> pshdo

Carbon 1.9.0 Released

Carbon 1.9 is out and is backwards compatible with 1.0 through 1.8. It supports PowerShell 2 and 3.

Download

This is the last minor release for version 1.0. Future 1.0-compatible releases will only contain bug fixes, no new features. It takes too much time to maintain two versions, and I’d rather spend my time getting 2.0 out the door. Carbon 2.0 will require PowerShell 4.0, so start planning.

Enhancements

Certificates

  • Added KeyStorageFlags parameter to Get-Certificate when loading a certificate from a file for better control when storing the certificate.

Hosts File

  • Set-HostsEntry now handles writing to an in-use/locked hosts file, retrying up to 10 times before writing an error, waiting a random amount of time (from 0 to 1000 milliseconds) between each retry attempt.

IIS

Scheduled Tasks

  • Created Get-ScheduledTask function for getting the scheduled tasks on the local computer using schtasks.exe.
  • Created Install-ScheduledTask function for installing a scheduled task using schtasks.exe.
  • Created Test-ScheduledTask function for testing if a scheduled tasks on the local computer exists using schtasks.exe.
  • Created Uninstall-ScheduledTask function for deleting a scheduled task using schtasks.exe.

Services

  • Install-Service now supports setting a command to run when a service fails.

Bug Fixes

General

  • Import-Carbon fails when -WhatIf switch is used.
  • Importing Carbon no longer writes an error if the PATH environment variable contains a path to a non-existent drive (issue #134).

INI

  • Set-IniEntry fails when adding the first section-less setting to a file.

Internet Explorer

Security

  • Fixed an error that occurs when setting permissions on a private key fails: the error message is created using an invalid format string (issue #133).
  • Fixed an exception that gets thrown when setting a private key’s permissions and the only certificate key is AT_SIGNATURE (issue #132).

Services

Carbon 2.0-alpha.26 Released

Overview

Our first public alpha release of Carbon 2.0 is out (version 2.0-alpha.26). The focus of version 2.0 is on making necessary, backwards-incompatible changes and adding DSC resources and functions. We still have some backwards-incompatible changes to make. before we get to the final version of 2.0.

Download from BitBucket.

The highlight of this release are seven new DSC resources:

and these DSC-related functions:

Enjoy!

Upgrade Instructions

This is a backwards-incompatible release.

  • Upgrade to PowerShell 4. (PowerShell 3 might work. We don’t know because we don’t have any computers available to test on.)
  • Remove usages of Complete-Job. We removed it because it was total crap. Use PowerShell’s Wait-Job cmdlet instead.
  • Grant-Permission now only grants permissions on an object if those permissions aren’t present. To preserve previous behaviour, add the -Force switch to all Grant-Permission usages.
  • The following commands now return objects to the pipeline. Depending on your usage, you may need to pipe their output to Out-Null, assign their return values to $null, or do nothing.
  • The following commands no longer return the stdout from various console applications. To see that output, use the -Verbose switch. Remove any usage of the output you were processing.
  • Set-SslCertificateBinding now returns Carbon.Certificates.SslCertificateBinding objects instead of netsh output. Update any code that uses the old Set-SslCertificateBinding output.
  • Ensure that all thumbprints passed to Set-SslCertificateBinding are valid (40 character hex strings).
  • Add the new -PasswordNeverExpires switch to usages of Install-User: it no longer sets the PasswordNeverExpires flag for a user by default.
  • Use the FullName property on objects returned by Resolve-Identity (nAce Resolve-IdentityName): it now returns a Carbon.Identity object instead of the identity’s name, e.g. Resolve-Identity -Name $userName | Select-Object -Expand 'FullName'.
  • Add -ErrorAction SilentlyContinue or -ErrorAction Ignore to usages of Resolve-Identity (nAce Resolve-IdentityName): it now writes an error if it can’t resolve a name.
  • Use the Sid property on objects returned by Test-Identity when using the PassThru switch: it now returns a Carbon.Identity object if the identity exists and you use the -PassThru switch, e.g. Test-Identity -Name $userName -PassThru | Select-Object -Expand 'Sid'.
  • Check that all IP addresses passed to Set-HostsEntry are valid IP v4 or v6 addresses. Set-HostsEntry’s IPAddress parameter is now a System.Net.IPAddress object. Previously it was a string validated with a regular expression, so you should be OK.
  • Remove the Exportable switch from any usages of Install-Certificate when installing from an X509Certificate2 object, since that switch only gets used when installing a certificate from a file.
  • Rename usages of [Carbon.AdvApi32] class to [Carbon.Service.ServiceSecurity].
  • Rename usages of [Carbon.Lsa] class to [Carbon.Security.Privilege].
  • Rename usages of [Carbon.Win32] class to [Carbon.FileSystem.Path].
  • Rename usages of [Carbon.HandleInfo] class to [Carbon.Win32.HandleInfo].
  • Remove usages of [Carbon.Lsa]::LookupPrivilegeValue class method. It was incorrectly exposed as a public method.
  • Remove usages of [Carbon.Kernel32]::LocalFree class method. It was incorrectly exposed as a public method.

Enhancements

Certificates

  • Remove-SslCertificateBinding now writes messages with Write-Verbose instead of Write-Host. Improved error handling.
  • Set-SslCertificateBinding now returns Carbon.Certificates.SslCertificateBinding object for the binding instead of netsh output. Improved error handling. Writes messages with Write-Verbose instead of Write-Host. Thumbprints are now validated.
  • The Exportable switch is now only allowed by Install-Certificate when installing a certificate from a file. Previously, you could supply the switch when installing from an X509Certificate2 object but it was ignored.

COM

  • Grant-ComPermission now returns a Carbon.Security.ComAccessRule. Also, it now writes messages with Write-Verbose instead of Write-Host.
  • Revoke-ComPermission now writes messages with Write-Verbose instead of Write-Host.

Computer

DSC

  • Created Carbon_EnvironmentVariable resource for creating/removing machine-level environment variables.
  • New Clear-DscLocalResourceCache function for clearing the local LCM’s DSC resource. This makes developing resources easier.
  • Created Carbon_IniFile resource for managing settings in INI files.
  • Created Carbon_FirewallRule resource for configuring firewall rules.
  • New Test-DscTargetResource function for comparing target/desired resource states across DSC resources.
  • Created Carbon_Privilege resource for configuring and identity’s privileges.
  • Created Carbon_Permission resource for configuring file, directory, registry, and certificate permissions.
  • Created Carbon_Service resource for configuring Windows services.
  • Created Carbon_Script resource for running custom PowerShell scripts, with support for passing arguments.
  • Created Copy-DscResource function for copying DSC resources (ZIP files, MSI archives, MOF files, etc.), including timestamps, checksums, and copying only changed files.
  • Created Clear-MofAuthoringMetadata function for removing authoring metadata from .mof files.
  • Created Get-DscWinEvent function for getting DSC events written to a computer’s DSC event log.
  • Created Get-DscError function for getting any DSC errors written to a computer’s DSC event log.
  • Created Write-DscError function for writing DSC ErrorLogRecord objects as errors.
  • Created Start-DscPullConfiguration function for starting a configuration check on a computer whose computer is configured to use the PULL refresh mode.
  • Created Initialize-Lcm function for configuring the DSC Local Configuration Manager on computers, including installing the private key needed for decrypting credentials.

File System

  • Disable-NtfsCompression now writes messages with Write-Verbose instead of Write-Host. Improved error handling.
  • Enable-NtfsCompression now writes messages with Write-Verbose instead of Write-Host. Improved error handling.
  • Install-Junction now returns System.IO.DirectoryInfo objects for any new target directories and any new/updated junctions.

Firewall

Hosts File

  • Set-HostsEntry’s IPAddress parameter is now a System.Net.IPAddress object. Previously it was a string validated with a regular expression.

PowerShell

  • Changed Test-PowerShellIs32Bit and Test-PowerShellIs64Bit functions to use the Environment class’s new Is64BitProcess property.
  • Removed Complete-Job function. It was total crap.
  • Created Get-PowerShellModuleInstallPath function for getting the path where new module’s should be installed. Beginning with PowerShell 4, modules should get installed into $env:ProgramFiles\Windows PowerShell\Modules. Under PowerShell 3, it is $PSHome\Modules. This function returns the correct location for the version of PowerShell you’re using.

Security

  • Grant-Permission now only grants permissions on an object if those permissions aren’t present. To preserve previous behaviour, add the -Force switch to all Grant-Permission usages.
  • Grant-Permission returns System.Security.AccessControl.FileSystemRule or System.Security.AccessControl.RegistryRule whenever it updates an item’s permissions. It no longer writes a message to the host.

Service

  • Install-Service now writes messages with Write-Verbose instead of Write-Host.
  • Install-Service now returns a System.ServiceProcess.ServiceController object when installation/configuration is successful.

Users and Groups

  • Re-wrote Install-User to use .NET’s System.DirectoryServices.AccountManagement API (introduced with .NET 3.5) instead of the net.exe command-line program.
  • Added PasswordNeverExpires switch to Install-User for creating accounts with passwords that expire. This is a breaking change: this flag used to set this flag by default.
  • Added UserCannotChangePassword switch to Install-User to prevent user from changing his password.
  • Added Get-User function for getting a local user or all local users.
  • Added Get-Group function for getting a local group or all local groups.
  • Renamed Install-Group’s Members parameter to Member (with backwards-compatible alias).
  • Install-Group re-written to use .NET’s System.DirectoryServices.AccountManagement API (introduced with .NET 3.5).
  • Install-Group now returns the group added or updated.
  • Add-MemberToGroup re-written to use .NET’s System.DirectoryServices.AccountManagement API (introduced with .NET 3.5).
  • Resolve-IdentityName now writes an error if it can’t resolve a name. Use -ErrorAction SilentlyContinue or -ErrorAction Ignore to preserve old behavior.
  • Uninstall-User re-written to use .NET’s System.DirectoryServices.AccountManagement API (introduced with .NET 3.5).
  • Test-User re-written to use .NET’s System.DirectoryServices.AccountManagement API (introduced with .NET 3.5).
  • Created Test-Group function for checking if a local group exists.
  • Resolve-IdentityName renamed to Resolve-Identity, but it has a backwards-compatible alias, so you shouldn’t have to do anything.
  • Resolve-Identity (nAce Resolve-IdentityName) now returns a Carbon.Identity object instead of the identity’s name. Update scripts to use the FullName property to get the old return value, e.g. Resolve-Identity -Name $userName -PassThru | Select-Object -Expand 'FullName'.
  • Resolve-Identity (nAce Resolve-IdentityName) now writes an error if it can’t resolve a name. Use -ErrorAction SilentlyContinue or -ErrorAction Ignore to preserve old behavior.
  • Test-Identity now returns a Carbon.Identity object if the identity exists and you use the -PassThru switch. It used to return the identity’s name. Update scripts to use the FullName property to get the old return value, e.g. Test-Identity -Name $userName -PassThru | Select-Object -Expand 'FullName'.
  • Added Remove-GroupMember function. Thanks to Philip Kluss for the contribution.

Carbon 1.8 Released

Carbon 1.8 is out and is backwards compatible with 1.0 through 1.7. It supports PowerShell 2 and 3. Highlights include:

Get the bits at BitBucket.

Enhancements

General

Certificates

  • Improving error handling when Get-Certificate fails to load a certificate from a file.
  • Install-Certificate now supports installing with an X509Certificate2 object instead of just a path to a certificate.
  • Remove-SslCertificateBinding: improved error handling.
  • Set-SslCertificateBinding: improved error handling.
  • Improved documentation for Get-Certificate.
  • Added extended script property StoreName to X509Store objects to return the store’s System.Security.Cryptography.X509Certificates.StoreName value.
  • Added a table view/format for X509Store objects. PowerShell’s default view is a list, so you’ll have to explicitly format the objects as a table, e.g. dir cert:\LocalMachine | Format-Table.
  • Get-Certificate’s Path parameter now supports wildcards and certificate provider paths, e.g. cert:\.
  • Get-Certificate now writes an error if a certificate isn’t found when getting a certificate by its path.

Computer

Cryptography

  • Protect-String can now encrypt strings as a specific user. Use the Credential parameter.
  • Created New-RsaKeyPair for creating public/private RSA key pair using makecert.exe and pkv2pfx.exe. Requires that you’ve installed a Windows SDK.
  • Protect-String can now encrypt strings using an RSA public key.
  • Unprotect-String can now decrypt strings using an RSA private key.

File System

  • Disable-NtfsCompression: improved error handling.
  • Enable-NtfsCompression: improved error handling.
  • Created Compress-Item function for compressing files/directories into a ZIP file.
  • Created Test-ZipFile function for testing if a file is a ZIP file.
  • Created Expand-Item function for decompressing a ZIP file.
  • New-TempDirectory now supports adding a prefix to the temporary directory’s name, so you can more easily track down those scripts/processes that don’t clean up after themselves.

Firewall

  • Disable-FirewallStatefulFtp: improved error handling.
  • Added Name and LiteralName parameters to Get-FirewallRule to return specific rules instead of all of them.
  • Get-FirewallRule, now returns Carbon.Firewall.Rule objects, instead of anonymous hashes.
  • Added default table format for Get-FirewallRule output.
  • Get-FirewallRule now returns additional rule information: interface type, security, source, description, program, and service. Who knew netsh advfirewall firewall rule show had a verbose switch? RTFM.

INI

MSI

Security

  • Creating Revoke-Permission function for revoking a user’s permission to a file, directory, registry key, or certificate’s private key/key container.
  • Creating ConvertTo-ContainerInheritanceFlags function for converting System.Security.AccessControl.InheritanceFlags and System.Security.AccessControl.PropagationFlag values into a Carbon.Security.ContainerInheritanceFlags value.
  • Get-Permission now supports returning the permissions on private keys/key containers.
  • Grant-Permission now supports granting permissions on private keys//key containers.
  • Test-Permission now supports testing permissions on certificate private keys/key containers.

Services

  • Created Get-ServiceConfiguration function for loading a service’s configuration: description, account name/username, failure actions, etc.
  • Added the following extended type data to System.ServiceController.Service:
    • Description
    • ErrorControl
    • FailureProgram
    • FirstFailure
    • LoadOrderGroup
    • Path
    • RebootDelay
    • RebootDelayMinutes
    • RebootMessage
    • ResetPeriod
    • ResetPeriodDays
    • RestartDelay
    • RestartDelayMinutes
    • SecondFailure
    • StartMode
    • StartType
    • TagID
    • ThirdFailure
    • UserName

Bug Fixes

General

  • Importing Carbon gives an error if PATH environment variable contains an empty path.
  • Improved the error handling in the following functions so they properly catch exceptions and write friendlier errors:

Certificates

  • Get-Certificate couldn’t open CA/CertificateAuthority store (fixes issue #130).
  • Extended script property DisplayName on X509Store objects returning wrong store name for custom stores, now returns an empty string.

File System

Path

Users and Groups

  • The Carbon.Identity.FindByName method and the Resolve-IdentityName and Test-Identity functions now handle identity names with . for the domain/machine name, e.g. .\Administrator.
  • The Carbon.Identity.FullName property returns the wrong value when domain is empty/null, e.g. Resolve-IdentityName -Name 'Everyone' returns \Everyone, when it should return Everyone.
  • The Carbon.Identity.FindByName method and the Resolve-IdentityName and Test-Identity functions unable to resolve LocalSystem account (which is actually NT AUTHORITY\SYSTEM).

Carbon 1.7 Released

Carbon 1.7 is out and is backwards compatible with 1.0 through 1.6. It supports PowerShell 2. It contains mostly bug fixes and some enhancements.

Get the bits at BitBucket.

There is now a Carbon support mailing list.

Enhancements

General

  • Import-Carbon.ps1 now supports the -WhatIf switch.
  • Import-Carbon.ps1 now hides verbose log messages when removing/importing Carbon even when supplying the -Verbose switch because I think the verbose output is too verbose and not helpful at all.
  • Import-Carbon.ps1 now supports adding a prefix when importing the Carbon module (with the Prefix parameter) to avoid name collisions and follow best practices.

Certificates

Bug Fixes

General

  • No more silent errors when importing Carbon on Windows 2012 R2.

Certificates

  • Get-Certificate no longer writes a silent error when a certificate does not exist. Instead, no error is written.

File System

Security

  • Grant-Permission fails when item is hidden.
  • Grant-Permission doesn’t handle non-existent paths, causing cascading errors.
  • Test-Permission always returns $false when testing leaf-level permissions and the ApplyTo parameter is provided, i.e. it doesn’t ignore inheritance/propagation flags on leaves.

Carbon 1.6 Released

Carbon 1.6 is out and is backwards compatible with 1.0 through 1.5.1. It supports PowerShell 2. It contains a few bug fixes and many enhancements.

Get the bits at BitBucket.

Bug Fixes

File System

  • Remove-Junction doesn’t delete a junction when given a relative path to the junction.

Services

Shares

Enhancements

Hosts File

IIS

.NET

  • Created Test-DotNet for testing if v2 or v4 of the .NET framework is installed.

Path

PowerShell

  • Updated Invoke-PowerShell to test if the appropriate .NET framework is installed if the user chooses an explicit runtime to use.

Security

  • Created Test-Permission function for checking if a user/group has a set of permissions and, optionally, a set of inheritance and propagation flags on a file, directory, or registry key.
  • Test-Permission now automatically includes the Synchronize permission when checking for exact permissions, since this permission is always on and can never be removed from a file/directory.

Services

Users and Groups

Windows Features

  • Marked Assert-WindowsFeatureFunctionsSupported as an internal function. Please don’t use. It will be removed from future versions of PowerShell.
  • Updated Test-WindowsFeature to work on Windows 8/2012.
  • Created new Carbon.Identity class for representing identities. It also contains a static FindByName method which uses The Windows LookupAccountName function to find full account names, domains, and sids.
  • Updated Test-Identity to use [Carbon.Identity]::FindByName to find identities so it no longer throws exceptions when an identity can’t be found.
  • Updated Resolve-IdentityName to use [Carbon.Identity]::FindByName to find identities so it no longer throws exceptions when an identity can’t be found.

Carbon v1.5 Released

Carbon v1.5 is out and is backwards compatible with v1.0 through v1.4. This release adds a few new features and some bug fixes to improve PowerShell 3 support.

This is definitely the last release to support PowerShell 2. There were enough bug fixes that I didn’t feel good about making people upgrade to a backwards-incompatible version to get them, so I jumped through some extra hoops to test on PowerShell 2. You’re welcome. ;-)

Get the bits at BitBucket.

Enhancements

IIS

  • Set-IisWebsiteID now attempts to start a website whose ID has changed, since IIS stops a website whenever its ID changes.

Network

  • Added Get-IPAddress function for getting the IPv4/IPv6 addresses currently in use on the local computer’s network interfaces.
  • Added Test-IPAddress function for testing if an IP address is in use on one the local computer’s network interfaces.

Path

  • Added Test-UncPath function for testing if a path is a UNC or not.

PowerShell

Shares

Bug Fixes

Certificates

  • Get-Certificate throws an exception and halts script execution when loading a certificate file with a private key and the user doesn’t have permission to write to Windows’ MachineKeys directory. It now writes an error instead.

PowerShell

  • Invoke-PowerShell doesn’t run under a v2.0 CLR when using parameters -Runtime 'v2.0'.

Carbon v1.4 Released

Carbon v1.4 is out and is backwards compatible with v1.0 through v1.3. This release adds a few new features and some bug fixes introduced in v1.3.

This will most likely be the last version of Carbon tested and supported on PowerShell 2. We’ll be moving the build server to PowerShell 3 sometime around August 15th, which means that’s the version of PowerShell the automated tests will use. We encourage everyone to upgrade to PowerShell 3 as soon as possible.

Get the bits at BitBucket.

Enhancements

File System

  • Created Install-Junction function for creating new and/or updating existing junctions. This is a more idempotent way of creating junctions, as opposed to New-Junction and Remove-Junction which report errors if a junction already exists or doesn’t exist, respectively.

IIS

  • Objects returned by Get-IisWebsite now have a dynamic PhysicalPath script property, so you don’t have to traverse down into the default application’s default virtual directory object to get it.
  • Install-IisApplication, Install-IisWebsite, and Install-IisVirtualDirectory now canonicalize physical paths, i.e. they convert any path with a relative part (e.g. ‘..’) to a full path. It turns out IIS doesn’t like paths with relative parts.
  • Created Get-IisApplication function to get Microsoft.Web.Administration.Application objects for all or specific applications under a website.
  • Install-IisApplication now uses the Microsoft.Web.Administration API instead of appcmd.exe.

PowerShell

Bug Fixes

IIS

.NET

Carbon v1.3 Released

Carbon v1.3 is out, is backwards compatible with v1.0 through v1.2. This release improves PowerShell 3 compatibility, updates Invoke-PowerShell so it can run scripts, and adds ConvertTo-Base64 and ConvertFrom-Base64 functions.

Thanks to Jason Stangroome for the feedback that contributed to the work done in this release.

Get the bits at BitBucket.

Enhancements

PowerShell

  • Invoke-PowerShell now supports running an external script.
  • Added OutputFormat argument to Invoke-PowerShell so your scripts/script blocks can return XML results instead of plain text.
  • Renamed Invoke-PowerShell’s Args parameter to ArgumentList (with backwards compatibile Args alias).
  • Renamed Invoke-PowerShell’s Command parameter to ScriptBlock (with backwards-compatible Command alias).
  • Invoke-PowerShell now runs 64-bit PowerShell from 32-bit PowerShell.
  • Get-PowerShellPath now returns path for 64-bit PowerShell when running 32-bit PowerShell.

Text

Bug Fixes

.NET

Carbon v1.2 Released

Carbon v1.2 is out, is backwards compatible with v1.0 and v1.1 and supports PowerShell 3. (Future releases of Carbon will most likely only support PowerShell 3.) This release features mostly new functionality, including new functions for managing NTFS compression and performing XDT transformations. Thanks to Mark Sargent and Philip Teilmeier for contributing enhancements.

Get the bits at BitBucket.

Enhancements

General

  • Carbon now works under PowerShell v3.0!

Certificates

.NET

File System

IIS

INI

  • Created Remove-IniEntry function for removing entries/settings from an INI file.

Performance Counters

PowerShell

  • Invoke-PowerShell now defaults to running under the current CLR, instead of defaulting to a v2.0 CLR. This makes upgrading to PowerShell v3.0 easier.
  • Invoke-PowerShell now writes an error and returns if running PowerShell v3.0 and you want to run under a v2.0 CLR. Unfortunately, PowerShell v3.0 requires .NET 4.0, so you can’t run anything on an earlier CLR.

Privileges

  • Revoke-Privilege now supports case-insensitive privilege names.
  • Updated Grant-Privilege to better handle when passing a privilege name with the wrong case.
  • Updated Grant-Privilege documentation to make it clear privilege names are case-sensitive.

XML

  • New Convert-XmlFile, for transforming an XML file with Microsoft’s XDT (XML Data Transformation) technology. Thanks to Mark Sargent for the contribution.

Bug Fixes

General

  • Deleted the obsolete variable $CarbonImported. Carbon no longer exports any of its variables.

Certificates

Performance Counters

  • Install-PerformanceCounter couldn’t be used to create counters that used/required a base counter. Thanks to Philip Teilmeier for the contribution.