Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Friday, March 24, 2017

Determine which Nodes have UAC Enabled with PowerShell

Wow!  It has been a while since I last blogged.  This has been a very busy year. Between my Navy activities and all the classes that I’m bringing online for clients, I am burning the candle at both ends.

As many of you know, my last day of a PowerShell class is “Project Day”.  One of the projects that I helped out with this week involved determining if UAC was enabled.  Utilizing the template we created in class and a check of the registry, we were able to:
  •         Remote to each client.
  •         Determine if the client was online.
  •         Report back the state of UAC.

I decided to advance the code just a little to make sure everything reports back as an object.  Below is that code.  Wish I had more time to explain it step by step, but I have to keep moving.  I only have 3 weeks to get everything done for PowerShell Conference Europe.




ForEach ($N in (Get-ADComputer -filter *).Name)
{
    $Obj = New-Object -TypeName PSObject -Property @{
        ComputerName = $Null
        UACEnabled = $Null
        Online = $False
    }
    Try
    {
        $Obj.ComputerName = $N
        $Data = Invoke-Command `
                -ComputerName $N `
                -ErrorAction Stop `
                -ScriptBlock {
                    (Get-ItemProperty `
                        -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System `
                        -Name EnableLUA).EnableLUA
                }
        $Obj.Online = $True
        If ($Data = 1) {$Obj.UACEnabled = $True}
        Else {$Obj.UACEnabled = $False}
    }
    Catch {$Online = $False}
    Write-Output $Obj

Wednesday, March 8, 2017

Demonstrating Hashing a File

I’m spending the week in San Diego delivering a Security+ class as part of my Annual Training for the United States Navy.  It has been a few years since my last Security+ class that I delivered to the US Air Force.  Since then, PowerShell has undergone a few version updates.  I decided to leverage one of the new cmdlets to help use demonstrate file hashing.

The group that we are working with this week is sharp and asking some really great questions.  There is a little confusion out there on what a hash is so I’m adding this to both my military and civilian Security+ classes. 

Enjoy!

<#
Demonstration of using a hashing algorithm to verify
file integrity.

ITC J. Yoder
NR SPAWAR 119

Creation Date: March 7, 2017

Slide: Symmetric Algorithms

Notes:
This code is designed to be ran inside of the PowerShell ISE.
Select the code in each step and press F8.

Tested on PowerShell 5.  Execute the command below to determine your
PowerShell version.
#>
$PSVersionTable.PSVersion

# Step 1 : Create a Folder Structure
New-Item -Path c:\ps\Original -ItemType Directory
New-Item -Path c:\ps\Copy -ItemType Directory

# Step 2 : Create a text file in the original directory.
"This is my text" | Out-File -FilePath C:\ps\Original\Data1.txt

# Step 3 : Create a hash for this file using SHA256
$HashOriginal = Get-FileHash -Path C:\ps\Original\Data1.txt

# Step 4 : View the hash.
$HashOriginal.Hash

# Step 5 : Copy the file.
Copy-Item -Path C:\ps\Original\Data1.txt -Destination C:\ps\Copy\Data1.txt

# Step 6 : Create a hash Of the copy using SHA256
$HashCopy = Get-FileHash -Path C:\ps\Copy\Data1.txt

# Step 7 : Test the hashes for equality.
$HashOriginal.Hash -eq $HashCopy.Hash

# Step 8 : Rename the copy.
Rename-item -Path C:\ps\Copy\Data1.txt -NewName C:\ps\Copy\Data2.txt

# Step 9 : Create a hash Of the renamed copy using SHA256
$HashRenamed = Get-FileHash -Path C:\ps\Copy\Data2.txt

# Step 10 : Test the hashes for equality.
$HashOriginal.Hash -eq $HashRenamed.Hash

# Step 11 : Modify the copy by adding a period to the end.
"This is my text." | Out-File -FilePath C:\ps\Copy\Data2.txt

# Step 12 : Create a hash Of the Modified copy using SHA256
$HashModified = Get-FileHash -Path C:\ps\Copy\Data2.txt

# Step 13 : Test the hashes for equality.
$HashOriginal.Hash -eq $HashModified.Hash

# Step 14 : View the hashes
Write-Host "Original : $($HashOriginal.Hash)" -BackgroundColor DarkGreen
Write-Host "Copy     : $($HashCopy.Hash)" -BackgroundColor DarkGreen
Write-Host "Renamed  : $($HashRenamed.Hash)" -BackgroundColor DarkGreen
Write-Host "Modified : $($HashModified.Hash)" -BackgroundColor DarkRed

# Step 15 : Clean up the disk.
Remove-Item -Path C:\ps\Original -Confirm:$false -Recurse
Remove-Item -Path C:\ps\Copy -Confirm:$false -Recurse