Note: 2.5.1 through 2.5.4 contain the same code and changes. We created new build and deployment automation that, due to bugs, required us to publish multiple versions.
DelayedAutoStart boolean property to objects returned by Get-ServiceConfiguration. This flag is true when a service is set to start automatically, delayed. False otherwise. Added extended Carbon_Service DSC resource can now set a service's startup type to Automatic (Delayed). Pass Automatic to the StartupType parameter and use the new Delayed switch. The Delayed switch is ignored unless StartupType is Automatic. Fixes issue #216.EnsureRunning switch to Install-Service function to ensure that any service is started after configuring. (By default, Install-Service leaves a service stopped if it was stopped when Install-Service begins.)IsSymbolicLink extended type property to directory and file objects (i.e. System.IO.DirectoryInfo and System.IO.FileInfo objects).TargetPath extended type property to file (i.e. System.IO.FileInfo) objects. If a file is a symbolic link, this property will return the file the link points to.TargetPath extended type property on directory (i.e. `System.IO.DirectoryInfo) objects now returns target paths when a directory is a symbolic link.Initiazlie-Lcm can't be used on Windows Server 2016 and later to put the DSC local configuration manager into pull mode. Initialize-Lcm now writes an error when you try.Carbon_Service DSC resource write errors when a service is running and its startup type is changed to Disabled.Carbon_ScheduledTask DSC resource writes incorrect information to verbose log when the current and desired credential for the scheduled task are different.Carbon_ScheduledTask DSC resource doesn't correctly detect when a task's identity has changed (it wasn't converting usernames to their canonical representation before comparing the existing identity with the desired identity).Carbon_Service DSC resource fail to change the identity a service runs as if switching from a custom account to the default NetworkService account.Carbon_Permission fails when revoking permissions and the Permissions property doesn''t have a value.WhatIf switch." (fixes issue #219).$Global:Error is full. Fixes issue #217. EdgeTraversalPolicy to DeferUser on rules whose policy is "defer to application". netsh advfirewall. Now it uses the Windows Firewall with Advanced Security API.) [Fixes issue #208.Carbon_FirewallRule fails when Profile property has more than one value.SecureString. The String parameter's type was changed to [object]. When you pass in a SecureString, it is converted to an array of bytes, encrypted, and the array of bytes are cleared from memory.Version registry key value can't be converted into a Version object.Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software.Deny access rules. Use the new Type parameter. Fixes issue #152.-Force switch to make all variable modifications immediately visible in the current PowerShell process's env: drive. Restarts are no longer required.Credential parameter to specify the user's credentials. Fixes issue #151.-Force switch to make all variable removals immediately visible in the current PowerShell process's env: drive. Restarts are no longer required.Credential parameter to specify the user's credentials.Command parameter. Command parameter and use the -Encode switch.Credential parameter to pass the user's credentials along with the FilePath and Command parameters to run scripts and commands, respectively.-String parameter's value is $null or empty (fixes issue #211).HighestAvailableRunLevel is lying (fixes issue #205).Carbon_FirewallRule fails when Profile property set to multiple values (fixes issue #209).No Managed Code (fixes issue #210).en-US (fixes issue #171).[DayOfWeek]::Sunday is 0, so when testing if a DayOfWeek typed variable set to Sunday has a value, it returns $false. This made Install-ScheduledTask add the /D parameter without a value.LiteralPath parameter to Test-PathIsJunction for testing paths that contain wildcard characters (e.g. [, ], etc.).LiteralPath parameter to Remove-Junction for deleting junctions whose paths contain wildcard characters (e.g. [, ], etc.).LiteralPath parameter to Uninstall-Junction for deleting junctions whose paths contain wildcard characters (e.g. [, ], etc.).Resolve-WindowsFeatureNamePath parameter contains wildcards and matches multiple items.Credential parameter (fixes issue #185).PSModulePath environment variable.PSModulePath environment (fixes issue #192).Carbon_ScheduledTask and Carbon_IniFile DSC resources' Get-TargetResource functions don't return correct resource properties and causes Get-DscConfiguration to fail (fixes issue #193).Carbon_FirewallRule DSC resource always re-installs a firewall rule if Profile property contains multiple values (i.e. it doesn't properly parse netsh output).RequiredAssemblies module manifest data used an absolute path generated with Join-Path and $PSScriptRoot, which aren't allowed in module manifests.Carbon_Privilege DSC resource fails to remove all a user's privileges (issue #178).netsh http show urlacl command.netsh http add urlacl command.netsh http delete urlacl command.DirectoryServices.AccountManagement .NET API to remove a group, if it exists.DirectoryServices.AccountManagemetn .NET API to test if a principal is a member of a group.Carbon_Group: resource for configuring local groups.schtasks.exe CSV output can't be parsed correctly by ConvertFrom-Csv).Everyone or NT Service\* accounts to a group (fixes issue #177).Get-SheduledTask writes an error if a scheduled task's XML definition is for an executable and doesn't contain an arguments element.DontShow parameter property).SecureString instead.
certreq.exe instead of makecert.exe and pvk2pfx.exe.-Password parameter used to protect the private key (it used to prompt you).-ValidFrom and -Authority parameters obsolete.Add-MemberToGroup when they create/modify their objects.Carbon version 2.0 is a huge release, with lots of new enhancements and bug fixes. We hope you like them. Carbon 2.0 now requires PowerShell 4, so it is not backwards-compatabile with Carbon 1.x. Because of this, we made some additional backwards-incompatible changes. See the Upgrade Instructions section for things to look out for.
If you're upgrading from a previous 2.0 alpha release, you'll want to review the changes since your alpha version (found after the Upgrade Instructions section). We improved backwards-compatability with Carbon 1.x since the last alpha release, but that broke compatability with the alphas.
Make sure you're running PowerShell 4.
Install-Certificate's parameters have changed:
Exportable switch from any usages of Install-Certificate when installing from an X509Certificate2 object, since that switch only gets used when installing a certificate from a file.Some functions now return different objects and/or the objects returned have changed:
Sid property on objects returned by Test-Identity when using the PassThru switch: it now returns a Carbon.Identity object if the identity exists and you use the -PassThru switch, e.g. Test-Identity -Name $userName -PassThru | Select-Object -Expand 'Sid'.
Carbon.Computer.ProgramInstallInfo's Version property (returned by Get-ProgramInstallInfo). It was an int and is now a Version object.The Carbon assembly was re-organized. If you were reaching into Carbon.dll (NOT RECOMMENDED), you'll want to:
[Carbon.AdvApi32] class to [Carbon.Service.ServiceSecurity].[Carbon.Lsa] class to [Carbon.Security.Privilege].[Carbon.Win32] class to [Carbon.FileSystem.Path].[Carbon.HandleInfo] class to [Carbon.Win32.HandleInfo].[Carbon.Lsa]::LookupPrivilegeValue class method. It was incorrectly exposed as a public method.[Carbon.Kernel32]::LocalFree class method. It was incorrectly exposed as a public method.The following commands no longer return the stdout output from the console applications each one calls. To see the old output, use the -Verbose switch. Remove any usage of the output you were processing.
The following functions' internal behavior has changed. This may or may not impact you.
-Force switch to all Grant-Permission usages.-Force switch to all Invoke-WindowsInstaller[Install-Msi](Install-Msi.html) usages.Microsoft.Web.Administration API instead of appcmd.exe.-Force switch.Force switch.Force switch.We've added parameter validation to some functions. This shouldn't impact anybody, since if you were passing data that breaks this new validation, the function wouldn't have worked even in previous versions of Carbon.
System.Net.IPAddress object. Previously it was a string validated with a regular expression, so you should be OK.All Carbon functions now respect each caller's common parameters (e.g. -Verbose, -ErrorAction, etc.). This means if you pass a common parameter to a script that calls a Carbon function, that Carbon function will use that common parameter. This may or may not impact you.
System.ServiceProcess.ServiceController extended type data causes errors when PowerShell formats System.ServiceProcess.ServiceController objects that represent services on remote computers.Start-Service would write an error even if somone called Install-Service with an Ignore or SilentlyContinue error action preference.Import-Carbon.ps1 is more intelligent about when it tries to re-load Carbon. It will force a re-import of Carbon if any of Carbon's files have changed or the version has changed.FileIndex, LinkCount, and VolumeSerialNumber extended type data on System.IO.FileInfo objects for getting a file's index, its hard link count, and volume serial number, respectively.Get-Item Carbon.dll | Select-Object -ExpandProperty 'VersionInfo' | Select-Object -ExpandProperty 'ProductVersion'.Microsoft.Web.Administration API instead of appcmd.exe. As a side effect, they no longer return appcmd.exe console output.Write-Host. Instead, they use Write-Verbose:
System.DirectoryServices.AccountManagement.UserPrincipal, System.DirectoryServices.AccountManagement.GroupPrincipal, Microsoft.Web.Administration.ApplicationPool, Microsoft.Web.Administration.Site, and Microsoft.Web.Administration.Application objects.ConvertTo-SecurityIdentifer converts a binary, string, or System.Security.Principal.SecurityIdentifier object into a System.Security.Principal.SecurityIdentifier object.Win32_Share objects for the file shares installed on the local computer.$env:ProgramFiles\Windows PowerShell\Modules. Under PowerShell 3, it is $PSHome\Modules. This function returns the correct location for the version of PowerShell you're using.SecurityIdentifer, string SDDL, or byte array) into its canonical representation and includes extended identity information: domain, type, and SID.Test-TargetResource functions.ErrorLogRecord objects as errors.Carbon_EnvironmentVariable creates/removes machine-level environment variables.Carbon_FirewallRule configures firewall rules.Carbon_IniFile manages the contents of INI files.Carbon_Permission configures file, directory, registry, and certificate permissions.Carbon_Privilege configures an identity's privileges.Carbon_ScheduledTask configures scheduled tasks with schtasks.exe.Carbon_Service configures Windows services.PassThru SwitchesAdded a PassThru switch to the following functions, which will return objects of the given type:
Carbon.Security.ComAccessRule, representing the granted permission.System.Security.AccessControl.AccessRule, representing the granted permission.System.DirectoryServices.AccountManagement.GroupPrincipal, representing the group. Microsoft.Web.Administration.Application, representing the application.Microsoft.Web.Administration.Site, representing the website.System.IO.DirectoryInfo, representing new target directories and any new/updated junctions.System.ServiceProcess.ServiceController, representing the service.System.DirectoryServices.AccountManagement.UserPrincipal, representing the user.Carbon.Certificates.SslCertificateBinding, representing the configured binding.The following functions no longer return the console output of the program each one runs. Instead, the output is written to the verbose stream (i.e. use the -Verbose switch to see it).
The following functions are now obsolete. Please don't use them and stop using them if you are. They will be removed from a future major version of Carbon. You'll get warnings if you use them.
Wait-Job cmdlet instead.ConfigurationElement objects from the Microsoft.Web.Administration API that you can modify.net.exe anymore.The following functions now have obsolete parameters, which will be removed from a future major version of Carbon. You'll get warnings if you use them.
Install-IisAppPool's UserName and Password parameters. Use the new Credential parameter instead.Install-Msi's Quiet switch. Install-Msi always installs in quiet mode. Please remove usages.Install-Service's Password parameter. Use the new Credential parameter instead.Install-User's UserName and Password parameters. Use the new Credential parameter instead.Quiet parameter. Please remove usages.The following functions were renamed, but with backwards-compatible aliases in place, so you shouldn't have to change any code.
The following functions were re-written to use the System.DirectoryServices.AccountManagement API, introduced in .NET 3.5.
Add-MemberToGroupMicrosoft.Web.Administration.ApplicationPool objects.Version property changed from an int to a Version object.ProductCode and User properties. If a program doesn't have a product code, it is set to [Guid]::Empty. The User property is only set for per-user software installs.-Force switch to all Grant-Permission usages.Install-Certificate's Exportable switch is now only allowed when installing a certificate from a file. Previously, you could supply the switch when installing from an X509Certificate2 object but it was ignored.Install-Group's Members parameter renamed to Member (with backwards-compatible alias).Credential parameter to Install-IisAppPool for increased security and to follow PowerShell guidelines.SiteID parameter tfor setting a website's IIS ID.Path parameter now supports wildcards.-Force switch to all Invoke-WindowsInstaller[Install-Msi](Install-Msi.html) usages.ArgumentList parameter.net helpmsg to get helpful error messages based on sc.exe exit codes.Credential parameter for increased security and to follow PowerShell guidelines.Description parameter for setting a service's description.DisplayName parameter for setting a service's display name.net.exe, so it no longer returns any console output.PasswordExpires switch for creating accounts with passwords that expire.UserCannotChangePassword to prevent user from changing his password.SID parameter to Resolve-IdentityName to resolve a SID into its identity name.Set-HostsEntry's IPAddress parameter is now a System.Net.IPAddress object. It used to be a string validated with a regular expression.UDWord and UQWord parameters for setting registry key values to unsigned integers (i.e. integer values greater than [int]::MaxValue and [long]::MaxValue). Fixes issue #165: Set-RegistryKeyValue rejects unsigned integers larger than [int]::MaxValue.Quiet switch.Force parameter to preserve previous behavior.Carbon.Identity object if the identity exists and you use the -PassThru switch. It used to return the identity's SID. Update scripts to use the FullName property to get the old return value, e.g. Test-Identity -Name $userName -PassThru | Select-Object -Expand 'FullName'.Environment class's new Is64BitProcess property.Environment class's new Is64BitProcess property.AsSecureString switch, which will return a secure string instead of a normal string.Password parameter now accepts SecureString values.RefreshIntervalMinutes default value changed to from 15 to 30; RefreshIntervalMinutes minimum value is now 30; ConfigurationFrequency's minimum value is now 1 (from 2).alpha.26Carbon_Script resource. It only existed so I could pass values to my script blocks. Turns out, the built-in Script resource supports this with the $using: scope. Remember, your most important features is documentation!Carbon_ScheduledTask DSC resource for managing scheduled tasks.Version property on the objects returned by Get-ProgramInstallInfo is now a proper .NET Version object instead of an integer.Carbon_Permission DSC resource fails when assigning multiple permissionsalpha.31System.ServiceProcess.ServiceController extended type data causes errors when PowerShell formats System.ServiceProcess.ServiceController objects that represent services on remote computers.Import-Carbon.ps1 is more intelligent about when it tries to re-load Carbon. It will force a re-import of Carbon if any of Carbon's files have changed or the version has changed.ServiceController objects by default. This should improve backwards-compatability. Added a PassThru switch you can use to get a ServiceController object returned to you.net helpmsg to get helpful error messages based on sc.exe exit codes.Credential parameter for increased security and to follow PowerShell guidelines.Start-Service would write an error even if somone called Install-Service with an Ignore or SilentlyContinue error action preference.PassThru parameter to Install-IisAppPool to control when a Microsoft.Web.Administration.ApplicationPool for the installed app pool is returned.System.ServiceProcess.ServiceController objects now supports services from remote computers.FileIndex, LinkCount, and VolumeSerialNumber extended type data on System.IO.FileInfo objects for getting a file's index, its hard link count, and volume serial number, respectively.PassThru switch is used. In previous 2.0 alpha releases, it only returned something when permissions on an object were added or changed.PassThru switch is used. In previous 2.0 alpha releases, it only returned an object if a user was created or updated.PassThru switch is used. In previous 2.0 alpha releases, it only returned an object if permissions were changed.PassThru switch is used. In previous 2.0 alpha releases, it only returned an object if the application was created or modified.Carbon.Computer.ProgramInstallInfo objects (returned from Get-ProgramInstallInfo) now have ProductCode and User properties. If a program doesn't have a product code, it is set to [Guid]::Empty. The User property is only set for per-user software installs.-Force switch to all Invoke-WindowsInstaller[Install-Msi](Install-Msi.html) usages.SiteID parameter to Install-IisWebsite for setting a website's IIS ID.-Verbose switch.-PasswordNeverExpires switch to PasswordExpires on Install-User for improved backwards-compatability.PassThru switch to get the old behavior.Get-Item Carbon.dll | Select-Object -ExpandProperty 'VersionInfo' | Select-Object -ExpandProperty 'ProductVersion'AsSecureString switch to Unprotect-String which causes Unprotect-String to return a secure string instead of a normal string.SecureString as the value for the Password parameter, which is the password for the private key used to decrypt from password-protected RSA certificate file.Credential parameter to Install-IisAppPool for increased security and to follow PowerShell guidelines.Credential parameter to Install-User for increased security and to follow PowerShell guidelines.ConfigurationElement objects from the Microsoft.Web.Administration API that you can modify.Description and DisplayName properties to Carbon_Service for setting a service's description and display name.Carbon.Identity object. The SID may be a string (SID in SDDL form), byte array, or a SecurityIdentifier object.Win32_Share objects for the file shares installed on the local computer.SID parameter to Resolve-IdentityName to resolve a SID into its identity name.ConvertTo-SecurityIdentifer function to convert a binary, string, or System.Security.Principal.SecurityIdentifier object into a System.Security.Principal.SecurityIdentifier object.net.exe.Carbon_FirewallRule now fails with an error if it finds multiple firewall rules with the same name.UDWord and UQWord parameters for setting registry key values to unsigned integers (i.e. integer values greater than [int]::MaxValue and [long]::MaxValue). Fixes issue #165: Set-RegistryKeyValue rejects unsigned integers larger than [int]::MaxValue.Quiet switch.Force parameter to preserve previous behavior.This is the last minor release for version 1.0. Future 1.0-compatible releases will only contain bug fixes, no new features. It takes too much time to maintain two versions, and I'd rather spend my time getting 2.0 out the door. Carbon 2.0 will require PowerShell 4.0, so start planning.
KeyStorageFlags parameter to Get-Certificate when loading a certificate from a file for better control when storing the certificate.schtasks.exe.schtasks.exe.schtasks.exe.schtasks.exe.Import-Carbon fails when -WhatIf switch is used.PATH environment variable contains a path to a non-existent drive (issue #134).hkcr: drive.Write-Verbose instead of Write-Host. See Write-Host Considered Harmful.
X509Certificate2 object instead of just a path to a certificate.StoreName to X509Store objects to return the store's System.Security.Cryptography.X509Certificates.StoreName value.X509Store objects. PowerShell's default view is a list, so you'll have to explicitly format the objects as a table, e.g. dir cert:\LocalMachine | Format-Table.Path parameter now supports wildcards and certificate provider paths, e.g. cert:\.Programs and Features UI.Credential parameter.makecert.exe and pkv2pfx.exe. Requires that you've installed a Windows SDK.Name and LiteralName parameters to Get-FirewallRule to return specific rules instead of all of them.Carbon.Firewall.Rule objects, instead of anonymous hashes.netsh advfirewall firewall rule show had a verbose switch? RTFM.System.Security.AccessControl.InheritanceFlags and System.Security.AccessControl.PropagationFlag values into a Carbon.Security.ContainerInheritanceFlags value.System.ServiceController.Service:
PATH environment variable contains an empty path.DisplayName on X509Store objects returning wrong store name for custom stores, now returns an empty string.Carbon.Identity.FindByName method and the Resolve-IdentityName and Test-Identity functions now handle identity names with . for the domain/machine name, e.g. .\Administrator.Carbon.Identity.FullName property returns the wrong value when domain is empty/null, e.g. Resolve-IdentityName -Name 'Everyone' returns \Everyone, when it should return Everyone.Carbon.Identity.FindByName method and the Resolve-IdentityName and Test-Identity functions unable to resolve LocalSystem account (which is actually NT AUTHORITY\SYSTEM).There is now a Carbon support mailing list.
-WhatIf switch.-Verbose switch because I think the verbose output is too verbose and not helpful at all.Prefix parameter) to avoid name collisions and follow best practices.$false when testing leaf-level permissions and the ApplyTo parameter is provided, i.e. it doesn't ignore inheritance/propagation flags on leaves.Path parameters which represented virtual paths to VirtualPath (with backwards-compatible aliases):
SiteName parameter to Name (with a backwards-compatible alias).Name parameters which represented virtual paths to VirtualPath (with backwards-compatible aliases):
Path parameters which represented physical paths to PhysicalPath (with backwards-compatible aliases):
Synchronize permission when checking for exact permissions, since this permission is always on and can never be removed from a file/directory.Carbon.Identity class for representing identities. It also contains a static FindByName method which uses The Windows LookupAccountName function to find full account names, domains, and sids.[Carbon.Identity]::FindByName to find identities so it no longer throws exceptions when an identity can't be found.Updated Resolve-IdentityName to use [Carbon.Identity]::FindByName to find identities so it no longer throws exceptions when an identity can't be found.
-Runtime 'v2.0'.PhysicalPath script property, so you don't have to traverse down into the default application's default virtual directory object to get it.Microsoft.Web.Administration.Application objects for all or specific applications under a website.Microsoft.Web.Administration API instead of appcmd.exe.ExecutionPolicy parameter to Invoke-PowerShell to allow setting a custom exeuction policy when using Invoke-PowerShell to run a script.OutputFormat argument to Invoke-PowerShell so your scripts/script blocks can return XML results instead of plain text.Args parameter to ArgumentList (with backwards compatibile Args alias).Command parameter to ScriptBlock (with backwards-compatible Command alias).ProviderName parameter to Set-DotNetConnectionString for setting a connection string's providerName attribute/value.CommitChanges method so you can persist modifications you make to the site.SiteName is given.Description parameter is now optional.$CarbonImported. Carbon no longer exports any of its variables.SeBatchLogonRight. Install-IisAppPool now grants this privilege on all operating systems. If this won't work in your environment, you can remove these privileges with Revoke-Privilege.Import-Carbon.ps1 script to import Carbon regardless of the name of the directory Carbon is installed in.IssuedTo and IssuedBy properties to X509Certificate2 objects. The values match what the Certificates MMC snap-in displays.DisplayName property to X509Store objects, to show the names of the stores as they are displayed in the Certificates MMC snap-in.net.exe command/application. Updated all functions that call net.exe to use this function to resolve its path. Thanks to Paul Aage Aasheim for discovering that when running login scripts, net.exe isn't in the path.SeBatchLogonRight.Username parameter doesn't exist).net.exe when running as part of a Windows logon script. Thanks to Paul Aage Aasheim for identifying and reporting this bug. All usages of the net.exe application were updated to use the new Resolve-NetPath function, which get the path to net.exe without assuming it is in the user's PATH environment variable.$env:COMPUTERNAME\Username.Quiet parameter from calls to the Import-Carbon.ps1 script.Import-*.ps1 script for your module which imports Carbon before importing your own module. Update your scripts to import your module with your fancy new Import-*.ps1 script. See Best Practices for Importing PowerShell Modules for details.Import-Carbon.ps1 script no longer checks if Carbon is a sub-module of another module, so the Quiet parameter was removed. Please don't nest Carbon in your modules! It will cause havoc.Import-Carbon.ps1 will no longer stop execution if an error occurs during an import (i.e. the $ErrorActionPreference = 'Stop' line was removed).Dependencies parameter to Dependency (with backwards-compatible alias), to follow PowerShell naming standards.FullName parameter.Dependency parameter doesn't have a value. Sometimes.Add-IisServerManagerMembers to Add-IisServerManagerMembers, with backwards-compatible alias.StatusCode alias for Set-IisHttpRedirect's HttpResponseStatus parameter, for backwards-compatibility with earlier releases.Entries parameter to Entry, with backwards-compatible alias.Jobs parameter to Job, with backwards-compatible alias.Entries parameter to Entry, with backwards-compatible alias.ContainerInheritanceFlags parameter to ConvertTo-InheritanceFlag, with backwards-compatible alias.ContainerInheritanceFlags parameter to ConvertTo-InheritanceFlag, with backwards-compatible alias.Permissions parameter to Permission, with backwards-compatible alias.Members parameter to Member.Features alias for Install-WindowsFeature's Name parameter, for backwards-compatibility with earlier releases.Features alias for Uninstall-WindowsFeature's Name parameter, for backwards-compatibility with earlier releases.This release contains many backwards incompatible changes. We apologize for this inconvenience. We are making these changes so we can get ready for the v1.0 release. One of our goals for v1.0 is to get the functions and their interfaces internally consistent and consistent with PowerShell naming schemes. Once v1.0 is out the door, backwards-incompatible changes will be phased in as much as possible.
Take the following steps to get your scripts to work with this release.
Replaces usages of:
Get-SslCertificateBinding -IPPort '0.0.0.0:443' with Get-SslCertificateBindingGet-SslCertificateBinding -IPPort '10.1.1.1:8001 with Get-SslCertificateBinding -IPAddress '10.1.1.1' -Port 8001Test-SslCertificateBinding -IPPort '0.0.0.0:443 with Test-SslCertificateBindingTest-SslCertificateBinding -IPPort '10.1.1.1:8001 with Test-SslCertificateBinding -IPAddress '10.1.1.1' -Port 8001Set-SslCertificateBinding -IPPort '0.0.0.0:443 with Set-SslCertificateBindingSet-SslCertificateBinding -IPort '1.2.3.4:8001' withSet-SslCertificateBinding -IPAddress '1.2.3.4' -Port 8001Remove-SslCertificateBinding -IPPort '0.0.0.0:443 with Remove-SslCertificateBindingRemove-SslCertificateBinding -IPPort '10.1.1.1:8001 with Remove-SslCertificateBinding -IPAddress '10.1.1.1' -Port 8001Replace usages of
Set-EnvironmentVariable -Scope 'Process' with Set-EnvironmentVariable -ForProcessSet-EnvironmentVariable -Scope 'User' with Set-EnvironmentVariable -ForUserSet-EnvironmentVariable -Scope 'ForComputer' with Set-EnvironmentVariable -ForComputerRemove-EnvironmentVariable -Scope 'Process' with Remove-EnvironmentVariable -ForProcessRemove-EnvironmentVariable -Scope 'User' with Remove-EnvironmentVariable -ForUserRemove-EnvironmentVariable -Scope 'ForComputer' with Remove-EnvironmentVariable -ForComputerProtect-String -Scope CurrentUser with Protect-String -ForUserProtect-String -Scope LocalMachine with Protect-String -ForComputerStatusCode property on the object returned by Get-IisHttpRedirect to HttpResponseStatus. Update usages accordingly.Bindings property returned by Get-IisWebsite is now a collection of Microsoft.Web.Administration.Binding objects. Update usages of $site.Bindings[$idx].IPAddress and $site.Bindings[$idx].Port to $site.Bindings[$idx].Endpoint.Address and $site.Bindings[$idx].Endpoint.Port, respectively.Replace usages of:
Set-IisAnonymousAuthentication with Enable-IisSecurityAuthentication -AnonymousSet-IisAnonymousAuthentication -Disabled with Disable-IisSecurityAuthentication -AnonymousSet-IisBasicAuthentication with Enable-IisSecurityAuthentication -BasicSet-IisBasicAuthentication -Disabled with Disable-IisSecurityAuthentication -BasicEnable-IisSecurityAuthentication -Windows and Set-IisWindowsAuthentication -DisableKernelModeSet-IisWindowsAuthentication -UseKernelMode with Set-IisWindowsAuthenticationSet-IisWindowsAuthentication -Disabled with Disable-IisSecurityAuthentication -WindowsUnlock-IisConfigSection -Name <string> with Unlock-IisConfigurationSection -SectionPath <string> (run appcmd.exe lock config -section:? for values to the new SectionPath parameter)Unlock-IisBasicAuthentication with Unlock-IisConfigurationSection -SectionPath 'system.webServer/security/authentication/basicAuthentication'Unlock-IisCgi with Unlock-IisConfigurationSection -SectionPath 'system.webServer/cgi'Unlock-IisWindowsAuthentication with Unlock-IisConfigurationSection -SectionPath 'system.webServer/security/authentication/windowsAuthentication'Replace usages of:
Split-Ini -Path <string> with Split-Ini -Path <string> -AsHashtable (hashtable is no longer returned by default)Split-Ini -Path <string> -PassThru with Split-Ini -Path <string> (per-line objects are now returned by default)Replace usages of
Get-PathRelativeTo -To <string> -From <string>' with Resolve-RelativePath -Path <string> -FromDirectory <string>Get-PathRelativeTo -To <string> -From <string> -FromType 'File' with Resolve-RelativePath -Path <string> -FromFile <string>null and a single object, respectively. Update usages accordingly.null. Update usages accordingly.True or False if the user doesn't have admin privileges. It also no longer throws an exception, but writes an error. If you want to preserve current behavior where it stops script execution, replace usages with Assert-AdminPrivileges -ErrorAction Stop.Replace usages of:
Install-Share -Permissions '"ShareAdmins,FULL"','"ShareWriters,CHANGE"','"ShareReaders,READ"' with Install-SmbShare -FullAccess ShareAdmins -ChangeAccess ShareWriters -ReadAccess ShareReaders.Replace usages of:
Test-WindowsFeature -InstalledInstall-WindowsFeatureIis with Install-WindowsFeature -IisInstall-WindowsFeatureIis -HttpRedirection with Install-WindowsFeature -Iis -IisHttpRedirectionInstall-WindowsFeatureMsmq with Install-WindowsFeature -MsmqInstall-WindowsFeatureMsmq -HttpSupport with Install-WindowsFeature -Msmq -MsmqHttpSupportInstall-WindowsFeatureMsmq -ActiveDirectoryIntegration with Install-WindowsFeature -MsmqActiveDirectoryIntegrationMicrosoft.Web.Administration.AppPool object for an application pool.IPAddress and/or Port.Carbon.Certificates.SslCertificateBinding objects. All information displayed by the netsh http show sslcert command is returned as part of those objects.IPAddress and Port separately, instead of requiring both. The old IPPort parameter is replaced with IPAddress and Port parameters.IPAddress and Port separately, instead of requiring both. The old IPPort parameter is replaced with IPAddress and Port parameters.IPPort parameter on Get-SslCertificateBinding with separate IPAddress and Port parameters on Get-SslCertificateBindings. Set IPAddress only if you want to bind to a specific IP address (i.e. not 0.0.0.0). Set Port if not binding to port 443.IPPort parameter on Remove-SslCertificateBinding with separate IPAddress and Port parameters. Set IPAddress only if you want to remove a binding for a specific IP address (i.e. not 0.0.0.0). Set Port if the binding is not on port 443.Scope parameter on Set-EnvironmentVariable and Remove-EnvironmentVariable with scope-specific ForProcess, ForUser, and ForComputer switches.Scope parameteter with the ForUser or ForComputer scope-specific switches.Carbon.Ini.IniNode objects instead of hashtables.PassThru switch is no longer needed for this behaviro). This makes it more PowerShell-y. The old behavior of returning a Hashtable is available be using the new AsHashtable switch.Set-IisAnonymousAuthentication with Enable-IisSecurityAuthentication and Disable-IisSecurityAuthentication.Set-IisBasicAuthentication with Enable-IisSecurityAuthentication and Disable-IisSecurityAuthentication.DisableKernelMode switch.Unlock-IisConfigSection to Unlock-IisConfigurationSection.Name parameter and replaced it with SectionPath, which takes a list of full path to the configuration section(s) to unlock.Unlock-IisBasicAuthentication in favor of Unlock-IisConfigurationSection -SectionPath 'system.webServer/security/authentication/basicAuthentication'.Unlock-IisCgi in favor of Unlock-IisConfigurationSection -SectionPath 'system.webServer/cgi'.Unlock-IisWindowsAuthentication in favor of Unlock-IisConfigurationSection -SectionPath 'system.webServer/security/authentication/windowsAuthentication'.ReadAndExecute file system permissions on the service executable to the service identity instead of FullControl.WhatIf support.ServiceAccount parameter isn't given.Carbon.Iis.HttpRedirectConfigurationSection object. The StatusCode property on the old object is now named HttpResponseStatus.StatusCode parameter on Set-IisHttpRedirect to HttpResponseStatus (added backwards-compatible alias in v0.5.0.1).Microsoft.Web.Administration.Site object.Get-PathRelativeTo to Resolve-RelativePath. Renamed its To parameter to Path, and moved it to position 0. Replaced/combined the From and FromType parameters with FromDirectory and FromFile parameters.Get-Item and Get-ChildItem output, e.g. Get-Item C:\WINDOWS | Resolve-PathCase returns C:\Windows.null or a single object instead of an empty/single element array when there are no or one performance counters.null if there are no trusted hosts. (It used to return an empty array.)False. It returns True if the user has privileges.Permissions parameter on Install-SmbShare with FullAccess, ChangeAccess, and ReadAccess parameters. Previously, to set share permissions, you passed in specially-formatted values to the Permission parameter, e.g. "MyGroup,FULL","MyOtherGroup,READ". Now, just pass a list of identity name(s) to the FullAccess, ChangeAccess, or ReadAccess parameters to grant those identies full, change, or read access, e.g. -FullAccess MyGroup -ReadAccess MyOtherGroup.Installed switch to detect if a feature exists and if it is installed.Features parameter to Name (added backwards-compatible alias in v0.5.0.1).Install-WindowsFeatureIis and replaced with Iis and IisHttpRedirection switches on Install-WindowsFeature.Install-WindowsFeatureMsmq and replaced with Msmq, MsmqHttpSupport, and MsmqActiveDirectoryIntegration switches on Install-WindowsFeature.Features parameter to Name (added backwards-compatible alias in v0.5.0.1).Iis, IisHttpRedirection, Msmq, MsmqHttpSupport, and HttpActiveDirectoryIntegration switches to Uninstall-WindowsFeature.Write-Error.Start-Service yourself. Install-Service only starts services whose startup type is set to Automatic (which is the default).subinacl.exe program. We didn't have permission to distribute. Plus its no longer supported. If any of your scripts used Invoke-SubInAcl, you'll want to download subinacl.exe yourself and copy Invoke-SubInAcl before upgrading (you can find it in the Carbon directory in the Services.ps1 file.Path parameter moved from position 3 to position 1. Re-order your parameters accordingly.Set-IisDirectoryBrowsing to Enable-IisDirectoryBrowsing. If you use named parameters, rename its Directory paremter to Path.Set-HgrcDefaultPushUrl with Set-IniEntry instead, e.g. Set-IniEntry -Path 'Path\to\repo\.hg\hgrc' -Section paths -Name 'default.push' -Value 'DefaultPushUrl'Get-FullPath with ConvertTo-FullPath.SeServiceLogonRight privilege. This replaces usage of Microsoft's legacy ntrights.exe, which we probably didn't have permission to distribute.Invoke-SubInAcl function and the subinacl.exe program. Use the Grant-ServicePermission and Revoke-ServicePermission functions instead. If you still need subinacl.exe, please download it from Microsoft.ApplyTo parameter, which should be a value of the new Carbon.Security.ContainerInheritanceFlags enumeration, which encapsualtes all the valid combinations of inheritance/propagation flags. See the help for Grant-Permissions for more information. Thanks to Jonathan Valdez for the feature request and initial code.Carbon.Security.ContainerInheritanceFlags to the necessary/applicable System.Security.AccessControl.InheritanceFlags.Carbon.Security.ContainerInheritanceFlags to the necessary/applicable System.Security.AccessControl.PropagationFlags.Set-IisDirectoryBrowsing to Enable-IisDirectoryBrowsing and renamed its Directory parameter to Path.Set-HgrcDefaultPushUrl. Use Set-IniEntry instead.Get-FullPath to ConvertTo-FullPath to adhere to PowerShell naming conventions.StartupType is set to Manual or Disabled.Path is now the first parameter to Grant-Permissions (it was the third) to match PowerShell standards/patterns.Carbon\Carbon.psd1, or, if Carbon is imported in your console, running Get-Module Carbon | Select-Object Version.My Computer, select Properties, click the COM Security tab then click the Edit Default.. or Edit Limits... buttons under Access Permissions or Launch and Activation Permissions, respectively.Administrators into BUILTIN\Administrators.Quiet parameter to Set-RegistryKeyValue so that Write-Host output is muffled.This release contains backwards-incompatible changes to the following functions:
Set-IisSslFlagsThis function was renamed to Enable-IisSsl. Its Enable128BitSsl parameter was renamed to Require128BitSsl.
Configuring client certificates is now a little stricter/clearer. You can no longer specify both AcceptClientCertificates and RequireClientCertificates. Also, if you specify RequireClientCertificates, you must now also supply the RequireSsl switch (before, setting the RequireClientCertificates switch implicitly set the RequireSsl switch).
Make sure you're not calling Set-TrustedHosts with an empty array/value for the Entries parameter. The function now throw an error in that situation. If you need to clear the list of trusted hosts, use Clear-TrustedHosts.
If you call Invoke-PowerShell without the x86 switch and PowerShell is 32-bit, you'll get an error. Under Windows x64, 32-bit PowerShell can't start the 64-bit instance because Windows redirects all access from C:\Windows\system32 to C:\Windows\SysWOW64. If anyone knows how to get around this, let me know!
Set-IisSslFlags to Enable-IisSsl to better reflect what it does. Also, created parameter sets around client certificate settings so you can't configure them incorrectly. (Fixes #25: Set-IisSslFlags: Create parameter sets to accurately reflect what flags are allowed to be set simultaneously.)WhatIf support to Install-MsmqMessageQueue.Enable-IisSsl/Set-IisSslFlags's Enable128BitSsl parameter to Require128BitSsl] (Fix #24 Set-IisSslFlags: Rename the Enable128BitSsl parameter to Require128BitSsl).Entries parameter is now required. To clear the trusted hosts list, use Clear-TrustedHosts.Clear parameter to the Grant-Permissions function for clearing any non-inherited permissions on a file system/registry item.Invoke-SubInAclInstall-ShareInstall-WindowsFeatureIisInstall-WindowsFeatureMsmqSet-HgrcDefaultPushUrlUnlock-IisBasicAuthenticationUnlock-IisCgiUnlock-IisConfigSectionSet-HgrcDefaultPushUrl