Thoughts on PowerShell and its use in IT 2024-03-19
Hello All! For a small background I currently work in the field of IT and recently I have been utilizing PowerShell at work a lot more lately. Coming from a programming background where I also utilize the Linux command-line a great deal. Ive used PowerShell on Windows but only the command-line not as a scripting language. I never really cared for CMD or batch scripting. The syntax to me was even messier than Bash which I don't really use Bash. To me if I have to write an automation at home I would rather just use Python, but in a professional environment its a completely different story.
In the professional environment there are a few things we have to think about when deciding to write a script.
- Who is the target of the script?
- Is the script getting me information?
- Is the script making changes to any system? (Whether that be a user computer or a company server like AD or a SQL DB)
- Can the script be ran remotely or does it need to be on the target system.
- Does the script need elevated privileges?
Those are just some of the questions that go through my mind, but there is also a question that needs to be answered when deciding the language of the script. Does the language need to be installed on the target system? For instance if I wrote scripts for my job in Python for scripts that are only effecting my system that is somewhat okay but if I wanted my script to do something on MY USER'S system I would now be creating a whole new security risk. Whether its Python, JS, Lua, etc that's another tool someone could use to break into the system. Its also just a hassle to start up the script since there's the installation process involved and its wasting more time in general. Enter PowerShell.
I have been using PowerShell at my job for various reasons, but here's some of the things Ive done.
- Generating tickets (honestly the most simple script its just a bunch of I/O but it does the job)
- Creating alerts on my computer
- Interacting with AD
- Interacting with databases on the network
- Having access to using the .NET libraries (which I will touch more on later)
- Parsing log files on user computers
- Remoting into user computers
- Writing tools that monitor computers on the network and write to logs or generate reports
I have been having a blast using PowerShell to assist me in my tasks at work. Its been incredibly educational and I have been even learning more about how Windows' software works the more I use it.
I do think that the syntax is not the best but its easy to get used to outside of the comparison operators which exchange ==
for -eq
, !=
for -neq
, >
for -gt
, >=
for -ge
, <
for -lt
, <=
for -le
. Its by far my biggest complaint. The matching operators are okay -like
, -notlike
, -match
, -notmatch
and are relatively straight forward. -match
is an exact match, -like
is a match if the input is in the given string whether its exactly the same or not. On the other side of the coin there is a few cool things such as the shorthand KB, MB, GB, TB, etc if I wanted to reference the size of a mb in a comparison with file size I could use
if ($FileLength -ge 1mb) {}
You also get access to the .NET libraries in PowerShell right off the bat. Just some general examples would be things like making the computer beep every 5 seconds using
while ($true)
{
Start-Sleep -Seconds 5
[console]::Beep(500,500)
}
or say you wanted to get the hostname of a remote computer to try to ping it by hostname and store that output in a variable you would be able to use.
$hostname = [System.Net.Dns]::GetHostByAddress($ipAddress).Hostname
$p = ping $hostname -n 1
Write-Host $p
Im not really going too deep into it but you get the point. We could make HTTP requests, use Sockets to create some sort of TCP client/server, create pop-up windows, create forms for users and send that output to a file on the server or on your PC or even trigger something after the form using that data, or even just some of the string manipulation or math libraries. So many options are available to you.
Parts of me feel like Microsoft WANTS us to use PowerShell to automate things. They gave us the ability to interact with AD with commands such as
Get-ADComputer [hostname]
Get-ADGroup [group]
Add-ADGroupMember -Identity [group] -Members [hostname]
Remove-ADComputer [hostname]
Just clarifying that I am not giving guidance with the code above Im merely just throwing out the module names and a general usage. For safe usage I recommend reading the docs.
There's also official modules for Outlook, Teams, WMI, SCCM, SQL Server, etc. Even outside of services there's support in PowerShell for software in windows like Regedit and Event-Viewer are two that I have used before. I don't even use event viewer anymore since I can access all the info so much more effectively using PowerShell. Basic usage can look like this.
Gets the event logs available
Get-EventLog -List
Read the latest 25 entries from the event log
Get-EventLog -LogName System -Newest 25
Gets all events with a specific word in the message.
Get-EventLog -LogName System -Message *description*
There's still more you can do of course and you can get more nitty gritty and its made solving issues at work so much more enjoyable. Personally as someone that's never really enjoyed GUI's and loved working with the command-line this has made my work so much easier, and less tedious since the only utilities I need open really are my text editor and terminal.
Coming from a software development background I initially hated using PowerShell or even the thought but the IT field has shown me it really does have a place. In the world of software development Im sure it could find its niche's like setting up software or a development environment or some sort of other windows based automation. However I firmly believe that the ones that will be able to use it to its fullest extent are techs in the IT field. There is just a lot more opportunities presented to you as a tech or admin where you can solve it with a PowerShell script relatively quickly and efficiently without the need to install anything. I can ignore the ugly syntax if it means I get that power without needing to install anything. Outside of work I would rather use the tools I have access to since I don't need to use PowerShell and I have more options since I own the systems my code runs on and more tools that I enjoy and know how to use better, BUT at work its my go to tool at the moment.
This was just something Ive been thinking about lately and I wanted to talk about. I hope you enjoyed reading.