PowerShell: Drink the Kool-Aid!

Who we are…..Who we are…..

Wayne Pruitt The Lead Geek of the Hardbit Solutions team MCAD, MCSD, MCDBA, C|EH, E|CSA, C|HFI, and E|CIH. Over the past 12 years he has held many jobs supporting a variety of roles within the Federal Government ranks; ranging from system administrator, security administrator, developer and several IT manager roles. Zack Wojton CTO of the Hardbit Solutions team Bachelors of Science in Information Technology (BSIT), MCSA, ICND, G2700, C|EH, E|CSA, and C|HFI certifications A night owl, that believes in life-long learning. Has over a decade of IT security under his belt, held more IT related jobs than they have certifications for, and believes security is where it all comes together. HardBit Team

What this presentation is “NOT” Not intended to make you a programmer Not a deep-dive Will Not make you an expert We are not affiliated with any sweet rich vendors

DRINK IT! OH YEAH!

What is PowerShell? Command-Line Shell Built on.NET framework CLR cmdlets? We don’t need no stinking cmdlets! New tools for managing / configuring Windows Some *nix folks even use it!

Why should you care? PowerShell is native PowerShell can save you time PowerShell can save you $ PowerShell can be used for remote administration Totally help you do sweet stuff PowerShell rocks

PowerShell: Head First Where to begin No book necessary (though there are some sweet ones) – Get-Help – Get-Help About_* – Get-Command – Get-Member – Get-PSDrive

PowerShell Basic Syntax Get-service Get-service | where-object –FilterScript { $_.status –eq ‘Running’ } {} used to add script $_ = single row of data (exp: one line of get-process). = says work with one column (access particular method or data)

PowerShell Example Get-Process | sort-object –property VM –descending | select-object –first 10 | get-member Get-Process | sort-object –property VM –descending | select-object –first 10 – property company, Name, ID, Path *output is truncated, ‘enters: Out- Gridview’

Cool cool cool trick! Get-process | measure-object –property pm –sum –average –min -max

PowerShell One Liners Get-WMIObject -list Gwmi –class win32_logicaldisk Get-wmiobject win32_BIOS –computer PCName | select serialnumber Get-wmiobject win32_operatingsystem –computer PCName | select ServicepackMajorVersion.buildnumber

PowerShell Script Execution Cannot run scripts by default Set-executionpolicy remotesigned – Allows all local script to run without digital signature – *HKLM setting!* – Can be overridden by GPO

Powershell for Admins: Putting it all together System Inventory System Management Account Management Log Review

Powershell for IR Processes Promiscuous Mode Restore Points File Info User History

Powershell for Compliance What server-roles are installed? Is the computer joined to a domain? Are security updates installed on a regular basis? How many users are in the "administrator" group?

PCAT Sneak Preview!

CHEERS!

Any Questions?

Resources HardbitSolutions.com HardbitSolutions.com Newsgroup: Microsoft.Public.Windows.PowerShell Newsgroup: Microsoft.Public.Windows.PowerShell Team blog: Team blog: – PowerShellCommunity.Org: PowerShellCommunity.Org: – Channel 9 Channel 9 – Wiki Wiki – Script Center: Script Center: – CodePlex: CodePlex: – l l l Many excellent books Many excellent books – Manning Press book by PowerShell Dev Lead Bruce Payette: PowerShell in Action – O’Reilly book by PowerShell Dev Lee Holmes – Windows PowerShell Cookbook