If you have end users (and who doesn’t?) you should be worried about what they might try to run or install on their computer. Some people just don’t pay attention, clicking on any box that may appear.
Others simply think they can do whatever they want on their work machine.
But, for the most part, people simply don’t understand that an innocent appearing pop up may actually be something that they don’t want.
Antivirus software can help, but we all know it’s far from foolproof. Another great idea is to make sure your users are not local administrators. Unfortunately, that doesn’t stop them from installing all programs, just those that go into protected areas like the Program Files folder. Anything that installs under a profile, like most browsers (and most crypto infections) can install with only user-level access. So what’s an admin to do? Whitelist!
Whitelisting is a process where you select a list of programs and allow only those programs to run. If a user tries to run (or install) anything not on the list, it will fail with an error similar to this:
There are many third party programs out there that can implement whitelisting, but Windows Server already has this ability built in. If you are using Pro versions of Windows on your Desktops you can use Software Restriction Policies (SRP). If you are using Enterprise versions you can use the more full-featured Applocker, but most small businesses will find SRP is more than enough.
Software Restriction Policies are configured via Group Policy, and work just like any other GPO. You can configure it as a User or a Computer GPO and then apply it however you like. You can even set up SRP via Local Policy on machines that are not on a domain.
SRP offers several ways to add programs to the whitelist.
By path. This is the broadest method, allowing you to add entire folders. This is the method used to add the default items, like the Windows folder. This should only be done with paths that you trust and that cannot be written to by your Users. If your user has write access, the path isn’t safe because the User could put anything in there.
Programs by filename. This allows you to specify a particular location (like c:\MyProgram) and only allow a certain filename to run from it. This is a little more restrictive than allowing an entire folder, but if the User can write to this location there is the chance that they might delete the real program and replace it with something of their own. For less tech-savvy users, though, this isn’t very likely to happen.
Network Zones. This allows programs if they come from a trusted site, like your local Intranet. While this option exists, it seems unlikely that any SMBs would ever use it.
Hash rules. With this option, SRP will create a hash of the file you want to allow and then it will be allowed to run no matter what folder it happens to be in. This is considerably more secure than a path rule because only this exact file will be allowed. If you ever need to update the file, you’ll need a new rule to create a new hash.
Certificate rules. These are probably the most secure type, because they are based on a certificate from the manufacturer. Because of this, they require more work from the PC and can slow down processing. Each time you run a program with a Certificate Rule applied it has to check in with the Server to see if the Certificate is valid and if it’s expired or not. When the certificate does expire, you’ll need to create a new rule.
While it sounds somewhat intimidating, getting SRP up and running really isn’t that bad. I’ve created a snip on the basic setup here:
As long as you remember to test your settings on a small group before deploying to the entire network, you’ll find SRP to be fairly painless. Whether you decide to use SRP, Applocker, or another option, with whitelisting your network will be safer than ever before.
When I started TechSnips just eight months ago, I had originally intended to recruit contributors, help them get their short videos on techsnips.io and sell subscriptions. This didn’t turn out like I had originally intended at all. Time to pivot!
We’re now no longer just snips, but we now have a snip and a growing course program that I’m really excited about. Unlike snips, our course program is helping us grow financially which allows me to make this announcement.
Relaxing the Snip Contract
For many years, I’ve been heavily involved with a technical community; the Microsoft community to be specific. I’ve been a Microsoft MVP for five years now and have thoroughly enjoyed both getting to know other people and more importantly helping so many professionals in the careers.
With that being said, as of yesterday, when a new TechSnips contributor joined us, they were required to sign a contract stating that they were not allowed to host their snips on any other platform. They were allowed to link to their videos but under no circumstances were they allowed to take the actual edited video that’s hosted on techsnips.io and make copies of it.
This contract was based on our old business model and was already outdated. That era is over.
As of today, I’m announcing that all TechSnips contributors are free to do with their snips whatever they please. Every TechSnips contributor now is granted a non-exclusive, perpetual license on every snip they produce through our publishing platform granting them to use their snips wherever and however they want granted they don’t modify the video.
Also, to prevent any conflicts with moonlighting policies, all contributors have the right to not get paid by TechSnips making techsnips.io a true, community platform helping technology professionals without letting money/tax issues get in the way.
All contributors now are able to get their videos professionally edited, hosted on techsnips.io, promoted for free and get the ability to take their final snip and share it with their community!
I hope this shift to make our snip format and platform completely free and accessible to everyone continues to encourage greater community involvement and to give everyone a chance to help others in their own technical community!
If you’ve ever subscribed to or purchased content on e-learning services like Pluralsight, CBT Nuggets, LinkedIn Learning (Lynda), Udemy, et al., you’ve been a student of an e-learning course. These courses aim to help students learn a particular skill, help them pass a certification exam or enter an entirely new profession. A course can be just about anything, especially on Udemy!
Every successful e-learning course has lots of students and a single or a handful of instructors. A wildly popular course could have millions of students yet an only instructor (author). The chances of being a student on a course are a whole lot more likely than being the course author.
At TechSnips, we help IT professionals, developers, tech pros of all walks of life transform from one of the many (students) to one of the few (instructors). We help subject matter experts (SMEs) turn the knowledge in their head into a well-thought-out course that will potentially help millions of students learn a new skill to get that promotion, pass that certification exam to get a new job or just get a jump start on a new hobby!
Snips vs. Courses
Before we get into courses, it’s important you first understand our split snip vs. course programs. If you’ve seen our website, techsnips.io, you’ll see here nor there a course. TechSnips.io hosts short, how-to videos that get right to the point and teach a task. We call these videos snips. Snips are perfect if an IT pro knows what his problem is just not how to do it. Snips teach how to perform a task. Courses, on the other hand, explain how to build a skill.
Snips are the perfect solution in a pinch for that system administrator that can’t figure out how to upload files to Microsoft Azure, install a PowerShell module or how to back up a virtual machine. These are all tasks. Courses, on the other hand, teach skills that may or may not be groups of snips combined with slides, quizzes, etc.
A snip teaches how to repair a car transmission; a course teaches how to become a mechanic. Task vs. skill. Learning how to fix a car transmission is an important task every mechanic needs to learn, but it’s not nearly everything a mechanic needs to know to become ASE certified.
TechSnips still maintains our snip platform and will continue to do so but will not be the primary business focus for the time being.
E-Learning Training Companies
Previously, I mentioned companies like Pluralsight, LinkedIn Learning (Lynda), Udemy and others. These companies provide courses directly to their customers. Each company has a two-sided market; students and instructors. To attract customers (students), these companies must produce great courses. But to create great courses, they need experts (instructors) that can teach them. They can and do hire full-time instructors but also hire many contractors to develop these courses.
Each training company built and maintains its own platform, has its own students and markets their individual courses to acquire as many customers as possible.
These companies invest lots of money acquiring both instructors and students creating a large match-making service.
TechSnips is not a training company although we do tend to dabble in our own courses from time to time. Our primary focus is on filling a gap in our training company partners’ content libraries by providing access to many different experts capable of producing many different courses.
We work directly with training companies, not against them to provide a “Courses as a Service” platform by automating and removing every logistical task necessary to create a course. We strive to let experts teach their skills and handle the rest.
Working Directly with Training Companies
Typically, when an e-learning company needs a course created, they will reach out to individual authors in an attempt to woo a subject matter expert to build the course for them. Or, a potential course author will reach out to the training company and pitch course ideas to see if the training company will bite. Either way, the relationship is always 1:1 between a single author and the training company.
On the surface, this 1:1 relationship sounds simple until a course newbie really gets into it. They will soon be overwhelmed by course logistics.
What kind of outline are you looking for?
What kind of instructional style do you want?
When do I need to put in slides?
What slide template do I use again?
Do you always need a course introduction?
Holy hell, I’ve got to build my own demo environment?
Now, a module is part of a course, and a lesson is part of a module, right?
Do you need the videos in MP4, AVI or MOV format?
What’s the framerate supposed to be?
How long should the course be? Do you have a max length per lesson?
What is “scope” and how does it relate to courses and individual lessons?
What exactly does this contract I’m signing mean?
You mean to tell me I have to be a video editor too on top of all of this?
…and on and on.
I went through all of this when I was first producing courses for various companies and to be honest, I hated it. I loved coming up with the scenarios and teaching, but I hated all of the logistics that went into ensuring the course was packaged precisely how the training company wanted it.
I especially hated doing my own editing. I tried to outsource as much as possible, but I would then have to train contractors on the exact specifications the company needed, remember to pay them and still handle all of the paperwork with the training company. I wished there was a better way…
Where TechSnips Comes In
Training companies will always have their own specific requirements, and these hoops will still have to be jumped through, but we believe the author shouldn’t have to. We think a subject matter expert should do what they do best; be an expert in the subject they’re teaching! Crazy concept, huh?
We believe that it’s entirely unnecessary for an expert to concern him or herself with all of the logistics that go into course production. Instead, we want an expert to teach. That’s it. Plain and simple. All of the other rigamarole that goes into getting a course laid out and submitted to a training company shouldn’t even come into the picture.
Spreading the Workload
I’ve seen it many times. When you lay a pre-created 3-hour course outline in front of a tech expert that’s never authored a course before, their eyes glaze over. Even though the first part (coming up the outline) is completed for them, time building demo environments, building slides and a lot of deep thinking all come to a head and freeze them up. “That…..will take me a few months!”, they say. …and they’re right if they’re on their own.
What makes TechSnips unique is our contributor community. We have nearly 100 experts in our community now and growing that can help. Courses are typically created by a single author and for a good reason. It’s hard to delegate responsibilities to multiple people, but we believe we’ve cracked that nut.
TechSnips has a model that allows us to assign multiple authors to a single course all using a single platform and payments evenly split by the amount of work each author puts in. We’re even working on multiple authors per lesson! Imagine getting that sweet, sweet passive income from a course when all you’ve done is create the scripts the course presenter then records in the video. It’s possible as a TechSnips course author.
Creating a Course from Scratch
If you’ve never been involved in creating an e-learning course, the process is the same regardless if you’re creating courses for Pluralsight, LinkedIn Learning (Lynda), CBT Nuggets or any other large training company.
In a tiny nutshell, the overall stages to publish a course are:
Course pitch (working with the company to determine what course they want)
Course summary (creating an overall review of what the course is about)
Course proposal (building an outline of sections, lessons, abstracts, etc.)
Approval (working with the company to agree on your proposal)
Paperwork (reading and signing legal contracts)
Demos (building demo environments, coming up with scripts and recording)
Slides (building slide decks and recording slides)
Editing (after recording, ensuring the video flows nicely)
Submitting demo/slides (sending demos/slides to the company)
Demos/slides approval (performing any edits/re-records necessary)
Publishing the course (company publishes your course on their platform)
Getting paid (Yay! We’re done!)
We at TechSnips understand these stages intimately and have designed an automated system to account for all of them allowing all of our course authors to only worry about the absolute minimum. However, we’re not going to gloss over the fact that creating a course whether you’re partnering with TechSnips or not requires work.
Effort Required to Build a Course
With talk of all this work, are you scared yet? I hope not! Producing courses with TechSnips alleviates a ton of work, but we’re not going to build the course for you! You’re the expert; we’re just the platform.
Before we too far into this topic, I have to let you know that everyone is different. Please don’t join a course and 200 hours into it, gripe to me telling me I told you that it was only going to take 20 hours if you’ve decided to boil the ocean! I can only provide numbers based on my personal experience.
Let’s break down the applicable stages from the section above that entail doing some work on the part of the course author. Remember, these are rough numbers from my personal experience from producing or helping produce ~30 different courses. These numbers are also in man hours. They do not include time waiting for a response from the training company.
Based on a typical 2-hour course, here is a breakdown by stage in hours both by working with the training company alone or and as a TechSnips contributor:
No Help from TechSnips
As a TechSnips Contributor
We reduce the course author’s workload in every stage. Through services like mentoring/coaching presentation skills, providing prebuilt lab environments, removing all editing required and providing a single platform linked to multiple training companies, we expedite from pitch to payment.
*We help out with slides as well and may eventually take this down to 0. A tech expert doesn’t need to be a PowerPoint ninja too!
Imagine for a minute getting paid to do nothing. Every month, money just appears in your checking account without a finger lifted on your part. It’s like clockwork. Every month, the money comes in. The amount may vary month-to-month but usually stays around the same. This monthly account deposit is everyone’s best friend; passive income.
Many people think the only way to make money is to trade in their time. Whether you have a full-time job working 40 hours/week or are a consultant charging $150/hr, the amount of money you receive is dependent on the amount of time you put in. Work more, get paid more whether you’re going into overtime or burning the midnight oil as a consultant or contractor.
If you’ve never experienced passive income before, getting paid every month when you haven’t stepped foot outside your door to go to work seems crazy. It almost looks too good to be true but, I assure you, it’s not. It’s merely extending the payment model you’re used to over a long period. The work still must be done, but you are paid not based on your time but on the value your work delivers.
Passive income is a general term that refers to putting in work for a limited amount of time and getting paid for that work for years to come. Passive income can be achieved lots of ways from building software or an online service and providing a self-service checkout, writing a book and collecting royalties, writing an eBook and hosting it on a platform like Leanpub and receiving a share of the revenue, having blog sponsors or any other activity that requires work upfront with payments over time.
The Snowball Story
A great metaphor to explain passive income is to compare it to a snowball.
Imagine you’re outside on a snowy day, pick up some snow and make a snowball. The snow is that wet, sticky snow, so you’re able to create this snowball easily. Holding the snowball in your hand, it weighs no more than a few ounces. This is the money you receive from royalties your first month via your first course. Cute but nothing to write home about.
That snowball in your hand reminds you of the mountains, so you decide you need to climb Mt. Everest to achieve spiritual enlightenment. Just go with me here. You battle the elements and take your little snowball with you to the top as a reminder of where you came from.
Once you’re at the top, you then decide to free your little snowball and roll it down the mountain. At first, it merrily bounces along down the mountain but soon begins to grow mowing down shrubs, grow some more where it’s now pummeling small trees, roll down a few more thousand feet and it’s taking out entire basecamps! By the time it gets to the bottom of the mountain, it’s on a mission and soon takes out tiny Tibetan towns.
Your once cute little snowball has morphed into a monster consuming everything in its path. Now imagine that snowball is your money and the altitude is time. The farther down the mountain the snowball goes, the more work you do and the more value you create exponentially growing your snowball and the bigger your bank account gets. In this metaphor the snowball eventually stops; it’s simple physics. But in our real, passive income example, the money keeps coming in month after month forever!
Building Passive Income with E-learning Courses
Passive income comes in many forms, but here at TechSnips, we provide this nirvana-like service in the way of e-learning courses. The TechSnips Course program partners with leading training companies that need online courses and we also publish our own. Regardless of where the course is posted, it will always be made for sale and will always be consumed by students over time.
A course provides value to consumers not once or twice, but, typically, for years. Since that value is spread out over time, TechSnips and you, get paid for the work that we put into building that course over that timespan.
For a course to be successful, it needs to meet three rough criteria:
It has to be marketed well and in front of potential students
It has to be packaged well
It has to be a well-produced, quality course that students can learn from
TechSnips and our partners take care of the first two criteria, and the third is up to you. We help you build the best course possible, but it’s ultimately up to you to make the course awesome. To develop your monster snowball, the key is quantity. The equation is simple; the more courses you produce, the more money you make and the longer your passive income will continue over time.
Let’s Talk Numbers
We’re talking passive income here, but we also need to speak to the upfront payments you get when authoring courses with TechSnips. When a course is completed, you will receive anywhere from $800 to $2000+. If you’ve decided to go lone ranger on the course and are the sole author, that entire amount is yours. If not, that amount is then split between any other authors that are also assigned to that course.
The upfront payment isn’t bad but hardly worth the 30-50+ hours of work that may go into a 2-hour course. The real money is in the passive income!
A snowball can start its journey at various sizes, and no two snowballs will take the same route down the mountain just like course royalties and revenue sharing. The size of the monster at the bottom depends on a multitude of factors, but it all comes down to popularity. The amount of passive income you receive depends on how favorited your course is with its audience.
For example, Pluralsight uses its own platform to host courses for students and pays royalties based on minutes viewed. Packt, on the other hand, distributes their courses amongst many different platforms and pays you based on a percentage of revenue earned from your course. Either way, you get paid more if your course is popular and less if no one wants to watch it.
Once you’re approved as a TechSnips course author, you can build courses for many different training companies all with a single platform.
It’s tough to determine how much you can anticipate receiving per month in passive income. The number all depends on the TechSnips course partner, the time of year, how good the partner is at marketing your course, if your course is aimed at beginners, intermediate or experts and more. With that being said, I can provide a big range. If you are the sole author on a course, you can expect anywhere from $20 – $2000/month. I told you it was a big range! I can’t, with a good conscience, tell you exactly how much you will make.
How much you make solely depends on your ability to teach a great course and how many courses you produce.
Get Started Today!
If you’re currently not a TechSnips contributor or are and have yet to get started on your first course and are not presently seeing passive income, what are you waiting for? Go outside, pick up some snow and let’s see what kind of monster we can build together!
Short term pain, long term gain. That’s what we hear from people when they are watching on the sidelines when we’re working towards a goal. These people either strive to motivate us or are entertained by watching us struggle and want to see how stubborn we can be.
We go to the gym, see no results the next day. We start eating healthy and feel no different. We stay in a job that’s meh just because it’s comfortable and we entrepreneurs bust our asses for nothing for months sometimes years in hopes of a big payoff someday.
What does each of these situations have in common? They all require either:
C. tenacity and grit
I’m positive it takes a little bit of each.
When I quit my job nearly eight months ago for an opportunity that had no guarantee, no paycheck and no clear end goal everyone thought I had a screw loose. “Grit! “, I told them. “No, it’s a vision!”, I told them. They’d nod and wish me well still thinking I was nuts.
Short term pain
Imagine for a minute you’re on a tightrope high above the ground wobbling on a 1-inch wire. Scary, right? Now imagine you have an enormous cushion made of baby lamb’s wool and unicorn tears below you. If you were to fall, it may actually feel wonderful feeling that soft embrace of the net.
You’d happily stroll along the wire without a care in the world. Who cares if I fall? Hell, I may jump! This is what a nice, cushy job feels like. Another week, another big paycheck. Ain’t life grand? For some maybe.
There’s no pain but no challenge. No fulfillment. Take your Hawaii vacation with your loads of PTO and buy that Ferrari. As my Australian friends say, “Good on ya!”. But what kind of way is that to live? What are you actually accomplishing? Do you feel like you’re making a difference in the world? If not, ask yourself if this is what you want for the rest of your life.
Sure. There will be fights with your spouse, you’ll question your sanity, you’ll run budgets nonstop to reassure yourself it’ll be OK and you’ll constantly wonder what you’re committing your life to really is a good idea after all. “WTF HAVE I DONE??”
It’s painful. Sometimes very. But nothing great comes free and without risk.
Rome wasn’t built in a day and neither can a fruitful and fulfilling business like TechSnips.
Long term gain
It’s been nearly eight months since I started TechSnips and I can finally say my attitude is beginning to change from a pain to gain mentality.
We’re not making loads of money by any means and we’re not a huge team capable of destroying our competition. We do, however, have momentum and a growing community.
Since we’ve pivoted to focus on our course partner program we received our first course payment this month. Talk about exciting! We now have 13 courses in the queue and our dedicated team of contributors are hard at work cranking them out. I can see the snowball starting to build!
We are an agile company capable of coordinating hundreds of moving parts at once though our highly systematized processes. I knew being Adam the Automator would come in handy besides the occasional blog article or two.
We’re attracting 3-5 new contributors every week who immediately are put in touch with Anthony, my first lieutenant/VP of Content where he’s able to get them up to speed fast and part of our community.
I can say that after all of the hard work, we’re finally hitting our stride. With a dedicated community, collective knowledge and everyone’s commitment to coming together making TechSnips a success, I know we will succeed.
In my current day job, I’m often asked about using PowerCLI to perform a number of tasks in a vCenter cluster. This is a story about a recent request for assistance from a colleague who needed to export a custom monitoring appliance template to a new vCenter cluster that was being built. My colleague was under a time constraint and did not have the necessary access to the template.
Never wanting to miss a chance to use PowerShell or PowerCLI, I jumped in head first to help. I gathered the necessary information from my colleague, and began connecting to the cluster:
There are two cmdlets that stand out;
Both of these cmdlets appear to be exactly what I need. But first, I’ll educate myself a little more on the proper use for each. I start with
Export-VApp This cmdlet will export the powered off VM as an OVF to the current directory my session is in by default if I do not specify a path. I have a path in mind, so I’m going to go with the following code:
I should have thought about that a bit more before running the command. You cannot export a running VM to an OVF! No worries, this is a quick fix. I’ll modify my code a little more:
That was easy. With the template appliance now offline, I could resume running the
Export-VApp cmdlet I tried to run earlier. This process took about 10 minutes, and wasn’t a very large appliance to begin with. Now I have a 3.5 GB appliance ready to be deployed into another vCenter environment. Or do I?
Feeling like I’m driving the train now, I enter and run the following code:
The notion just crossed my mind that I got ahead of myself, and failed to find out if I was actually connecting to another vCenter cluster.
Something happened when I began to import the previously exported VM appliance. A sea of red error messages.
I read the error message, and sure enough, the host is not a part of a vCenter cluster and therefore does not have proper licensing to complete the import using PowerCLI. This is a limitation that VMware enforces. No worries, I could still connect to the web interface of the host and manually import using the HTML 5 interface. The wizard walks you through each step, give the imported appliance a name, choose the OVF, datastore, deployment type (thick or thin provisioned), and verify the configuration. After that, select finish and the import begins. While the previous import attempt would work great with a vCenter cluster, it was simply not going to work in this situation. This took a little longer than expected but was straight forward. You can read more about the process here.
In the end, the import was a success, and my colleague met their deadline.
Until this exercise, I was not aware that not all PowerCLI cmdlets were available in all situations. However, Both of us learned a new skill and, while experiencing some unforeseen adversity, we still accomplished the task at hand. Too often we rush through IT projects looking for the ‘quick’ fix. Watch your speed, take another minute or two to ask questions, step back and understand the problem you are trying to solve. You may find you’ll learn something new.
Despite its lack of features and options, PowerShell ISE used to be the primary tool to develop and edit PowerShell Scripts. It offered an integrated development environment (IDE) that included some basic features to build scripts and modules.
Microsoft is no longer actively developing the PowerShell Integrated Scripting Environment (ISE) and is being replaced by the more powerful and versatile open source Visual Studio Code (VS Code). With its ever-expanding options and extensions, VS Code is quickly becoming the new standard tool for developing not only PowerShell, but just about any other language you choose.
Despite all the new features available in VS Code, leaving the familiar environment of PowerShell ISE is difficult. It is like watching your child go to college. You are proud of the achievement but sad about having left a comfortable environment.
VS Code can be intimidating at first. As the default settings of VS Code can be a little hard to work with if you are used to working with PowerShell ISE. However, it’s highly customizable, and with the addition of Extensions and a few configuration settings, you can make VS Code look and behave just like PowerShell ISE.
To get VS Code to look like PowerShell ISE, the PowerShell Extension needs to be installed. To install, select the setting gear at the bottom left, then pick Extensions.
At the search box, type in Powershell and then install. This extension adds a few features to the default settings of VS Code.
To get the distinctive look of PowerShell ISE, select the settings gear and then Color Theme. Choose the PowerShell ISE theme.
Now that you have the look of PowerShell ISE, we need to set the behavior to match ISE.
The default install of VS Code lacks some features of PowerShell ISE, such as Zoom, Tab-Completion, Intellisense, and Code Snippets.
For setting the environment to match that of PowerShell ISE, we need to add some environment settings to the VS Code settings.
Keyboard and Mouse Actions
Open the command palette using the ctrl+Shift+P key combination. In the command palate box, enter “Preferences Open Settings (JSON).” This will open up a two-pane window with the user settings on the right. Insert the following code between the brackets on the right pane.
“Quote me as saying I was mis-quoted.” -Groucho Marx
There are two types of quotes that can be used in PowerShell. Single and Double quotations. Some critical differences between the two can make or break a script. Knowing these differences will make you a more effective PowerShell scriptwriter and help you avoid a rather simple mistake.
In this post, I’ll quickly explain these differences and provide examples of each scenario.
Single quotation strings are what you will most often use and encounter when creating or troubleshooting PowerShell scripts.
Consider the following example:
# Assign a variable with a literal value of 'single'.
# Put the variable into another literal string value.
Write-Host-Message'Fun with $MyVar1 quotes.'
Now examine the output:
In the above case, PowerShell ignores
$MyVar1 and treats the variable literally as $MyVar1, exactly what was typed. There is no substitution here.
But how do you get PowerShell to recognize the variable value within a quoted string value? That’s where double quotation comes in.
Double quotation gives you a dynamic element to string values. You will encounter this type of string quotation when the string contains dynamic data from variables stored in memory or dynamically generated.
Consider the following example:
# Same as previous example. Create a variable with a simple value.
# Now to demonstrate double quotes magical power of interpretation!
Write-Host-Message"Fun with $MyVar2 quotes."
Now examine the output:
In the above case, PowerShell processes
$MyVar2 because it was enclosed by a double-quoted string. Double quotes make PowerShell parse for text (the variable) preceded by a dollar sign and substitutes the variable name the corresponding value.
Real World Scenario
Now, apply this knowledge to a real scenario. Let’s say that you need to create a small function that will give an operator on your team some real basic information:
Date / Time
Disk % Used
Disk % free
You need to return this information visually to an operator. Simple.
First, some pseudo code. We need to display the date time as today’s date and time. Think about how this string value will work. We can use
Get-Date and the
-Uformat parameter to give us the required date/time by using the correct patterns:
$date=Get-Date-UFormat"%m / %d / %Y:"
Testing the code in a PowerShell terminal confirms this works:
That takes care of the first part of the script. Now, I need to gather some disk information to also output to the terminal. The key metric I’m looking for is the percentage of free space remaining. I’ll display this information using
Write-Host again, but this time I’ll need to insert additional code inside the double-quoted string. Remember, this information will be dynamic. For the purposes of this example, I’m going to create a variable, then utilize an available member type property to get the value I’m looking for:
Testing the code in a PowerShell terminal confirms this works:
Perfect. We now have two variables that we can place in the strings that the operator will see when running this function. So let’s assemble the bits into the final script that will become our function:
Write-Host-ForegroundColorYellow"There is $($disk.PercentFree)% total disk space remaining."
Testing again in a PowerShell terminal, here is what the operator would see:
Notice what I did inside the last
Write-Host line with the
$disk variable. PowerShell evaluates the $( ) construct as an entire subexpression then replaces the result. Doing it this way also helps you avoid having to create more variables, which saves memory and can even make your script faster.
The function still needs some work. So let’s finish it off by adding some math to show a full calculation to the operator:
Write-Host-ForegroundColorRed"There is $(100 - $disk.PercentFree)% total disk utilization on drive $($disk.Name)."
Write-Host-ForegroundColorYellow"There is $($disk.PercentFree)% total disk space remaining."
The operator can now make some faster decisions while supporting a remote system by using this function.
There’s not much to quotes in PowerShell. The one key concept to remember is that you need to know when to be literal ( ‘ ‘ ), and when to be dynamic ( ” ” ). By default, you should always use single quotes unless there is a requirement for dynamic data in the string construct. I hope you found this information useful!
“Distrust and caution are the parents of security.” -Benjamin Franklin
If you’ve ever deployed Windows Updates to clients on your network, you have probably been asked by your manager(s) what KB’s were deployed, and when if an issue comes up on a workstation or server. Unfortunately, sometimes the built-in WSUS reporting tool can leave you frustrated and doesn’t have great functionality for generating them outside of the WSUS management GUI. A problem I regularly encounter is a crashing MMC, which then crashes the WSUS services, causing me to have to reset the node and start over. It’s very annoying.
Distrust & Caution
I was recently asked by a group of managers that were working on validating a security vulnerability scan for some assistance. This vulnerability scan was claiming that a set of systems were missing particular Microsoft KB’s, KB’s that were recently approved, deadlined, and showing as installed in the WSUS management console. I sent some screenshots of the console status along with my sysadmin reply. I didn’t give it much thought at the time because I was busy with other projects and this was a routine request.
A day or so went by, and another vulnerability scan was run, producing the same results. Management was not convinced that the updates were installed. Having issues with WSUS from time to time, I started to distrust the built in reports and the management console. To be cautious, and a little more diligent, I decided to bypass the WSUS management console and go straight to the workstations and servers that were showing up in the security vulnerability scan.
Some Explicit Remoting Here, A Couple of Cmdlets There….
Luckily, the security vulnerability scan only found about 4 workstations and 12 servers with these supposedly missing KB’s. So I created a simple list in a text file using the Fully Qualified Domain Name (FQDN) of each host. I also knew for a fact, that the missing KB’s would have been installed in the past 30 days as I just completed a maintenance cycle.
With this knowledge in hand, I jotted down some pseudo code to help me begin. Here’s what I outlined:
Store my text file that contains the list of hosts.
For each of the hosts in that file, run a command.
The command must gather installed KB’s installed in the last 30 days.
The output only needs to contain the hostname, KB/HotFix ID, and the install date.
The output needs to be readable, and just needs to be a simple file.
No fancy coding needed, just comparing visually to what WSUS reporting was displaying.
Based on my notes, I had a good idea of what I was looking for and what cmdlets I might need. The primary focus was on the
Get-HotFix cmdlet. What this cmdlet does is query all the hotfixes (more commonly referred to as security updates) that have been applied to a Windows host. You can read more about this cmdlet and how to use it here.
Get-HotFix does not support implicit remoting so I needed to come up with method to run this cmdlet on the systems I needed to report on.
Invoke-Command does and you can pass multiple values to the
-ComputerName parameter. I already have saved a list of hosts I am targeting, so I’ll save myself some typing and store those hosts as a variable. To do so, I’ll have to assign a variable name and make the value the list of hosts.
Get-Content will read the content of the text file line by line creating an array of sorts. Let’s call this array
$Hosts . Now I have a command, some data to feed to the next set of commands, but I need to make the resulting data readable and concise.
I want to take a moment here to emphasize “Filter First, Format Last.”. Remembering this will help you when working with these types of scripts. Now, running the
Get-Hotfix cmdlet by itself will typically result in a long list of updates that have been applied to a host. Filtering helps gather just the information you need. Without filtered data, formatting is useless at this point. Think of filtering as your data type requirements, and formatting as how you want that data displayed. For my purposes, I already had the requirements thought out. I needed to get updates installed in the past 30 days.
To filter, I will need to use the
Where-Object cmdlet and then pass along some member properties and comparison operators with a dash of math. To do this, my pseudo code will take every object returned (
Where-Object-Property installed on data is greater than (
-gt)today’s date (or whenever I run the script) minus (-30) days ago. That will get the initial data I’m looking for but I want to filter the returned objects and their properties a little more. This is where
Select-Object will help, allowing me to further trim the amount of data to be displayed to just a couple of crucial properties.
Now that I have the data properly filtered, now I can move on to formatting the results into a usable format. To do so I’ll pipe ( | ) the results from my previous filtering to
Format-Table-Autosize and output as a file type of my choosing. I’ll need to use
-ErrorActionSilentlyContinue parameters to ensure that each result is written to the next line in the output file and if an error occurs, it won’t cause the rest of the hosts to not be contacted.
I chose to go with a text file because I didn’t require anything fancy. You can change the output to meet your needs. My output looked something similar to this:
As a mentor, I’m often asked, “How do you get inspiration for a PowerShell script?”, followed by something sounding similar to, “I just don’t know what I can script or where to start.” When I’m told that, the person saying it sounds defeated and about to give up. This was a question & feeling I had myself early in my PowerShell journey too.
“So, what’s the answer, Bill?” you might ask. Well…the answer you seek, young grasshopper is…
How I Started
Let’s talk about how I started to approach scenarios and challenges by using existing documentation as my base of reference, or pseudo code. Many years ago, I struggled to make scripts. No matter the language, it was an awful feeling of imposter syndrome. I could read some code and stumble around clumsily figuring out some bits here and there, but it was a constant struggle. It wasn’t until I started documenting my IT processes that I began to correlate written word to small bits of pseudo code that I could then translate in to PowerShell one-liners. Once I started doing that, things got a lot easier.
I have some maintenance tasks that I have to perform at least twice a month for User Acceptance Testing (UAT), Quality Assurance (QA) and production environments. Lucky for me, these tasks are already written down and stored in a team KB article. With half the battle already won, I carefully read through the documented steps for taking systems and applications down gracefully for maintenance. The tasks progresses something like this:
Place monitoring agents in maintenance mode (nothing like getting email alerts for known issues)
Stop IIS application pools 1,2 & 3 on X server
Stop IIS application pool 4 on Y server
Stop services on A,B,C & D servers
Log into WSUS, approve & deadline OS updates to specific groups
Allow reboots to occur.
Looks pretty straight forward right? My predecessors were manually performing these steps for years. Well, I’m not my predecessors. There’s enough information here to begin making a script. Let’s begin.
Task 1 could be automated, but for the purposes of this post I’m skipping it because not all monitoring platforms are the same. Moving on.
Task 2. Now we have something to work with. Using key words, I begin by discovering what commands I have available that might stop an IIS application pool:
Stop-WebAppPool Appears to be exactly what I need to complete this task. Spend a minute or two reading the help if it’s the first time you’ve seen this cmdlet:Get-HelpStop-WebAppPool-Online
Now I know how to tackle Task 2andTask 3. My code now looks like this:
Stopping IIS Application Pools Example
On to Task 4. Now this one should be simple for anyone who is new to PowerShell, as it’s a common task that is demonstrated in a lot of training material. This task will make use of the
Stop-Service cmdlet. There are a few ways this can be done, but I’ll keep it simple for now so we don’t get into the weeds and detract from the overall goal.
On each host, there are two services that work concert with each other as part of an application that was hosted on the IIS servers in Tasks 2 & 3.
Stop-Service will allow us to enter multiple values in the
-ComputerName parameter, and since the naming scheme I’m using is short, it’s not a big deal to enter them all here. I’ll also be using the
-ServiceName parameter, which also accepts multiple string values. When finished assembling the code, it looks like this:
Stopping Multiple Services on Multiple Computers Example
Stop-Service-ComputerName'A','B','C','D'`#yup I used a backtick here
Great! I’ve just saved a few minutes of not having to RDP to each of these systems, or use Server Manager, or type this all out in a PowerShell terminal.
Let’s Add More Stuff!
The whole reason for shutting all these services down gracefully is to be able to apply Windows security patches to the server OS without screwing up the applications if they were still being used during a scheduled maintenance window (humor me for a moment and save the snark about Windows Updates).
Enter PoshWSUS. This handy PowerShell module contains exactly what I need for the final component in my scripted task. There are a lot of cmdlets available in this module and I’m not going to explain all of them right now.
In order to complete the last step, I need to:
Connect to my WSUS server. Connect-PSWSUSServer-WsusServerlocalhost-Port8530-Verbose
Store the KB’s to be deployed as a variable. $Updates=Get-Content'C:\PScripts\Maintenance\updates.txt'
Store a deadline of 1 hour ahead of the time the script executes as a variable. $Deadline=(get-date).addHours(1)
Get updates, approve then set install flag along with the deadline flag to assigned groups.
As you’ll see above, I’ve thought out the logical steps and created some pseudo code to get started. It’s the same process you’ll follow when trying to create your own scripts. It’s almost as if there’s a theme developing here!
Now on to what you’ve been waiting for. Let’s assemble all the bits into the final script:
This script will perform documented tasks that
were once done manually.
# I like to place variables at the top of the script to
# make it easy to change them without digging through the
# Clean up, pick up, put away. Clean up, everyday!
The key thing to remember here is, if you can write it down, you probably can script it. So go back and look at some of your documented processes and procedures, and you’ll soon discover that you’ll have enough inspiration to keep you busy for a while making PowerShell scripts.
If you’ve read my past blog post on “How I Learned Pester by Building a Domain Controller Infrastructure Test”, it should be pretty obvious that I’m a fan and love using Pester now. I even build small tests for small scripts like the one above.
I need to a quick test with some visual output since I’m typically running this script from a PowerShell terminal manually. So, with the same pseudo code used earlier, let’s build a simple test that will verify all the actions in our script did what we expected:
Basic Pester Test for My-MaintenanceTask.ps1 Example
I left out tests for servers B,C & D because they would be identical to the test shown for server A in the above example. Now all that is required to run the this test as part of the
My-MaintenanceTask.ps1 script would be to add this line at the end of that script: