PowerShell needs no introduction — it’s the configuration management and task automation framework of choice for the Windows environment. It combines the flexibility of a powerful scripting language with the power and speed of the command line to help IT admins orchestrate, automate and troubleshoot common IT functions.
As such, PowerShell is an indispensable tool for MSPs looking for a way to easily manage computers and servers across clients’ IT environments. More importantly, PowerShell remoting enables IT admins to access PowerShell sessions and run PowerShell commands on remote Windows systems.
PowerShell’s ability to execute remote management commands is especially beneficial to sysadmins, who can use it to manage multiple IT environments. This increases productivity and helps to overcome several challenges common to the MSP workspace. To help you get started, let’s take a look at some of the basic PowerShell commandlets that your IT admins should know.
- Making a new firewall rule
- Restarting the server or computer
- Restating certain services
- Checking the status of the service, and more
Get-Help is a simple but very useful command that enables admins to obtain helpful information about other PowerShell cmdlets, scripts, etc. If you need to know how the Get-EventLog command works, all you need to do is type “Get-Help -Name Get-EventLog” and Windows displays the full command syntax.
This displays the list of commands that correspond to the search parameter you entered. Admins can use this command by typing Get-Command followed by their search query. For instance, “Get-Command *-service*” displays all the commands associated with -service.
This command provides you with the list of services installed on your system. If you include the -Name switch as well as the name of the service as parameters to the Get-Service command, Windows will display the state of the service.
This command is similar to the Get-Service command. It’s used to get the list of all running processes on your computer.
In line with security best practices, Windows has four built-in levels of access to the PowerShell environment. They are Restricted, All Signed, Remote Signed and Unrestricted.
- Restricted — this locks down PowerShell and ensures that the environment is unable to run PowerShell scripts. You can only enter this command interactively.
- Unrestricted — this removes all execution policy restrictions.
- All Signed — in this mode, only scripts signed by trusted publishers are allowed to run.
- Remote Signed — setting the execution policy to Remote Signed allows the execution of all scripts created locally. Scripts created remotely are allowed to run only if they are signed by trusted publishers.
To prevent the execution of malicious code in the PowerShell environment, scripting is disabled by default — i.e. set to Restricted. The Set-ExecutionPolicy command allows you to select your preferred level of security. All you need to do is enter the Set-ExecutionPolicy command and the policy name. For instance, “Set-ExecutionPolicy Unrestricted”.
In this document you'll find a PowerShell script that checks the status of the services listed below and sends an email alert if any of them is turned off:
- Windows Firewall
- Windows Defender
- Windows Update Service
- Any installed third-party antivirus
As an IT admin working on unfamiliar computers and servers, you should first find out the status of the execution policy before running a script. The Get-ExecutionPolicy command helps you do this.
The Start-Service command allows you to start any service on Windows — even if the service is disabled. To do this, append the name of the service to the Start-Service command. For example, ‘Start-Service -Name "WSearch"’ opens up Windows Search.
This is quite similar to the Start-Service command and allows you to start one or more processes via PowerShell. Use the Start-Process command followed by the requisite parameters to start a process.
The Stop-Process command enables you to stop a process (or some of its instances) currently running on a computer. This is particularly useful when a process freezes up. Use the Get-Process command to get the process ID or name of the unresponsive process.
Terminate the process by typing the Stop-Process command with the process ID or process name. For instance, you can stop all Notepad processes using the following command:
Stop-Process -Name notepad
You can also stop a particular instance of a process using its process ID:
Stop-Process -ID 1943
The ConvertTo-HTML command is a useful tool that admins can use to transfer the output of a PowerShell command/script into a report for further analysis or to send to someone else. For example, you may want to create a report that lists all the running processes on a local computer, as well as their current status. To do this, you can use this command:
Get-Process | ConvertTo-HTML -Property Name, Status > C:\processes.htm
This command will store the list of all running processes (in the form of a Web report) in a file called processes.htm
Here are links to more-complex PowerShell scripts for advanced users. These scripts are particularly useful for automating IT admin tasks and solving challenges common to MSP operations.
- Set user password on the local or remote machine. This script allows admins to set passwords for user accounts on remote and local machines.
- Check for stopped or hung services. This script allows you to check if services (on remote systems you specify) are hung or stopped. If there are any such services, you’ll receive a notification email. The script then stops hung services and attempts to restart them.
- Reset password for specified users. This script resets passwords for multiple user accounts. It’s particularly useful when your IT admins need to reset the passwords for all users in client organizations.
- Get network information of remote and local PC/servers. This script returns the network information (IP address, subnet, gateways, and DNS servers) of local and remote machines.
IT admins looking to use PowerShell to manage remote client workstations must first enable PowerShell remoting on the system they want to connect to remotely. This feature is locked down by default and enabling it gives you access to several remote management functions supported by the Windows Remote Management (WinRM) service and the WS-Management protocol.
Ensure that your technicians configure all client workstations and servers to accept remote PowerShell connections from authorized personnel. The configuration procedure should be documented in your New PC Checklist, standard operating procedures (SOPs), and other MSP documentation.
While PowerShell isn’t a silver bullet for all your IT admin workloads, it comes pretty close. In the hands of a proficient IT professional, it can help streamline and resolve several hurdles in the MSP workspace, resulting in increased productivity, better service delivery, and more satisfied clients.