Drink the Kool-Aid!

abashedwhimsicalSoftware and s/w Development

Nov 2, 2013 (3 years and 11 months ago)

73 views

PowerShell:

Drink the Kool
-
Aid!



Who we are…..

Wayne Pruitt

The Lead Geek of the
Hardbit

Solutions team

MCAD, MCSD, MCDBA, C|EH, E|CSA, C|HFI, and E|CIH.

Over the past 12 years he has held many jobs supporting a variety of roles
within the Federal Government ranks; ranging from system administrator,
security administrator, developer
and several
IT manager roles.


Zack Wojton

CTO of the
Hardbit

Solutions team

Bachelors of Science in Information Technology (BSIT),
MCSA, ICND
, G2700,
C|EH, E|CSA, and C|HFI certifications

A night owl, that believes in life
-
long learning
. Has
over a decade of IT
security under his belt, held more IT related jobs than they have
certifications for, and believes security is where it all comes together
.

HardBit Team

What this presentation is “NOT”


Not
intended to make you a programmer

Not a deep
-
dive

Will Not make you an
expert

We are not affiliated with any sweet rich
vendors

DRINK IT! OH YEAH!

What is PowerShell
?


Command
-
Line Shell


Built
on .NET framework
CLR


c
mdlets
? We don’t need no stinking
cmdlets
!


New tools for managing / configuring
Windows


Some *nix folks even use it!

Why
should you care?


PowerShell
is native


PowerShell can save you
time


PowerShell can save you $


PowerShell can be
used for remote
administration


Totally help you do sweet stuff


PowerShell rocks

PowerShell:
Head First


Where to begin


No book
necessary (though there are
some sweet ones)


Get
-
Help


Get
-
Help About_*


Get
-
Command


Get
-
Member


Get
-
PSDrive


PowerShell Basic
Syntax


Get
-
service


Get
-
service | where
-
object

FilterScript

{ $_.status

eq

‘Running’ }


{} used to add script


$_ = single row of data (
exp
: one line of
get
-
process)


. = says work with one column (access
particular method or data
)

PowerShell Example


Get
-
Process | sort
-
object

property VM

descending | select
-
object

first 10 |
get
-
member


Get
-
Process | sort
-
object

property VM

descending | select
-
object

first 10

property company, Name, ID , Path


*output is truncated, ‘enters: Out
-
Gridview


Cool
cool

cool

trick!


Get
-
process | measure
-
object



property pm

sum

average

min
-
max

PowerShell One
Liners


Get
-
WMIObject

-
list


Gwmi


class win32_logicaldisk


Get
-
wmiobject

win32_BIOS

computer
PCName

| select
serialnumber


Get
-
wmiobject

win32_operatingsystem

computer
PCName

| select
ServicepackMajorVersion.buildnumber


PowerShell Script
Execution


Cannot run scripts by default


Set
-
executionpolicy

remotesigned


Allows all local script to run without
digital signature


*HKLM setting!*


Can be overridden by
GPO


Powershell

for Admins:

Putting it all together


System Inventory


System Management


Account Management


Log
Review

Powershell

for
IR


Processes


Promiscuous Mode


Restore Points


File Info


User
History

Powershell

for Compliance


What server
-
roles are installed?


Is the computer joined to a domain?


Are
security updates installed on a
regular basis?


How many users are in the
"administrator" group
?

PCAT

Sneak Preview!

CHEERS!

Any
Questions?


Resources


HardbitSolutions.com


Newsgroup
:
Microsoft.Public.Windows.PowerShell


Team blog:


http://blogs.msdn.com/PowerShell/


PowerShellCommunity.Org
:


http://www.PowershellCommunity.Org


Channel 9


http://channel9.msdn.com/tags/PowerShell


Wiki


http://channel9.msdn.com/wiki/default.aspx/Channel9.WindowsPowerShellWiki


Script Center:


http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx


CodePlex
:


http://codeplex.com/Project/ProjectDirectory.aspx?TagName=powershel
l


Many excellent books


Manning Press book by PowerShell
Dev

Lead Bruce Payette:
PowerShell in Action


http://manning.com/powershell/



O’Reilly book by PowerShell
Dev

Lee Holmes


Windows PowerShell Cookbook


http://
www.oreilly.com/catalog/9780596528492/index.html

http://www.Hardbitsolutions.com