210 likes | 348 Views
PowerShell: Drink the Kool-Aid !. Who we are…. HardBit Team. Wayne Pruitt The Lead Geek of the Hardbit Solutions team MCAD, MCSD, MCDBA, C|EH, E|CSA, C|HFI, and E|CIH.
E N D
PowerShell: Drink the Kool-Aid!
HardBit Team Wayne Pruitt The Lead Geek of the Hardbit Solutions team MCAD, MCSD, MCDBA, C|EH, E|CSA, C|HFI, and E|CIH. Over the past 12 years he has held many jobs supporting a variety of roles within the Federal Government ranks; ranging from system administrator, security administrator, developer and several IT manager roles. Zack Wojton CTO of the Hardbit Solutions team Bachelors of Science in Information Technology (BSIT), MCSA, ICND, G2700, C|EH, E|CSA, and C|HFI certifications A night owl, that believes in life-long learning. Has over a decade of IT security under his belt, held more IT related jobs than they have certifications for, and believes security is where it all comes together.
What this presentation is “NOT” Not intended to make you a programmer Not a deep-dive Will Not make you an expert We are not affiliated with any sweet rich vendors
What is PowerShell? • Command-Line Shell • Built on .NET framework CLR • cmdlets? We don’t need no stinking cmdlets! • New tools for managing / configuring Windows • Some *nix folks even use it!
Why should you care? • PowerShell is native • PowerShell can save you time • PowerShell can save you $ • PowerShell can be used for remote administration • Totally help you do sweet stuff • PowerShell rocks
PowerShell: Head First • Where to begin • No book necessary (though there are some sweet ones) • Get-Help • Get-Help About_* • Get-Command • Get-Member • Get-PSDrive
PowerShell Basic Syntax • Get-service • Get-service | where-object –FilterScript { $_.status –eq ‘Running’ } • {} used to add script • $_ = single row of data (exp: one line of get-process) • . = says work with one column (access particular method or data)
PowerShell Example • Get-Process | sort-object –property VM –descending | select-object –first 10 | get-member • Get-Process | sort-object –property VM –descending | select-object –first 10 –property company, Name, ID , Path • *output is truncated, ‘enters: Out-Gridview’
Cool coolcool trick! • Get-process | measure-object –property pm –sum –average –min -max
PowerShell One Liners • Get-WMIObject -list • Gwmi–class win32_logicaldisk • Get-wmiobject win32_BIOS –computer PCName | select serialnumber • Get-wmiobject win32_operatingsystem –computer PCName | select ServicepackMajorVersion.buildnumber
PowerShell Script Execution • Cannot run scripts by default • Set-executionpolicyremotesigned • Allows all local script to run without digital signature • *HKLM setting!* • Can be overridden by GPO
Powershell for Admins:Putting it all together • System Inventory • System Management • Account Management • Log Review
Powershellfor IR • Processes • Promiscuous Mode • Restore Points • File Info • User History
Powershellfor Compliance • What server-roles are installed? • Is the computer joined to a domain? • Are security updates installed on a regular basis? • How many users are in the "administrator" group?
PCAT Sneak Preview!
Resources • HardbitSolutions.com • Newsgroup: Microsoft.Public.Windows.PowerShell • Team blog: • http://blogs.msdn.com/PowerShell/ • PowerShellCommunity.Org: • http://www.PowershellCommunity.Org • Channel 9 • http://channel9.msdn.com/tags/PowerShell • Wiki • http://channel9.msdn.com/wiki/default.aspx/Channel9.WindowsPowerShellWiki • Script Center: • http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx • CodePlex: • http://codeplex.com/Project/ProjectDirectory.aspx?TagName=powershell • Many excellent books • Manning Press book by PowerShell Dev Lead Bruce Payette: PowerShell in Action • http://manning.com/powershell/ • O’Reilly book by PowerShell Dev Lee Holmes – Windows PowerShell Cookbook • http://www.oreilly.com/catalog/9780596528492/index.html