Be very cautious while trying these steps
Yes, this is a tool worthy of the name. PowerShell can easily cause massive configuration changes, positive or negative: so protect yourself and establish a test environment for your learning experiences. Also consider using the "-confirm" parameter to test configurations before execution for certain commands.
Number 1: Report all of the USB devices installed
PowerShell is Windows Management Instrumentation (WMI) aware. From PowerShell, you can make a WMI call to retrieve the USB devices installed in a local or remote system:
gwmi Win32_USBControllerDevice -computername SERVER1 |fl Antecedent,Dependent
This will apply a filter to bring back the antecedent and dependent fields from the SERVER1 computer. Should you want the full export, you can omit the pipe and filter statement to have a comprehensive export of the USB devices on a system. I have found this useful to maintain a report for servers that have a USB license device installed so that their connectivity is maintained from the device perspective.
Number 2: Perform your favorite CMD tasks in PowerShell
Yes, you can stop using the DOS prompt and start doing all of those same tasks within PowerShell. This can make learning a little easier and help you become more familiar with the interface. Unfortunately, from the run prompt, there is no three-letter launcher like cmd. But powershell will launch it. You can also assign a shortcut key to PowerShell so Ctrl + Shift + P launches it directly.
Number 3: Kill a process in PowerShell instead of Task Manager
When you have a Windows service running that will not respond to stop commands, you can use PowerShell to perform the equivalent actions of ending the task within Task Manager. For instance, you'd do the following for BadThread.exe:
get-process BadTh*
The results will be similar to this:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
28 4 -210844 -201128 -163 25.67 2792 BadThread
Once the Process ID has been identified, you can kill the errant process by entering:
stop-process -id 2792
At that point, the BadThread example will be hard stopped and you can resume your attempt to start the service. You can do that right here in PowerShell as well.
Number 4: Use PSDrive to view more than just drives
The PSDrive command lets you view objects of the Windows environment beyond traditional network, local, or removable drives. One popular view is the HKLM PSDrive to view the HKEY_LOCAL_MACHINE top-level hive of the registry. To get into the registry, enter the following command:
PS C:> cd HKLM:
PS HKLM:/>
You are then transported into the registry hive and can view and even delete items, should you wish.
Number 5: Export NTFS folder permissions -- recursive or not
Managing NTFS permissions is a whole separate matter, but with PowerShell, you can export the permissions to audit access or take a quick look at access control lists (ACLs) for the security configuration. This can be a great accountability mechanism to run in a scripted format periodically -- or you can run it on demand to diagnose a particular issue. For example, take the following iteration:
PS E:>Get-Acl N:Data
This will give you a quick report of your security rights to the specified path (note that it won't give the share access). That alone is nothing too exciting, as it will report only the single specified path, but if you want to include recursion for the entire path, you can use other strategies. For the same path (N:\Data), you'd use the Get-ChildItem command (cmdlet) within PowerShell, combined with the Get-Acl command. Consider the following example:
PS E:>Get-ChildItem N:Data -recurse | Get-Acl
This will span the entire N:\Data path and display the ACLs for the contents of the path. What happens here is that the Get-ChildItem provides an inventory of the file system objects, and that collection is passed to Get-Acl to provide the results for each item.
If you want to archive this to a comma-separated variable (CSV) document, you pass "| export-csv c:\filename.csv" at the end of the cmdlet. You can also pass the normal "> C:\filename.txt" to the end of the command to get it exported to a text file. Note that when you use the -recurse option, it does just that and will traverse the entire path you specify. So be careful when doing it across a large volume or over the network.
Yes, this is a tool worthy of the name. PowerShell can easily cause massive configuration changes, positive or negative: so protect yourself and establish a test environment for your learning experiences. Also consider using the "-confirm" parameter to test configurations before execution for certain commands.
Number 1: Report all of the USB devices installed
PowerShell is Windows Management Instrumentation (WMI) aware. From PowerShell, you can make a WMI call to retrieve the USB devices installed in a local or remote system:gwmi Win32_USBControllerDevice -computername SERVER1 |fl Antecedent,Dependent
This will apply a filter to bring back the antecedent and dependent fields from the SERVER1 computer. Should you want the full export, you can omit the pipe and filter statement to have a comprehensive export of the USB devices on a system. I have found this useful to maintain a report for servers that have a USB license device installed so that their connectivity is maintained from the device perspective.
Number 2: Perform your favorite CMD tasks in PowerShell
Yes, you can stop using the DOS prompt and start doing all of those same tasks within PowerShell. This can make learning a little easier and help you become more familiar with the interface. Unfortunately, from the run prompt, there is no three-letter launcher like cmd. But powershell will launch it. You can also assign a shortcut key to PowerShell so Ctrl + Shift + P launches it directly.
Number 3: Kill a process in PowerShell instead of Task Manager
When you have a Windows service running that will not respond to stop commands, you can use PowerShell to perform the equivalent actions of ending the task within Task Manager. For instance, you'd do the following for BadThread.exe:
get-process BadTh*
The results will be similar to this:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
28 4 -210844 -201128 -163 25.67 2792 BadThread
Once the Process ID has been identified, you can kill the errant process by entering:
stop-process -id 2792
At that point, the BadThread example will be hard stopped and you can resume your attempt to start the service. You can do that right here in PowerShell as well.
Number 4: Use PSDrive to view more than just drives
The PSDrive command lets you view objects of the Windows environment beyond traditional network, local, or removable drives. One popular view is the HKLM PSDrive to view the HKEY_LOCAL_MACHINE top-level hive of the registry. To get into the registry, enter the following command:
PS C:> cd HKLM:
PS HKLM:/>
You are then transported into the registry hive and can view and even delete items, should you wish.
Number 5: Export NTFS folder permissions -- recursive or not
Managing NTFS permissions is a whole separate matter, but with PowerShell, you can export the permissions to audit access or take a quick look at access control lists (ACLs) for the security configuration. This can be a great accountability mechanism to run in a scripted format periodically -- or you can run it on demand to diagnose a particular issue. For example, take the following iteration:
PS E:>Get-Acl N:Data
This will give you a quick report of your security rights to the specified path (note that it won't give the share access). That alone is nothing too exciting, as it will report only the single specified path, but if you want to include recursion for the entire path, you can use other strategies. For the same path (N:\Data), you'd use the Get-ChildItem command (cmdlet) within PowerShell, combined with the Get-Acl command. Consider the following example:
PS E:>Get-ChildItem N:Data -recurse | Get-Acl
This will span the entire N:\Data path and display the ACLs for the contents of the path. What happens here is that the Get-ChildItem provides an inventory of the file system objects, and that collection is passed to Get-Acl to provide the results for each item.
If you want to archive this to a comma-separated variable (CSV) document, you pass "| export-csv c:\filename.csv" at the end of the cmdlet. You can also pass the normal "> C:\filename.txt" to the end of the command to get it exported to a text file. Note that when you use the -recurse option, it does just that and will traverse the entire path you specify. So be careful when doing it across a large volume or over the network.
Comments
Post a Comment