You Should Be Using PowerShell

advertisement
You Should Be Using PowerShell
Aaron Kaiser
S e n i o r Te c h n o l o g y S u p p o r t S p e c i a l i s t
P a r k w a y S c h o o l D i s t r i c t
Why PowerShell? • Most modern Microsoft GUI’s are built upon PowerShell
• A number of third party applications are either built on PowerShell or have snap‐ins that leverage PowerShell
• VMware vSphere PowerCLI
• Citrix Studio
• Fairly straightforward syntax
• Absolute Power!
PowerShell vs VB Script
Po w e r S he l l
V B S c r i p t
Get‐ChildItem ‐Path C:\ ‐File | Select‐Object Directory,Name,Length | Export‐Csv C:\Files.csv ‐
Append ‐NoTypeInformation
Set objFs = CreateObject("Scripting.FileSystemObject")
Set objFile = objFs.CreateTextFile(“C:\Files.csv”)
Wscript.sleep(2000) 'Pause while file is being created
Set objFile = objFs.GetFile(“C:\Files.csv”)
Const ForWriting = 2
Set outputFile = objFs.OpenTextFile(“C:\Files.csv”, ForWriting)
Set objFolder = objFs.GetFolder(“C:\”)
Set colFiles = objFolder.Files
For Each objFile in colFiles
OutputFile.Write “C:\,” & objFile.Name & “,” & objFile.Size
Wscript.Echo “C:\,” & objFile.Name & “,” & objFile.Size
Next
OutputFile.Close
Before You Begin
• Update PowerShell to version 4.0 • $PSVersiontable – use to determine version currently installed
• Improved performance and functionality
• Auto‐load modules
• Execution Policy
• Set to Restricted by default
• RemoteSigned if you wish to be fairly safe
• Unrestricted if you are confident and/or crazy
• PS1 extension
• Setting up the Console Window
• Launching as Administrator
PowerShell Tools
• Console
• Basic interface
• Limited editing capabilities
• Copy and paste are not easy
• ISE (Integrated Scripting Engine)
• Best used for scripting
• Uses normal copy and paste commands
• Helpful features
• Third Party Tools
• Various paid and free tools
• PowerGUI
• Compile script into an EXE
Cmdlets
• Uses verb‐noun naming convention
• Simple Starters
• Get‐Process
• Get‐Service
• Get‐Date
• Get‐Command
• ‐Verb or ‐Noun
• Wildcards
• Parameters
Get‐Help
• Very Important/Helpful
• Provides Description, Syntax, and Even Examples
• ShowWindow Parameter
• Online Parameter
• Wild Card Search
The Pipeline
• Used to connect commands together
• Provides a way to pass output to another command
• Uses the pipe symbol “|”
• Example: Get‐Process | Out‐File c:\process.txt
$Variables
• Where the true scripting power of PowerShell lies
• Always starts with a $
• Can hold a variety of information
• Text
• Numbers
• Lists
Punctuation
• Backtick `
• Escape character
• Single Quotes ‘ ’
• Contains string values
• Does not look for escape character or variables
• Double Quotes “ ”
• Contains string values
• Looks for escape character or variables
• Curly Braces { }
• Contain script blocks
• Variable name that contains spaces or illegal characters
• Parentheses ( )
• Like in math, defines order of execution
• Hashtag #
• Comment character
• Any characters following # are ignored
• Similar to REM in DOS
Parkway Example #1
H o w D o Yo u D e l e t e O v e r 17 , 00 0 U s e r F o l d e r s ? $schools = @("chs", "cms", "sms")
foreach ($school in $schools)
{
Remove-Item "\\student1\$school\*[0-9][0-9][0-9][0-9]" -force -recurse
}
Parkway Example #2
H o w D o Yo u A d d A l l T h e s e M AC A d d r e s s e s A s A c t i v e D i r e c t o r y Users? import-module activedirectory
import-csv c:\ADImport.csv | % {New-ADUser -GivenName $_.Name.ToLower() -Name $_.Name.ToLower() -DisplayName
$_.Name.ToLower() -SamAccountName $_.Name.ToLower() -UserPrincipalName ($_.Name.ToLower() + "@local.com")
-Description $_.Description -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString
$_.Name.ToLower() -AsPlainText -force) -PasswordNeverExpires $True}
import-csv c:\ADImport.csv | % {Add-ADGroupMember -Identity Wireless-MAC -Member $_.Name.ToLower()}
# Script to create Active Directory accounts
Import-Module ActiveDirectory
$Mac = Read-Host -Prompt "Enter The MAC Address"
$Name = $Mac.ToLower()
$Desc = Read-Host -Prompt "Enter The Machine Name. It Must Start With The School's Three Digit Code."
$OU = $Desc.Substring(0,3)
#$OU = Read-Host -Prompt "Enter The School's Three Digit Code"
If ([adsi]::Exists("LDAP://OU=$OU,OU=ws-macaddr,DC=local,DC=com") -eq $False){
write-warning "The School Code is incorrect"}
Elseif (Get-ADUser -Filter {sAMAccountName -eq $Name}){
write-warning "The User already exists"}
Elseif ($Name -notlike '????????????'){
write-warning "The MAC address is the wrong length"}
Else{
New-ADuser -GivenName $Name -Name $Name -DisplayName $Name -SamAccountName $Name -UserPrincipalName ($Name +
"@local.com") -Description $Desc -Path ("OU=" + $OU + ",OU=ws-macaddr,DC=local,DC=com") -Enabled $True
-AccountPassword (ConvertTo-SecureString $Name -AsPlainText -force) -PasswordNeverExpires $True
Add-ADGroupMember -Identity Wireless-MAC -Member $Name
write-host "The account has been created."}
Read-Host -Prompt "Press Enter to exit"
Parkway Example #3
H o w D o Yo u M o v e F r o m N o v e l l S h a r e s To M i c r o s o f t S h a r e s W i t h o u t L o s i n g Yo u r M i n d ? $letters = @("a*", "b*", "c*", "d*", "e*", "f*")
Foreach ($letter in $letters)
{
$users = get-aduser -Filter {Surname -like $letter} -SearchBase "OU=staff,DC=local,DC=com" | Select-Object
-ExpandProperty SamAccountName
Foreach ($user in $users)
{
If ($user -like "a*") {$path = "\\staff1\AC\a"}
Elseif ($user -like "b*") {$path = "\\staff1\AC\b"}
Elseif ($user -like "c*") {$path = "\\staff1\AC\c"}
Elseif ($user -like "d*") {$path = "\\staff2\DF\d"}
Elseif ($user -like "e*") {$path = "\\staff2\DF\e"}
Elseif ($user -like "f*") {$path = "\\staff2\DF\f"}
Elseif ($user -like "g*") {$path = "\\staff3\GJ\g"}
Elseif ($user -like "h*") {$path = "\\staff3\GJ\h"}
Elseif ($user -like "i*") {$path = "\\staff3\GJ\i"}
Elseif ($user -like "j*") {$path = "\\staff3\GJ\j"}
Elseif ($user -like "k*") {$path = "\\staff1\KM\k"}
Elseif ($user -like "l*") {$path = "\\staff1\KM\l"}
Elseif ($user -like "m*") {$path = "\\staff1\KM\m"}
Elseif ($user -like "n*") {$path = "\\staff2\NR\n"}
Elseif ($user -like "o*") {$path = "\\staff2\NR\o"}
Elseif ($user -like "p*") {$path = "\\staff2\NR\p"}
Elseif ($user -like "q*") {$path = "\\staff2\NR\q"}
Elseif ($user -like "r*") {$path = "\\staff2\NR\r"}
Elseif ($user -like "s*") {$path = "\\staff3\SZ\s"}
Elseif ($user -like "t*") {$path = "\\staff3\SZ\t"}
Elseif ($user -like "u*") {$path = "\\staff3\SZ\u"}
Elseif ($user -like "v*") {$path = "\\staff3\SZ\v"}
Elseif ($user -like "w*") {$path = "\\staff3\SZ\w"}
Elseif ($user -like "x*") {$path = "\\staff3\SZ\x"}
Elseif ($user -like "y*") {$path = "\\staff3\SZ\y"}
Elseif ($user -like "z*") {$path = "\\staff3\SZ\z"}
Else {continue}
$newPath = Join-Path \\staffaf\af -childpath $user
new-item $newpath -type directory
$acl = Get-Acl $newpath
$permission = "Local\$user","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $newpath
robocopy $path\$user \\staffaf\af\$user /copy:dat /e /mir /fft /mt:8 /zb /nfl /ndl /ns /nc /np /r:5 /w:5
/log+:c:\aflog.txt
}}
cmd /c dir "\\staff3\SZ\SSD\*" /b /a:d > c:\ssd.txt
$Users = Get-Content c:\ssd.txt
ForEach ($user in $users)
{
$t = Get-ADUser -Filter 'SamAccountName -eq $user' -SearchBase "OU=staff,DC=local,DC=com" | Select-Object
-ExpandProperty Surname
If ($t -like "a*") {$mpath = "\\staffaf\af"}
Elseif ($t -like "b*") {$mpath = "\\staffaf\af"}
Elseif ($t -like "c*") {$mpath = "\\staffaf\af"}
Elseif ($t -like "d*") {$mpath = "\\staffaf\af"}
Elseif ($t -like "e*") {$mpath = "\\staffaf\af"}
Elseif ($t -like "f*") {$mpath = "\\staffaf\af"}
Elseif ($t -like "g*") {$mpath = "\\staffgl\gl"}
Elseif ($t -like "h*") {$mpath = "\\staffgl\gl"}
Elseif ($t -like "i*") {$mpath = "\\staffgl\gl"}
Elseif ($t -like "j*") {$mpath = "\\staffgl\gl"}
Elseif ($t -like "k*") {$mpath = "\\staffgl\gl"}
Elseif ($t -like "l*") {$mpath = "\\staffgl\gl"}
Elseif ($t -like "m*") {$mpath = "\\staffmr\mr"}
Elseif ($t -like "n*") {$mpath = "\\staffmr\mr"}
Elseif ($t -like "o*") {$mpath = "\\staffmr\mr"}
Elseif ($t -like "p*") {$mpath = "\\staffmr\mr"}
Elseif ($t -like "q*") {$mpath = "\\staffmr\mr"}
Elseif ($t -like "r*") {$mpath = "\\staffmr\mr"}
Elseif ($t -like "s*") {$mpath = "\\staffsz\sz"}
Elseif ($t -like "t*") {$mpath = "\\staffsz\sz"}
Elseif ($t -like "u*") {$mpath = "\\staffsz\sz"}
Elseif ($t -like "v*") {$mpath = "\\staffsz\sz"}
Elseif ($t -like "w*") {$mpath = "\\staffsz\sz"}
Elseif ($t -like "x*") {$mpath = "\\staffsz\sz"}
Elseif ($t -like "y*") {$mpath = "\\staffsz\sz"}
Elseif ($t -like "z*") {$mpath = "\\staffsz\sz"}
Else {continue}
$newPath = Join-Path $mpath -childpath $user
new-item $newpath -type directory
$acl = Get-Acl $newpath
$permission = "Local\$user","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $newpath
robocopy \\staff3\SZ\SSD\$user $mpath\$user /copy:dat /e /mir /fft /mt:8 /zb /nfl /ndl /ns /nc /np /r:5 /w:5
/log+:c:\ssdlog.txt
}
Parkway Example #4
H o w d o y o u c h a ng e p e r m i s s i o n s t o a l l t h e p r i n t e r s o n y o u r M i c r o s o f t P r i n t S e r v e r ? $security = get-printer -computer printsvr "HPTEST" -full
get-printer * -computer printsvr | Foreach-Object {set-printer $_.name -computer printsvr -PermissionSDDL
$security.PermissionSDDL}
Parkway Example #5
H o w d o y o u c h e c k t o s e e i f y o u r u s e r s h a v e a n a c t u a l h o m e d i r e c t o r y a n d f i x i t i f they d o n o t ? $OUs = @("OU=Grade06,OU=mid,OU=students,DC=local,DC=com", "OU=Grade07,OU=mid,OU=students,DC=local,DC=com",
"OU=Grade08,OU=mid,OU=students,DC=local,DC=com")
Foreach ($OU in $OUs){
$users = Get-ADUser -Filter * -SearchBase $OU -Properties * | Select-Object sAMAccountName, HomeDirectory
Foreach ($user in $users)
{
$u = $user.sAMAccountName
$h = $user.HomeDirectory
if(-not(Test-Path -Path $h))
{
$u | out-file c:\midmissing.txt -Append
new-item -Path $h –type directory
$acl = Get-Acl $h
$permission = "Local\$u","Modify", "ContainerInherit, ObjectInherit", "None", "Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $h
}
else {continue}}}
Additional Resources
• Microsoft Virtual Academy
• Getting Started with PowerShell 3.0 Jump Start
• Advanced Tools & Scripting with PowerShell 3.0 Jump Start
• Using PowerShell for Active Directory
• Powershell.org
• Learn Windows PowerShell In A Month Of Lunches
• Saint Louis University Workforce Center
• Automating Administration with Windows PowerShell
Download