Move PS content out of OneDrive #388
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,118 @@ | ||||||||||
| --- | ||||||||||
| RFC: RFC0066 | ||||||||||
| Author: Justin Chung | ||||||||||
| Status: Draft | ||||||||||
| SupercededBy: N/A | ||||||||||
| Version: 1.0 | ||||||||||
| Area: Core | ||||||||||
| Comments Due: 07/31/2025 | ||||||||||
| Plan to implement: Yes | ||||||||||
| --- | ||||||||||
|
|
||||||||||
| # PowerShell User Content Location | ||||||||||
|
|
||||||||||
| This RFC proposes moving the current PowerShell user content location out of OneDrive to the | ||||||||||
| `LocalAppData` directory on Windows machines. | ||||||||||
|
|
||||||||||
| ## Motivation | ||||||||||
|
|
||||||||||
| ``` | ||||||||||
| As a user, | ||||||||||
| I can customize the location where PowerShell user content is installed, | ||||||||||
| so that I can avoid problems created by file sync solutions like OneDrive. | ||||||||||
| ``` | ||||||||||
jshigetomi marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||||
|
|
||||||||||
| - PowerShell currently places profile, modules, and configuration files in the user's Documents | ||||||||||
| folder, which is against established conventions for shell configurations and tools. | ||||||||||
| - PowerShell content files in OneDrive can lead to unwanted syncing of module files, leading to | ||||||||||
| various issues. | ||||||||||
| - There is strong community demand for changing this behavior as the current setup is problematic | ||||||||||
| for many users. | ||||||||||
| - Changing the default location would align PowerShell with other developer tools and improve | ||||||||||
| usability. | ||||||||||
|
Comment on lines
+30
to
+37
There was a problem hiding this comment. Just so that this is commented as part of this RFC, I'm in the The benefit in keeping as is, is for use with roaming profiles which on *nix isn't a thing in the same way as it is on Windows, but is by users and organisations & especially those not using Cloud Tech and still heavy in on prem installs of AD & other software. It also goes against giving the user/admin choices, but I do agree we should have a better default, that whilst I don't really think needs to map to other tools, it helps adoption and appeases those coming to PowerShell from those other tools, even if in my opinion there's lots more benefit to using the current set up and allowing the sync with tools like OneDrive, which is something I've used & blogged about using since 2016, as opposed to other tools like ChezMoi (if that's the right spelling) |
||||||||||
|
|
||||||||||
| ## Specification | ||||||||||
|
|
||||||||||
| - This will be an experimental feature. | ||||||||||
| - The content folder location change will only apply to PowerShell on Windows. | ||||||||||
| - Configurability of the content folder will apply to all platforms. | ||||||||||
| - A configuration file in the PowerShell user content folder will determine the location of the user | ||||||||||
| scoped **PSModulePath**. | ||||||||||
| - By default, the PowerShell user content folder will be located in the | ||||||||||
| `$env:LOCALAPPDATA\PowerShell`. | ||||||||||
|
Comment on lines
+46
to
+47
There was a problem hiding this comment. This needs to be in the Microsoft Folder, on the off chance an organisation wants to fork PowerShell and use their own Org Location alongside use of Microsoft Releases.
Suggested change
There was a problem hiding this comment. I would argue it should stay there to maintain existing Linux path consistency. If an org wants to use their own then they can specify that nested path at their leisure. There was a problem hiding this comment. The Those files are not supposed to be known or easily found by normal users. We should not use that folder for the content files. There was a problem hiding this comment. I disagree with needing the Linux consistency (its a nice to have). Sticking to the publisher/application pathing is part of the drilled in troubleshooting techniques that most Windows SysAdmins will do without even looking at the docs & was for long time, recommended Microsoft Best Practices for isolating AppData from potential clashes. @daxian-dbw - I don't see why we continue to have differing paths & having the sprawl that we have today, & whilst outside scope of this RFC we should realistically start to be much tidier in where we drop things on disk, even if ideally we don't want users messing with those other files, even if the "simple" fix there would be for those files to be in a |
||||||||||
| - The new location becomes the location used as the `CurrentUser` scope for PSResourceGet. | ||||||||||
| - The proposed directory structure: | ||||||||||
|
|
||||||||||
| ``` | ||||||||||
| C:\Users\UserName\AppData\Local\PowerShell\ | ||||||||||
|
There was a problem hiding this comment. As above
Suggested change
|
||||||||||
| ├── powershell.config.json (Not Configurable) | ||||||||||
| └── <PSContent> (Configurable) | ||||||||||
| ├── Scripts (Not Configurable) | ||||||||||
| ├── Modules (Not Configurable) | ||||||||||
| ├── Help (Not Configurable) | ||||||||||
| └── <*profile>.ps1 (Not Configurable) | ||||||||||
jshigetomi marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||||||||||
| ``` | ||||||||||
|
|
||||||||||
| - The following setting is added to the `powershell.config.json` file: | ||||||||||
|
|
||||||||||
| **UserPSContentPath** specifies the full path of the content folder. The default value is | ||||||||||
| `$env:LOCALAPPDATA\PowerShell\PSContent`. The user can change this value to a different path. | ||||||||||
|
|
||||||||||
| ```json | ||||||||||
| { | ||||||||||
| "UserPSContentPath" : "$env:LOCALAPPDATA\\PowerShell\\PSContent", | ||||||||||
|
||||||||||
| } | ||||||||||
| ``` | ||||||||||
|
|
||||||||||
| ## User Experience | ||||||||||
|
|
||||||||||
| - On startup PowerShell will create a directory in AppData and a configuration file. | ||||||||||
|
||||||||||
| - On startup PowerShell will create a directory in AppData and a configuration file. | |
| - On startup PowerShell will create a directory in AppData and a configuration file if they don't exist. |
There was a problem hiding this comment.
Not sure I follow. It will always have to test the path to cover deleted/renamed config and new user profiles.
Outdated
There was a problem hiding this comment.
Do we create the MyDocument\PowerShell path up on startup today? If so, let's create the env:LocalAppData\powershell folder when starting up; otherwise, let's keep the current behavior.
As for the configuration file, I think there is no need to create it up on start. If the file is missing, we just use the default content location env:LocalAppData\powershell.
There was a problem hiding this comment.
The current behavior is to just point to the location, Install-Module is the one that creates the directory there.
OK will update.
There was a problem hiding this comment.
The reason why we should not create files or folders up on startup unless really necessary is because users may need to run PowerShell in a read-only docker environment.
jshigetomi marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
This is why we need to keep it in this $env:LOCALAPPDATA\Microsoft\PowerShell\ path as to reduce configuration location sprawl & simplify documentation
There was a problem hiding this comment.
Is this technically possible? There is only one copy of the vault registration, so I guess only 1 registered location of a vault module.
There was a problem hiding this comment.
This is a SOW for Secrets Management & should include a Migration cmdlet as part of that feature, which would align to the document comments.
The last comment can be managed without the use of the docs folder but in line with my other comments about the benefits of using that documents folder already & by having a configurable location you can enable seperate Secret Management settings per version (allowing different operations for different personas like for MSP's etc)
There was a problem hiding this comment.
I think you may want to have a script to show users what vault modules are registered today and their hardcoded paths in the registration.
jshigetomi marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment.
Can you please lay out all the changes that are needed to PowerShell corresponding to the content folder change? For example, I presume the updateable help needs to be changed to honor the new help content location, but I don't see it mentioned in the RFC.
There was a problem hiding this comment.
So far I see profile, help, scripts, and module paths need to use the new API that looks at the config.json or returns the default location LOCALAPPDATA.
jshigetomi marked this conversation as resolved.
Show resolved
Hide resolved
Outdated
There was a problem hiding this comment.
Silent errors often lead to confusion. We should warn somewhere (i.e. Event Log, Write-Warning on launch, etc.).
If a system admin sets this expecting all their users to get migrated by default and nothing happens, it'll lead to confusion and frustration.
As a system administrator I may want to set this on a shared system where we would want to avoid users ever dealing with OneDrive issues. We should just match the existing precedent defined in about_PowerShell_Config.
There was a problem hiding this comment.
After Group Policy, settings defined at the AllUsers level take precedence over settings defined for the CurrentUser level.
Are you talking about this precedence? If so you're suggesting we make this be default AllUsers unless specified? I'm not opposed to this but am worried about breaking the current setups since they would be forced to migrate all their UserPSContent to the new location. Any thoughts @sdwheeler ?
There was a problem hiding this comment.
worried about breaking the current setups
While I would tend to agree and caution against breaking existing setups, this would only be the case for admins who deploy this setting retroactively. I would prioritize being consistent in how settings are applied and warn admins what the effect of this on the machine level would have.
If we're not consistent then we get into the, "Well in this scenario, the precedent comes from X, and in that scenario it comes from Y."
There was a problem hiding this comment.
+1 for machine-level preference for consistency and supporting managed/strict environments like shared device and even VDI/VDA where you might place it on a attached user drive.
If a system admin sets this expecting all their users to get migrated by default and nothing happens, it'll lead to confusion and frustration.
Not sure if it's done already, but in general there should be an event logged on startup all config-settings with effective value and source (User, Machine, GroupPolicy) as merge/precedence behavior can get complicated.
There was a problem hiding this comment.
I'm not sure if the following is relevant but I think it'll help with the discussion.
I took another look at the PSModulePath code and as of now machine scoped stuff is not in OneDrive but in program files and not in the documents.
I think we decided to leave this alone and not move anything out of there.
internal static string GetSharedModulePath()
{
#if UNIX
return Platform.SelectProductNameForDirectory(Platform.XDG_Type.SHARED_MODULES);
#else
string sharedModulePath = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
if (!string.IsNullOrEmpty(sharedModulePath))
{
sharedModulePath = Path.Combine(sharedModulePath, Utils.ModuleDirectory);
}
return sharedModulePath;
#endif
}Will need some clarification from @sdwheeler for this
There was a problem hiding this comment.
Not relevant. Our concern is the user-level modules folder, profile location etc.
My understanding is that a UserPSContentPath setting in the machine pwsh config file would be a mandatory location (template string) for user profile, user-installed modules etc.
In Windows it would be equal to a user configuration in Group Policy, which we can't use here due to cross-platform.
There was a problem hiding this comment.
We need to provide a bypass mechanism for that precedence order, which is out of scope of this RFC's SOW imo
But on a similar note, we need to allow admins a way of testing this on managed devices so perhaps needs to be in this or as a future SOW
There was a problem hiding this comment.
This is required to support the machine-wide config at all without mixing user content, isn't it? env:UserName, $HOME/$env:USERPROFILE, $env:LocalAppData etc.
There was a problem hiding this comment.
I think yes the goal is to support environment variables. I think this would be very useful.
But for machine-wide config I think we are not touching those that are in program files at this time. We are only trying to move the user PSContent folder out of myDocuments
There was a problem hiding this comment.
I hope you are not planning to evaluate the string value as PowerShell script, as that would certainly raise security concerns. Also, that implies a change in the order of processing -- the Runspace needs to be ready before we can handle this key.
I agree it should support environment variables, but we need to parse and replace the env variables like pre-defined variables in ADO YAML (or like in the VSCode mcp setting file), instead of depending on evaluating the whole string value as PowerShell script.
Maybe the syntax for env variables should be like $(env:var-name) (not a good example maybe, still looks quite like PS script :(), to make it a bit clearer to the user that the value is not a PowerShell expression that will be evaluated.
There was a problem hiding this comment.
We should not do what ADO YAML does or reinvent a new syntax like it but we need a suitable cross plat one that is recommended. Perhaps using the ENV:\ PSDrive path could be an option - thoughts on that @daxian-dbw ?
if the PowerShell.Config was a psd1 not json you'd get rid of some of the many headaches that json & Yaml bring us.
We also really should build these files and pre-populate the full path, not do a potentially dangerous lookup operation.
Seperate note - Machine level config should also really move to ProgramData on Windows out of ProgramFiles but is out scope for this RFC
There was a problem hiding this comment.
PowerShell syntax was just a OS-neutral example from my side. My expectation was access to at least some OS system/user/process variables in a cross-platform compatible format, not PowerShell expressions. 👍
Perhaps using the ENV:\ PSDrive path could be an option
IMO this would add to the confusion that it may be resolved in a runspace.
We also really should build these files and pre-populate the full path, not do a potentially dangerous lookup operation
In a ideal world, yes. Docs can have a security recommendation to use static/expanded paths. For user config it could potentially be the only option.
We still need variables for machine-config to have a single value/template that can reference the username and user profile location. The alternatives would be deployment or logon scripts to modify user config for everyone (incl new user profiles) which adds complexity and potentially cost, delays and risk for the user/company.
There was a problem hiding this comment.
@daxian-dbw I was thinking of only supporting a few known variables, not user defined ones. We maybe add to this list in the future?
There was a problem hiding this comment.
@jshigetomi That's fine, but I think the bottom line is that we are not going to evaluate the string value as a PowerShell expression. So, the question is more on how to support those pre-defined variables :)
Uh oh!
There was an error while loading. Please reload this page.