Book Image

Windows 11 for Enterprise Administrators - Second Edition

By : Manuel Singer, Jeff Stokes, Steve Miles, Thomas Lee, Richard Diver
Book Image

Windows 11 for Enterprise Administrators - Second Edition

By: Manuel Singer, Jeff Stokes, Steve Miles, Thomas Lee, Richard Diver

Overview of this book

Windows 11 comes with a plethora of new security measures, customizability, and accessibility features that can help your organization run more smoothly. But, without a proper introduction to this new version of Windows, it’s easy to miss the most important improvements, along with configuration options that will make migrating to Windows 11 frictionless. Windows 11 for Enterprise Administrators helps you understand the installation process, configuration methods, deployment scenarios, and management strategies. You’ll delve into configuring Remote Server Administration Tools for remote Windows Server and Azure Active Directory management. This edition emphasizes PowerShell's role in automating administrative tasks, and its importance in Windows 11 and Windows Server management. It also provides comprehensive insights into Windows 11 updates, including Version 21H2 and 22H2, contrasting them with Windows 10, ensuring your knowledge stays current with the latest enhancements in the Windows ecosystem. By the end of this book, you'll be well-equipped with Windows 11's vital technologies and potentials, enabling you to adeptly oversee and implement these attributes within your company.
Table of Contents (13 chapters)
Chapter 9: Advanced Configurations

Configuring PowerShell

PowerShell comes with a default configuration. To further configure your environment and override that default configuration, you can add modules, use PowerShell profile scripts, and deploy PowerShell settings via Group Policy.

Adding modules

PowerShell and Windows applications come with numerous modules (each containing PowerShell commands). To extend PowerShell’s capabilities, you can find and download additional modules. The PowerShell Gallery is home to thousands of community (and Microsoft) authored modules that could be helpful, as noted in the Modules section earlier.

You can use your browser to view the contents of the gallery at The gallery also includes newer versions of modules shipped with Windows (and Windows PowerShell). For example, the authors of both the PackageManagement and PowerShellGet modules have created updated versions that you can download.

The NTFSSecurity module, for example, makes it much easier to automate the ACLs within Windows NTFS. The commands in this module greatly simplify the management of ACLs on files and folders and the configuration of permission inheritance.

To use PowerShell with the PowerShell Gallery, you need the latest version of the PowerShellGet module. You can also get this update from the PowerShell Gallery.


Profiles are PowerShell scripts that PowerShell runs automatically each time you run either Windows PowerShell or PowerShell 7. The profile files are in a well-known location and have a well-known name (well known to PowerShell, that is).

To cater to a wide variety of usage scenarios, PowerShell defines four separate profile files:

  • AllUsersAllHosts: PowerShell runs this profile file for every user using any PowerShell host (including Windows Terminal, VS Code, etc.).
  • AllUsersCurrentHost: Powershell runs this script for all users using this specific PowerShell host.
  • CurrentUserAllHosts: PowerShell runs this solely for the currently logged-on user for all hosts.
  • CurrentUserCurrentHost: PowerShell runs this solely for the current logged-on user and only this host. The built-in $Profile variable holds the name of this profile file.

You can discover the location of each of these four files (including the full path name) by piping $Profile to Format-List, as follows:

Figure 2.14 – Profile file locations

Figure 2.14 – Profile file locations

For more details on the PowerShell profile, see

Group Policy

Group Policy is a feature of Windows Active Directory. Group Policy enables the administrator to dictate specific settings and policies on individual systems. Windows automatically applies these policies each time you restart the system or log on and refresh the policies regularly. Group Policy is a great way to leverage Active Directory to create customized, desktop environments.

The PowerShell-related policies you can set using Group Policy are as follows:

  • Execution Policy: Specifies a value different from PowerShell’s default execution policy
  • Module Logging: Whether to perform module logging and for which modules
  • Script Block Logging: Whether to log script block execution
  • Transcription: Whether to create transcripts for all PowerShell sessions
  • The default source path for Update-Help: Allows you to create a local repository for help information and to have Update-Help use that location to obtain the updates

See for more information about these Group Policy settings.