSC Resource Kit Release March 2018

March 21, 2018, 6:53 pm

≫ Next: Using the PowerShell Standard Library

≪ Previous: DSC Resource Kit Release February 2018

We just released the DSC Resource Kit!

This release includes updates to 7 DSC resource modules. In these past 7 weeks, 43 pull requests have been merged and 37 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

SharePointDsc
SqlServerDsc
xActiveDirectory
xComputerManagement
xFailOverCluster
xNetworking
xPSDesiredStateConfiguration

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our last community call for the DSC Resource Kit was on March 14. A recording of our updates will be available on YouTube soon. Join us for the next call at 12PM (Pacific time) on April 25 to ask questions and give feedback about your experience with the DSC Resource Kit.

Please see our new documentation here for information on the support of these resource modules.

Included in this Release

Module Name	Version	Release Notes
SharePointDsc	2.2.0.0	SPAlternateURL If resource specifies Central Admin webapp and Default Zone, the existing AAM will be updated instead of adding a new one SPContentDatabase Fixed issue where mounting a content database which had to be upgraded resulted in a reboot. SPDistributedCacheClientSettings Added the new resource SPFarmAdministrators Fixed issue where member comparisons was case sensitive. This had to be case insensitive. SPManagedMetadataServiceApp Fixed issue with creating the Content Type Hub on an existing MMS service app without Content Type Hub. SPManagedMetadataServiceAppDefault Fixed issue where .GetType().FullName and TypeName were not used properly. SPTimerJobState Updated description of WebAppUrl parameter to make it clear that N/A has to be used to specify a global timer job. SPUserProfileServiceApp Fixed issue introduced in v2.0, where the Farm Account had to have local Administrator permissions for the resource to function properly. Updated resource to retrieve the Farm account from the Managed Accounts instead of requiring it as a parameter. SPUserProfileSyncService Fixed issue introduced in v2.0, where the Farm Account had to have local Administrator permissions for the resource to function properly. Updated resource to retrieve the Farm account from the Managed Accounts instead of requiring it as a parameter. The FarmAccount parameter is deprecated and no longer required. Is ignored in the code and will be removed in v3.0. SPVisioServiceApp Fixed an issue where the proxy is not properly getting created
SqlServerDsc	11.1.0.0	Changes to SqlServerDsc Updated the PULL_REQUEST_TEMPLATE with an improved task list and modified some text to be clearer (issue 973). Updated the ISSUE_TEMPLATE to hopefully be more intuitive and easier to use. Added information to ISSUE_TEMPLATE that issues must be reproducible in SqlServerDsc resource module (if running the older xSQLServer resource module) (issue 1036). Updated ISSUE_TEMPLATE.md with a note about sensitive information (issue 1092). Changes to SqlServerLogin Claudio Spizzi (@claudiospizzi): Fix password test fails for nativ sql users (issue 1048). Changes to SqlSetup Michael Fyffe (@TraGicCode): Clarify usage of “SecurityMode” along with adding parameter validations for the only 2 supported values (issue 1010). Now accounts containing “$” will be able to be used for installing SQL Server. Although, if the account ends with “$” it is considered a Managed Service Account (issue 1055). Changes to Integration Tests Michael Fyffe (@TraGicCode): Replace xStorage dsc resource module with StorageDsc (issue 1038). Changes to Unit Tests Michael Fyffe (@TraGicCode): Updated the following resources unit test template to version 1.2.1 SqlAlias (issue 999). SqlWindowsFirewall (issue 1089).
xActiveDirectory	2.18.0.0	xADReplicationSite: Resource added. Added xADReplicationSubnet resource. Fixed bug with group members in xADGroup
xComputerManagement	4.1.0.0	xScheduledTask: Update existing Scheduled Task using SetScheduleTask instead of UnRegister/Register – See Issue 134. Fix master branch AppVeyor badge link URL in README.MD – See Issue 140. Fix deletion of scheduled task with unknown or empty task trigger. Get-TargetResource returns an empty ScheduleType string if the task trigger is empty or unknown – See Issue 137. Added dependency information for xScheduledTask to README.MD.
xFailOverCluster	1.10.0.0	Changes to xFailOverCluster Added xClusterProperty (issue 169). Changes to xClusterNetwork Fix the test for the network role never in desired state (issue 175).
xNetworking	5.6.0.0	Reordered resource list in README.MD to be alphabetical and added missing resource xNetAdapterAdvancedProperty – Fixes issue 309. MSFT_xNetworkTeamInterface: Corrected style and formatting to meet HQRM guidelines. Updated tests to meet Pester v4 guidelines. Converted exceptions to use ResourceHelper functions. Changed unit tests to output Verbose logs. MSFT_xNetAdapterAdvancedProperty: Added a number of additional advanced properties. Fixes issue 314. MSFT_xNetBIOS: Corrected style and formatting to meet HQRM guidelines. Ensured CommonTestHelper.psm1 is loaded before running unit tests. MSFT_xNetworkTeam: Corrected style and formatting to meet HQRM guidelines. Added missing default from MOF description of Ensure parameter. Fixed `Get-TargetResource` to always output Ensure parameter. Changed unit tests to output Verbose logs. MSFT_xNetConnectionProfile: Corrected style and formatting to meet HQRM guidelines. Updated tests to meet Pester V4 guidelines – Fixes Issue 272.
xPSDesiredStateConfiguration	8.1.0.0	xDSCWebService: Enable SQL provider configuration

How to Find Released DSC Resource Modules

Of course, you can also always use PowerShellGet (available in WMF 5.0) to find modules with DSC Resources:

# To list all modules that tagged as DSCResourceKit
Find-Module -Tag DSCResourceKit 
# To list all DSC resources from all sources 
Find-DscResource

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource

How to Find DSC Resource Modules on GitHub

All DSC modules are also listed as submodules of the DscResources repository in the DscResources and the xDscResources folders.

How to Contribute

Your help in developing the DSC Resource Kit is invaluable to us!

Questions, comments?

Katie Keim
Software Engineer
PowerShell DSC Team
@katiedsc (Twitter)
@kwirkykat (GitHub)

↧

Using the PowerShell Standard Library

March 26, 2018, 2:44 pm

≫ Next: PowerShell Core 6 Release Candidate

≪ Previous: DSC Resource Kit Release March 2018

This is the first a set of posts which will help you take advantage of a new Nuget package PowerShellStandard Library 5.1.0. This package allows developers to create modules and applications which host the PowerShell engine which are portable between Windows PowerShell version 5.1 and PowerShell Core 6.0. This means that you can create PowerShell modules and applications which run on Windows, Linux, and Mac with a single binary!

In this post, I’ll walk through the steps for creating a simple binary module which has a single, (very) simple cmdlet. I will also be using the dotnet cli tools for creating everything I need.

First, we need create a project for our new module and create a project template:

PS> New-Item -Type Directory myModule

Directory: C:\Users\James\src\pwsh
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/26/2018 2:41 PM myModule

PS> Set-Location myModule
PS> dotnet new library
The template "Class library" was created successfully.

Processing post-creation actions...
Running 'dotnet restore' on C:\Users\James\src\pwsh\myModule\myModule.csproj...
 Restoring packages for C:\Users\James\src\pwsh\myModule\myModule.csproj...
 Generating MSBuild file C:\Users\James\src\pwsh\myModule\obj\myModule.csproj.nuget.g.props.
 Generating MSBuild file C:\Users\James\src\pwsh\myModule\obj\myModule.csproj.nuget.g.targets.
 Restore completed in 222.92 ms for C:\Users\James\src\pwsh\myModule\myModule.csproj.

Restore succeeded.

You can see that the dotnet cli has created a source file and .csproj file for my project. Right now they’re quite generic, but we can add a reference to the PowerShellStandard Library very easily:

PS> dotnet add package PowerShellStandard.Library --version 5.1.0-preview-02
 Writing C:\Users\James\AppData\Local\Temp\tmp2C8D.tmp
info : Adding PackageReference for package 'PowerShellStandard.Library' into project 'C:\Users\James\src\pwsh\myModule\myModule.csproj'.
log : Restoring packages for C:\Users\James\src\pwsh\myModule\myModule.csproj...
info : Package 'PowerShellStandard.Library' is compatible with all the specified frameworks in project 'C:\Users\James\src\pwsh\myModule\myModule.csproj'.
info : PackageReference for package 'PowerShellStandard.Library' version '5.1.0-preview-02' added to file 'C:\Users\James\src\pwsh\myModule\myModule.csproj'.
PS> get-childitem

Directory: C:\Users\James\src\pwsh\myModule
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/26/2018 2:42 PM obj
-a---- 3/26/2018 2:42 PM 85 Class1.cs
-a---- 3/26/2018 2:42 PM 259 myModule.csproj

if we inspect the .csproj file, we can see the reference

PS> Get-Content .\myModule.csproj
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
 <TargetFramework>netstandard2.0</TargetFramework>
 </PropertyGroup>
<ItemGroup>
 <PackageReference Include="PowerShellStandard.Library" Version="5.1.0-preview-02" />
 </ItemGroup>
</Project>

We can now implement our cmdlet in the Class1.cs file

PS> get-content Class1.cs
using System;
using System.Management.Automation;

namespace myModule {
  [Cmdlet("Get","Thing")]
  public class GetThingCommand : PSCmdlet {
    protected override void ProcessRecord() {
      WriteObject("GetThing");
    }
  }
}

We can now build, import the dll (as a module) and run our new cmdlet

PS> dotnet build
Microsoft (R) Build Engine version 15.5.180.51428 for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.

Restoring packages for C:\Users\James\src\pwsh\myModule\myModule.csproj...
 Restore completed in 164.19 ms for C:\Users\James\src\pwsh\myModule\myModule.csproj.
 myModule -> C:\Users\James\src\pwsh\myModule\bin\Debug\netstandard2.0\myModule.dll

Build succeeded.
 0 Warning(s)
 0 Error(s)

Time Elapsed 00:00:03.16
PS> import-module .\bin\Debug\netstandard2.0\myModule.dll
PS> get-thing
GetThing

This is a completely portable module, I can load this from PowerShell 5.1 and run it without problem. Of course, we’ve barely scratched the surface, but you can see how this can get you started!

↧

PowerShell Core 6 Release Candidate

November 17, 2017, 5:03 pm

≫ Next: Using the PowerShell Standard Library

≪ Previous: Using the PowerShell Standard Library

PowerShell Core 6 Release Candidate

Last year, we announced that PowerShell was not only Open Source, but also cross platform. The finish line is in sight and we recently published the Release Candidate for PowerShell Core 6!

PowerShell Team ♥ Community

This really shows the benefit of Open Source and an active community and we certainly wouldn’t have gotten as far as we have without such a passionate and helpful community!

Roadmap to General Availability and the Future

We are currently targeting having the GA release on January 10th, 2018.

PowerShell Core 6 Support

Thanks to everyone for their support and contributions!

Steve Lee
Principal Engineer Manager
PowerShell Team

↧

Using the PowerShell Standard Library

March 26, 2018, 2:44 pm

≫ Next: Windows Pull Server Planning Update – April 2018

≪ Previous: PowerShell Core 6 Release Candidate

In this post, I’ll walk through the steps for creating a simple binary module which has a single, (very) simple cmdlet. I will also be using the dotnet cli tools for creating everything I need.

First, we need create a project for our new module and create a project template:

PS> New-Item -Type Directory myModule

Directory: C:\Users\James\src\pwsh
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/26/2018 2:41 PM myModule

PS> Set-Location myModule
PS> dotnet new library
The template "Class library" was created successfully.

Processing post-creation actions...
Running 'dotnet restore' on C:\Users\James\src\pwsh\myModule\myModule.csproj...
 Restoring packages for C:\Users\James\src\pwsh\myModule\myModule.csproj...
 Generating MSBuild file C:\Users\James\src\pwsh\myModule\obj\myModule.csproj.nuget.g.props.
 Generating MSBuild file C:\Users\James\src\pwsh\myModule\obj\myModule.csproj.nuget.g.targets.
 Restore completed in 222.92 ms for C:\Users\James\src\pwsh\myModule\myModule.csproj.

Restore succeeded.

You can see that the dotnet cli has created a source file and .csproj file for my project. Right now they’re quite generic, but we can add a reference to the PowerShellStandard Library very easily:

PS> dotnet add package PowerShellStandard.Library --version 5.1.0-preview-02
 Writing C:\Users\James\AppData\Local\Temp\tmp2C8D.tmp
info : Adding PackageReference for package 'PowerShellStandard.Library' into project 'C:\Users\James\src\pwsh\myModule\myModule.csproj'.
log : Restoring packages for C:\Users\James\src\pwsh\myModule\myModule.csproj...
info : Package 'PowerShellStandard.Library' is compatible with all the specified frameworks in project 'C:\Users\James\src\pwsh\myModule\myModule.csproj'.
info : PackageReference for package 'PowerShellStandard.Library' version '5.1.0-preview-02' added to file 'C:\Users\James\src\pwsh\myModule\myModule.csproj'.
PS> get-childitem

Directory: C:\Users\James\src\pwsh\myModule
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/26/2018 2:42 PM obj
-a---- 3/26/2018 2:42 PM 85 Class1.cs
-a---- 3/26/2018 2:42 PM 259 myModule.csproj

if we inspect the .csproj file, we can see the reference

PS> Get-Content .\myModule.csproj
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
 <TargetFramework>netstandard2.0</TargetFramework>
 </PropertyGroup>
<ItemGroup>
 <PackageReference Include="PowerShellStandard.Library" Version="5.1.0-preview-02" />
 </ItemGroup>
</Project>

We can now implement our cmdlet in the Class1.cs file

PS> get-content Class1.cs
using System;
using System.Management.Automation;

namespace myModule {
  [Cmdlet("Get","Thing")]
  public class GetThingCommand : PSCmdlet {
    protected override void ProcessRecord() {
      WriteObject("GetThing");
    }
  }
}

We can now build, import the dll (as a module) and run our new cmdlet

PS> dotnet build
Microsoft (R) Build Engine version 15.5.180.51428 for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.

Restoring packages for C:\Users\James\src\pwsh\myModule\myModule.csproj...
 Restore completed in 164.19 ms for C:\Users\James\src\pwsh\myModule\myModule.csproj.
 myModule -> C:\Users\James\src\pwsh\myModule\bin\Debug\netstandard2.0\myModule.dll

Build succeeded.
 0 Warning(s)
 0 Error(s)

Time Elapsed 00:00:03.16
PS> import-module .\bin\Debug\netstandard2.0\myModule.dll
PS> get-thing
GetThing

This is a completely portable module, I can load this from PowerShell 5.1 and run it without problem. Of course, we’ve barely scratched the surface, but you can see how this can get you started!

↧

Windows Pull Server Planning Update – April 2018

April 19, 2018, 3:00 am

≫ Next: DSC Resource Kit Release May 2018

≪ Previous: Using the PowerShell Standard Library

In the next Current Branch release of Windows Server a new feature will be released to provide support for SQL Server as the database platform to support Windows Pull Server for DSC.

This capability will open new scenarios:

High availability
The SQL ecosystem of reporting and analysis tools

If you are a member of Windows Server Insiders you can test this now by downloading a preview build.

If you are unfamiliar with the pull service role for DSC, the documentation page has been updated with details regarding how to setup Windows Pull Server environments using the latest versions of the xDSCWebService resource. The key changes are introduction of properties SQLProvider and SQLConnectionString (link to code). There is no other change to the deployment and configuration process other than using the latest version of the resource and of course, having a SQL instance available. You do not have to pre-stage any tables, the resource handles that on the first request, and both SQL authentication and Windows authentication are supported.

Plans for DSC pull service

Previously I blogged about the plans we have for the DSC platform and committed to providing more information about the direction of DSC as a solution, including pull service.

Following this release of Windows Pull Server, there are no additional plans to release new features to the pull service capability in Windows Server. Support for Windows Pull Server in production environments will continue following the Windows Server support lifecycle. This does not change our plans to further invest in the DSC platform (detailed here).

The focus for new features in DSC pull service will be delivered in Azure Automation DSC.

Azure Automation DSC

The service already offers many features not available in Windows Pull Server including:

All data is encrypted in transit and at rest
Client certificates are created and managed automatically
Secrets store for centrally managing assets such as secrets, variables, and service connections
Centrally manage node LCM configuration
Centrally assign configurations to client nodes
Release configuration changes to “canary groups” for testing before reaching production
Graphical reporting
Status detail at the DSC resource level of granularity
Verbose error messages from client machines for troubleshooting
Integration with Azure Log Analytics for alerting, automated tasks, and a mobile app for reporting and alerting

We are working hard on new capabilities of this service and plan to introduce new features based on User Voice feedback, including:

Managing Configuration Data at scale
Simplify the onboarding experience and the process of authoring, especially for new users of DSC
Integrate the Azure Automation DSC and Change Tracking / Inventory services in to a Azure Configuration Management platform
Integrate Azure Automation DSC with Visual Studio Online

For customers who can leverage a cloud service for managing server nodes, this platform provides the highest degree of scalability and frequency of new features/capabilities.

With the latest licensing update, this service is available to manage server nodes on Azure for no additional charge, and for on-premises nodes the pricing is flexible based on the LCM configuration.

Also, on-premises nodes do not require broadly scoped open Internet access to be managed by Azure Automation DSC. Customers can whitelist only the Azure public IP endpoints We also plan to ship the ability to use http proxy in future releases of Local Configuration Manager.

Community maintained solutions for pull service

We have documented the pull service protocol and encourage continued development of open source implementations of DSC pull service maintained by the community.

There are two open source projects currently implementing pull service in unique approaches:

Tug provides a web service backed by PowerShell scripting so any action can be taken as a result of a request.
Traek is an implementation of pull service in Node.js with intention to host the solution on Kubernetes.

There is no intention at this time to publish the source code for the Windows Pull Server that is shipping in Windows Server.

Using DSC in isolated environments

For customers that require total isolation from public cloud service, there are options available to continue using the existing skillset and custom resources.

The implementation of pull service in Windows Server 2012 R2 and 2016 will continue to be supported
A release pipeline environment working with DSC in push mode, possibly combined with Windows Pull Server to deliver modules and reporting
Contribute to community implementations of pull service protocol such as Tug and Traek
We will continue to work with DSC partners such as Chef, Puppet, and Ansible, who offer a rich ecosystems of tools and can utilize DSC resources

Thank you,
Michael Greene
Principal Program Manager
Microsoft Desired State Configuration
@migreene

↧

DSC Resource Kit Release May 2018

May 2, 2018, 5:50 pm

≫ Next: DSC Resource Kit Release June 2018

≪ Previous: Windows Pull Server Planning Update – April 2018

We just released the DSC Resource Kit!

This release includes updates to 12 DSC resource modules. In these past 6 weeks, 52 pull requests have been merged and 63 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

ActiveDirectoryCSDsc (previously xAdcsDeployment)
CertificateDsc (previously xCertificate)
ComputerManagementDsc (previously xComputerManagement)
DFSDsc (previously xDFS)
SqlServerDsc
xDnsServer
xDscResourceDesigner
xExchange
xNetworking
xPendingReboot
xSMBShare
xWebAdministration

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our last community call for the DSC Resource Kit was on April 25. A recording of our updates will be available on YouTube soon. Join us for the next call at 12PM (Pacific time) on June 6 to ask questions and give feedback about your experience with the DSC Resource Kit.

Please see our documentation here for information on the support of these resource modules.

Included in this Release

Module Name	Version	Release Notes
ActiveDirectoryCSDsc (previously xAdcsDeployment)	2.0.0.0	BREAKING CHANGE: Renamed module to ActiveDirectoryCSDsc – see issue 38 Enabled PSSA rule violations to fail build – Fixes Issue 44.
CertificateDsc (previously xCertificate)	4.0.0.0	BREAKING CHANGE Renamed xCertificate to CertificateDsc – fixes Issue 114. Changed all MSFT_xResourceName to MSFT_ResourceName. Updated DSCResources, Examples, Modules and Tests for new naming. Updated Year to 2018 in License and Manifest. Updated README.md from xCertificate to CertifcateDsc Removed unnecessary code from: CertificateDsc\Modules\CertificateDsc\DSCResources\MSFT_CertReq\MSFT_CertReq.psm1 Deleted $rspPath = [System.IO.Path]::ChangeExtension($workingPath, “.rsp”)
ComputerManagementDsc (previously xComputerManagement)	5.0.0.0	BREAKING CHANGE: Renamed ComputerManagement to ComputerManagementDsc – fixes Issue 119. Changed all MSFT_xResourceName to MSFT_ResourceName. Updated DSCResources, Examples, Modules and Tests with new naming. Updated Year to 2018 in License and Manifest. Updated README.md from xComputerManagement to ComputerManagementDsc. OfflineDomainJoin: Cleaned up spacing in strings file to make consistent with other resources. VirtualMemory: Converted strings to single quotes in integration test.
DFSDsc (previously xDFS)	4.0.0.0	BREAKING CHANGE Renamed xDFS to DFSDsc – fixes Issue 55. Changed all MSFT_xResourceName to MSFT_DFSResourceName. Updated DSCResources, Examples, Modules and Tests for new naming. Updated Year to 2018 in License and Manifest. Changed all Modules\DFSDsc\Examples\Resources to DFSResourceName. Added the VS Code PowerShell extension formatting settings that cause PowerShell files to be formatted as per the DSC Resource kit style guidelines. Improve layout of badge area in README.MD. Disabled MD013 rule checking to enable badge table. Updated Year to 2017 in License and Manifest. Added .github support files: CONTRIBUTING.md ISSUE_TEMPLATE.md PULL_REQUEST_TEMPLATE.md Opted into Common Tests “Validate Module Files” and “Validate Script Files”. Converted files with UTF8 with BOM over to UTF8 – fixes Issue 47. Added `Documentation and Examples` section to Readme.md file – see issue 49. Prevent unit tests from DSCResource.Tests from running during test execution – fixes Issue 51. Updated tests to meet Pester V4 guidelines – fixes Issue 53.
SqlServerDsc	11.2.0.0	Changes to SqlServerDsc Added new test helper functions in the CommonTestHelpers module. These are used by the integration tests. New-IntegrationLoopbackAdapter: Installs the PowerShell module “LoopbackAdapter” from PowerShell Gallery and creates a new network loopback adapter. Remove-IntegrationLoopbackAdapter: Removes a new network loopback adapter. Get-NetIPAddressNetwork: Returns the IP network address from an IPv4 address and prefix length. Enabled PSSA rule violations to fail build in the CI environment. Renamed SqlServerDsc.psd1 to be consistent (issue 1116). Glenn Sarti (@glennsarti) Changes to Unit Tests Updated the following resources unit test template to version 1.2.1 SqlWaitForAG (issue 1088). Michael Fyffe (@TraGicCode) Changes to SqlAlwaysOnService Updated the integration tests to use a loopback adapter to be less intrusive in the build worker environment. Minor code cleanup in integration test, fixed the scope on variable. Changes to SqlSetup Updated the integration tests to stop some services after each integration test. This is to save memory on the AppVeyor build worker. Updated the integration tests to use a SQL Server 2016 Service Pack 1. Fixed Script Analyzer rule error. Changes to SqlRS Updated the integration tests to stop the Reporting Services service after the integration test. This is to save memory on the AppVeyor build worker. The helper function `Restart-ReportingServicesService` should no longer timeout when restarting the service (issue 1114). Changes to SqlServiceAccount Updated the integration tests to stop some services after each integration test. This is to save memory on the AppVeyor build worker. Changes to SqlServerDatabaseMail Fixed Script Analyzer rule error.
xDnsServer	1.10.0.0	Changes to xDnsServerADZone Fixed bug introduced by 49. Previously, CimSessions were always used regardless of connecting to a remote machine or the local machine. Now CimSessions are only utilized when a computername or computername and credential are used. (issue 53). Michael Fyffe (@TraGicCode) Fixed all PSSA rule warnings. Michael Fyffe (@TraGicCode) Fix DsAvailable key missing (66). Claudio Spizzi (@claudiospizzi)
xDscResourceDesigner	1.10.0.0	Converted appveyor.yml to install Pester from PSGallery instead of from Chocolatey. Helper function Test-xDscSchemaEncoding now supports PowerShell Core (issue 64). Changed README.md encoding to UTF8.
xExchange	1.20.0.0	Fix issue where test of type Microsoft.Exchange.Data.Unlimited fails
xNetworking	5.7.0.0	Enabled PSSA rule violations to fail build – Fixes Issue 320. MSFT_xNetAdapterAdvancedProperty: Enabled setting the same property on multiple network adapters – Fixes issue 324.
xPendingReboot	0.4.0.0	Converted appveyor.yml to install Pester from PSGallery instead of from Chocolatey. Fixes registry not being evaluated correctly. Fixes failing tests introduced in changes to Pester 4. Change layout of parameters to compile with style guide.
xSMBShare	2.1.0.0	Corrected typo on ShareState and ShareType descriptions (Specfies -> Specifies)
xWebAdministration	1.20.0.0	Fix Get-DscConfiguration failure with xWebApplication and xWebSite resources (issue 302 and issue 314). Add Codecov support. Added .vscode\settings.json so that code can be easily formatted in VSCode closer according to the style guideline. Updated README.md with a branches section, and added Codecov badges. Fix unit test for helper function `Find-Certificate` that could not find the test helper function `Install-NewSelfSignedCertificateExScript`. Fix unit tests for xWebSite that failed because `Get-Command` and “Stop-WebStie` wasn”t properly mocked.

How to Find Released DSC Resource Modules

Of course, you can also always use PowerShellGet (available in WMF 5.0) to find modules with DSC Resources:

# To list all modules that tagged as DSCResourceKit
Find-Module -Tag DSCResourceKit 
# To list all DSC resources from all sources 
Find-DscResource

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource

How to Find DSC Resource Modules on GitHub

All DSC modules are also listed as submodules of the DscResources repository in the xDscResources folder.

How to Contribute

Your help in developing the DSC Resource Kit is invaluable to us!

Questions, comments?

Katie Keim
Software Engineer
PowerShell DSC Team
@katiedsc (Twitter)
@kwirkykat (GitHub)

↧

PowerShell Constrained Language Mode

What is PowerShell Constrained Language?

Then what is it for?

What does Constrained Language constrain?

How is this different from JEA?

Summary

Example scenarios

Multiple Options

Included in this Release

How to Find Released DSC Resource Modules

How to Install DSC Resource Modules From the PowerShell Gallery

How to Find DSC Resource Modules on GitHub

How to Contribute

Questions, comments?

The Old Naming Convention

The New Naming Convention

Why is it the right time to make this change

How do I know if a DSC Resource is supported

When will this change happen

Overview

Installation

Installing with the Settings UI

Installing with PowerShell

Installing with DISM.exe

Configuration

Configuring the SSH Client (ssh.exe)

Password-based authentication

Key-based authentication

Configuring the OpenSSH Server (sshd)

Stay tuned!

Included in this Release

How to Find Released DSC Resource Modules

How to Install DSC Resource Modules From the PowerShell Gallery

How to Find DSC Resource Modules on GitHub

How to Contribute

Questions, comments?

FAQ

Where do I get PowerShell Core 6.0?

I already had PowerShell Core on my Linux machine, and it’s not updating. How do I get the latest version?

What’s the difference between Windows PowerShell and PowerShell Core?

What platforms are supported?

What’s new in PowerShell Core? Why should I use it?

Does PowerShell Core affect my Windows PowerShell installation?

What modules work with PowerShell Core?

What about other 1st-party Microsoft modules?

How do I know which modules on the PowerShell Gallery work with PowerShell Core?

How do I build modules and scripts that are compatible with PowerShell Core?

Can I host PowerShell Core in a .NET Core application?

Does PowerShell Core support remoting?

How is PowerShell Core supported?

What’s missing from PowerShell Core?

What’s happening to Windows PowerShell?

Where can I provide feedback?

Thanks!

Timeline

Milestone Quality

New Features

Security Parity with Windows PowerShell

Run Signed Script Blocks Remotely

Windows PowerShell Compatibility Pack

Concurrency in PowerShell Script

PSReadLine 2.0 GA

Machine Learning and PowerShell

Experimental Feature Flags

HelpSystem as a Module

Markdown Rendering Support

Enable sudo to Work Over PowerShell Remoting (for non-Windows)

Enable-SSHRemoting

PowerShell Module for IoT (Internet of Things)

Closing

What Are We Trying to Achieve?

Local Configuration Manager (LCM)

Provider Model

Feature Backlog

What is The Impact?

Feedback

Included in this Release

How to Find Released DSC Resource Modules

How to Install DSC Resource Modules From the PowerShell Gallery

How to Find DSC Resource Modules on GitHub

Enable `sudo` to Work Over PowerShell Remoting (for non-Windows)