Rokett's musings

PowerShell, or at least Windows PowerShell, is somewhat behind the times, because it is based on .Net 4.x, in terms of supporting newer encryption protocols when access secure websites. By default .Net 4.x only supports up to TLS 1.1, but PowerShell still seems to be locked to TLS 1.0. So when attempting to either Invoke-WebRequest or Invoke-RestMethod you may receive an error message back saying The request was aborted: Could not create SSL/TLS secure channel.

When you’re behind a corporate proxy server which uses NTLM, you will probably find that PowerShell is unable to connect to the internet. Sometimes this will just silently fail, which sucks, and other times you’ll receive an error. In order to prove there is a problem, try the following request. Invoke-WebRequest -Uri https://www.google.com/ The problem happens because an NTLM proxy server expects that user credentials will be passed for authentication purposes.

Throwing exceptions when an error occurs is a useful way of providing context to whatever the problem is and therefore allowing the consumer to get meaning from the error. Ideally an exception would be accompanied with an exception type, but how do you know what exception types are available in PowerShell? [System.AppDomain]::CurrentDomain.GetAssemblies() | ForEach-Object { Try { $_.GetExportedTypes() | Where-Object { $_.Fullname -match 'Exception' } } Catch {} } | Sort-Object -Property FullName | Select-Object -Property FullName The above code will output all of the available exception types for you to choose the most appropriate.

First things first….calling this article best practices may be a bit strong. This is more about the way I like to secure access to KeePass; I’m sure things could be done differently or better, but it works for my organisation. KeePass is a great tool. For teams, or individuals, needing to store passwords, and other data, in a truly secure way KeePass comes out on top. Unless unlocked with a master password, or a keyfile, or both, the information contained within the database is kept encrypted (using AES and Twofish) to secure it from prying eyes.

Iterating over a PowerShell hashtable….it’s not as easy as a simple ForEach loop; a hashtable isn’t like an array. So how do you iterate over a hashtable? It’s actually really easy as there is a method on the hashtable object called GetEnumerator(). Iterating a hashtable using the GetEnumerator() method sends each key/value pair to the pipeline. $hashtable = @{ 'key1' = 'value1' 'key2' = 'value2' 'key3' = 'value3' } $hashtable.GetEnumerator() | ForEach-Object { Write-Host "$_.

Let’s talk about array manipulation in PowerShell; specifically adding to an array within a loop. You’re probably used to initialising the array like so; $arr = @() and then adding new entries to it from within a loop by $arr += $newEntry. That works but holy hell is it slow! Not only is it slow but it eats CPU and memory resources. Why? Well I’m no expert on the inner workings of PowerShell but it’s because arrays are not able to be changed in PowerShell.

PowerShell is a powerful beast; the pipeline is crazy clever in terms of acting on many objects at once with a single command, but unless you’re really trying to do a one-liner there are other faster ways of doing things. Take the humble ForEach loop for example. The pipeline way of doing things is actually the slowest, whilst the more traditional programming way of doing things is much faster. How much faster?

The Invoke-Command PowerShell cmdlet is pretty handy. It allows you to run commands from your local system as if they were being run on a remote system. Here’s a simple example: Get-Service -DisplayName 'Task Scheduler' This retrieves the Task Scheduler service. It runs locally on whichever computer you used the command from. But what if you wanted to get the Task Scheduler service on a remote computer? Sure you could do this (which would run the command against the computer called server01):

This site is hosted on GitHub Pages. I wanted to be able to just be concerned with writing articles and commiting them to the repository; I didn’t particularly want to have to build the site locally and then commit that to the master branch. That’s where Travis-CI came in. Travis-CI is a continuous integration platform which can link into GitHub and take action based on commits to the repository. In essence my workflow is as follows:

What is the best way to structure a PowerShell module? Realistically there is no such thing, however I have a structure which works for me; it provides a standard which is followed within my organisation and covers any modules I create. Standard practices are good…doing things differently each and every time makes understanding how something is working very difficult. So what’s the structure? Let’s look at that structure a bit more.