Vista - Powershell omitted in Vista.

Why was powershell omitted in the default installation of Windows
Vista?
Why didn't the powershell team think of using UAC to elevate any
application using powershell
scripts to do certain tasks that may be virulent? And may be to have a
exclusion list (list for which UAC elevation is not required even if
it uses scripts) of application that uses ps scripts. And may be
addition to the exclusion list requires elevated privileges through
UAC. I do expect an answer for this in PowerShell in Action by Bruce
Payette, but not sure whether the answer is there actually, as I've
not completed the book.
Please pour in your thoughts.
Hope this will be a interesting discussion...

Regards,
Mugunth

PowerShell wasn't "done" in time to be included in the final release of
Vista. The Vista build of PowerShell wasn't finalized until after Vista
itself shipped.

And it should NOT be in the "default" installation. Ever. As with Longhorn
Beta 3, PowerShell should be an OPTIONAL installation. Anything capable of
executing arbitrary code should not be installed by default - it presents a
"hidden" security risk. You can, of course, automate a Longhorn install to
include PowerShell, but then YOU are making the decision for your
environment, not Microsoft.

Currently, PowerShell works within UAC in pretty much the best way it can,
given how UAC works. UAC doesn't provide exception lists or anything else;
PowerShell as an operating system component shouldn't be taking on OS-level
tasks like managing security exception lists. And I don't think you'll find
anything about this in the book . PowerShell doesn't "do" anything with
UAC; it is subject to UAC.

The function of UAC is not simply to "elevate" any task. UAC is in fact the
opposite, really: It "de-elevates" administrators so they're not "really"
administrators all the time. Yes, if a non-admin tries to perform a
privileged task, UAC can step in, authenticate an admin, and launch the task
under those credentials.

So, the one thing I suppose PowerShell could do is react better to UAC. So
that if PowerShell tries to do something privileged, instead of failing, you
get a UAC prompt. However, that's not in keeping with the command-line
interface paradigm, would break compatibility with the XP/2003 PowerShell
builds, and probably just wasn't possible in the timeframe the team had to
work with.

--
Don Jones
Windows PowerShell MVP
Founder: www.ScriptingAnswers.com
Co-Author: "Windows PowerShell: TFM"

"Mugunth" <mugunth.kumar@gmail.com> wrote in message
news:1178775979.136973.145100@w5g2000hsg.googlegroups.com...
> Why was powershell omitted in the default installation of Windows
> Vista?
> Why didn't the powershell team think of using UAC to elevate any
> application using powershell
> scripts to do certain tasks that may be virulent? And may be to have a
> exclusion list (list for which UAC elevation is not required even if
> it uses scripts) of application that uses ps scripts. And may be
> addition to the exclusion list requires elevated privileges through
> UAC. I do expect an answer for this in PowerShell in Action by Bruce
> Payette, but not sure whether the answer is there actually, as I've
> not completed the book.
> Please pour in your thoughts.
> Hope this will be a interesting discussion...
>
> Regards,
> Mugunth
>

I should point out that if you want to be able to run a script in
PowerShell, and you want to have the script launch things under elevated
permissions or use UAC... you should keep an eye out for the June issue of
TechNet Magazine (www.microsoft.com/technet/technetmag). I think you'll find
something interesting.

--
Don Jones
Windows PowerShell MVP
Founder: www.ScriptingAnswers.com
Co-Author: "Windows PowerShell: TFM"

"Mugunth" <mugunth.kumar@gmail.com> wrote in message
news:1178775979.136973.145100@w5g2000hsg.googlegroups.com...
> Why was powershell omitted in the default installation of Windows
> Vista?
> Why didn't the powershell team think of using UAC to elevate any
> application using powershell
> scripts to do certain tasks that may be virulent? And may be to have a
> exclusion list (list for which UAC elevation is not required even if
> it uses scripts) of application that uses ps scripts. And may be
> addition to the exclusion list requires elevated privileges through
> UAC. I do expect an answer for this in PowerShell in Action by Bruce
> Payette, but not sure whether the answer is there actually, as I've
> not completed the book.
> Please pour in your thoughts.
> Hope this will be a interesting discussion...
>
> Regards,
> Mugunth
>

On Thu, 10 May 2007 10:18:39 -0700, "Don Jones [MVP]" <don@sapien.com>
wrote:

I have to say I disagree strongly with this:

>And it should NOT be in the "default" installation. Ever. As with Longhorn
>Beta 3, PowerShell should be an OPTIONAL installation.

I think Vista and Longhorn should include PowerShell by default; the
fact that PowerShell is not in Vista by default is a tremendous missed
opportunity IMO and making it an optional component in Longhorn is a
mistake also.

> Anything capable of
>executing arbitrary code should not be installed by default - it presents a
>"hidden" security risk.

So we should exclude CMD.EXE as well then?? That should be
interesting in Server Core:-) In fact, if you take this fatuous
statement to its logical conclusion we should exclude the OS too since
that is capable of running arbitrary code from .EXE and .DLL files
amongst others.

The point is that PowerShell has a mechanism (see Help about_signing)
to prevent arbitrary code execution. Replacing CMD.EXE with
PowerShell entirely, although impractical, would arguably make the OS
more secure rather than less.

>You can, of course, automate a Longhorn install to
>include PowerShell, but then YOU are making the decision for your
>environment, not Microsoft.

It's a real shame that I have to do this. It means that forever more
I have to run additional checks and/or installations on arbitrary
machines before I can run my admin scripts on them :-(

Oh well.

Chris

On May 10, 1:55 pm, Chris Warwick <n...@remove.this.bit.nuney.com>
wrote:
> On Thu, 10 May 2007 10:18:39 -0700, "Don Jones [MVP]" <d...@sapien.com>
> wrote:
>
> I have to say I disagree strongly with this:
>
> >And it should NOT be in the "default" installation. Ever. As with Longhorn
> >Beta 3, PowerShell should be an OPTIONAL installation.
>
> I think Vista and Longhorn should include PowerShell by default; the
> fact that PowerShell is not in Vista by default is a tremendous missed
> opportunity IMO and making it an optional component in Longhorn is a
> mistake also.
>
> > Anything capable of
> >executing arbitrary code should not be installed by default - it presents a
> >"hidden" security risk.
>
> So we should exclude CMD.EXE as well then?? That should be
> interesting in Server Core:-) In fact, if you take this fatuous
> statement to its logical conclusion we should exclude the OS too since
> that is capable of running arbitrary code from .EXE and .DLL files
> amongst others.
>
> The point is that PowerShell has a mechanism (see Help about_signing)
> to prevent arbitrary code execution. Replacing CMD.EXE with
> PowerShell entirely, although impractical, would arguably make the OS
> more secure rather than less.
>
> >You can, of course, automate a Longhorn install to
> >include PowerShell, but then YOU are making the decision for your
> >environment, not Microsoft.
>
> It's a real shame that I have to do this. It means that forever more
> I have to run additional checks and/or installations on arbitrary
> machines before I can run my admin scripts on them :-(
>
> Oh well.
>
> Chris

Chris, your fear is misplaced:

http://blogs.msdn.com/powershell/arc...-longhorn.aspx

;-)

- Oisin

p.s. and for the record, I agree with you. PowerShell ain't no
wscript.exe.

"Don Jones [MVP]" <don@sapien.com> wrote in message
news:6F73B290-350A-464E-BCDB-999ACCCB46AD@microsoft.com...
> So, the one thing I suppose PowerShell could do is react better to UAC. So
> that if PowerShell tries to do something privileged, instead of failing,
> you get a UAC prompt.

And that's not really an option with the way the Windows security model
works. Once a process is running there is no way to elevate that existing
process to admin. That is why, when you open task manager and click the
"show processes from all users" check box, you see task manager go away and
then restart.

--
Keith

Actually, I would say, yes - they should have excluded Cmd.exe, and
VBScript, and IIS.... the latter two being perfect examples of dropping in
bits by default and then regretting it later. If *you* want it on *your*
machines by default, fine - you can create a custom install which does that
for you... but then it's *your* decision, not a decision made for the entire
world by the folks in Redmond.

Yes, it means the admin has to work a bit harder for installs, or do a bit
of up-front work to create a custom install. I'd rather have that work to do
ONCE, than to have extra bits I don't need on every machine sitting out
there... where I constantly have to keep them patched, worry about future
security vulnerabilities, and so on.

Longhorn's entire install is based on nearly every bit of functionality
being optional - "secure by default."

And I'm sorry you think it's a "fatuous" statement. It's my opinion. I'd
much rather have a default OS that's as lean as possible, and then add on
the bits I need for each particular computer.

--
Don Jones
Windows PowerShell MVP
Founder: www.ScriptingAnswers.com
Co-Author: "Windows PowerShell: TFM"

"Chris Warwick" <news@remove.this.bit.nuney.com> wrote in message
news:5hm643paj13qhlpq9aur7klmcu75b88mqp@4ax.com...
> On Thu, 10 May 2007 10:18:39 -0700, "Don Jones [MVP]" <don@sapien.com>
> wrote:
>
> I have to say I disagree strongly with this:
>
>>And it should NOT be in the "default" installation. Ever. As with Longhorn
>>Beta 3, PowerShell should be an OPTIONAL installation.
>
> I think Vista and Longhorn should include PowerShell by default; the
> fact that PowerShell is not in Vista by default is a tremendous missed
> opportunity IMO and making it an optional component in Longhorn is a
> mistake also.
>
>> Anything capable of
>>executing arbitrary code should not be installed by default - it presents
>>a
>>"hidden" security risk.
>
> So we should exclude CMD.EXE as well then?? That should be
> interesting in Server Core:-) In fact, if you take this fatuous
> statement to its logical conclusion we should exclude the OS too since
> that is capable of running arbitrary code from .EXE and .DLL files
> amongst others.
>
> The point is that PowerShell has a mechanism (see Help about_signing)
> to prevent arbitrary code execution. Replacing CMD.EXE with
> PowerShell entirely, although impractical, would arguably make the OS
> more secure rather than less.
>
>>You can, of course, automate a Longhorn install to
>>include PowerShell, but then YOU are making the decision for your
>>environment, not Microsoft.
>
> It's a real shame that I have to do this. It means that forever more
> I have to run additional checks and/or installations on arbitrary
> machines before I can run my admin scripts on them :-(
>
> Oh well.
>
> Chris
>
>

"Shipping" and "installed by default" don't mean the same thing. Longhorn
ships with PowerShell, but doesn't install it by default (just as Longhorn
doesn't install IIS or many other components by default).

--
Don Jones
Windows PowerShell MVP
Founder: www.ScriptingAnswers.com
Co-Author: "Windows PowerShell: TFM"

"Oisin Grehan" <oising@gmail.com> wrote in message
news:1178820179.439937.3710@u30g2000hsc.googlegroups.com...
> On May 10, 1:55 pm, Chris Warwick <n...@remove.this.bit.nuney.com>
> wrote:
>> On Thu, 10 May 2007 10:18:39 -0700, "Don Jones [MVP]" <d...@sapien.com>
>> wrote:
>>
>> I have to say I disagree strongly with this:
>>
>> >And it should NOT be in the "default" installation. Ever. As with
>> >Longhorn
>> >Beta 3, PowerShell should be an OPTIONAL installation.
>>
>> I think Vista and Longhorn should include PowerShell by default; the
>> fact that PowerShell is not in Vista by default is a tremendous missed
>> opportunity IMO and making it an optional component in Longhorn is a
>> mistake also.
>>
>> > Anything capable of
>> >executing arbitrary code should not be installed by default - it
>> >presents a
>> >"hidden" security risk.
>>
>> So we should exclude CMD.EXE as well then?? That should be
>> interesting in Server Core:-) In fact, if you take this fatuous
>> statement to its logical conclusion we should exclude the OS too since
>> that is capable of running arbitrary code from .EXE and .DLL files
>> amongst others.
>>
>> The point is that PowerShell has a mechanism (see Help about_signing)
>> to prevent arbitrary code execution. Replacing CMD.EXE with
>> PowerShell entirely, although impractical, would arguably make the OS
>> more secure rather than less.
>>
>> >You can, of course, automate a Longhorn install to
>> >include PowerShell, but then YOU are making the decision for your
>> >environment, not Microsoft.
>>
>> It's a real shame that I have to do this. It means that forever more
>> I have to run additional checks and/or installations on arbitrary
>> machines before I can run my admin scripts on them :-(
>>
>> Oh well.
>>
>> Chris
>
> Chris, your fear is misplaced:
>
> http://blogs.msdn.com/powershell/arc...-longhorn.aspx
>
> ;-)
>
> - Oisin
>
> p.s. and for the record, I agree with you. PowerShell ain't no
> wscript.exe.
>

BTW, I absolutely acknowledge and agree that PowerShell is safer than
Cmd.exe, thanks in large part to its secure-by-default configuration and
ability to use code-signing. Which few admins will bother to do, of course,
but it's there.

But I still feel that Windows should contain as few components as possible
*by default.* I think there should be an *easy* way to create a
configuration file that you can give to Windows during installation to get
*your* preferred set of components installed by default... because that's
*your* decision. But I don't like it when Microsoft decides what's good for
me and drops a component onto the OS by default; Microsoft's been moving
more and more toward making everything optional (especially with Server,
less so with Client), and I like it.

Let me at least try and explain why I feel that way: I don't like running
through Setup and unchecking boxes, because if I miss one, then I might be
allowing something which in my environment could present a security risk.
I'd rather have as much as possible "off" by default. That way, when I check
the boxes for components I want, *I* am the one making the decision and
taking the responsibility for any consequences.

I don't have a desire to see PowerShell "held back" or anything, but I
really don't think not making it a default installation component is really
a huge barrier to adoption. If you want it on all of your servers, for
example, it's easy enough to use Longhorn's deployment options to make that
happen.

And I completely respect your opinion - I don't think it's "fatuous" at
all - but I respectfully disagree, is all.

--
Don Jones
Windows PowerShell MVP
Founder: www.ScriptingAnswers.com
Co-Author: "Windows PowerShell: TFM"

"Chris Warwick" <news@remove.this.bit.nuney.com> wrote in message
news:5hm643paj13qhlpq9aur7klmcu75b88mqp@4ax.com...
> On Thu, 10 May 2007 10:18:39 -0700, "Don Jones [MVP]" <don@sapien.com>
> wrote:
>
> I have to say I disagree strongly with this:
>
>>And it should NOT be in the "default" installation. Ever. As with Longhorn
>>Beta 3, PowerShell should be an OPTIONAL installation.
>
> I think Vista and Longhorn should include PowerShell by default; the
> fact that PowerShell is not in Vista by default is a tremendous missed
> opportunity IMO and making it an optional component in Longhorn is a
> mistake also.
>
>> Anything capable of
>>executing arbitrary code should not be installed by default - it presents
>>a
>>"hidden" security risk.
>
> So we should exclude CMD.EXE as well then?? That should be
> interesting in Server Core:-) In fact, if you take this fatuous
> statement to its logical conclusion we should exclude the OS too since
> that is capable of running arbitrary code from .EXE and .DLL files
> amongst others.
>
> The point is that PowerShell has a mechanism (see Help about_signing)
> to prevent arbitrary code execution. Replacing CMD.EXE with
> PowerShell entirely, although impractical, would arguably make the OS
> more secure rather than less.
>
>>You can, of course, automate a Longhorn install to
>>include PowerShell, but then YOU are making the decision for your
>>environment, not Microsoft.
>
> It's a real shame that I have to do this. It means that forever more
> I have to run additional checks and/or installations on arbitrary
> machines before I can run my admin scripts on them :-(
>
> Oh well.
>
> Chris
>
>

In message <DABD436C-8177-415C-8BA7-7C36726529DF@microsoft.com> "Don
Jones [MVP]" <don@sapien.com> wrote:

>Actually, I would say, yes - they should have excluded Cmd.exe, and
>VBScript, and IIS.... the latter two being perfect examples of dropping in
>bits by default and then regretting it later. If *you* want it on *your*
>machines by default, fine - you can create a custom install which does that
>for you... but then it's *your* decision, not a decision made for the entire
>world by the folks in Redmond.

Why stop there? Drop IE completely (oh wait, that's part of the OS),
Explorer, Notepad, everything.

I'm only half joking, actually -- I'd love to see Windows become far
more modular. I simply don't need a GUI at all on several of my
servers, and it would be nice to drop the bloat.

--
We know America is a great nation! Where else could a poor black boy
be born in utter poverty and end up a rich white man?
Only in America!