0.4.0.1 (18 December 2012)
Bug fixes
- Enable-IisSsl not setting SSL flags correctly when requiring client certificates.
0.4.0.0 (17 November 2012)
Upgrade Instructions
- If you install a manual or disabled Windows service with Install-Service, you now have to call
Start-Service
yourself. Install-Service
only starts services whose startup type is set to Automatic
(which is the default).
- We've stopped distributing Microsoft's
subinacl.exe
program. We didn't have permission to distribute. Plus its no longer supported. If any of your scripts used Invoke-SubInAcl
, you'll want to download subinacl.exe
yourself and copy Invoke-SubInAcl
before upgrading (you can find it in the Carbon directory in the Services.ps1
file.
- If you're using
Grant-Permission
without named parameters, the Path
parameter moved from position 3 to position 1. Re-order your parameters accordingly.
- Rename usages of
Set-IisDirectoryBrowsing
to Enable-IisDirectoryBrowsing
. If you use named parameters, rename its Directory
paremter to Path
.
- Replace usages of
Set-HgrcDefaultPushUrl
with Set-IniEntry
instead, e.g. Set-IniEntry -Path 'Path\to\repo\.hg\hgrc' -Section paths -Name 'default.push' -Value 'DefaultPushUrl'
- Rename usages of
Test-IisWebsiteExists
with Test-IisWebsite
.
- Rename usages of
Get-FullPath
with ConvertTo-FullPath
.
Enhancements
- Created Get-Privileges, Grant-Privilege, Revoke-Privilege, and Test-Privilege for managing an identity's security operation privileges.
- Install-Service now uses Grant-Privilege to grant custom service identities the
SeServiceLogonRight
privilege. This replaces usage of Microsoft's legacy ntrights.exe, which we probably didn't have permission to distribute.
- Created Get-ServicePermissions function for getting the permissions for a service, i.e. what users can control a service.
- Created Assert-Service function to write an error if a service doesn't exist.
- Created Get-ServiceAcl function to get the discretionary access control list (DACL) for a service.
- Created Get-ServiceSecurityDescriptor function to get the raw security descriptor for a service.
- Created Grant-ServicePermission function to grant service control permissions to an identity.
- Created Revoke-ServicePermission function to revoke all of an identity's permissioms to control a service.
- Created Set-ServiceAcl function to set a service's discretionary access control list (DACL).
- Created Test-Service function to check if a service exists without writing an error.
- Removed
Invoke-SubInAcl
function and the subinacl.exe
program. Use the Grant-ServicePermission and Revoke-ServicePermission functions instead. If you still need subinacl.exe
, please download it from Microsoft.
- Grant-Permissions now supports controlling inheritance and propagation flags via the
ApplyTo
parameter, which should be a value of the new Carbon.Security.ContainerInheritanceFlags
enumeration, which encapsualtes all the valid combinations of inheritance/propagation flags. See the help for Grant-Permissions
for more information. Thanks to Jonathan Valdez for the feature request and initial code.
- Created ConvertTo-InheritanceFlags function for converting a
Carbon.Security.ContainerInheritanceFlags
to the necessary/applicable System.Security.AccessControl.InheritanceFlags
.
- Created ConvertTo-PropagationFlags function for converting a
Carbon.Security.ContainerInheritanceFlags
to the necessary/applicable System.Security.AccessControl.PropagationFlags
.
- Created Get-Permissions function for getting the non-inherited permissions on a file, directory, registry key, or registry value with the ability to return a specific identity's permissions and/or inherited permissions.
- Renamed
Set-IisDirectoryBrowsing
to Enable-IisDirectoryBrowsing and renamed its Directory
parameter to Path
.
- Removed
Set-HgrcDefaultPushUrl
. Use Set-IniEntry instead.
- Renamed
Test-IisWebsiteExists
to Test-IisWebsite to adhere to PowerShell naming conventions.
- Renamed
Get-FullPath
to ConvertTo-FullPath to adhere to PowerShell naming conventions.
Bug fixes
- Install-Service no longer tries to start a service if its
StartupType
is set to Manual
or Disabled
.
Path
is now the first parameter to Grant-Permissions (it was the third) to match PowerShell standards/patterns.
- Find-ADUser writes an error and returns null instead of throwing an exception.
0.3.1.0 (29 October 2012)
Enhancements
- Improved Disable-IEEnhancedSecurityConfiguration and Enable-IEActivationPermissions for enabling Internet Explorer to run headless by non-priveleged users.
- Changed the way Invoke-WindowsInstaller waits for MSI to finish installing: instead of searching for any MSI process, it now searches for an MSI process that is a child of the current PowerShell process.
- Simplified how Add-GroupMembers adds group members.
- The version number in the module manifest now gets updated correctly for each release. You should now be able to tell what version you're running by looking in
Carbon\Carbon.psd1
, or, if Carbon is imported in your console, running Get-Module Carbon | Select-Object Version
.
- Created Get-ComPermissions function for getting COM Access or Launch and Activation Permissions. These are the permissions you see in Component Services (i.e. dcomcnfg) when you right-click
My Computer
, select Properties
, click the COM Security
tab then click the Edit Default..
or Edit Limits...
buttons under Access Permissions or Launch and Activation Permissions, respectively.
- Created Grant-ComPermissions for granting COM Access and/or Launch and Activation permissions.
- Created Revoke-ComPermissions for revoking COM Access and/or Launch and ACtivation permissions.
- Created Test-Identity function for testing if user or group exists on the local computer or in a domain.
- Created Resolve-IdentityName function for determinig a user/group's canonical name. For example, it converts
Administrators
into BUILTIN\Administrators
.
- Improved the way the Windows Features functions detect the best way to manage Windows features. The old way would write an error to the error stream, which bubbled up at weird times and made diagnosing real errors harder.
- Added a
Quiet
parameter to Set-RegistryKeyValue so that Write-Host
output is muffled.
- Created Reset-MsmqQueueManagerID function, which resets MSMQ's Queue Manager ID.
0.3.0 (28 September 2012)
Upgrade Instructions
This release contains backwards-incompatible changes to the following functions:
Set-IisSslFlags
This function was renamed to Enable-IisSsl
. Its Enable128BitSsl
parameter was renamed to Require128BitSsl
.
Configuring client certificates is now a little stricter/clearer. You can no longer specify both AcceptClientCertificates
and RequireClientCertificates
. Also, if you specify RequireClientCertificates
, you must now also supply the RequireSsl
switch (before, setting the RequireClientCertificates
switch implicitly set the RequireSsl
switch).
Set-TrustedHosts
Make sure you're not calling Set-TrustedHosts
with an empty array/value for the Entries
parameter. The function now throw an error in that situation. If you need to clear the list of trusted hosts, use Clear-TrustedHosts
.
Invoke-PowerShell
If you call Invoke-PowerShell
without the x86
switch and PowerShell is 32-bit, you'll get an error. Under Windows x64, 32-bit PowerShell can't start the 64-bit instance because Windows redirects all access from C:\Windows\system32 to C:\Windows\SysWOW64. If anyone knows how to get around this, let me know!
Enhancements
Bug Fixes
0.2.7 (3 September 2012)
Enhancements
- New functions for working with the registry:
- Unprotect-AclAccessRules: Turns off inherited access rules on an item in the file system or registry.
- Added a
Clear
parameter to the Grant-Permissions function for clearing any non-inherited permissions on a file system/registry item.
0.2.6 (30 June 2012)
Enhancements
- Improved documentation for:
- Help files and example scripts now included in Carbon download package.
- Added test to help ensure all functions have proper documentation.
Bug fixes
0.2.5 (29 June 2012)
Enhancements
- Improved documentation for:
0.2.4 (28 June 2012)
Enhancements
- Improved documentation for:
- Get-PathCanonicalCase
- Get-PathRelativeTo
- New-Junction
- New-TempDir
- Remove-Junction
- Test-PathIsJunction
- Reset-HostsFile
- Set-HostsEntry
- Add-IisDefaultDocument
- Get-IisHttpRedirect
- Get-IisVersion
- Get-IisWebsite
- Install-IisApplication
- Install-IisAppPool
- Install-IisVirtualDirectory
- Install-IisWebsite
- Invoke-AppCmd
- Remove-IisWebsite
- Set-IisAnonymousAuthentication
- Set-IisBasicAuthentication
- Set-IisDirectoryBrowsing
- Set-IisHttpRedirect
- Set-IisSslFlags
- Set-IisWebsiteSslCertifiate
- Set-IisWindowsAuthentication
0.2.3 (27 June 2012)
Enhancements
- Improved documentation for:
- Disable-IEEnhancedSecurityConfiguration
- Enable-IEActivationPermissions
- Get-FullPath
- Invoke-WindowsInstaller
- Protect-String
- Remove-EnvironmentVariable
- Set-DotNetAppSetting
- Set-DotNetConnectionString
- Set-EnvironmentVariable
- Test-OSIs32Bit
- Test-OSIs64Bit
- Unprotect-String
Bug fixes
- Invoke-WindowsInstaller doesn't validate that installer path ends in '.msi'.
- Invoke-WindowsInstaller not showing correct exit code when installation fails.
0.2.2 (19 June 2012)
Enhancements
- Created Import-Carbon script to help users properly import Carbon.
Bug fixes
- Add-GroupMembers fails to add Administrators and ANONYMOUS LOGON built-in accounts.
- Add-GroupMembers fails when adding built-in accounts multiple times.
- Add-GroupMembers fails to add domain user to a local group.
0.2.1 (28 April 2012)
- Added IsJunction property to DirectoryInfo objects. Returns true if a directory is a junction/reparse point.
- Created a Carbon assembly for compiled code. Moved P/Invoke functions from FileSystem.ps1 into assembly. This is a backwards compatible change.
- Created a Carbon.IO.JunctionPoint helper class for creating/removing/getting junction/reparse points. Updated New-Junction and Remove-Junction to use the new helper class.
- Added TargetPath property to DirectoryInfo objects. If the directory is a junction/reparse points, returns the path to the junction's target. Otherwise, $null.
0.2.0 (4 April 2012)
Enhancements
- fix issue #3: Added -Runtime switch to Invoke-PowerShell function for running PowerShell under .NET 2.0 or 4.0. Valid values are 'v2.0' (for .NET 2) and 'v4.0' (for .NET 4).
- BREAKING CHANGE: Added -Clr2 and -Clr4 switches to Set-DotNetAppSetting and Set-DotNetConnectionString functions for modifying the .NET 2 and/or 4 machine.config files. One or both of these parameters is required.
Bug fixes
- Improved documentation for Get-ADDomainController, Get-ADUser, Format-ADSpecialCharacters, Get-Certificate, Invoke-PowerShell, Set-DotNetAppSetting, and Set-DotNetConnectionString functions.
- fix issue #2: Get-PowerShellPath Returns Wrong Value on x86 Systems
0.1.0 (2 April 2012):