PowerShell has emerged as a critical tool for systems administrators, providing a consistent, adaptable technology for managing on-premises and cloud-based systems.
Microsoft launched PowerShell in 2006 to work solely in the Windows environment, but the company open sourced the technology in 2016. Today, the tool aims to appeal to a wider range of admins because it's now available for Linux and macOS as well as Windows. PowerShell has also made the jump to broader computing models, spanning cloud environments such as Microsoft Azure and AWS.
Don Jones, vice president, content partnerships and strategic initiatives at Pluralsight LLC, a technology skills platform based in Silicon Slopes, Utah, summed up PowerShell's scope.
"PowerShell is for admins -- no matter what you are administrating," he said.
What is PowerShell?
PowerShell is a command-line shell and scripting language that seeks to help admins configure systems and automate tasks. The object-oriented technology is built on Microsoft's .NET framework. As such, it lets IT personnel work with objects in contrast with text-based shells.
Microsoft has evolved PowerShell through several editions. The company launched the latest iteration, PowerShell 7, on March 4, 2020. Microsoft's goal over the years has been to preserve backward compatibility, although the ability to use certain commands and features, from version to version, has sometimes been an issue.
What is PowerShell used for?
PowerShell, in its role as command-line shell, serves as the replacement for Microsoft's Command Prompt, which goes back to the days of DOS. Microsoft made PowerShell the default command-line interface (CLI) for Windows 10 as of build 14791. Most users first interact with PowerShell in its command-line capacity.
The key use case for PowerShell is automating various administrative activities. Examples include navigating registries, identifying processes using the most memory and stopping/restarting a particular service. PowerShell can also obtain model information on a computer and extract information on OSes, such as the specific version and service pack levels. In addition, admins can use PowerShell to run commands and scripts on one or more remote computers, using protocols such as WS-Management and, more recently, Secure Shell (SSH).
PowerShell is used in IT departments to automate formerly manual tasks, with the objective of boosting efficiency. Third-party IT services firms, such as managed service providers (MSPs), also use PowerShell.
MSPs tap PowerShell to automate such tasks as software deployment, software integration and report generation. Service providers also create PowerShell scripts to periodically check on whether customers have required software installed and to automate the process of creating a new user account.
Cmdlets are the foundational component of PowerShell automation. A cmdlet performs a single function and returns a .NET object. Cmdlets are typically structured in a verb-noun format. One or more parameters can be added to a cmdlet to make the command more specific -- directing a cmdlet to install a particular version of a software product, for example.
Ready-made cmdlets abound, and admins can learn about them through help content, which describes the cmdlet and its parameters. Admins can create their own cmdlets using PowerShell script or C#. All told, thousands of cmdlets exist across PowerShell and public and private repositories.
Here are some of the basic cmdlets included in PowerShell.
Cmdlets vs. commands
Cmdlets attempt to make it clear to the user what action they perform. That's in contrast to the sometimes truncated and cryptic command statements used in other shells. Joey Aiello, senior program manager, PowerShell, at Microsoft, said PowerShell's "very verbose syntax" simplifies matters for people who aren't as familiar with the shorter command names used in shells such as CMD and BASH. On the other hand, PowerShell supports aliases for admins that are accustomed to using shorter commands.
Although cmdlets seek to make their functions easier to grasp, they also enable admins to tackle sophisticated management chores. PowerShell's underlying object orientation and the ability to pipeline cmdlets play the key role here. Output from one cmdlet can be used by other cmdlets in sequence, enabling admins to more readily take on complex tasks than they could when using conventional command statements. The ability to use cmdlets in combination also provides visibility into the task automation workflow.
According to Microsoft's cmdlet overview, cmdlets differ from commands in that they are instances of .NET framework classes, rather than stand-alone executables. Microsoft also points to PowerShell runtime's ability to handle parsing and output formatting for cmdlets as a point of differentiation.
PowerShell learning: Basics
Learning PowerShell typically begins with getting acquainted with some basic cmdlets and using the technology as a command-line shell.
"That is really the key starting point for anybody," Jones said. "You need to understand how the shell works and why it works to get a job done."
Common PowerShell commands and cmdlets let admins carry out a range of tasks, from manipulating files and directories to managing software and machines. PowerShell's consistency means that becoming familiar with a few cmdlets gives admins insight into others. Jonathan Hassell, an author and consultant with 82 Ventures in Charlotte, N.C., said learning how to automate basic tasks with PowerShell reveals the syntax and structure of PowerShell commands in general.
A few examples of foundational cmdlets for admins include Restart-Service for stopping and restarting a service; Get-Childitem -Force for listing every item in a folder and Get-WmiObject -Class Win32_ComputerSystem for gleaning information on the make and model of a computer.
Admins can also avail themselves of PowerShell modules, which are packages containing PowerShell commands. Modules serve as a tool for organizing commands and passing them along to other admins. Microsoft's PowerShell Gallery, as of Q1 2020, offers nearly 6,500 PowerShell modules and other code that users can download. Modules available in the PowerShell Gallery run the gamut from Pester, which runs a testing framework for PowerShell code and infrastructure configurations, to Dbatools, which provides myriad commands for automating SQL Server database development and administration.
How to create and run PowerShell scripts
PowerShell users with a grasp of the command-line shell can make the move to the next level of learning: tool making. Admins can "get into the scripting language and start making their own tools to automate the business processes, moving from a tool user to a tool creator," Jones said.
Learning how to script elevates an admin's productivity -- and that of his or her colleagues. "Someone who is creating these reusable units of execution makes things faster for everyone else in the organization," Jones noted.
Admins familiar with executing cmdlets can stitch commands together into a script, said Adam Bertram, a 20-year IT veteran and freelance writer. Going from basic use to more advanced activities is matter of expanding upon the foundational cmdlets. For example, PowerShell's Get-Service cmdlet queries all the services running on a local computer, but scripting lets an admin find all the stopped services, attempt to restart them and add some logging capabilities, Bertram noted. His PowerShell scripting tutorial for beginners provides details on how to build and execute such a script.
Scripts can automate commonplace tasks such as moving files from one place to another. Admins can use a PowerShell FTP script, for example, to upload and download files. They can also create advanced scripts to copy files between folders, drives and machines using PowerShell providers and cmdlets.
At some point, admins might want to harden PowerShell scripts or functions -- groups of PowerShell statements that might be included in scripts -- for use in production environments. If that's the case, a better understanding of the parameters of PowerShell functions might be in order. Other languages compel tool creators to design their own parameter and error handlers, but PowerShell includes much of this functionality on its own, noted Brandon Shell, CTO at Shell Consulting, in his problem-solving article.
As admins continue their scripting journey, they can tap into the PowerShell Integrated Scripting Environment (ISE). ISE lets users build and test PowerShell scripts without operating directly in PowerShell's CLI. Bertram's tutorial provides an overview of useful features for editing and managing scripts with PowerShell ISE.
PowerShell learning: Advanced concepts
Admins might eventually move into the third tier of PowerShell learning, in which they make a transition to professional software development. Jones said admins are still creating tools but are doing so in a more scalable and reliable fashion. At this point, PowerShell might be employed to create a continuous integration/continuous deployment (CI/CD) pipeline.
"We see PowerShell used more and more in CI/CD scenarios, especially with regards to cross-platform applications," Aiello said.
Here are some other advanced concepts admins can study.
Manipulating text. Building skills in PowerShell text manipulation can help admins with their advanced infrastructure management issues, according to independent consultant Richard Siddaway. Cmdlets for working with text include Add-Content, Clear-Content, Get-Content, Set-Content and Out-File.
Catching errors. To err is human, but proper logging can make troubleshooting a more forgiving process. Bertram outlined the steps for creating a custom PowerShell logging function from deciding on the logging options to include -- host, file and database, for example -- to defining the logic.
Troubleshooting remote server management. Admins managing remote servers with PowerShell might encounter the so-called double-hop problem when moving from one machine to another. But there are workarounds. For one, admins can tie a credential to a PowerShell session configuration and reuse it for subsequent connections, as detailed in this double-hop avoidance tutorial.
Performing tasks in parallel. Using PowerShell workflows lets admins run tasks in parallel -- a useful approach when automating the same commands across a multitude of servers or desktops.
Coding PowerShell workflows is more complex than creating standard PowerShell scripts and functions. In addition, PowerShell, going forward, will drop PowerShell Workflow as a feature (see "PowerShell 7" section below for more detail).
PowerShell has added capabilities over the course of numerous iterations. (Please see the "PowerShell 7" section below for a discussion of the latest version.) But some characteristics of the technology have remained steady over time.
Discoverability. Finding information on PowerShell's features is possible through cmdlets such as Get-Command, which lists the commands, including cmdlets and functions, available on a system. PowerShell was "very much designed with exploration and interactive usage in mind," according to Aiello. In that regard, Jones said PowerShell has taken a cue from, and expanded upon, man pages from the Unix/Linux world. Man pages, or manual pages, provide documentation on commands.
Help capabilities. Admins can gain insight into PowerShell concepts and components through the Get-Help cmdlet. The help system, Jones said, reinforces a design philosophy that protects the user's investment in learning. For example, the consistent set of verbs used in cmdlets -- Get, Set and Start for example -- helps admins deduce the purpose of any command using the same verb. "Once PowerShell asks you to learn something, you get a return on that same learning," Jones said. "The help system is a huge part of that promise."
Remote commands. PowerShell was built with enterprise management and the ability to accomplish tasks at scale as design considerations, Aiello noted. This direction put an emphasis on remoting from the beginning, and Microsoft's protocol support has expanded amid PowerShell's cross-platform makeover. Microsoft has added support for SSH, a staple of remote Linux administration, in addition to other protocols such as WS-Management.
Pipelining. In another borrowing from Unix, PowerShell pipelining lets admins link a series of commands together. This approach lets the output from one command become the input for the next command in the sequence. Pipelining enables users to take PowerShell's Lego-like pieces and assemble them in different ways depending on what they want to accomplish, Jones said.
Some important features that were added in later editions of PowerShell include Desired State Configuration. DSC, which arrived with PowerShell 4.0 in 2013, aims to offer admins a method for maintaining consistent configuration sets across computing devices.
PowerShell Active Directory management
PowerShell's features and functionality extend to a cornerstone technology of Windows environments: Active Directory (AD).
PowerShell as an automation tool can play a couple of roles with AD. Group administration, for instance, can prove a time-consuming burden for AD managers. However, a handful of AD-oriented PowerShell cmdlets can help admins manage AD groups
In addition, PowerShell can be used to find and transfer AD flexible server master operations (FSMO) roles. FSMO roles can prove hard to track because they might be dispersed across different domain controllers. PowerShell commands, coupled with the ability to create specialized functions, can simplify this activity.
On-premises management, monitoring and deployment
Admins can use PowerShell to manage and troubleshoot systems, taking advantage of modules available in PowerShell Gallery, GitHub and Microsoft products such as Internet Information Services (IIS).
Rebooting machines is a common administrative activity, and PowerShell can help simplify the process. As its name suggests, the PowerShell pending reboot module lets admins check if Windows has a pending reboot, an important consideration because Windows requires a reboot to wrap up tasks such as patch installation.
In addition, organizations can use PowerShell to configure Secure Sockets Layer (SSL) when building an IIS website. Admins can get the details on SSL configuration with PowerShell in a tutorial based on the WebAdministration module installed by default on IIS 10.0.
Other PowerShell modules that can help IT professionals in their daily tasks include PSWindowsUpdate, which enables admins to view update installation history and pending updates; PoshWSUS, which manages Windows Server Update Services; Carbon, which interacts with users, websites, certificates and other areas to handle a range of tasks; and NTFSSecurity, which puts a user-friendly spin on working with NTFS file permissions.
As for troubleshooting, PowerShell can help admins filter and query Windows event logs. Commands built on PowerShell's Get-EventLog cmdlet can reveal the most recent errors contained in a specific event log.
Public cloud and workload management
More IT assets are moving to the cloud, and PowerShell plays several roles in that environment.
PowerShell can provide an automated way to access Azure resources, for example. Admins can use an Azure service principal authentication script as part of an automated workflow that manages Microsoft's cloud. The Az PowerShell module provides the toolkit to get started.
Don Jones Vice president, content partnerships and strategic initiatives, Pluralsight
Microsoft's Cloud Shell, meanwhile, provides a browser-based shell that lets users work with PowerShell or BASH to manage Azure resources. "Cloud Shell is the most brilliant thing you can do to make people use PowerShell," Jones said, noting Cloud Shell introduces technicians unfamiliar with PowerShell to the technology.
PowerShell's reach, however, extends beyond Azure -- in keeping with Microsoft's cross-platform aspirations. The AWS Tools for PowerShell module gives admins another, and possibly familiar, option for AWS administration. Windows admins already working with PowerShell can quickly learn to use cmdlets to manage AWS offerings, noted Dan Franciscus, a systems engineer in the higher education sector.
Digging deeper into AWS services, admins can also use PowerShell to create an AWS Lambda function that provisions Elastic Compute Cloud instances. Lambda is AWS' serverless computing service.
PowerShell products and services
Although PowerShell covers a lot of ground on its own, users can take advantage of numerous third-party tools in the broader scripting language ecosystem.
A range of products are available that aim to help admins boost their PowerShell script building. Those tools include advanced editors, low-code offerings and services targeting specific platforms such as AD. Bertram cited several PowerShell tools in a product roundup: Cimitra Software's Cimitra Server, Ironman Software's Universal Automation, Sapien Technologies' PowerShell Studio, ScriptRunner Software's PowerShell automation and delegation platform and System Frontier's privilege access management product.
Services around PowerShell include online training courses, which aim to accommodate people with varying levels of expertise. Offerings range from a PowerShell tutorial for beginners on the Udemy learning platform to courses that focus on specific technologies such as DSC. Pluralsight, meanwhile, offers a multi-course learning path that provides content for entry-level to advanced users.
In 2018, Microsoft's cross-platform plans led to the creation of PowerShell Core, an edition of PowerShell the supports Linux and macOS. That product emerged in addition to traditional Windows PowerShell. The arrival of PowerShell 7, however, ends what Aiello described as a temporary fork in development. PowerShell 7 and its successors, according to a Microsoft statement, represent "the one, true PowerShell going forward."
The short-term Windows PowerShell/PowerShell Core split, however, created some functionality fissures and module incompatibilities between the editions. PowerShell 7 deals with some, but not all those gaps. Bertram said PowerShell 7's ability to run modules previously unavailable under Core addresses "one of the key reasons that Windows admins have avoided migrations to the newer version."
Specifically, PowerShell 7 includes a compatibility layer that Microsoft said lets users "import modules in an implicit Windows PowerShell session." With such PowerShell 7 features "backward compatibility is, essentially, as good as it's going to get," Aiello added.
Features left behind with PowerShell 7 include PowerShell Workflow, which was also absent from PowerShell Core 6.0. Workflow's role in paralyzing tasks is now replaced with PowerShell 7's pipeline parallelization. That feature is provided via the ForEach-Object cmdlet and the new -Parallel parameter.
"Customers told us that the only thing they really missed from Workflows was the parallelization aspect, which is why we prioritized ForEach-Object -Parallel," Aiello said. Pipeline parallelization will result in "massive performance gains," he added.
However, the -Parallel parameter isn't a complete Workflow replacement, according to Jones, who noted Workflow was also designed for resumable, long-running tasks. He said Workflow never had high adoption, adding that DSC has superseded Workflow in many ways.
Other features in PowerShell 7 include a new Get-Error cmdlet, new ternary operators and new pipeline operators. As for PowerShell error handing, PowerShell 7 offers a few twists. In addition to Get-Error, which lets admins survey all the information within a PowerShell error record, PowerShell 7 also includes ConciseView, which makes error messages easier to understand.
The future of PowerShell
One issue ahead for PowerShell is migration from previous versions of the technology to the consolidated PowerShell 7. Considerations that favor a move to PowerShell 7 from Windows PowerShell include the previously mentioned module compatibility and features that seek to make the product easier and more efficient. Faster execution speed, which stems from PowerShell 7's .NET Core foundation, is another argument in favor of migration.
Going forward, Microsoft will continue to focus on distributed and cloud-based scenarios, making sure PowerShell serves as an effective tool in those environments, Jones noted. He expects Microsoft to pursue developments along the lines of Cloud Shell.
Overall, Jones believes PowerShell has reached a "nice level of maturity" that will let Microsoft focus on "tweaking the small things" rather than developing grand, new features. An unanticipated IT revolution could compel Microsoft's PowerShell development team to undertake a sweeping overhaul. But otherwise, incremental changes will characterize the years ahead, he said.
"We are looking at continual evolution," Jones added. "The team created something that can withstand the ages."