Lab 10 ‐ Powershell Scripting - Isaiah-River/SYS-255-02-SYSAdmin GitHub Wiki

Main Lab

Overview

This lab overall is similar to our Linux BASH scripting lab, but this time we will be working with Windows PowerShell.

Objectives

  • Get acquainted with scripting in PowerShell
  • Create a Powershell command with a Loop
  • Create a Powershell command with two parameters
  • Familiarize myself with remote PowerShell
  • Work with Active Director through PowerShell
  • Learn how to, and enable remote PowerShell on wks02-isaiah

Part 01 - Introduction to PowerShell Commands and Aliases

I started the lab by launching PowerShell from wks02-isaiah. After this I ran a couple commands to get used to some PowerShell commands, and familiarize myself with aliases which essentially translates Linux commands to PowerShell commands.. I first ran the command $env:Path which displays the path string from the environment object. After this I ran the command cd c:\users ; pwd to navigate to the c:\users directory, and display the present working directory. After this the command cd ~ ; pwd first navigates to the "home" directory of c:\users\isaiah-river-adm and then prints the present working directory. The final command history shows my history of commands.

image

After this I tried to familiarized myself with some looping code. In order to do this I used the command $mypath - $env:Path to try to set the assignment of $env:Path string to the $mypath variable. However this gave me an error saying that "Input string was not in a correct format." so this is something I had to move past and come back to resolve.

image

I then got accustomed to the alias command. alias is used to view the PowerShell cmdlet that is attached to an alias in the example below I use the command alias dir to see what cmdlet is actually being used. After this I use the command alias | findstr Get-ChildItem to search for all alias that contain the string Get-ChildItem. It appears that findstr is similar, if not the same, to how grep is used.

image

We then went to go make our own alias, however I wanted to be able to save mine so I had to create a PowerShell profile. I created a profile with the command new-item -path $profile -type file -force. After this I opened up the profile in notepad using the command notepad $profile. At this point I could insert my alias commands here and they would be saved. I then created my first alias by inserting a line with the command Set-Alias -Name ifconfig -value ipconfig and restarting PowerShell to refresh my profile. After this running the alias ifconfig would in return run the cmdlet ipconfig.

image

Following this I created another alias with the name grep and set its value to findstr by inserting the line Set-Alias -Name grep -value findstr. I then restarted PowerShell and ran the command alias | grep Get-ChildItem.

image

Part 02 - Creating my first PowerShell script

When I finished some familiarization work, it was time get acquainted with scripting in PowerShell. I began by running the command mkdir scripting ; cd scripting ; notepad servers.txt to make a directory called scripting, open said directory, and then create and open a file called servers.txt in notepad. Within notepad I then filled the following websites each into a separate line: champlain.edu, vermont.gov, and mcsp.one. I then used the command $servers=Get-Content .\servers.txt to create a variable called $servers and to pull the content of .\servers.txt. I then used a for loop command to write the host of each $server in $servers with the command:

foreach($server in servers)

{

Write-Host $server

}

image

After this I had some issues that I resolved by simply manually creating my servers.ps1 script. To do this I used the command notepad servers.ps1, and filled it with the content from above. After that I had to allow scripts to run using the command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned and selecting yes. I was then able to run my script by using the command .\servers.ps1.

image

Taking my script, I modified it to instead of just printing each line from servers.txt, to instead ping each one. In order to do this I simply had to change the Write-Host line to ping -n 1.

image

Part 03 - Parameters

When I finished configuring and running my loop script, I moved onto working with parameters. I started by essentially building a template parameter script as seen below.

image

I then I adapted the script to loop through my servers.txt conducting a Resolve-DnsName. I did this using the -Name and -Type parameters, which I defined as $servers and $type.

image

Part 04 - Remote PowerShell

Taking a brief break from scripting, I went on to get use Remote PowerShell. I began by logging in to ad02-Isaiah, and running the command Get-ADComputer -Filter * | Select-Object Name to pull the hostnames of the computers on the active directory. I used the command Enter-PSSession -ComputerName fs02-Isaiah to remote PowerShell into my file server VM, where I then ran the command ipconfig, screenshotting this for a deliverable.

image

I then exited my remote PowerShell, and used the command Invoke-Command -ComputerName fs01-Isaiah -ScriptBlock { ipconfig } to simply execute one command from fs01-Isaiah, rather than starting a PowerShell session.

image

Part 05 - Working with Active Directory through PowerShell

When I finished up with my remote PowerShell part of the lab, I went on to familiarize myself with working with PowerShell to accomplish tasks in my Active Directory. I began by doing some research onto how to simply create an AD user. I logged into ad02-isaiah and used the command New-ADUser "TestingAlice to create a user with the username TestingAlice. After this I used the command Get-ADUser -Filter * -Properties samAccountName | select samAccountName to view the created users.

image

I then used the command to Remove-AdUser "TestingAlice" to remove this test account.

image

I then used the command New-ADOrganizationalUnit -Name "PowerShellCreatedUsers" -Path "DC=isaiah,DC=local"; New-ADUser -Name "ADAlice -SamAccountName "ADAlice" -Path "OU=PowerShellCreatedUsers,DC=isaiah,DC=local" to first create an OU with then name PowerShellCreatedUsers under the isaiah.local domain. I then string on a New-ADUser that creates a user with the name ADAlice with the same logon name, within the newly created OU PowerShellCreatedUsers, within the isaiah.local domain.

image

Part 07 - Enabling remote PowerShell

When finishing getting acquainted with configuring AD through PowerShell, I went on to learn how to enable remote PowerShell. I started by attempting to remote PowerShell into wks02-isaiah with the command Enter-PSSession -ComputerName wks02-isaiah, which would go onto fail.

image

After this I went on to do some research on how to enable remote PowerShell on wks02-isaiah. I started by running an elevated PowerShell on wks02-isaiah. Here I ran the command Enable-PSRemoting to enable remote Powershell.

image

I then went back to my ad02-isaiah VM, and tried using Enter-PSSession -ComputerName wks02-isaiah once more, this time with success.

image

Part 08 - OPTIONAL - Fixing Restrictive UAC on a workstation

Further Research

Removing an OU that won't delete with PowerShell

I ran into an issue when working with this lab, where I was unable to delete a PowerShell created OU as it said that I did not have the permissions to do so. In order to fix this I had to do some research which I found that using the command Get-ADOrganizationalUnit -identity "OU=PowerShellCreatedUsers,DC=isaiah,DC=local" | SetADObject -ProtectedFromAccidentalDeletion:$False -PassThru | Remove-ADOrganizationalUnit -Confirm:$False would allow me to bypass this issue.