Top 10 Windows 7 Features #9: Native PowerShell 2.0

The extent of PowerShell's language capabilities are actually almost overwhelming, due to the fact that it can connect with essentially everything in Windows. For example, since PowerShell is effectively a .NET language, the entire .NET intermediate type libraries are available to PowerShell -- so any running .NET program may be addressable as an object. Also, any program using the type libraries of the older Component Object Model may be addressable and manipulable through PowerShell -- and that includes all of Office 2007. The same document objects for Word and Excel, for instance, that were made to be addressable in VBA for macros, is also by definition addressable in PowerShell.

But easily the most eerily cool feature -- the one that always makes newcomers fall backwards in their chairs the moment I show it off -- is the ability to make different types of navigable database structures "crawlable" like directories in DOS. Meaning, you can "mount" the Windows System Registry as though it were a disk drive (try this for yourself: cd HKLM:, for HKEY_LOCAL_MACHINE). Then you can copy, move, and delete keys and settings as though they were files, and tiers as though they were subdirectories.

Beginning with Windows 7 and WS2K8 R2, there will be two modes of operation for PowerShell. First there's the command line in use since the days of the Monad beta, and it can fully substitute for CMD.EXE. Win7 users will find it in their Accessories folder under Windows PowerShell.

But there's also an attractive integrated scripting environment (ISE) that gives a script writer for the first time the kind of workbench that developers have had at their fingertips since Visual Basic 1.0. There's a tabbed scripting window for multiple scripts, with automated syntax highlighting and error checking; an "immediate window" for dropping little quizzes (or little bombs) into a running version of PowerShell; and a scrolling output window like paper tape.

Now, the question that's always on skeptics' minds at this point -- with very good reason -- concerns security. The most influential viruses of the turn of the decade were simple VBScript files that masqueraded as different types of attachments in Outlook e-mail messages, and sending them to victims was, for the perpetrators, like shooting ducks in a gallery. Microsoft's greatest fear for the last several years is a repeat occurrence of the "ILOVEYOU" fiasco. In 2005, someone working with an early Monad beta generated a proof-of-concept of an early TRS-80 BASIC "virus" that a security software company immediately branded as the "first Vista virus," even though a) it infected no one, and b) it delivered no malicious payload even in the proof-of-concept.

But that was before PowerShell implemented its key security feature, which to date has been at least as effective as the DHS has been in thwarting successive terrorist threats: By default, PowerShell cannot run scripts at all. You have to change the operating mode of the interpreter so that it can; and when you do, you can choose to only open the doors a little bit. For instance, you can have it only run scripts that have been digitally signed and authenticated by you and no one else. Or you can have it run scripts whose digital signatures you trust.

Last October, PowerShell creator and Microsoft architect Jeffrey Snover told a story for his blog...and yes, he looks and sounds in person pretty much like he writes for his followers, especially when he spread the news of PowerShell 2.0 in Win7:

"One of my moments of clarity came during one the security crises a few years ago. [Former Microsoft President] Jim Allchin set out an e-mail with instructions for how to configure your machine to avoid the problem and told us to get all of our friends and family to do the instructions. The instructions started with 'go the Start Menu then go to All Programs then.. then.. then… then… click…then…click…then…click…' OMG! I can't follow instructions so I keep screwing it up over and over again. I eventually got it done but then thought to myself, 'Wait -- I'm supposed to call up my folks and have them do this?' That is a phone call that never got made. I remember thinking, 'This is freaking crazy! If Jim gave me a command line, I'd just cut and paste it and be done. I could get my folks to cut-n-paste a command line!' There were only two problems with that story: 1) PowerShell wasn't installed on my folks machine and 2) PowerShell wasn't written at that time. We are now on a path were this is going to be simple and easy to do."