Your PowerGUI Community: Simplify your PowerShell related GUI and script editing needs.
This article explains how to create customized branded locked-down PowerGUI configurations. This functionality enables the following scenario:
An IT architect/consultant/system integrator customizes PowerGUI admin console, leaving only the functionality for a particular role (e.g. helpdesk) within this particular organization needs. For example, it would have a list of users limited to a specific geographic location and only provide actions to reset passwords, change phone numbers, and so on.
PowerGUI admin console (without script editor) gets installed for each helpdesk person in the office.
A new management feature is used to lock-down these consoles so helpdesk people cannot see the PowerShell code behind the actions, or modify the functionality, and so on.
This helps equip everyone in the IT organization with the exact tools they need, gets rid of scripting (scripts get turned into admin console UI), and thus reduces risk and associated costs, etc.
The Central Configuration feature in PowerGUI has been simplified. If you want to deploy a customized version of PowerGUI simply follow these steps:
<Item Guid="947a3087-c1fe-47c0-a4af-a15e7819e978" DisplayName="Tree Node: New">
<?xml version="1.0" encoding="utf-8"?>
When PowerGUI starts, the PowerPacks specified in the redirections.xml PowerPacks Folder Path will load, the custom home page will load, and the restrictions enforced in the lockdown.xml will be enforced.
By default, any PowerGUI user can access (view and activate) any configuration item (that is, management tree nodes, menu commands, interface language, currently used libraries, etc.). The PowerGUI administrator can create a customized admin console configured to support exactly the functionality required by the certain user role (e.g., helpdesk). For that, the administrator can do the following:
After you deploy PowerGUI, the initial configuration settings are stored in '"quest.powergui.xml"' file in its profile folder - %appdata%\Quest Software\PowerGUI (which resolves to c:\Documents and Settings\user_name\Application Data\Quest Software\PowerGUI on Windows 2003 and Windows XP and c:\User\user_name\Application Data\Roaming\PowerGUI on Windows Vista and Windows 2008).
c:\Documents and Settings\user_name\Application Data\Quest Software\PowerGUI
When creating a profile you can either start with existing profile or from empty profile. See more information in this section: Managing PowerGUI Profiles
To customize configuration for a user role, do the following:
Then you can proceed with Step 2 to configure lockdown settings and store the path to the corresponding XML file in the Redirections.xml, as well. The Redirections.xml file should be then distributed to users, as described in Step 3.
Most likely, in this scenario of centrally managed PowerGUI deployment you would want to protect the the PowerGUI admin console on delegated administrators' machines from accidental UI modification, as well as to limit the ability of delegated administrators to go beyond the scope of the consoles you provide.
You can limit the functionality exposed by PowerGUI by editing its lockdown file.
To lock configuration items/actions, use the quest.powergui.lockdown.xml file (by default, it is also placed to your personal folder when you deploy the product):
To distribute customized configuration in a centralized manner, the Redirections.xml file is used. After you complete Steps 1 and 2, it should contain the paths to configuration snapshots and locked configuration items like this:
<?xml version="1.0" encoding="utf-8"?>
Distribute this file to PowerGUI authorized users (roles), e.g., helpdesk. For that, any suitable method can be used: remote access, logon script, Group Policy, and so on. The Redirections.xml file should be stored in users' personal folders storing the product configuration (\Documents and Settings\<user_name>\Application Data\Quest Software\PowerGUI on Windows 2003 and Windows XP, or \User\<user_name>\Application Data\Roaming\PowerGUI on Windows Vista and Windows 2008).
To obtain PowerGUI console customized for their role, authorized users (helpdesk, AD admin, Exchange admin, and so on) check the locations specified in their Redirections.xml file (these locations in our example are \\mysrv\public\cfg\cfg.xml and \\mysrv\public\LD1\lock.xml), and copy the updated configuration and lockdown settings to their personal folders.
When users (e.g., helpdesk personnel) launch PowerGUI next time, customized console will be displayed to them.
See also this video: http://www.youtube.com/watch?v=Zr_VB3_KvLc
You might also want to rebrand PowerGUI with a customized welcome page - see http://www.youtube.com/watch?v=Wm3a66derZM
Category: Administrative console