why PowerShell sucks so badly

Here, I attempt to answer the rhetoric question, “Why does Microsoft PowerShell suck so badly?” Where to begin…? It has such promise, it’s clear that someone has spent much time coding everything. Ultimately, there appears to be power under that shell and it’s probably truthful to its name. But if you can’t use the tool in the real world, it should be renamed to Microsoft PowerlessShell.

“But if you can’t use the tool in the real world, it should be renamed to Microsoft PowerlessShell.”

It’s almost like a group of scientists in a desert setting somewhere—think “Manhattan Project”—created a collection of methods useful for annihilating the planet and then as almost an afterthought, enough preventive controls were placed upon its use that literally nobody could in fact blow anything up.

Today’s task is to automate the creation of a VPN button for Windows 10—based remote users here at the office. End-users then in theory can just double-click a PowerShell script that I’ve placed on a SharePoint server.  I would then individually share the link with them which would remotely install the new VPN profile. Sounds easy enough.  In fact, it sounds much easier than the two-page long tutorial in a Word document which attempts to educate them how to do all this manually.  Have you ever seen how long an L2TP shared key phase can be?  It’s pretty bad.  Just think of all the support calls I’m going to get if I can’t script this.

Is the PowerShell documentation easy to use? Hell no, it’s not. I’ve just spent a full hour trying to piece together the script required from this hobbled-together documentation on Add-VpnConnection. Does my script work under a test rig? I wish I knew, because at the moment I can’t actually run the script in any form or fashion because Microsoft doesn’t want me to.

“Does my script work under a test rig? I wish I knew, because at the moment I can’t actually run the script in any form or fashion because Microsoft doesn’t want me to.”

Now granted, I’m an Administrative user on my newly-upgraded Windows 10 laptop. The script fails with some terse error message which suggests that I need to run the PowerShell command as Administrator.  Well, that would foil things here in the real world because I’m trying to have the end-users run this script remotely so that I—the administrator—don’t have to be there in the first place.

So I doggedly trudge ahead and end my session and open up PowerShell by right-mouse clicking it and choosing Run As Administrator.  And yet, this still doesn’t work.  This time it fails with another terse error message which suggests that Set-ExecutionPolicy might help.  I then research this to find that “Unrestricted” is the probable attribute but when attempting to run this, I get another terse error message suggesting that I can’t change the policy.  Seriously?

I could now go back to my earlier research and re-learn how to digitally sign a script so that I can run it.  But the process to create and to troubleshoot a script usually requires multiple iterations before the script works perfectly.  And this is especially true since nobody yet on the Internet has provided a good example for creating a VPN tunnel to a SonicWall over L2TP/Ipsec with a pre-shared secret and authenticating to the firewall instead of the domain controller.  Designing a script like this takes trial and error.  Adding a signing phase between each script attempt effectively means:  I’m not going to do this.

“Adding a signing phase between each script attempt effectively means:  I’m not going to do this.”

In short, this is why Microsoft PowerShell sucks.  If you have to sign scripts just to run them while testing then it’s not worth the effort.  Why not include a button in the PowerShell IDE which allows me to “Sign & Execute” my script attempt?  And if I don’t have a digital certificate then open a dialog box to gather the information to magically make this happen.  Or even better, just allow me to create and run scripts without all the nonsense.  How about a big toggle that says “Unsafe Mode” versus “Safe Mode”?

Advertisements

6 thoughts on “why PowerShell sucks so badly”

  1. a) You don’t have to sign your scripts to run them. “Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass” can be used while you test
    b) UAC requires you to run elevated processes if you want to change/read certain system properties (that should be obvious – it’s been like that since Vista)

    In general PS’ execution policy is a means to decide whether you can only run signed scripts [Signed), run your own local scripts but not scripts from the internet [RemoteSigned] or all scripts [Unrestricted] (or just ignore all of that [Bypass])

    That’s 10 minutes of google research.

    Like

    1. You might have managed to find something that worked within ten minutes. Great. Personally, I’d suggest that Microsoft could default their currently terse error response system to make that suggestion.

      I believe I did eventually that day find this solution and eventually then managed to finish a script process that’s about as kludgey as they come: 1) a batch file copies a registry file locally, 2) runs the registry file locally, 3) runs the script with similar arguments, 4) put everything back to normal and clean up. And yet, this feels like something a hacker would have to do to get around security, not something an administrator should have to do to test something.

      Like

  2. I dabbled with Powershell when it first came out years ago, then decided to leave it alone on the basis that it was insufficiently compatible with the existing cmd.exe shell to be useful. (I don’t want to have to rewrite my existing environment from scratch).

    I’m currently trying to get a decent git prompt in a Windows shell. There is posh-git for Powershell, but I already know I don’t want to touch Powershell with a barge pole. So I’ve spent the entire day trying other things. Nothing is working nicely.

    Finally I succumb and fire up Powershell with a view to checking out posh-git. First thing I try to do is invoke my simple one-liner batch file to cd to my dev area. Powershell just emits a blank line, no error at all.

    Perhaps Powershell isn’t recognising the path. So I type ‘path’ to see what path Powershell is using. Result loads of red text, “the term ‘path’ is not recognised as the name of a cmdlet…”

    This is the defining characteristic of Powershell. The most basic tasks that have worked in well-known traditional ways for decades are incompatible, replaced by arcane new invocations that someone at Microsoft thinks I want to spend the time to relearn in order to do stuff I can already do elsewhere.

    If they can’t even be bothered to provide helpful messages showing you the Powershell equivalent to the most basic shell commands then Powershell can go and die in the cold.

    Like

    1. If you have Windows 10, I’ve got another post on here about the Ubuntu subsystem which is now native within Windows itself. It doesn’t have any GUI (no X-windows) but it is a reasonably full-fledged bash platform, if you will.

      With it, you could potentially execute Windows programs as if you were within a DOS batch file. I’m now working at a code academy and all three of the Windows-based students use this with git all day long and it seems to work out. It is Ubuntu under the covers, after all.

      https://outsourcedguru.wordpress.com/2017/03/22/ubuntu-bash-now-in-windows-10/

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s