0208 | Getting Prepared for Automation
PowerShell Security Goals
- secured by default
- prevents mistakes by unintentional admins and users
- no script execution
.ps1associated with notepad | opens notepad and does not run it- must type path to execute a script
Execution Policy
- an interactive user can do basically anything, only restricts the scripts
- by default,
psdoes not run scripts - Check and Set the Execution Policy
get/set-executionpolicy
- Options
restricted(default)unrestrictedallsigned| every script that you download or create locally needs to be signedremotesigned| everything you download must be signed, not needed for locally created scriptsbypassundefined
- can be set with group policy
Certificates
- create a new self signed certificate
new-selfsignedcertificate
# once created, they will appear in the cert drive
get-psdrive
# get the code signing certificates and assign them to var a
dir Cert:\CurrentUser -Recurse -CodeSigningCert -OutVariable a
# display var a
$a
# create new var `cert` and assign the first cert in `a` to it
$cert = $a[0]
Modify the Execution Policy
# get the current execution policy
get-executionpolicy
# modify it to all signed == everything must be signed
set-executionpolicy "allsigned"
# sign the script
set-authenticodesignature -certificate $cert -Filepath .\test.ps1
# just because it is signed, it is not trusted -- query if you trust it
# run the script
.\test.ps1
Variables
# assigning a variable
$MyVar="Hello"
# display the var
$MyVar
# assinging an object
$MyVar=Get-Service bits
# using the objects properties
$MyVar.status
# using the objects methods
$MyVar.stop()
# use refresh to actualize it
$MyVar.refresh()
# verify that it has stopped
$MyVar.status
###
# space does not matter
${ THIS IS A TEST} = 4
# display the var
${ THIS IS A TEST}
# special characters are allowed
${ THIS IS A TEST sadfklsjfaljl54965479#$%^^&*(} = "WOOOW"
# display it
${ THIS IS A TEST sadfklsjfaljl54965479#$%^^&*(}
Read in from the Host
# print "Enter a ComputerName" to the sceen and save the answer in `var`
$var = read-host "Enter a ComputerName"
# input "dc"
# check `var` -- contains dc
$var
# use the variable
get-service -name bits -computername $var
Example | Writing to a File
# create a sequence -- System.Int32
1..5
# 1;2;3;4;5 will be displayed, separated by a new line
# write them to a file
1..5 > test.txt
# run it -- path is your current path -- you will get the 'value' of the file
${c:\path\test.txt}
# the numbers will be diplayed
# simply put -- "$" syntax basically says where do I store my data
# generally in memory -- process goes aways, it goes with it
# but when you store it in a file, you can access it in an other terminal etc.
Write to the Screen
- Do not use
write-host| nothing leaves afterwrite-host - if you still use it | use the term
showto indicate that it's only for display - example
# simple output
write-host $var
# fancy output
write-host $var -foregroundcolor red -backgroundcolor green
###
# this will output an error -- nothing going down the pipeline
write-host $var | gm
# use write-output instead -- to System.String object
write-output $var | gm
# color coding will come with special commands -- results in yellow
write-warning "Please..dont do that"
# or in red
write-error "Stop touching me!"