PowerShell: Advanced Profile


In my last post almost 6 months ago I spoke about PowerShell profiles, especially how I preferred a simple profile. If you are just doing some simple things that you need right away or aren’t administering an application like Azure, SharePoint or Office365 then you can suffice with the simple profile. Since I manage Office365 and the applications mentioned above I have morphed to a second profile that I now load to load everything that I need for those applications. The time entering my username and password for those accounts, saves on having to load a different PS1 or create a function to do it later. My thoughts about not creating the function is if I do it once the first time I can just continue working without stopping when I need to do something in those applications.

My previous profile looked like this:

set-location c:\Powershell
$a = (Get-Host).PrivateData
$a.ErrorForegroundColor = “green”
cls

Just your basic profile that sets my default location, and sets the color of the evil error message RED to easier to read GREEN on the blue background. Now for my work within all of the applications that I admin this is the profile I use:

set-location c:\PowerShell
$env:path += “;C:\PowerShell”
$host.ui.RawUI.WindowTitle = “Administrator – Sysadmin Mode”
$Shell = $Host.UI.RawUI
$a = (Get-Host).PrivateData
$a.ErrorForegroundColor = “green”
import-module MSOnline
Import-Module AzureAD
Import-Module AzureADPreview
Import-Module ‘C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell’
$cred = Get-Credential
Connect-MsolService -Credential $cred
Connect-AzureAD -Credential $cred
Connect-SPOService -Url https://company-admin.sharepoint.com -Credential $cred

So, that is a lot more involved, but I only interact with the loading of the profile once at the line: $cred = Get-Credential, which is where I enter my credentials for Office365. Obviously our AzureAD is connected to Office365 which includes our SharePoint too so I only need to enter my credentials once.

First a disclaimer: I close this profile shell when I leave the computer even though I lock the computer screen.  This is best practice so that if anyone gains access to my workstation, they do not gain access to my Sysadmin account in PowerShell to do damage. We change our passwords on a regular basis to prevent access as is also best practice, but anything you can do to lower a hackers attack surface the better.

So, what does this all do? Well that is a pretty good question.

  1. I set the default location of my console as my PowerShell folder that contains all my scripts.
  2. I add the PowerShell folder to the system path
  3. Change the title of the shell to let me know I am running in Sysadmin mode.
  4. Set the system shell as the current console
  5. Set the error color to green
  6. Import all the Modules I need to make sure they do get loaded, including the SharePoint Module that is an MSI install
  7. Store my credentials for this session for use logging in
  8. Connect to all the services using the credentials I supplied. The SharePoint SPOService would need you to replace the word “company” with your company name.

 

I believe that this front end work saves me a lot of time when I have to do something in SharePoint or the SAAS client or AzureAD.

 

Advertisements