Windows Management Framework 5.1 Deployment

Overview

This upgrade strategy will allow you to update your Server environment to the version of Windows Management 5.1 via SCCM. Use this recommended project management guide to help build your deployment workflow. I used this method to upgrade a 400+ server environment which completed smoothly.

Purpose

The purpose of this Deployment Strategy and Plan article is to help you define a deployment strategy and plan for a Windows Management Framework 5.1 upgrade. This article is comprised of two sections: the Deployment Strategy and the Deployment Plan. The Deployment Strategy section is used to formulate a deployment approach for Windows Management Framework 5.1. The Deployment Plan section contains recommended schedule, resource, technical, and support information necessary for successful deployment of Windows Management Framework 5.1.

About Windows Management Framework

Windows Management Framework (WMF) is the delivery mechanism that provides a management interface across the various versions of Windows and Windows Server. With the installation of WMF 5.1, increases security and feature sets will become available to our servers.

Components For Upgrade

The following components should be scheduled for upgrade during this project to version 5.1. This WMF installation adds and/or updates the following features:

  • Windows PowerShell
  • Windows PowerShell Desired State Configuration (DSC)
  • Windows PowerShell Integrated Script Environment (ISE)
  • Windows Remote Management (WinRM)
  • Windows Management Instrumentation (WMI)
  • Windows PowerShell Web Services (Management OData IIS Extension)
  • Software Inventory Logging (SIL)
  • Server Manager CIM Provider

Deployment Strategy

The Deployment Strategy section of this article provides an overview of the deployment strategy planned for Windows Management Framework 5.1. Included in the deployment strategy is recommended timeline information, a description of the deployment approach, and associated benefits, assumptions and risks.

Deployment Overview

Phases

Sites

Computers

Scheduled Dates

PRE-PILOT

Select Servers

15

October 2, 2017 – October 24, 2017

PILOT

Pilot Server Group

106

January 16, 2018 – January 31, 2018

PRODUCTION

Production Server Group

258

February 6, 2018 – February 28, 2018

Total Servers Targeted: 364

Exclusions to Upgrade

38 systems will not be targeted for the upgrade for various reasons. The exclusions include:

  • Exchange 2010 Mailbox Servers / CAS/HUB Servers (MBX) (CAS)
  • SharePoint 2007, 2010 and 2013 Servers (SPS)
  • Proxy and Application Servers (SAS)
  • SCCM Servers (SCM)
  • VMM Cluster Node, Library and Failover Name Account Servers (VMM)
  • Lync Servers (LNC)
  • Operations Manager 2016 Servers (OPS)

Deployment Phases

The Deployment Dates referenced below are the date Windows Management Framework 5.1 would attempt to begin installation on the selected servers in your environment. This does not indicate the completion date for this phase, which could take an additional 2 weeks.

Pilot Phase

Sub Phases

Sites

Computers

Deployment Date

Server 2008 R2

Pilot Server Group

23

January 16, 2018

Server 2012

Pilot Server Group

12

January 16, 2018

Server 2012 R2

Pilot Server Group

71

January 16, 2018

106

Production Phase

Sub Phases

Sites

Computers

Deployment Date

Server 2008 R2

Production Server Group

45

February 6, 2018

Server 2012

Production Server Group

188

February 6, 2018

Server 2012 R2

Production Server Group

25

February 6, 2018

258

Deployment Plan

Deployment Approach

System Center Configuration Manager (SCCM) will be used to deploy Windows Management Framework 5.1. When each phase is approached, the servers will be instructed to execute the installation in Parallel, within their maintenance window.

Because WMF 5.1 has specific installation requirements based on the Operating System, both the PILOT and PRODUCTION phase can be broken into the 2008 R2, 2012 and 2012 R2 sub phases. This is simply used for application targeting and reporting purposes, and as we can see earlier, does not require a shift in deployment date for the parent phase.

Assumptions and Risks

Assumptions

The servers targeted for deployment are assumed to be left on and connected to your corporate network during their maintenance windows. Additionally it is expected that a reboot will likely occur after the installation, during the maintenance window.

Risks

JEA endpoints and session configurations configured to use virtual accounts in WMF 5.0 will not be configured to use a virtual account after upgrading to WMF 5.1. This means that commands run in JEA sessions will run under the connecting user’s identity instead of a temporary administrator account, potentially preventing the user from running commands which require elevated privileges. To restore the virtual accounts, we would need to unregister and re-register any session configurations that use virtual accounts.

This is unlikely to be an issue in your environment.

Pilot Deployment Statistics

A sample pilot phase might be completed successfully with results broken down in the following phases

PILOT Server 2008 R2

PILOT Server 2012

PILOT Server 2012 R2

Benefits to Upgrade

PowerShell Editions

Starting with version 5.1, PowerShell is available in different editions which denote varying feature sets and platform compatibility.

Catalog Cmdlets

Two new cmdlets have been added in the Microsoft.PowerShell.Security module; these generate and validate Windows catalog files.

  • New-FileCatalog
  • Test0FileCatalog

Module Analysis Cache

Starting with WMF 5.1, PowerShell provides control over the file that is used to cache data about a module, such as the commands it exports.

Specifying module version

In WMF 5.1, using module behaves the same way as other module-related constructions in PowerShell. Previously, you had no way to specify a particular module version; if there were multiple versions present, this resulted in an error.

Engagement and Promotion Strategy

During each deployment phase, you can send an email to communicate the associated deployment phase. Members in your team may choose to notify specific application owners if they feel the need.

Testing Methods and Monitoring

The Windows Management Framework 5.1 deployment should be passed through a pre-pilot and pilot phase, where hopefully no issues would be observed. In the event an issue is determined, a rollback to the previous version can be deployed through the uninstall command on the application.

Monitoring The Deployment

Basic Monitoring

Central monitoring of the Windows Management Framework 5.1 rollout can be viewed from your computer by visiting your SCCM report server and searching for the report ‘All application deployments (basic)’.

Choose By: Application

Select Application Based on OS (Collection):

  • WMF 5.1 (For Windows Server 2008 R2)
  • WMF 5.1 (For Windows Server 2012)
  • WMF 5.1 (For Windows Server 2012 R2)

Select Collection (Application): All

The application metrics will be divided into the respective phases:

Clicking the “View Current” data for the phase will allow you to further drill down, even to the computer and user level if necessary:

The monitoring works by determining the following registry value was created:

Server 2008 R2 and Server 2012 WMF 5.1 Detection

Key: HKLM\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine

Value: PowerShellVersion [String]

Rule: Must begin with “5.1”

2012 R2 WMF 5.1 Detection

Key: HKLM\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine

Value: PowerShellVersion [String]

Rule: Must begin with “5.1”

Or

Key: HKLM\SOFTWARE\Microsoft\PowerShell\4\PowerShellEngine

Value: PowerShellVersion [String]

Rule: Must begin with “5.1”

Or

Key: HKLM\SOFTWARE\Microsoft\PowerShell\5\PowerShellEngine

Value: PowerShellVersion [String]

Rule: Must begin with “5.1”

Advanced Monitoring

To assure a technician or technical contact has as much data as possible to troubleshoot Windows Management Framework 5.1 deployment issues, compliance items and baselines were written which assess Windows PowerShell versioning directly in a baseline. To see the advanced monitoring that this baselines provide, again go to your SCCM report server and search for the report: Compliance 1.2 – Compliance Details for all CIs of a specific Baseline (report available through a special Microsoft PFE program).

Configuration Baselines Name: CB.Powershell.Version.5

Clicking ‘View Report’ will allow you to drill down and see each compliance item and reason for failure.

There are similar baselines to track all of the versions prior to the upgrade:

  • CB.Powershell.Version.4
  • CB.Powershell.Version.3
  • CB.Powershell.Version.2

Reference Documents

  • Include Your Reference Documents Here

Leave a Comment

Your email address will not be published.