5. Performing Basic Administrative Tasks
There are two types of administrative
tasks that are needed in a SharePoint installation: tasks that need to
be completed once and from any server, such as creating a new Web
application, configuring the primary owner of a site collection, or
deleting a specific website; and tasks that need to be completed more
than once on a specific server or on more than one server, such as
starting a service on a server, adding or removing a server from the
farm, or connecting the server to a specific configuration database.
The majority of work you will need to complete as a SharePoint
administrator is of the first type—it does not matter which server you
are logged on to, because you can complete your work from any server.
Windows PowerShell makes it
easier to complete both types of administrative tasks. You can loop
around a large number of objects and incorporate the scripts into
automated tasks so that administrative tasks can be completed in less
time. Just because administrative tasks may be easy to complete using
Windows PowerShell, however, you should not allow its use to circumvent
the controls you may have in place. Some of these farm-wide tasks are
very dangerous; they can affect the whole installation. In a production
environment, such tasks should be under strict change management.
Note:
BEST PRACTICE
Many organizations allow administrative tasks to be completed only by
using remote access to the production servers. Computer room access is
strictly controlled, so interactive access at the server console is
rarely allowed—usually only for hardware-related issues. In such
environments, even remote access to the production servers is
restricted to a small number of Administrative computers, which
administrators have to connect to using a VPN or Remote Desktop. An
Administrative computer should be configured to allow only certain
users or IP addresses to instigate remote desktop sessions. If this is
your scenario, remotely managing your SharePoint Installation using
Windows PowerShell should also be restricted to that Administrative
computer. Windows PowerShell has a number of built-in capabilities that
can help you reduce the risk of tasks that affect the whole of a
SharePoint installation.
Windows PowerShell provides a
number of “voluntary” capabilities that could be classified as best
practices. In the next sections, you will learn more about two of
these, the –whatif parameter and transcripts.
5.1. Using the–whatif Parameter
Windows PowerShell is a
powerful tool, and like any other scripting language, it is all too
easy to borrow someone else’s code or download snippets from the
Internet. You might then execute them without knowing exactly what they
do. Using signed scripts and the Windows PowerShell execution policy,
as well as restricting who is allowed to load script files onto your
SharePoint server, are ways that you can protect your resources.
Windows PowerShell provides a mechanism that allows you to try a command before you execute it—the –whatif parameter. Type the following command.
PS C:\Users\Peter> Get-SPSite http://teams/sites/* | Remove-SPSite -whatif
This command produces
the following sample output that lists all site collections and the
operation(s) that would be performed on these objects if you executed
the command without the –whatif parameter.
What if: Performing operation "Remove-SPSite" on Target "http://teams/sites/Sales".
What if: Performing operation "Remove-SPSite" on Target "http://teams/sites/Blogs".
What if: Performing operation "Remove-SPSite" on Target "http://teams/sites/Finance".
What if: Performing operation "Remove-SPSite" on Target "http://teams/sites/Wikis".
What if: Performing operation "Remove-SPSite" on Target "http://teams/sites/HR".
Nothing has been deleted by trying the command with the –whatif parameter. The parameter tells the Remove-SPSite
cmdlet to display the object that would be affected by the command
without performing the command. In this example, it displays the
objects that would be permanently deleted.
5.2. Generating Transcripts
A pair of Windows PowerShell cmdlets, Start-Transcripts and Stop-Transcripts,
allows you to record all the commands that you type at the prompt,
together with the output. All activity is recorded between the start
and stop commands. If you do not type stop,
the transcript is terminated when the console session is terminated.
This could be very useful in your production environment, where the
machine-wide profile contains the Start-Transcript cmdlet to record the
Windows PowerShell activities of all users. The recording to the
transcript file is complete when they exit the console.
Note:
Don’t use a Windows
PowerShell cmdlet or script for the first time in a production
environment. Also, try to keep it simple—don’t use or create aliases if
scripts are going to be supported by administrators who are new to
Windows PowerShell, and always use Windows PowerShell comments when you
create or amend scripts.
Sometimes even experienced
IT professionals can use the built-in cmdlets incorrectly with serious
consequences, especially when cmdlets are used in combination with the
pipe character. For example, if you type Get-SPSite | Remove-SPSite,
all site collections in your farm will be permanently deleted.
Everything—all the data in your lists and libraries, and all the
content in your websites—would simply be gone. One likely result of
this action is that all your help desk telephone lines would
immediately ring. If one of the websites that disappeared was your main
e-commerce Internet website, your company could quickly lose a great
deal of money, and perhaps more importantly, the company could lose
potential customers who might never return. To restore your farm, you
would need your latest good backup tapes. The lesson of this example is
simple: always use the –whatif parameter first!
|