PowerShell Lab - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

We will be using ad02-hannelore, fs01-hannelore, and wks02-hannelore

The easiest way to invoke Powershell is to launch it from the start menu. We will be an unprivileged account on wks02-hannelore unless otherwise specified

Path, shortcuts, command completion and history

You will find that many of your Linux bash shortcuts and commands will work in Powershell. The Powershell designers have created "aliases" so that commands like ls, pwd, cd ~, history will all work on windows. Powershell is an object-oriented scripting language. To access the path string from the environment object, note the first command in the illustration.

Looping

The following code sequence shows assignment of the $env:Path string to the $mypath variable, followed by the conversion of that path to an array using the split operator. Once we have the array, we loop through it using the Foreach method. Give this a try:

Aliasing and Get-ChildItem

The following screenshot further illustrates the object-oriented nature of Powershell. The legacy dir and ls commands really point to a Powershell "cmdlet" called Get-ChildItem. If the object contains other objects, it can be enumerated.

Create your own Alias

Here's a common alias used in Windows by those who grew up with Linux. Note the error when the Linux admin types in ifconfig. Setting the alias this way only lasts for the current session. If you want one to be persistent, you need to research Powershell profiles.

Deliverable 1. Create and demonstrate your own alias other than ifconfig. Provide a screenshot of the alias creation syntax and execution.

New-Alias -Name touch -Value New-Item

I wanted the touch command to work because I like using it to create files.

Creating a Script

Take the list of servers (servers.txt), and Powershell file(servers.ps1), you may wish to have windows explorer show file extensions.You will notice right away when executing the script via ./servers.ps1 that there is an error. You have to configure windows to allow Powershell scripting.

The Set-Execution-Context command shown above allows current users to run local scripts and digitally signed remote scripts. This is analogous to chmod +x on Linux for all the user's Powershell scripts.

I changed the execution so that I can run scripts

Deliverable 2. Extend this script to ping each server in the list one time. Provide a screenshot showing the syntax and output of your script.

Parameters

The script, as created, has a flaw in that the path and file name of the servers.txt file are "hard-coded", as opposed to being dynamically passed in as a parameter. Take a look at the following program, and then extend servers.ps1 to accept a file path as a parameter.

Consider the following set of DNS Resolution Commands:

Deliverable 3. Write a script that takes two parameters that include the DNS response Type and a file with a list of hosts. Your output should look similar to the following. You may need to conduct some research to see how to pass more than one parameter. Provide a screenshot of your syntax and execution output.

$listofthings and $type are the parameters that are being passed in the script.

Remote Powershell

Move over to your AD Server (Windows Server) and open up a Powershell prompt. Though Windows does not natively support SSH for remote access, Powershell can be invoked remotely using PSSession. Refer to the following screenshot.

This is me doing it

Deliverable 4. Provide a screenshot that shows a remote PS-Session and the command of your choice on FS01.

Deliverable 5. The following command shows how one can just launch a command remotely without having an interactive session. Explore the -ScriptBlock Option and provide a screenshot showing your own command launched on FS01.

Examples:

My own capture:

Deliverable 6. Using Powershell on AD, figure out how to add a single user to Active Directory, and then how to add that user to a domain group that you create. Provide a screenshot that shows the command syntax and execution w/ response.

New-ADUser -SamAccountName "FeetMyLove" -Name "Feet McFeety" -AccountPassword "4Hannelore"

Arguments for this command:

-SamAccountName

Specifies the User Logon Name

-Name

Specifies the full name of the user

-AccountPassword

Specifies the password for the new user

-Surname

Specifies the surname (last name) of the user

https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-aduser?view=windowsserver2022-ps

New-ADGroup -Name "FeetGroup -GroupScope Domain Local"

I didn't specify the GroupScope in the command, but it would have been `-GroupScope "DomainLocal"

Arguments for this command:

-Name

Specifics the common name(CN) of the group

-GroupCatergory

Specifies the category of the group

-GroupScope

Specifies the scope of the group

https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-adgroup?view=windowsserver2022-ps

Add-ADGroupMember -Identity "FeetGroup" -Members "FeetMyLove"

Arguments for this command:

-Identity

Specifies the gruop to which you want to add members

-Memebers

Specifies the users (or groups) you want to add to the group. You can provide multiple members by separating them with commas.

https://learn.microsoft.com/en-us/powershell/module/activedirectory/add-adgroupmember?view=windowsserver2022-ps

Get-ADGroupMember -Identity "FeetGroup"

This is to verify group membership. Youc an see that in FeetGroup we have out user that we made.

Remove-ADUser -Identity "FeetMyLove" -Confirm:$false

Remove-ADGroup -Identity "GroupName" -Confirm:$false

Final Deliverable

Deliverable 7: If you try the PS-Remoting commands against your workstation, it may fail due to firewall and other issues. Research the problem and see if you can resolve them. Take a screenshot of remote command invocation from AD to your workstation.

Enable-PSRemoting -Force