What’s new in PowerShell 5?

POSTED BY : Principal Architect - MS Azure CoE
Monday, August 22, 2016

With the latest release of PowerShell and Microsoft Management Framework, there have been some key developments. Here’s a list of some of the developments:

1. PowerShell Resource Repository

PowerShell 5 now has ways to host code – from the community, or Microsoft, or internal. There are various components associated with this capability:

  • PowerShell Gallery: PowerShell Gallery is a Microsoft-hosted repository where you can find modules, scripts, and DSC configurations published by the community and Microsoft. Prior to PowerShell 5 the general practice was to look for resources from third parties in Microsoft ScriptCenter download and bring it on to the local system. This was a fairly standard model, however, this lacked the elegance brought in by a centralized repo.

You could take a look at PowerShell gallery at powershellgallery.com and search for PowerShell resources that can be reused.

  • PowerShellGet - PowerShellGet is a module that allows for seamless interaction with the gallery right from the PS command line. It allows for various activities related to the public gallery or the internal repo you may have chosen to set up.

The capabilities are vast; for the sake of simplicity, I have enumerated all the self-explanatory tasks you can do with this module.

What’s new in PowerShell 5?

Let’s explore how we could look up an AWS management module from the PowerShell Gallery using PowerShellGet:

What’s new in PowerShell 5?

2. Security

  • System-Wide Transcripts: The ability to log and get a transcript of the result of all commands or scripts being executed is now available across the board. Prior to version 5, this was possible with only with PowerShell console and not with the ISE; also, the filenames of the transcript files are auto-generated for uniqueness.
  • Scriptblock logging: PowerShell, since it is built on .Net, has the ability to deal with data at an object level. Take the case of the following command:

What’s new in PowerShell 5?

This command was run by spawning a new instance of PowerShell and executing the get-process in that new instance. Once the command was executed, the result was passed back to the initiator of that instance so a neat table could be formatted. This is possible with the encoded command switch.

Echoing this under the hood action looks like this:

What’s new in PowerShell 5?

And, running the following command thus gives the same output as before

What’s new in PowerShell 5?

The ability to convert the entire command to base64 also brings in some security issues. If a script is executed in a script block, logging becomes hard. This makes it difficult for administrators to trace what happened in case of a PowerShell based attack.

A real attack of this nature would look like this – where a new instance is created with the script block opened and more code is pulled in from the web for execution.

What’s new in PowerShell 5?

Enabling script block logging will prevent any such attack from not being logged. Every script block that the PowerShell engine engages will get tracked and logged once this is enabled.

What’s new in PowerShell 5?

With PowerShell 5, there is a whole set of Group Policy settings for this at Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell

What’s new in PowerShell 5?

  • Antimalware integration: PowerShell 5 running on Windows 10 or Server 2016 will provide the ability to get code checked by malware upon execution. This isn’t entirely a PowerShell feature but it is on Windows 10 and Server 2016. The mechanism is that prior to execution, PowerShell calls on to the default anti-malware engine and serves to code to verify it for safety prior to execution. Currently, PowerShell is the only application that uses this feature.
  • Debugging:
    • Break-all – PowerShell now allows to break into debugging mode while a long running task is being executed. This allows you to break into and take a peek at the call stack on where the execution stopped or is waiting.
    • Wait-debugger – This is a command let that allows to break in at next line of code after wait-debugger. This line of code can be made to execute on runtime based on certain conditions being met. This is different from setting breakpoints prior to execution in the ISE.
  • Just-Enough-Administration (JEA) – Have you come across a scenario where administrators and patching staff are given domain admin rights on a DNS server that has ADDS installed? This is the norm in most organizations because role based access can only take you so far. Or, it requires extra efforts to fine tune and carefully delegate rights through business processes. This was a function performed in high-security industries such as banking or healthcare.

With JEA, everybody has a simpler way of providing just enough administrative rights on the machine. The commands that can be run can be regulated using a configuration file.

The capability is provided by two components – one with a role configuration called PSRC, or PowerShell role configuration (illustrated in the image below).  It lays out the capability of a certain category of users. For example, a helpdesk with the ability to restart the print spooler or unlock ad accounts.

What’s new in PowerShell 5?

This is now hooked using a PowerShell configuration file that establishes a remote session context hooked with the role configuration.

What’s new in PowerShell 5?

3. Interoperability

  • PowerShell on Linux & Mac: PowerShell is now available on non-Windows operating systems as well. During the build of Nano server, PowerShell was refactored for .Net Core that now allows you to open source PowerShell and .Net Core. This in turn allows you to have a single code base across Windows, Linux, and Mac.

PowerShell will now find its place in the Linux world as another Shell. As PowerShell comes from an API-based architecture and Linux is a document based architecture, it will coexist with the underlying .Net core. This is a breakthrough in managing heterogeneous environments.

What’s new in PowerShell 5?

This leads us back to our discussion earlier on PowerShell Gallery and PowerShellGet. We could look for modules on managing AWS environment from a Mac using PowerShell. This philosophy applies to managing heterogeneous environments that most organizations have.

What’s new in PowerShell 5?

The tool can also interact with Ruby, Python, or any scripting language you may already be using.

What’s new in PowerShell 5?

Share your views on your favourite PowerShell 5 tips and tricks in the comments.

Happy reading!

Tags: 
  • 744 views
Vishnu Rajkumar
Principal Architect - MS Azure CoE