What’s new in PowerShell 5?
With the latest release of PowerShell and Microsoft Management Framework, there have been some key developments. Here’s a list of some of the developments:
1. PowerShell Resource Repository
PowerShell 5 now has ways to host code – from the community, or Microsoft, or internal. There are various components associated with this capability:
- PowerShell Gallery: PowerShell Gallery is a Microsoft-hosted repository where you can find modules, scripts, and DSC configurations published by the community and Microsoft. Prior to PowerShell 5 the general practice was to look for resources from third parties in Microsoft ScriptCenter download and bring it on to the local system. This was a fairly standard model, however, this lacked the elegance brought in by a centralized repo.
You could take a look at PowerShell gallery at powershellgallery.com and search for PowerShell resources that can be reused.
- PowerShellGet - PowerShellGet is a module that allows for seamless interaction with the gallery right from the PS command line. It allows for various activities related to the public gallery or the internal repo you may have chosen to set up.
The capabilities are vast; for the sake of simplicity, I have enumerated all the self-explanatory tasks you can do with this module.
Let’s explore how we could look up an AWS management module from the PowerShell Gallery using PowerShellGet:
- System-Wide Transcripts: The ability to log and get a transcript of the result of all commands or scripts being executed is now available across the board. Prior to version 5, this was possible with only with PowerShell console and not with the ISE; also, the filenames of the transcript files are auto-generated for uniqueness.
- Scriptblock logging: PowerShell, since it is built on .Net, has the ability to deal with data at an object level. Take the case of the following command:
This command was run by spawning a new instance of PowerShell and executing the get-process in that new instance. Once the command was executed, the result was passed back to the initiator of that instance so a neat table could be formatted. This is possible with the encoded command switch.
Echoing this under the hood action looks like this:
And, running the following command thus gives the same output as before
The ability to convert the entire command to base64 also brings in some security issues. If a script is executed in a script block, logging becomes hard. This makes it difficult for administrators to trace what happened in case of a PowerShell based attack.
A real attack of this nature would look like this – where a new instance is created with the script block opened and more code is pulled in from the web for execution.
Enabling script block logging will prevent any such attack from not being logged. Every script block that the PowerShell engine engages will get tracked and logged once this is enabled.
With PowerShell 5, there is a whole set of Group Policy settings for this at Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell
- Antimalware integration: PowerShell 5 running on Windows 10 or Server 2016 will provide the ability to get code checked by malware upon execution. This isn’t entirely a PowerShell feature but it is on Windows 10 and Server 2016. The mechanism is that prior to execution, PowerShell calls on to the default anti-malware engine and serves to code to verify it for safety prior to execution. Currently, PowerShell is the only application that uses this feature.
- Break-all – PowerShell now allows to break into debugging mode while a long running task is being executed. This allows you to break into and take a peek at the call stack on where the execution stopped or is waiting.
- Wait-debugger – This is a command let that allows to break in at next line of code after wait-debugger. This line of code can be made to execute on runtime based on certain conditions being met. This is different from setting breakpoints prior to execution in the ISE.
- Just-Enough-Administration (JEA) – Have you come across a scenario where administrators and patching staff are given domain admin rights on a DNS server that has ADDS installed? This is the norm in most organizations because role based access can only take you so far. Or, it requires extra efforts to fine tune and carefully delegate rights through business processes. This was a function performed in high-security industries such as banking or healthcare.
With JEA, everybody has a simpler way of providing just enough administrative rights on the machine. The commands that can be run can be regulated using a configuration file.
The capability is provided by two components – one with a role configuration called PSRC, or PowerShell role configuration (illustrated in the image below). It lays out the capability of a certain category of users. For example, a helpdesk with the ability to restart the print spooler or unlock ad accounts.
This is now hooked using a PowerShell configuration file that establishes a remote session context hooked with the role configuration.
- PowerShell on Linux & Mac: PowerShell is now available on non-Windows operating systems as well. During the build of Nano server, PowerShell was refactored for .Net Core that now allows you to open source PowerShell and .Net Core. This in turn allows you to have a single code base across Windows, Linux, and Mac.
PowerShell will now find its place in the Linux world as another Shell. As PowerShell comes from an API-based architecture and Linux is a document based architecture, it will coexist with the underlying .Net core. This is a breakthrough in managing heterogeneous environments.
This leads us back to our discussion earlier on PowerShell Gallery and PowerShellGet. We could look for modules on managing AWS environment from a Mac using PowerShell. This philosophy applies to managing heterogeneous environments that most organizations have.
The tool can also interact with Ruby, Python, or any scripting language you may already be using.
Share your views on your favourite PowerShell 5 tips and tricks in the comments.