PowerShell Transcripts


Do you test cmdlets in a PowerShell window? Do you just do something that you know should work and it doesn’t? Have you ever thrown the kitchen sink at a problem and all of a sudden your script is working? I bet you just closed the PowerShell window you were working in and lost all that work, because I’ve done it before.

Well, once bitten, twice isn’t gonna happen. Why? Because I’ve added the Start-Transcript cmdlet to my profile. It’s that simple, no muss, no fuss. There are a lot of different parameters that you can set with Start-Transcript such as:

  • [-OutputDirectory <String>]
  • [-Append]
  • [-Force]
  • [-NoClobber]
  • [-IncludeInvocationHeader]
  • [-WhatIf]
  • [-Confirm]
  • [[-LiteralPath] <String>]
  • [[-Path] <String>]

I dislike the naming convention that is default with PowerShell so I have added the Start-Transcript with the following bit of code

$a = (Get-Date).ToString(‘Mdy’)

Start-Transcript -Path C:\PowerShell\Transcript\$a”_transcript.txt” -append

What I’m doing is storing the current date in a variable as a string of just the month, day, and year which when you run $a will look something like “4619“, which is April 6th 2019. I then start the transcript with the -path parameter to my powershell\transcript folder with the name 4619_transcript.txt. I also use the -append  parameter in case I quit my powershell session during that day. Using append will just continue with the same transcript and avoid an overwrite of the file or an error.

Overall this is for me is easier to understand and find. I hope this helps you and gives you some idea’s for improvements to what I’ve shown you. Let me know in the comments if you have any enhancements.

PowerShell: Advanced Profile


In my last post almost 6 months ago I spoke about PowerShell profiles, especially how I preferred a simple profile. If you are just doing some simple things that you need right away or aren’t administering an application like Azure, SharePoint or Office365 then you can suffice with the simple profile. Since I manage Office365 and the applications mentioned above I have morphed to a second profile that I now load to load everything that I need for those applications. The time entering my username and password for those accounts, saves on having to load a different PS1 or create a function to do it later. My thoughts about not creating the function is if I do it once the first time I can just continue working without stopping when I need to do something in those applications.

My previous profile looked like this:

set-location c:\Powershell
$a = (Get-Host).PrivateData
$a.ErrorForegroundColor = “green”
cls

Just your basic profile that sets my default location, and sets the color of the evil error message RED to easier to read GREEN on the blue background. Now for my work within all of the applications that I admin this is the profile I use:

set-location c:\PowerShell
$env:path += “;C:\PowerShell”
$host.ui.RawUI.WindowTitle = “Administrator – Sysadmin Mode”
$Shell = $Host.UI.RawUI
$a = (Get-Host).PrivateData
$a.ErrorForegroundColor = “green”
import-module MSOnline
Import-Module AzureAD
Import-Module AzureADPreview
Import-Module ‘C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell’
$cred = Get-Credential
Connect-MsolService -Credential $cred
Connect-AzureAD -Credential $cred
Connect-SPOService -Url https://company-admin.sharepoint.com -Credential $cred

So, that is a lot more involved, but I only interact with the loading of the profile once at the line: $cred = Get-Credential, which is where I enter my credentials for Office365. Obviously our AzureAD is connected to Office365 which includes our SharePoint too so I only need to enter my credentials once.

First a disclaimer: I close this profile shell when I leave the computer even though I lock the computer screen.  This is best practice so that if anyone gains access to my workstation, they do not gain access to my Sysadmin account in PowerShell to do damage. We change our passwords on a regular basis to prevent access as is also best practice, but anything you can do to lower a hackers attack surface the better.

So, what does this all do? Well that is a pretty good question.

  1. I set the default location of my console as my PowerShell folder that contains all my scripts.
  2. I add the PowerShell folder to the system path
  3. Change the title of the shell to let me know I am running in Sysadmin mode.
  4. Set the system shell as the current console
  5. Set the error color to green
  6. Import all the Modules I need to make sure they do get loaded, including the SharePoint Module that is an MSI install
  7. Store my credentials for this session for use logging in
  8. Connect to all the services using the credentials I supplied. The SharePoint SPOService would need you to replace the word “company” with your company name.

 

I believe that this front end work saves me a lot of time when I have to do something in SharePoint or the SAAS client or AzureAD.