Configure & Manage PowerShell in Windows 11 for Admins

PowerShell is a handy tool for IT administrators. In Windows 11, PowerShell can be customized to fit your needs by adding modules, using PowerShell profiles, and applying Group Policy.

Configure the PowerShell Environment

PowerShell has built-in configurations that are created to meet users’ general needs. However, this configuration is only basic and may need to be tailored to the administrator’s specific needs.

For example, some features, such as script execution or module logging, are not active by default, so users must activate them to conform to their security policies or work environment.

How to Change Configuration Using PowerShell Profile Scripts

PowerShell profile script is an automated script that runs every time PowerShell is opened. These scripts allow users to set up the work environment automatically, such as adding modules, setting variables, or defining custom functions.

PowerShell provides four types of profile files for various scenarios:

1. AllUsersAllHosts

This profile applies to all users on all PowerShell hosts.

Default location:

C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1

2. AllUsersCurrentHost

This profile applies to all users, but only on certain hosts (such as PowerShell, VS Code, or Windows Terminal).

Default location:

C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1

3. CurrentUserAllHosts

This profile only applies to logged-in users but can be used on all hosts.

Default location:

C:\Users\<Username>\Documents\WindowsPowerShell\profile.ps1

4. CurrentUserCurrentHost

This profile only applies to users who are currently logged in on a specific host.

Default location:

C:\Users\<Username>\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

Steps to change the profile configuration:

1. Check that the profile file already exists in the default location. If you don’t already have one, you can create one manually.
2. Use a text editor such as Notepad or Visual Studio Code to edit the profile file as needed.
3. Add configurations, such as automatic module loading or variable settings, inside the file.

Simple Syntax to Check the Location of Profile Files with $Profile

PowerShell has a built-in variable named $Profile that stores the location of each profile file type. You can use the following command to check the location of your profile file:

$Profile | Format-List

The results will show the complete location of each profile file. If the profile file doesn’t already exist, you can create one with the following command:

New-Item -Path $Profile.CurrentUserAllHosts -ItemType File -Force

Adding and Managing PowerShell Modules

A PowerShell module is a collection of commands (cmdlets), functions, and scripts organized in a single unit. This module was created to improve PowerShell’s ability to accomplish certain tasks, such as system management, security settings, and administrative process automation.

The main functions of the PowerShell module include:

• Provides additional commands for a variety of special needs.
• Simplify system management through automation.
• Added built-in PowerShell features to support integration with third-party apps or services.

How to Access PowerShell Gallery to Download Modules

PowerShell Gallery is an online repository that stores thousands of modules created by Microsoft and the community. You can search, download, and install modules from this gallery easily.

Steps to access the PowerShell Gallery:

1. Go to the official PowerShell Gallery website at https://www.powershellgallery.com.
2. Use the search feature on the site to find the modules you need.
3. Install the module directly via PowerShell with the Install-Module command.

Install-Module -Name ModuleName -Scope CurrentUser

Replace ModuleName with the name of the module you want to install.

Steps to Update PowerShellGet

To take advantage of the latest features of the PowerShell Gallery, make sure the PowerShellGet module is updated to the latest version. Here are the steps:

1. Check the current version of PowerShellGet:

Get-Module -Name PowerShellGet -ListAvailable

2. If the existing version is old, update it with the following command:

Install-Module -Name PowerShellGet -Force -Scope CurrentUser

3. Make sure the module is updated by checking the version again.

Basic Commands for Searching and Adding Modules

Here are some basic commands for managing modules in PowerShell:

1. Searching for the module in the PowerShell Gallery:

Find-Module -Name ModulName

2. Installing the module:

Install-Module -Name ModulName -Scope PenggunaSaatIni

3. View the modules that are already installed on the system:

Get-InstalledModule

4. Deleting modules:

Uninstall-Module -Name ModulName

5. Updating the module:

Update-Module -Name ModulName

Implement Group Policy for PowerShell

Group Policy is an important feature in Windows that allows administrators to set settings and policies across computers in an Active Directory-based network. With Group Policy, you can control various aspects of the operating system, including PowerShell configuration, giving you more control over security, logging, and default behavior.

In the context of PowerShell, Group Policy allows:

• Applying security policies to scripts.
• PowerShell activity logging management for audits.
• Provision of a uniform work environment across computers in the organization.

Configurable Policies Through Group Policy for PowerShell

1. Execution Policy

This policy specifies permissions to run PowerShell scripts. You can configure the security level by selecting one of the following policies:

• Restricted: Doesn’t allow script execution.
• RemoteSigned: Scripts from a remote must have a valid digital signature.
• Unrestricted: All scripts can be run without restrictions.

Steps to Set Execution Policy in Group Policy:

• Open Group Policy Management Console (GPMC).
• Navigate to Computer Configuration >  Administrative Templates > Windows Components > Windows PowerShell.
• Set the policy Turn on Script Execution and select the desired policy.

Example of a manual command:

If you’re not using Group Policy, you can set the policy directly in PowerShell:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned

2. Module Recording

This policy allows the logging of activities from specific modules used in PowerShell. This is especially useful for security audits or troubleshooting.

How to Set Module Logging in Group Policy:

• Open Windows PowerShell >  Turn on Module Logging.
• Add the module for which you want to enable logging, such as NTFSSecurity or ActiveDirectory.

3. Script Block Logging

This policy logs every block of scripts that are executed in PowerShell, including more complex commands and scripts. This feature helps in detecting suspicious activity or script-based attacks.

How to set up script block logging:

• Access policies Turn on PowerShell Script Block Logging.
• Enable the policy to log all script block executions.

4. Transcription

This policy records all PowerShell sessions into log files, including inputs and outputs. It is very effective for auditing and debugging.

How to Set Up Transcription:

• Navigate to Turn on PowerShell Transcription in Group Policy.
• Specify the location where the logs are stored, for example: C:\Transcripts\.
• The log results will record every session executed by the user.

How to Update Local Help with Update-Help

PowerShell has an Update-Help feature that works to update the help documentation of the modules that are already installed. You can use Group Policy to set up a local repository as the source of updates, so you don’t have to download from the internet.

Manual steps using Update-Help:

1. Create a local repository for the help file.

2. Define the local repository with the following command:

Save-Help -DestinationPath “C:\HelpRepo”

3. Update help using local repositories:

Update-Help -SourcePath “C:\HelpRepo”

Recommendations for Frequently Used Modules and Scripts

To increase productivity and automate administrative tasks, here are some recommended modules of PowerShell:

1. NTFSSecurity

Function: Easily manage ACLs (Access Control Lists) on files and folders.

Example command:

Get-NTFSAccess -Path “C:\ContohFolder”

2. PSWindowsUpdate

Its function: Manage Windows updates via PowerShell.

Installation:

Install-Module -Name PSWindowsUpdate

3. ActiveDirectory

Function: Manage Active Directory such as users, groups, and policies.

Example command:

Get-ADUser -Filter * -Properties  DisplayName

4. Pester

Function: Testing PowerShell scripts and modules to ensure code quality.

Installation:

Install-Module -Name Pester

5. ImportExcel

Function: Manage Excel data without the need to open the Excel application.

Example command:

Import-Excel -Path “C:\Data.xlsx” | Select-Object  Name, Age