What happened to 2.5.1, 2.5.2, and 2.5.3? Well, we switched to new build and deployment automation that had bugs in the deployment part, so we ended up publishing 2.5.1 four times. Version 2.5.4 was published consistently to all platforms.
Assert-FirewallConfigurable
fails on Windows 10.DelayedAutoStart
boolean property to objects returned by Get-ServiceConfiguration
. This flag is true
when a service is set to start automatically, delayed. False
otherwise. Added extendedInstall-Service
function and the Carbon_Service
DSC resource can now set a service’s startup type to Automatic (Delayed)
. Pass Automatic
to the StartupType
parameter and use the new Delayed
switch. The Delayed
switch is ignored unless StartupType
is Automatic
. Fixes issue #216.Uninstall-Certificate
function can now delete a certificate by just its thumbprint. The certificate will be uninstalled from all stores. You can pipe the thumbprint or a certificate object to Uninstall-Certificate
.EnsureRunning
switch to Install-Service
function to ensure that any service is started after configuring. (By default, Install-Service
leaves a service stopped if it was stopped when Install-Service
begins.)IsSymbolicLink
extended type property to directory and file objects (i.e. System.IO.DirectoryInfo
and System.IO.FileInfo
objects).TargetPath
extended type property to file (i.e. System.IO.FileInfo
) objects. If a file is a symbolic link, this property will return the file the link points to.TargetPath
extended type property on directory (i.e. `System.IO.DirectoryInfo) objects now returns target paths when a directory is a symbolic link.Initiazlie-Lcm
can’t be used on Windows Server 2016 and later to put the DSC local configuration manager into pull mode. Initialize-Lcm
now writes an error when you try.Install-Service
and the Carbon_Service
DSC resource write errors when a service is running and its startup type is changed to Disabled
.Carbon_ScheduledTask
DSC resource writes incorrect information to verbose log when the current and desired credential for the scheduled task are different.Carbon_ScheduledTask
DSC resource doesn’t correctly detect when a task’s identity has changed (it wasn’t converting usernames to their canonical representation before comparing the existing identity with the desired identity).Initialize-Lcm
function can’t be exported. Thanks to Anders Andersson for contribuging the fix.Install-Service
and Carbon_Service
DSC resource fail to change the identity a service runs as if switching from a custom account to the default NetworkService
account.Get-PowerShellModuleInstallPath
returns nothing when run under 32-bit (x86) PowerShell on 64-bit Windows.Fixed: Get-PowerShellModuleInstallPath
returns nothing when run under 32-bit (x86) PowerShell on 64-bit Windows.Copy-GitRepository
intermittently fails when using SSH.Copy-GitRepository
takes an order of magnitude longer than normal Git because it updates the clone’s progress too frequently. It now only updates progress every 1/10th of a second, which has minimal impact on clone speed.Carbon_Permission
fails when revoking permissions and the Permissions
property doesn'’t have a value.Protect-String
doesn’t convert secure strings properly so they get encrypted with extra bytes in them.Compress-Item
‘ writes an error when using the WhatIf
switch.Install-IisWebsite
help examples contain invalid/broken code (thanks to John Mitchell for reporting).Install-Service
fails when password contains double quote character, i.e. "
(fixes issue #219).Read-File
and Write-File
fail to retry writing to a locked file when $Global:Error
is full. Fixes issue #217.Get-FirewallRule
sets the EdgeTraversalPolicy
to DeferUser
on rules whose policy is “defer to application”.Get-FirewallRule
fails on non-english-speaking computers. (It was parsing the output of netsh advfirewall
. Now it uses the Windows Firewall with Advanced Security API.) [Fixes issue #208.Get-FirewallRule
incorrectly parsed interface types. It assumed interface type was one of multiple values. In reality, it can be set to one or more different values. The underlying enumeration and its values have been updated to be a set of flags (i.e. a bit field).Carbon_FirewallRule
fails when Profile property has more than one value.Get-ScheduledTask
doesn’t handle when a scheduled task doesn’t exist on Windows 2008.Protect-String
can now encrypt a SecureString
. The String
parameter’s type was changed to [object]
. When you pass in a SecureString
, it is converted to an array of bytes, encrypted, and the array of bytes are cleared from memory.Protect-Acl
to Disable-AclInheritance
to make it clearer what the function does. Created a Protect-Acl
alias in place to preserve backwards-compatability.Disable-AclInheritance
only disables inheritance if it is currently enabled.Enable-AclInheritance
to re-enable access rule inheritance on file system and registry ACLs. This function is paired with Disable-AclInheritance
.Get-ProgramInstallInfo
fails when a program’s Version
registry key value can’t be converted into a Version
object.Test-Service
failed to detect if a device driver service is installed.Install-Service
fails if a service depends on a device driver. (Note: in our testing, we can’t get a device driver set as a dependency. If you know what the secret sauce is to get this to work with sc.exe (or another means), please let us know.)Disable-AclInheritance
(ne Protect-Acl
) fails when piped a registry key.Get-PathProvider
fails when passed a fully-qualified registry key PowerShell path, e.g. Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software
.Protect-String
can now encrypt with a key, password, or passphrase (i.e. it can now encrypt with symmetric encryption).Unprotect-String
can now decrypt with a key, password, or passphrase (i.e. it can now decrypt using symmetric encryption).Set-HostsEntry
now supports IPv6 addresses (fixes issue).Grant-Permission
now supports creating Deny
access rules. Use the new Type
parameter. Fixes issue #152.Set-EnvironmentVariable
:
-Force
switch to make all variable modifications immediately visible in the current PowerShell process’s env:
drive. Restarts are no longer required.Credential
parameter to specify the user’s credentials. Fixes issue #151.Remove-EnvironmentVariable
:
-Force
switch to make all variable removals immediately visible in the current PowerShell process’s env:
drive. Restarts are no longer required.Credential
parameter to specify the user’s credentials.Invoke-PowerShell
:
Command
parameter.Command
parameter and use the -Encode
switch.Credential
parameter to pass the user’s credentials along with the FilePath
and Command
parameters to run scripts and commands, respectively.Set-RegistryKeyValue
fails when -String
parameter’s value is $null
or empty (fixes issue #211).Install-ScheduledTask
function’s HighestAvailableRunLevel
is lying (fixes issue #205).Carbon_FirewallRule
fails when Profile
property set to multiple values (fixes issue #209).Install-IisAppPool
can’t set .NET framework version to No Managed Code
(fixes issue #210).Get-SslCertificateBinding
fails if the operating system’s culture is not en-US
(fixes issue #171).Install-ScheduledTask
fails when creating a task that runs during a specific week of the month on Sundays. (You’re going to love this: the underlying int value for [DayOfWeek]::Sunday
is 0
, so when testing if a DayOfWeek
typed variable set to Sunday
has a value, it returns $false
. This made Install-ScheduledTask
add the /D
parameter without a value.LiteralPath
parameter to Test-PathIsJunction
for testing paths that contain wildcard characters (e.g. [
, ]
, etc.).Remove-Junction
now supports removing multiple junctions with wildcards.LiteralPath
parameter to Remove-Junction
for deleting junctions whose paths contain wildcard characters (e.g. [
, ]
, etc.).LiteralPath
parameter to Uninstall-Junction
for deleting junctions whose paths contain wildcard characters (e.g. [
, ]
, etc.).Remove-DotNetAppSetting
function for removing app settings from .NET framework machine.config files.Read-File
function for reading text files and retrying if the read fails. Good for reading files that get intermittently locked, like the Windows hosts file.Write-File
function for writing text files and retrying if the write fails. Good for writing files that get intermittently locked, like the Windows hosts file.Get-WindowsFeature
Install-Msmq
Install-WindowsFeature
Resolve-WindowsFeatureName
Uninstall-WindowsFeature
Add-GroupMember
, over PowerShell remoting, fails to add a member to groups that have non-local users/groups (fixes issue #187: Add-GroupMember fails when using PowerShell Remoting)Remove-GroupMember
, over PowerShell remoting, fails to remove a member from groups that have non-local users/groups.Test-PathIsJunction
returns multiple results if the Path
parameter contains wildcards and matches multiple items.Install-Junction
can’t install a junction whose path contains wildcard characters (fixes issue #190).New-Junction
writes wrong error when creating an existing junction whose path contains wildcard characters.Install-Service
doesn’t update/change an existing service’s account when using the Credential
parameter (fixes issue #185).Uninstall-FileShare
fails if a share’s physical path doesn’t exist.Get-FileSharePermission
writes an error if a share’s security information is corrupted (fixes issue #188). I was unable to reproduce the error, and the error was reported anonyously, so I did my best.Get-PowerShellModuleInstallPath
returns multiple paths if the standard PowerShell module path is listed twice in the PSModulePath
environment variable.PSModulePath
environment (fixes issue #192).Get-PowerShellModuleInstallPath
doesn’t return the module install path if it doesn’t exist. Sometimes it doesn’t yet.Carbon_ScheduledTask
and Carbon_IniFile
DSC resources' Get-TargetResource
functions don’t return correct resource properties and causes Get-DscConfiguration
to fail (fixes issue #193).Carbon_FirewallRule
DSC resource always re-installs a firewall rule if Profile
property contains multiple values (i.e. it doesn’t properly parse netsh output).about_Carbon_Installation
help topic had a typo.Set-HostsEntry
fails to stop when the hosts file is in use and can’t be read.RequiredAssemblies
module manifest data used an absolute path generated with Join-Path
and $PSScriptRoot
, which aren’t allowed in module manifests.Carbon_Privilege
DSC resource fails to remove all a user’s privileges (issue #178).Remove-IniEntry
fails to remove last INI entry in a file (issue #179).Get-HttpUrlAcl
: uses Windows API to return HTTP URL ACLs; replaces the netsh http show urlacl
command.Grant-HttpUrlPermission
: uses Windows API to grant listen/delegate permissions on HTTP URLs; replaces the netsh http add urlacl
command.Revoke-HttpUrlPermission
: uses Windows API to revoke all a user or group’s permissions on HTTP URLs; replaces the netsh http delete urlacl
command.Install-Directory
: creates a directory (and any missing parents), if it doesn’t exist already. Finally!Uninstall-Directory
: removes a directory, if it exists. Finally!Uninstall-Group
: uses the DirectoryServices.AccountManagement
.NET API to remove a group, if it exists.Test-GroupMember
: uses the DirectoryServices.AccountManagemetn
.NET API to test if a principal is a member of a group.Carbon_Group
: resource for configuring local groups.Install-FileShare
always re-configures existing shares; it doesn’t properly detect permissions that need to be removed.Set-IniEntry
fails to preserve unicode characters with diacritics in INI entry names and values.Remove-IniEntry
fails to preserve unicode characters with diacritics in INI entry names and values.Set-HostsEntry
leaves trailing tabs and whitespace after all but the last line.Get-PowerShellModuleInstallPath
returns wrong path for PowerShell 4.Protect-String
fails when Carbon is installed in a module path that contains spaces (fixes issue #174).New-RsaKeyPair
generates a key pair that isn’t supported for encrypting/decrypting DSC credentials or supported by the CMS message cmdlets.Get-ScheduledTask
returns invalid task commands when those commands contain quotes (works around an issue where schtasks.exe
CSV output can’t be parsed correctly by ConvertFrom-Csv
).Add-GroupMember
and Remove-GroupMember
fail when adding Everyone
or NT Service\*
accounts to a group (fixes issue #177).Get-SheduledTask
writes an error if a scheduled task’s XML definition is for an executable and doesn’t contain an arguments element.DontShow
parameter property).Test-AdminPrivilege
: changed its verbose message to a debug message.Set-HostsEntry
:
Install-Certificate
can now install a certificate on a remote computer.Initialize-Lcm
now uses Install-Certificate
to install the decryption certificate on the remote computer.Uninstall-Certificate
can now uninstall a certificate on a remote computer.SecureString
instead.
Install-Certificate
Initialize-Lcm
New-RsaKeyPair
:
certreq.exe
instead of makecert.exe
and pvk2pfx.exe
.-Password
parameter used to protect the private key (it used to prompt you).-ValidFrom
and -Authority
parameters obsolete.Install-Group
and Add-MemberToGroup
when they create/modify their objects.Install-Group
only saves changes to a group if changes were made.blade.ps1
no longer returns a Blade.RunResult
object.Carbon version 2.0 is a huge release, with lots of new enhancements and bug fixes. We hope you like them. Carbon 2.0 now requires PowerShell 4, so it is not backwards-compatabile with Carbon 1.x. Because of this, we made some additional backwards-incompatible changes. See the Upgrade Instructions
section for things to look out for.
If you’re upgrading from a previous 2.0 alpha release, you’ll want to review the changes since your alpha version (found after the Upgrade Instructions section). We improved backwards-compatability with Carbon 1.x since the last alpha release, but that broke compatability with the alphas.
Make sure you’re running PowerShell 4.
Install-Certificate
’s parameters have changed:
Exportable
switch from any usages of Install-Certificate
when installing from an X509Certificate2
object, since that switch only gets used when installing a certificate from a file.Some functions now return different objects and/or the objects returned have changed:
Sid
property on objects returned by Test-Identity
when using the PassThru
switch: it now returns a Carbon.Identity
object if the identity exists and you use the -PassThru
switch, e.g. Test-Identity -Name $userName -PassThru | Select-Object -Expand 'Sid'
.Carbon.Computer.ProgramInstallInfo
’s Version
property (returned by Get-ProgramInstallInfo
). It was an int
and is now a Version object.The Carbon assembly was re-organized. If you were reaching into Carbon.dll
(NOT RECOMMENDED), you’ll want to:
[Carbon.AdvApi32]
class to [Carbon.Service.ServiceSecurity]
.[Carbon.Lsa]
class to [Carbon.Security.Privilege]
.[Carbon.Win32]
class to [Carbon.FileSystem.Path]
.[Carbon.HandleInfo]
class to [Carbon.Win32.HandleInfo]
.[Carbon.Lsa]::LookupPrivilegeValue
class method. It was incorrectly exposed as a public method.[Carbon.Kernel32]::LocalFree
class method. It was incorrectly exposed as a public method.The following commands no longer return the stdout output from the console applications each one calls. To see the old output, use the -Verbose
switch. Remove any usage of the output you were processing.
Disable-FirewallStatefulFtp
Enable-FirewallStatefulFtp
Install-Service
Install-SmbShare
Remove-SslCertificateBinding
Set-SslCertificateBinding
Uninstall-Service
The following functions' internal behavior has changed. This may or may not impact you.
Grant-Permission
now only grants permissions on an object if those permissions aren’t present. To preserve previous behavior, add the -Force
switch to all Grant-Permission
usages.Grant-Permission
now writes an error if you don’t have access to a private key. Previously, it would skip the key without any messages.Install-Msi
(fka Invoke-WindowsInstaller
) now only installs the MSI if it isn’t already installed. To preserve the previous behavior and always install, add the -Force
switch to all Invoke-WindowsInstaller
`Install-Msi` usages.Microsoft.Web.Administration
API instead of appcmd.exe
.Install-IisWebsite
no longer deletes and re-creates websites. If a website exists, it updates its configuration to match parameters passed in. To preserve previous behavior and delete the website before installing, use the -Force
switch.Install-IisVirtualDirectory
no longer deletes and re-creates virtual directories. If a virtual directory exists, its configuration is updated in place. To preserve previous behavior and delete the virtual directory before installing, use the Force
switch.Install-FileShare
(fka Install-SmbShare
) no longer deletes and re-creates the share, instead it modifies existing shares in place. To preserve previous behavior and delete existing shares before re-creating, use the Force
switch.Set-RegistryKeyValue
only sets the value if the value doesn’t exist or the current value is different than the desired value.We’ve added parameter validation to some functions. This shouldn’t impact anybody, since if you were passing data that breaks this new validation, the function wouldn’t have worked even in previous versions of Carbon.
Set-SslCertificateBinding
are valid (40 character hex strings), since it now validates thumbprints.Set-HostsEntry
are valid IP v4 or v6 addresses. Set-HostsEntry
’s IPAddress parameter is now a System.Net.IPAddress
object. Previously it was a string validated with a regular expression, so you should be OK.All Carbon functions now respect each caller’s common parameters (e.g. -Verbose
, -ErrorAction
, etc.). This means if you pass a common parameter to a script that calls a Carbon function, that Carbon function will use that common parameter. This may or may not impact you.
System.ServiceProcess.ServiceController
extended type data causes errors when PowerShell formats System.ServiceProcess.ServiceController
objects that represent services on remote computers.Compress-Item
doesn’t remove handled errors from global error array.Grant-Permission
fails with an unhelpful error message if it is unable to get the ACL on a private key.Install-Msi
didn’t properly detect when installation failed.Install-ScheduledTask
fails under PowerShell 5 to create a scheduled task to run on Sunday.Install-Service
:
Start-Service
would write an error even if somone called Install-Service
with an Ignore
or SilentlyContinue
error action preference.Set-EnvironmentVariable
fails to set process-level environment variable.Set-HostsEntry
fails to preserve whitespace if existing lines end with a comment/description. Thanks to Konstantin Ushenin for the fix.Import-Carbon.ps1
is more intelligent about when it tries to re-load Carbon. It will force a re-import of Carbon if any of Carbon’s files have changed or the version has changed.FileIndex
, LinkCount
, and VolumeSerialNumber
extended type data on System.IO.FileInfo
objects for getting a file’s index, its hard link count, and volume serial number, respectively.Get-Item Carbon.dll | Select-Object -ExpandProperty 'VersionInfo' | Select-Object -ExpandProperty 'ProductVersion'
.Microsoft.Web.Administration
API instead of appcmd.exe
. As a side effect, they no longer return appcmd.exe
console output.Write-Host
. Instead, they use Write-Verbose
:
Disable-NtfsCompression
Enable-NtfsCompression
Grant-ComPermission
Grant-Permission
Install-Service
Remove-SslCertificateBinding
Revoke-ComPermission
System.DirectoryServices.AccountManagement.UserPrincipal
, System.DirectoryServices.AccountManagement.GroupPrincipal
, Microsoft.Web.Administration.ApplicationPool
, Microsoft.Web.Administration.Site
, and Microsoft.Web.Administration.Application
objects.Clear-DscLocalResourceCache
clears the local LCM’s DSC resource. This makes developing resources easier.Clear-MofAuthoringMetadata
removes authoring metadata from .mof files.Copy-DscResource
copies DSC resources (ZIP files, MSI archives, MOF files, etc.), including timestamps, checksums, and copying only changed files.ConvertTo-SecurityIdentifer
converts a binary, string, or System.Security.Principal.SecurityIdentifier
object into a System.Security.Principal.SecurityIdentifier
object.Get-DscError
gets any DSC errors that were written to a computer’s DSC event log.Get-DscWinEvent
gets DSC events that were written to a computer’s DSC event log.Get-FileSharePermission
gets the sharing permissions on a file/SMB share (not the NTFS file system permissions).Get-FileShare
uses WMI to get Win32_Share
objects for the file shares installed on the local computer.Get-Group
gets a local group or all local groups.Get-Msi
reads installer information and properties from an MSI file.Get-PowerShellModuleInstallPath
gets the path where new module’s should be installed. Beginning with PowerShell 4, modules should get installed into $env:ProgramFiles\Windows PowerShell\Modules
. Under PowerShell 3, it is $PSHome\Modules
. This function returns the correct location for the version of PowerShell you’re using.Get-User
gets a local user or all local users.Initialize-Lcm
configures the DSC Local Configuration Manager on computers, including installing the private key needed for decrypting credentials.Remove-GroupMember
removes a user/group from a local group. Thanks to Philip Kluss for the contribution.Resolve-Identity
converts a system, local, or domain principal name or a SID (as a SecurityIdentifer
, string SDDL, or byte array) into its canonical representation and includes extended identity information: domain, type, and SID.Start-DscPullConfiguration
starts a configuration check on a computer that is configured to use the PULL refresh mode.Test-DscTargetResource
compares target resource with desired resource. Helpful when writing Test-TargetResource
functions.Test-Group
checks if a local group exists.Test-FileShare
uses WMI to check if a file/SMB share exists on the local computer.Test-TypeDataMember
tests if a type has an extended type member defined.Uninstall-FileShare
uninstalls/removes a file share, if it exists.Write-DscError
writes DSC ErrorLogRecord
objects as errors.Carbon_EnvironmentVariable
creates/removes machine-level environment variables.Carbon_FirewallRule
configures firewall rules.Carbon_IniFile
manages the contents of INI files.Carbon_Permission
configures file, directory, registry, and certificate permissions.Carbon_Privilege
configures an identity’s privileges.Carbon_ScheduledTask
configures scheduled tasks with schtasks.exe
.Carbon_Service
configures Windows services.PassThru
SwitchesAdded a PassThru
switch to the following functions, which will return objects of the given type:
Grant-ComPermission
: Carbon.Security.ComAccessRule
, representing the granted permission.Grant-Permission
: System.Security.AccessControl.AccessRule
, representing the granted permission.Install-Group
: System.DirectoryServices.AccountManagement.GroupPrincipal
, representing the group.Install-IisApplication
: Microsoft.Web.Administration.Application
, representing the application.Install-IisWebsite
: Microsoft.Web.Administration.Site
, representing the website.Install-Junction
: System.IO.DirectoryInfo
, representing new target directories and any new/updated junctions.Install-Service
: System.ServiceProcess.ServiceController
, representing the service.Install-User
: System.DirectoryServices.AccountManagement.UserPrincipal
, representing the user.Set-SslCertificateBinding
: Carbon.Certificates.SslCertificateBinding
, representing the configured binding.The following functions no longer return the console output of the program each one runs. Instead, the output is written to the verbose stream (i.e. use the -Verbose
switch to see it).
Disable-FirewallStatefulFtp
Enable-FirewallStatefulFtp
Install-Service
Remove-SslCertificateBinding
Set-SslCertificateBinding
Uninstall-Service
The following functions are now obsolete. Please don’t use them and stop using them if you are. They will be removed from a future major version of Carbon. You’ll get warnings if you use them.
Complete-Job
: It’s total crap. Use PowerShell’s Wait-Job
cmdlet instead.Invoke-AppCmd
: Switch to Carbon’s IIS functions, or use Get-IisConfigurationSection
to get ConfigurationElement
objects from the Microsoft.Web.Administration
API that you can modify.Resolve-NetPath
: Switch to something else. Carbon doesn’t use net.exe
anymore.The following functions now have obsolete parameters, which will be removed from a future major version of Carbon. You’ll get warnings if you use them.
Install-IisAppPool's
UserName
and Password
parameters. Use the new Credential
parameter instead.Install-Msi's
Quiet
switch. Install-Msi
always installs in quiet mode. Please remove usages.Install-Service's
Password
parameter. Use the new Credential
parameter instead.Install-User's
UserName
and Password
parameters. Use the new Credential
parameter instead.Set-RegistryKeyValue
’s Quiet
parameter. Please remove usages.The following functions were renamed, but with backwards-compatible aliases in place, so you shouldn’t have to change any code.
Invoke-WindowsInstaller
-> Install-Msi
Install-SmbShare
-> Install-FileShare
The following functions were re-written to use the System.DirectoryServices.AccountManagement
API, introduced in .NET 3.5.
Add-MemberToGroup
Install-Group
Install-User
Test-User
Uninstall-User
Get-IisAppPool
Microsoft.Web.Administration.ApplicationPool
objects.Get-ProgramInstallInfo
Version
property changed from an int
to a Version object.ProductCode
and User
properties. If a program doesn’t have a product code, it is set to [Guid]::Empty
. The User
property is only set for per-user software installs.Get-ServiceConfiguration
now supports services from remote computers.Grant-Permission
now only grants permissions on an object if those permissions aren’t present. To preserve previous behavior, add the -Force
switch to all Grant-Permission
usages.Install-Certificate's
Exportable
switch is now only allowed when installing a certificate from a file. Previously, you could supply the switch when installing from an X509Certificate2 object but it was ignored.Install-Group's
Members
parameter renamed to Member
(with backwards-compatible alias).Credential
parameter to Install-IisAppPool
for increased security and to follow PowerShell guidelines.Install-IisVirtualDirectory
no longer deletes and re-creates existing virtual directories, but modifies existing virtual directories in place.Install-IisWebsite
SiteID
parameter tfor setting a website’s IIS ID.Install-Msi
Path
parameter now supports wildcards.-Force
switch to all Invoke-WindowsInstaller
`Install-Msi` usages.Install-Service
ArgumentList
parameter.net helpmsg
to get helpful error messages based on sc.exe exit codes.Credential
parameter for increased security and to follow PowerShell guidelines.Description
parameter for setting a service’s description.DisplayName
parameter for setting a service’s display name.Install-FileShare
(fka Install-SmbShare
):
net.exe
, so it no longer returns any console output.Install-User
PasswordExpires
switch for creating accounts with passwords that expire.UserCannotChangePassword
to prevent user from changing his password.Remove-SslCertificateBinding
has better error handling.SID
parameter to Resolve-IdentityName
to resolve a SID into its identity name.Set-HostsEntry's
IPAddress
parameter is now a System.Net.IPAddress
object. It used to be a string validated with a regular expression.Set-RegistryKeyValue
:
UDWord
and UQWord
parameters for setting registry key values to unsigned integers (i.e. integer values greater than [int]::MaxValue
and [long]::MaxValue
). Fixes issue #165: Set-RegistryKeyValue rejects unsigned integers larger than [int]::MaxValue.Quiet
switch.Force
parameter to preserve previous behavior.Test-Identity
now returns a Carbon.Identity
object if the identity exists and you use the -PassThru
switch. It used to return the identity’s SID. Update scripts to use the FullName
property to get the old return value, e.g. Test-Identity -Name $userName -PassThru | Select-Object -Expand 'FullName'
.Test-OSIs32Bit
now uses the Environment class’s new Is64BitOperatingSystem property.Test-OSIs64Bit
now uses the Environment class’s new Is64BitOperatingSystem property.Test-PowerShellIs32Bit
now uses the Environment
class’s new Is64BitProcess property.Test-PowerShellIs64Bit
now uses the Environment
class’s new Is64BitProcess property.Uninstall-ScheduledTask
now retries when un-installing a task fails with “The function attempted to use a name that is reserved for use by another transaction.” error.Unprotect-String
AsSecureString
switch, which will return a secure string instead of a normal string.Password
parameter now accepts SecureString
values.Initialize-Lcm
RefreshIntervalMinutes
default value changed to from 15 to 30; RefreshIntervalMinutes
minimum value is now 30; ConfigurationFrequency
’s minimum value is now 1 (from 2).alpha.26
Carbon_Script
resource. It only existed so I could pass values to my script blocks. Turns out, the built-in Script
resource supports this with the $using:
scope. Remember, your most important features is documentation!Carbon_ScheduledTask
DSC resource for managing scheduled tasks.Version
property on the objects returned by Get-ProgramInstallInfo
is now a proper .NET Version
object instead of an integer.Carbon_Permission
DSC resource fails when assigning multiple permissionsalpha.31
Set-HostsEntry
fails to preserve whitespace if existing lines end with a comment/description. Thanks to Konstantin Ushenin for the fix.System.ServiceProcess.ServiceController
extended type data causes errors when PowerShell formats System.ServiceProcess.ServiceController
objects that represent services on remote computers.Install-Msi
didn’t properly detect when installation failed.Set-EnvironmentVariable
fails to set process-level environment variable.Compress-Item
doesn’t remove handled errors from global error array.Grant-Permission
fails with an unhelpful error message if it is unable to get the ACL on a private key.Import-Carbon.ps1
is more intelligent about when it tries to re-load Carbon. It will force a re-import of Carbon if any of Carbon’s files have changed or the version has changed.Uninstall-Junction
for uninstalling a junction in an idempotent way (i.e. without errors). Thanks to Konstantin Ushenin for the contribution.Remove-Junction
.Install-Service
:
ServiceController
objects by default. This should improve backwards-compatability. Added a PassThru
switch you can use to get a ServiceController
object returned to you.net helpmsg
to get helpful error messages based on sc.exe exit codes.Credential
parameter for increased security and to follow PowerShell guidelines.Start-Service
would write an error even if somone called Install-Service
with an Ignore
or SilentlyContinue
error action preference.Test-TypeDataMember
for testing if a type has an extended type member defined.Install-IisAppPool
no longer returns appcmd.exe output.PassThru
parameter to Install-IisAppPool
to control when a Microsoft.Web.Administration.ApplicationPool
for the installed app pool is returned.Get-ServiceConfiguration
and Carbon’s extended type data for System.ServiceProcess.ServiceController
objects now supports services from remote computers.Uninstall-ScheduledTask
now retries when un-installing a task fails with “The function attempted to use a name that is reserved for use by another transaction.” error.FileIndex
, LinkCount
, and VolumeSerialNumber
extended type data on System.IO.FileInfo
objects for getting a file’s index, its hard link count, and volume serial number, respectively.Grant-Permission
now only returns an access rule object when the new PassThru
switch is used. In previous 2.0 alpha releases, it only returned something when permissions on an object were added or changed.Install-User
only returns a user object when the new PassThru
switch is used. In previous 2.0 alpha releases, it only returned an object if a user was created or updated.Grant-ComPermissions
only returns an access rule object when the new PassThru
switch is used. In previous 2.0 alpha releases, it only returned an object if permissions were changed.Install-IisApplication
only returns an IIS application object when the new PassThru
switch is used. In previous 2.0 alpha releases, it only returned an object if the application was created or modified.Get-Msi
function for reading MSI information and properties from an MSI file.Carbon.Computer.ProgramInstallInfo
objects (returned from Get-ProgramInstallInfo
) now have ProductCode
and User
properties. If a program doesn’t have a product code, it is set to [Guid]::Empty
. The User
property is only set for per-user software installs.Invoke-WindowsInstaller
renamed Install-Msi
, with a backwards-compatibility-preserving alias.Install-Msi
now supports wildcards for MSI path to install.Install-Msi
now only installs an MSI if it isn’t already installed. To preserve the previous behavior and always install, add the -Force
switch to all Invoke-WindowsInstaller
`Install-Msi` usages.SiteID
parameter to Install-IisWebsite
for setting a website’s IIS ID.Resolve-IdentityName
function back. It was removed from previous alpha releases.Install-IisWebsite
no longer deletes and re-creates websites. This may or may not be a breaking change in your environment.Install-SmbShare
no longer returns net.exe output, instead writing it to the verbose stream. To see previous output, use the -Verbose
switch.-PasswordNeverExpires
switch to PasswordExpires
on Install-User
for improved backwards-compatability.Set-SslCertificateBinding
no longer returns binding objects by default. Use new PassThru
switch to get the old behavior.Get-Item Carbon.dll | Select-Object -ExpandProperty 'VersionInfo' | Select-Object -ExpandProperty 'ProductVersion'
AsSecureString
switch to Unprotect-String
which causes Unprotect-String
to return a secure string instead of a normal string.Unprotect-String
now accepts a SecureString
as the value for the Password
parameter, which is the password for the private key used to decrypt from password-protected RSA certificate file.Credential
parameter to Install-IisAppPool
for increased security and to follow PowerShell guidelines.Credential
parameter to Install-User
for increased security and to follow PowerShell guidelines.Install-IisVirtualDirectory
now modifies existing virtual directories in place, instead of deleting and re-creating.Invoke-AppCmd
is now obsolete and will be removed from a future version of Carbon. Switch to Carbon’s IIS functions, or use Get-IisConfigurationSection
to get ConfigurationElement
objects from the Microsoft.Web.Administration
API that you can modify.Description
and DisplayName
properties to Carbon_Service
for setting a service’s description and display name.Grant-Permission
now writes an error if you don’t have access to a private key. Previously, it would skip the key without any messages.Resolve-Identity
now converts SIDs to a Carbon.Identity
object. The SID may be a string (SID in SDDL form), byte array, or a SecurityIdentifier
object.Get-FileSharePermission
gets the sharing permissions on a file/SMB share (not the NTFS file system permissions).Get-FileShare
function. It uses WMI to get Win32_Share
objects for the file shares installed on the local computer.Install-SmbShare
to Install-FileShare
, with a backwards-compatible alias in place.SID
parameter to Resolve-IdentityName
to resolve a SID into its identity name.ConvertTo-SecurityIdentifer
function to convert a binary, string, or System.Security.Principal.SecurityIdentifier
object into a System.Security.Principal.SecurityIdentifier
object.Install-FileShare
(fka Install-SmbShare
):
net.exe
.Carbon_FirewallRule
now fails with an error if it finds multiple firewall rules with the same name.Set-RegistryKeyValue
:
UDWord
and UQWord
parameters for setting registry key values to unsigned integers (i.e. integer values greater than [int]::MaxValue
and [long]::MaxValue
). Fixes issue #165: Set-RegistryKeyValue rejects unsigned integers larger than [int]::MaxValue.Quiet
switch.Force
parameter to preserve previous behavior.Uninstall-Service
no longer returns sc.exe stdout.This is the last minor release for version 1.0. Future 1.0-compatible releases will only contain bug fixes, no new features. It takes too much time to maintain two versions, and I’d rather spend my time getting 2.0 out the door. Carbon 2.0 will require PowerShell 4.0, so start planning.
KeyStorageFlags
parameter to Get-Certificate when loading a certificate from a file for better control when storing the certificate.schtasks.exe
.schtasks.exe
.schtasks.exe
.schtasks.exe
.Import-Carbon
fails when -WhatIf
switch is used.PATH
environment variable contains a path to a non-existent drive (issue #134).hkcr:
drive.Our first public alpha release of Carbon 2.0 is out (version 2.0-alpha.26). The focus of version 2.0 is on making necessary, backwards-incompatible changes and adding DSC resources and functions. We still have some backwards-incompatible changes to make. before we get to the final version of 2.0.
The highlight of this release are seven new DSC resources:
and these DSC-related functions:
Enjoy!
This is a backwards-incompatible release.
Complete-Job
. We removed it because it was total crap. Use PowerShell’s Wait-Job
cmdlet instead.-Force
switch to all Grant-Permission
usages.Out-Null
, assign their return values to $null
, or do nothing.
-Verbose
switch. Remove any usage of the output you were processing.
Carbon.Certificates.SslCertificateBinding
objects instead of netsh output. Update any code that uses the old Set-SslCertificateBinding
output.-PasswordNeverExpires
switch to usages of Install-User: it no longer sets the PasswordNeverExpires
flag for a user by default.FullName
property on objects returned by Resolve-Identity (nAce Resolve-IdentityName
): it now returns a Carbon.Identity
object instead of the identity’s name, e.g. Resolve-Identity -Name $userName | Select-Object -Expand 'FullName'
.-ErrorAction SilentlyContinue
or -ErrorAction Ignore
to usages of Resolve-Identity (nAce Resolve-IdentityName
): it now writes an error if it can’t resolve a name.Sid
property on objects returned by Test-Identity when using the PassThru
switch: it now returns a Carbon.Identity
object if the identity exists and you use the -PassThru
switch, e.g. Test-Identity -Name $userName -PassThru | Select-Object -Expand 'Sid'
.System.Net.IPAddress
object. Previously it was a string validated with a regular expression, so you should be OK.Exportable
switch from any usages of Install-Certificate when installing from an X509Certificate2
object, since that switch only gets used when installing a certificate from a file.[Carbon.AdvApi32]
class to [Carbon.Service.ServiceSecurity]
.[Carbon.Lsa]
class to [Carbon.Security.Privilege]
.[Carbon.Win32]
class to [Carbon.FileSystem.Path]
.[Carbon.HandleInfo]
class to [Carbon.Win32.HandleInfo]
.[Carbon.Lsa]::LookupPrivilegeValue
class method. It was incorrectly exposed as a public method.[Carbon.Kernel32]::LocalFree
class method. It was incorrectly exposed as a public method.Write-Verbose
instead of Write-Host
. Improved error handling.Carbon.Certificates.SslCertificateBinding
object for the binding instead of netsh
output. Improved error handling. Writes messages with Write-Verbose
instead of Write-Host
. Thumbprints are now validated.Exportable
switch is now only allowed by Install-Certificate when installing a certificate from a file. Previously, you could supply the switch when installing from an X509Certificate2 object but it was ignored.Carbon.Security.ComAccessRule
. Also, it now writes messages with Write-Verbose
instead of Write-Host
.Write-Verbose
instead of Write-Host
.ErrorLogRecord
objects as errors.Write-Verbose
instead of Write-Host
. Improved error handling.Write-Verbose
instead of Write-Host
. Improved error handling.System.IO.DirectoryInfo
objects for any new target directories and any new/updated junctions.netsh
output. Use the -Verbose
switch to see the output.netsh
output. Use the -Verbose
switch to see the output.System.Net.IPAddress
object. Previously it was a string validated with a regular expression.Complete-Job
function. It was total crap.$env:ProgramFiles\Windows PowerShell\Modules
. Under PowerShell 3, it is $PSHome\Modules
. This function returns the correct location for the version of PowerShell you’re using.-Force
switch to all Grant-Permission
usages.System.Security.AccessControl.FileSystemRule
or System.Security.AccessControl.RegistryRule
whenever it updates an item’s permissions. It no longer writes a message to the host.Write-Verbose
instead of Write-Host
.System.ServiceProcess.ServiceController
object when installation/configuration is successful.net.exe
command-line program.PasswordNeverExpires
switch to Install-User for creating accounts with passwords that expire. This is a breaking change: this flag used to set this flag by default.UserCannotChangePassword
switch to Install-User to prevent user from changing his password.Members
parameter to Member
(with backwards-compatible alias).System.DirectoryServices.AccountManagement
API (introduced with .NET 3.5).System.DirectoryServices.AccountManagement
API (introduced with .NET 3.5).-ErrorAction SilentlyContinue
or -ErrorAction Ignore
to preserve old behavior.System.DirectoryServices.AccountManagement
API (introduced with .NET 3.5).System.DirectoryServices.AccountManagement
API (introduced with .NET 3.5).Resolve-IdentityName
renamed to Resolve-Identity, but it has a backwards-compatible alias, so you shouldn’t have to do anything.Resolve-IdentityName
) now returns a Carbon.Identity
object instead of the identity’s name. Update scripts to use the FullName
property to get the old return value, e.g. Resolve-Identity -Name $userName -PassThru | Select-Object -Expand 'FullName'
.Resolve-IdentityName
) now writes an error if it can’t resolve a name. Use -ErrorAction SilentlyContinue
or -ErrorAction Ignore
to preserve old behavior.Carbon.Identity
object if the identity exists and you use the -PassThru
switch. It used to return the identity’s name. Update scripts to use the FullName
property to get the old return value, e.g. Test-Identity -Name $userName -PassThru | Select-Object -Expand 'FullName'
.Write-Verbose
instead of Write-Host
.Write-Verbose
instead of Write-Host
. See Write-Host Considered Harmful.
X509Certificate2
object instead of just a path to a certificate.StoreName
to X509Store
objects to return the store’s System.Security.Cryptography.X509Certificates.StoreName
value.X509Store
objects. PowerShell’s default view is a list, so you’ll have to explicitly format the objects as a table, e.g. dir cert:\LocalMachine | Format-Table
.Path
parameter now supports wildcards and certificate provider paths, e.g. cert:\
.Programs and Features
UI.Credential
parameter.makecert.exe
and pkv2pfx.exe
. Requires that you’ve installed a Windows SDK.Name
and LiteralName
parameters to Get-FirewallRule to return specific rules instead of all of them.Carbon.Firewall.Rule
objects, instead of anonymous hashes.netsh advfirewall firewall rule show
had a verbose
switch? RTFM.System.Security.AccessControl.InheritanceFlags
and System.Security.AccessControl.PropagationFlag
values into a Carbon.Security.ContainerInheritanceFlags
value.System.ServiceController.Service
:
PATH
environment variable contains an empty path.DisplayName
on X509Store
objects returning wrong store name for custom stores, now returns an empty string.Carbon.Identity.FindByName
method and the Resolve-IdentityName and Test-Identity functions now handle identity names with .
for the domain/machine name, e.g. .\Administrator
.Carbon.Identity.FullName
property returns the wrong value when domain is empty/null, e.g. Resolve-IdentityName -Name 'Everyone'
returns \Everyone
, when it should return Everyone
.Carbon.Identity.FindByName
method and the Resolve-IdentityName and Test-Identity functions unable to resolve LocalSystem
account (which is actually NT AUTHORITY\SYSTEM
).There is now a Carbon support mailing list.
-WhatIf
switch.-Verbose
switch because I think the verbose output is too verbose and not helpful at all.Prefix
parameter) to avoid name collisions and follow best practices.$false
when testing leaf-level permissions and the ApplyTo
parameter is provided, i.e. it doesn’t ignore inheritance/propagation flags on leaves.Path
parameters which represented virtual paths to VirtualPath
(with backwards-compatible aliases):
SiteName
parameter to Name
(with a backwards-compatible alias).Name
parameters which represented virtual paths to VirtualPath
(with backwards-compatible aliases):
Path
parameters which represented physical paths to PhysicalPath
(with backwards-compatible aliases):
Synchronize
permission when checking for exact permissions, since this permission is always on and can never be removed from a file/directory.Carbon.Identity
class for representing identities. It also contains a static FindByName
method which uses The Windows LookupAccountName
function to find full account names, domains, and sids.[Carbon.Identity]::FindByName
to find identities so it no longer throws exceptions when an identity can’t be found.[Carbon.Identity]::FindByName
to find identities so it no longer throws exceptions when an identity can’t be found.This is definitely the last release to support PowerShell 2. There were enough bug fixes that I didn’t feel good about making people upgrade to a backwards-incompatible version to get them, so I jumped through some extra hoops to test on PowerShell 2. You’re welcome. ;-)
-Runtime 'v2.0'
.This will most likely be the last version of Carbon tested and supported on PowerShell 2. We’ll be moving the build server to PowerShell 3 sometime around August 15th, which means that’s the version of PowerShell the automated tests will use. We encourage everyone to upgrade to PowerShell 3 as soon as possible.
PhysicalPath
script property, so you don’t have to traverse down into the default application’s default virtual directory object to get it.Microsoft.Web.Administration.Application
objects for all or specific applications under a website.Microsoft.Web.Administration
API instead of appcmd.exe
.ExecutionPolicy
parameter to Invoke-PowerShell to allow setting a custom exeuction policy when using Invoke-PowerShell to run a script.