© The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature 2022
O. HeaumeUnderstanding Microsoft Intunehttps://doi.org/10.1007/978-1-4842-8850-4_1

1. PowerShell Fundamentals

Owen Heaume1  
(1)
West Sussex, UK
 

Although this book is not about to teach you how to become the next PowerShell guru (there are plenty of books already out there on that), it is imperative to have some basics under your belt.

This chapter will give you a kickstart of some fundamental PowerShell knowledge and go over the common cmdlets that you will use when implementing the deployment template for both simple and complex deployments.

If you are already fairly good at PowerShell, you can go ahead and skip right over to the next chapter. If not, stick with it and by the end, everything else in the following chapters will be straightforward as you’ll have a clear understanding of what you are looking at and of the template itself.

There’s a lot of ground to cover here, even if it is a crash course. As Lao Tzu once said, “A journey of a thousand miles begins with a single step.”

Writing Code

You do not need to write PowerShell in any special editor although it’s certainly advisable. You can just as easily write your code in any text editor such as the built-in Windows Notepad as you could in Visual Studio Code, VSCode, or any other of the hundreds of coding applications currently available.

The PowerShell template used in this book does not need advanced features such as GitHub integration or advanced debugging offered in more complicated solutions. Therefore, I recommend that you use the PowerShell ISE (Integrated Scripting Environment) that is built right into Windows when first starting out; it’s simple, clean, and forgoes an overwhelming learning curve.

If you are already comfortable using a third-party ISE, then go ahead and use it. For this book though, the built-in PowerShell ISE will be used, and you can launch it by opening the Run command dialog box using the keyboard shortcut combination of Windows key + R and typing in powershell ise. (See Figure 1-1) This will launch the PowerShell ISE nonelevated.

A screenshot depicts run dialog box with Power Shell I S E selected under the open drop-down. Ok button at the bottom is shown selected.

Figure 1-1

Launching PowerShell ISE from the Run dialog

It is within the ISE that you will write and test the PowerShell code for the deployment template.

It’s simple to use too. Let’s try a quick example.

Type the following in the scripting window (white space area) within the ISE:
Write-Host "Isn't this fun?"
Execute the code by clicking the green arrow in the toolbar. The code executes and the results are displayed in the blue console window at the bottom. (See Figure 1-2)

A screenshot depicts the Power Shell I S E window with a play button highlighted in the toolbar and commands listed on the right pane.

Figure 1-2

The PowerShell ISE

Tip

Hover your mouse over any toolbar button to see a brief tooltip about each one. For instance, if you hover your mouse over the green arrow button that you just clicked, it tells you that you can also press F5 on your keyboard to execute the code. Now that’s handy!

The blue window in the bottom pane of the ISE is known as the console, and not only will it display the results of your code execution from the scripting window, but you are also able to type directly into it and press enter on your keyboard to execute its contents.

You can also launch either the PowerShell ISE or console by typing powershell in the Windows search bar located in the taskbar where you will then be presented with further options to run PowerShell Console or PowerShell ISE as Administrator. (This may be required when using PowerShell cmdlets that require elevation privileges.) (See Figure 1-3)

A screenshot of a window depicts the Power Shell app. Open, run as administrator, run as I S E administrator, and Windows Power Shell I S E are highlighted on the right pane

Figure 1-3

Using Windows search to find PowerShell. Note options to run PowerShell or the ISE as Administrator

PowerShell Cmdlets

Cmdlets (pronounced command-lets) are native PowerShell commands. They always follow the same naming convention of verb-noun. For example, get-process.

Cmdlets usually do one thing and one thing only. As a result, there are thousands of PowerShell cmdlets available across a range of providers. (PowerShell providers are .NET programs that provide access to specialized data stores, for example, the file system or the registry. The data appears in a drive, and you access the data in a path like you would on a hard disk drive.)

Try typing the following directly into the blue console window in your ISE to see the available cmdlets installed on your computer:
Get-Command
You can also type powershell in the Run menu to open a separate instance of just the PowerShell console. (See Figure 1-4)

A screenshot depicts the windows Power Shell command window that lists command type, name, version, and source.

Figure 1-4

The results of Get-Command are shown in a separate instance of the PowerShell Console

On my computer, I have over 1600 cmdlets available to use. Phew!

It’s Okay to Ask for Help

With that many cmdlets available, you may be thinking about how you can remember them all and any parameters they may accept.

Luckily, the PowerShell team created help files for most of them and the first thing to do is to update the help files on your computer if you haven’t already done so.

In the PowerShell console (either stand-alone or the console within the ISE), type and execute the following to update the help files:
Update-Help
It may take a few moments to run depending on the speed of your Internet connection. Once it’s updated you can run the following command to view the help on any supported cmdlet:
Get-Help <cmdlet name>
For example, Get-Help Get-Process will display the help file for the cmdlet, Get-Process. (See Figure 1-5)

A screenshot depicts the Power Shell window that lists the name, synopsis, syntax, description, and related links.

Figure 1-5

The help file for Get-Process

You can also add parameters to enhance the help offered. Try:
Get-Help <cmdlet> -Full
or:
Get-Help <cmdlet> -ShowWindow.
Or my personal favorite:
Get-Help <cmdlet> -Online
You can even run Get-Help on itself! Try:
Get-Help Get-Help

Parameters

Many cmdlets come with parameters. Parameters follow the name of the cmdlet and are preceded with a minus symbol (-). If you are unsure of the parameter name you can tab-cycle through them all.

For example, you can run the cmdlet Get-Process to obtain a list of all processes running. But what if you wanted a particular process only? You could use the parameter -ProcessName followed by the name of the process you want to view:
Get-Process -ProcessName Notepad

If you are not sure of the parameters that can be used or what they are used for, then you can always consult the cmdlets help file where you may also be lucky enough to find an exact example that meets your needs (Get-Help <cmdlet> -online).

Pipeline

The output of one cmdlet can be used as the input of another. This works from left to right and the pipe symbol is used to send the results of the preceding command to the next command. For example (and please do not run this example for real), the output of Get-Process can be used as the input for Stop-Process:
Get-Process | Stop-Process

On my UK English keyboard, the pipe symbol is found by pressing SHIFT + backslash (the key to the immediate left of “z”).

The Ten Cmdlets

In the sea of cmdlets available, you may feel like you are drowning. Let me throw you a lifejacket then and reveal that you only need to understand ten cmdlets for deploying most applications that come your way.

The following cmdlets should be understood thoroughly before continuing with the rest of the book. Make yourself a cup of tea or coffee and take a moment to try each of them in a PowerShell session and invest some time looking at the relevant help files. I recommend using online help (Get-Help <cmdlet> -online).

Write-Host

This cmdlet’s primary purpose is to provide output to the screen. It can also color text output by supplying the -ForegroundColor parameter as shown in Figure 1-6.

A screenshot of the Power Shell window depicts a code for write-host which is used to change the text color.

Figure 1-6

Write-Host can also display text in color

However, Write-Host can also be used to inform Intune whether something in the deployment template ran successfully or not. You will see later in the book how this works. In its Intune context, it is quite often used within a Try/Catch block.

Get-Location/Set-Location

Get-Location will get the current working location. For example, C:myFiles as shown in Figure 1-7.

A screenshot of the Power Shell window depicts a code to get-location.

Figure 1-7

Get-Location displays the current working directory

You can recall the path for later use by assigning it to a variable. In PowerShell, variables are preceded with the dollar ($) symbol. The name of the variable can be almost anything you like.

The following code assigns the current working location to a variable named $myPath:
$myPath = Get-Location

Set-Location is its big brother (or sister). This command will set the working location to the one you have defined in the parameter -Path

Figure 1-8 shows that the working location was originally C:MyFiles and by using Set-Location the working location changed to C:Temp.

A screenshot of the windows Power Shell depicts a code to set-location.

Figure 1-8

Set-Location has changed the current working directory to C:Temp

Get-Process

Get-Process will get a list of all running processes on a local or remote computer. (See Figure 1-9)

A screenshot of the Power Shell window lists handles, N P M, P M, W S, C P U, I D, S I, and process name.

Figure 1-9

Get-Process: you can see the process name column on the right

You may have an application that will not install if a certain process is running. In a deployment scenario, Get-Process can test that the process is running first, before piping (sending) it to Stop-Process.

Stop-Process

Stop-Process will stop all instances of a running process.

Say you had an application that would not install if Notepad was running; you could add a prerequisite in the deployment template (more on this later) to test for the running process and if found, stop it.

Try this: open Notepad on your computer, and then type the following and observe the result:
Stop-Process -ProcessName "notepad"

By default, Stop-Process will stop any process owned by the current user.

If the process is not owned by the current user and the command is not being run with administrative privileges, then an access denied message is displayed.

If the process is not owned by the current user but the command is run with administrative privileges then a prompt is displayed asking if you are sure you wish to perform the action, and then awaits a keypress to either confirm or deny the action; certainly not the desired outcome when deploying scripts. (See Figure 1-10)

A screenshot of an administrator, windows PowerShell depicts a code for stop-process.

Figure 1-10

Note the PowerShell console title bar shows it is running with administrative privileges. This now causes a confirmation prompt before the action is executed

To avoid this undesired confirmation prompt, and I’ve been building up to this moment since starting to write the chapter, you will need to use The Force!

By adding the -Force parameter, the desired process will end without question:

Stop-Process -ProcessName “lsass” -Force

Start-Process

Start-Process is an easy cmdlet to grasp because it simply starts a process on a local computer.

There’s a lot more to Start-Process than meets the eye though and you will be reading more about this cmdlet in a later chapter.

It’s an easy cmdlet to demonstrate so try this in your PowerShell console:
Start-Process -FilePath "c:windowssystem32 otepad.exe"

New-Item

New-Item creates a new item and can also set its value. The type of item it creates depends on the location. For instance, in the file system, it can create files and folders; however, in the registry, it will create registry keys and entries.

This cmdlet shines in deployments and is particularly useful for custom detection rules. (More of this later in the book.)

In this example, a text file is created named testfile.txt in the directory c:myfiles. Additionally, the text file has the text “This is a text string.” (See Figure 1-11)

A screenshot of the windows Power Shell depicts a code to create a new-item. The options for mode, last write time, and length name are provided.

Figure 1-11

Creating a new text file containing text

Try this for yourself, ensuring that the path you select exists first.
New-Item -Path "c:myfiles" -Name "testfile.txt" -ItemType "file" -Value "This is a text string."

New-ItemProperty

This cmdlet is mainly used for creating a new item and setting its value. It is typically used to create new registry values.

In the context of deploying applications, this is frequently used for custom detection scripts or simply manipulating the registry as part of a pre- or post-application deployment.

In a later chapter, you will study this cmdlet in more detail so for now, look at the help file and familiarize yourself with some of the examples given in the documentation:
Get-Help New-ItemProperty -Online

Get-Item

This cmdlet gets an item and is very flexible in what it can do. Frequently used in detection rules, it can effortlessly obtain a version number from an executable, which can then be used to compare against an expected value.

Figure 1-12 shows how to obtain the version number of snagit.exe.

A screenshot of the windows Power Shell depicts a code to get-item. The options in the code are product version, file version, and file name.

Figure 1-12

Obtaining the version number of an executable

You will learn more about this cmdlet in a later chapter.

Copy-Item

Copy-Item is useful for copying items in the same namespace from one location to another. For instance, copying files to a folder. It’s self-explanatory to use – this example copies a text file to the MyFiles Directory:
Copy-Item -Path "C: empA Text Document.txt" -Destination "C:MyFiles"

Test-Path

This cmdlet is used to determine if a file or folder in a given path exists or not. If the path exists it returns true, if not it returns false.

Figure 1-13 demonstrates using Test-Path to determine if the file “A text document.txt” exists in C:Temp. The cmdlet returns true – the file exists!
Test-Path -Path "C: empA Text Document.txt"

A screenshot of the windows Power Shell depicts a code for test-path.

Figure 1-13

True has been returned signifying “C: empA text Document.txt” exists

The more astute among you may have noticed that I paired the two cmdlets: Get-Location with Set-Location. I’ll hold my hands up; you caught me. Technically it’s eleven cmdlets but I wanted to use the whole The Ten Cmdlets heading thing as a play on words, so what’s a guy supposed to do?

Warning

If a cmdlet begins with the verb get- then it will perform a nondestructive read-only operation. Be careful to test any cmdlet beginning with the verb set- (or other PowerShell verbs you may not be familiar with), as this operation could make destructive changes and may have undesired effects if used improperly.

While there are only a few cmdlets to learn, they should cover about 99% of any complex or odd deployment requests that come your way. For that edge-case 1% that lands on your table: you are now fully equipped on how to read the help for the cmdlets that you have yet to discover.

Scripting

As said earlier, this book was never about teaching PowerShell or scripting. Its purpose is to provide you with an easy-to-use template that enables you to deploy simple or complicated applications in a reliable and repeatable way using Microsoft Intune. Having said that, it would be remiss of me if I didn’t provide a bit of help in the world of scripting; at least in the context of the deployment template that you are working towards.

There’s a lot to learn when it comes to scripting and, although this book is not about to turn you into the next scripting master, it may be helpful to go over a few basic constructs.

What About That Help?

PowerShell comes with many constructs that can help with scripting, for example, Do, While, and For loops or functions and advanced functions, variables, etc. So how do you look up help for these topics?

In the PowerShell Console or ISE console, type the following for a list of topics that you can obtain help about:
help about
(See Figure 1-14)

A screenshot of the windows Power Shell lists name, and category module.

Figure 1-14

A list of help topics is displayed

To view help about a specific topic, for example, Booleans, type the following in the PowerShell Console:
Help about_booleans
(See Figure 1-15)

A screenshot of the windows Power Shell depicts Booleans, converting from scalar types with examples provided.

Figure 1-15

The help topic about booleans is displayed

Try/Catch/Finally

Try/Catch block is great for trapping potential errors and taking alternative action if an error is detected. It can be explained something like this: “Try and perform the following commands, but if it doesn’t work, catch the error and do this instead.”

In the following example code, it tries to do something with the word “error” in the try block, but as PowerShell does not know what this is it will generate an error.

Because an error was caused, the catch block takes effect, and a message is displayed to the user informing them that there was an error.

The optional Finally block will always run regardless of an error being produced or not.

Try/Catch/Finally
try {
    # this will produce an error
    error
} catch {
    # Catch any error that occurred
    Write-host "An error occurred!" -ForegroundColor DarkRed
} finally {
    # Clean up code
    write-host "This part will always run." -ForegroundColor Cyan
}
There are many facets to a Try/Catch/Finally block, and I urge you to explore the help documentation:
Help about_Try_Catch_Finally

If/Else

The If statement is used a great deal in scripting. It’s used in a manner akin to this: “If this condition is met then do this, otherwise (or else) do this instead.”

Note the “Else” is optional – you can use If by itself if that is all it takes to achieve your goal.

Here’s an example where you might use an If/Else: let’s say you wanted to copy files to a destination directory C:Destination but only if the destination directory already existed. If the destination directory did not exist, you would take some other action; perhaps create the directory first and then copy the file.

You know from studying the previous cmdlets that Test-Path will result in either true or false depending on if the specified path exists or not. In this scenario, it’s the perfect cmdlet to use with the If statement.

By default, If will recognize a true response on the condition between the brackets and execute the code to copy files without you having to explicitly state “if test-path returns true.”

However, if Test-Path returns false (the path does not exist), then the code in the else block will execute instead.

If: Will copy files if Test-Path returns true, otherwise it will create the directory first and then copy files.
If (Test-path c:destination) {
    # Copy some files!
} else {
    # 1. Create the directory as it does not exist.
    # 2. Now copy the files.
}

If you wanted to test for a false response you can use an exclamation mark. This reverses the evaluation: “If Test-Path returns false then do this, otherwise (else) do this.”

If: Reversing the evaluation using an exclamation mark. Now If Test-Path does not exist, create the directory and then copy files.
If (!(Test-path c:destination)) {
    # 1. Create the directory as it does not exist.
    # 2. Now copy the files.
} else {
    # Copy some files!
}
Once again, I urge you to view the help topic on this:
Help about_if

Summary

That was a tough chapter, and if you were new to PowerShell then you will now have a solid grounding not only for the rest of this book but also for using PowerShell in general.

You have learned about cmdlets and how to get help, parameters, and pipelines and which ten (ahem!) cmdlets to study that will give you a head start into application deployment.

You then had a brief overview of PowerShell scripting and discovered the “help about” topics to prepare for the way ahead.

In the next chapter, you will learn some more fundamentals on using the built-in tool MSIEXEC.exe as well as exploring some advanced MSI techniques.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset