Powershell
Revision as of 08:00, 17 October 2022 by Jamie (talk | contribs) (→More PowerShell Commands with Some Examples)
Windows PowerShell Information
Enabling PowerShell Script Execution
Miscellaneous PowerShell Commands
Here are some of the PowerShell commands I use regularily to to manage Windows machines:
Create NEW Active Directory Domain Controller/AD DS:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName thebestlinux.net -DomainNetbiosName THEBESTLINUX -InstallDNS
OTHER COMMANDS:
Disable IPv6 on ALL NIC’s:
Disable-NetAdapterBinding -Name Ethernet* -ComponentID ms_tcpip6
Get-NetTCPConnection
Get-NetConnectionProfile
Get-NetAdapter
Set-DnsClientServerAddress -InterfaceIndex 3 -ServerAddresses ("192.168.200.103","192.168.200.121","75.75.76.76")
Install-Module PSWindowsUpdate
Set-PSRepository
Add-WUServiceManager -MicrosoftUpdate
Get-WindowsUpdate
Get-Service | findstr Admin
sc queryex type=service state=all
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -AutoSize
Get-WindowsFeature
Get-package | Select-Object Name,Version
Get-WindowsUpdate -v
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -AutoSize
New-ADUser /?
get-localuser
get-roles
Get-DnsServerResourceRecord dawgland.com
Get-DnsServerQueryResolutionPolicy
dcdiag /a
CONFIRM ALL 5 Roles of Active Directory Servers are up and running!!!:
Get-ADDomain dawgland.com | Format-Table PDCEmulator,RIDMaster,InfrastructureMaster
Get-ADForest dawgland.com | Format-Table SchemaMaster,DomainNamingMaster
Get-DnsServerResourceRecord -ZoneName dawgland.com
Get-NetConnectionProfile
Get-NetTCPConnection
Get-CimInstance -Class CIM_LogicalDisk
Get-DiskFreeSpace
Get-GPRegistryValue -Key HKEY_LOCAL_MACHINE
Get-GPRegistryValue -Guid 31b2f340-016d-11d2-945f-00c04fb984f9 -Key HKEY_LOCAL_MACHINE
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Import-Module GroupPolicy -verbose
More PowerShell Commands with Some Examples
Here are some more commands I use when working on headless Windows Server hardware and virual machines, such as
Windows Server Core:
Open a Windows command prompt as Administrator:
runas /user:administrator CMD.exe
List Installed Apps:
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize
Install Failover Cluster Tools:
Install-WindowsFeature -Name Failover-Clustering –IncludeManagementTools
Include command line management tools:
Install-WindowsFeature RSAT-Clustering-CmdInterface
Find out if package is installed. This example uses GIT:
PS C:\Users\Administrator> Get-Package | Select-Object Name | findstr -i git
Git
Find out if package is installed. This exampled uses WAC(Windows Admin Center):
PS C:\Users\Administrator> get-package | select-object Name | findstr -i Admin
Windows Admin Center
Another way to do same as above, but more “Precise”. Can USE WILD-CARDS!!!:
PS C:\Users\Administrator> get-package | Where-Object {$_.Name -like "*Windows Admin Center*"}
Name Version Source ProviderName
---- ------- ------ ------------
Windows Admin Center 1.3.53858.0 C:\Program Files\Windows Admi... msi
Display ALL services installed and their status:
Get-Service | Select-Object Name,Status,DisplayName
Check Status of Windows Admin Center(IF Installed – Otherwise will not find it!
Get-Service | Select-Object Name,Status,DisplayName | findstr Admin
FINDS:
“ServerManagementGateway”, the ACTUAL name of WAC!
ServerManagementGateway Running Windows Admin Center Service
ServerManagementGatewayAccount Stopped Windows Admin Center Account Service
Configure DNS Servers:
Set-DnsClientServerAddress -InterfaceIndex 3 -ServerAddresses ("192.168.200.103","192.168.200.121","75.75.76.76")
Disable ALL Firewall Zones:
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
Enable a port through firewall:
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
Check if Windows Admin Center has been installed:
Get-WmiObject -Class win32_service | Where-Object {$_.name -like "WinRM"}
Download a file using PowerShell:
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile("http://192.168.200.125/WindowsAdminCenter2110.2.msi","C:\Users\Administrator\WindowsAdminCenter2110.2.msi")
Check EvenLogs for logins, failures, apps, etc:
get-eventlog -list
get-eventlog Application -after (get-date).addhours(-1)
get-eventlog Application -after (get-date).addhours(-8)
USE Security log for checking logins:
get-eventlog Security -after (get-date).addhours(-1)
FORMATTING Example of explicit log index number:
Get-EventLog Security | where index -eq 3704 | format-list *
DOWNLOAD & Install MS SQL Server:
$wc=new-object system.net.webclient
$wc.downloadfile("https://go.microsoft.com/fwlink/?linkid=866662","SQL2019-SSEI-Dev.exe")
GIT Download:
$wc.downloadfile("https://github.com/git-for-windows/git/releases/download/v2.36.0.windows.1/Git-2.36.0-64-bit.exe","Git-2.36.0-64-bit.exe")
Get-Service -Name vds
get-service | Where-Object {$_.status -eq "stopped"}
get-service -name wisvc
PS C:\Users\Administrator> get-service | grep -i admin
Stopped sacsvr Special Administration Console Helper
Running ServerManagemen... Windows Admin Center Service
Stopped ServerManagemen... Windows Admin Center Account Service
PS C:\Users\Administrator>
Get-Item WSMan:\localhost\Client\TrustedHosts
Get-CimInstance -Class CIM_LogicalDisk
DeviceID DriveType ProviderName VolumeName Size FreeSpace
-------- --------- ------------ ---------- ---- ---------
C: 3 53109321728 44553736192
D: 5
Get-NetTCPConnection
LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting
------------ --------- ------------- ---------- ----- --------------
:: 56357 :: 0 Bound
:: 56268 :: 0 Bound
:: 54693 :: 0 Bound
:: 54690 :: 0 Bound
:: 54689 :: 0 Bound
:: 54688 :: 0 Bound
:: 54687 :: 0 Bound
:: 54671 :: 0 Bound
:: 54667 :: 0 Bound
:: 54665 :: 0 Bound
:: 54663 :: 0 Bound
:: 49712 :: 0 Bound
:: 49706 :: 0 Bound
:: 49695 :: 0 Bound
:: 49680 :: 0 Bound
:: 49679 :: 0 Bound
::1 56357 ::1 49666 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 56268 fe80::b586:d0e3:8c2b:2229%5 49666 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 54815 fe80::b586:d0e3:8c2b:2229%5 135 TimeWait
fe80::b586:d0e3:8c2b:2229%5 54671 fe80::b586:d0e3:8c2b:2229%5 389 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 54667 fe80::b586:d0e3:8c2b:2229%5 389 Established Datacenter
::1 54665 ::1 389 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 54663 fe80::b586:d0e3:8c2b:2229%5 389 Established Datacenter
:: 49715 :: 0 Listen
fe80::b586:d0e3:8c2b:2229%5 49712 fe80::b586:d0e3:8c2b:2229%5 49666 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 49695 fe80::b586:d0e3:8c2b:2229%5 49666 Established Datacenter
:: 49692 :: 0 Listen
:: 49686 :: 0 Listen
::1 49680 ::1 389 Established Internet
::1 49679 ::1 389 Established Datacenter
:: 49676 :: 0 Listen
:: 49675 :: 0 Listen
:: 49668 :: 0 Listen
fe80::b586:d0e3:8c2b:2229%5 49666 fe80::b586:d0e3:8c2b:2229%5 56268 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 49666 fe80::b586:d0e3:8c2b:2229%5 49712 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 49666 fe80::b586:d0e3:8c2b:2229%5 49695 Established Datacenter
::1 49666 ::1 56357 Established Datacenter
:: 49666 :: 0 Listen
:: 49665 :: 0 Listen
:: 49664 :: 0 Listen
:: 47001 :: 0 Listen
:: 9389 :: 0 Listen
:: 5985 :: 0 Listen
:: 3389 :: 0 Listen
:: 3269 :: 0 Listen
:: 3268 :: 0 Listen
:: 636 :: 0 Listen
:: 593 :: 0 Listen
:: 464 :: 0 Listen
:: 445 :: 0 Listen
fe80::b586:d0e3:8c2b:2229%5 389 fe80::b586:d0e3:8c2b:2229%5 54671 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 389 fe80::b586:d0e3:8c2b:2229%5 54667 Established Datacenter
fe80::b586:d0e3:8c2b:2229%5 389 fe80::b586:d0e3:8c2b:2229%5 54663 Established Datacenter
::1 389 ::1 54665 Established Datacenter
::1 389 ::1 49680 Established Datacenter
::1 389 ::1 49679 Established Datacenter
:: 389 :: 0 Listen
:: 135 :: 0 Listen
:: 88 :: 0 Listen
fe80::b586:d0e3:8c2b:2229%5 53 :: 0 Listen
::1 53 :: 0 Listen
0.0.0.0 49715 0.0.0.0 0 Listen
0.0.0.0 49692 0.0.0.0 0 Listen
0.0.0.0 49686 0.0.0.0 0 Listen
0.0.0.0 49676 0.0.0.0 0 Listen
0.0.0.0 49675 0.0.0.0 0 Listen
0.0.0.0 49668 0.0.0.0 0 Listen
192.168.200.129 49666 192.168.200.216 60179 Established Datacenter
0.0.0.0 49666 0.0.0.0 0 Listen
0.0.0.0 49665 0.0.0.0 0 Listen
0.0.0.0 49664 0.0.0.0 0 Listen
0.0.0.0 9389 0.0.0.0 0 Listen
192.168.200.121 3389 192.168.200.223 64821 Established Datacenter
0.0.0.0 3389 0.0.0.0 0 Listen
0.0.0.0 3269 0.0.0.0 0 Listen
0.0.0.0 3268 0.0.0.0 0 Listen
0.0.0.0 636 0.0.0.0 0 Listen
0.0.0.0 593 0.0.0.0 0 Listen
0.0.0.0 389 0.0.0.0 0 Listen
192.168.200.121 139 0.0.0.0 0 Listen
0.0.0.0 135 0.0.0.0 0 Listen
192.168.200.129 53 0.0.0.0 0 Listen
192.168.200.121 53 0.0.0.0 0 Listen
127.0.0.1 53 0.0.0.0 0 Listen
Get-NetConnectionProfile:
Name : Unidentified network
InterfaceAlias : Ethernet
InterfaceIndex : 5
NetworkCategory : Public
IPv4Connectivity : NoTraffic
IPv6Connectivity : NoTraffic
Get-DnsServerResourceRecord -ZoneName dawgland.com
HostName RecordType Type Timestamp TimeToLive RecordData
-------- ---------- ---- --------- ---------- ----------
@ A 1 2/21/2022 4:00:00 PM 00:10:00 192.168.200.129
@ A 1 2/21/2022 4:00:00 PM 00:10:00 192.168.200.121
@ NS 2 0 01:00:00 win19vm10.dawgland.com.
@ SOA 6 0 01:00:00 [33][win19vm10.dawgland.com.][h...
_msdcs NS 2 0 01:00:00 win19vm10.dawgland.com.
_gc._tcp.Default-First... SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][3268][win19vm10.dawgla...
_kerberos._tcp.Default... SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][88][win19vm10.dawgland...
_ldap._tcp.Default-Fir... SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][389][win19vm10.dawglan...
_gc._tcp SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][3268][win19vm10.dawgla...
_kerberos._tcp SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][88][win19vm10.dawgland...
_kpasswd._tcp SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][464][win19vm10.dawglan...
_ldap._tcp SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][389][win19vm10.dawglan...
_kerberos._udp SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][88][win19vm10.dawgland...
_kpasswd._udp SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][464][win19vm10.dawglan...
DomainDnsZones A 1 2/21/2022 4:00:00 PM 00:10:00 192.168.200.121
DomainDnsZones A 1 2/21/2022 4:00:00 PM 00:10:00 192.168.200.129
_ldap._tcp.Default-Fir... SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][389][win19vm10.dawglan...
_ldap._tcp.DomainDnsZones SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][389][win19vm10.dawglan...
ForestDnsZones A 1 2/21/2022 4:00:00 PM 00:10:00 192.168.200.121
ForestDnsZones A 1 2/21/2022 4:00:00 PM 00:10:00 192.168.200.129
_ldap._tcp.Default-Fir... SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][389][win19vm10.dawglan...
_ldap._tcp.ForestDnsZones SRV 33 2/21/2022 4:00:00 PM 00:10:00 [0][100][389][win19vm10.dawglan...
win10vm8 A 1 2/21/2022 9:00:00 PM 00:20:00 192.168.200.216
win19vm10 A 1 0 01:00:00 192.168.200.121
win19vm10 A 1 0 01:00:00 192.168.200.129