Browsed by
Tag: Governance

How to: Automatically log your PowerShell session every time

How to: Automatically log your PowerShell session every time

Preface

At SharePoint Saturday New Hampshire I sat in a packed room and listened as Todd Klindt showed everyone how to install SharePoint 2013 without screwing it up (too badly). The big take away for me was this command that I had not heard about before called start-transcript. The power of start-transcript is that it is able to write everything that you do in a PowerShell session to a log file that you can review later. Todd demo’ed how he throws this every time he opens PowerShell and has found it to be invaluable.

The main reason that I had not heard of start-transcipt before is that I live in PowerShell ISE and rarely (if ever) go into plain ol’ PowerShell, and sadly start-transcript is not supported in PowerShell ISE. DAMN YOU POWERSHELL GODS FOR TEASING ME SO!!!!

The Use Case

The problem that this solves in my view is:

  1. I spend a ton of time tweaking away at some code on a SharePoint server, get it right and then inadvertently close the PowerShell window. It’s just GONE.
  2. Opening and closing PowerShell windows and trying to remember what I manually typed 2 hours ago to fix a problem that got reintroduced after redeploying code.
  3. Needing a way to review who made changes to the serverenvironment and see what they actually did.

The more I thought about it the more the more I liked the ability to log everything that is done in PowerShell on a server, but the issue that I had was that it was something that the person opening PowerShell had to remember to do every time they opened a window.

I started thinking about using PowerShell profiles to implement this for every user. In my experience I have seen profiles used infrequently, but in a couple of the scenarios they have been deployed via AD Group Policy. However if you are working in an environment that you don’t have access to create GPOs or you are working in a development environment and developing GPOs just isn’t your thing what do you do?

The Problem

The task at hand was two-fold:

  1. Auto deploy a PowerShell Profile for SharePoint Admins that would be lightweight, contain the start-transcript function to start automatically, assist in auditing, and be Server Administrator deployable
  2. Figure out if start-transcript like functionality was available for the native PowerShell ISE

The Solution

The solution that I came up with was to leverage the All Users Startup option in Windows to launch a script that would check to see if the folder that holds the PowerShell profile scripts exists. If it exists, the script terminates and all is well. This happens on every interactive login, but takes only a second. If the folder does not exist, the will kick off a creation of the scripts based upon a preset profile definition that includes the targeting & naming of the logs, starting the transcript, and loading the SharePoint module. The profile definition can be completely customized making this a viable approach for admins of other technologies, not just SharePoint.

For PowerShell this is great because it works out perfectly as built. PowerShell ISE on the other hand is still a thorn in our sides. The Scripting Guys, aka Ed Wilson and Craig Liebendorfer, wrote a terrific function that allows you to log the output pane in PowerShell ISE v1 & 2. Sadly this is not working in PowerShell v3 since there is no output pane. Leveraging that we can get part of the functionality in ISE that we get in the command-line version.

Behind the code

The solution that I came up with is in the form of a single PowerShell script that builds the following:

  • 2 folders (at the Root of C:)
    • c:PowerShellLogs will house all of the transcripts
    • c:PowerShellScripts will be the home for the scripts used to build the profiles and will be the default starting location when PowerShell opens. This way you can put all of the scripts you want to call in one place for all users and they can launch them easily.
  • check-profiles.lnk (in the All Users Start Menu Startup folder)
    • This shortcut points to a batch file in the C:PowerShellScripts folder called check-profiles.bat
  • check-profiles.bat (in c:PowerShellScripts)
    • This batch file launches the check-profiles.ps1
  • check-profiles.ps1 (in c:PowerShellScripts)
    • This PowerShell script checks to see if the user has a WindowsPowerShell folder in their My Documents folder. If it finds the folder, the script terminates. If it doesn’t find the folder it launches the create-profiles.ps1 script
  • create-profiles.ps1 (in c:PowerShellScripts)
    • This PowerShell Script creates the profiles for both PowerShell & PowerShell ISE.

Here is what I put in the PowerShell profile:

  • Set the location for PowerShell to start in to C:PowerShellScripts
  • Display a message about needing to Run as Administrator to effect changes
  • Set the path for logging the session to C:PowerShellLogs
  • Set the log name using the user context and date time stamp
  • Start the transcript
  • Display a message about waiting for the SharePoint snap-ins to load
  • Load the SharePoint snap-ins
  • Display a message that loading the SharePoint snap-in is complete and lets you know who you are running PowerShell as

Here is what I put in the PowerShell ISE profile:

  • Set the location for PowerShell to start in to C:PowerShellScripts
  • Display a message about needing to Run as Administrator to effect changes
  • Set the path for logging the session to C:PowerShellLogs
  • Load a function to set the log name using the user context and date time stamp
  • Load the function for Output-ISETranscript (the Scripting Guys code)
  • Display a message about waiting for the SharePoint snap-ins to load
  • Load the SharePoint snap-ins
  • Display a message that loading the SharePoint snap-in is complete and lets you know who you are running PowerShell as

Conclusion

While its may not be the perfect solution for PowerShell ISE that I was looking for when I set out, at the end of the day with this code I now have the ability to automatically log everything done in command line PowerShell.

Thanks to Todd Klindt, Evan Riser, Mark Rackley, and Dan Holme for talking through these use cases, reviewing some of the code, and taking differing view points on this to validate that it is a reasonable approach or not. I love being a part of a community where bouncing ideas and solutions off of peers is so easy and open.

You can find the code here:

powershell notepad

Hopefully this code will be useful to you in your day to day world.

SharePoint Connections Las Vegas 2011 Wrap up

SharePoint Connections Las Vegas 2011 Wrap up

I just completed my 5 sessions, 3 of which I presented with my great friend Cornelius J. van Dyk, here at SharePoint Connections Las Vegas.  While here we received several pieces of great news:

1.) O’Reilly has green lit our book “SharePoint for Business Intelligence” which will be coming out in 2012 and will revolve around how you can solve business problems using SharePoint 2010, SQL Server 2012, & Visual Studio LightSwitch technologies for Business Intelligence.

2.) We will be doing our “SharePoint Disaster Avoidance for Large Scale Enterprises” post conference  and several other sessions for the SharePoint Connections Las Vegas show in March 2012

3.) Power was finally restored to my house in Nashua after more than 6 days!

I had almost 450 attendees across my 5 sessions and I sincerely hope that you all enjoyed the conference as my as I did.  As promised, here are links to my final decks:

SharePoint Logging & Debugging: The Troubleshooter’s Best Friend

SharePoint Performance: Best Practices from the Field

Battle Scarred But Still Standing: A SharePoint Administrator’s Tell All

Heavy Metal PowerPivot Redux

Human Workflow with Visio 2010 and SharePoint Designer 2010

Heading home tonight and then back to the SharePoint Road Trip on Thursday to hit SharePoint Saturday Denver!

SharePoint Road Trips!

SharePoint Road Trips!

With the devastating storm that has hit New Hampshire over the weekend, there is no better time for a SharePoint Road Trip to start than today!  It was so bad up here that our city postponed Halloween Trick-or-treating until next Sunday.  Here are a couple of pictures of the devastation, just from our driveway:

1 2 3

Here is a quick list of where you can find me over the next 2 months.

banner

I fly out to Las Vegas this evening to present 5 sessions at the SharePoint Connections Conference this week (October 31st – November 4th), 3 of which are with my good friend and collaborator Cornelius J. van Dyk.  I am presenting:

HAD13: SharePoint Logging & Debugging: The Troubleshooter’s Best Friend (Tuesday)

HAD14: SharePoint Performance: Best Practices from the Field (Tuesday)

HAD15: Battle Scarred But Still Standing: A SharePoint Admin’s Tell-All (Wednesday)

HAD12: Heavy Metal PowerPivot (Thursday)

HNC04: Human Workflow with Visio 2010 and SharePoint Designer 2010 (Thursday)

denver

After Las Vegas I head to Colorado to take part in SharePoint Saturday Denver (November 11-13), an amazing 2 day event (registration is open and there are still some seats available), where I will be presenting:

SharePoint Logging & Debugging: The Troubleshooter’s Best Friend (Friday)

SharePoint Performance: Best Practices from the Field (Saturday)

I am also planning on taking part in my first ShareSki as a part of SharePoint Saturday Denver!  I haven’t skied in Colorado in almost 10 years (East Coast skiing is nothing like Colorado sadly), but if you can’t find me on the slopes after my sessions, look for the guy in the full body cast by the fire drinking scotch  

 nhspug

Corne & I will be presenting at the December installment of the Granite State SharePoint Users Group located at Daniel Webster College on 12/8 @ 6pm, which I happen to co-organize, followed by a SharePint.

We will be doing our SharePoint Logging & Debugging: The Troubleshooter’s Best Friend session.  If you are in the area New Hampshire / Northern Massachusetts area please check us out.  We have had 7 sessions and we are continuing to grow.  We have great list of speakers already lined up for 2012!

sasug

I am heading back to the Lone Star State to round out the calendar year of SharePoint where I will be speaking at the SASPUG meeting on December 15th and presenting Heavy Metal PowerPivot Redux, a session featuring the goodness of PowerPivot v1 and a preview of PowerPivot v2 and Power View.  Join us at Rackspace – Castle I-35 and Walzem starting at 530p. 

fireworks Happy New Years!

That will wrap my SharePoint Road Trip to a close.  I hope to see you at one of more of these great events.  The 2012 calendar of SharePoint events is already starting to fill up with amazing events so keep an eye out for an announcement later in the year about those dates.

How to: Run PowerShell ISE as Administrator under alternate credentials

How to: Run PowerShell ISE as Administrator under alternate credentials

Coming from a security focused AD background I prefer to have the Managed Service Accounts OU locked down with a GPO restricting interactive logon to a server. This helps avoid service accounts becoming compromised and being taken advantage of in attacks.

Having an ISE is especially helpful when you are doing SharePoint work on the farm and while I am a big fan of PowerShell, running straight at the command line is often a pain. Rather than installing one of the terrific third party solutions out there for an Integrated Shell Environment I try to only install the PowerShell ISE.

As we know, there are something that you cannot do unless you are running in the context of the Farm Administrator account. There is code out there that will let you elevate your PowerShell script and run in the context of a different user, but I really wanted to be able to open PowerShell ISE as the farm account so that I can run parts of a script at a time, or rerun specific lines.

Here is the code that I compiled that allows me to launch PowerShell ISE as the Farm Admin account:

Add-PSSnapin Microsoft.SharePoint.PowerShell -EA 0

# Farm account name
$farmAccountname =
“domainservice_account”

# Load the Farm Account Creds
$cred = Get-Credential
$farmAccountname

# Create a new process with UAC elevation S
tart-Process
$PsHomepowershell.exe -Credential $cred -ArgumentList “-Command Start-Process $PSHOMEpowershell_ise.exe -Verb Runas -Wait

Once your PowerShell ISE window is launched you can run the following code to validate that you are running as the user that you are expecting:

[Security.Principal.WindowsIdentity]::GetCurrent().Name

Great you learned some more neato PowerShell, but why do I need to use a PowerShell command for this?

You may be asking why wouldn’t I just do a simple “SHIFT+Right Click” and “Run as different user” rather than resorting to a PowerShell solution. The answer is that doing that does not give you the runAs Administrator privileges that we need to do so many of SharePoint’s PowerShell Functions.

Smarty Pants.

powershell PowerShell launch code

notepad Text launch code

powershell User Context validation code

SharePoint/Office 2007 Service Pack 3 coming Q4 2011

SharePoint/Office 2007 Service Pack 3 coming Q4 2011

The Office Sustained Engineering Team has announced that Service Pack 3 (SP3) for Office 2007 & SharePoint 2007 will be coming some time during 2011 Q4.  This appears to be the last major update to the 2007 client & server stack as the team states:

“We are offering this release in preparation for the April 2012 end of mainstream support for the 2007 client and server products. The October 2011 release provides a 6-month window to test and deploy the release prior to exiting mainstream support.”

The Service Pack will be a roll-up of all prior 2007 Cumulative and Public updates since Service Pack 2 plus some new hotfixes.  As always with the SharePoint 2007 world, you will need to install the WSS update before the MOSS update.  There is not a planned or expected CU requirement following the SP3 installation. 

To quote the article directly:

“SP3 will include changes in the following areas:

Office Client 2007 Suites
Office SharePoint 2007 Servers
Office SharePoint Search Server 2007
Office SharePoint Designer 2007
Office Project 2007
Office Visio 2007
Office Proofing tools 2007
Calendar Printing Assistant for Outlook 2007
Office InterConnect 2007
Office Compatibility Pack
PowerPoint Viewer
Visio Viewer
Office Servers Language Pack
Windows SharePoint Services 3.0
Office Access Runtime and Data Connectivity Components”

Soapbox time!!!!

upgrades

As always, please plan to test your upgrade plan in your Development/Test/QA environment prior to ever consider installing in Production. 

Keep in mind that if you only have a Production environment, you really only have a testing environment.  Now is a good time to start updating your resume if you haven’t and you are even thinking about heading down an upgrade path. 

Consider spending as little as $50 a month with a company like CloudShare to get a testing environment.  They have a great pre-production hosting option that will allow you to validate your scenarios without having to invest a ton of capital to do it.

NOTE: Best Practices for installing SharePoint 2010 Service Packs and updates changed as of August 31, 2011 according to the Update for SharePoint 2010 Products page

“As a result of the new packaging, it is no longer necessary to install the SharePoint Foundation cumulative update and then install the SharePoint Server cumulative update.”

Keep an eye on this, the story has now changed and then changed back since RTM.

How SharePoint Governance is like a moose in a swimming pool

How SharePoint Governance is like a moose in a swimming pool

I was watching the news last night and a story came on about a man in Manchester, NH (about 30 minutes from my house) who heard a noise that was coming from his backyard, and when he turned on this lights he found a Moose in his backyard.  The moose was spooked by the sudden flood of light and charged through his fence and directly into the man’s swimming pool.

moose

The man from didn’t have many options going in to the situation, it just descended upon him from nature and he was forced to simply deal with the situation.  He went from having a nice quiet evening at home to needing help from 12 people to get a moose out of his pool, having a shredded pool cover, and ending up with his saga documented on the evening news.

How this relates to SharePoint

Lying in bed after fasting all day for Yom Kippur, the Jewish day of Atonement, all I could think was how similar this man’s scenario was to all too many deployments of SharePoint: Someone hears something, starts to investigate, the next thing they know they have a 2000 pound angry animal on their hands.

In our many cases we have the ability to hold off the animal and redirect its efforts into something more productive and healthy with governance and proper planning, however many times the beast barrels through our defenses and we are dealing with a world of trouble that we didn’t intend on.

The man in the story had many options:

  1. ignore the situation and hope it clears itself up
  2. grab a gun and shoot it himself
  3. call a local hunter to deal with it for him
  4. calmly call the police and figure out how best to deal with the situation with expert assistance

I sincerely hope that when faced with situations like this we deal with things as well as the man from the news story did because in the end, all that was really lost was part of a fence, a $200 pool cover, and some time.

Here are a couple of things to keep in mind, whether you are dealing with an angry moose, or an impending SharePoint deployment:

  1. Find out what you don’t know
  2. Stop and determine the correct plan of action before proceeding
  3. Understand what the drivers of your situation are
  4. Get control over an out of control situation

When it comes to SharePoint deployments, whether properly conceived or not, it is always best to stop and examine your options.  It is always going to be best to take a bit of time up front to save a complete rebuild later.

The moral of the story

When cooler heads prevail, everyone comes out alive, and with a reasonably interesting story to share.  Think before you act, and in our world, before you implement.