16/11/2014

6 Using Windows PowerShell to Manage Group Policy

6 Using Windows PowerShell to Manage Group Policy

Section Topics
Introducing Windows PowerShell
Windows PowerShell Library for Group Policy
Windows PowerShell-Based Logon Scripts

Section Objectives

After completing this section, you will be able to:

Describe the Windows PowerShell features
Explain how to perform the basic Windows PowerShell operations
Explain how to access the Windows PowerShell library for Group Policy
List the third-party Windows PowerShell-based logon script tools

Section Overview
Windows PowerShell allows for automation in a more powerful form than previous scripting
methods such as VBScript or batch files. This section explains how to navigate and use basic
Windows PowerShell commands and how to use Windows PowerShell to manage Group
Policy.
It also explains how you can use PowerShell logon scripts with Group Policy.

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

1/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

Introducing Windows PowerShell

Figure 134: Introducing Windows PowerShell

Windows PowerShell is a new Windows command-line shell designed to perform system
administration tasks. Windows PowerShell is both an interactive prompt and a scripting
environment that you can use separately or in conjunction with each other.
Windows PowerShell is built on the .NET CLR and the .NET Framework, and interacts with
.NET objects. This change in the environment brings entirely new capabilities to the
management and configuration of Windows.
Windows PowerShell includes more than a hundred basic core cmdlets, and you can write
customized cmdlets and share them with other users.

Important Terms
Cmdlets are single-function tools built into the shell.
As with the command-prompt, Windows PowerShell gives you access to the file system on
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

2/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

the computer. Additional Windows PowerShell providers enable you to access the registry and
the digital signature certificate stores as easily as you access the file system.
Windows PowerShell also allows the management of roles in Windows Server 2008 and later,
such as IIS 7.0, Terminal Server, Microsoft Exchange Server 2007 and Microsoft Operations
Manager 2007. Third-party vendors have also provided Windows PowerShell commands that
improve manageability.
This topic describes the features of Windows PowerShell. It explains the different ways that
you can use Windows PowerShell, and finally, how to use the tool.

Windows PowerShell Features

Figure 135: Windows PowerShell Features

Windows PowerShell goes far beyond the standard command-prompt interface in terms of
capabilities. Some of the Windows PowerShell features are:
Thousands of command-line tools (called cmdlets) for performing administrative tasks, such
as managing the registry, services, processes, event logs, certificates, WMI, and much more
Scripting language that accelerates automation of repetitive tasks due to its integration with
the command-line shell
Support for existing scripts, existing command-line tools, and multiple operating systems,
including Windows XP and later versions
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

3/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

Commands that follow standard naming conventions and work with a small set of intuitive
utilities (where, select, sort, format, measure, compare, group) in order to provide
consistency and improve efficiency
Standardized tools for accessing many of the Windows data structures, including Active
Directory (ADSI) data, WMI, COM objects, ADO, HTML, and XML data
Simplified, command-based navigation of the operating system that lets users navigate the
registry, certificate store, and other data by using the same commands they use to navigate
the file system
New logging and error-handling capabilities for script execution tracking and error handling
Simple access to objects and system administration data, and the ability to pipe objects
between command-line tools
Extensible interface that allows third-party vendors to quickly build custom tools and
utilities to administer Windows

Windows PowerShell Scenarios

Figure 136: Windows PowerShell Scenarios

You can use Windows PowerShell to perform a variety of administrative tasks. Some
common scenarios in which Windows PowerShell can be used are:

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

4/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

Managing services, processes, registry, and WMI data: Common administration tasks,
such as enumerating running services or processes, viewing the registry, and modifying data
stored in WMI, are simplified with the built-in command-line tools.
Terminal Server management: Through data stored in WMI, Windows PowerShell scripts
can automate Terminal Server configuration changes. With Windows PowerShell you can
easily automate the management of Terminal Server farms.
Managing IIS 7.0: Windows PowerShell is a powerful tool for managing IIS 7.0 (Internet
Information Services 7.0) and you can use it to manage any aspect of IIS 7.0, including
deploying and configuring IIS 7 across a Web farm.
Managing Group Policy: You can now use Windows PowerShell to create and manage
group policy with a new library of cmdlets.
Logon Scripts: Since Windows PowerShell is installed by default on Windows 7 and later,
you can now use it for logon scripts in those operating systems.
And much more! There are so many new capabilities of PowerShell 3.0 that it is
impossible to cover them all in the one section. PowerShell ultimately has the ability to
perform most of the activities available in the graphical interface and more.

Using Windows PowerShell

Figure 137: Using Windows PowerShell

Using Windows PowerShell is not very different from using the command prompt. However,
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

5/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

Windows PowerShell supports thousands of additional commands.

Opening Windows PowerShell

Figure 138: Opening Windows PowerShell

You can open Windows PowerShell in any of the three ways shown in Figure 138.
Chaining Commands

Figure 139: Chaining Commands

One of the more powerful features of the Windows PowerShell interface is the ability to chain
several commands together on the same line. Try typing the command as shown in Figure 139
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

6/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

in Windows PowerShell.
This lists all available cmdlets to an HTML conversion cmdlet and outputs the results to a
Web page called cmdlets.htm. It then launches the Web page using the registered handler of
.htm files.
The pipe symbol | tells PowerShell to send the object output of one cmdlet to the next
cmdlet in line. The semicolon ; tells PowerShell to execute the next command as a separate
command, as if it were typed on a separate line.
Writing Scripts

Figure 140: Writing Scripts

You can compose scripts directly at the command-line within Windows PowerShell. For
simple scripts, you do not need to type them into a text file first and execute them later.
Try typing the code as shown in Figure 140.
Running Scripts

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

7/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

Figure 141: Running Scripts

For complex scripts, you can save them to a text file with a .ps1 extension. You must run
scripts by typing the full path to the file, or, if the current directory is where the scripts are
located, by typing .\ before the file name.
However, Windows PowerShell scripts cannot be run by default due to security constraints in
the operating system. To permit the .ps1 file to run, open a Windows PowerShell prompt and
type:
Set-ExecutionPolicy RemoteSigned
Core Cmdlets
The following cmdlets are some of the Core cmdlets used on a routine basis in Windows
PowerShell:
Add-History

Appends entries to the session history.

Add-PSSnapin

Adds one or more Windows PowerShell snap-ins to the

current

session.
Clear-History

Deletes entries from the command history.

Clear-Host

Deletes entries from the command history.

Connect-PSSession

Reconnects to disconnected sessions.

Disable-PSRemoting

Prevents the computer from receiving remote Windows

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

8/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

PowerShell
commands.
Disable-

Denies access to the session configurations on the local

PSSessionConfiguration

computer.

Disconnect-PSSession

Disconnects from a session.

Enable-PSRemoting

Configures the computer to receive remote commands.

Enable-

Configures the computer to receive remote commands.

PSSessionConfiguration
Enter-PSSession

Starts an interactive session with a remote computer.

Exit-PSSession

Ends an interactive session with a remote computer.

Export-Console

Exports the names of snap-ins in the current session to a

console file.

Export-ModuleMember

Specifies the module members that are exported.

ForEach-Object

Performs an operation against each of a set of input objects.

Get-Command

Gets all commands.

Get-Help

Displays information about Windows PowerShell cmdlets and

concepts.
Get-History

Gets a list of the commands entered during the current session.

Get-Job

Gets Windows PowerShell background jobs (PsJobs) that are

running

in the current console.

Get-Module

Gets the modules that have been imported, or can be imported,

into

the current session.

Get-PSSession

Gets the Windows PowerShell sessions (PSSessions) in the

current

session.
Get-PSSessionConfiguration Gets the session configurations registered on the computer.
Get-PSSnapin

Gets the Windows PowerShell snap-ins on the computer.

Get-Verb

Gets approved Windows PowerShell verbs.

Import-Module

Adds modules to the current session.

Invoke-Command

Runs commands on local and remote computers.

Invoke-History

Runs commands from the session history.

New-Module

Creates a new dynamic module that exists only in memory.

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize=

9/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

New-ModuleManifest

Creates a new module manifest.

New-PSSession

Creates a persistent connection to a local or remote computer.

New-

Creates a file that defines a session configuration.

PSSessionConfigurationFile
New-PSSessionOption

Creates an object that contains advanced options for a session.

New-PSTransportOption

Creates an object that contains advanced options for a session

configuration.
Out-Default

Sends the output to the default formatter and the default output

cmdlet. It is a placeholder that lets you write your own Out-Default function or cmdlet.
Out-Host

Sends output to the console.

Out-Null

Deletes output instead of sending it to the console.

Receive-Job

Gets the results of the Windows PowerShell background jobs

in the

current session.
Register-

Creates and registers a new session configuration.

PSSessionConfiguration
Remove-Job

Deletes a Windows PowerShell background job.

Remove-Module

Removes modules from the current session.

Remove-PSSession

Closes one or more Windows PowerShell sessions

(PSSessions).

Remove-PSSnapin

Removes Windows PowerShell snap-ins from the current

session.

Resume-Job

Restarts a suspended job.

Save-Help

Downloads and saves the newest help files to a file system

directory.

Set-PSDebug

Turns script debugging features on and off, sets the trace level
and

toggles strict mode.

Set-PSSessionConfiguration Changes the properties of a registered session configuration.
Set-StrictMode

Establishes and enforces coding rules in expressions, scripts,

and

script blocks.
Start-Job

Starts a Windows PowerShell background job.

Stop-Job

Stops a Windows PowerShell background job.

Suspend-Job

Temporarily stops workflow jobs.

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize

10/16

16/11/2014

Test-ModuleManifest

6 Using Windows PowerShell to Manage Group Policy

Verifies that a module manifest accurately describes the

contents of a

module.
Test-

Verifies the keys and values in a session configuration file.

PSSessionConfigurationFile
Unregister-

Deletes a registered session configurations from the computer.

PSSessionConfiguration
Update-Help

Downloads and installs the newest help files on your

computer.

Wait-Job

Suppresses the command prompt until one or all of the

Windows
PowerShell background jobs are complete.

Where-Object

Creates a filter that controls which objects will be passed

along a
command pipeline.

Figure 142: Available Cmdlets

Windows PowerShell Library for Group Policy

Figure 143: Windows PowerShell Library for Group Policy

Windows PowerShell now includes a library of routines for specifically managing group
policies.
The Group Policy module for Windows PowerShell is not loaded by default. To load this
module, open Windows PowerShell and type: import-module grouppolicy.

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize

11/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

To see this list of Group Policy related commands, open Windows PowerShell and type getcommand -module grouppolicy. This will display a list of all the cmdlets (Figure 144) that
are available in the Group Policy module.

Windows PowerShell Cmdlets for Group Policy

Figure 144: Windows PowerShell Commands for Group Policy

Windows PowerShell-Based Logon Scripts

Figure 145: Windows PowerShell Logon Scripts

Since Windows PowerShell is now installed by default on Windows 7 and later, it is possible
to use Windows PowerShell-based logon scripts to affect those computers.
https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize

12/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

Windows PowerShell logon scripts can be far more powerful than their batch file and
VBScript counterparts. With PowerShell, you can map drives, create shortcuts, change
registry values, create activity logs, copy files, map printers and much more! The code for
performing these operations is often simpler than VBscript.
The built-in PowerShell ISE is invaluable in assisting you when creating any kind of
PowerShell script. It supports colorized code, intellisense and code completion.
There are also third-party tools can help you to create and manage Windows PowerShell
logon scripts:
Specops Command (http://www.specopssoft.com)
Admin Script Editor (ASE) (http://adminscripteditor.com)
PowerGUI (http://www.powergui.org)

Acronyms
The following acronyms are used in this section:
ACL

access control list

ADO

ActiveX Data Objects

ADSI

Active Directory Service Interfaces

ASE

Admin Script Editor

CLR

Common Language Runtime

COM

Component Object Model

GPO

Group Policy object

HTML Hypertext Markup Language

IIS

Internet Information Services

WMI

Windows Management
Instrumentation

XML

Extensible Markup Language

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize

13/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

Section Review
Summary
Some of the Windows PowerShell features are:
Cmdlets for performing administrative tasks
Scripting language that accelerates automation of repetitive tasks due to its integration
with the command-line shell
Support for existing scripts, existing command-line tools, and multiple operating systems
Commands that follow standard naming conventions and work with a small set of
intuitive utilities
Simple access to objects and system administration data, and the ability to pipe objects
between command-line tools
Extensible interface that allows third-party vendors to quickly build custom tools and
utilities to administer applications running Windows
You should know how to perform some of the following basic Windows PowerShell tasks:
Open Windows PowerShell: Three different methods: 1) Click Start, All Programs,
Windows PowerShell, and Windows PowerShell shortcut. 2) Type powershell at the
command prompt. 3) Click Start, select Run, and type powershell.
Chain commands: Chain several commands together on the same line.
Write scripts: Compose scripts at the command-line within Windows PowerShell.
Run scripts: Type the full path to the file, or, if the current directory is where the scripts
are located, type .\ before the file name.
To access the Windows PowerShell library for Group Policy, first load the Group Policy
module (open Windows PowerShell and type import-module grouppolicy). To display
the list of Group Policy commands, open Windows PowerShell and type get-command https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize

14/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

module grouppolicy.
Some of the third-party Windows PowerShell-based logon script tools are:
Specops command
Admin Scipt Editor
PowerGUI

Knowledge Check
1.

What must you do in Windows PowerShell before you can display the list of Group
Policy commands?

2.

Which of the following is a feature of Windows PowerShell? (Choose all that apply.)
a.

Simple access to objects and system administration data, and provides the ability to
pipe objects between command-line tools

b.

Cmdlets for performing administrative tasks

c.

Run PowerShell commands against Windows 2000 operating systems

d.

Logging and error-handling capabilities for script execution tracking and error
handling

3.

Which extension is used to save a Windows PowerShell script file?

4.

List some of the third-party Windows PowerShell-based logon script tools.

Knowledge Check Answer Key

The correct answers to the Knowledge Check questions are bolded.
1.

What must you do in Windows PowerShell before you can display the list of Group
Policy commands?

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize

15/16

16/11/2014

6 Using Windows PowerShell to Manage Group Policy

Load the Group Policy module

2.

Which of the following is a feature of Windows PowerShell? (Choose all that apply.)
a.

Simple access to objects and system administration data, and provides the
ability to pipe objects between command-line tools

b.

Cmdlets for performing administrative tasks

c.

Run PowerShell commands against Windows 2000 operating systems

d.

Logging and error-handling capabilities for script execution tracking and

error handling

3.

Which extension is used to save a Windows PowerShell script file?

.ps1

4.

List some of the third-party Windows PowerShell-based logon script tools.

Specops command
Admin Script Editor
PowerGUI

https://skillpipe.courseware-marketplace.com/reader/en-GB/Book/BookPrintView/b6175ac1-149e-4f52-83bd-6350c9133320?ChapterNumber=7&FontSize

16/16