PowerShell Version

[nexxai]

I tried running your script yesterday on a server with an outdated version of PowerShell (unfortunately I didn't make note of what version) on Windows Server 2008 R2 and it failed, not knowing what the Install-WindowsFeature or Add-WindowsFeature cmdlets were. After installing PowerShell v4.0, everything started working normally.

Is it possible to add a check to the script to see which version of PowerShell it's running in and if it's too old, to point the user to Windows Management Framework (which includes PowerShell) from here: https://www.microsoft.com/en-ca/download/details.aspx?id=40855

[nm777]

I ran into this issue as well. Here are some details. Here are the error messages (everything below this succeeds):

The following shares needing to be protected: C:\,E:\,D:\
Checking File Server Resource Manager..
The term 'Invoke-WebRequest' is not recognized as the name of a cmdlet, function, script file, or operable program. Che
ck the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\kworking\DeployCryptoBlocker.ps1:88 char:44
+ $monitoredExtensions = @((Invoke-WebRequest <<<<  -Uri "https://fsrm.experiant.ca/api/v1/get").content | convertfrom-
json | % {$_.filters})
    + CategoryInfo          : ObjectNotFound: (Invoke-WebRequest:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Purging Non-Admin NTFS permissions on script directory [C:\FSRMScripts]..
Purging Non-Admin NTFS permissions on batch directory [C:\FSRMScripts]..
Writing defensive PowerShell script to location [C:\FSRMScripts\KillUserSession.ps1]..
Out-File : Access to the path 'C:\FSRMScripts\KillUserSession.ps1' is denied.
At C:\kworking\DeployCryptoBlocker.ps1:177 char:23
+ $scriptConf | Out-File <<<<  -Encoding ASCII $scriptFilename
    + CategoryInfo          : OpenError: (:) [Out-File], UnauthorizedAccessException
    + FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

Writing batch script launcher to location [C:\FSRMScripts\KillUserSession.bat]..
Out-File : Access to the path 'C:\FSRMScripts\KillUserSession.bat' is denied.
At C:\kworking\DeployCryptoBlocker.ps1:179 char:22
+ $batchConf | Out-File <<<<  -Encoding ASCII $batchFilename
    + CategoryInfo          : OpenError: (:) [Out-File], UnauthorizedAccessException
    + FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

It appears to be choking on the Invoke-WebRequest commandlet, which according to https://technet.microsoft.com/en-us/library/hh849901.aspx was first available in PowerShell v3.0.

You can add the following to require a check for PowerShell v3.0:

#requires -version 2

or maybe check for the version and if it's less than 3, use a static list instead, something like this:

if ($PSVersionTable.PSVersion.Major -lt 3) { Write-Host "Foobar!" }

[m-dwyer]

You're right. This is an oversight on my behalf. I did write this with the intention of being backwards compatible with earlier versions of Server and PowerShell. I've fixed this in fe88aea389cc93aa253aad026ad857f395a5750a, where I'm using the .NET WebClient class which exists in old versions of .NET. I don't have a Server 2008 machine to test on, so please let me know how this goes and once okay, I'll close this out.

EDIT: Looks like ConvertFrom-JSON also isn't in PowerShell 2.0 from what I can tell..

[nm777]

Thanks for the update! I really appreciate you making this public. Unfortunately, you're right -- ConvertFrom-Json is also a PowerShell 3.0 commandlet:

The following shares needing to be protected: C:\
Checking File Server Resource Manager..
FSRM not found.. Installing (2008 R2)..

Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True    No             Success   {File Server Resource Manager}
The term 'ConvertFrom-Json' is not recognized as the name of a cmdlet, function
, script file, or operable program. Check the spelling of the name, or if a pat
h was included, verify that the path is correct and try again.
At C:\kworking\DeployCryptoBlocker.ps1:90 char:50
+ $monitoredExtensions = @($json | ConvertFrom-Json <<<<  | % { $_.filters })
    + CategoryInfo          : ObjectNotFound: (ConvertFrom-Json:String) [], Co
   mmandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[https://technet.microsoft.com/en-us/library/hh849898%28v=wps.620%29.aspx]

This might be an option ([http://stackoverflow.com/questions/28077854/powershell-2-0-convertfrom-json-and-convertto-json-implementation]), but it looks like there is a .NET dependency (.NET 3.5 required) that should also be checked to make this work. I spent some time looking into this but got pulled aside for other tasks and haven't had time to track down how to make this work yet. If I figure it out, I'll post it here for you to review and implement if you see fit.

Again, thanks for sharing this!

[m-dwyer]

I've added the ConvertFrom-Json20 function in fcc6b5d1027e17853bbc374b81464b46829edcef. As you've mentioned, it does require .NET 3.5, and from the brief searching I've done Server 2008, SBS etc seem to come with .NET 2.0 by default.

Unfortunately I don't have access to a wide variety of server OSes now like in my previous position, so I'm unsure how prevalent .NET 3.5 is on older versions -- so I'll look at an alternative. Json.NET is an option and supports .NET 2.0 (http://www.newtonsoft.com/json/help/html/Introduction.htm), but I'd like to avoid dependencies if possible.

[nm777]

Just a quick note that this seems to work for me on at least one system I tested with the obvious caveat that a minimum of .NET 3.5 must be installed. Thanks for your help on this!

[nreisbeck]

At this point honestly, there is no reason to continue targeting PowerShell Version 2.0. PowerShell 5.0 is able to be installed on Windows Server 2008 R2 without issue and has a dependency list of:

• WMF 4.0
• .NET 4.5+

PowerShell 4.0 can be install also without issue, and has the following dependencies of:

• .NET 3.5.1+

Targeting a minimum of PowerShell 3.0 introduces many more built in functions not limited to a native ConvertFrom-JSON cmdlet that can remove depreciated .NET object calls.

I'm all for backwards compatibility, but writing to PSv2 is just hamstringing.