Although this book is not about to teach you how to become the next PowerShell guru (there are plenty of books already out there on that), it is imperative to have some basics under your belt.
This chapter will give you a kickstart of some fundamental PowerShell knowledge and go over the common cmdlets that you will use when implementing the deployment template for both simple and complex deployments.
If you are already fairly good at PowerShell, you can go ahead and skip right over to the next chapter. If not, stick with it and by the end, everything else in the following chapters will be straightforward as you’ll have a clear understanding of what you are looking at and of the template itself.
There’s a lot of ground to cover here, even if it is a crash course. As Lao Tzu once said, “A journey of a thousand miles begins with a single step.”
Writing Code
You do not need to write PowerShell in any special editor although it’s certainly advisable. You can just as easily write your code in any text editor such as the built-in Windows Notepad as you could in Visual Studio Code, VSCode, or any other of the hundreds of coding applications currently available.
The PowerShell template used in this book does not need advanced features such as GitHub integration or advanced debugging offered in more complicated solutions. Therefore, I recommend that you use the PowerShell ISE (Integrated Scripting Environment) that is built right into Windows when first starting out; it’s simple, clean, and forgoes an overwhelming learning curve.
It is within the ISE that you will write and test the PowerShell code for the deployment template.
It’s simple to use too. Let’s try a quick example.
Hover your mouse over any toolbar button to see a brief tooltip about each one. For instance, if you hover your mouse over the green arrow button that you just clicked, it tells you that you can also press F5 on your keyboard to execute the code. Now that’s handy!
The blue window in the bottom pane of the ISE is known as the console, and not only will it display the results of your code execution from the scripting window, but you are also able to type directly into it and press enter on your keyboard to execute its contents.
PowerShell Cmdlets
Cmdlets (pronounced command-lets) are native PowerShell commands. They always follow the same naming convention of verb-noun. For example, get-process.
Cmdlets usually do one thing and one thing only. As a result, there are thousands of PowerShell cmdlets available across a range of providers. (PowerShell providers are .NET programs that provide access to specialized data stores, for example, the file system or the registry. The data appears in a drive, and you access the data in a path like you would on a hard disk drive.)
On my computer, I have over 1600 cmdlets available to use. Phew!
It’s Okay to Ask for Help
With that many cmdlets available, you may be thinking about how you can remember them all and any parameters they may accept.
Luckily, the PowerShell team created help files for most of them and the first thing to do is to update the help files on your computer if you haven’t already done so.
Parameters
Many cmdlets come with parameters. Parameters follow the name of the cmdlet and are preceded with a minus symbol (-). If you are unsure of the parameter name you can tab-cycle through them all.
If you are not sure of the parameters that can be used or what they are used for, then you can always consult the cmdlets help file where you may also be lucky enough to find an exact example that meets your needs (Get-Help <cmdlet> -online).
Pipeline
On my UK English keyboard, the pipe symbol is found by pressing SHIFT + backslash (the key to the immediate left of “z”).
The Ten Cmdlets
In the sea of cmdlets available, you may feel like you are drowning. Let me throw you a lifejacket then and reveal that you only need to understand ten cmdlets for deploying most applications that come your way.
The following cmdlets should be understood thoroughly before continuing with the rest of the book. Make yourself a cup of tea or coffee and take a moment to try each of them in a PowerShell session and invest some time looking at the relevant help files. I recommend using online help (Get-Help <cmdlet> -online).
Write-Host
However, Write-Host can also be used to inform Intune whether something in the deployment template ran successfully or not. You will see later in the book how this works. In its Intune context, it is quite often used within a Try/Catch block.
Get-Location/Set-Location
You can recall the path for later use by assigning it to a variable. In PowerShell, variables are preceded with the dollar ($) symbol. The name of the variable can be almost anything you like.
Set-Location is its big brother (or sister). This command will set the working location to the one you have defined in the parameter -Path
Get-Process
You may have an application that will not install if a certain process is running. In a deployment scenario, Get-Process can test that the process is running first, before piping (sending) it to Stop-Process.
Stop-Process
Stop-Process will stop all instances of a running process.
Say you had an application that would not install if Notepad was running; you could add a prerequisite in the deployment template (more on this later) to test for the running process and if found, stop it.
By default, Stop-Process will stop any process owned by the current user.
If the process is not owned by the current user and the command is not being run with administrative privileges, then an access denied message is displayed.
To avoid this undesired confirmation prompt, and I’ve been building up to this moment since starting to write the chapter, you will need to use The Force!
Stop-Process -ProcessName “lsass” -Force
Start-Process
Start-Process is an easy cmdlet to grasp because it simply starts a process on a local computer.
There’s a lot more to Start-Process than meets the eye though and you will be reading more about this cmdlet in a later chapter.
New-Item
New-Item creates a new item and can also set its value. The type of item it creates depends on the location. For instance, in the file system, it can create files and folders; however, in the registry, it will create registry keys and entries.
This cmdlet shines in deployments and is particularly useful for custom detection rules. (More of this later in the book.)
New-ItemProperty
This cmdlet is mainly used for creating a new item and setting its value. It is typically used to create new registry values.
In the context of deploying applications, this is frequently used for custom detection scripts or simply manipulating the registry as part of a pre- or post-application deployment.
Get-Item
This cmdlet gets an item and is very flexible in what it can do. Frequently used in detection rules, it can effortlessly obtain a version number from an executable, which can then be used to compare against an expected value.
You will learn more about this cmdlet in a later chapter.
Copy-Item
Test-Path
This cmdlet is used to determine if a file or folder in a given path exists or not. If the path exists it returns true, if not it returns false.
The more astute among you may have noticed that I paired the two cmdlets: Get-Location with Set-Location. I’ll hold my hands up; you caught me. Technically it’s eleven cmdlets but I wanted to use the whole The Ten Cmdlets heading thing as a play on words, so what’s a guy supposed to do?
If a cmdlet begins with the verb get- then it will perform a nondestructive read-only operation. Be careful to test any cmdlet beginning with the verb set- (or other PowerShell verbs you may not be familiar with), as this operation could make destructive changes and may have undesired effects if used improperly.
While there are only a few cmdlets to learn, they should cover about 99% of any complex or odd deployment requests that come your way. For that edge-case 1% that lands on your table: you are now fully equipped on how to read the help for the cmdlets that you have yet to discover.
Scripting
As said earlier, this book was never about teaching PowerShell or scripting. Its purpose is to provide you with an easy-to-use template that enables you to deploy simple or complicated applications in a reliable and repeatable way using Microsoft Intune. Having said that, it would be remiss of me if I didn’t provide a bit of help in the world of scripting; at least in the context of the deployment template that you are working towards.
There’s a lot to learn when it comes to scripting and, although this book is not about to turn you into the next scripting master, it may be helpful to go over a few basic constructs.
What About That Help?
PowerShell comes with many constructs that can help with scripting, for example, Do, While, and For loops or functions and advanced functions, variables, etc. So how do you look up help for these topics?
Try/Catch/Finally
Try/Catch block is great for trapping potential errors and taking alternative action if an error is detected. It can be explained something like this: “Try and perform the following commands, but if it doesn’t work, catch the error and do this instead.”
In the following example code, it tries to do something with the word “error” in the try block, but as PowerShell does not know what this is it will generate an error.
Because an error was caused, the catch block takes effect, and a message is displayed to the user informing them that there was an error.
The optional Finally block will always run regardless of an error being produced or not.
If/Else
The If statement is used a great deal in scripting. It’s used in a manner akin to this: “If this condition is met then do this, otherwise (or else) do this instead.”
Note the “Else” is optional – you can use If by itself if that is all it takes to achieve your goal.
Here’s an example where you might use an If/Else: let’s say you wanted to copy files to a destination directory C:Destination but only if the destination directory already existed. If the destination directory did not exist, you would take some other action; perhaps create the directory first and then copy the file.
You know from studying the previous cmdlets that Test-Path will result in either true or false depending on if the specified path exists or not. In this scenario, it’s the perfect cmdlet to use with the If statement.
By default, If will recognize a true response on the condition between the brackets and execute the code to copy files without you having to explicitly state “if test-path returns true.”
However, if Test-Path returns false (the path does not exist), then the code in the else block will execute instead.
If you wanted to test for a false response you can use an exclamation mark. This reverses the evaluation: “If Test-Path returns false then do this, otherwise (else) do this.”
Summary
That was a tough chapter, and if you were new to PowerShell then you will now have a solid grounding not only for the rest of this book but also for using PowerShell in general.
You have learned about cmdlets and how to get help, parameters, and pipelines and which ten (ahem!) cmdlets to study that will give you a head start into application deployment.
You then had a brief overview of PowerShell scripting and discovered the “help about” topics to prepare for the way ahead.
In the next chapter, you will learn some more fundamentals on using the built-in tool MSIEXEC.exe as well as exploring some advanced MSI techniques.