PowerShell for the IT Administrator Part 1 v1.1

8/10/2019 PowerShell for the IT Administrator Part 1 v1.1

1/160

Microsoft Confidential

2011 Microsoft Corporation. All rights reserved.


2/160

Conditions and Terms of Use

This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and softwareis provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the contentand/or software included in such packages is strictly prohibited.

The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind,whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoftmust respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, andMicrosoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and noassociation with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or shouldbe inferred.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in thisdocument. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you anylicense to these patents, trademarks, copyrights, or other intellectual property.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this

document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

For more information, see Use of Microsoft Copyrighted Content athttp://www.microsoft.com/about/legal/permissions/

Microsoft, Internet Explorer, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the UnitedStates and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of MicrosoftCorporation in the United States and/or other countries. All other trademarks are property of their respective owners.

Copyright and Trademarks 2011 Microsoft Corporation. All rights reserved.

http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/


3/160

PowerShell for the IT Administrator

Part 1



4/160

Meet your trainer

Microsoft Confidential3

Patricio Belardo

Senior Premier Field Engineer

IIS / Dev

[email protected]

alias


5/160

Introductions

About You:Name

Company Affiliation

Title/Function/Area of ResponsibilityProduct experience

Expectations for this Course



6/160

Logistics


Rest Rooms

Class Hours

Computers

Phones


7/160

Workshop Information

Course Material:Student Lab Manual

Demonstration Scripts

Hands-On Lab Solutions

Delivery Method:Slides Demonstration Hands-On

Lab Environment:


SYDDC01 W7Client

C:\pshell\part1\lesson C:\pshell\part1\lesson\labs


8/160

Virtual Lab Environment


alias

https://www.premier-education-services.com/

Login with Microsoft Account

Enter POWERSHELL as Lab ID
https://www.premier-education-services.com/https://www.premier-education-services.com/https://www.premier-education-services.com/https://www.premier-education-services.com/https://www.premier-education-services.com/https://www.premier-education-services.com/https://www.premier-education-services.com/


10/160




11/160

Lesson 1 | IntroductionWhat is PowerShell?

10 Microsoft Confidential

What? Why?

New Scripting

Language

Object-oriented

Consistent Methodof AdministrationRevolutionary

Interactive Shell


12/160

Lesson 1 | IntroductionConsole & Integrated Scripting Environment (ISE)


Lightweight

Quick

Not as user friendly

Used for script development User friendly

Very extensible


13/160

Lesson 1 | IntroductionPrerequisites and Installation


XP

Operating System

2003 Vista 2008 Win7 2008 R2

.Net Framework 2 .Net Framework 3.5WinRM

Middleware

PowerShell v2 Installed ByDefault


14/160


Cmdlet pronounced Command-let

Smallest unit of functionality

Always of the form Verb-Noun

Parameter names are always passed with - as switch

Basic PowerShell Commands | Cmdlets


Get-Service name Bits

Set-Location -path c:\windows

Get-Help

Set-Location c:\windows


15/160


Built-In HelpCmdlet Help:

Concept Help e.g. about topics:

PowerShell Help


Get-Help Get-Command Full

Get-Help Get-Command Detailed

Get-Help Get-Command Examples

Get-Help about_

Get-Help about_wildcards

Get-Help about_Variables


16/160


Start-TranscriptCreate record of PowerShell session in a text file

Get-HistoryReturns last 32 commands

Use $MaximumHistoryCount automatic variable to return last 64

Use Invoke-History to re-run a command

PowerShell Command History


start-transcript PowerShell_transcript.txt

stop-transcript

get-history

Invoke-history id id#

$MaximumHistoryCount

get-history count $MaximumHistoryCount


17/160

Demonstration

Lesson 1 | IntroductionInstructor-led demonstration

PowerShell ISEC:\pshell\part1\lesson1\lesson1-demo.txt



18/160

Lab 1 | Introduction (30 minutes)

Goals

Scenario

Create transcripts of PowerShellcommands

Practice using the top 3 cmdlets

Execute multiple commands in a singleline.

This lab will provide you hands-on experience with PowerShellcommands.



19/160

Lesson 2 | Commands



20/160

Lesson 2 | CommandsImportant Cmdlets


Get-Command Get-Member

Get-Command -Verb set

Get-Command -Type cmdlet

Get-Service | Get-Member

$a = Get-Service

$a | Get-Member

Or

Discovers CmdletsGets all properties and methods

of an object.

Get-Command Noun service


21/160

Lesson 2 | CommandsObjects


An object is a collection of parts andhow to use them

How to useMethods

PartsProperties

Front Wheel

Back Wheel

Pedals

Saddle

Frame

Pedal

Brake

Steer Left

Steer Right

Wheelie


22/160

Lesson 2 | CommandsObject (Service)


MethodsProperties

Service

Service Name

Status

Start()

Stop()

Pause()


23/160

Lesson 2 | Commands

A shortened name for a commandEg dir => get-childitem

Allows you to provide a new term for an existing cmdlet

Aliases

Get-Help *alias*

New-Alias gh Get-Help

Get-Alias - Shows existing aliases

- Creates new alias


24/160

Lesson 2 | Commands

.Net Framework

COM

WMI (Lesson 9)

Object Models



25/160

Lesson 2 | Commands.Net Framework


Operating SystemWin32 API

PowerShell C#VB

.Net

ObjectObjectObjectObjectObject

.Net Framework


26/160

Lesson 2 | CommandsNamespaces & Types


Namespace:Collection of Types i.e.

Classes(template of properties and methods tocreate an object)

Type:The class used to create an

object instance can be said to be thetype of that object.

Namespace

System.String

Type

Namespace

System.DirectoryServices.DirectoryEntry

Type

.Net Class Library: Hierarchy ofnamespaces

Example of Type in PowerShell:[math] or [system.math]


27/160

Lesson 2 | CommandsUtilising .Net Framework | Instantiate Object


$webClient = new-object System.Net.WebClient

$output = $webClient.DownloadString("http://www.tvguide.co.uk")

if ($output -like "*Top Gear*")

{ "Wahoo Top Gear is on

}

$webClient = new-object System.Net.WebClient

$webClient | Get-Member


28/160


29/160

Lesson 2 | CommandsUtilising .Net Framework | Classes and Static Members


A static member can be used without first creating aninstance of the class

Display static members of the math class:

Example use of a static member of the math class:

[math] | get-member -static

(gwmi win32_logicaldisk | ?{$_.drivetype -le 4}) `

| %{[math]::round($_.freespace/1gb,2)}


30/160

[void][reflection.assembly]::LoadWithPartialName("System.Windows.Forms )$form = new-object Windows.Forms.Form

$form.Text = PowerShell Does Indeed Rock"

$button = new-object Windows.Forms.Button

$button.text=Go On Push Me!"

$button.add_click({$form.close()})

$form.controls.add($button)

$form.Add_Shown({$form.Activate()})

$form.ShowDialog()

Lesson 2 | CommandsUtilising .Net Framework | Windows Forms


May need to load assemblies

Nasty syntax

Not all .net assemblies areavailable to PowerShell by

default!

Add-Type cmdlet can also beused to add a type to a PS session


31/160

Lesson 2 | CommandsComponent Object Model (COM)


HKEY_CLASSES_ROOT

Lists all installedCOM components


32/160

Lesson 2 | CommandsComponent Object Model (COM) | Instantiate Object


Get-Help New-Object -det

$wn = new-object -com wscript.network

$wn.userdomain

$ws = new-object -com wscript.shell

$ws.popup(Hello World)

$s = new-object -com SAPI.SpVoice

$s.rate = -10

$s.speak(Too much pop makes you drunk)

-ComObject parameter todifferentiate from .Net Object


33/160

Demonstration

Lesson 2 | Commands

Instructor-led demonstration




34/160

Lab 2 | Commands (30 minutes)

Goals

Scenario

Work with CmdletsWork with New Object

This lab will provide you hands-on experience with PowerShellcommands.



35/160

Lesson 3 | Pipeline


|


36/160

Lesson 3 | PipelineIntroduction


| pipes (or sends) output from left to a command onthe right

Passes an object not text

Can be used for filtering, formatting, outputting and

many other things Can use multiple pipes on one line

Get-Service | where-object {$_.Status -eq "Stopped"} | Format-List

Objects ObjectsCurrent Object On Pipeline(the pipeline variable)


37/160

3 | i li


38/160

Lesson 3 | Pipeline

Compare values (such as text or numbers)

Test conditions (with where-object)

Case-insensitive by default (precede with c to make case-

sensitive)13 Comparison operators:

Examples:

Comparison Operators


-eq -ne -gt -ge -lt

-le -like -notlike -match -notmatch

-contains -notcontains -replace

PowerShell eq powershell 4 gt 4

L 3 | Pi li


39/160

Lesson 3 | Pipeline

Join multiple operations

Check for compound conditions

True/False

5 logical and 4 bitwise operators:

Examples:

Logical Operators


-and -or -xor

-not !

(4 ge 8) and (5 lt 10) ! (4 eq 4)

-band -bor

-bxor -bnot

L 3 | Pi li


40/160

Lesson 3 | Pipeline

PS only sends the most pertinent data to the console

Select-Object, Format-List and Format-Table cmdlets allowcontrol over the properties displayed:

Filtering, Sorting, and Grouping data | Display


Get-ChildItem | Select-Objectproperty Name, Length, LastWriteTime

gci | SelectName, @{Name=Size(MB);Expression={[Math]::Round($_.Length/1MB, 2)}}

Get-Process | Format-List-Property ID, Name

Get-Process | FL*

Get-Service | FTProperty Name, Status AutoSize -Wrap

L 3 | Pi li


41/160

Lesson 3 | Pipeline

Where-Object can be used to filter results:

Filtering, Sorting, and Grouping data | Filtering


Get-Process | Where-Object { $_.WS -gt 50MB }

Get-Process | Where{ $_.Name -eq notepad }

Get-Process | ?{ $_.Threads.Count -gt 25 }

L 3 | Pi li


42/160

Lesson 3 | Pipeline

Sort-Object can be used to sort objects by a specified

property:

Position in pipeline is important!

Group-Object can be used to group values based onspecified properties:

Filtering, Sorting, and Grouping data | Sort and Group


Get-Process | SortWS | Select -First 10

Get-Process | Select -First 10 | SortWS

Get-Process | Sort-Object-Property WS

get-eventlog -logname system -newest 1000 | group-property entrytype

L 3 | Pi li


43/160

Lesson 3 | Pipeline

Text file input to pipeline

Text file output from pipeline

Key cmdlets:Get-Content

Set-Content

Add-Content

Input and Output | Text File


Get-Process | Set-Contentc:\test\processes.txt

winlogon, dnscache |Add-Contentc:\test\services.txt

Get-Contentc:\test\services.txt | Get-Service

L 3 | Pi li


44/160

Lesson 3 | Pipeline

CSV file input to pipeline

CSV file output from pipeline

Key cmdlets:Import-CSV

Export-CSV

Input and Output | CSV Files


Import-CSV c:\test\famous.csv | Sort Surname | Select GivenName

Get-Process | Export-CSVc:\test\processinfo.csv


45/160

Demonstration

Lesson 3 | Pipeline





46/160

Lab 3 | Pipeline (30 minutes)

Goals

Scenario

Work with PowerShell Operators

Work with PowerShell Pipeline

Filter and sort with the Pipeline

This lab will provide you hands-on experience with thePowerShell pipeline.



47/160





48/160


Default Providers:Alias, Environment, FileSystem, Function, Registry, Variable, Certificate, WSMan

Consistent Data Store Interaction

Same Cmdlets: New-Item, Remove-Item, Get-Item, Set-Item

Single (items, e.g. Alias) & Multiple (containers & items, e.g. FileSystem)Level Providers

Consider As Drives e.g. C:, Cert:, Function:, etc.

Overview




49/160

Lesson 4 | ProvidersCmdlets


Get-Help about_providers

Get-PSProvider

Set-Location HKLM:

List installed providers

Connect to provider

Get-PSDrive List PowerShell Drive

Get help

new-psdrive name HKCR psprovider registry root HKEY_CLASSES_ROOT

Create New PSDrive:


50/160

Demonstration






51/160

Lab 4 | Providers (30 minutes)

Goals

Scenario

Work with Environment Provider

Work with Certificate Provider

Work with Registry Provider

This lab will provide you hands-on experience with PowerShellproviders.



52/160

Lesson 5 | Variables and Type Fundamentals




53/160


A way of storing dynamic data

All variables begin with $

Holds object or collection of objects (array or hash table)

Variables


$MyNum = 32

$Netlogon = get-service name netlogon



54/160


Use Here-String to assign multi-line string values to avariable:

PowerShell Constants

Variable whose value cannot be changed once definedWrite protected variable

Variables


$MultiLine = @

"Curiouser and curiouser!"

cried Alice (she was so muchsurprised, that for the

"@

Set-Variable name Pi value 3.142 option constant



55/160


Type defines the kind of values stored in a variable(e.g. integer, double, array, Boolean, string, etc.)

Use GetType() method to check type

By default variables are weakly typed(allowed to hold different type of objects at different times)

Can be strong typed

Variables | Types


$MyNum.GetType()

IsPublic IsSerial Name BaseType

-------- -------- ---- --------

True True Int32 System.ValueType

[int]$MyNum = 32



56/160


Predefined variables

Examples (use help for full list):

Automatic Variables


$Args Stores values of parameters passed to a function

$Error Stores information about the error object when an error hasoccurred during any script execution

$PsHome Home directory where PowerShell is installed

$Home Home directory of the user

$True Check for Boolean Value of True

$False Check for Boolean Value of False

Get-Help about_Automatic_Variables



57/160


StringExpandable double quotes

Literals single quote

Strings & Spaces


$a = Hello World!

$b = $a

$b

Hello World!

$a = Hello World!

$b = $a$b

$a



58/160

Lesson 5 | Variables and Type FundamentalsArrays


Data structure that holds a collection of objects

Each object is in its own compartment

Object 1 Object 2 Object 3 Object 4 Object 5



59/160

Lesson 5 | Variables and Type FundamentalsArrays


Create empty array:

Automatically created arrays:

Count elements in array:

Add element to array, and assign a value:

$arr1 = @()

$arr2 = a,b,c $arrProcesses = Get-Process

$arr2.count

$arr2 += d

Tip:Useful with iteration statements. Ex:

for ($a=0;$a -le $arr2.count-1;$a++){$arr2[$a]}



60/160

Lesson 5 | Variables and Type FundamentalsArrays | Access Elements

Access array compartments using []

Index Numbers

Object 1 Object 2 Object 3 Object 4 Object 5

$arrProcesses = Get-Process

$arrProcesses[0].name $arrProcesses[4].name

Zero-based(Index 0)

$arrProcesses[0] Value of the 1st element

$arrProcesses[-1] Value of the last element in array



61/160


One-dimensional array:

Multi-dimensional array:

Arrays


Index 0 Index 1 Index 2 Index 3 Index 4

$arrProcesses = Get-Process

$arrProcesses[0]

$rows = 2

$cols = 2

$arrDim = New-Object 'object[,]' $rows,$cols$arrDim[0,0]

Index 0,0 Index 0,1

Index 1,0 Index 1,1



62/160


Kind of array

Key-Value pair

Dictionary array form

Can access value using a corresponding label

Hash Tables




63/160

Lesson 5 | Variables and Type FundamentalsHash Table


Create empty hash table:

Create and populate hash table:

Add element to hash table:

$hash1 = @{}

$hash2[Type3] = Laptop

$hash2 = @{"Type1"="Desktop";"Type2"="Server"}



64/160

Lesson 5 | Variables and Type FundamentalsHash Table | Access Elements


Consider following hash table

Use dot notation to find the value of Type 1:$hash2.type1

$hash2 = @{"Type1"="Desktop";"Type2"="Server"}



65/160

Lesson 5 | Variables and Type FundamentalsWorking with Console Input-Output


Writing to ConsoleWrite-Host $a foregroundcolor green

Use either variable name orWrite-Host

$a

or

Reading From Console

$name = Read-Host Enter your nameWrite-Host "Hello $nameUse Read-Host to assign to

variable



66/160


Additional output options:

Working with Console Input-Output


Out-File Sends output to a file

Out-Printer Sends output to a printer

Out-Host Default output window

Out-GridView Display output in a Grid view

Write-Host Writes customized output to a host

Write-Output Sends specified objects to next command in pipeline

Tee-Object Saves command output in a file or variable, and displays it inthe console

Out-GridView



67/160


Check if file exists:

Copying files:

Moving files:

Use Rename-Item and Delete-Item to rename or delete

filesAlso works on directories

Working with Files


$Fileinfo = Test-Path C:\Windows\System32\drivers\ntfs.sys

if ($Fileinfo -eq "True") {Write-Host "File Exists"}

Copy-Item C:\setup.log d:\

Move-Item C:\setup.log d:\



68/160


Error recording variable:Global setting: $Error$Error stores last 256 errorsPer cmdlet: -ErrorVariable

Error handling variables:Global setting: $ErrorActionPreferencePer cmdlet:-ErrorAction

Execution status:Last command run: $?

Applies to last commandBoolean (true = success, false = failure)

Exit Code: $LastExitCodeApplies to external command or script0 = success, anything else = failure

Error Automatic Variables




69/160

Lesson 5 | Variables and Type FundamentalsErrorActionPreference Variable


Do not display messages on hostContinue processing following elements

SilentlyContinue

Display message on host

Continue processing following elements

Continue

(default)


Stop all processingStop


Prompt user if processing should continueInquire


70/160

Demonstration

Lesson 5 | Variables and TypeFundamentals




Lab 5 | Variables and Type Fundamentals


71/160

| yp(30 minutes)

Goals

Scenario

To use different types of variables forvarious operations

To create, modify and understand use of anarray

To create, modify and understand use of ahash table

This lab will provide you hands-on experience with PowerShellvariables and type fundamentals.



72/160

Lesson 6 | Scripting




73/160

| p gSecurity | Execution Policy | Settings


Scripts cannot be run

PowerShell interactive-mode only Default Setting

Restricted

Runs a script only if signed Signature must be trusted on local machine

(i.e. cert on local machine must sign script)

All Signed

Runs all local scripts Scripts downloaded from IE, Outlook Express &

Messenger must be signed by trusted source(i.e. cert on local machine must sign script)

Recommended Minimum

RemoteSigned

All scripts from all sources can be run withoutsigningUnrestricted



74/160

| p gSecurity | Execution Policy | Scope


Affects current session only Stored in $PSExecutionPolicyPreference Lost upon exit of session (i.e. host process)

Process

Affects current user only Stored in HKCU registry subkeyCurrentUser

Affects all users on computer

Stored in HKLM registry subkeyLocalMachine

set-executionpolicy -scope CurrentUser -executionPolicy Unrestricted



75/160

| p gSecurity | Execution Policy | Cmdlets


Get-Help about_execution_policies

Get help

Get-ExecutionPolicy Current policy

Get-ExecutionPolicy -list All policies in precedence order

Scope ExecutionPolicy----- ---------------MachinePolicy UndefinedUserPolicy UndefinedProcess Undefined

CurrentUser RemoteSignedLocalMachine AllSigned

Group Policy

Effective Execution Policy

Set-ExecutionPolicy remotesigned Set PolicyRequires Elevated

PowerShell Session



76/160

| p gSecurity | Execution Policy | Remote Signed


NTFS

Zone Identifier

API.ps1

To run an unsigned script:

1. Save the script file on your computer.2. Click Start, click My Computer, and

locate the saved script file.3. Right-click the script file, and then click

Properties.4. Click Unblock.



77/160

| p gSecurity | Execution Policy | All Signed | Script Signing


$Cert

Set-AuthenticodeSignature .\test.ps1 $cert

Get-Help about_signing

Test.ps1Get-Service

Test.ps1Get-Service# SIG # Begin signature block# MIIEMwYJKoZIhvcNAQcCoIIEJDC# gjcCAQSgWzBZMDQGCisGAQQBgj

Requires self-signed

or CA cert onmachine



78/160

| p g

Script file extension is .ps1

Cannot execute with double click

Use .\ when script is in current directory:.\script.ps1

Or use full path and file name:c:\scripts\script.ps1

Or use ampersand and quotes if path/file name containspaces:

& c:\my scripts\script.ps1

Or use just filename if script is in environment path:Script.ps1

Running Scripts


$env:path=$envpath+;c:\scripts



79/160

| p g

Command line to execute script:

Ensure remote execution policy allows local scriptexecution:

(Or use ExecutionPolicy Bypass)

Running Scripts


powershell.exe noexit file c:\myscript.ps1

Set-Executionpolicy remotesigned



80/160

| p g

Requires comment:

Single line comment:

Delimited comment:

PowerShell Comments


#requires version 2

#



81/160

| p g

Newline character:Carriage return character (U+000D)

Line feed character (U+000A)

Carriage return character (U+000D) followed by line feed character

(U+000A)Semi-colon

Statement Termination


;



82/160

| p gIteration Statements (Loops)


$a=1

While ($a lt 10)

{$a; $a++}

While

$a=1

Do {$a; $a++}

Until ($a gt 10)

Do Until

For ($a=1; $a lt 10; $a++){$a}

For

Foreach ($i in Get-Childitem c:\windows)

{$i.name}

For Each

$a=1

do

{write-host Loop:$a}

while ($a++ -le 5)Do While



83/160

BreakUse to exit loop

ContinueUse to continue a loop (i.e. print $i when divisible by 2)

Return

Return control back to caller of script/functionOptionally return output to console

ExitExit current script or shell session

Flow Control Statements


$counter=0; while ($true)

{if ($counter++ -ge 3) {break} $counter}

foreach ($i in 1..10) {If ($i % 2) {Continue} $i}



84/160

Other Statements


If Statement Switch Statement

$a = "white"

if ($a -eq "red")

{"The colour is red"}

Elseif ($a -eq "white")

{"The colour is white"}

else

{"Another colour"}

$a = "red"

switch ($a)

{

"red" {"The colour is red"}

"white"{"The colour is white"}default{"Another colour"}

}

LabeledStatements

:outer while ($true)

{:inner while ($true)

{Get-Date -displayhint time

break outer}

Get-Date displayhint date}



85/160

Reusable piece of code

Parameters (separated by spaces) can be passed in

Functions must be defined before they are called

Functions


function sum ([int]$a,[int]$b){

return $a + $b

}

sum 4 5



86/160

Scripts | Command Line Arguments


Positional Parameters$Args

$servername = $args[0]

$username = $args[1]

Passed to script with spaces

.\myscript.ps1 server1 benp

Accessed in script by $args array

Named Parameters

Param($server, $user)

Write-Host $server

Write-Host $user

Passed to script with parameter name

.\myscript.ps1 -server srv1 user benp

User parameter name directly in script



87/160

Profiles


StartPowerShell

Execute Profile

ScriptsProfile 1

Profile 2

Profile 3

PS:/>



88/160

Profile Locations


Scope Name

Current User, Current Host $Profile or$Profile.CurrentUserCurrentHost

Current User, All Hosts $Profile.CurrentUserAllHosts

All Users, Current Host $Profile.AllUsersCurrentHost

All Users, All Hosts $Profile.AllUsersAllHosts

Scope Name

Current User, Current Host $Home\Documents\WindowsPowerShell\Microsoft.PowerShellISE_profile.ps1

All Users, Current Host $PsHome\Microsoft.PowerShellISE_profile.ps1

PowerShell Console

Integrated Scripting Environment



89/160

Use dot sourcing to make items from script library availablein current scope

Without dot sourcing:Code in scripts are restricted to script scope

Thus, Code will only be available in the script itself, and not fromthe console or other scopes

How to dot source a script: .\script.ps1

. .\script.ps1

c:\scripts\script.ps1. C:\scripts\script.ps1

Place dot sourced scripts in ProfileCode will be available to all child scopes in PowerShell host

Dot Sourcing & Script Libraries



90/160

Demonstration





Lab 6 | Scripting (30 minutes)


91/160

Lab 6 | Scripting (30 minutes)

Goals

Scenario

Create PowerShell scripts

Create Functions in scriptsCreate PowerShell Profiles

This lab will provide you hands-on experience with PowerShellScripting.



92/160

Lesson 7 | Active Directory Administration (ADSI)



93/160

Lesson 7 | AD (ADSI)


94/160

ADSI Type Accelerator:

Or (from domain member):

Alternate credentials:

Note: It is not good practice to embed passwords in scripts.

Binding To AD


$domain = [ADSI]LDAP://DC=contoso,DC=com

$domain = [ADSI]

$domain = New-Object ADSI(LDAP://DC=contoso,DC=com,

CONTOSO\Administrator,Password123)



95/160

Bind to DC (DNS name, NetBIOS name or IP address):

Bind to nearest GC:

Bind to specific GC:

Binding To DC/GC


[ADSI]LDAP://DC01/DC=contoso,DC=com

[ADSI]GC://DC=contoso,DC=com

[ADSI]GC://GC01/DC=contoso,DC=com

Lesson 7 | AD (ADSI)i h


96/160

Bind to AD:

Create searcher object instance:

Use FindAll() method to search:

Set search filter:

Directory Searcher


$domain = [ADSI]LDAP://DC=contoso,DC=com

$dirSearch = [ADSISEARCHER]$domain

$dirSearch.FindAll() All objects indomain

$dirSearch.Filter = (objectCategory=user)

All userobjects

(&(objectCategory=computer)(operatingSystem=Windows Server*))

Windows

Servercomputer

objects

Lesson 7 | AD (ADSI)O i i l U i M


97/160

Organizational Unit Management


CreateOU

$objRoot = [ADSI]LDAP://DC=contoso,DC=com

$objOU = $objRoot.Create(organizationalunit,OU=Finance)

$objOU.SetInfo()

ModifyOU

$objFinOU=[ADSI]LDAP://OU=Finance,DC=contoso,DC=com

$objFinOU.Put("Description", "Test OU")

$objFinOU.SetInfo()

DeleteOU

$objRoot = [ADSI]LDAP://DC=contoso,DC=com

$objOU = $objRoot.Delete(organizationalunit,OU=Finance)

Lesson 7 | AD (ADSI)U M


98/160

User Management


CreateUser

$objOU = [ADSI]LDAP://OU=Finance,DC=contoso,DC=com

$objUser = $objOU.Create(user,CN=FinanceUser01)$objUser.SetInfo()

ModifyUser

$objUser=[ADSI]LDAP://CN=FinanceUser01,OU=Finance,DC=contoso,DC=com

$objUser.Put(samaccountname,FinanceUser01)

$objUser.SetInfo()

DeleteUser

$objOU = [ADSI]LDAP://OU=Finance,DC=contoso,DC=com

$objOU.Delete('User', 'CN=FinanceUser01')

Enable

User

$objUser=[ADSI]LDAP://CN=FinanceUser01,OU=Finance,DC=contoso,DC=com

$objUser.SetPassword(P@ssword1)

$objUser.AccountDisabled = $false

$objUser.Setinfo()


99/160

Demonstration





Lab 7 | AD (ADSI) (30 minutes)


100/160

Lab 7 | AD (ADSI) (30 minutes)

Goals

Scenario

Create Multiple AD Users

This lab will provide you hands-on experience administeringActive Directory usingPowerShell and ADSI.



101/160

Lesson 8 | Active Directory Administration(cmdlets)


Lesson 8 | AD (cmdlets)AD M d l | O i


102/160

AD PowerShell Module named ActiveDirectorySelf-contained package

Consolidates a group of cmdlets

Cmdlets used to manage one or multiple AD forests anddomains

AD Module | Overview


Lesson 8 | AD (cmdlets)AD M d l | P


103/160

AccountUser

Computer

Group

OUPassword Policy

Default domain password policy

Fine-grained password policy

Forest & DomainDC & FSMO

Optional Features

AD Module | Purpose


Lesson 8 | AD (cmdlets)Cmdlets


104/160

Cmdlets


Lesson 8 | AD (cmdlets)AD Module Prerequisites


105/160

At least one 2008 R2 DC in the targeted domainOR

A 2003 or 2008 DC running the Active DirectoryManagement Gateway Service

Client: Windows 7 or Windows Server 2008 R2Windows 7: Remote Server Administration Tools + AD ModuleFeature

Windows 2008 R2: AD Module via Add Features Wizard

Import and use the AD module in a PowerShell session viathe Import-Module cmdlet

AD Module Prerequisites


Lesson 8 | AD (cmdlets)Active Directory Web Services


106/160

Active Directory Web Services


Windows 2008 R2

ADWS

Windows 7RSAT

AD Module

Lesson 8 | AD (cmdlets)AD Management Gateway Service


107/160

AD Management Gateway Service


Windows 2008Windows 2003 SP2

Windows 2003 R2 SP2

AD DS

.Net 3.5 SP1

Updates

Windows 7RSAT

AD Module

Lesson 8 | AD (cmdlets)Connecting To AD


108/160

Binding to AD DN is required to work with AD objectsCmdlets connect to local domain using current usercredentials by default

All 76 cmdlets have credential & server parameters

To target other domains & specific servers

Global Catalog connection possible using Port #

Connecting To AD


TIP: Do not hardcode DC names in scripts!(Use Domain FQDN to discover DC)

Get-ADUser filter * -server contoso.com:3268

Lesson 8 | AD (cmdlets)Connection Reuse (New PSDrive)


109/160

Create PSDrive for frequently managed other domainsSaves time, avoids tedious re-entering of credentials

Increases risk

AD cmdlets inherit credentials & search base from new

PSDriveSet search base to desired path of new PSDrive

Connection Reuse (New-PSDrive)


New-PSDrive -PSProvider ActiveDirectory -Name Contoso -Root ""

Server contoso.com credential $cred

Set-location Contoso:

PS Contoso:\> Set-Location 'Contoso:\cn=users,dc=contoso,dc=com'

PS Contoso:\cn=users,dc=contoso,dc=com>

$cred = Get-Credential

Lesson 8 | AD (cmdlets)AD Provider


110/160

AD Provider is available once AD Module is imported:

Use common Provider cmdlets to manage AD drive:

AD Provider


Get-PSProvider

Set-location ad: dir | ft pschildname

cd "DC=contoso,DC=com

dir | ft pschildname

md OU=Test

cd OU=Test

Name Capabilities Drives-------- ---------------- --------ActiveDirectory Include... {AD}

Lesson 8 | AD (cmdlets)User Account Management | AD Cmdlets


111/160

User Account Management | AD Cmdlets


Create User

New-ADUser name benp -SamAccountName benp"

-GivenName ben" -Surname Pearce"

-DisplayName Ben Pearce"

Modify User Set-ADUser -Identity benp" Title Engineer"

Delete User Remove-ADUser benp

Target Single AD Object Only!

EnumerateUser

Get-ADUser -Filter * -Properties *

Get-ADUser -Filter * `

-Properties *,msDS-ReplAttributeMetaData

Lesson 8 | AD (cmdlets)Computer Account Management | AD Cmdlets


112/160

Computer Account Management | AD Cmdlets


Find StaleComputerAccounts

$OneYearAgo = (Get-Date).AddYears(-1)

Get-ADComputer -Filter {LastLogonTimeStamp lt`

$OneYearAgo} | Disable-ADAccount

ComputerInformation

Get-ADComputer -Filter * `

-property name,OperatingSystem,`

OperatingSystemServicePack,OperatingSystemVersion `

| Out-GridView

Lesson 8 | AD (cmdlets)Group Management | AD Cmdlets


113/160

Group Management | AD Cmdlets


PopulateGroup

$newGroup = New-ADGroup -name "IT" `

-Path "OU=Groups,DC=Contoso,DC=com" `

-GroupScope "Global" passthru

$ITUsers = Get-ADUser -filter {Department -eq "IT"}

Add-ADGroupMember -Identity $newGroup -Members $ITUsersOR

$ITUsers | Add-ADPrincipalGroupMembership -MemberOf "IT"

Create

Group

New-ADGroup name Sales `

-Path OU=Groups,DC=Contoso,DC=com `

-GroupScope Global `

-GroupCategory Security To return groupobject

EnumerateGroup Get-ADGroupMember IT -Recursive

Nested groupmembership

Lesson 8 | AD (cmdlets)Group Management (continued) | AD Cmdlets


114/160

Group Management (continued) | AD Cmdlets


RemoveFrom Group

$ITUsers | Remove-ADPrincipalGroupMembership `

-MemberOf "IT

OR

Remove-ADGroupMember -Identity "IT" -members $ITUsers

$OrignalConfirmPreference = $ConfirmPreference$ConfirmPreference = "none"

Remove-ADGroupMember -Identity "IT" -members $itusers

$ConfirmPreference = $OrignalConfirmPreference

TIP: There will be a prompt to confirm.

Consider setting $ConfirmPreferenceautomatic variable in scripts.

Lesson 8 | AD (cmdlets)Multi-Valued Attributes | AD Cmdlets


115/160

Example:OtherTelephone

Multi-valued attribute can contain a single or multiplevalues

Each value must be uniqueUse Hash Table (Key/Value pair) i.e. @{}

Multi Valued Attributes | AD Cmdlets


UserTelephoneNumbers

New-ADUser `

-Path "ou=sales,ou=departments,dc=contoso,dc=com" `

-name "Sales1" -SamAccountName "Sales1" `-UsePrincipalName "[email protected]" `

-department "sales" `

-OtherAttributes `

@{otherTelephone="555-555-5555","123-456-7890"}


116/160

Demonstration

Lesson 8 | AD (cmdlets)Instructor-led demonstration



Lab 8 | AD (cmdlets) (30 minutes)


117/160

| ( ) ( )

Goals

Scenario

Create Users

Modify AD ObjectsSearch AD

This lab will provide you hands-on experience with the ADModule.



118/160

Lesson 9 | Windows ManagementInstrumentation


Lesson 9 | WMIWMI in Microsoft Windows


119/160

WMI in Microsoft Windows


CIMV2

Namespace

Class

PowerShell

Class

Class

Virtualization

Namespace

Class

Class

Class

Lesson 9 | WMIWMI & Remote Machines | Requirements


120/160

WMI & Remote Machines | Requirements


PowerShellGet-WMIObject

DCOM

RPC

WMI Service

TCP/IP

DCOM

RPC

TCP/IP

PowerShell Admin Remote Machine

Other:DNSPermission

No PS required!


121/160

Lesson 9 | WMIGet-WmiObject | Cmdlet


122/160

Aliasesgwmi

Key Parameters-namespace, -class, -list, -computername

j |


Gwmi -Namespace "root\cimv2" -List | Select Name

Gwmi -Namespace "root" -Class "__NAMESPACE" | Select Name

List Namespaces

List Classes (root\cimv2 namespace)

Lesson 9 | WMIInstantiate WMI Object


123/160

j


$bios = Gwmi namespace root\cimv2 class Win32_Bios$bios | gm

Properties

BIOSVersion

InstallDate

$bios.BIOSVersion

Lesson 9 | WMIWMI & Remote Machines | Get-WmiObject Cmdlet


124/160

Key Parameters-computername, -credential

| j


$creds=Get-Credential

Gwmi win32_bios computername w7client,syddc01 credential $creds

Gwmi win32_bios computername w7client,syddc01,sydsql01OR

Gwmi win32_bios computername (Get-Content .\servers.txt)

-ComputerName

-Credential


125/160

Demonstration

Lesson 9 | WMI




Lab 9 | WMI (1 hour)


126/160

Goals

Scenario

WMI Classes & Queries

Basic filteringWMI Method Execution

This lab will provide you hands-on experience with WMI.



127/160

Lesson 10 | Registry, Event Log and ACLManagement



Registry Classes


128/160

Microsoft.Win32.RegistryHiveRetrieve root registry keys

Microsoft.Win32.RegistryStatic class members

[Microsoft.Win32.Registry] | gm -static

LocalMachine property:[Microsoft.Win32.Registry]::localmachine

CurrentUser Property

[Microsoft.Win32.Registry]::currentuser

Instance class members:$regHKLM = [Microsoft.Win32.Registry]::localmachine

$regHKLM | gm$regHKLM.GetSubKeyNames()

$regkey=$regHKLM.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Run")



Registry Classes | Return Root Keys


129/160


[enum]::GetValues(Microsoft.Win32.RegistryHive)

ClassesRootCurrentUser

LocalMachineUsers

PerformanceData

CurrentConfigDynData


130/160


Registry Classes | Identify Instance Members


131/160


[Microsoft.Win32.Registry]::localmachine | Get-Member

MethodsProperties

Name

SubKeyCount

GetSubKeyNames

GetValueNames

ValueCount GetValue

OpenSubKey


Registry Classes | Static and Instance Members


132/160


$regHKLM = [Microsoft.Win32.Registry]::localmachine

$regHKLM.GetSubKeyNames()

BCD00000000COMPONENTSHARDWARESAMSECURITY

SOFTWARESYSTEM


Event Logs | Two Cmdlets


133/160

Get-WinEventNew and legacy event log formats

-ComputerName

Limited to reading from event logs

Get-EventLogLegacy event log formats (2003, XP)

-ComputerName

*EventLog cmdlets for new event logs, etc


New-EventLog -LogName MyEventLog -Source MySourceComputername SYDDC01

Write-EventLog -LogName MyEventLog -Source MySource -EntryType Warning `

-Category 2 -EventId 3 -Message "New Event from MySource" `

Computername SYDDC01


Files, Folders & Shares | System IO Namespace


134/160

System.IO.FileAttributesRetrieve file & folder attributes

System.IO.FileSystemInfoCreate instance of type to set attributes using instance members



Files, Folders & Shares | Set File Attributes


135/160


$myfile = Get-Item c:\PShell\lesson7\debug.txt

$myfile.GetType()

System.IO.FileSystemInfo

$myfile | Format-List name,attributes

$myfile.attributes = archive,readonly,hidden

$myfile | Format-List name,attributes

Name : debug.txtAttributes : Archive

Name : debug.txtAttributes : ReadOnly, Hidden, Archive


Files, Folders & Shares | Reading File & Folder Permissions


136/160


(Get-ACL c:\PShell\lesson7\debug.txt).access | fl *

FileSystemRights : FullControlAccessControlType : AllowIdentityReference :BUILTIN\Administrators

IsInherited : TrueInheritanceFlags : NonePropagationFlags : None

FileSystemRights : FullControlAccessControlType : AllowIdentityReference : NT

AUTHORITY\SYSTEMIsInherited : TrueInheritanceFlags : NonePropagationFlags : None


137/160


138/160

Demonstration

Lesson 10 | Registry, Event Log and

ACL ManagementInstructor-led demonstration



Lab 10 | Registry, Event Log and ACL Management(30 minutes)


139/160

Goals

Scenario

Reading remote registry information

Searching event logsFile and Folder ACL management

This lab will provide you hands-on experience with basicwindows management.



140/160

Lesson 11 | Remoting


Lesson 11 | RemotingRemoting Technologies


141/160


WMI WS-MAN

RPC,

DCOM,

LDAP

WMI CmdletsPowerShell

Remoting

Raw WS-Man

(WinRM)

-ComputerName

PowerShell Remoting

Lesson 11 | RemotingWMI


142/160

Easiest way to remote in PowerShell v1.0


$s = Get-WmiObject win32_bios -ComputerName dc$s | format-List *

Get-WmiObject -Class -ComputerName

Lesson 11 | Remoting-ComputerName


143/160

Uses Application specific remoting technology(RPC, DCOM, LDAP)


-ComputerName

Get-Help * -Parameter ComputerName

$p = Get-Process -ComputerName billpc, benpc$p |ft machinename,name

Lesson 11 | RemotingWS-Management | WinRM (Microsoft)


144/160

Management initiative driven by DMTF

Platform independent, interoperable & industry standardmanagement solution

CIM based standards for Server and Desktop management

WS-Management (WSMAN)


WS-MAN

Lesson 11 | RemotingRequirements & Configuration


145/160

Local & remote machine:PowerShell 2.0.NET Framework 2.0 or later

WinRM 2.0

Get-Help:

about_Remote_FAQabout_Remote_TroubleShooting

Enable via PowerShell:Enable-PSRemoting [-force]

Runs the Set-WSManQuickConfig cmdlet

Enables all registered Windows PowerShell session configurations toreceive instructions from a remote computer

Force suppresses all user prompts


Lesson 11 | RemotingConfiguration


146/160

Enable via GPO:Computer Configuration\Administrative Templates\WindowsComponents\Windows Remote Management (WINRM)\WinRMService

Edit Allow automatic configuration of listenersClick Enable, Enter * against both the the Ipv4 and Ipv6 filter

Computer Configuration\Windows Settings\SecuritySettings\System Services\Windows Remote Management

Click Automatic

Computer Configuration\AdministrativeTemplates\Network\Network Connections\Windows

Firewall\Domain ProfileEdit Define inbound port exceptions

Click Enabled

Click Show

Define the port exception as 5985:TCP:*:Enabled:AllowWinRM


Lesson 11 | RemotingVerify Configuration


147/160

Winrm get winrm/config/client

Check WinRM Service:get-service -computername syddc01,sydsql01,w7client | ?{$_.name -eq "winrm"} | select name,machinename,status | sort machinename |ft -autosize



148/160

Lesson 11 | RemotingThree Methods To Use Remoting


149/160

I. Execute a Single Command or ScriptII. Create a Persistent Session

III. Create an Interactive Session


Lesson 11 | RemotingI. Execute a Single Command or Script


150/160

Invoke-CommandOne or many machines

Run a command scriptblock

Run a local script remotely -FilePath


Invoke-Command computername s1 scriptblock {get-process}

Invoke-Command computername s1, s2, s3 scriptblock {get-process}

Invoke-Command -ComputerName s1, s2 -FilePath c:\temp\test.ps1

Lesson 11 | RemotingII. Create a Persistent Session


151/160

New-PSSession

Get-PSSession


$s = New-PSSession -ComputerName Billpc

Invoke-Command -Session $s scriptblock {gps}

New-PSSession ComputerName Bill

$s = Get-PSSession Id 1

Invoke-Command session $s scriptblock {Get-Culture}

Lesson 11 | RemotingIII. Create an Interactive Session


152/160

Enter-PSSession (etsn)

Exit-PSSession (exit)


PS C:\> Enter-PSSession -ComputerName Billpc

[Billpc]: PS C:\Windows\system32>

$env:computername

Billpc

Lesson 11 | RemotingThrottleLimit


153/160

Parameter of many cmdlets including Invoke-Command-ThrottleLimit

Default to 32 concurrent connections if parameter omittedTo find cmdlets that support ThrottleLimit:

Get-Help * -parameter Throttlelimit

Use Invoke-Command to wrap cmdlets that do not nativelysupport throttling


Lesson 11 | RemotingBackground Jobs


154/160

153Microsoft Confidential

Job3

Job2

Job1

Job2

Job1

Run local Or remotely

Lesson 11 | RemotingStarting Background Jobs


155/160

Jobs can be run locally or remotely using:Start-Job:

Get-Job:


Start-Job -ScriptBlock {dir path c:\windows rec}

Start-Job -Filepath c:\scripts\sample.ps1

ICM -computername s1 -scriptblock {get-eventlog system} -asjob

Id Name State HasMoreData Location Command

-- ---- ----- ----------- -------- -------

1 Job1 Running True localhost dir c:\

Lesson 11 | RemotingStarting Background Jobs


156/160

Receive-Job gets job results (or partial results if the job isincomplete)

Receive-Job keep prevents deleting of the job results


PS C:\> Start-Job -ScriptBlock {gps vpc*}

Id Name State HasMoreData Location Command-- ---- ----- ----------- -------- -------

11 Job11 Running True localhost gps vpc*

PS G:\> Receive-Job -id 11 | fl cpu

CPU : 849.6282463

Lesson 11 | RemotingJob Completion


157/160

Wait-JobSuppresses the PowerShell prompt until the job is complete

Stop-Job

Remove-JobThe Job must be stopped before it can be removed


Get-Job name n*| Stop-Job

Stop-Job *

Lesson 11 | RemotingConstrained Session Configuration


158/160

Default session config allows builtin\administrators fullcontrol

Restrict local activity from remote session with a newsession config:

Register-PSSessionConfigurationAssign Execute (Invoke) permission to use custom sessionconfig to AD group:

Set-PSSessionConfiguration ShowSecurityDescriptorUI

Usage:Specify name of new session config in -ConfigurationNameparameter of remoting cmdlets

Use -Credential parameter of remoting cmdlets



159/160

Lab 11 | Remoting (30 minutes)


160/160

Goals

Scenario

Execute remote commands

Execute commands via sessions

Use an interactive remote console

This lab will provide you hands-on experience with PowerShellremoting.

PowerShell for the IT Administrator Part 1 v1.1

Documents

Transcript of PowerShell for the IT Administrator Part 1 v1.1