Microsoft PowerShell: Quicker and More Secure!

System administrators are faced with a lot of challenges and many different tasks, running across the company or from floor to another will not help in solving these tasks but it will make them more complicated.

Now if your infrastructure is based on windows environment using remote desktop is not a good idea, you may need at the same time to access multiple servers while connection are very slow during the graphical manipulation, using RDP will make it hard to process and automate large data.

In the past administrators used to work with VBscript which was firstly introduced on Windows NT to manage the information system but this can’t be used interactively, which can make development and testing awkward , slow and may reduce your information system security.

Using PowerShell have solved all these issues as it provides the best automation engine for the Windows platform and saves lots of time during performing any task. Imagine that you have to create 1000 email accounts for your company, how much time you need for doing your work? With PowerShell the action required to create one account is the same for the 1000, it’ll definitely be quicker and easier. Once the script is written, it can be saved and used for the one-user or 1000-user scenarios. Briefly PowerShell greatly simplifies the implementation of common tasks.

Microsoft integrated PowerShell with Windows 7 and Windows Server 2008 R2 in July 2009 (PowerShell is buried in the Start menu: Start -> All programs -> Accessories -> Windows PowerShell) while if you run older version you can download it from the official website.

For managing processes you can run the following:

[php]PS> Get-Process (list all processes)

PS> Get-Process | Get-Member (list Process properties)

PS> Get-Process | sort cpu -Descending | Select -First 5 (Sorting)

PS> Get-Process notepad | Stop-Process (kill process)

PS> Start-Process notepad (launching/ Creating processes) [/php]

You can create folders:

[php]PS> New-Item -Name TestFolder -Path c:\scripts -ItemType Directory[/php]

Or create files:

[php]PS> New-Item -Name testfile.txt -Path c:\scripts\testfolder -ItemType File -Value "This is a one line file" [/php]

Check the event logs:

[php]PS> Get-Eventlog –List (List available event logs)

PS> Get-EventLog -LogName System (Reading event logs)[/php]

This is not all as if you are looking to check a Network problem you may run your sniffer on PowerShell. This is possible by installing WinDump.exe which is a free command-line packet sniffer and protocol analyzer for Windows (similar in command-line options to tcpdump for UNIX/Linux) and run Sniff.ps1 Script.

PowerShell do have great build-in security features as all scripts have a restricted execution policy and it gives over Group Policy a centralized control. The four ExecutionPolicy Level are:

  1. Restricted This only allows running the individual commands.
  2. AllSigned This setting does allow scripts to run in PowerShell but with a digital signature from a trusted publisher.
  3. RemoteSigned This setting allows scripts to be run, downloaded from internet have to be associated digital signature from a trusted publisher. Local scripts don’t need to be signed.
  4. Unrestricted This is not a recommended setting! As it allows unsigned scripts to run, including all scripts and configuration files downloaded from the Internet. The risk here is running scripts without any signature or security.

These 4 levels can help user to have a full control of any script can be executed and as a result no malicious script may be executed remotely or locally. For developing these scripts there are many online resources that may help such as PowerShell Analyzer which is freely available and POWERGUI which have a regular basis new packs online.

PowerShell is a very powerful admin tool and can help to manage Microsoft based corporate network quickly and safely.

References:

(1) Figure by Richard Siddway from PowerShell in Practice: http://www.amazon.com/PowerShell-Practice-Richard-Siddaway/dp/1935182005

(2) Microsoft Technet : http://technet.microsoft.com/en-us/library/bb978526.aspx

(3)  WinDump Color Highlighting PowerShell Script http://blogs.sans.org/windows-security/2009/10/22/windump-color-highlighting/

Share
  • Pingback: Tweets that mention Microsoft PowerShell: Quicker and More Secure! | SecTechno -- Topsy.com()

  • Pingback: Win Security()

  • Pingback: Kimberly()

  • Pingback: ridwan()

  • Pingback: Cdubart()

  • Pingback: Bluetack()

  • Pingback: Lee()

  • Pingback: Ray Foo()

  • Pingback: Cdubart()

  • Pingback: Satyam Pujari()

  • Pingback: velmurugan()

  • Pingback: Mourad Ben Lakhoua()

  • http://twitter.com/NicholasLeader Nick

    “accede” = access ?

  • http://sectechno.com Mourad

    yes, having access to multiple servers.

  • http://twitter.com/NicholasLeader Nick

    I was pointing out what I’m guessing is a spelling error in your post

  • http://sectechno.com Mourad

    lol, I thought that i have corrected this, Thanks for reminding :-)

  • Brian Butler

    I would suggest people also check out PowerSE (http://www.powerse.com) as another robout PowerShell Script Editor