Category: PowerShell

PowerShell Remoting over SSH in PowerShell 7

Enable PowerShell SSH Remoting in PowerShell 7

In this blog post, we will have a look at how you can enable and set up PowerShell SSH Remoting or PowerShell Remoting over SSh with PowerShell 7. With PowerShell Core 6, Microsoft introduced PowerShell 7 Remoting over SSH, which allows true multiplatform PowerShell remoting between Linux, macOS, and Windows. PowerShell SSH Remoting creates a PowerShell host process on the target machine as an SSH subsystem. Normally, Windows PowerShell remoting uses WinRM for connection negotiation and data transport. However, WinRM is only available on Windows-based machines.

There are also some downsides to it. SSH-based remoting doesn’t currently support remote endpoint configuration and JEA (Just Enough Administration). It is also important to understand that this is not just another PowerShell SSH client.

Use SSH Transport with PowerShell Remoting

To use PowerShell 7 remoting with SSH on Windows, Linux, and macOS machines, you can use the same cmdlets you are already familiar from Windows PowerShell remoting with WinRM.

  • New-PSSession
  • Enter-PSSession
  • Invoke-Command

There are three new parameters for these cmdlets if you are using PowerShell SSH remoting.

  • -HostName (Instead of -Computername, you define the SSH target)
  • -UserName (Instead of -Credentials you use the -UserName parameter)
  • -KeyFilePath (If you are using SSH key authentication you can use the -KeyFilePath parameter to point to the key file)
New-PSSession -HostName tomsssh.server.com -UserName thomas


Customize Windows Terminal

My Customized Windows Terminal Settings.json

This is just a very quick blog post to share my customized Windows Terminal settings.json, and it should give you an idea of how you can customize the Windows Terminal for your needs. The new Windows Terminal for Windows 10 which is open-source and you currently can get it from the Windows Store. The new Windows Terminal lets you run different shells like Windows PowerShell, PowerShell 7, Command Prompt, WSL, and also WSL 2. It provides a couple of improvements like; multiple tabs support, GPU accelerated DirectWrite/DirectX-based text rendering engine, and much more. For me, one of the biggest advantages are the advanced customizing and configuration options, which allow you to configure the Windows Terminal settings using a profiles.json file.

Windows Terminal 1.0 was released on May 19, you can find more documentation here on Microsoft Docs.

I already shared a couple of blog posts on how you can customize your Windows Terminal experience:

Customized Windows Terminal Settings profiles json

Customized Windows Terminal Settings settings json



Add a PowerShell Remoting Session in the Windows Terminal Menu

Add a PowerShell Remote Session in Windows Terminal

I am sure you have heard about the new Windows Terminal, which is in preview, and you can get it from the Windows Store. In this blog post, I want to share how you can add a PowerShell remote session to the drop-down menu in the Windows Terminal when you open a new tab. The new Windows Terminal is highly customizable and it allows you to run different shells like the classic command prompt, Windows PowerShell, PowerShell 7, and also Windows Subsystem for Linux shells (I am using, for example, Ubuntu with the Windows Subsystem for Linux 2 (WSL 2)).

Scott Hanselman wrote a great blog post on how you can add tabs to open an SSH connection directly, so why not do the same thing with PowerShell? In my example, I will add a tab in Windows Terminal, which opens up a PowerShell remoting session (using WS-Management WSMan) to an Azure virtual machine (VM). However, this would work with every other machine which you can access using PowerShell Remoting.

Add a PowerShell Remote Session in Windows Terminal Tab

To get started, we need to open up the settings of the Windows Terminal. This will open up a settings.json file, which you can edit in your favorite editor, for example, Visual Studio Code. To add new “menu items,” you will need to add a profile to the profiles array in the JSON file. In my case, I will add two to different menu items, once I am going to do a PowerShell remoting session to an Azure VM using Windows PowerShell and in the other, I am going to use PowerShell 7.

Windows Terminal Settings profiles

Windows Terminal Settings profiles

You can see here the following to profile entries:

Remote Session using Windows PowerShell 5.1

{
"name":  "PS Thomas AzureVM",
"tabTitle": "PS Thomas Maurer AzureVM",
"commandline": "powershell.exe -NoProfile -NoExit -Command Enter-PSSession -ComputerName azurevmps.westeurope.cloudapp.azure.com -Credential thomas",
"icon": "C:/Users/thoma/Downloads/AzureVMIcon32.png"
},

Remote Session using PowerShell 7

{
"name":  "PS Thomas AzureVM",
"tabTitle": "PS Thomas Maurer AzureVM",
"commandline": "pwsh.exe -NoProfile -NoExit -Command Enter-PSSession -ComputerName azurevmps.westeurope.cloudapp.azure.com -Credential thomas",
"icon": "C:/Users/thoma/Downloads/AzureVMIcon32.png"
},

As you can see, we define the profile name and the tab title in for the Windows Terminal entry. We have the command line command here, which starts the PowerShell remoting session. The command opens a PowerShell session to a specific computer or server using the ComputerName parameter and the Credential parameter for the credentials. In my case, I am connecting to an Azure VM with the name azurevmps.westeurope.cloudapp.azure.com (could also be an IP address) and the username Thomas. The last thing I add is a small icon (32×32 pixel) since I am connecting to an Azure VM, I took the Azure VM icon.

In this scenario, I am using PowerShell Remoting over HTTP, you can use the same thing for your connections using PowerShell Remoting over HTTPS or even PowerShell Remoting over SSH which are way more secure, and should be used for your connections. If you are looking to create the same Windows Terminal menu entry using a simple SSH connection, check out my blog post here.

Now your Windows Terminal drop-down menu will look like this:

Add a PowerShell Remote Session in Windows Terminal Tab

Add a PowerShell Remote Session in Windows Terminal Tab

By selecting one of these profiles, you will automatically open a PowerShell remoting session to a specific computer or server in Windows Terminal.

Windows Terminal - Azure virtual machine VM PS Remote Session

Windows Terminal – Azure virtual machine VM PS Remote Session

I hope this gives you an idea of how you can add a PowerShell remote session in Windows Terminal menu. If you want to know more about the Windows Terminal, check out the following blog, and if you have any questions, please feel free to leave a comment.

If you want to know more about what’s new in PowerShell 7, or if you want to learn more about how to customize the Windows Terminal, check out my blog.



Run Azure PowerShell in a Docker Container Image

Run Azure PowerShell in a Docker Container

Yesterday, the Azure PowerShell team announced the Azure PowerShell Docker Container images. In this post, I want to quickly highlight that announcement and show you how you can download, pull, and run Azure PowerShell in a Docker container image from Microsoft.

But first, let’s talk about why you would want to run an Azure PowerShell in a Docker container. Azure is continuously evolving, and the Azure PowerShell team releases a new version of the Azure PowerShell modules every three weeks. This makes it challenging to maintain a production or development environment up to date and ensuring the smooth execution of scripts. With the Azure PowerShell docker container image, you can quickly run scripts against a specific version of Azure PowerShell.

The team highlights the current scenarios:

  • On the same machine, you can run scripts that are using a different version of Az with no conflicts.
  • You can test a script against a different version of Az with no risks.
  • You can run the latest container image interactively.


Azure Policy

Keep control of your Azure environment with Azure Policy

Keeping control of your Azure environment and your Azure tenant can be challenging. Azure Policy is a fundamental part of Azure Governance to maintain control of your environment. With Azure Policy, you can enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. For example, you can limit the deployment to specific virtual machines types and sizes, or block different Azure regions from being used. You can still give developers and IT Pros access to the Azure environment and subscriptions but always stay in control.

  • Real-time policy enforcement and evaluation
  • Cloud policy management and security at scale
  • Automated remediation of existing resources
  • Comprehensive compliance view of all your resources across your Azure subscriptions

You use Azure Policy not just to enforce rules, but also to only audit your environment. This enables you to see the resources which are not compliant with your company policies instead of just blocking the deployment.

Have a look at my other blog posts about:

Cloud-Native Governance

Cloud-Native Governance

Why not just use RBAC?

Azure Policy is complementary to role-based access control (RBAC), and are both part of the overall Azure Governance tools.

There are a few key differences between Azure Policy and role-based access control (RBAC). RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to that resource group. Azure Policy focuses on resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default allow and explicit deny system.



Microsoft Virtual Training Day NL

Speaking at the Microsoft Virtual Training Day NL

I am happy to let you know that I will be speaking at the free Microsoft Virtual Training Day NL online event on Wednesday, March 11th. You might have heard that Microsoft Ignite The Tour Amsterdam was canceled due to COVID-19. Microsoft Virtual Training Day NL is an alternative to speed you up and support you in your technical skills. This day will be full of technical sessions based on our Microsoft Learning Paths from Microsoft Ignite The Tour.

Join us during this digital event to get inspired and to learn from our technical specialists. We have great (inter)national speakers that will bring exclusive content and demos to you. Microsoft Ignite The Tour Amsterdam got cancelled due to COVID-19. Microsoft Virtual Training Day | NL is an alternative to speed you up and support you in your technical skills.

Explore the tracks

We offer 7 tracks including 5 sessions per track, based on the Learning Paths of Azure Cloud Native, Azure Data, Azure Infra & Ops, Business Applications, Power Platform, Modern Workplace and Surface. On the day itself you can join sessions of different tracks. Please see below the summarized schedule with all sessions.

I will be presenting in the Azure Infra & Ops track, which you can register here. You can now watch some of the Microsoft Ignite The Tour sessions online!

Azure Infra & Ops

Understand key cloud concepts and core services, and learn how Microsoft Azure allows you to build applications with the full power and resilience of the cloud. Also, learn how to migrate existing VM workloads to Azure and define governance, security, and policies for your Azure environment.

Migrating IaaS workloads to Azure

Now that the migration of their server hosts from Windows Server 2008 R2 to Windows Server 2019 is complete, Tailwind Traders wants to begin the process of “lift and shift”: migrating some of their on-premises VMs they’ve been running in their datacenter. In this session, learn about how Tailwind Traders began the process of migrating some of their existing VM workloads to Azure and how this allowed them to retire aging server hardware and close datacenter and server rooms that were costing the organization a substantial amount of money.

Azure governance and management

Tailwind Traders’ deployments are occurring in an ad hoc manner, primarily driven by lack of protocol and unapproved decisions by various operators or employees. Some deployments even violate the organization’s compliance obligations, such as being deployed in an unencrypted manner without DR protection. After bringing their existing IaaS VM fleet under control, Tailwind Traders wants to ensure future deployments comply with policy and organizational requirements. In this session, walk through the processes and technologies that will keep Tailwind Traders’ deployments in good standing with the help of Azure Blueprints, Azure Policy, role-based access control (RBAC), and more.

Hybrid management technologies

Tailwind Traders has now migrated the majority of their server hosts from Windows Server 2008 R2 to Windows Server 2019. Now, they are interested in the Azure hybrid technologies that are readily available to them. In this session, learn how Tailwind Traders began using Windows Admin Center and Azure Arc to manage its fleet of Windows Server computers and integrated hybrid technologies, such as Azure File Sync, Azure Site Recovery, and Azure Update Management, to improve deployment performance and manageability.

If you want to watch the Microsoft Ignite The Tour sessions online, join us online for the Microsoft Virtual Training Day NL event. I hope to see you there virtually!



PowerShell ISE Mode in Visual Studio Code

How to use PowerShell ISE Mode in Visual Studio Code

If you are writing PowerShell code, you might have realized that there weren’t really improvements to the PowerShell Integrated Scripting Environment (PowerShell ISE) in the last couple of releases. With PowerShell becoming more popular on cross-platform systems, Visual Studio Code (VS Code) becomes the editor of choice. However, by default Visual Studio Code has a different behavior than the PowerShell ISE. To make it even easier, the latest PowerShell extension for Visual Studio Code, now includes PowerShell ISE Mode. PowerShell ISE Mode in Visual Studio Code, helps you to replicate and enable the settings from the following Microsoft Docs article: How to replicate the ISE experience in Visual Studio Code.

The ISE was first introduced with Windows PowerShell V2 and was re-designed with PowerShell V3. The ISE is supported in all supported versions of Windows PowerShell up to and including Windows PowerShell V5.1.

The PowerShell ISE is no longer in active feature development. As a shipping component of Windows, it continues to be officially supported for security and high-priority servicing fixes. We currently have no plans to remove the ISE from Windows.

There is no support for the ISE in PowerShell v6 and beyond.