Administrative Tools and Scripts|PowerShell

Avoiding Accidental Changes with PowerShell's WhatIf and Confirm Parameters

Have you ever accidentally run a PowerShell cmdlet that modified your system? You were not quite ready to run the cmdlet. To avoid disaster, you may take advantage of native PowerShell cmdlet’s -whatif switch. You can use this to test what a cmdlet would do. With -whatif, you can test the changes to the system but not actually make the changes. Alternatively, you can use the -confirm switch to make sure that you are ready to execute the script. These scripts can often modify the system in a potentially dangerous way. PowerShell built these parameters into its native cmdlets in order to save your sanity and your system. Luckily, not only did they build these parameters into the native cmdlets but you can also build these parameters into your own custom functions.

 

 

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Mistakes Happen

Mistakes do happen and evidence of IT mistakes appear in the news from time to time. At times, they are widely publicized. The Amazon S3 outage in February caused a widespread internet outage due to “one of the inputs to a command being entered incorrectly.” PowerShell’s ShellFather, Jeffrey Snover, tweeted that this is the reason why PowerShell contains the -whatif and -confirm parameters. When you use these parameters, you protect yourself from accidentally performing an action.

Make Your Function an Advanced Function

To allow inclusion of the -whatif and -confirm parameters on your functions, you need to turn your simple function into an advanced function. To accomplish this, add the cmdletbinding declaration on the second line of your function. It is between the cmdletbinding declaration and the param block. Next, add the SupportsShouldProcess argument to the cmdletbinding declaration to allow the use of the -whatif and -confirm parameters.

"WhatIf" Your Function Uses Native Cmdlets?

You have a function named format-myDisk. Format-myDisk accepts some disk-related input, runs some checks to make sure the disk is not the system partition, and once the checks pass, runs the clear-disk cmdlet against it. Format-myDisk contains the SupportsShouldProcess=$True argument. Therefore, format-MyDisk supports the -whatif parameter. The clear-disk cmdlet also supports a -whatif parameter. If the invocation of format-myDisk contains the -whatif parameter, the -whatIf will be passed down to the clear-disk cmdlet inside the function.

Adding Confirmation Prompts

At times, you want your function to prompt the user before it performs a system modification. An automatic preference variable, $ConfirmPreference, defines the preference for the session. When the value of $ConfirmPreference is less than or equal to the ConfirmImpact defined by the function, the confirmation prompt will appear when the -Confirm parameter is used. In addition, like the -whatif parameter, any cmdlet contained in the function that supports a -confirm parameter will have the -confirm from the function call passed down to it. In the example below, the set-ADUser cmdlet will prompt for a confirmation. You can also suppress confirmations. For example, if your script does more than one set and you only want confirmation on a single one, you can use $Confirm:False on the cmdlets that you do not want confirmations.
​
[cmdletbinding(SupportsShouldProcess=$True,ConfirmImpact="High")]
    param (
        [string]$UserID 
        )

$ADUser = get-adUser -Identity $UserID -Properties City
if ($AdUser.City -eq $Null) {
    Set-ADUser -identity $UserID -City "Philadelphia"
    }
}

What If There Is Not a WhatIf?

If you are planning on supporting -whatif on your advanced function, you need to know whether you are using any system-modifying cmdlets that do not support -whatif. Some older cmdlets do not support it. For those cmdlets, -whatif and -confirm support need to be handled a different way. Do not despair. You can wrap support for these parameters around a cmdlet that does not support it by using the $PSCmdlet automatic variable. $PSCmdlet contains a ShouldProcess() method that you can use to add the support. I have added ShouldProcess support around the set-volume cmdlet in the following example.





Have Confidence in your Functions

Making a mistake with a script can be a scary experience. Worse, you become gun-shy about creating and running scripts. However, going back to your old GUI ways is not an option once you have begun using PowerShell in your day-to-day activities. Luckily, PowerShell comes with these parameters for a reason. You can use them in your own scripts and have the confidence that your script is doing exactly what you want it to do.  
BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

 
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: