Powershell 5.0 with Chocolatey Sauce = Delicious!

Since the release of Windows 10 I have spent some time playing with the Production Preview of Powershell v5.0. The new PackageManagement module is a great addition to this version of Powershell as it allows you to install software from the Chocolatey resource. Documentation and examples is a bit scarce at the moment but I found some cmdlets have some online help files.

Here is what I’ve found so far: –

I’ll start by making sure I’m on Powershell 5.0.

$psversiontable run in powershell

Figure 1

Let’s check what cmdlets the new PackageManagement module offers us.

Using Get-Command with the Module property to get the list of cmdlets in the PackageManagment module.

Figure 2

Get-PackageSource gets a list of package sources that are registered. Here is the online help for this cmdlet.

Get-PackageSource cmdlet example

Figure 3

Only the PSGallery source is available. The Powershell Gallery is a great resource in itself. Making it really easy to find useful modules in a central location. That’s a topic for another day however. Here is the link if you’d like to check out what the Powershell Gallery has on offer.

The other cmdlet that interested me was the Get-PackageProvider cmdlet. The Get-PackageProvider returns a list of package providers that are connected to PackageManagement.  Out of the box in the preview you get Msi, Msu, Programs and PSModule. I wasn’t entirely sure what was the difference but the About_Oneget online help file helped out here. The package provider is the package manager and the package source is the location the package provider connects too.

An example of running the Get-PackageProvider cmdlet.

Figure 4

Let’s try and add Chocolatey as a package provider. The force and forcebootstrap parameters can be used interchangably according to the online help file for the Get-PackageProvider cmdlet.


An example of using the Get-PackageProvider to add the PackageProvider Chocolatey.

Figure 5

Now we have a Chocolatey package provider and if we use the Get-PackageProvider cmdlet again we can see it’s been added.

Now the Chocolatey Provider is added.

Figure 6

When I run the Get-PackageSource cmdlet again I can also see that there is a Chocolatey package source as well.

The Chocolatey PackageSource has been added.

Figure 7

In Figure 7, you can see the Location has been truncated so I can see the actual location better by piping to the Format-List cmdlet. Notice in Figure 8 the “IsTrusted : False” property. What does that mean? IsTrusted:False sounds bad.  Below is an excerpt from the Chocolatey site about whether you should trust the Chocolatey package source. If you really wanted to be safe you would set up your own repository internally and then add tested software to that repository. Kind of like you would already do with SCCM or another application deployment system.

How do I know if I can trust the community feed (the packages on this site?) Until we have package moderation in place, the answer is that you can’t trust the packages here. If you require trust (e.g. most organizations require this), you should have an internal feed with vetted packages using internal resources. You should always decide whether you trust the maintainer(s) of the package, and even then you may want to inspect the package prior to installing. You can inspect packages easily with nuget package explorer or by clicking download on the package page (and then treating the nupkg as a zip archive).

From <https://chocolatey.org/about>


Using the Format-List cmdlet to better see the values of the properties.

Figure 8

Now we have added the Chocolatey package provider and the Chocolatey package source, let’s see what we can do with the Find-Package cmdlet. Let’s look for Notepad++.

Using the Find-Package cmdlet to find Notepad++

Figure 9

Cool, it finds it. But what if you didn’t know really what Notepad++ was. Let’s see what the summary property says about Notepad++.

An example of using Select-Object to find more information about the Package.

Figure 10

Because the Chocolatey package provider isn’t trusted. Let’s save the package to our local hard drive. First I have to create the location that I’d like to save the package too.

Using the Test-Path cmdlet to test the location and the New-Item cmdlet to create it if it doens't exist.

Figure 11

Now that the location has been created let’s use the Save-Package cmdlet to save it to the location. I’ll use the  -IncludeDependencies parameter to make sure I get all the bits I need to install Notepad++.

Using the Save-Package cmdlet to save the package locally so that you can have a look at it's files.

Figure 12

Let’s check what files we have in our saved location. In Figure 13 we can see that there are 2 files with .nupkg extensions. I wasn’t sure what sort of file .nupkg extension was. I’ve heard of Nuget but I’ve never really used it. Turns out you can extract the contents of a .nupkg file just like a zip file.  Excellent, I know that the Production Preview of Powershell 5.0 that shipped with Windows 10 has an Expand-Archive cmdlet.

An example of using the Get-Childitem cmdlet.

Figure 13

In Figure 14, you can see I’ve tried to use the Expand-Archive cmdlet to extract the contents of the .nupkg file but the red text tells me that only the .zip file extension is supported. Oh well, it was worth a shot. You can also see in Figure 14 the use of the PipelineVariable parameter. This is the first time I’ve used that parameter and it allows me to store the current pipeline object into the variable I’d like to use. You can read about it more over on Keith Hill’s blog.

An example of trying to use the Expand-Archive cmdlet. Also an example of using the -PipelineVariable parameter.

Figure 14

So, I can’t extract using the built in Expand-Archive cmdlet but I still have my trusty 7zip executable. In Figure 15 you can see an example of calling 7z.exe from within a powershell console. It works like a charm.

An example of using 7z.exe from within Powershell.

Figure 15

Now that we have extracted the contents I can see a couple of files but nothing really sticks out except the .ps1 files. I can use the Get-Content (or Cat alias) to print the contents of the file to the Powershell Console.

An example of using the Get-Content cmdlet.

Figure 16

So we can see that all the ps1 file is doing is downloading the Notepad++ installer from the Notepad++ website. Sounds legit. If you were still a little bit suspect about the other files, and you didn’t have Real Time monitoring turned on, you can always scan the directory manually with Windows Defender from the Powershell Console like I have done in Figure 17.

An example of using Windows Defender to scan files manually from Powershell. I believe this would work with System Center Endpoint Protection as well.

Figure 17

After going off into the weeds a little, I’ll now just get on with using the Install-Package cmdlet to finally install Notepad++. After playing with this module I now am excited to use these cmdlets to script installing all the software I normally use. That’s for another day however. Hope this helped.

An example of using the Install-Package cmdlet.

Figure 18

Image Source: https://upload.wikimedia.org/wikipedia/commons/thumb/f/f2/Chocolate.jpg/308px-Chocolate.jpg