PS and WinRM on 1000+ machines
Gerry Hickman
One of the big strengths of scripting WSH / COM was that you could
guarantee it would work on ANY Windows box without having to manage
component versions across hundreds/thousands of machines. This could be
useful for things like Logon Scripts, and essential for certain types of
remote management that are not exposed via DCOM such as MSIEXEC and WUA.
To run those tasks against thousands of machines you'd need execute the
script locally, but triggered from the remote box, and pipe the output
back to the admin box or a centralized logging station. It was never an
issue because it was all built-in from Win2k onwards. An other aspect to
this is being able to copy a script to a remote box and then enable it
to run on a schedule.
To me, it was a reason why PERL was never a good option for Windows;
you'd have to maintain it across hundreds/thousands of machines.
Now with PowerShell v2 the scripts can be remotable. The first question
to ask is why it's even needed?
Logon Scripts?
Scheduled tasks?
Components that can't be remoted?
The second question is how can you maintain PS and remoting across
hundreds/thousands of machines?
1. Getting it installed to every box elevated in the first place
2. Enabling WinRM
3. Enabling all the policies
4. Being aware of PS profiles getting out-of-synch on each box
5. Upgrading it on every box every five minutes (e.g. PS 2.01)
6. Security considerations of each of the above
--
Gerry Hickman (London UK)
Marco Shaw [MVP]
> you'd have to maintain it across hundreds/thousands of machines.
>
> Now with PowerShell v2 the scripts can be remotable. The first question
> to ask is why it's even needed?
>
> Logon Scripts?
> Scheduled tasks?
> Components that can't be remoted?
Today, with v1, remoting can be done to a certain extent via WMI, ADSI,
.NET, but it doesn't provide a consistent interface. Wouldn't it be
nice to be able to run the same exact command on your local machine, as
it would be run remotely? Except for needing to call it with
start-psjob or new-runspace...
> The second question is how can you maintain PS and remoting across
> hundreds/thousands of machines?
>
> 1. Getting it installed to every box elevated in the first place
> 2. Enabling WinRM
> 3. Enabling all the policies
> 4. Being aware of PS profiles getting out-of-synch on each box
> 5. Upgrading it on every box every five minutes (e.g. PS 2.01)
> 6. Security considerations of each of the above
>
If you have that many machines, you should have some kind of mass-system
management application? Some of the above also boils down to how do you
patch all of these systems.
What you would likely need is to set group policies. In addition, for
PowerShell stuff and managing systems, there's also:
http://www.specopssoft.com/
--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp
PowerGadgets MVP
http://www.powergadgets.com/mvp
Hal Rottenberg
> Now with PowerShell v2 the scripts can be remotable. The first question
> to ask is why it's even needed?
> The second question is how can you maintain PS and remoting across
> hundreds/thousands of machines?
>
> 1. Getting it installed to every box elevated in the first place
> 2. Enabling WinRM
> 3. Enabling all the policies
> 4. Being aware of PS profiles getting out-of-synch on each box
> 5. Upgrading it on every box every five minutes (e.g. PS 2.01)
> 6. Security considerations of each of the above
Good questions! I plan on discussing them with my co-host Jonathan on the
podcast (see url below), that will be released on or around March 1st.
--
Hal Rottenberg
Blog: http://halr9000.com
Webmaster, Psi (http://psi-im.org)
Co-host, PowerScripting Podcast (http://powerscripting.net)
Gerry Hickman
>> 1. Getting it installed to every box elevated in the first place
>> 2. Enabling WinRM
>> 3. Enabling all the policies
>> 4. Being aware of PS profiles getting out-of-synch on each box
>> 5. Upgrading it on every box every five minutes (e.g. PS 2.01)
>> 6. Security considerations of each of the above
> Good questions! I plan on discussing them with my co-host Jonathan on
> the podcast (see url below), that will be released on or around March 1st.
It sounds great! I hope there's a text transcript. I'm no fan of
"podcast" gimmicks.
> Co-host, PowerScripting Podcast (http://powerscripting.net)
But this site is full of pop-ups and silly offers to win "fabulous
prizes". Surely this isn't the correct site I'm supposed to visit for
serious PowerShell news and topics?
Hal Rottenberg
> It sounds great! I hope there's a text transcript. I'm no fan of
> "podcast" gimmicks.
While I do post at length in this newsgroup when I can, I won't be
doing so in this thread necessarily just because I haven't had time.
And as for text transcript, I'm afraid that's not gonna happen unless
a volunteer were to do it. :)
Well, the audio format may not be for everyone, but we try really hard
to release an educational show which is somewhat entertaining and easy
to listen to. Jonathan and I are really receptive to feedback, so if
you do listen and have any constructive feedback by all means send it
on.
> > Co-host, PowerScripting Podcast (http://powerscripting.net)
>
> But this site is full of pop-ups and silly offers to win "fabulous
> prizes". Surely this isn't the correct site I'm supposed to visit for
> serious PowerShell news and topics?
Funny you should mention that. I run Firefox with popup blocking and
ad blocking on myself, and Jonathan does something similar in IE7. We
were both about to get amazingly angry if we found that Wordpress.com
served popup ads. So, we both just turned all that stuff off and hit
reload. Nope, no popups. I'm afraid you might have some spyware on
your box, Gerry!
But other than that, you just read the title of one of the shows.
Scroll down half a page and read the show notes, man! You'll we're
quite serious about what we go into. However, I'm not a very serious
guy, so I like to make light of just about anything. The whole "win
fabulous prizes" thing was totally tongue in cheek.
I hope you give our podcast a chance! We'd love to hear any feedback
you may have.
-hal
Gerry Hickman
The pop-ups are from Wordpress, they occur when hovering the mouse over
certain hyperlinks (unrelated to the ads) on the page. Some of them even
have 404 errors instead of content. For me, this makes it an amateur site.
Hal Rottenberg
> The pop-ups are from Wordpress, they occur when hovering the mouse over
> certain hyperlinks (unrelated to the ads) on the page. Some of them even
> have 404 errors instead of content. For me, this makes it an amateur site.
Ahhh, I see what you mean. One of these:
http://halr9000.com/images/screenshots/wp-ad.gif
Somewhat annoying, I have to agree. Yeah, those are blocked wonderfully by
Firefox (or the Adblock extension) so I had never noticed them. I imagine the
same can be done on IE. I guess they (wordpress.com) want to pay their bills
that way, because the service is after all, free. More power to them, the
service is very solid.
Not to worry though, we're moving off to a real webhost in the very near future.
Seriously though, I hope you give our content a chance. Even if you don't,
I'd like others who haven't killed this thread by now to realize that feedback
from listeners--and potential ones--is important. Consider yours noted and
action soon to be taken as a result.
And I promise that any gimmicks on the new site will only be the intentionally
silly kind, not the unintentionally silly kind. :)
If you don't mind Gerry, drop me a line at my personal email address hal @
halr9000.com (man, I love Gmail's spam filtering), I would not mind continuing
this conversation on the side, as it were.
Thanks again.
-hal
--
Hal Rottenberg
Blog: http://halr9000.com
Webmaster, Psi (http://psi-im.org)
Gerry Hickman
Sounds good about the new host and less gimmicks!
I don't use Microsoft's IE (yuk!) It still allows ActiveX instantiation,
and Microsoft are the worst offender of trying to install unwanted
ActiveX controls (e.g. WGA and MSDN download managers). I'm currently
using Mozilla SeaMonkey, I could probably adjust the pop-up blocker, but
I'd rather just avoid sites with those kind of ads in that quantity.
--
Gerry Hickman (London UK)