Get-CPermission
,Grant-CPermission
,Revoke-CPermission
, andTest-CPermission
functions. They moved to provider-specific functions in the following modules:- Carbon.Cryptography
Get-CPrivateKeyPermission
Grant-CPrivateKeyPermission
Revoke-CPrivateKeyPermission
Test-CPrivateKeyPermission
- Carbon.FileSystem
Get-CNtfsPermission
Grant-CNtfsPermission
Revoke-CNtfsPermission
Test-CNtfsPermission
- Carbon.Registry
Get-CRegistryPermission
Grant-CRegistryPermission
Revoke-CRegistryPermission
Test-CRegistryPermission
- Carbon.Cryptography
ConvertTo-CContainerInheritanceFlags
,ConvertTo-InheritanceFlag
, andConvertTo-PropagationFlag
. If you switch to the new provider-specific functions above, you won't need to use these functions anymore.ConvertTo-CSecurityIdentifier
,Resolve-CIdentity
,Resolve-CIdentityName
, andTest-CIdentity
. They moved to the Carbon.Accounts module.Get-CScheduledTask
,Install-CScheduledTask
,Test-CScheduledTask
, andUninstall-CScheduledTask
functions. They moved to newCarbon.ScheduledTasks
module.Get-CPrivilege
,Grant-CPrivilege
,Revoke-CPrivilege
, andTest-CPrivilege
functions. They moved to theCarbon.Security
module.
Released 17 Aug 2023
Fixed: warnings written about registry functions moving to new module that users can't do anything to remove (from internal usages).
Released 16 Aug 2023
Moved the following functions to a new Carbon.Registry
module. They will be removed from Carbon
in a future major
version.
Get-CRegistryKeyValue
Install-CRegistryKey
Remove-CRegistryKeyValue
Set-CRegistryKeyValue
Test-CRegistryKeyValue
Released 3 Jul 2023
- Fixed:
ConvertTo-CBase64
throws a "parameter cannot be found" error.
Get-CPermission
can now get permissions on private keys stored using a CNG (Cryptographic Next Generation) provider.Grant-CPermission
can now grant permissions on private keys stored using a CNG provider.Revoke-CPermission
can now grant permissions on private keys stored using a CNG provider.
Install-CService
now writes commands it runs to the information stream instead of the verbose stream.
New-CRsaKeyPair
: useNew-CRsaKeyPair
in the Carbon.Cryptography module instead.
Uninstall-CService
writes an error if any service on the current computer can't be queried.Get-CPowerShellModuleInstallPath
returns a Windows PowerShell path when run under PowerShell 7.Disable-CNtfsCompression
,Enable-CNtfsCompression
,Get-CFirewallRule
, andInstall-CService
fail under PowerShell 7.3.0+.Install-CService
fails if creating a service whose account password begins/ends with double-quotation marks or contains both a quote and space character.
- The
Invoke-CCimMethod
function for calling a method on an object that could be a WMI or CIM object. - The
Uninstall-CFileShare
function now accepts piped-in share objects (or any object with aName
property, really). - The
Write-CCimError
function for writing an error message based on the result object returned from a method call.
- The
Install-CFileShare
now writes a more friendly message on PowerShell (Core) instead of "[Microsoft.Management.Infrastructure.CimInstance] does not contain a method named 'Delete'". We're unable to getInstall-CFileShare
to work under PowerShell (Core). - The
Install-CFileShare
function now writes changes its making to the information stream.
These functions moved to the Carbon.Windows.HttpServer
module. Update usages to use the Carbon.Windows.HttpServer
module instead of Carbon
.
Get-CSslCertificateBinding
Remove-CSslCertificateBinding
Set-CSslCertificateBinding
Test-CSslCertificateBinding
The Resolve-CFullPath
function moved to the Carbon.Core
module. Update usages to use the Carbon.Core
module
instead of Carbon
.
All IIS functions moved to the Carbon.IIS
module. Updates usages to use the Carbon.IIS
module instead of Carbon
.
Add-CIisDefaultDocument
Add-CIisServerManagerMember
Disable-CIisSecurityAuthentication
Enable-CIisDirectoryBrowsing
Enable-CIisSecurityAuthentication
Enable-CIisSsl
Get-CIisApplication
Get-CIisAppPool
Get-CIisConfigurationSection
Get-CIisHttpHeader
Get-CIisHttpRedirect
Get-CIisMimeMap
Get-CIisSecurityAuthentication
Get-CIisVersion
Get-CIisWebsite
Install-CIisApplication
Install-CIisAppPool
Install-CIisVirtualDirectory
Install-CIisWebsite
Join-CIisVirtualPath
Lock-CIisConfigurationSection
Remove-CIisMimeMap
Set-CIisHttpHeader
Set-CIisHttpRedirect
Set-CIisMimeMap
Set-CIisWebsiteID
Set-CIisWebsiteSslCertificate
Set-CIisWindowsAuthentication
Test-CIisAppPool
Test-CIisConfigurationSection
Test-CIisSecurityAuthentication
Test-CIisWebsite
Uninstall-CIisAppPool
Uninstall-CIisWebsite
Unlock-CIisConfigurationSection
Write-CIisVerbose
- Carbon no longer generates backwards-compatible shims for new functions.
Install-CFileShare
wasn't preserving the file share's SACL, group, or owner on its security descriptor.
- The
Install-CMsi
,Get-CMsi
, andGet-CProgramInstallInfo
functions have moved to a newCarbon.Windows.Installer
module, now available on the PowerShell Gallery. Please switch to the new module and update usages. If you use these functions from Carbon, a warning message will be written. These function will be removed in the next major version of Carbon. - Carbon now works under PowerShell 7.
- Fixed: Get-CPermission fails to grant permissions on certificates in PowerShell 6+ and on certificates that .NET Framework load as RSA cryptographic next generation keys, which don't have an API for setting private key permissions.
- Fixed: Carbon doesn't load Microsoft.Web.Administration assembly on PowerShell 7+.
- Fixed:
Carbon.Firewall.Rule
type missing theLocalIP
andRemoteIP
properties (which are aliases for theLocalIpAddress
andRemoteIPAddress
properties, respectively).
- Fixed: Carbon fails to import multiple times in the same session.
- Fixed: Carbon fails when used as a nested module and Carbon is loaded globally or by nested in another module.
- Fixed: Importing Carbon fails under PowerShell 4.
- Fixed: Resolve-CPathCase fails on PowerShell Core.
- New: 'Grant-Permission', 'Get-Permission', and 'Revoke-Permission' scripts now execute correctly on non-Windows platforms.
- Fixed: Install-CService now will update services when file permissions or user account privileges have changed.
- Fixed: Carbon fails to import if IIS isn't installed.
- Fixed: Carbon fails to import on PowerShell 4.
- Fixed: Carbon's backward compatible aliases replaced with shim functions. Carbon no longer aggressively loads its functions.
- New: Carbon now warns when you're using a function shim with a deprecated name. Update your code so that all Carbon
functions have a
C
prefix. Carbon has aUse-CarbonPrefix.ps1
script in its bin directory that will update files to use the new prefix. - Migrated the following functions to new Carbon.Core and Carbon.Cryptography modules. These functions still exist in
Carbon 2, so if you use all these modules together, you'll probably run into naming collisions and errors depending on
how you install, import, and use Carbon. You'll get a warning if you use any of the functions that migrated.
ConvertTo-CBase64
,Get-CPowerShellPath
, andInvoke-CPowerShell
are now in the Carbon.Core module.- The
Test-COSIs32Bit
andTest-COSIs64Bit
functions merged into aTest-COperatingSystem
function in the Carbon.Core module. - The
Test-CPowerShellIs32Bit
andTest-CPowerShellIs64Bit
functions merged into aTest-CPowerShell
function in the Carbon.Core module. - New:
Convert-CSecureStringToString
,Get-CCertificate
,Install-CCertificate
,Uninstall-CCertificate
,Protect-CString
, andUnprotect-CString
migrated to the Carbon.Cryptography module.
- Fixed: the
Install-CCertificate
function causes an extra file to be written to the Windows directory where private keys are saved. Depending on your environment, this could put many, many extra very small files on the file system or a full disk. - Fixed: the
Install-CCertificate
function could fail to install a certificate with a private key in a remote computer's LocalMachine store if you passed in a certificate object to install. - Fixed: the
Install-CCertificate
function always installs a certificate even if it exists in the destination store. Depending on your environment, this could put many, many extra very small files on the file system or a full disk. Use the-Force
switch to always install a certificate even if it already exists in the destination store. - Added a
-Force
switch to theInstall-CCertificate
function to force certificates to be installed if they already exist in the destination store. - Fixed:
Install-Service
always writes a verbose message when installing a service.
Fixed: In Carbon 2.7.0, we added a C
prefix to all the Carbon functions, with aliases that used the old function
names to preserve backwards-compatability. We didn't realize at the time that aliases have the highest precedence of
commands, so Carbon's aliases hid any other commands on your system that may have been named the same. Bad idea. With
this release, Carbon no longer uses aliases for backwards-compatability. Instead, it dynamically creates shim functions
named after the old functions. These shim functions write a warning that the function with the old name is deprecated
then calls the function using its new name. Hopefully, this will finally fix the name collisions problems. The function
names with out the C
prefix will be removed in Carbon 3, so update your code to make upgrading easier.
Because Carbon creates these backwards-compatible function shims dynamically, Carbon won't create a shim if a
function with the old name exists. If there is a name conflict between Carbon and another module, if you import that
module first, Carbon won't export its shim function.
We need parts of Carbon to work on PowerShell Core. The current size of Carbon makes that hard (over 200 functions and automated tests that take a long time). So, we're breaking Carbon into smaller modules. The new modules will all require PowerShell 5.1+. If you use Carbon 2 and the new modules together, you'll get naming conflicts during installation and when importing. The first two modules are already out: Carbon.Core and Carbon.Cryptography.
Carbon.Core will contain all the functions that are foundational to all or most other future Carbon modules, or generic functions we feel are core to Carbon and/or PowerShell. It has no dependencies. The following functions were migrated to it:
ConvertTo-CBase64
(with some added functionality)Get-CPowerShellPath
Invoke-CPowerShell
Test-COperatingSystem
: ReplacesTest-OSIs32Bit
andTest-OSIs64Bit
. Tests operating system type, too, so you can use this function instead of the$IsWindows
,$IsLinux
, or$IsMacOS
variables. Works on versions of PowerShell that don't define those variables.Test-CPowerShell
: ReplacesTest-PowerShellIs32Bit
andTest-PowerShellIs64Bit
. Tests edition, too. Use this function instead of$PSVersionTable.PSEdition
. Handles when $PSVersionTable doesn't have the PSEdition property.
Carbon.Crytography contains functions that are used when encrypting and decrypting strings. This is where certificate management funtions live. These function were migrated from Carbon:
Convert-CSecureStringToString
Get-CCertificate
: works on Linux and macOS when opening certificate files.Install-CCertificate
Uninstall-CCertificate
Protect-CString
: works on Linux and macOS.Unprotect-CString
: works on Linux and macOS.
- Fixed: Convert-XmlFile fails in PowerShell Core (thanks to Joseph Block for the fix).
- Fixed: Protect-CString and Unprotect-CString failed under PowerShell Core.
- Fixed: Invoke-CPowerShell failed under PowerShell Core.
- Fixed: Install-CCertificate fails under PowerShell Core.
- Fixed: Unprotect-CString adds extra null bytes to the end of a decrypted string when using AES (
-Key
) encryption.
- Fixed: when encryptiong/decrypting with a thumbprint,
Protect-String
andUnprotect-String
take more time the more certificates you have in your stores.
- Fixed:
Import-Carbon.ps1
fails if Carbon is already imported from a different location than the location from which it will import Carbon.
- Carbon should now import in less than a second.
- Fixed:
Grant-CHttpUrlPermission
documentation uses command namedGrant-CHttpUrlAclPermission
. (Fixes issue 66.) - Fixed:
Enable-CNtfsCompression
always enables compression even if compression is already enabled. - Fixed:
Disable-CNtfsCompression
always disables compression even if compression is already disabled. - Fixed:
Uninstall-CService
can write an error when a service's process exits at unexpected times. - Fixed:
Get-CUser
can sometimes take 60 to 90 seconds to lookup a specific user. - Fixed:
Get-CGroup
can sometimes take 60 to 90 seconds to lookup a specific group. - Improved
Set-CEnvironmentVariable
andRemove-CEnvironmentVariable
functions' reliability when setting and removing variables for a specific user (they now useStart-Job
instead of Carbon'sInvoke-CPowerShell
). - Fixed: Carbon was hiding the ServerManager module's
Get-WindowsFeature
,Install-WindowsFeature
, andUninstall-WindowsFeature
cmdlets (fixes issue #55). - Fixed:
Set-CHostsEntry
can sometimes clear the hosts file (fixes issue #39). - Fixed:
Get-CServiceConfiguration
fails with a terminating exception if a service doesn't exist.
- Added verification information to Chocolatey package.
- Updated copyright.
- Carbon is now importable on PowerShell Core on all platforms. Most functions will not work on Linux/MacOS since they are Windows-specific. Many functions will also not work on PowerShell Core. The next major version of Carbon, 3, should fully support PowerShell Core on Windows.
Get-CScheduledTask
can now returnRegisteredTask
objects from the Scheduler.Service COM API. Use the newAsComObject
switch. Getting COM objects is an order of magnitude faster than the old way.- Fixed:
Get-CScheduledTask
isn't able to parse some task information returned on Windows 10. - Deprecated
Test-CWindowsFeature
. - Fixed:
Get-CComPermission
fails when there are permission to a non-existent identity. - Fixed: looking up local users/groups is extremely slow on some machines.
- Uninstall-Service now kills a service's process when that service stops but is actually still running. This should decrease the frequency of needing to reboot a computer when uninstalling a service.
- Added
C
prefix to all Carbon commands, with aliases from old command names to new ones to maintain backwards compatability. - Added
bin\Use-CarbonPrefix.ps1
script to Carbon that will update files to use the new Carbon function names. Get-CCertificate
: AddedPath
note property to returned objects.- Fixed: Chocolatey uninstaller fails if the
PSModulePath
environment variable contains trailing or sequential semicolons.
Enable-IisSecurityAuthentication
andDisable-IisSecurityAuthentication
sometimes hang. We don't know why, but we're working around the problem. These functions no longer always apply a configuration change. Instead, they only enable/disable security authentication if its not already enabled/disabled.Install-Service
now outputs a verbose message showing the command line arguments used when callingsc.exe
to install/update a service.- Added
ArgumentList
property/parameter toCarbon_Service
DSC resource. Thanks to Luigi Grilli for the contribution. - Fixed:
Get-HttpUrlAcl
returns no ACLs if any ACLs exist whose identities no longer exist.
Note: 2.5.1 through 2.5.4 contain the same code and changes. We created new build and deployment automation that, due to bugs, required us to publish multiple versions.
- Fixed: Carbon takes 10 to 20 seconds to load. In trying to detect if the Win32_OptionalFeature class is available on the current operating system, it was actually loading all the Win32_OptionalFeature instances. Oops. Now, it just checks for the existence of the Win32_OptionalFeature class. Load times should now be about two to three seconds. (Fixes issue #35.)
- Import-Carbon.ps1 now hides verbose messages typically shown by Import-Module and Remove-Module cmdlets.
- Fixed:
Assert-FirewallConfigurable
fails on Windows 10 due to firewall service display name change.
- Added
DelayedAutoStart
boolean property to objects returned byGet-ServiceConfiguration
. This flag istrue
when a service is set to start automatically, delayed.False
otherwise. Added extended - The
Install-Service
function and theCarbon_Service
DSC resource can now set a service's startup type toAutomatic (Delayed)
. PassAutomatic
to theStartupType
parameter and use the newDelayed
switch. TheDelayed
switch is ignored unlessStartupType
isAutomatic
. Fixes issue #216. - The
Uninstall-Certificate
function can now delete a certificate by just its thumbprint. The certificate will be uninstalled from all stores. You can pipe the thumbprint or a certificate object toUninstall-Certificate
. - Added an
EnsureRunning
switch toInstall-Service
function to ensure that any service is started after configuring. (By default,Install-Service
leaves a service stopped if it was stopped whenInstall-Service
begins.) - Added
IsSymbolicLink
extended type property to directory and file objects (i.e.System.IO.DirectoryInfo
andSystem.IO.FileInfo
objects). - Added
TargetPath
extended type property to file (i.e.System.IO.FileInfo
) objects. If a file is a symbolic link, this property will return the file the link points to. - The
TargetPath
extended type property on directory (i.e. `System.IO.DirectoryInfo) objects now returns target paths when a directory is a symbolic link. Initiazlie-Lcm
can't be used on Windows Server 2016 and later to put the DSC local configuration manager into pull mode.Initialize-Lcm
now writes an error when you try.
Install-Service
and theCarbon_Service
DSC resource write errors when a service is running and its startup type is changed toDisabled
.- The
Carbon_ScheduledTask
DSC resource writes incorrect information to verbose log when the current and desired credential for the scheduled task are different. - The
Carbon_ScheduledTask
DSC resource doesn't correctly detect when a task's identity has changed (it wasn't converting usernames to their canonical representation before comparing the existing identity with the desired identity). - Fixed: Importing Carbon in 32-bit PowerShell fails on a 64-bit operating system. DSC isn't available so the
Initialize-Lcm
function can't be exported. Thanks to Anders Andersson for contribuging the fix. - Fixed:
Install-Service
andCarbon_Service
DSC resource fail to change the identity a service runs as if switching from a custom account to the defaultNetworkService
account. - Fixed:
Get-PowerShellModuleInstallPath
returns nothing when run under 32-bit (x86) PowerShell on 64-bit Windows.Fixed:Get-PowerShellModuleInstallPath
returns nothing when run under 32-bit (x86) PowerShell on 64-bit Windows.
- Fixed:
Carbon_Permission
fails when revoking permissions and thePermissions
property doesn''t have a value. - Fixed:
Protect-String
doesn't convert secure strings properly so they get encrypted with extra bytes in them. - Fixed: `Revoke-Permission' fails when an identity has multiple access control entries on an item. Thanks to bozho_ for reporting issue #221 and contributing the fix.
- Fixed:
Compress-Item
' writes an error when using theWhatIf
switch. - Fixed:
Install-IisWebsite
help examples contain invalid/broken code (thanks to John Mitchell for reporting). - Fixed:
Install-Service
fails when password contains double quote character, i.e."
(fixes issue #219). - Fixed:
Read-File
andWrite-File
fail to retry writing to a locked file when$Global:Error
is full. Fixes issue #217. - Fixed:
Get-FirewallRule
sets theEdgeTraversalPolicy
toDeferUser
on rules whose policy is "defer to application". - Fixed:
Get-FirewallRule
fails on non-english-speaking computers. (It was parsing the output ofnetsh advfirewall
. Now it uses the Windows Firewall with Advanced Security API.) [Fixes issue #208. - Fixed:
Get-FirewallRule
incorrectly parsed interface types. It assumed interface type was one of multiple values. In reality, it can be set to one or more different values. The underlying enumeration and its values have been updated to be a set of flags (i.e. a bit field). - Fixed:
Carbon_FirewallRule
fails when Profile property has more than one value. - Fixed:
Get-ScheduledTask
doesn't handle when a scheduled task doesn't exist on Windows 2008.
Protect-String
can now encrypt aSecureString
. TheString
parameter's type was changed to[object]
. When you pass in aSecureString
, it is converted to an array of bytes, encrypted, and the array of bytes are cleared from memory.- Renamed
Protect-Acl
toDisable-AclInheritance
to make it clearer what the function does. Created aProtect-Acl
alias in place to preserve backwards-compatability. Disable-AclInheritance
only disables inheritance if it is currently enabled.- Created
Enable-AclInheritance
to re-enable access rule inheritance on file system and registry ACLs. This function is paired withDisable-AclInheritance
.
- Fixed:
Get-ProgramInstallInfo
fails when a program'sVersion
registry key value can't be converted into aVersion
object. - Fixed:
Test-Service
failed to detect if a device driver service is installed. - Fixed:
Install-Service
fails if a service depends on a device driver. (Note: in our testing, we can't get a device driver set as a dependency. If you know what the secret sauce is to get this to work with sc.exe (or another means), please let us know.) - Fixed:
Disable-AclInheritance
(neProtect-Acl
) fails when piped a registry key. - Fixed:
Get-PathProvider
fails when passed a fully-qualified registry key PowerShell path, e.g.Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software
.
Protect-String
can now encrypt with a key, password, or passphrase (i.e. it can now encrypt with symmetric encryption).Unprotect-String
can now decrypt with a key, password, or passphrase (i.e. it can now decrypt using symmetric encryption).Set-HostsEntry
now supports IPv6 addresses (fixes issue).Grant-Permission
now supports creatingDeny
access rules. Use the newType
parameter. Fixes issue #152.Set-EnvironmentVariable
:- Added
-Force
switch to make all variable modifications immediately visible in the current PowerShell process'senv:
drive. Restarts are no longer required. - You can now set an environment variable for other users. Use the
Credential
parameter to specify the user's credentials. Fixes issue #151.
- Added
Remove-EnvironmentVariable
:- Added
-Force
switch to make all variable removals immediately visible in the current PowerShell process'senv:
drive. Restarts are no longer required. - You can now remove variables from multiple targets/scopes at once.
- You can now remove an environment variable for other users. Use the
Credential
parameter to specify the user's credentials.
- Added
Invoke-PowerShell
:- It now runs PowerShell commands. Pass a string of PowerShell code with the
Command
parameter. - It now runs encoded PowerShell commands. Pass the string of PowerShell code with the
Command
parameter and use the-Encode
switch. - It now runs scripts and commands as another user. Use the
Credential
parameter to pass the user's credentials along with theFilePath
andCommand
parameters to run scripts and commands, respectively.
- It now runs PowerShell commands. Pass a string of PowerShell code with the
- Fixed:
Set-RegistryKeyValue
fails when-String
parameter's value is$null
or empty (fixes issue #211). - Fixed: Can't import Carbon in a 32-bit PowerShell 4 session on a 64-bit operating system (fixes issue #199).
- Fixed: Documentation for the
Install-ScheduledTask
function'sHighestAvailableRunLevel
is lying (fixes issue #205). - Fixed:
Carbon_FirewallRule
fails whenProfile
property set to multiple values (fixes issue #209). - Fixed:
Install-IisAppPool
can't set .NET framework version toNo Managed Code
(fixes issue #210). - Fixed:
Get-SslCertificateBinding
fails if the operating system's culture is noten-US
(fixes issue #171). - Fixed:
Install-ScheduledTask
fails when creating a task that runs during a specific week of the month on Sundays. (You're going to love this: the underlying int value for[DayOfWeek]::Sunday
is0
, so when testing if aDayOfWeek
typed variable set toSunday
has a value, it returns$false
. This madeInstall-ScheduledTask
add the/D
parameter without a value.
- Aded a
LiteralPath
parameter toTest-PathIsJunction
for testing paths that contain wildcard characters (e.g.[
,]
, etc.). Remove-Junction
now supports removing multiple junctions with wildcards.- Added a
LiteralPath
parameter toRemove-Junction
for deleting junctions whose paths contain wildcard characters (e.g.[
,]
, etc.). - Added a
LiteralPath
parameter toUninstall-Junction
for deleting junctions whose paths contain wildcard characters (e.g.[
,]
, etc.). - Created
Remove-DotNetAppSetting
function for removing app settings from .NET framework machine.config files. - Created
Read-File
function for reading text files and retrying if the read fails. Good for reading files that get intermittently locked, like the Windows hosts file. - Created
Write-File
function for writing text files and retrying if the write fails. Good for writing files that get intermittently locked, like the Windows hosts file. - Made the following functions obsolete:
Get-WindowsFeature
Install-Msmq
Install-WindowsFeature
Resolve-WindowsFeatureName
Uninstall-WindowsFeature
- Fixed:
Add-GroupMember
, over PowerShell remoting, fails to add a member to groups that have non-local users/groups (fixes issue #187: Add-GroupMember fails when using PowerShell Remoting) - Fixed:
Remove-GroupMember
, over PowerShell remoting, fails to remove a member from groups that have non-local users/groups. - Fixed:
Test-PathIsJunction
returns multiple results if thePath
parameter contains wildcards and matches multiple items. - Fixed:
Install-Junction
can't install a junction whose path contains wildcard characters (fixes issue #190). - Fixed:
New-Junction
writes wrong error when creating an existing junction whose path contains wildcard characters. - Fixed:
Install-Service
doesn't update/change an existing service's account when using theCredential
parameter (fixes issue #185). - Fixed:
Uninstall-FileShare
fails if a share's physical path doesn't exist. - Fixed (hopefully):
Get-FileSharePermission
writes an error if a share's security information is corrupted (fixes issue #188). I was unable to reproduce the error, and the error was reported anonyously, so I did my best. - Fixed:
Get-PowerShellModuleInstallPath
returns multiple paths if the standard PowerShell module path is listed twice in thePSModulePath
environment variable. - Fixed: Chocolatey package fails if the standard PowerShell module path is listed twice in the
PSModulePath
environment (fixes issue #192). - Fixed:
Get-PowerShellModuleInstallPath
doesn't return the module install path if it doesn't exist. Sometimes it doesn't yet. - Fixed:
Carbon_ScheduledTask
andCarbon_IniFile
DSC resources'Get-TargetResource
functions don't return correct resource properties and causesGet-DscConfiguration
to fail (fixes issue #193). - Fixed:
Carbon_FirewallRule
DSC resource always re-installs a firewall rule ifProfile
property contains multiple values (i.e. it doesn't properly parse netsh output). - Fixed:
about_Carbon_Installation
help topic had a typo. - Fixed:
Set-HostsEntry
fails to stop when the hosts file is in use and can't be read.
- Fixed: unable to publish module to PowerShell Gallery because
RequiredAssemblies
module manifest data used an absolute path generated withJoin-Path
and$PSScriptRoot
, which aren't allowed in module manifests. - Fixed: missing PowerShell Gallery tags, license URI, project URI, and release notes metadata.
- Fixed: copyright date in module manifest is 2015.
- Fixed: PowerShell gallery missing function list.
- Fixed: Restricted user accounts can't import Carbon (issue #180).
- Fixed:
Carbon_Privilege
DSC resource fails to remove all a user's privileges (issue #178). - Fixed:
Remove-IniEntry
fails to remove last INI entry in a file (issue #179).
Get-HttpUrlAcl
: uses Windows API to return HTTP URL ACLs; replaces thenetsh http show urlacl
command.Grant-HttpUrlPermission
: uses Windows API to grant listen/delegate permissions on HTTP URLs; replaces thenetsh http add urlacl
command.Revoke-HttpUrlPermission
: uses Windows API to revoke all a user or group's permissions on HTTP URLs; replaces thenetsh http delete urlacl
command.Install-Directory
: creates a directory (and any missing parents), if it doesn't exist already. Finally!Uninstall-Directory
: removes a directory, if it exists. Finally!Uninstall-Group
: uses theDirectoryServices.AccountManagement
.NET API to remove a group, if it exists.Test-GroupMember
: uses theDirectoryServices.AccountManagemetn
.NET API to test if a principal is a member of a group.
Carbon_Group
: resource for configuring local groups.
- Fixed:
Install-FileShare
always re-configures existing shares; it doesn't properly detect permissions that need to be removed. - Fixed:
Set-IniEntry
fails to preserve unicode characters with diacritics in INI entry names and values. - Fixed:
Remove-IniEntry
fails to preserve unicode characters with diacritics in INI entry names and values. - Fixed:
Set-HostsEntry
leaves trailing tabs and whitespace after all but the last line. - Fixed:
Get-PowerShellModuleInstallPath
returns wrong path for PowerShell 4. - Fixed:
Protect-String
fails when Carbon is installed in a module path that contains spaces (fixes issue #174). - Fixed:
New-RsaKeyPair
generates a key pair that isn't supported for encrypting/decrypting DSC credentials or supported by the CMS message cmdlets. - Fixed:
Get-ScheduledTask
returns invalid task commands when those commands contain quotes (works around an issue whereschtasks.exe
CSV output can't be parsed correctly byConvertFrom-Csv
). - Fixed:
Add-GroupMember
andRemove-GroupMember
fail when addingEveryone
orNT Service\*
accounts to a group (fixes issue #177). - Fixed:
Get-SheduledTask
writes an error if a scheduled task's XML definition is for an executable and doesn't contain an arguments element.
- Obsolete function parameters will no longer show in Intellisense (added the
DontShow
parameter property). Test-AdminPrivilege
: changed its verbose message to a debug message.Set-HostsEntry
:- only updates hosts file if it needs to change
- added an improved verbose message when setting a hosts entry
- improved error handling when hosts file can't be opened for reading
Install-Certificate
can now install a certificate on a remote computer.Initialize-Lcm
now usesInstall-Certificate
to install the decryption certificate on the remote computer.Uninstall-Certificate
can now uninstall a certificate on a remote computer.- The following functions now write warning if you pass them a plain-text password. You should pass a
SecureString
instead.Install-Certificate
Initialize-Lcm
New-RsaKeyPair
:- Refactored to use
certreq.exe
instead ofmakecert.exe
andpvk2pfx.exe
. - Can now run non-interactively: added a
-Password
parameter used to protect the private key (it used to prompt you). - Fixed: generates a key pair that isn't supported for encrypting/decrypting DSC credentials or supported by the CMS message cmdlets.
- Made the
-ValidFrom
and-Authority
parameters obsolete.
- Refactored to use
- Added some verbose messages to
Install-Group
andAdd-MemberToGroup
when they create/modify their objects. Install-Group
only saves changes to a group if changes were made.
- Fixed: errors importing Carbon when IIS not installed on Windows 2012 R2 and Windows 10 (fixes issue 168: Cannot import Carbon 2.0 module due to issues with IIS related functionality).
- Fixed Carbon copyright statements.
- Improved Carbon's module description.
Carbon version 2.0 is a huge release, with lots of new enhancements and bug fixes. We hope you like them. Carbon 2.0 now requires PowerShell 4, so it is not backwards-compatabile with Carbon 1.x. Because of this, we made some additional backwards-incompatible changes. See the Upgrade Instructions
section for things to look out for.
If you're upgrading from a previous 2.0 alpha release, you'll want to review the changes since your alpha version (found after the Upgrade Instructions section). We improved backwards-compatability with Carbon 1.x since the last alpha release, but that broke compatability with the alphas.
Make sure you're running PowerShell 4.
Install-Certificate
's parameters have changed:
- Remove the
Exportable
switch from any usages ofInstall-Certificate
when installing from anX509Certificate2
object, since that switch only gets used when installing a certificate from a file.
Some functions now return different objects and/or the objects returned have changed:
- Use the
Sid
property on objects returned byTest-Identity
when using thePassThru
switch: it now returns aCarbon.Identity
object if the identity exists and you use the-PassThru
switch, e.g.Test-Identity -Name $userName -PassThru | Select-Object -Expand 'Sid'
. - Update usages of
Carbon.Computer.ProgramInstallInfo
'sVersion
property (returned byGet-ProgramInstallInfo
). It was anint
and is now a Version object.
The Carbon assembly was re-organized. If you were reaching into Carbon.dll
(NOT RECOMMENDED), you'll want to:
- Rename usages of
[Carbon.AdvApi32]
class to[Carbon.Service.ServiceSecurity]
. - Rename usages of
[Carbon.Lsa]
class to[Carbon.Security.Privilege]
. - Rename usages of
[Carbon.Win32]
class to[Carbon.FileSystem.Path]
. - Rename usages of
[Carbon.HandleInfo]
class to[Carbon.Win32.HandleInfo]
. - Remove usages of
[Carbon.Lsa]::LookupPrivilegeValue
class method. It was incorrectly exposed as a public method. - Remove usages of
[Carbon.Kernel32]::LocalFree
class method. It was incorrectly exposed as a public method.
The following commands no longer return the stdout output from the console applications each one calls. To see the old output, use the -Verbose
switch. Remove any usage of the output you were processing.
- All IIS functions.
Disable-FirewallStatefulFtp
Enable-FirewallStatefulFtp
Install-Service
Install-SmbShare
Remove-SslCertificateBinding
Set-SslCertificateBinding
Uninstall-Service
The following functions' internal behavior has changed. This may or may not impact you.
Grant-Permission
now only grants permissions on an object if those permissions aren't present. To preserve previous behavior, add the-Force
switch to allGrant-Permission
usages.Grant-Permission
now writes an error if you don't have access to a private key. Previously, it would skip the key without any messages.Install-Msi
(fkaInvoke-WindowsInstaller
) now only installs the MSI if it isn't already installed. To preserve the previous behavior and always install, add the-Force
switch to allInvoke-WindowsInstaller
`Install-Msi` usages.- All IIS functions were re-written to use the
Microsoft.Web.Administration
API instead ofappcmd.exe
. Install-IisWebsite
no longer deletes and re-creates websites. If a website exists, it updates its configuration to match parameters passed in. To preserve previous behavior and delete the website before installing, use the-Force
switch.Install-IisVirtualDirectory
no longer deletes and re-creates virtual directories. If a virtual directory exists, its configuration is updated in place. To preserve previous behavior and delete the virtual directory before installing, use theForce
switch.Install-FileShare
(fkaInstall-SmbShare
) no longer deletes and re-creates the share, instead it modifies existing shares in place. To preserve previous behavior and delete existing shares before re-creating, use theForce
switch.Set-RegistryKeyValue
only sets the value if the value doesn't exist or the current value is different than the desired value.
We've added parameter validation to some functions. This shouldn't impact anybody, since if you were passing data that breaks this new validation, the function wouldn't have worked even in previous versions of Carbon.
- Ensure that all thumbprints passed to
Set-SslCertificateBinding
are valid (40 character hex strings), since it now validates thumbprints. - Check that all IP addresses passed to
Set-HostsEntry
are valid IP v4 or v6 addresses.Set-HostsEntry
's IPAddress parameter is now aSystem.Net.IPAddress
object. Previously it was a string validated with a regular expression, so you should be OK.
All Carbon functions now respect each caller's common parameters (e.g. -Verbose
, -ErrorAction
, etc.). This means if you pass a common parameter to a script that calls a Carbon function, that Carbon function will use that common parameter. This may or may not impact you.
- Carbon's
System.ServiceProcess.ServiceController
extended type data causes errors when PowerShell formatsSystem.ServiceProcess.ServiceController
objects that represent services on remote computers. Compress-Item
doesn't remove handled errors from global error array.Grant-Permission
fails with an unhelpful error message if it is unable to get the ACL on a private key.Install-Msi
didn't properly detect when installation failed.Install-ScheduledTask
fails under PowerShell 5 to create a scheduled task to run on Sunday.Install-Service
:- No longer writes a warning about being unable to stop an already stopped service (fixes issue #158).
- Starting the service now respects caller's error action preference. Before,
Start-Service
would write an error even if somone calledInstall-Service
with anIgnore
orSilentlyContinue
error action preference. - Service arguments that are quoted still get quoted. Now, quotes are trimmed before arguments are quoted.
Set-EnvironmentVariable
fails to set process-level environment variable.Set-HostsEntry
fails to preserve whitespace if existing lines end with a comment/description. Thanks to Konstantin Ushenin for the fix.
- Carbon now requires PowerShell 4.
Import-Carbon.ps1
is more intelligent about when it tries to re-load Carbon. It will force a re-import of Carbon if any of Carbon's files have changed or the version has changed.- Added new
FileIndex
,LinkCount
, andVolumeSerialNumber
extended type data onSystem.IO.FileInfo
objects for getting a file's index, its hard link count, and volume serial number, respectively. - The product version of the Carbon assembly now includes pre-release version information, as defined by the Semantic Versioning specification. To get this version, run
Get-Item Carbon.dll | Select-Object -ExpandProperty 'VersionInfo' | Select-Object -ExpandProperty 'ProductVersion'
. - The Carbon NuGet package now supports installing and uninstalling under Chocolatey.
- All IIS functions were re-written to use the
Microsoft.Web.Administration
API instead ofappcmd.exe
. As a side effect, they no longer returnappcmd.exe
console output. - The following functions no longer use
Write-Host
. Instead, they useWrite-Verbose
:Disable-NtfsCompression
Enable-NtfsCompression
Grant-ComPermission
Grant-Permission
Install-Service
Remove-SslCertificateBinding
Revoke-ComPermission
- Created default, table-based display formats for
System.DirectoryServices.AccountManagement.UserPrincipal
,System.DirectoryServices.AccountManagement.GroupPrincipal
,Microsoft.Web.Administration.ApplicationPool
,Microsoft.Web.Administration.Site
, andMicrosoft.Web.Administration.Application
objects. - Re-organized Carbon's internal directory structure. You shouldn't be reaching into Carbon's internals, so this shouldn't matter, but wanted to let everyone know just in case.
Clear-DscLocalResourceCache
clears the local LCM's DSC resource. This makes developing resources easier.Clear-MofAuthoringMetadata
removes authoring metadata from .mof files.Copy-DscResource
copies DSC resources (ZIP files, MSI archives, MOF files, etc.), including timestamps, checksums, and copying only changed files.ConvertTo-SecurityIdentifer
converts a binary, string, orSystem.Security.Principal.SecurityIdentifier
object into aSystem.Security.Principal.SecurityIdentifier
object.Get-DscError
gets any DSC errors that were written to a computer's DSC event log.Get-DscWinEvent
gets DSC events that were written to a computer's DSC event log.Get-FileSharePermission
gets the sharing permissions on a file/SMB share (not the NTFS file system permissions).Get-FileShare
uses WMI to getWin32_Share
objects for the file shares installed on the local computer.Get-Group
gets a local group or all local groups.Get-Msi
reads installer information and properties from an MSI file.Get-PowerShellModuleInstallPath
gets the path where new module's should be installed. Beginning with PowerShell 4, modules should get installed into$env:ProgramFiles\Windows PowerShell\Modules
. Under PowerShell 3, it is$PSHome\Modules
. This function returns the correct location for the version of PowerShell you're using.Get-User
gets a local user or all local users.Initialize-Lcm
configures the DSC Local Configuration Manager on computers, including installing the private key needed for decrypting credentials.Remove-GroupMember
removes a user/group from a local group. Thanks to Philip Kluss for the contribution.Resolve-Identity
converts a system, local, or domain principal name or a SID (as aSecurityIdentifer
, string SDDL, or byte array) into its canonical representation and includes extended identity information: domain, type, and SID.Start-DscPullConfiguration
starts a configuration check on a computer that is configured to use the PULL refresh mode.Test-DscTargetResource
compares target resource with desired resource. Helpful when writingTest-TargetResource
functions.Test-Group
checks if a local group exists.Test-FileShare
uses WMI to check if a file/SMB share exists on the local computer.Test-TypeDataMember
tests if a type has an extended type member defined.Uninstall-FileShare
uninstalls/removes a file share, if it exists.Write-DscError
writes DSCErrorLogRecord
objects as errors.
Carbon_EnvironmentVariable
creates/removes machine-level environment variables.Carbon_FirewallRule
configures firewall rules.Carbon_IniFile
manages the contents of INI files.Carbon_Permission
configures file, directory, registry, and certificate permissions.Carbon_Privilege
configures an identity's privileges.Carbon_ScheduledTask
configures scheduled tasks withschtasks.exe
.Carbon_Service
configures Windows services.
Added a PassThru
switch to the following functions, which will return objects of the given type:
Grant-ComPermission
:Carbon.Security.ComAccessRule
, representing the granted permission.Grant-Permission
:System.Security.AccessControl.AccessRule
, representing the granted permission.Install-Group
:System.DirectoryServices.AccountManagement.GroupPrincipal
, representing the group.Install-IisApplication
:Microsoft.Web.Administration.Application
, representing the application.Install-IisWebsite
:Microsoft.Web.Administration.Site
, representing the website.Install-Junction
:System.IO.DirectoryInfo
, representing new target directories and any new/updated junctions.Install-Service
:System.ServiceProcess.ServiceController
, representing the service.Install-User
:System.DirectoryServices.AccountManagement.UserPrincipal
, representing the user.Set-SslCertificateBinding
:Carbon.Certificates.SslCertificateBinding
, representing the configured binding.
The following functions no longer return the console output of the program each one runs. Instead, the output is written to the verbose stream (i.e. use the -Verbose
switch to see it).
Disable-FirewallStatefulFtp
Enable-FirewallStatefulFtp
Install-Service
Remove-SslCertificateBinding
Set-SslCertificateBinding
Uninstall-Service
The following functions are now obsolete. Please don't use them and stop using them if you are. They will be removed from a future major version of Carbon. You'll get warnings if you use them.
Complete-Job
: It's total crap. Use PowerShell'sWait-Job
cmdlet instead.Invoke-AppCmd
: Switch to Carbon's IIS functions, or useGet-IisConfigurationSection
to getConfigurationElement
objects from theMicrosoft.Web.Administration
API that you can modify.Resolve-NetPath
: Switch to something else. Carbon doesn't usenet.exe
anymore.
The following functions now have obsolete parameters, which will be removed from a future major version of Carbon. You'll get warnings if you use them.
Install-IisAppPool's
UserName
andPassword
parameters. Use the newCredential
parameter instead.Install-Msi's
Quiet
switch.Install-Msi
always installs in quiet mode. Please remove usages.Install-Service's
Password
parameter. Use the newCredential
parameter instead.Install-User's
UserName
andPassword
parameters. Use the newCredential
parameter instead.Set-RegistryKeyValue
'sQuiet
parameter. Please remove usages.
The following functions were renamed, but with backwards-compatible aliases in place, so you shouldn't have to change any code.
Invoke-WindowsInstaller
->Install-Msi
Install-SmbShare
->Install-FileShare
The following functions were re-written to use the System.DirectoryServices.AccountManagement
API, introduced in .NET 3.5.
Add-MemberToGroup
Install-Group
Install-User
Test-User
Uninstall-User
Get-IisAppPool
- Now return all application pools installed on the local computer when called with no parameters.
- Added a default table format for
Microsoft.Web.Administration.ApplicationPool
objects.
Get-ProgramInstallInfo
- Return object's
Version
property changed from anint
to a Version object. - Return object's now have
ProductCode
andUser
properties. If a program doesn't have a product code, it is set to[Guid]::Empty
. TheUser
property is only set for per-user software installs.
- Return object's
Get-ServiceConfiguration
now supports services from remote computers.Grant-Permission
now only grants permissions on an object if those permissions aren't present. To preserve previous behavior, add the-Force
switch to allGrant-Permission
usages.Install-Certificate's
Exportable
switch is now only allowed when installing a certificate from a file. Previously, you could supply the switch when installing from an X509Certificate2 object but it was ignored.Install-Group's
Members
parameter renamed toMember
(with backwards-compatible alias).- Added
Credential
parameter toInstall-IisAppPool
for increased security and to follow PowerShell guidelines. Install-IisVirtualDirectory
no longer deletes and re-creates existing virtual directories, but modifies existing virtual directories in place.Install-IisWebsite
- Added
SiteID
parameter tfor setting a website's IIS ID. - No longer deletes and re-creates websites, but modifies existing websites in place. This may or may not be a breaking change in your environment.
- Added
Install-Msi
Path
parameter now supports wildcards.- Now only installs an MSI if it isn't already installed. To preserve the previous behavior and always install, add the
-Force
switch to allInvoke-WindowsInstaller
`Install-Msi` usages.
Install-Service
- Now supports service startup parameters/arguments via the
ArgumentList
parameter. - Improved error handling and messages. It now uses
net helpmsg
to get helpful error messages based on sc.exe exit codes. - Added
Credential
parameter for increased security and to follow PowerShell guidelines. - Added
Description
parameter for setting a service's description. - Added
DisplayName
parameter for setting a service's display name.
- Now supports service startup parameters/arguments via the
Install-FileShare
(fkaInstall-SmbShare
):- Re-written to use WMI isntead of
net.exe
, so it no longer returns any console output. - Modifies existing shares in place, instead of deleting and re-creating, unless the share's path changes. Changing a share's path requires the old share to be deleted and a new one created.
- Re-written to use WMI isntead of
Install-User
- Added
PasswordExpires
switch for creating accounts with passwords that expire. - Added
UserCannotChangePassword
to prevent user from changing his password.
- Added
Remove-SslCertificateBinding
has better error handling.- Added
SID
parameter toResolve-IdentityName
to resolve a SID into its identity name. Set-HostsEntry's
IPAddress
parameter is now aSystem.Net.IPAddress
object. It used to be a string validated with a regular expression.Set-RegistryKeyValue
:- Added
UDWord
andUQWord
parameters for setting registry key values to unsigned integers (i.e. integer values greater than[int]::MaxValue
and[long]::MaxValue
). Fixes issue #165: Set-RegistryKeyValue rejects unsigned integers larger than [int]::MaxValue. - Deprecated
Quiet
switch. - Only sets the value if the value doesn't exist or the current value is different than the desired value. Use the
Force
parameter to preserve previous behavior.
- Added
Test-Identity
now returns aCarbon.Identity
object if the identity exists and you use the-PassThru
switch. It used to return the identity's SID. Update scripts to use theFullName
property to get the old return value, e.g.Test-Identity -Name $userName -PassThru | Select-Object -Expand 'FullName'
.Test-OSIs32Bit
now uses the Environment class's new Is64BitOperatingSystem property.Test-OSIs64Bit
now uses the Environment class's new Is64BitOperatingSystem property.Test-PowerShellIs32Bit
now uses theEnvironment
class's new Is64BitProcess property.Test-PowerShellIs64Bit
now uses theEnvironment
class's new Is64BitProcess property.Uninstall-ScheduledTask
now retries when un-installing a task fails with "The function attempted to use a name that is reserved for use by another transaction." error.Unprotect-String
- Added
AsSecureString
switch, which will return a secure string instead of a normal string. - The
Password
parameter now acceptsSecureString
values.
- Added
Initialize-Lcm
- Added support for PowerShell 5:
RefreshIntervalMinutes
default value changed to from 15 to 30;RefreshIntervalMinutes
minimum value is now 30;ConfigurationFrequency
's minimum value is now 1 (from 2).
- Added support for PowerShell 5:
- Includes all changes made in version 1.9.0.
- PowerShell 4 is now required. Carbon won't even import under PowerShell 3.
- Removed
Carbon_Script
resource. It only existed so I could pass values to my script blocks. Turns out, the built-inScript
resource supports this with the$using:
scope. Remember, your most important features is documentation! - Created a new
Carbon_ScheduledTask
DSC resource for managing scheduled tasks. - The
Version
property on the objects returned byGet-ProgramInstallInfo
is now a proper .NETVersion
object instead of an integer.
Carbon_Permission
DSC resource fails when assigning multiple permissions- Grant-Permission fails when clearing multiple existing, non-inherited permission on an item.
Set-HostsEntry
fails to preserve whitespace if existing lines end with a comment/description. Thanks to Konstantin Ushenin for the fix.- Carbon's
System.ServiceProcess.ServiceController
extended type data causes errors when PowerShell formatsSystem.ServiceProcess.ServiceController
objects that represent services on remote computers. Install-Msi
didn't properly detect when installation failed.Set-EnvironmentVariable
fails to set process-level environment variable.Compress-Item
doesn't remove handled errors from global error array.Grant-Permission
fails with an unhelpful error message if it is unable to get the ACL on a private key.
Import-Carbon.ps1
is more intelligent about when it tries to re-load Carbon. It will force a re-import of Carbon if any of Carbon's files have changed or the version has changed.- Created
Uninstall-Junction
for uninstalling a junction in an idempotent way (i.e. without errors). Thanks to Konstantin Ushenin for the contribution. - Improved error handling in
Remove-Junction
. Install-Service
:- Now supports service startup parameters/arguments.
- No longer returns
ServiceController
objects by default. This should improve backwards-compatability. Added aPassThru
switch you can use to get aServiceController
object returned to you. - Improved error handling. It now uses
net helpmsg
to get helpful error messages based on sc.exe exit codes. - Improved handling of arguments/services with spaces in them under PowerShell 5.
- Added
Credential
parameter for increased security and to follow PowerShell guidelines. - Now supports setting a service's description and display name.
- Starting the service now respects caller's error action preference. Before,
Start-Service
would write an error even if somone calledInstall-Service
with anIgnore
orSilentlyContinue
error action preference.
- New
Test-TypeDataMember
for testing if a type has an extended type member defined. Install-IisAppPool
no longer returns appcmd.exe output.- Added
PassThru
parameter toInstall-IisAppPool
to control when aMicrosoft.Web.Administration.ApplicationPool
for the installed app pool is returned. Get-ServiceConfiguration
and Carbon's extended type data forSystem.ServiceProcess.ServiceController
objects now supports services from remote computers.Uninstall-ScheduledTask
now retries when un-installing a task fails with "The function attempted to use a name that is reserved for use by another transaction." error.- Added new
FileIndex
,LinkCount
, andVolumeSerialNumber
extended type data onSystem.IO.FileInfo
objects for getting a file's index, its hard link count, and volume serial number, respectively. Grant-Permission
now only returns an access rule object when the newPassThru
switch is used. In previous 2.0 alpha releases, it only returned something when permissions on an object were added or changed.Install-User
only returns a user object when the newPassThru
switch is used. In previous 2.0 alpha releases, it only returned an object if a user was created or updated.Grant-ComPermissions
only returns an access rule object when the newPassThru
switch is used. In previous 2.0 alpha releases, it only returned an object if permissions were changed.Install-IisApplication
only returns an IIS application object when the newPassThru
switch is used. In previous 2.0 alpha releases, it only returned an object if the application was created or modified.- Created
Get-Msi
function for reading MSI information and properties from an MSI file. Carbon.Computer.ProgramInstallInfo
objects (returned fromGet-ProgramInstallInfo
) now haveProductCode
andUser
properties. If a program doesn't have a product code, it is set to[Guid]::Empty
. TheUser
property is only set for per-user software installs.Invoke-WindowsInstaller
renamedInstall-Msi
, with a backwards-compatibility-preserving alias.Install-Msi
now supports wildcards for MSI path to install.Install-Msi
now only installs an MSI if it isn't already installed. To preserve the previous behavior and always install, add the-Force
switch to allInvoke-WindowsInstaller
`Install-Msi` usages.- Added
SiteID
parameter toInstall-IisWebsite
for setting a website's IIS ID. - Put the
Resolve-IdentityName
function back. It was removed from previous alpha releases. Install-IisWebsite
no longer deletes and re-creates websites. This may or may not be a breaking change in your environment.Install-SmbShare
no longer returns net.exe output, instead writing it to the verbose stream. To see previous output, use the-Verbose
switch.- Changed
-PasswordNeverExpires
switch toPasswordExpires
onInstall-User
for improved backwards-compatability. Set-SslCertificateBinding
no longer returns binding objects by default. Use newPassThru
switch to get the old behavior.- The product version of the Carbon assembly now includes pre-release version information, as defined by the Semantic Versioning specification. To get this version, run
Get-Item Carbon.dll | Select-Object -ExpandProperty 'VersionInfo' | Select-Object -ExpandProperty 'ProductVersion'
- The Carbon NuGet package now supports installing and uninstalling using Chocolatey.
- Added
AsSecureString
switch toUnprotect-String
which causesUnprotect-String
to return a secure string instead of a normal string. Unprotect-String
now accepts aSecureString
as the value for thePassword
parameter, which is the password for the private key used to decrypt from password-protected RSA certificate file.- Added
Credential
parameter toInstall-IisAppPool
for increased security and to follow PowerShell guidelines. - Added
Credential
parameter toInstall-User
for increased security and to follow PowerShell guidelines. Install-IisVirtualDirectory
now modifies existing virtual directories in place, instead of deleting and re-creating.Invoke-AppCmd
is now obsolete and will be removed from a future version of Carbon. Switch to Carbon's IIS functions, or useGet-IisConfigurationSection
to getConfigurationElement
objects from theMicrosoft.Web.Administration
API that you can modify.- Added
Description
andDisplayName
properties toCarbon_Service
for setting a service's description and display name. Grant-Permission
now writes an error if you don't have access to a private key. Previously, it would skip the key without any messages.Resolve-Identity
now converts SIDs to aCarbon.Identity
object. The SID may be a string (SID in SDDL form), byte array, or aSecurityIdentifier
object.Get-FileSharePermission
gets the sharing permissions on a file/SMB share (not the NTFS file system permissions).- Created
Get-FileShare
function. It uses WMI to getWin32_Share
objects for the file shares installed on the local computer. - Renamed
Install-SmbShare
toInstall-FileShare
, with a backwards-compatible alias in place. - Added
SID
parameter toResolve-IdentityName
to resolve a SID into its identity name. - Created
ConvertTo-SecurityIdentifer
function to convert a binary, string, orSystem.Security.Principal.SecurityIdentifier
object into aSystem.Security.Principal.SecurityIdentifier
object. Install-FileShare
(fkaInstall-SmbShare
):- Re-written to use WMI isntead of
net.exe
. - Modifies existing shares in place, instead of deleting and re-creating, unless the share's path changes. Changing a share's path requires the old share to be deleted and a new one created.
- Re-written to use WMI isntead of
Carbon_FirewallRule
now fails with an error if it finds multiple firewall rules with the same name.Set-RegistryKeyValue
:- Added
UDWord
andUQWord
parameters for setting registry key values to unsigned integers (i.e. integer values greater than[int]::MaxValue
and[long]::MaxValue
). Fixes issue #165: Set-RegistryKeyValue rejects unsigned integers larger than [int]::MaxValue. - Deprecated
Quiet
switch. - Only sets value if the value is changed. Use the
Force
parameter to preserve previous behavior.
- Added
Uninstall-Service
no longer returns sc.exe stdout.
This is the last minor release for version 1.0. Future 1.0-compatible releases will only contain bug fixes, no new features. It takes too much time to maintain two versions, and I'd rather spend my time getting 2.0 out the door. Carbon 2.0 will require PowerShell 4.0, so start planning.
- Added
KeyStorageFlags
parameter toGet-Certificate
when loading a certificate from a file for better control when storing the certificate.
Set-HostsEntry
now handles writing to an in-use/locked hosts file, retrying up to 10 times before writing an error, waiting a random amount of time (from 0 to 1000 milliseconds) between each retry attempt.
Get-IisMimeMap
,Remove-IisMimeMap
, andSet-IisMimeMap
now support managing MIME types for websites, virtual directories, and applications.
- Created
Get-ScheduledTask
function for getting the scheduled tasks on the local computer usingschtasks.exe
. - Created
Install-ScheduledTask
function for installing a scheduled task usingschtasks.exe
. - Created
Test-ScheduledTask
function for testing if a scheduled tasks on the local computer exists usingschtasks.exe
. - Created
Uninstall-ScheduledTask
function for deleting a scheduled task usingschtasks.exe
.
Install-Service
now supports setting a command to run when a service fails.
Import-Carbon
fails when-WhatIf
switch is used.- Importing Carbon no longer writes an error if the
PATH
environment variable contains a path to a non-existent drive (issue #134).
Set-IniEntry
fails when adding the first section-less setting to a file.
Enable-IEActivationPermission
no longer returns thehkcr:
drive.
- Fixed an error that occurs when setting permissions on a private key fails: the error message is created using an invalid format string (issue #133).
- Fixed an exception that gets thrown when setting a private key's permissions and the only certificate key is AT_SIGNATURE (issue #132).
Install-Service
stops Windows service even when no settings/configuration has changed (fixes issue #131).Install-Service
didn't clear services depended on during a re-install.Install-Service
wasn't restarting a manual service if it was running when configuration began.Uninstall-Service
hard codes the path to the Windows directory (fixes issue #143). Thanks to Travis Mathison for the fix.
- The following functions now write messages with
Write-Verbose
instead ofWrite-Host
. See Write-Host Considered Harmful.Add-GroupMember
Clear-TrustedHost
Convert-XmlFile
Disable-FirewallStatefulFtp
Disable-IEEnhancedSecurityConfiguration
Disable-IisSecurityAuthentication
Disable-NtfsCompression
Enable-FirewallStatefulFtp
Enable-IEActivationPermission
Enable-IisSecurityAuthentication
Enable-NtfsCompression
Grant-ComPermission
Grant-MsmqMessageQueuePermission
Grant-Permission
Grant-ServiceControlPermission
Install-Group
Install-IisApplication
Install-MsmqMessageQueue
Install-PerformanceCounter
Install-RegistryKey
Install-Service
Install-User
Install-WindowsFeature
Invoke-WindowsInstaller
Lock-IisConfigurationSection
New-Junction
Protect-Acl
Remove-IniEntry
Remove-Junction
Remove-SslCertificateBinding
Reset-HostsFile
Reset-MsmqQueueManagerID
Revoke-ComPermission
Revoke-ServicePermission
Set-IisHttpHeader
Set-IisMimeMap
Set-IisWebsiteID
Set-IisWindowsAuthentication
Set-IniEntry
Set-RegistryKeyValue
Set-SslCertificateBinding
Uninstall-IisAppPool
Uninstall-WindowsFeature
Unlock-IisConfigurationSection
- The following internal functions (which we warned you not to use!) are no longer exported:
- Add-IisServerManagerMember
- Get-IdentityPrincipalContext
- Invoke-ConsoleCommand
- ConvertTo-ProviderAccessControlRights
- Assert-WindowsFeatureFunctionsSupported
- Resolve-WindowsFeatureName
- Improving error handling when
Get-Certificate
fails to load a certificate from a file. Install-Certificate
now supports installing with anX509Certificate2
object instead of just a path to a certificate.Remove-SslCertificateBinding
: improved error handling.Set-SslCertificateBinding
: improved error handling.- Improved documentation for
Get-Certificate
. - Added extended script property
StoreName
toX509Store
objects to return the store'sSystem.Security.Cryptography.X509Certificates.StoreName
value. - Added a table view/format for
X509Store
objects. PowerShell's default view is a list, so you'll have to explicitly format the objects as a table, e.g.dir cert:\LocalMachine | Format-Table
. Get-Certificate
'sPath
parameter now supports wildcards and certificate provider paths, e.g.cert:\
.Get-Certificate
now writes an error if a certificate isn't found when getting a certificate by its path.
- Created
Get-ProgramInstallInfo
function to get the information displayed by thePrograms and Features
UI.
Protect-String
can now encrypt strings as a specific user. Use theCredential
parameter.- Created
New-RsaKeyPair
for creating public/private RSA key pair usingmakecert.exe
andpkv2pfx.exe
. Requires that you've installed a Windows SDK. Protect-String
can now encrypt strings using an RSA public key.Unprotect-String
can now decrypt strings using an RSA private key.
Disable-NtfsCompression
: improved error handling.Enable-NtfsCompression
: improved error handling.- Created
Compress-Item
function for compressing files/directories into a ZIP file. - Created
Test-ZipFile
function for testing if a file is a ZIP file. - Created
Expand-Item
function for decompressing a ZIP file. New-TempDirectory
now supports adding a prefix to the temporary directory's name, so you can more easily track down those scripts/processes that don't clean up after themselves.
Disable-FirewallStatefulFtp
: improved error handling.- Added
Name
andLiteralName
parameters toGet-FirewallRule
to return specific rules instead of all of them. Get-FirewallRule
, now returnsCarbon.Firewall.Rule
objects, instead of anonymous hashes.- Added default table format for
Get-FirewallRule
output. Get-FirewallRule
now returns additional rule information: interface type, security, source, description, program, and service. Who knewnetsh advfirewall firewall rule show
had averbose
switch? RTFM.
Remove-IniEntry
now handles case-sensitive INI files.Set-IniEntry
now handles case-sensitive INI files.Split-Ini
now handles case-sensitive INI files.
Invoke-WindowsInstaller
: improved error message if installation fails.
- Creating
Revoke-Permission
function for revoking a user's permission to a file, directory, registry key, or certificate's private key/key container. - Creating
ConvertTo-ContainerInheritanceFlags
function for convertingSystem.Security.AccessControl.InheritanceFlags
andSystem.Security.AccessControl.PropagationFlag
values into aCarbon.Security.ContainerInheritanceFlags
value. Get-Permission
now supports returning the permissions on private keys/key containers.Grant-Permission
now supports granting permissions on private keys//key containers.Test-Permission
now supports testing permissions on certificate private keys/key containers.
- Created
Get-ServiceConfiguration
function for loading a service's configuration: description, account name/username, failure actions, etc. - Added the following extended type data to
System.ServiceController.Service
:- Description
- ErrorControl
- FailureProgram
- FirstFailure
- LoadOrderGroup
- Path
- RebootDelay
- RebootDelayMinutes
- RebootMessage
- ResetPeriod
- ResetPeriodDays
- RestartDelay
- RestartDelayMinutes
- SecondFailure
- StartMode
- StartType
- TagID
- ThirdFailure
- UserName
- Importing Carbon gives an error if
PATH
environment variable contains an empty path. - Improved the error handling in the following functions so they properly catch exceptions and write friendlier errors:
Get-Certificate
Grant-Privilege
Revoke-Privilege
Get-Certificate
couldn't open CA/CertificateAuthority store (fixes issue #130).- Extended script property
DisplayName
onX509Store
objects returning wrong store name for custom stores, now returns an empty string.
Disable-NtfsCompression
now really supports multiple paths.Enable-NtfsCompression
now really supports multiple paths.
Resolve-PathCase
didn't work under Windows 2012 R2.
- The
Carbon.Identity.FindByName
method and theResolve-IdentityName
andTest-Identity
functions now handle identity names with.
for the domain/machine name, e.g..\Administrator
. - The
Carbon.Identity.FullName
property returns the wrong value when domain is empty/null, e.g.Resolve-IdentityName -Name 'Everyone'
returns\Everyone
, when it should returnEveryone
. - The
Carbon.Identity.FindByName
method and theResolve-IdentityName
andTest-Identity
functions unable to resolveLocalSystem
account (which is actuallyNT AUTHORITY\SYSTEM
).
There is now a Carbon support mailing list.
- Import-Carbon.ps1 now supports the
-WhatIf
switch. - Import-Carbon.ps1 now hides verbose log messages when removing/importing Carbon even when supplying the
-Verbose
switch because I think the verbose output is too verbose and not helpful at all. - Import-Carbon.ps1 now supports adding a prefix when importing the Carbon module (with the
Prefix
parameter) to avoid name collisions and follow best practices.
Get-CertificateStore
now supports non-standard, custom certificate stores.Get-Certificate
now supports non-standard, custom certificate stores.Install-Certificate
now supports non-standard, custom certificate stores.Uninstall-Certificate
now supports non-standard, custom certificate stores.
- No more silent errors when importing Carbon on Windows 2012 R2.
Get-Certificate
no longer writes a silent error when a certificate does not exist. Instead, no error is written.
Install-Junction
fails when target path is hidden.Test-NtfsCompression
fails when file/directory is hidden.Test-PathIsJunction
fails when tested directory is hidden.
Grant-Permission
fails when item is hidden.Grant-Permission
doesn't handle non-existent paths, causing cascading errors.Test-Permission
always returns$false
when testing leaf-level permissions and theApplyTo
parameter is provided, i.e. it doesn't ignore inheritance/propagation flags on leaves.
Get-Certificate
fails when passed a relative path.Install-Certificate
fails when passed a relative path.
Remove-Junction
doesn't delete a junction when given a relative path to the junction.
Install-Service
doesn't properly resolve a service's path.
- Fixed
Install-SmbShare
example to use correct syntax. #111.
- Created
Remove-HostsEntry
function for removing hostnames from a hosts file.
- Created
Join-IisVirtualPath
for joining paths used by the IIS APIs. - Renamed all IIS
Path
parameters which represented virtual paths toVirtualPath
(with backwards-compatible aliases):Disable-IisSecurityAuthentication
Enable-IisDirectoryBrowsing
Enable-IisSecurityAuthentication
Enable-IisSsl
Get-IisApplication
Get-IisConfigurationSection
Get-IisHttpHeader
Get-IisHttpRedirect
Get-IisMimeMap
Get-IisSecurityAuthentication
Set-IisHttpHeader
Set-IisHttpRedirect
Set-IisWindowsAuthentication
Test-IisConfigurationSection
Test-IisSecurityAuthentication
- Renamed
Get-IisWebsite
'sSiteName
parameter toName
(with a backwards-compatible alias). - Renamed all IIS
Name
parameters which represented virtual paths toVirtualPath
(with backwards-compatible aliases):Install-IisApplication
Install-IisVirtualDirectory
- Renamed all IIS
Path
parameters which represented physical paths toPhysicalPath
(with backwards-compatible aliases):Install-IisApplication
Install-IisVirtualDirectory
Install-IisWebsite
- Created
Test-DotNet
for testing if v2 or v4 of the .NET framework is installed.
- Created
Get-PathProvider
function for getting a path's PowerShell provider.
- Updated
Invoke-PowerShell
to test if the appropriate .NET framework is installed if the user chooses an explicit runtime to use.
- Created
Test-Permission
function for checking if a user/group has a set of permissions and, optionally, a set of inheritance and propagation flags on a file, directory, or registry key. Test-Permission
now automatically includes theSynchronize
permission when checking for exact permissions, since this permission is always on and can never be removed from a file/directory.
Install-Service
no longer requires a password, in order to support managed service accounts and virtual accounts. We have no idea if this works, since we can't test locally. Please let us know if this fix works for you. #114
- Updated
Install-User
to support passwords longer than 14 characters. Thanks to James Crowley for the fix.
- Marked Assert-WindowsFeatureFunctionsSupported as an internal function. Please don't use. It will be removed from future versions of PowerShell.
- Updated
Test-WindowsFeature
to work on Windows 8/2012. - Created new
Carbon.Identity
class for representing identities. It also contains a staticFindByName
method which uses The WindowsLookupAccountName
function to find full account names, domains, and sids. - Updated
Test-Identity
to use[Carbon.Identity]::FindByName
to find identities so it no longer throws exceptions when an identity can't be found. - Updated
Resolve-IdentityName
to use[Carbon.Identity]::FindByName
to find identities so it no longer throws exceptions when an identity can't be found.
Set-IisWebsiteID
wasn't consistently starting a website after changing its ID.
Install-SmbShare
has an unused variable which uses an undefined variable to create its value. When running in strict mode, PowerShell writes an error about using the undefined variable. Removed the unused variable.
Set-IisWebsiteID
now attempts to start a website whose ID has changed, since IIS stops a website whenever its ID changes.
- Added
Get-IPAddress
function for getting the IPv4/IPv6 addresses currently in use on the local computer's network interfaces. - Added
Test-IPAddress
function for testing if an IP address is in use on one the local computer's network interfaces.
- Added
Test-UncPath
function for testing if a path is a UNC or not.
Invoke-PowerShell
now runs script blocks in PowerShell 3 under a v2.0 CLR.
Install-SmbShare
now creates the share's directory if it doesn't exist.
Get-Certificate
throws an exception and halts script execution when loading a certificate file with a private key and the user doesn't have permission to write to Windows' MachineKeys directory. It now writes an error instead.
Invoke-PowerShell
doesn't run under a v2.0 CLR when using parameters-Runtime 'v2.0'
.
- Created
Install-Junction
function for creating new and/or updating existing junctions. This is a more idempotent way of creating junctions, as opposed toNew-Junction
andRemove-Junction
which report errors if a junction already exists or doesn't exist, respectively.
- Objects returned by
Get-IisWebsite
now have a dynamicPhysicalPath
script property, so you don't have to traverse down into the default application's default virtual directory object to get it. Install-IisApplication
,Install-IisWebsite
, andInstall-IisVirtualDirectory
now canonicalize physical paths, i.e. they convert any path with a relative part (e.g. '..') to a full path. It turns out IIS doesn't like paths with relative parts.- Created
Get-IisApplication
function to getMicrosoft.Web.Administration.Application
objects for all or specific applications under a website. Install-IisApplication
now uses theMicrosoft.Web.Administration
API instead ofappcmd.exe
.
- Added
ExecutionPolicy
parameter toInvoke-PowerShell
to allow setting a custom exeuction policy when usingInvoke-PowerShell
to run a script.
Install-IisApplication
not updating/changing physical path on existing application.
Set-DotNetAppSetting
andSet-DotNetConnectionString
failed if setting .NET configuration under an architecture where the PowerShell execution policy doesn't allow running scripts.
Invoke-PowerShell
now supports running an external script.- Added
OutputFormat
argument toInvoke-PowerShell
so your scripts/script blocks can return XML results instead of plain text. - Renamed
Invoke-PowerShell
'sArgs
parameter toArgumentList
(with backwards compatibileArgs
alias). - Renamed
Invoke-PowerShell
'sCommand
parameter toScriptBlock
(with backwards-compatibleCommand
alias). Invoke-PowerShell
now runs 64-bit PowerShell from 32-bit PowerShell.Get-PowerShellPath
now returns path for 64-bit PowerShell when running 32-bit PowerShell.
- Created new
ConvertTo-Base64
function for encoding strings in base-64. - Created new
ConvertFrom-Base64
function for decoding base-64 strings.
Set-DotNetAppSetting
andSet-DotNetConnectionString
weren't able to set .NET 2.0 app settings and connections string when running under PowerShell 3.
- Carbon should now work under PowerShell v3.0!
- Added support for IPv6 addresses to
Get-SslCertificateBinding
,Remove-SslCertificateBinding
, andSet-SslCertificateBinding
.
- Added
ProviderName
parameter toSet-DotNetConnectionString
for setting a connection string'sproviderName
attribute/value.
- Created
Disable-NtfsCompression
function for disabling NTFS compression on files/directories. - Created
Enable-NtfsCompression
function for enabling NTFS compression on files/directories. - Created
Test-NtfsCompression
function for testing if NTFS compression is enabled on a file/directory.
- The site object returned by
Get-IisWebsite
now as aCommitChanges
method so you can persist modifications you make to the site. Get-IisWebsite
now returns all websites if noSiteName
is given.- Created
Set-IisWebsiteID
function for explicitly setting a website's ID.
- Created
Remove-IniEntry
function for removing entries/settings from an INI file.
Install-PerformanceCounter
now supports installing a base performance counter. Thanks to Philip Teilmeier for the contribution.Install-PerformanceCounter
'sDescription
parameter is now optional.
Invoke-PowerShell
now defaults to running under the current CLR, instead of defaulting to a v2.0 CLR. This makes upgrading to PowerShell v3.0 easier.Invoke-PowerShell
now writes an error and returns if running PowerShell v3.0 and you want to run under a v2.0 CLR. Unfortunately, PowerShell v3.0 requires .NET 4.0, so you can't run anything on an earlier CLR.
Revoke-Privilege
now supports case-insensitive privilege names.- Updated
Grant-Privilege
to better handle when passing a privilege name with the wrong case. - Updated
Grant-Privilege
documentation to make it clear privilege names are case-sensitive.
- New
Convert-XmlFile
, for transforming an XML file with Microsoft's XDT (XML Data Transformation) technology. Thanks to Mark Sargent for the contribution.
- Deleted the obsolete variable
$CarbonImported
. Carbon no longer exports any of its variables.
Get-SslCertificateBinding
can't parse bindings to IPv6 addresses.
Install-PerformanceCounter
couldn't be used to create counters that used/required a base counter. Thanks to Philip Teilmeier for the contribution.
- On Windows 2008 R2, custom identies that run IIS app pools need the
SeBatchLogonRight
.Install-IisAppPool
now grants this privilege on all operating systems. If this won't work in your environment, you can remove these privileges withRevoke-Privilege
.
- Fixed some typos and ommissions in the v0.5.0.1 and v0.5.0.0 sections of the release notes.
- Updated
Import-Carbon.ps1
script to import Carbon regardless of the name of the directory Carbon is installed in.
- Added
IssuedTo
andIssuedBy
properties to X509Certificate2 objects. The values match what the Certificates MMC snap-in displays. - Added
DisplayName
property to X509Store objects, to show the names of the stores as they are displayed in the Certificates MMC snap-in.
- Created
Resolve-NetPath
for getting the path to the Windowsnet.exe
command/application. Updated all functions that callnet.exe
to use this function to resolve its path. Thanks to Paul Aage Aasheim for discovering that when running login scripts,net.exe
isn't in the path.
- Created
Get-IisHttpHeader
for getting the custom HTTP headers for a website or one of its sub-directories. - Created
Set-IisHttpHeader
for creating/setting a custom HTTP header for a website or one of its sub-directories. - Created
Get-IisMimeMap
for getting the file extension to MIME type mappings for the IIS web server. - Created
Remove-IisMimeMap
for removing a file extension to MIME type mapping for the IIS web server. - Created
Set-IisMimeMap
for creating/setting a file extension to MIME type mapping for the IIS web server. - When creating an app pool that runs under a custom, non-service account,
Install-IisAppPool
grants that user theSeBatchLogonRight
. Install-IisAppPool
writes an error if its user account doesn't exist (i.e. if the value of theUsername
parameter doesn't exist).
- Improved exception handling in
Grant-Privilege
andRevoke-Privilege
. Grant-Privilege
andRevoke-Privilege
now write an error message if an identity doesn't exist.
Install-SmbShare
can't findnet.exe
when running as part of a Windows logon script. Thanks to Paul Aage Aasheim for identifying and reporting this bug. All usages of thenet.exe
application were updated to use the newResolve-NetPath
function, which get the path tonet.exe
without assuming it is in the user'sPATH
environment variable.
Test-Identity
no longer writes an error if it can't find a fully-qualified local user, e.g.$env:COMPUTERNAME\Username
.
- Remove the
Quiet
parameter from calls to theImport-Carbon.ps1
script. - If you're nesting Carbon as a sub-module of another module, STOP. This causes havoc. Create an
Import-*.ps1
script for your module which imports Carbon before importing your own module. Update your scripts to import your module with your fancy newImport-*.ps1
script. See Best Practices for Importing PowerShell Modules for details.
- The
Import-Carbon.ps1
script no longer checks if Carbon is a sub-module of another module, so theQuiet
parameter was removed. Please don't nest Carbon in your modules! It will cause havoc. Import-Carbon.ps1
will no longer stop execution if an error occurs during an import (i.e. the$ErrorActionPreference = 'Stop'
line was removed).
- Added
Test-IisWebsiteExists
alias forTest-IisWebsite
, for backwards-compatibility with earlier releases.
- Added
Unprotect-AclAccessRules
alias forProtect-Acl
, for backwards-compatibility with earlier releases. - Added rename of
Unprotect-AclAccessRules
toProtect-Acl
to v0.5.0.0 section of release notes.
- Renamed
Install-Service
'sDependencies
parameter toDependency
(with backwards-compatible alias), to follow PowerShell naming standards.
Install-User
: you can now set a user's full name with the optionalFullName
parameter.
Grant-Permission
returns boolean values to the pipeline when clearing access rules.
Install-Service
fails ifDependency
parameter doesn't have a value. Sometimes.
Install-SmbShare
fails if a principal name contains a space.
Add-GroupMember
doesn't handle when the .NET Active Directory throws an exception when adding members to a group, causing script termination.
- Renamed
Format-ADSpecialCharacters
toFormat-ADSearchFilterValue
, with backwards-compatible alias.
- Renamed
Get-SslCertificateBindings
toGet-SslCertificateBinding
, with backwards-compatible alias. - Added
Remove-Certificate
alias forUninstall-Certificate
, for backwards-compatibility with earlier releases.
- Renamed
Get-ComPermissions
toGet-ComPermission
, with backwards-compatible alias. - Renamed
Grant-ComPermissions
toGrant-ComPermission
, with backwards-compatible alias. - Renamed
Revoke-ComPermissions
toRevoke-ComPermission
, with backwards-compatible alias.
- Renamed
Get-FirewallRules
toGet-FirewallRule
, with backwards-compatible alias.
- Renamed
Add-IisServerManagerMembers
toAdd-IisServerManagerMembers
, with backwards-compatible alias. - Added
StatusCode
alias forSet-IisHttpRedirect's
HttpResponseStatus
parameter, for backwards-compatibility with earlier releases. - Added
Test-IisAppPoolExists
alias forTest-IisAppPool
, for backwards-compatibility with earlier releases. - Added
Remove-IisWebsite
alias forUninstall-IisWebsite
, for backwards-compatibility with earlier releases.
- Renamed
Enable-IEActivationPermissions
toEnable-IEActivationPermission
, with backwards-compatible alias.
- Renamed
Grant-MsmqMessageQueuePermissions
toGrant-MsmqMessageQueuePermission
, with backwards-compatible alias. - Added
Remove-MsmqMessageQueue
alias forUninstall-MsmqMessageQueue
, for backwards-compatibility with earlier releases.
- Added
ConvertTo-FullPath
alias forResolve-FullPath
, for backwards-compatibility with earlier releases. - Added
Get-PathCanonicalCase
alias forResolve-PathCase
, for backwards-compatibility with earlier releases.
- Renamed
Get-PerformanceCounters
toGet-PerformanceCounter
, with backwards-compatible alias.
- Renamed
Add-TrustedHosts
toAdd-TrustedHost
, with backwards-compatible alias. - Renamed
Add-TrustedHost
'sEntries
parameter toEntry
, with backwards-compatible alias. - Renamed
Clear-TrustedHosts
toClear-TrustedHost
, with backwards-compatible alias. - Renamed
Complete-Jobs
toComplete-Job
, with backwards-compatible alias. - Renamed
Complete-Job
'sJobs
parameter toJob
, with backwards-compatible alias. - Renamed
Get-TrustedHosts
toGet-TrustedHost
, with backwards-compatible alias. - Renamed
Set-TrustedHosts
toSet-TrustedHost
, with backwards-compatible alias. - Renamed
Set-TrustedHost
'sEntries
parameter toEntry
, with backwards-compatible alias.
- Renamed
Assert-AdminPrivileges
toAssert-AdminPrivilege
, with backwards-compatible alias. - Renamed
ConvertTo-InheritanceFlags
toConvertTo-InheritanceFlag
, with backwards-compatible alias. - Renamed
ConvertTo-InheritanceFlag
'sContainerInheritanceFlags
parameter toConvertTo-InheritanceFlag
, with backwards-compatible alias. - Renamed
ConvertTo-PropagationFlags
toConvertTo-PropagationFlag
, with backwards-compatible alias. - Renamed
ConvertTo-PropagationFlag
'sContainerInheritanceFlags
parameter toConvertTo-InheritanceFlag
, with backwards-compatible alias. - Renamed
Get-Permissions
toGet-Permission
, with backwards-compatible alias. - Renamed
Grant-Permissions
toGrant-Permission
, with backwards-compatible alias. - Renamed
Grant-Permission
'sPermissions
parameter toPermission
, with backwards-compatible alias. - Renamed
Test-AdminPrivileges
toTest-AdminPrivilege
, with backwards-compatible alias.
- Renamed
Get-ServicePermissions
toGet-ServicePermission
, with backwards-compatible alias. - Added
Remove-Service
alias forUninstall-Service
, for backwards-compatibility with earlier releases.
- Renamed
Add-GroupMembers
toAdd-GroupMember
, with backwards-compatible alias. - Renamed
Add-GroupMember
'sMembers
parameter toMember
. - Added
Remove-User
alias forUninstall-User
, for backwards-compatibility with earlier releases.
- Added
Install-WindowsFeatures
alias forInstall-WindowsFeature
, for backwards-compatibility with earlier releases. - Added
Features
alias forInstall-WindowsFeature's
Name
parameter, for backwards-compatibility with earlier releases. - Added
Uninstall-WindowsFeatures
alias forUninstall-WindowsFeature
, for backwards-compatibility with earlier releases. - Added
Features
alias forUninstall-WindowsFeature's
Name
parameter, for backwards-compatibility with earlier releases.
This release contains many backwards incompatible changes. We apologize for this inconvenience. We are making these changes so we can get ready for the v1.0 release. One of our goals for v1.0 is to get the functions and their interfaces internally consistent and consistent with PowerShell naming schemes. Once v1.0 is out the door, backwards-incompatible changes will be phased in as much as possible.
Take the following steps to get your scripts to work with this release.
Replaces usages of:
Get-SslCertificateBindings
withGet-SslCertificateBinding
Get-SslCertificateBinding -IPPort '0.0.0.0:443'
withGet-SslCertificateBinding
Get-SslCertificateBinding -IPPort '10.1.1.1:8001
withGet-SslCertificateBinding -IPAddress '10.1.1.1' -Port 8001
Test-SslCertificateBinding -IPPort '0.0.0.0:443
withTest-SslCertificateBinding
Test-SslCertificateBinding -IPPort '10.1.1.1:8001
withTest-SslCertificateBinding -IPAddress '10.1.1.1' -Port 8001
Set-SslCertificateBinding -IPPort '0.0.0.0:443
withSet-SslCertificateBinding
Set-SslCertificateBinding -IPort '1.2.3.4:8001
withSet-SslCertificateBinding -IPAddress '1.2.3.4' -Port 8001
Remove-SslCertificateBinding -IPPort '0.0.0.0:443
withRemove-SslCertificateBinding
Remove-SslCertificateBinding -IPPort '10.1.1.1:8001
withRemove-SslCertificateBinding -IPAddress '10.1.1.1' -Port 8001
Replace usages of
Set-EnvironmentVariable -Scope 'Process'
withSet-EnvironmentVariable -ForProcess
Set-EnvironmentVariable -Scope 'User'
withSet-EnvironmentVariable -ForUser
Set-EnvironmentVariable -Scope 'ForComputer'
withSet-EnvironmentVariable -ForComputer
Remove-EnvironmentVariable -Scope 'Process'
withRemove-EnvironmentVariable -ForProcess
Remove-EnvironmentVariable -Scope 'User'
withRemove-EnvironmentVariable -ForUser
Remove-EnvironmentVariable -Scope 'ForComputer'
withRemove-EnvironmentVariable -ForComputer
Protect-String -Scope CurrentUser
withProtect-String -ForUser
Protect-String -Scope LocalMachine
withProtect-String -ForComputer
- Renamed the
StatusCode
property on the object returned byGet-IisHttpRedirect
toHttpResponseStatus
. Update usages accordingly. - The
Bindings
property returned byGet-IisWebsite
is now a collection ofMicrosoft.Web.Administration.Binding
objects. Update usages of$site.Bindings[$idx].IPAddress
and$site.Bindings[$idx].Port
to$site.Bindings[$idx].Endpoint.Address
and$site.Bindings[$idx].Endpoint.Port
, respectively.
Replace usages of:
Set-IisAnonymousAuthentication
withEnable-IisSecurityAuthentication -Anonymous
Set-IisAnonymousAuthentication -Disabled
withDisable-IisSecurityAuthentication -Anonymous
Set-IisBasicAuthentication
withEnable-IisSecurityAuthentication -Basic
Set-IisBasicAuthentication -Disabled
withDisable-IisSecurityAuthentication -Basic
Set-IisWindowsAuthentication
withEnable-IisSecurityAuthentication -Windows
andSet-IisWindowsAuthentication -DisableKernelMode
Set-IisWindowsAuthentication -UseKernelMode
withSet-IisWindowsAuthentication
Set-IisWindowsAuthentication -Disabled
withDisable-IisSecurityAuthentication -Windows
Unlock-IisConfigSection -Name <string>
withUnlock-IisConfigurationSection -SectionPath <string>
(runappcmd.exe lock config -section:?
for values to the newSectionPath
parameter)Unlock-IisBasicAuthentication
withUnlock-IisConfigurationSection -SectionPath 'system.webServer/security/authentication/basicAuthentication'
Unlock-IisCgi
withUnlock-IisConfigurationSection -SectionPath 'system.webServer/cgi'
Unlock-IisWindowsAuthentication
withUnlock-IisConfigurationSection -SectionPath 'system.webServer/security/authentication/windowsAuthentication'
Replace usages of:
Split-Ini -Path <string>
withSplit-Ini -Path <string> -AsHashtable
(hashtable is no longer returned by default)Split-Ini -Path <string> -PassThru
withSplit-Ini -Path <string>
(per-line objects are now returned by default)
Replace usages of
Get-PathRelativeTo -To <string> -From <string>'
withResolve-RelativePath -Path <string> -FromDirectory <string>
Get-PathRelativeTo -To <string> -From <string> -FromType 'File'
withResolve-RelativePath -Path <string> -FromFile <string>
Get-PerformanceCounters
no longer returns an empty list if there are zero counters or a single element list if there is one counter. It now returnsnull
and a single object, respectively. Update usages accordingly.
Get-TrustedHosts
no longer returns an empty list if there are no trusted hosts. It now return nothing/null
. Update usages accordingly.
Assert-AdminPrivileges
now returnsTrue
orFalse
if the user doesn't have admin privileges. It also no longer throws an exception, but writes an error. If you want to preserve current behavior where it stops script execution, replace usages withAssert-AdminPrivileges -ErrorAction Stop
.
Replace usages of:
Install-Share -Permissions '"ShareAdmins,FULL"','"ShareWriters,CHANGE"','"ShareReaders,READ"'
withInstall-SmbShare -FullAccess ShareAdmins -ChangeAccess ShareWriters -ReadAccess ShareReaders
.
Replace usages of:
Test-WindowsFeature
withTest-WindowsFeature -Installed
Install-WindowsFeatureIis
withInstall-WindowsFeature -Iis
Install-WindowsFeatureIis -HttpRedirection
withInstall-WindowsFeature -Iis -IisHttpRedirection
Install-WindowsFeatureMsmq
withInstall-WindowsFeature -Msmq
Install-WindowsFeatureMsmq -HttpSupport
withInstall-WindowsFeature -Msmq -MsmqHttpSupport
Install-WindowsFeatureMsmq -ActiveDirectoryIntegration
withInstall-WindowsFeature -MsmqActiveDirectoryIntegration
- Created
Get-IisConfigurationSection
function for getting a site's (and optional sub-directory's) Microsoft.Web.Administration.ConfigurationSection objects for an arbitrary IIS configuration section. - Created
Get-IisSecurityAuthentication
function for getting a site's (and optional sub-directory's) anonymous, basic, digest, or Windows authentication configuration section. - Created
Test-IisSecurityAuthentication
function for testing if anonymous, basic, digest, or Windows authentication is enabled for a website (and optional sub-directory). - Created
Get-IisConfigurationSection
function for returning an arbitrary IIS configuration section using the Microsoft.Web.Administration API. - Created
Lock-IisConfigurationSection
function for locking arbitrary global IIS configuration sections. - Created
Test-IisConfigurationSection
function for testing if an configuration section exists or is locked or not. - Created function
Get-IisAppPool
for getting aMicrosoft.Web.Administration.AppPool
object for an application pool. - Created function
Uninstall-IisAppPool
for removing an IIS application pool.
- Created new
Get-WindowsFeature
function for getting a list of available Windows features.
Install-Service
not granting default service identity, Network Service, the correct permissions.Install-Service
not correctly resolving local identity account names.
- Moved functionality of
Get-SslCertificateBinding
intoGet-SslCertificateBindings
. Can now filter byIPAddress
and/orPort
. Get-SslCertificateBindings
now returnsCarbon.Certificates.SslCertificateBinding
objects. All information displayed by thenetsh http show sslcert
command is returned as part of those objects.Get-SslCertificateBindings
now supports filtering byIPAddress
andPort
separately, instead of requiring both. The oldIPPort
parameter is replaced withIPAddress
andPort
parameters.Test-SslCertificateBinding
now supports testig byIPAddress
andPort
separately, instead of requiring both. The oldIPPort
parameter is replaced withIPAddress
andPort
parameters.- Replaced
IPPort
parameter onGet-SslCertificateBinding
with separateIPAddress
andPort
parameters onGet-SslCertificateBindings
. SetIPAddress
only if you want to bind to a specific IP address (i.e. not 0.0.0.0). SetPort
if not binding to port 443. - Replaced
IPPort
parameter onRemove-SslCertificateBinding
with separateIPAddress
andPort
parameters. SetIPAddress
only if you want to remove a binding for a specific IP address (i.e. not 0.0.0.0). SetPort
if the binding is not on port 443. - Renamed
Remove-Certificate
toUninstall-Certificate
(added backwards-compatible alias in v0.5.0.1).
- Replaced the
Scope
parameter onSet-EnvironmentVariable
andRemove-EnvironmentVariable
with scope-specificForProcess
,ForUser
, andForComputer
switches.
- Replaced
Protect-String
'sScope
parameteter with theForUser
orForComputer
scope-specific switches.
Set-HostsEntry
no longer throws an exception if the hosts file contains an invalid line. Instead, a warning is written and the line is commented out.
Split-Ini
now returns strongly-typedCarbon.Ini.IniNode
objects instead of hashtables.- The line numbers returned by
Split-Ini
start at 1 instead of 0. Split-Ini
now returns name/value objects by default (thePassThru
switch is no longer needed for this behaviro). This makes it more PowerShell-y. The old behavior of returning aHashtable
is available be using the newAsHashtable
switch.
- Replaced
Set-IisAnonymousAuthentication
withEnable-IisSecurityAuthentication
andDisable-IisSecurityAuthentication
. - Replaced
Set-IisBasicAuthentication
withEnable-IisSecurityAuthentication
andDisable-IisSecurityAuthentication
. - Moved code to enable/disable Windows authentication from
Set-IisWindowsAuthentication
toEnable-IisSecurityAuthentication
andDisable-IisSecurityAuthentication
. - Switched the default behavior of
Set-IisWindowsAuthentication
to enable kernel mode. To disable kernel mode, use theDisableKernelMode
switch. - Renamed
Unlock-IisConfigSection
toUnlock-IisConfigurationSection
. - Removed
Unlock-IisConfigurationSection
'sName
parameter and replaced it withSectionPath
, which takes a list of full path to the configuration section(s) to unlock. - Removed
Unlock-IisBasicAuthentication
in favor ofUnlock-IisConfigurationSection -SectionPath 'system.webServer/security/authentication/basicAuthentication'
. - Removed
Unlock-IisCgi
in favor ofUnlock-IisConfigurationSection -SectionPath 'system.webServer/cgi'
. - Removed
Unlock-IisWindowsAuthentication
in favor ofUnlock-IisConfigurationSection -SectionPath 'system.webServer/security/authentication/windowsAuthentication'
. - Renamed
Remove-Service
toUninstall-Service
(added backwards-compatible alias in v0.5.0.1). Install-Service
writes errors instead of throwing exceptions.Install-Service
grantsReadAndExecute
file system permissions on the service executable to the service identity instead ofFullControl
.- Improved
Install-Service
'sWhatIf
support. - Renamed
Test-IisAppPoolExists
toTest-IisAppPool
(added backwards-compatible alias in v0.5.0.1). - Renamed
Remove-IisWebsite
withUninstall-IisWebsite
(added backwards-compatible alias in v0.5.0.1). Install-IisAppPool
now always sets the application pool to run as the system's default application pool identity if theServiceAccount
parameter isn't given.Install-IisAppPool
now starts an IIS application pool if it is stoppped.Get-IisHttpRedirect
now returns aCarbon.Iis.HttpRedirectConfigurationSection
object. TheStatusCode
property on the old object is now namedHttpResponseStatus
.- Renamed the
StatusCode
parameter onSet-IisHttpRedirect
toHttpResponseStatus
(added backwards-compatible alias in v0.5.0.1). Get-IisWebsite
now returns aMicrosoft.Web.Administration.Site
object.
- Renamed
Remove-MsmqMessageQueue
toUninstall-MsmqMessageQueue
(added backwards compatible alias in v0.5.0.1).
- Renamed
Get-PathRelativeTo
toResolve-RelativePath
. Renamed itsTo
parameter toPath
, and moved it to position 0. Replaced/combined theFrom
andFromType
parameters withFromDirectory
andFromFile
parameters. - Renamed
ConvertTo-FullPath
toResolve-FullPath
(added backwards-compatible alias in v0.5.0.1). Added support for converting unrooted paths using the current location. - Renamed
Get-PathCanonicalCase
withResolve-PathCase
(added backwards-compatible alias in v0.5.0.1). Added support for piping inGet-Item
andGet-ChildItem
output, e.g.Get-Item C:\WINDOWS | Resolve-PathCase
returns C:\Windows.
Get-PerformanceCounters
now returns nothing/null
or a single object instead of an empty/single element array when there are no or one performance counters.Install-PerformanceCounter
no longer re-installs a counter if a counter with its name, description, and type already exist.
Get-TrustedHosts
now returns nothing/null
if there are no trusted hosts. (It used to return an empty array.)
Assert-AdminPrivileges
no longer throws an exception if the user doesn't have administrative privileges. Instead, it writes an error and returnsFalse
. It returnsTrue
if the user has privileges.- Renamed
Unprotect-AclAccessRules
toProtect-Acl
(added backwards-compatible alias in v1.0.0).
- Replaced the
Permissions
parameter onInstall-SmbShare
withFullAccess
,ChangeAccess
, andReadAccess
parameters. Previously, to set share permissions, you passed in specially-formatted values to thePermission
parameter, e.g."MyGroup,FULL","MyOtherGroup,READ"
. Now, just pass a list of identity name(s) to theFullAccess
,ChangeAccess
, orReadAccess
parameters to grant those identies full, change, or read access, e.g.-FullAccess MyGroup -ReadAccess MyOtherGroup
.
- Renamed
Remove-User
toUninstall-User
(added backwards-compatible alias in v0.5.0.1).
Test-WindowsFeature
now tests if a Windows feature exists, instead of if it is installed. Added anInstalled
switch to detect if a feature exists and if it is installed.- Renamed
Install-WindowsFeatures
toInstall-WindowsFeature
(added backwards-compatible alias in v0.5.0.1). - Renamed
Install-WindowsFeature
'sFeatures
parameter toName
(added backwards-compatible alias in v0.5.0.1). - Removed
Install-WindowsFeatureIis
and replaced withIis
andIisHttpRedirection
switches onInstall-WindowsFeature
. - Removed
Install-WindowsFeatureMsmq
and replaced withMsmq
,MsmqHttpSupport
, andMsmqActiveDirectoryIntegration
switches onInstall-WindowsFeature
. - Renamed
Uninstall-WindowsFeatures
toUninstall-WindowsFeature
(added backwards-compatible alias in v0.5.0.1). - Renamed
Uninstall-WindowsFeature
'sFeatures
parameter toName
(added backwards-compatible alias in v0.5.0.1). - Added
Iis
,IisHttpRedirection
,Msmq
,MsmqHttpSupport
, andHttpActiveDirectoryIntegration
switches toUninstall-WindowsFeature
. Install-WindowsFeature
,Test-WindowsFeature
, andUninstall-WindowsFeature
are now available even if the current operating system doesn't support managing Windows features. They don't do anything in those situations, but they exist.Install-WindowsFeature
,Test-WindowsFeature
, andUninstall-WindowsFeature
are not available if the PowerShell v3.0 server manager cmdlets exists (on Windows 8/2012).
- Replaced all instances where functions were throwing exceptions with
Write-Error
. - The Carbon assembly is now versioned and signed.
Enable-IisSsl
not setting SSL flags correctly when requiring client certificates.
- If you install a manual or disabled Windows service with
Install-Service
, you now have to callStart-Service
yourself.Install-Service
only starts services whose startup type is set toAutomatic
(which is the default). - We've stopped distributing Microsoft's
subinacl.exe
program. We didn't have permission to distribute. Plus its no longer supported. If any of your scripts usedInvoke-SubInAcl
, you'll want to downloadsubinacl.exe
yourself and copyInvoke-SubInAcl
before upgrading (you can find it in the Carbon directory in theServices.ps1
file. - If you're using
Grant-Permission
without named parameters, thePath
parameter moved from position 3 to position 1. Re-order your parameters accordingly. - Rename usages of
Set-IisDirectoryBrowsing
toEnable-IisDirectoryBrowsing
. If you use named parameters, rename itsDirectory
paremter toPath
. - Replace usages of
Set-HgrcDefaultPushUrl
withSet-IniEntry
instead, e.g.Set-IniEntry -Path 'Path\to\repo\.hg\hgrc' -Section paths -Name 'default.push' -Value 'DefaultPushUrl'
- Rename usages of
Get-FullPath
withConvertTo-FullPath
.
- Created
Get-Privileges
,Grant-Privilege
,Revoke-Privilege
, andTest-Privilege
for managing an identity's security operation privileges. Install-Service
now usesGrant-Privilege
to grant custom service identities theSeServiceLogonRight
privilege. This replaces usage of Microsoft's legacy ntrights.exe, which we probably didn't have permission to distribute.- Created
Get-ServicePermissions
function for getting the permissions for a service, i.e. what users can control a service. - Created
Assert-Service
function to write an error if a service doesn't exist. - Created
Get-ServiceAcl
function to get the discretionary access control list (DACL) for a service. - Created
Get-ServiceSecurityDescriptor
function to get the raw security descriptor for a service. - Created
Grant-ServicePermission
function to grant service control permissions to an identity. - Created
Revoke-ServicePermission
function to revoke all of an identity's permissioms to control a service. - Created
Set-ServiceAcl
function to set a service's discretionary access control list (DACL). - Created
Test-Service
function to check if a service exists without writing an error. - Removed
Invoke-SubInAcl
function and thesubinacl.exe
program. Use theGrant-ServicePermission
andRevoke-ServicePermission
functions instead. If you still needsubinacl.exe
, please download it from Microsoft. Grant-Permissions
now supports controlling inheritance and propagation flags via theApplyTo
parameter, which should be a value of the newCarbon.Security.ContainerInheritanceFlags
enumeration, which encapsualtes all the valid combinations of inheritance/propagation flags. See the help forGrant-Permissions
for more information. Thanks to Jonathan Valdez for the feature request and initial code.- Created
ConvertTo-InheritanceFlags
function for converting aCarbon.Security.ContainerInheritanceFlags
to the necessary/applicableSystem.Security.AccessControl.InheritanceFlags
. - Created
ConvertTo-PropagationFlags
function for converting aCarbon.Security.ContainerInheritanceFlags
to the necessary/applicableSystem.Security.AccessControl.PropagationFlags
. - Created
Get-Permissions
function for getting the non-inherited permissions on a file, directory, registry key, or registry value with the ability to return a specific identity's permissions and/or inherited permissions. - Renamed
Set-IisDirectoryBrowsing
toEnable-IisDirectoryBrowsing
and renamed itsDirectory
parameter toPath
. - Removed
Set-HgrcDefaultPushUrl
. UseSet-IniEntry
instead. - Renamed
Test-IisWebsiteExists
toTest-IisWebsite
to adhere to PowerShell naming conventions (added backwards-compatible alias in v1.0.0). - Renamed
Get-FullPath
toConvertTo-FullPath
to adhere to PowerShell naming conventions.
Install-Service
no longer tries to start a service if itsStartupType
is set toManual
orDisabled
.Path
is now the first parameter toGrant-Permissions
(it was the third) to match PowerShell standards/patterns.Find-ADUser
writes an error and returns null instead of throwing an exception.
- Improved
Disable-IEEnhancedSecurityConfiguration
andEnable-IEActivationPermissions
for enabling Internet Explorer to run headless by non-priveleged users. - Changed the way
Invoke-WindowsInstaller
waits for MSI to finish installing: instead of searching for any MSI process, it now searches for an MSI process that is a child of the current PowerShell process. - Simplified how
Add-GroupMembers
adds group members. - The version number in the module manifest now gets updated correctly for each release. You should now be able to tell what version you're running by looking in
Carbon\Carbon.psd1
, or, if Carbon is imported in your console, runningGet-Module Carbon | Select-Object Version
. - Created
Get-ComPermissions
function for getting COM Access or Launch and Activation Permissions. These are the permissions you see in Component Services (i.e. dcomcnfg) when you right-clickMy Computer
, selectProperties
, click theCOM Security
tab then click theEdit Default..
orEdit Limits...
buttons under Access Permissions or Launch and Activation Permissions, respectively. - Created
Grant-ComPermissions
for granting COM Access and/or Launch and Activation permissions. - Created
Revoke-ComPermissions
for revoking COM Access and/or Launch and ACtivation permissions. - Created
Test-Identity
function for testing if user or group exists on the local computer or in a domain. - Created
Resolve-IdentityName
function for determinig a user/group's canonical name. For example, it convertsAdministrators
intoBUILTIN\Administrators
. - Improved the way the Windows Features functions detect the best way to manage Windows features. The old way would write an error to the error stream, which bubbled up at weird times and made diagnosing real errors harder.
- Added a
Quiet
parameter toSet-RegistryKeyValue
so thatWrite-Host
output is muffled. - Created
Reset-MsmqQueueManagerID
function, which resets MSMQ's Queue Manager ID.
This release contains backwards-incompatible changes to the following functions:
Set-IisSslFlags
Set-TrustedHosts
Invoke-PowerShell
This function was renamed to Enable-IisSsl
. Its Enable128BitSsl
parameter was renamed to Require128BitSsl
.
Configuring client certificates is now a little stricter/clearer. You can no longer specify both AcceptClientCertificates
and RequireClientCertificates
. Also, if you specify RequireClientCertificates
, you must now also supply the RequireSsl
switch (before, setting the RequireClientCertificates
switch implicitly set the RequireSsl
switch).
Make sure you're not calling Set-TrustedHosts
with an empty array/value for the Entries
parameter. The function now throw an error in that situation. If you need to clear the list of trusted hosts, use Clear-TrustedHosts
.
If you call Invoke-PowerShell
without the x86
switch and PowerShell is 32-bit, you'll get an error. Under Windows x64, 32-bit PowerShell can't start the 64-bit instance because Windows redirects all access from C:\Windows\system32 to C:\Windows\SysWOW64. If anyone knows how to get around this, let me know!
- Renamed
Set-IisSslFlags
toEnable-IisSsl
to better reflect what it does. Also, created parameter sets around client certificate settings so you can't configure them incorrectly. (Fixes #25: Set-IisSslFlags: Create parameter sets to accurately reflect what flags are allowed to be set simultaneously.) - Added
WhatIf
support toInstall-MsmqMessageQueue
. - Created new
Clear-TrustedHosts
for clearing PowerShell's trusted hosts list.
- Rename
Enable-IisSsl/Set-IisSslFlags's
Enable128BitSsl
parameter toRequire128BitSsl
] (Fix #24 Set-IisSslFlags: Rename the Enable128BitSsl parameter to Require128BitSsl). - Fix issue #19:
Install-IisAppPool
doesn't change an existing 32-bit app pool to be a 64-bit app pool. - Fix issue #33:
Install-MsmqMessageQueue
: Can wait forever for a queue to get created. It now waits 10 seconds. - Fix issue #36:
Get-PowerShellPath
returns the wrong path when running x86 PowerShell on x64 computers. - Fix issue #37:
Invoke-PowerShell
should write an error when running as x86 on Windows x64 without the x86 flag (i.e. 32-bit PowerShell can't launch a 64-bit PowerShell, so throw an error in that situation). - Fix issue #38:
Set-TrustedHosts
: passing an empty value for the Entries parameter clears the hosts list. TheEntries
parameter is now required. To clear the trusted hosts list, useClear-TrustedHosts
.
- New functions for working with the registry:
Get-RegistryKeyValue
: Get a value from a registry key.Install-RegistryKey
: Create a new registry key.Remove-RegistryKeyValue
: Remove a value from a registry key.Set-RegistryKeyValue
: Set/create a value in a registry key.Test-RegistryKeyValue
: Test if a value exists in a registry key.
Unprotect-AclAccessRules
: Turns off inherited access rules on an item in the file system or registry.- Added a
Clear
parameter to theGrant-Permissions
function for clearing any non-inherited permissions on a file system/registry item.
- Improved documentation for:
Grant-ServiceControlPermission
Install-Service
Invoke-SubInAcl
Remove-Service
Restart-RemoteService
Install-Share
Add-GroupMembers
Get-WmiLocalUserAccount
Install-Group
Install-User
Remove-User
Test-User
Install-WindowsFeatureIis
Install-WindowsFeatureMsmq
Install-WindowsFeatures
Test-WindowsFeature
Uninstall-WindowsFeatures
Assert-FirewallConfigurable
Disable-FirewallStatefulFtp
Enable-FirewallStatefulFtp
Get-FirewallRules
Test-FirewallStatefulFtp
Find-ADUser
Format-ADSpecialCharacters
Get-Certificate
Get-CertificateStore
Set-HgrcDefaultPushUrl
- Help files and example scripts now included in Carbon download package.
- Added test to help ensure all functions have proper documentation.
Install-IisWebsite
now validates website bindings
- Improved documentation for:
Test-IisAppPool
Test-IisWebsiteExists
Unlock-IisBasicAuthentication
Unlock-IisCgi
Unlock-IisConfigSection
- Import-Carbon.ps1
Set-IniEntry
Split-Ini
Set-HgrcDefaultPushUrl
Get-MsmqMessageQueue
Get-MsmqMessageQueuePath
Grant-MsmqMessageQueuePermissions
Install-Msmq
Install-MsmqMessageQueue
Remove-MsmqMessageQueue
Test-MsmqMessageQueue
Get-PerformanceCounters
Install-PerformanceCounter
Test-PerformanceCounter
Test-PerformanceCounterCategory
Uninstall-PerformanceCounterCategory
Complete-Jobs
Get-PowershellPath
Invoke-PowerShell
Test-PowerShellIs32Bit
Test-PowerShellIs64Bit
Add-TrustedHosts
Get-TrustedHosts
Set-TrustedHosts
Assert-AdminPrivileges
Convert-SecureStringToString
Grant-Permissions
New-Credential
Test-AdminPrivileges
- Improved whitespace in HTML documentation code samples.
- Improved documentation for:
- Get-PathCanonicalCase
- Get-PathRelativeTo
- New-Junction
- New-TempDir
- Remove-Junction
- Test-PathIsJunction
- Reset-HostsFile
- Set-HostsEntry
- Add-IisDefaultDocument
- Get-IisHttpRedirect
- Get-IisVersion
- Get-IisWebsite
- Install-IisApplication
- Install-IisAppPool
- Install-IisVirtualDirectory
- Install-IisWebsite
- Invoke-AppCmd
- Remove-IisWebsite
- Set-IisAnonymousAuthentication
- Set-IisBasicAuthentication
- Set-IisDirectoryBrowsing
- Set-IisHttpRedirect
- Set-IisSslFlags
- Set-IisWebsiteSslCertifiate
- Set-IisWindowsAuthentication
- Improved documentation for:
- Disable-IEEnhancedSecurityConfiguration
- Enable-IEActivationPermissions
- Get-FullPath
- Invoke-WindowsInstaller
- Protect-String
- Remove-EnvironmentVariable
- Set-DotNetAppSetting
- Set-DotNetConnectionString
- Set-EnvironmentVariable
- Test-OSIs32Bit
- Test-OSIs64Bit
- Unprotect-String
- Invoke-WindowsInstaller doesn't validate that installer path ends in '.msi'.
- Invoke-WindowsInstaller not showing correct exit code when installation fails.
- Created Import-Carbon script to help users properly import Carbon.
- Add-GroupMembers fails to add Administrators and ANONYMOUS LOGON built-in accounts.
- Add-GroupMembers fails when adding built-in accounts multiple times.
- Add-GroupMembers fails to add domain user to a local group.
- Added IsJunction property to DirectoryInfo objects. Returns true if a directory is a junction/reparse point.
- Created a Carbon assembly for compiled code. Moved P/Invoke functions from FileSystem.ps1 into assembly. This is a backwards compatible change.
- Created a Carbon.IO.JunctionPoint helper class for creating/removing/getting junction/reparse points. Updated New-Junction and Remove-Junction to use the new helper class.
- Added TargetPath property to DirectoryInfo objects. If the directory is a junction/reparse points, returns the path to the junction's target. Otherwise, $null.
- fix issue #3: Added -Runtime switch to Invoke-PowerShell function for running PowerShell under .NET 2.0 or 4.0. Valid values are 'v2.0' (for .NET 2) and 'v4.0' (for .NET 4).
- BREAKING CHANGE: Added -Clr2 and -Clr4 switches to Set-DotNetAppSetting and Set-DotNetConnectionString functions for modifying the .NET 2 and/or 4 machine.config files. One or both of these parameters is required.
- Improved documentation for Get-ADDomainController, Get-ADUser, Format-ADSpecialCharacters, Get-Certificate, Invoke-PowerShell, Set-DotNetAppSetting, and Set-DotNetConnectionString functions.
- fix issue #2: Get-PowerShellPath Returns Wrong Value on x86 Systems
- First packaged release.