필사 모드: Modern PowerShell & Windows DevOps 2026 Deep Dive - PowerShell 7.5, WinGet, Sysinternals, DSC v3, Windows Terminal, WSL2
EnglishGoodbye to the "Windows DevOps is Dead" Myth
In 2026, the claim that "DevOps only happens on Linux" is simply no longer true. Since Windows Server 2025 shipped with hotpatching and OpenSSH on by default, Windows has firmly returned as a first-class citizen of enterprise automation. NHN Cloud's Windows VM workloads account for 22% of their IaaS revenue as of 2025. Most large SI projects at Samsung SDS and LG CNS still run on Active Directory and SCCM. Japan's NEC, IIJ, and Fujitsu keep Windows operations as a core service line. Microsoft Japan's Tokyo office directly contributed PSReadLine improvements for Japanese input in PowerShell 7.5.
This article is a deep practical guide, as of May 2026, to the tools that actually matter — PowerShell 7.5, WinGet, Sysinternals 2024.x, DSC v3, Windows Terminal 1.21 — going beyond a cmdlet listing to cover real operational patterns, gotchas, and concrete examples from Korea, Japan, and the wider industry. Whether you only know Linux or you have 30 years of Windows admin behind you, there is something here for you.
1. PowerShell 7.5 vs Windows PowerShell 5.1: What Actually Changed
The first thing to be clear about: **there are two PowerShells.**
- **Windows PowerShell 5.1**: Shipped in 2016, built on .NET Framework 4.x, bundled with Windows 10/11. No new features (security patches only).
- **PowerShell 7.x**: The open-source cross-platform successor that started in 2020. As of 2026, 7.4 LTS and 7.5 GA coexist. Built on .NET 8/9.
Why you should leave 5.1:
1. **Speed** — 7.5 is 3 to 5 times faster than 5.1 on many workloads. ForEach-Object -Parallel does not exist in 5.1 at all.
2. **.NET 9** — Modern libraries like System.Text.Json and HttpClient are available.
3. **Native command integration** — Output parsing for tools like kubectl, terraform, and az is far more natural.
4. **Cross-platform** — The same scripts run on Linux and macOS.
5. **Predictive IntelliSense** — Integrates with Az Predictor and GitHub Copilot for CLI.
That said, there are still cases where you cannot fully drop 5.1: some Active Directory (RSAT) cmdlets, the ConfigMgr (SCCM) module, and certain legacy Exchange Online modules remain 5.1-only. The standard workaround is the `WindowsCompatibility` module from 7.5, or invoking `pwsh -WindowsPowerShell` in compatibility mode.
2. The Core New Features of PowerShell 7.5
#Requires -Version 7.4
ForEach-Object -Parallel: not in 5.1
1..100 | ForEach-Object -Parallel {
"Processing $_"
Start-Sleep -Seconds 1
} -ThrottleLimit 10
Ternary operator (7.0+)
$status = (Test-Path C:\foo) ? "exists" : "missing"
Pipeline chain operators
Get-Service Spooler && Restart-Service Spooler || Write-Warning "Service not found"
Null-conditional operator
$user?.Profile?.Email
Splatting + advanced functions
$params = @{
Path = "C:\Logs"
Recurse = $true
Filter = "*.log"
}
Get-ChildItem @params
Notable 7.5 changes: `ConvertTo-Json -EnumsAsStrings` became the default, `Test-Json` got stronger schema validation, and PSResourceGet has effectively superseded PSGallery's older client.
3. PowerShell Gallery and PSResourceGet
PowerShell now has two package managers:
- **PowerShellGet 2.x** (legacy) — Install-Module, Find-Module
- **Microsoft.PowerShell.PSResourceGet** (new, included by default in 7.4+) — Install-PSResource, Find-PSResource
New (recommended)
Install-PSResource -Name Az -Scope CurrentUser
Install-PSResource -Name Microsoft.Graph -Scope AllUsers
Legacy (compatibility)
Install-Module -Name PSScriptAnalyzer -Scope CurrentUser -Force
Register a private feed
Register-PSResourceRepository -Name "InternalNuGet" -Uri "https://nuget.internal/v3/index.json"
PSResourceGet speaks native NuGet v3, which means it integrates directly with Azure Artifacts, GitHub Packages, and JFrog Artifactory feeds. That was the biggest pain point of PowerShellGet 2.x.
4. Linting with PSScriptAnalyzer
Install-PSResource PSScriptAnalyzer -Scope CurrentUser
Single file
Invoke-ScriptAnalyzer -Path .\Deploy.ps1 -Severity Warning,Error
Recursive directory scan
Invoke-ScriptAnalyzer -Path .\scripts -Recurse -Settings PSGallery
CI integration via exit code
$results = Invoke-ScriptAnalyzer -Path .\scripts -Recurse
if ($results) {
$results | Format-Table
throw "Linting failed with $($results.Count) issues"
}
Drop a `PSScriptAnalyzerSettings.psd1` at the repo root and the whole team shares the same rules. Kakao Enterprise in Korea and CyberAgent in Japan standardize this as a CI gate.
5. Writing Tests with Pester 5
Pester is the de facto standard testing framework for PowerShell. The 4.x and 5.x syntaxes are notably different, so new projects should go straight to 5.x.
Tests/Get-UserInfo.Tests.ps1
BeforeAll {
. $PSScriptRoot/../src/Get-UserInfo.ps1
}
Describe "Get-UserInfo" {
Context "Valid user" {
It "returns the name" {
$result = Get-UserInfo -UserId 1
$result.Name | Should -Be "Alice"
}
It "calls the mocked API" {
Mock Invoke-RestMethod { @{ name = "Test" } }
Get-UserInfo -UserId 1
Should -Invoke Invoke-RestMethod -Times 1
}
}
Context "Error handling" {
It "throws on a non-existent ID" {
{ Get-UserInfo -UserId -1 } | Should -Throw
}
}
}
Run
Invoke-Pester -Path ./Tests -Output Detailed
The key mental model for Pester 5 is the **discovery/run split**. `BeforeAll` runs after discovery, and cmdlets like `Should` and `Mock` are only legal inside `It`. Carrying over 4.x intuition makes debugging extremely painful.
6. PSReadLine and Predictive IntelliSense
What made PowerShell genuinely powerful in Windows Terminal is PSReadLine.
Predictions from history plus plugins
Set-PSReadLineOption -PredictionSource HistoryAndPlugin
Set-PSReadLineOption -PredictionViewStyle ListView
Bash-style key bindings
Set-PSReadLineOption -EditMode Emacs
Set-PSReadLineKeyHandler -Key Tab -Function MenuComplete
Set-PSReadLineKeyHandler -Key UpArrow -Function HistorySearchBackward
Install Az Predictor
Install-PSResource Az.Tools.Predictor
Enable-AzPredictor
GitHub Copilot for CLI installs separately
gh extension install github/gh-copilot
Put the above in your `$PROFILE` (typically `~/Documents/PowerShell/Microsoft.PowerShell_profile.ps1`) and every session inherits it. Az Predictor uses ML to suggest the next parameter for Azure cmdlets; Copilot for CLI generates commands from natural language.
7. WinGet — Windows' Official Package Manager
WinGet is Microsoft's official package manager, released in 2021. As of 2026, 1.10 is the stable line, and it ships by default with Windows 11 and Windows 10 21H2 and later.
Search
winget search "vs code"
Install (silent, per user)
winget install Microsoft.VisualStudioCode --scope user --silent
Upgrade everything
winget upgrade --all
Export and import — the key to new-machine setup
winget export -o C:\my-apps.json
winget import -i C:\my-apps.json
Configuration file (integrates with DSC)
winget configure --file workstation-setup.winget
WinGet's real win is **unifying the Microsoft Store and community repos**. It fixes the weaknesses of Chocolatey and Scoop (no Store-app support, no license verification) and lets enterprises register private sources internally.
8. Where Chocolatey and Scoop Still Fit
WinGet is now the standard, but Chocolatey and Scoop remain valid choices.
- **Chocolatey** — Released in 2011, with strong enterprise features (Chocolatey for Business). The largest community package pool for Windows (10,000+).
- **Scoop** — Developer-friendly, installable without admin, automatic PATH/env-var management, "one tool, one folder" philosophy.
Chocolatey
choco install -y git nodejs python3
choco upgrade all -y
Scoop
scoop install git nodejs python
scoop update *
Quick comparison:
- Admin required? choco (yes) vs scoop (no)
- Package isolation: choco (global) vs scoop (~/scoop/apps)
- Enterprise features: choco wins
A solid default: **Scoop for developer workstations, WinGet or Chocolatey for servers.**
9. Sysinternals 2024.x — Mark Russinovich's Toolbox
Sysinternals is a toolkit created by Mark Russinovich and Bryce Cogswell in 1996, acquired by Microsoft in 2006. Mark is currently CTO of Azure. The 2024.x build is the current line as of May 2026.
Core tools:
- **Process Explorer (procexp)** — A superset of Task Manager. Parent-child trees, handle/DLL search, digital signature verification.
- **Process Monitor (procmon)** — Real-time tracing of file/registry/network/process activity. The ultimate debugging tool.
- **Autoruns** — One screen for every startup item, service, driver, and scheduled task. Essential for malware hunting.
- **TCPView** — A live-updating GUI for netstat.
- **RAMMap** — Memory usage analysis with visualization of cache and page pool.
- **Strings** — Extracts ASCII and Unicode strings from binaries.
- **SDelete** — DoD 5220.22-M secure deletion.
- **BgInfo** — Renders host info on the desktop wallpaper for server identification.
- **ZoomIt** — Screen zoom and annotation. Famous because Mark himself uses it in presentations.
Sysinternals Live — run without installing
Map the network location or invoke from \\live.sysinternals.com\tools
Start-Process "\\live.sysinternals.com\tools\procexp64.exe"
Or install the whole suite via WinGet
winget install 9P7KNL5RWT25 # Sysinternals Suite
`live.sysinternals.com\tools` always hosts the latest builds. The fact that you can run any tool immediately, without a USB stick or installer, makes it a standard part of incident-response playbooks.
10. Windows Terminal 1.21 — A Modern Terminal Experience
It is time to leave the old console host for cmd.exe and PowerShell.exe. Windows Terminal started as open source in 2019 and has reached 1.21 by 2026.
Core features:
- **Tabs and split panes** — Alt+Shift+D to split, Alt+Shift+- / + for horizontal/vertical
- **Profiles** — pwsh, cmd, WSL2 Ubuntu, Azure Cloud Shell, SSH all in one window
- **GPU rendering** — Tens of thousands of lines flow smoothly via DirectWrite
- **Quake mode** — Win+\` slides the terminal down from the top of the screen
- **Settings UI** — Both direct JSON editing and a GUI
- **Color schemes** — Campbell, One Half Dark, Solarized built in
Example `settings.json`:
{
"defaultProfile": "{574e775e-4f2a-5b96-ac1e-a2962a402336}",
"profiles": {
"list": [
{
"guid": "{574e775e-4f2a-5b96-ac1e-a2962a402336}",
"name": "PowerShell 7.5",
"commandline": "pwsh.exe -NoLogo",
"colorScheme": "One Half Dark",
"font": { "face": "CaskaydiaCove Nerd Font", "size": 11 }
}
]
},
"keybindings": [
{ "command": { "action": "splitPane", "split": "auto" }, "keys": "alt+shift+d" }
]
}
Pair this with a Nerd Font (such as CaskaydiaCove) and prompt frameworks like oh-my-posh and starship render their icons correctly.
11. WSL2 — A Real Linux Kernel Inside Windows
WSL2 is a lightweight Linux kernel that Microsoft runs on Hyper-V. Unlike WSL1's syscall translation, WSL2 runs an actual Linux kernel.
Installation
wsl --install
wsl --install -d Ubuntu-24.04
Distro management
wsl --list --verbose
wsl --set-default Ubuntu-24.04
wsl --shutdown # stop all instances
wsl --export Ubuntu-24.04 C:\backup.tar
wsl --import Ubuntu-prod C:\WSL\prod C:\backup.tar
Where WSL2 actually gets used:
1. **Docker Desktop / Podman Desktop / Rancher Desktop** — All default to the WSL2 backend.
2. **Development environments** — Linux toolchains, native, on Windows.
3. **systemd support (since 2022)** — Add `systemd=true` to `/etc/wsl.conf`.
4. **GUI apps (WSLg)** — Wayland-based, X11 and Wayland both work.
Resource limits via `.wslconfig` in your user home:
[wsl2]
memory=8GB
processors=4
swap=2GB
networkingMode=mirrored
firewall=true
The `mirrored` networking mode (Windows 11 22H2+) shares WSL2's IP with Windows, so `localhost` becomes bidirectional.
12. Windows Containers — A Path That Is Not Docker
Separate from Linux containers running on WSL2, **Windows Containers** are their own thing. Supported since Windows Server 2016, they are used to containerize IIS, MSSQL, and legacy .NET Framework workloads.
Two isolation modes:
- **Process isolation** — Shares the host kernel, fast, requires matching Windows build
- **Hyper-V isolation** — Each container is a lightweight VM, safer, allows different Windows versions
Enable the Windows feature
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
Docker Engine for Windows containers
1) "Switch to Windows containers" in Docker Desktop (dev use)
2) Or Mirantis Container Runtime (production)
docker run -it --isolation=hyperv mcr.microsoft.com/windows/servercore:ltsc2025 powershell
NHN Cloud has reported reducing host machine counts by 60% when migrating legacy ASP.NET workloads to containerized IIS.
13. DSC v3 — Desired State Configuration Reborn
DSC is PowerShell's declarative configuration management tool. It was released in 2014, stagnated for years, and then came back with **DSC v3** (GA in 2024, cross-platform). v3 uses a Rust-rewritten engine and accepts JSON or YAML input.
example.dsc.config.yaml
$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
resources:
- name: Web server packages
type: Microsoft.WinGet/Package
properties:
id: Microsoft.IIS.Express
source: winget
- name: Service state
type: Microsoft.Windows/Service
properties:
name: W3SVC
startupType: Automatic
state: Running
Apply
dsc config set --file example.dsc.config.yaml
Inspect current state
dsc config get --file example.dsc.config.yaml
Drift detection
dsc config test --file example.dsc.config.yaml
DSC v3's strength is a **unified interface across PowerShell, WinGet, registry, services, and files**, and the fact that it treats Linux resources (systemd, apt, etc.) with the same syntax. Think of it as Ansible-style idempotency with PowerShell-level expressiveness.
14. Ansible for Windows
Ansible manages Windows via WinRM or SSH (the latter is default on Windows Server 2019+) instead of plain SSH.
playbooks/iis.yml
- hosts: windows
tasks:
- name: Install IIS
ansible.windows.win_feature:
name: Web-Server
state: present
include_management_tools: yes
- name: Deploy site files
ansible.windows.win_copy:
src: ./dist/
dest: C:\inetpub\wwwroot\
inventory.ini:
[windows]
win-01 ansible_host=10.0.0.5
[windows:vars]
ansible_user=Administrator
ansible_password={{ vault_admin_pw }}
ansible_connection=winrm
ansible_winrm_transport=ntlm
ansible_port=5985
Ansible's advantages are push-based execution, agentless operation, and YAML friendliness. The downsides are the security complexity of WinRM (Kerberos vs NTLM vs CredSSP) and the fact that some cmdlets are not wrapped at all.
15. SCCM, Intune, and Microsoft Endpoint Manager
The two pillars of enterprise desktop and server management:
- **SCCM (System Center Configuration Manager)** — On-premises. Windows patching, software deployment, OS image deployment. The de facto standard at large Korean SI firms.
- **Intune (Microsoft Endpoint Manager)** — Cloud-based. Covers BYOD and mobile devices too.
The 2026 trend is **co-management** (SCCM and Intune in parallel) or **cloud-attach** (gradually moving SCCM infrastructure to Intune). Many Samsung SDS and LG CNS projects sit at this stage.
PowerShell integration:
ConfigMgr cmdlets (5.1 only)
Import-Module ConfigurationManager
Set-Location "PRI:" # site code
Get-CMDevice -Name "PC-001"
Intune management via Microsoft Graph (7.x friendly)
Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All"
Get-MgDeviceManagementManagedDevice -Top 10
Since the ConfigMgr module still requires PowerShell 5.1, the common hybrid is to manage Intune from 7.x via Microsoft Graph while keeping SCCM tasks on 5.1.
16. Azure CLI 2 vs Az PowerShell
Two ways to automate Azure:
- **Azure CLI 2 (az)** — Python-based, behaves identically in bash, zsh, and pwsh, JSON output by default.
- **Az PowerShell** — Native PowerShell, object pipeline, splatting, PSCustomObject.
Az PowerShell
Install-PSResource Az
Connect-AzAccount
Get-AzVM -ResourceGroupName "prod-rg" |
Where-Object { $_.PowerState -eq "VM running" } |
Select-Object Name, Location, HardwareProfile
Azure CLI (called from inside pwsh)
az vm list --resource-group prod-rg --query "[?powerState=='VM running'].{name:name,location:location}" -o table
When to choose what:
- **CI/CD pipelines**: Azure CLI (cross-platform, easy JSON parsing)
- **Operational automation / PowerShell-first teams**: Az PowerShell (object pipeline wins)
- **Bicep/ARM deployments**: Either works equally well
17. AWS Tools for PowerShell, GCP PowerShell, GitHub CLI
AWS
Install-PSResource AWS.Tools.Common
Install-PSResource AWS.Tools.EC2
Set-AWSCredential -AccessKey AKIA... -SecretKey ... -StoreAs prod
Get-EC2Instance -ProfileName prod
GCP
Install-PSResource GoogleCloud
Get-GceInstance -Project my-project
GitHub CLI (gh)
winget install GitHub.cli
gh auth login
gh pr list --json number,title,author | ConvertFrom-Json | Format-Table
In particular, `gh` produces clean JSON, which makes it a great pairing with PowerShell's `ConvertFrom-Json`. It is heavily used for PR and issue automation.
18. Try/Catch, Common Parameters, and Splatting
The three pillars of production-grade PowerShell:
function Invoke-SafeRestApi {
[CmdletBinding()]
param(
[Parameter(Mandatory)][string]$Uri,
[int]$Retries = 3,
[int]$DelaySeconds = 2
)
for ($i = 1; $i -le $Retries; $i++) {
try {
$params = @{
Uri = $Uri
Method = 'Get'
TimeoutSec = 30
MaximumRetryCount = 0
ErrorAction = 'Stop'
}
return Invoke-RestMethod @params
}
catch [System.Net.Http.HttpRequestException] {
Write-Warning "Attempt $i failed: $($_.Exception.Message)"
if ($i -eq $Retries) { throw }
Start-Sleep -Seconds $DelaySeconds
}
finally {
Write-Verbose "Attempt $i complete"
}
}
}
Common parameters auto-enabled: -Verbose, -ErrorAction, -ErrorVariable
Invoke-SafeRestApi -Uri "https://api.example.com/health" -Verbose -ErrorAction Continue
A single `[CmdletBinding()]` line gives you `Verbose`, `Debug`, `ErrorAction`, `WarningAction`, and more for free. The `@params` splat improves both readability and reuse.
19. Pipeline Objects and PSCustomObject
PowerShell's real power is the **object pipeline**. Where bash streams text, PowerShell streams .NET objects.
Pipeline example
Get-Process |
Where-Object { $_.WorkingSet64 -gt 500MB } |
Sort-Object -Property WorkingSet64 -Descending |
Select-Object -First 10 Name, Id, @{N='RAM(MB)';E={[int]($_.WorkingSet64/1MB)}} |
Format-Table
PSCustomObject = PowerShell's DTO
$report = Get-Service | ForEach-Object {
[PSCustomObject]@{
Name = $_.Name
Status = $_.Status
StartType = $_.StartType
CheckedAt = Get-Date
}
}
$report | Export-Csv services.csv -NoTypeInformation
$report | ConvertTo-Json -Depth 3 | Set-Content services.json
Add `ForEach-Object -Parallel` and IO-bound workloads accelerate dramatically:
$servers = Get-Content servers.txt
$servers | ForEach-Object -Parallel {
Test-NetConnection $_ -Port 443 -InformationLevel Quiet
} -ThrottleLimit 32
20. GUI Automation — Out-GridView, ImportExcel, PSWriteHTML
PowerShell can also produce lightweight GUIs:
Interactive selection with Out-GridView
$selected = Get-Process | Out-GridView -PassThru -Title "Pick processes"
$selected | Stop-Process -WhatIf
ImportExcel — read/write .xlsx without Excel installed
Install-PSResource ImportExcel
Get-Service | Export-Excel -Path C:\services.xlsx -AutoSize -TableStyle Medium2
PSWriteHTML — interactive HTML reports
Install-PSResource PSWriteHTML
New-HTML -FilePath C:\report.html -ShowHTML {
New-HTMLTab -Name "Services" {
New-HTMLTable -DataTable (Get-Service) -ScrollX
}
}
PSWriteHTML reports are built on DataTables and Charts.js, so they have search, sort, and filter out of the box. A common use is morning ops reports automatically emailed to the team.
21. Active Directory and Group Policy Cmdlets
Import-Module ActiveDirectory # Requires RSAT, still most stable on 5.1
User lookup
Get-ADUser -Filter "Department -eq 'Engineering'" -Properties EmailAddress |
Select-Object SamAccountName, EmailAddress
Group members
Get-ADGroupMember -Identity "Domain Admins" -Recursive |
Get-ADUser -Properties LastLogonDate |
Select-Object Name, LastLogonDate
Local users
New-LocalUser -Name "deployer" -Password (Read-Host -AsSecureString) -Description "CI Deployer"
Add-LocalGroupMember -Group "Administrators" -Member "deployer"
Group Policy
Get-GPO -All | Select-Object DisplayName, CreationTime, ModificationTime
Backup-GPO -Name "Default Domain Policy" -Path C:\GPOBackups
Active Directory cmdlets work in 7.x through `WindowsCompatibility`, but some scenarios remain more stable on 5.1.
22. Microsoft Graph PowerShell SDK
The older AzureAD and MSOnline modules were retired in 2024, replaced by the **Microsoft Graph PowerShell SDK**.
Install-PSResource Microsoft.Graph -Scope CurrentUser
Connect with the right scopes
Connect-MgGraph -Scopes "User.Read.All","Group.Read.All"
Lookup Azure AD users
Get-MgUser -Filter "department eq 'IT'" -Top 100 |
Select-Object DisplayName, UserPrincipalName, Mail
Conditional Access policies
Get-MgIdentityConditionalAccessPolicy |
Select-Object DisplayName, State
Intune devices
Get-MgDeviceManagementManagedDevice -Top 50 |
Where-Object { $_.OperatingSystem -eq "Windows" }
Disconnect-MgGraph
Microsoft Graph is essentially the entire REST API surface wrapped in PowerShell, which means 60+ sub-modules. Install only `Microsoft.Graph.Authentication` and pull individual sub-modules as needed to keep things lean.
23. Key Windows Server 2025 Features
Windows Server 2025 went GA in November 2024. The DevOps-relevant highlights:
- **Hotpatching for Windows Server** — Security patches without reboots (free when enrolled in Azure Arc).
- **OpenSSH on by default (server side)** — `Add-WindowsFeature -Name OpenSSH-Server`.
- **Sysmon integrated by default** — Stronger security event logging.
- **DTrace** — The Windows equivalent of Linux's strace / eBPF.
- **WSL2 on Server** — WSL2 now runs on server SKUs.
- **SMB over QUIC** — File sharing across the internet without a VPN.
- **First major Active Directory update in 30+ years** — 32k page size, OPTIONAL_FEATURE introduced.
Enable SSH
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service sshd -StartupType Automatic
Make pwsh the default shell
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell `
-Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force
With this, Linux-style workflows (SSH plus standard tools) are first-class on Windows.
24. Best Practices — Real-World Recommendations
For long-lived production scripts:
1. **`#Requires -Version 7.4`** at the top of every script — blocks accidental interpreter mismatch.
2. **No aliases** — Use `Get-ChildItem`, `Where-Object`, `ForEach-Object` instead of `gci`, `?`, `%`. Better readability and easier static analysis.
3. **Approved verbs** — Check with `Get-Verb`. New function names must use the official verbs (`Get-`, `Set-`, `New-`, `Invoke-`, etc.).
4. **Code-signing certificates** — Production scripts should be signed: `Set-AuthenticodeSignature -FilePath script.ps1 -Certificate $cert`.
5. **Execution policy** — `RemoteSigned` or `AllSigned` on machines. Never make `Bypass` permanent.
6. **Constrained Language Mode** — Consider enabling it in environments handling untrusted input.
7. **PSScriptAnalyzer + Pester as CI gates** — Block bad merges automatically.
8. **Module manifests (.psd1)** — Declare version, dependencies, and exported functions explicitly.
9. **Logging** — Use `Start-Transcript` to capture entire sessions, and distinguish `Write-Information` from `Write-Verbose` clearly.
10. **Error handling** — Default `$ErrorActionPreference = 'Stop'`, with explicit try/catch around fallible operations.
25. PowerShell Universal and PowerShell Studio
Ironman Software's **PowerShell Universal** turns PowerShell scripts into web APIs, dashboards, and scheduled jobs instantly. It is the go-to for internal self-service portals.
Pseudo-code page in PSU
New-UDPage -Name "VM Restart" -Content {
New-UDTextbox -Id "vmName"
New-UDButton -Text "Restart" -OnClick {
$name = (Get-UDElement -Id "vmName").value
Restart-AzVM -Name $name -ResourceGroupName "prod-rg"
Show-UDToast "Restarted $name"
}
}
**PowerShell Studio (SAPIEN Technologies)** is a full IDE with a built-in form designer, great for building visual form-based operational tools. VS Code with the PowerShell extension is the standard, but Studio remains useful for teams doing heavy form work.
26. Korean / Japanese / Global Windows DevOps in the Field
**Korea**:
- **NHN Cloud** — Windows VM and SQL Server workloads, internally built PowerShell automation libraries.
- **Samsung SDS** — Rolling out SCCM + Intune + PowerShell DSC v3 across global sites.
- **Naver Cloud** — Windows server hosting, Hyper-V-based cloud console.
- **LG CNS** — Standardizes Active Directory + GPO + ConfigMgr patterns across SI projects.
- **Kakao Enterprise** — Pester + PSScriptAnalyzer as CI gates by default.
**Japan**:
- **NEC** — Windows operations across government and finance systems, JIS-certified automation tooling.
- **IIJ** — Windows VPS hosting, WSUS + PowerShell patch automation.
- **Microsoft Japan (Tokyo)** — Contributes to PowerShell 7.5 i18n and PSReadLine Japanese-input stability.
- **CyberAgent** — Windows containers in game operations.
- **Fujitsu** — Enterprise SCCM and Intune SI business.
**Global trends**:
- Microsoft itself runs significant parts of Bing and Office infrastructure on PowerShell 7.
- GitHub Actions' `windows-2022` and `windows-2025` runners ship with PowerShell 7.5 by default.
- Azure DevOps Pipelines plus Azure PowerShell remains a strong combination.
Windows DevOps is not dead. With PowerShell 7, WSL2, OpenSSH, DSC v3, and Microsoft Graph converging, workflows have grown much closer to those on Linux while keeping enterprise assets like Active Directory and SCCM intact. The 2026 Windows DevOps engineer holds the best tools of both worlds.
References
1. PowerShell official docs — https://learn.microsoft.com/powershell/
2. PowerShell on GitHub — https://github.com/PowerShell/PowerShell
3. PowerShell Gallery — https://www.powershellgallery.com/
4. PSScriptAnalyzer — https://github.com/PowerShell/PSScriptAnalyzer
5. Pester — https://pester.dev/
6. PSReadLine — https://github.com/PowerShell/PSReadLine
7. WinGet (Windows Package Manager) — https://learn.microsoft.com/windows/package-manager/
8. Chocolatey — https://chocolatey.org/
9. Scoop — https://scoop.sh/
10. WSL2 official — https://learn.microsoft.com/windows/wsl/
11. Windows Terminal — https://github.com/microsoft/terminal
12. Sysinternals — https://learn.microsoft.com/sysinternals/
13. Sysinternals Live — https://live.sysinternals.com/
14. DSC v3 — https://learn.microsoft.com/powershell/dsc/overview
15. Ansible for Windows — https://docs.ansible.com/ansible/latest/os_guide/windows.html
16. Az PowerShell — https://learn.microsoft.com/powershell/azure/
17. AWS Tools for PowerShell — https://aws.amazon.com/powershell/
18. Microsoft Graph PowerShell SDK — https://learn.microsoft.com/powershell/microsoftgraph/
19. Windows Server 2025 — https://learn.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2025
20. Mark Russinovich — https://learn.microsoft.com/sysinternals/community/mark-russinovich
21. Ironman Software PowerShell Universal — https://ironmansoftware.com/powershell-universal
22. SAPIEN PowerShell Studio — https://www.sapien.com/software/powershell_studio
23. GitHub CLI — https://cli.github.com/
24. NHN Cloud — https://www.nhncloud.com/
25. Samsung SDS — https://www.samsungsds.com/
현재 단락 (1/398)
In 2026, the claim that "DevOps only happens on Linux" is simply no longer true. Since Windows Serve...