Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Friday, March 24, 2017

Determine which Nodes have UAC Enabled with PowerShell

Wow!  It has been a while since I last blogged.  This has been a very busy year. Between my Navy activities and all the classes that I’m bringing online for clients, I am burning the candle at both ends.

As many of you know, my last day of a PowerShell class is “Project Day”.  One of the projects that I helped out with this week involved determining if UAC was enabled.  Utilizing the template we created in class and a check of the registry, we were able to:
  •         Remote to each client.
  •         Determine if the client was online.
  •         Report back the state of UAC.

I decided to advance the code just a little to make sure everything reports back as an object.  Below is that code.  Wish I had more time to explain it step by step, but I have to keep moving.  I only have 3 weeks to get everything done for PowerShell Conference Europe.

ForEach ($N in (Get-ADComputer -filter *).Name)
    $Obj = New-Object -TypeName PSObject -Property @{
        ComputerName = $Null
        UACEnabled = $Null
        Online = $False
        $Obj.ComputerName = $N
        $Data = Invoke-Command `
                -ComputerName $N `
                -ErrorAction Stop `
                -ScriptBlock {
                    (Get-ItemProperty `
                        -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System `
                        -Name EnableLUA).EnableLUA
        $Obj.Online = $True
        If ($Data = 1) {$Obj.UACEnabled = $True}
        Else {$Obj.UACEnabled = $False}
    Catch {$Online = $False}
    Write-Output $Obj

Wednesday, March 8, 2017

Demonstrating Hashing a File

I’m spending the week in San Diego delivering a Security+ class as part of my Annual Training for the United States Navy.  It has been a few years since my last Security+ class that I delivered to the US Air Force.  Since then, PowerShell has undergone a few version updates.  I decided to leverage one of the new cmdlets to help use demonstrate file hashing.

The group that we are working with this week is sharp and asking some really great questions.  There is a little confusion out there on what a hash is so I’m adding this to both my military and civilian Security+ classes. 


Demonstration of using a hashing algorithm to verify
file integrity.

ITC J. Yoder

Creation Date: March 7, 2017

Slide: Symmetric Algorithms

This code is designed to be ran inside of the PowerShell ISE.
Select the code in each step and press F8.

Tested on PowerShell 5.  Execute the command below to determine your
PowerShell version.

# Step 1 : Create a Folder Structure
New-Item -Path c:\ps\Original -ItemType Directory
New-Item -Path c:\ps\Copy -ItemType Directory

# Step 2 : Create a text file in the original directory.
"This is my text" | Out-File -FilePath C:\ps\Original\Data1.txt

# Step 3 : Create a hash for this file using SHA256
$HashOriginal = Get-FileHash -Path C:\ps\Original\Data1.txt

# Step 4 : View the hash.

# Step 5 : Copy the file.
Copy-Item -Path C:\ps\Original\Data1.txt -Destination C:\ps\Copy\Data1.txt

# Step 6 : Create a hash Of the copy using SHA256
$HashCopy = Get-FileHash -Path C:\ps\Copy\Data1.txt

# Step 7 : Test the hashes for equality.
$HashOriginal.Hash -eq $HashCopy.Hash

# Step 8 : Rename the copy.
Rename-item -Path C:\ps\Copy\Data1.txt -NewName C:\ps\Copy\Data2.txt

# Step 9 : Create a hash Of the renamed copy using SHA256
$HashRenamed = Get-FileHash -Path C:\ps\Copy\Data2.txt

# Step 10 : Test the hashes for equality.
$HashOriginal.Hash -eq $HashRenamed.Hash

# Step 11 : Modify the copy by adding a period to the end.
"This is my text." | Out-File -FilePath C:\ps\Copy\Data2.txt

# Step 12 : Create a hash Of the Modified copy using SHA256
$HashModified = Get-FileHash -Path C:\ps\Copy\Data2.txt

# Step 13 : Test the hashes for equality.
$HashOriginal.Hash -eq $HashModified.Hash

# Step 14 : View the hashes
Write-Host "Original : $($HashOriginal.Hash)" -BackgroundColor DarkGreen
Write-Host "Copy     : $($HashCopy.Hash)" -BackgroundColor DarkGreen
Write-Host "Renamed  : $($HashRenamed.Hash)" -BackgroundColor DarkGreen
Write-Host "Modified : $($HashModified.Hash)" -BackgroundColor DarkRed

# Step 15 : Clean up the disk.
Remove-Item -Path C:\ps\Original -Confirm:$false -Recurse
Remove-Item -Path C:\ps\Copy -Confirm:$false -Recurse

Thursday, February 2, 2017

__error__ in PowerShell ISE

Wow, I finally got around to doing a little blogging.  This has thus far been a very busy year.  I’m actually writing this in the air heading to teach a PowerShell class in North Carolina and prepping my sessions for PowerShell Summit Europe in a few months. 

When I start helping my students debug their issues in class, I often walk up to their monitors and see the error right away.  I am very cautious to point out at the beginning of class that the reason that I see their errors so fast is because I have made the same errors so often.  Here is one that left me scratching my head.

While adding a valid parameter to a function that I was developing, I had this error in the ISE.
I’ll be honest, this was a new one for me.  Looking at the message, I realized that there was a casting of string.  This pointed me to my param block. Sure enough, I placed a comma where I should not have.

You can see it right after [String].  My bad.  Hey, all of us make mistakes.

Wednesday, January 4, 2017

Using functions with PowerShell Background Jobs Part 2 of 2

Yesterday we learned how to use the InitializationScript parameter of Start-Job. Today we are going to allow for further modularization of our code and send multiple functions to Start-Job.  We could very easily send multiple functions in the same script block, but I need to pick and choose which functions I will be working with for each process so I need to be able to send them separately.  Here is our code.

$JobFunction1 = {
 Function Beep
    Param ($Tone)


$JobFunction2 = {
 Function Beep2
    Param ($Tone, $Time)

$InitializationScript = $executioncontext.invokecommand.NewScriptBlock("$JobFunction1 $JobFunction2")

$JobSplat = @{
    Name = "Test1"
    InitializationScript = $InitializationScript
    ArgumentList = 300, 400, 200

Start-Job @JobSplat -ScriptBlock {
            Param($Value, $Tone, $Time)
            Beep -Tone $Value
            Beep2 -Tone $Tone -Time $Time

A lot of the code is the same as yesterday with a few exceptions. Notice that we are creating $JobFunction1 and $JobFunction2.  This allows me to place a single function inside of a script block, but be able to send multiple script blocks to Start-Job.  I am also using the $ExecutionContext automatic variable. According to About_Automatic_Variables, this variable:
Contains an EngineIntrinsics object that represents the execution context of the Windows PowerShell host. You can use this variable to find the execution objects that are available to cmdlets.

OK, that was informative.  It is on object of type System.Management.Automation.EngineIntrinsics. In short, you can create new script blocks with it.  I use it to join the 2 variables containing the script blocks that I need to send to Start-Job. I save the output in a variable called $InitializationScript. This is now the value of –InitializationScript.

When you run this code, you will hear two beeps.

Tuesday, January 3, 2017

Using functions with PowerShell Background Jobs Part 1 of 2

Happy New Year everyone!  I am spending my New Years’ day working on some code that I’ve been putting off while the family has been in town.  Something about shoveling sunshine as opposed to shoveling snow.  I’m working on expanding some Azure code that I have developed and I’m looking at ways to further modularize the code.  Since I use Background jobs with script blocks to speed the processes that I am running, I’m looking at using the InitializationScript parameter of Start-Job.

The InitializationScript parameter allows you to run code before the ScriptBlock parameter runs.  When you include functions inside of it, you are able to place those functions in the same memory that the ScriptBlock will execute in.  Let’s take a look at our code to set this up.

First we create a variable that will hold our function that we will call from the background job.

$JobFunctions = {
 Function Beep
    Param ($Tone)


In this case, we are going to make the console beep.  We are also going to pass the value for the tone of the beep to the parameter $Tone.

Next we will set up a splat for a few of the parameters of Start-Job. Notice that we are setting the value for –InitializationScript to be the $JobFunctions that we created above.  Also, we need to pass a value to what will be our script block.  That value is 300.

$JobSplat = @{
    Name = "Test1"
    InitializationScript = $JobFunctions
    ArgumentList = 300

Now we can run our background job.

Start-Job @JobSplat -ScriptBlock {
            Beep –Tone $Value

First off we call our splat and then we call our script block.  We need to pass the value of 300 to the script block so we created a parameter called $Value. In other words $Value = 300.  Next we call the function that we sent to the initialization script.  The function name is Beep it has a parameter called –Tone.  We provide it the value of 300 that is contained in $Value.  Once this runs, you will hear a beep.

Tomorrow we will send multiple functions to our background job.