> pshdo

Carbon 1.8 Released

Carbon 1.8 is out and is backwards compatible with 1.0 through 1.7. It supports PowerShell 2 and 3. Highlights include:

Get the bits at BitBucket.




  • Improving error handling when Get-Certificate fails to load a certificate from a file.
  • Install-Certificate now supports installing with an X509Certificate2 object instead of just a path to a certificate.
  • Remove-SslCertificateBinding: improved error handling.
  • Set-SslCertificateBinding: improved error handling.
  • Improved documentation for Get-Certificate.
  • Added extended script property StoreName to X509Store objects to return the store’s System.Security.Cryptography.X509Certificates.StoreName value.
  • Added a table view/format for X509Store objects. PowerShell’s default view is a list, so you’ll have to explicitly format the objects as a table, e.g. dir cert:\LocalMachine | Format-Table.
  • Get-Certificate’s Path parameter now supports wildcards and certificate provider paths, e.g. cert:\.
  • Get-Certificate now writes an error if a certificate isn’t found when getting a certificate by its path.



  • Protect-String can now encrypt strings as a specific user. Use the Credential parameter.
  • Created New-RsaKeyPair for creating public/private RSA key pair using makecert.exe and pkv2pfx.exe. Requires that you’ve installed a Windows SDK.
  • Protect-String can now encrypt strings using an RSA public key.
  • Unprotect-String can now decrypt strings using an RSA private key.

File System

  • Disable-NtfsCompression: improved error handling.
  • Enable-NtfsCompression: improved error handling.
  • Created Compress-Item function for compressing files/directories into a ZIP file.
  • Created Test-ZipFile function for testing if a file is a ZIP file.
  • Created Expand-Item function for decompressing a ZIP file.
  • New-TempDirectory now supports adding a prefix to the temporary directory’s name, so you can more easily track down those scripts/processes that don’t clean up after themselves.


  • Disable-FirewallStatefulFtp: improved error handling.
  • Added Name and LiteralName parameters to Get-FirewallRule to return specific rules instead of all of them.
  • Get-FirewallRule, now returns Carbon.Firewall.Rule objects, instead of anonymous hashes.
  • Added default table format for Get-FirewallRule output.
  • Get-FirewallRule now returns additional rule information: interface type, security, source, description, program, and service. Who knew netsh advfirewall firewall rule show had a verbose switch? RTFM.




  • Creating Revoke-Permission function for revoking a user’s permission to a file, directory, registry key, or certificate’s private key/key container.
  • Creating ConvertTo-ContainerInheritanceFlags function for converting System.Security.AccessControl.InheritanceFlags and System.Security.AccessControl.PropagationFlag values into a Carbon.Security.ContainerInheritanceFlags value.
  • Get-Permission now supports returning the permissions on private keys/key containers.
  • Grant-Permission now supports granting permissions on private keys//key containers.
  • Test-Permission now supports testing permissions on certificate private keys/key containers.


  • Created Get-ServiceConfiguration function for loading a service’s configuration: description, account name/username, failure actions, etc.
  • Added the following extended type data to System.ServiceController.Service:
    • Description
    • ErrorControl
    • FailureProgram
    • FirstFailure
    • LoadOrderGroup
    • Path
    • RebootDelay
    • RebootDelayMinutes
    • RebootMessage
    • ResetPeriod
    • ResetPeriodDays
    • RestartDelay
    • RestartDelayMinutes
    • SecondFailure
    • StartMode
    • StartType
    • TagID
    • ThirdFailure
    • UserName

Bug Fixes


  • Importing Carbon gives an error if PATH environment variable contains an empty path.
  • Improved the error handling in the following functions so they properly catch exceptions and write friendlier errors:


  • Get-Certificate couldn’t open CA/CertificateAuthority store (fixes issue #130).
  • Extended script property DisplayName on X509Store objects returning wrong store name for custom stores, now returns an empty string.

File System


Users and Groups

  • The Carbon.Identity.FindByName method and the Resolve-IdentityName and Test-Identity functions now handle identity names with . for the domain/machine name, e.g. .\Administrator.
  • The Carbon.Identity.FullName property returns the wrong value when domain is empty/null, e.g. Resolve-IdentityName -Name 'Everyone' returns \Everyone, when it should return Everyone.
  • The Carbon.Identity.FindByName method and the Resolve-IdentityName and Test-Identity functions unable to resolve LocalSystem account (which is actually NT AUTHORITY\SYSTEM).