Computers running Windows 7
or Windows 2008 R2 or later include Windows PowerShell 2.0 and Windows
Remote Management (WinRM) 2.0. If you want to manage computers using
earlier operating systems locally or remotely using Windows PowerShell,
you will need to install both Windows PowerShell 2.0 and WinRM 2.0.
1. Installing Windows PowerShell 2.0 and WinRM 2.0
A copy of Windows PowerShell 2.0, together with WinRM 2.0, can be downloaded from http://support.microsoft.com/default.aspx/kb/968929.
Ensure that you obtain the correct version; for example, if you install
SharePoint on the 64-bit version of Windows Server 2008, you need to
download and install the Windows 2008 x64 version of Windows PowerShell
2.0 and WinRM 2.0. After they are installed, you will find the
executable for the Windows PowerShell ISE in the folder
%SystemRoot%\System32\WindowsPowerShell\v1.0.
Note:
If you going to be a heavy user
of ISE, consider placing a shortcut for this program on your taskbar.
On the Start menu, right-click Powershell_ise.exe and then select
either Pin To Taskbar or Pin To Start Menu.
To use Windows PowerShell ISE
on Windows 2008 R2, you need to add the Windows PowerShell ISE feature.
This feature can be added using Windows PowerShell commands or the
Server Manager. After you have installed SharePoint 2010 or SharePoint
Foundation 2010, perform the following steps.
Using Windows PowerShell, enter the following commands.
Import-Module Servermanager; Add-WindowsFeature "PowerShell-ISE"
Using Server Manager, complete the following procedure.
Start the Server Manager, click Features, and then select Add Features.
In
the middle pane of the Add Features Wizard, select the check box for
Windows PowerShell Integrated Scripting Environment (ISE) as shown in Figure 1 and then click Next.
On the Confirmation Installation Selection screen, click Install.
On the Installation Results screen, click Close.
Note:
You may need to restart your server after the installation completes.
2. Working Within Your Execution Policy
Windows PowerShell is a
powerful tool, and as with any other scripting language, it is all too
easy to borrow someone else’s code or download snippets from the
Internet. Also, because the code files are just text files, it is easy
for anyone to modify them and inject malicious code. Therefore, Windows
PowerShell has a built-in security feature called execution policy
that you can set on a per-user basis, and these settings are saved in
the registry. To view your execution policy, type the following command
in the Microsoft SharePoint 2010 Management Shell.
Get-ExecutionPolicy
If you are running the
Management Shell on a SharePoint server, it is likely that the output
from such a command is RemoteSigned, which means that you can run any
commands interactively and you can use any scripts that are stored on
the computer where you are logged in. However, if you want to run
configuration files or scripts from remote sources, they need to be
signed. You can change the execution policy if you start the Windows PowerShell console as an administrator and use the Set-ExecutionPolicy cmdlet, or you can change the registry key as follows.
HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
Note:
SECURITY ALERT
The registry key is useful in conjunction with an Active Directory
Group Policy. Manual modifications to the registry should be avoided,
especially when Microsoft provides a cmdlet to configure Windows
PowerShell execution policy.
To sign scripts, use the Set-AuthenticodeSignature
cmdlet, which can be used to add an Authenticode signature to a Windows
PowerShell script or other file.
In an organization that has
multiple environments, such as development, system integration, user
acceptance test (UAT), pre-production, and production, consider the
need to sign code on your production and UAT farms at minimum. You
should also review the execution policy settings for these farms. You
can set the execution policy in a Group Policy Object that targets
either users or computers so that it cannot be overridden when someone
logs on to your SharePoint servers.
Note:
MORE INFO
For more information on Windows PowerShell execution policies and
signing scripts, see the TechNet article “Heading Off Malicious Code”
at http://technet.microsoft.com/en-us/magazine/2008.01.powershell.aspx, or type Get-Help about_Execution_Policies
at a Windows PowerShell command-line interface. There is also a blog
post that explains the process in detail. It is “ALLSigned: Signing
Your PowerShell Scripts” and can be found at http://sharepoint.microsoft.com/blogs/zach/Lists/Posts/Post.aspx?ID=53.
Note:
If you are using Windows 7 as
your desktop and you want to remotely manage Windows Server 2008 R2 for
your SharePoint servers, you need the Remote
Server Administration Tools (RSAT), which is required for the new Group
Policy features and supports Windows PowerShell. RSAT is available from
the Microsoft Download Center at http://www.microsoft.com/downloads. For more information, go to http://technet.microsoft.com/en-us/library/dd367853.aspx and http://trycatch.be/blogs/roggenk/archive/2009/06/08/installing-windows-7-rsat-unattended.aspx.