Experimental:Windows Powershell and TouchDesigner

From Derivative
Jump to navigation Jump to search

What is PowerShell?[edit]

PowerShell is a cross platform task-based command-line shell and scripting language designed especially for system administration. It is the most modern command shell designed directly into Windows and can function as a replacement to the Windows CMD shell as well as ported linux / unix variants like MINGW64 that comes with GIT etc. The shell supports Windows commands and many familiar Unix commands. It operates well to translate the annoying differences between path and string manipulations between Unix and Windows. It functions well with Python. It has a modern .NET architecture making it secure and easier to setup in corporate environments. All these factors and more make PowerShell a useful tool for TouchDesigner engineers who deploy large and small scale multi-server managed systems both for personal use or corporate clients. This document covers how to setup PowerShell to simplify management of TouchDesigner applications running over a network. For more general information on PowerShell start here...

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/powershell

Setting up PowerShell[edit]

You will require administrator privlages to proceed through this setup process. If you require network access to other workstations on a network managed by someone else or an organization you will need to direct their systems administrator to this document for their review and assistance. To get started this document assumes you have more than one Windows 10 based computer.

Ultimately to control computers over a network using PowerShell, your user account must have access to each computer, and each computer must have the correct services activated. This document attempts to cover these two main issues.

User Account Setup Checklist[edit]

Microsoft has made it increasingly more difficult to create a Windows user account that isn't based around a registered email address. As well the user interface for creating and managing user accounts is persistently changing. To avoid this document falling quickly out of date we provide only a checklist of items you must ensure on each computer. Both usernames using email addresses and standard non-email based usernames are compliant with this process.

  • All computers should be assigned a common user that matches in name and password for each system.
  • This user account should have Administrator privileges for the duration of this setup process. To be compliant with security requirements, the privileges may be adjusted or different accounts can be used once the setup process is complete. Alternatively, the Administrator can use their own privileges to follow this setup process, then later, double check operation with standard account privileges.

Opening PowerShell in Administrator Mode[edit]

Open PowerShell by clicking the Windows Start menu and instantly search by typing "PowerShell". The PowerShell icon will appear in the Start menu. You must start the PowerShell in Administrative Mode. To do so, right click on the icon and from the popup menu select "Run as Administrator". An possible alternative method to quickly reach the PowerShell is to right click on the Start menu. From the popup menu you can select Windows PowerShell (Admin). When starting PowerShell in Administrator mode, you will get a Windows dialog popup notification, which you should click Yes to. When open the PowerShell application window header will read "Administrator: Windows PowerShell"

Activate Windows Remote Management Service (WinRM)[edit]

You must ensure Windows Remote Management (WinRM) service is running and also that it will automatically start when you restart Windows. PowerShell provides an easy command to make this process simple.

  • Verify your username and computername to make sure you are working in the shell as the correct user and on the correct computer. The username returned here is the username you should be using in PowerShell. It may not match what username appears at the Windows login screen, which for example might be an email address.
$env:UserName
$env:ComputerName
  • Run the WinRM quick configuration command to setup remote services and general remote configuration...

winrm quickconfig

  • If things are already setup correctly you will get this...

WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
  • If things are not setup yet you will proceed through the questions...
WinRM is not set up to receive requests on this machine.
The following changes must be made:
Start the WinRM service.
Set the WinRM service type to delayed auto start.
  • Type "y" for this and every requirement that follows. It will set some permissions rules and a firewall exception.
  • Run the following PowerShell commands to setup the firewall for clear communication between hosts.
netsh advfirewall firewall add rule name="Enable Echo Ping Request" protocol="icmpv4:8,any" dir=in action=allow
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
  • Setup trusted hosts to trust all computer names. # Trust all hosts
Set-Item WSMan:localhost\client\trustedhosts -value *
  • Verify trusted hosts configuration
Get-Item WSMan:\localhost\Client\TrustedHosts
  • Repeat these steps for each computer you want to control remotely on the network.
  • Double check your permissions on each computer. From each system, you should be able to open a PowerShell and ping every other system.

Testing PowerShell[edit]

If things are configured correctly you should be able to do the following.

  • Log into any other configured host with the following command.
Enter-PSSession -ComputerName <COMPUTERNAME> -Credential <USERNAME>
  • A Windows dialog for PowerShell credentials will appear. Enter your password here. Once logged in, you will notice the command prompt indicates you are logged into another host by printing the computer name between square brackets at the start of the command line [COMPUTERNAME]. For example the regular administrator prompt looks like this...
PS C:\Windows\System32>
  • While the prompt looks something like this when logged into the remote host.
[ComputerName]: PS C:\Users\UserName\Documents>
  • When logged into another host with a remote shell you can run any command using the Invoke-Command.
[ComputerName]: PS C:\Users\UserName\Documents> Invoke-Command -scriptblock {$env:ComputerName}
  • Or when on your local shell prompt you can run any command remotely using Invoke-Command with credentials.
PS C:\Windows\System32> Invoke-Command -ComputerName COMPUTERNAME -Credential USERNAME -scriptblock {$env:ComputerName}

Understanding Windows Sessions and Powershell[edit]

A Windows session consists of all the process and other system objects that represent a single user's logon. When Windows starts up it will start a session that consists of the main services and drivers. As it continues to load into the graphical desktop it loads another session.

Windows PowerShell ISE[edit]

Windows PowerShell ISE is a useful interactive tool for experimenting with PowerShell scripts. You can easily sketch ideas and execute them and quickly store and recall your work.

https://docs.microsoft.com/en-us/powershell/scripting/windows-powershell/ise/exploring-the-windows-powershell-ise?view=powershell-7.1

Running TouchDesigner Remotely with PowerShell and PSTools[edit]

  • Using the Invoke-Command cmdlet you can execute any application on your local computer. For example to start Notepad open a new PowerShell and use the following command:
Invoke-Command -scriptblock {notepad}
  • However running the same command from a remote PSSession will start the application but the user interface will never appear. Checking the Windows Task Manager will reveal that Notepad started but Windows security does not permit graphical applications to open from remote sessions. There are two know methods to work around this issue. The first is to install PSTools and the second is to use the Windows Task Scheduler.

Installing PSTools[edit]

  • PSTools is a set of shell executable commands that facilitate the automation of computer behavior - in particular starting and stopping applications as well as Windows services and other nice features. These are tools provided by Microsoft. They don't need to be installed with an installer, simply unzip them to a location in the Windows application path. A recommended location that is automatically in the Windows application path is C:\Users\<MYUSERFOLDER>\AppData\Local\Microsoft\WindowsApps .
  • Download PsTools Suite here...
https://docs.microsoft.com/en-us/sysinternals/downloads/pstools

$s = New-PSSession -ComputerName HOSTNAME -Credential USERNAME

Copy-Item -ToSession $s C:\PowerShellZipFolder\ps*.exe -Destination C:\Users\USERNAME\AppData\Local\Microsoft\WindowsApps\ -PassThru

Starting Applications with PSExec[edit]

Enter-PSession[edit]

Enter-PSSession -ComputerName HOSTNAME -Credential USERNAME

psexec \\localhost -i -d -u "NT AUTHORITY\NETWORK SERVICE" notepad

Stop-Process -Force -Name "notepad"

Exit-PSession

New-PSession[edit]

$s = New-PSSession -ComputerName HOSTNAME -Credential USERNAME

Enter-PSession $s

psexec \\localhost -i -d -u "NT AUTHORITY\NETWORK SERVICE" notepad

Stop-Process -Force -Name "notepad"

Exit-PSession $s

Start Stop Notepad[edit]

Invoke-Command –ComputerName HOSTNAME -Credential USERNAME -ScriptBlock {psexec -accepteula -s \\localhost -i -d -u "NT AUTHORITY\NETWORK SERVICE" notepad}

Invoke-Command –ComputerName HOSTNAME -Credential USERNAME -ScriptBlock {Stop-Process -Force -Name "notepad"}

Executing Powershell Scripts[edit]

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine

Get-ExecutionPolicy -List

PowerShell Cheatsheet[edit]

  • Invoke-Command -ScriptBlock {notepad}
  • Invoke-Command –ComputerName HOSTNAME -Credential USERNAME -ScriptBlock {psexec -s \\localhost -i -d -u "NT AUTHORITY\NETWORK SERVICE" notepad}

Check the status of WinRM

  • Get-WmiObject -Class win32_service | Where-Object {$_.name -like "WinRM"}
  • Disconnect-PSSession -Id (1..5)
  • Get-PSSession | Disconnect-PSSession | Remove-PSSession: