Adam Bertram

How to Automate
Using PowerShell
How to Automate Tasks, File
Transfers, and Data Security
Introduction
Increased worker output is on the wish list of every organization out there.
However, with budgets tightening and work demands increasing, this can prove
challenging. IT is already stretched thin as it is. How do organizations continue to
keep up while minimizing mistakes, ensuring the results meet the user's needs
and staying within budget? The answer is automation and PowerShell.

IT is slowly becoming a business asset

to organizations rather than a utility.
As such, it's essential for IT to
automate as many processes as
possible to get workers back to doing
In this e-book,
what humans do best: coming up we’ll go over how
with creative solutions to problems. to perform file
One common task that's ripe for
transfers using
automation is file transfer. Data is PowerShell.
stored in a multitude of different files,
and IT orgs sometimes deal with
millions of them. These files are then
stored on premise, in the cloud and
are transferred to other organizations
and more, all on an ongoing basis.
Most of the time, these file transfers

$
are predictable. A department might
need a report at a particular time
each day; a business partner might
need the latest Excel spreadsheet
detailing new product specifications,
or a database might need to be
backed up in the cloud to a file.

What's a good way to automate file

transfers? One way is building out
$
this automation on your own with
PowerShell, which gives IT the power
to automate any file transfer task
they wish. In this e-book, we're going
to cover just a few applications of
scripts to help the IT worker save
some time and get back into
problem-solving mode.
How to Use Scheduled Tasks
to Automate File Transfers

Every file transfer has a trigger. That trigger can be ad hoc which
means the file is moved when an IT worker performs some action or it
can be automatic. In this article, we'll cover how to use PowerShell to
create scheduled tasks that will automate a file transfer script.

Copying files from one place to another is a one destination to another, PowerShell is a
trivial task no matter how you do it. And there great way to do that. Also, not only is it easy to
are a number of ways to get the job done: manually kick off PowerShell scripts, but you
dragging and dropping the file in Windows can also trigger transfers via PowerShell scripts
Explorer, Copy-Item with PowerShell or the by using Windows scheduled tasks.
simple copy command in DOS. It’s just a matter
of specifying a source and a destination path In this article, we’ll go over how to perform file
and setting a few other optional parameters. transfers using PowerShell by writing a script
It’s only when you start copying a lot of files on and creating a scheduled task to kick off that
a frequent basis that you run into problems. script on a recurring basis. But before we start,
You shouldn’t have to babysit all of the file I’m going to assume that you have at least
copies; scheduled tasks is perfect for PowerShell v4 installed on your computer.
automating this job. Otherwise, the tricks I’m about to show you
may not work properly.
When automating file copies, especially in a
Windows environment, your go-to scripting
language is going to be Windows PowerShell. If
you need to quickly copy one or more files from

Ipswitch: Automated File Transfer with Powershell, October 2016 3

 Create Your Script learn how to create the scheduled task in
PowerShell as well. To do this, you’ll need to
complete four rough steps:
First you need to create a script to perform file
transfers. Let’s call the script CopyFiles.ps1. This
1) Create the scheduled task action.
script will contain the following code:
2) Create the trigger.
3) Create the scheduled task in memory.
4) Create the scheduled task on the computer.
param(
Here’s what that looks like in practice. First,
[string]$SourcePath, we’ll create the scheduled task action. This
defines the EXE to run along with any
[string]$DestinationPath arguments. Here, I’m assuming that your
script is located at C:\CopyFiles.ps1.
)

Copy-Item –Path $SourcePath $Action = New-ScheduledTaskAction

–Destination $DestinationPath -Recurse -Execute
‘C:\Windows\System32\WindowsPower
Shell\v1.0\powershell.exe’ -Argument
“-NonInteractive -NoLogo -NoProfile -File
‘C:\CopyFiles.ps1’ –SourcePath ‘C:\Source
As you can see, the script is simple, but it leaves
–DestinationPath ‘\\SERVER\Destination'”
room for lots of customization depending on
your environment.

The most complicated part of this script is the

Next, we’ll create a trigger to
param() section. This is a parameter block
kick it off at 3 a.m. every day.
containing two parameters: SourcePath and
DestinationPath. By making both of these
values, parameters allows us to pass in different
values to our script so we can reuse it. If $Trigger = New-ScheduledTaskTrigger
SourcePath and DestinationPath were actual -Daily -At ‘3AM’
The most paths, we’d have to create separate scripts
complicated for every different file copy!
part of this Next, we’ll create the scheduled task in
script is the Manually kicking off this script will look memory using the action and trigger
param() something like this: that we just created.
section.

& .\CopyFiles.ps1 –SourcePath C:\Source $Task = New-ScheduledTask -Action

–DestinationPath \\SERVER\Destination $Action -Trigger $Trigger -Settings
(New-ScheduledTaskSettingsSet)

This example would copy all files and

subfolders in the C:\Source folder to the Finally, we’ll actually create the scheduled task
\\SERVER\Destination shared folder. on the system, calling it File Transfer Automation
and running it under the local administrator
Create a Scheduled Task account with the provided password.

Now that you have your CopyFiles.ps1

PowerShell script, head over to the computer $Task | Register-ScheduledTask -TaskName
where you’d like to kick it off. In this example, ‘File Transfer Automation’ -User
we’re going to create a scheduled task to run ‘administrator’ -Password ‘supersecret’
this script once a day at 3 a.m.

You could create scheduled tasks by running This would register the script, and it will
the Task Scheduler GUI and creating one that now copy all files from your source to the
way, but we’re all about automation here. Let’s destination every day at 3 a.m.

Ipswitch: Automated File Transfer with Powershell, October 2016 4

 101001101011001001
101001101011001001
10100011010101110
11010111010
101001101001
1010011010

Automate Data Encryption

Using PowerShell

In today's world, it's crucial to protect a company's data. Encryption is

a standard tool to do this. However, when a company has hundreds of
thousands or millions of files, encrypting them can turn into a management
nightmare. In this article, we'll cover how to automate this process.

In today’s dangerous cyber environment, it’s Encrypting data is always a good idea but it
more important than ever to protect your data. can be hard to manage, especially across
Bad guys are always on the lookout for an easy different servers and storage locations. By using
score. As a sysadmin, it’s one of your many jobs Microsoft’s built-in Encrypting File System (EFS)
to set up security controls and make sure your technology and PowerShell, the task of
network is not an easy target. encrypting and decrypting one, two or millions
of files across your data center can be a lot
One way to do that is to ensure your network easier.
perimeter is secured to prevent any
unauthorized access. However, what if your In this article, I’ll show you how you can
network is breached anyway? Perhaps manually encrypt and decrypt files with EFS
someone physically comes into your data using the GUI. Finally, I’ll go over some
center and steals a server to gather valuable PowerShell code that will allow you to perform
data you may have stored on it. If your data is this task over many different locations at once.
not encrypted, kiss it goodbye. But, if you had
the foresight to encrypt the data on that server
beforehand, while your data might still be
gone, at least you’ll know it won’t be read.

Ipswitch: Automated File Transfer with Powershell, October 2016 5

 Encrypt Files via the GUI happen. The act of encrypting and decrypting
a file is as simple as calling an Encrypt() and
Decrypt() method on a particular type of
First, you’ll need to find the file you want to
object, which can easily be obtained with
encrypt in Windows Explorer. Right-click on
Get-Item or, in the case of an entire folder(s),
the file and select Properties. Then, in the
with Get-ChildItem.
Properties pane, you’ll see an Advanced
Find the file
button. Click that and you’ll see the option
you want to For example, if I wanted to encrypt our
to encrypt the file.
encrypt in example above with PowerShell, I’d only
Windows need a single line of code.
Explorer!
Advanced Attributes
(Get-Item –Path C:\Groups.csv).Encrypt()
Choose the settings you want for this folder.

T File attributes
To decrypt:
O File is ready for archiving
Allow this fileto have contents indexed in addition to file properties
L

Compress or Encrypt attributes

(Get-Item –Path C:\Groups.csv).Decrypt()
S

S Compress contents to save disk space

Encrypt contents to secure data Details

O Performing an encrypt or decrypt on an entire
N OK Cancel folder is just as easy. But, instead of using
Get-Item, you’ll need to use Get-ChildItem to
Accessed: Monday, February 16, 2016 3:35:26 PM
get all of the files from within that folder.
Attributes: Read-only Hidden Advanced...

(Get-ChildItem –Path
C:\Documents).Encrypt()
OK Cancel Apply

Select the “Encrypt contents to secure Using PowerShell Functions

data” checkbox and apply the change to
immediately encrypt the file. You’ll notice
the file icon will change. I personally like using PowerShell functions and
cmdlets instead of .NET methods such as
Encrypt() and Decrypt(). So, I’m going to build
“wrapper” functions that will allow me to use
x a, Groups.csv Enable-FileEncryption and
Disable-FileEncryption instead. To help explain
how this works, let’s take a look at the script.
Automating Data Encryption
You can download an example script to test
In a business environment, you’re probably this out. To use this script, open up a
going to have to encrypt an entire folder or PowerShell console and “dot source” the script
many different folders across different into your current session.
locations. If you’d rather not spend your time
encrypting them manually, there’s a better
way: use PowerShell.
. C:\EFS.ps1
By using a PowerShell script, you can build
code that will allow you to pass any number of
files or folders into it to automatically encrypt This will bring in each function declared
them regardless of where they are. in the script. You can now use the
functions to encrypt and decrypt any files
Fortunately, Microsoft was kind to us and you want. For example, to encrypt a file
doesn’t require a lot of scripting to make this I can use Enable-FileEncryption.

Ipswitch: Automated File Transfer with Powershell, October 2016 6

 Get-Item C:\Groups.csv | This
Enable-FileEncryption approach
is easier to
understand
To decrypt, I can do the opposite. and more
intuitive.
Get-Item C:\Groups.csv |
Disable-FileEncryption

For a folder, I’ll use Get-ChildItem

to enumerate all files in a folder.

Get-ChildItem C:\Documents
| Enable-FileEncryption

Multiple folders? You can add as many

as you’d like to Get-ChildItem.

Get-ChildItem C:\Documents
| Enable-FileEncryption

The next time you need to encrypt one or

more files, remember that security controls
can be accomplished in PowerShell. And
beyond security controls, you can also
use PowerShell to automate
other tasks in your job.

Ipswitch: Automated File Transfer with Powershell, October 2016 7

How to Use PowerShell
Copy-Item Cmdlet to
Transfer Files Over WinRM

In complex environments, it's not always possible to transfer files the

"traditional" way. Some companies have locked down DMZs or other
environments that do not allow SMB file transfers but do allow
servers to be remotely managed via Windows Remoting (WinRM).
This article will show you how this can be taken advantage of by
using this tunnel to transfer files.

It’s easy to copy files with PowerShell copy, that port is 445. This is a common port
Copy-Item via the command line. Once you that’s usually open internally, except in some
specify the source and destination location, it high-security situations or across a DMZ.
just happens. Unfortunately, many
administrators don’t think about how this
process occurs until it doesn’t work. Whether or PowerShell Copy-Item
not you think about this, all TCP network
communication (such as SMB file copies) use If you’re in a high-security environment or need
network ports to make the bits transfer. For a to transfer files from an internal network to a
file copy process to get a file from point A to DMZ that might have various port restrictions,
point B, a port needs to be open all the way to how can you ensure that your scripts are able
the destination node. In the case of an SMB file to copy files to nodes all the time? One way to

Ipswitch: Automated File Transfer with Powershell, October 2016 8

do so is to use PowerShell v5’s Copy-Item
cmdlet with the new –ToSession parameter. $session = New-PSSession
–ComputerName SERVER1
This parameter was introduced with Windows
Management Framework (WMF) v5 with the
Copy-Item cmdlet. It provides a way to transfer
This will use Kerberos authentication to
files over the same link that you might use
establish a new PowerShell remoting session,
today to execute commands remotely on
which is the most common method to use
computers with cmdlets like
when in an Active Directory environment.
Invoke-Command.
Next, you need to specify the ToSession
This process has a few different advantages,
parameter and a local path on the remote
but included in the biggest benefits are the
computer for the Destination parameter.
TCP ports used: 5985 (HTTP) and 5986 (HTTPS).
These standard ports are typically open to
manage remote nodes, sometimes even to a
DMZ environment. By using Copy-Item
Copy-Item –Path C:\Folder1\file1.txt
–ToSession, an administrator can ensure files
–Destination ‘C:\’ –ToSession $session
will always be copied regardless of whether
or not SMB is blocked.

When you’re using PowerShell Copy-Item via Notice that you’re now using C:\ for the
the traditional SMB method, you need to destination rather than a UNC path. This
specify the Path and Destination parameters. command will accomplish the exact same
If you’d like to copy a file called file1.txt inside thing as your previous one, but it will use
of C:\Folder to a remote computer SERVER1 the session to encapsulate the file and
on its C:\, you could do this: transfer it via WinRM.

Don’t forget to remove the session when

you’re done by using Remove-PSSession.
Copy-Item –Path C:\Folder1\file1.txt
–Destination ‘\\SERVER1\c$’

$session | Remove-PSSession

Notice that you’re using the UNC path of

\\SERVER1\c$ here. This will be important
If you don’t intend to reuse the session for
in a minute.
anything else, you could also create the session
and tear it down (all at the same time).
PowerShell Remoting Sessions

But what if SMB is blocked for some reason Copy-Item –Path C:\Folder1\file1.txt
or you’re using Invoke-Command to run –Destination ‘C:\’ –ToSession (New-
commands on SERVER1 anyway? You can PSSession –ComputerName SERVER1)
leverage PowerShell remoting sessions to
transfer the file over WinRM instead of SMB.
In order to do this, you must establish a new
remoting session and then pass the file That’s all there is to it! The next time you
over that session. find yourself in an environment where
PowerShell remoting is allowed but SMB
First, you should create a new PowerShell is restricted, or you’re already using a
remoting session. To do this, you can use remoting session for something else, you
the New-PSSession cmdlet and assign the can pass the session to Copy-Item to get
session to the $session variable. your file easily from point A to point B.

Don’t forget
to remove the
session when
you’re done!

Ipswitch: Automated File Transfer with Powershell, October 2016 9

 101001101011001001

101001101011001001
10100011010101110
11010111010
101001101001

10
01

How to Copy Files Into a

Microsoft Azure Storage Account

Cloud-first is a popular term nowadays. The cloud is slowly transforming IT.

However, file management in the cloud is different than managing files
on premise. In this article, we'll go over how you can transfers
files stored on premise into Azure blob storage using PowerShell.

When working with Microsoft Azure, you’ll account. I’ll be doing this via the
inevitably come to a point to where you need Set-AzureStorageBlobContent PowerShell
to access material stored locally on premise. cmdlet using the newer Azure Resource
This might be a virtual disk in VHD format to Manager (ARM) resources.
use for Azure’s IaaS service, a few PowerShell
scripts you need executing on your Azure The Set-AzureStorageBlobContent is available
virtual machines or maybe just some in the Azure PowerShell module, so you’ll need
configuration files for your Azure websites. to ensure you get this module downloaded
Regardless, for your Azure resources to access and available for use first. You’ll also need an
these files, they’ll need to be located in an Azure subscription as well as a storage account
Azure storage account. to store your files. In this example, I’ll assume
you already have a storage container
The Set-AzureStorageBlob pre-created.

Content cmdlet Once you meet these prerequisites, you can

then use the Set-AzureStorageBlobContent
There are a couple of ways to transfer files cmdlet to transfer your local files and convert
stored locally into your Microsoft Azure storage them into blob storage automatically.

Ipswitch: Automated File Transfer with Powershell, October 2016 10

 Authenticate an Account Where’s It Going?

To get started you’ll first need to authenticate You can see I’ve assigned this storage
your Azure subscription, which you can do container to a variable, allowing me to
using the Add-AzureRmAccount cmdlet. This quickly pass the object to the
will prompt you for a username and password, Set-AzureBlobStorageContent cmdlet. Once
granting you the token necessary to make I have the storage container, I then need to
changes to your Azure subscription. define the local file path and the destination
path. To do this, I’ll use these all as parameters
Once you’ve authenticated your Azure to the Set-AzureBlobStorageContent cmdlet.
subscription, you’ll need to specify a storage
account in which to create your Azure storage
blob. Your local files will automatically turn
$FilePath = 'C:\Users\Adam\MyFile.txt'
into blob storage once the file gets transferred
to Azure. To specify a storage account, you
can use the Get-AzureRmStorageAccount
cmdlet. Below, I have two storage accounts $BlobName = 'MyFile.txt'
available to me:

Get-AzureRmStorageAccount | $storageContainer |
select storageaccountname Set-AzureStorageBlobContent –File
$FilePath –Blob $BlobName

Now you need to specify a storage

container inside of one of these storage You can see that I’ve defined a text file that
accounts. You can do this by passing the was stored in the C:\Users\Adam folder and
By using this storage account object directly to the made the blob the same name as the file. But
method, you Get-AzureStorageContainer cmdlet. this is unnecessary. During the copy you can
can easily copy change the name, but I typically keep it the
files to your same name for simplicity.
Azure storage
account. $storageContainer =
(Note: If you need to upload a VHD to
Get-AzureRmStorageAccount |
an Azure storage account, do NOT use
where {$_.StorageAccountName
Set-AzureBlobContent. I’ve had issues with
-eq 'adbdemostorageaccount'} |
corruption when this happens. Always use
Get-AzureStorageContainer
the Add-AzureRmVhd cmdlet instead.)

By using this method, you can easily copy

files to your Azure storage account. However,
it’s always good practice to create reusable
code when writing scripts with PowerShell.
This is why I’ve created a function to ease this
process called Copy-AzureItem. Feel free to
download a copy and use it for yourself. It
has personally saved me a lot of time,
and supports VHDs as well.

101001101011001001
10100011010101110
11010110
101001101001

Ipswitch: Automated File Transfer with Powershell, October 2016 11

Conclusion The applications of file transfer automation that
were covered here only scratched the surface on the
problem of file management a typical organization
faces. Although using PowerShell is a powerful
solution to the file management problem, it is still a
language. That language can be complex and require
a staff that understands code and can maintain it.

File transfer automation products like MOVEit from

Ipswitch can implement the same level of automation
without the need for you or your team to write code.
However, if your team does have scripting expertise
and would like to use that knowledge, you'll find
that MOVEit can work in tandem with your scripts
to build a robust file transfer automation engine.

Adam Bertram
Adam Bertram is an independent consultant,
technical writer, trainer, and presenter. Adam
specializes in consulting and evangelizing all
things IT automation mainly focused around
Windows PowerShell and Microsoft System
Center. Adam is a Microsoft Windows Cloud
and Datacenter Management MVP focused on
Windows PowerShell and has numerous Microsoft
IT pro certifications. He authors IT pro course
content for Pluralsight, is a regular contributor
to numerous print and online publications and
presents at various user groups and conferences.
You can find Adam at adamtheautomator.com
or on Twitter at @adbertram.

MOVEit Transfer
Thousands of IT teams depend
on MOVEit Transfer to secure
files at rest and in transit and
assure compliance.

DOWNLOAD FREE TRIAL

Learn more about managed

file transfer with MOVEit: