Showing posts with label PowerShell. Show all posts

by Chet Hosmer

Longs, SC, USA

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 223 p
 File Size 
 10,867 KB
 File Type
 PDF format
 ISBN-13 (electronic) 
 ISBN-13 (pbk)
 2019 by Chet Hosmer

About the Author
Chet Hosmer is the founder of Python
Forensics, Inc., a nonprofit organization focused on the collaborative development
of open-source investigative technologies using Python and other popular scripting
languages. Chet has been researching and developing technology and training
surrounding forensics, digital investigation, and steganography for decades. He has made
numerous appearances to discuss emerging cyber threats, including
National Public Radio’s Kojo Nnamdi Show, ABC’s Primetime Thursday,
and ABC News (Australia). He has also been a frequent contributor to
technical and news stories relating to cybersecurity and forensics with
IEEE, The New York Times, The Washington Post, Government Computer
News,, and Wired magazine.

Chet is the author of Defending IoT Infrastructures with the Raspberry
Pi (Apress, 2018), Passive Python Network Mapping (Syngress, 2015),
Python Forensics (Syngress, 2014), and Integrating Python with Leading
Computer Forensics Platforms (Syngress, 2016). He coauthored Data
Hiding (Syngress, 2012) with Mike Raggo and Executing Windows
Command Line Investigation (Syngress, 2016) with Joshua Bartolomie and Rosanne Pelli.

Chet serves as a visiting professor at Utica College in the Cybersecurity
graduate program, where his research and teaching focus on advanced
steganography/data hiding methods and the latest active cyber defense
methods and techniques. Chet is also an adjunct professor at Champlain
College, where his research and teaching focus on applying Python
and other scripting languages to solve challenging problems in digital
investigation and forensics.

Chet resides in the Grand Strand area of South Carolina with his wife
Janet, son Matthew, two Labrador Retrievers (Bailey and Vinny), and feline
tenants Lucy, Rosie, and Evander.

About the Technical Reviewer
Gary C. Kessler, PhD, CCE, CISSP, is a
Professor of Cybersecurity and Chair of the Security Studies & International
Affairs Department at Embry-Riddle Aeronautical University in Daytona Beach,
Florida. His academic background is in mathematics and computer science, and
his research interests include network protocols, digital forensics, and cybersecurity
management and policy, particularly related to maritime and aviation. Gary is also an adjunct
professor at Edith Cowan University (Perth, WA) and American Marine
University (Sarasota, FL).

Gary started the undergraduate and graduate digital forensics
programs at Champlain College (Burlington, VT) and has been affiliated
with the National Internet Crimes Against Children (ICAC) program and
Vermont, Northern Florida, and Hawaii Task Forces since 1999. He is also
a frequent speaker at national and international conferences, notably the
annual National Cyber Crime Conference.

Gary is also a member of the advisory board of the Maritime and Port
Security Information Sharing & Analysis Organization (MPS_ISAO), holds
a USCG master merchant mariner certificate, and is a Master SCUBA Diver
Trainer. More information about Gary can be found at

The endeavor to integrate PowerShell and Python came about a couple
of years ago. I was providing training for a large utility and began by
teaching the members of the secure operations center, or SOC, on how to
apply Python scripts during investigations and incident response. A few
months later, they asked for similar training – this time using PowerShell
as the scripting engine for the SOC team. Based on this, I quickly realized
that PowerShell was perfect for acquisition of information across the
enterprise, and Python was good at performing analysis of data that had
been acquired by other tools.

Now, of course, PowerShell advocates will say that PowerShell
scripts can be developed to perform detailed analysis. Likewise,
Python advocates will say Python scripts can be developed to perform
very capable evidence acquisition. I agree with both advocates – but
only to a point. The real question is… if we combine the best of both
environments, does 1 + 1 = 2 or does 1 + 1 = 11? I believe that the answer
falls somewhere in the middle.

Thus, the purpose of the book along with the research and
experimentation that went into it was to build a model, in fact two models,
to integrate and leverage the best capabilities of Python and PowerShell
and apply the result to digital investigation. It is important to note that
this is a work in progress. I believe that the continued development of
advanced PowerShell and Python capabilities that leverage the models
provided here has great potential and should be pursued.

Therefore, I encourage you to experiment with the models that I have
presented here and use them to develop new solutions that are desperately
needed to acquire and analyze evidence collected before, during, and after
a cyber incident, a cyber breach, as well as physical or cybercrimes. I also
encourage you to share your work and innovations with others in our field
to benefit those that fight cybercrime every day.

Table of Contents
About the Author ....ix
About the Technical Reviewer ...xi
Acknowledgments .......xiii
Introduction ......xv
Chapter 1: An Introduction to PowerShell for Investigators  1
A Little PowerShell History 2
How Is PowerShell Used Today? 3
How Do You Experiment with PowerShell?  3
Navigating PowerShell ISE 3
PowerShell CmdLets 7
What Is a CmdLet?  7
Introduction to Some Key CmdLets  8
Challenge Problems: Investigative CmdLets to Explore  18
Challenge One: Executing a “Find” Based on File Extension  18
Challenge Two: Examining Network Settings  19
Challenge Three: Examining Firewall Settings  20
Challenge Four: Your Chance to Explore  20
Summary  20
Chapter 2: PowerShell Pipelining . .23
What Is CmdLet Pipelining?  23
Example 1: Get-Service  23
Example 2: Get-Process  27
Adding a Transcript to Track Your Activities  37
Challenge Problem: CmdLet Experimentation  41
Summary 43
Chapter 3: PowerShell Scripting Targeting Investigation ...45
Basic Facts About PowerShell Scripts  46
Example 1: The EventProcessor PowerShell Script  46
EventLog CmdLets  47
Retrieving More Specific Eventlog Information  49
Creating the Script  50
EventProcessor Get-Help Result  62
EventProcessor Script Execution  66
Resulting Directory  67
HTML Output Report  67
Remote Access  68
Example 2: USB Device Usage Discovery  70
Create the Script  72
USBAcquire Script Execution  83
USBAcquire Get-Help Result  84
Challenge Problem: Create File Inventory List with Hashes  85
Summary  86
Chapter 4: Python and Live Investigation/Acquisition  ...89
What Is “By Example”?  90
Directing PowerShell with Python  91
Launching PowerShell CmdLets from Python  94
Creating a System Files Baseline with PowerShell and Python   97
Overview of Python Execution with PowerShell  117
Challenge Problem: Perform Remote Script Execution  118
Summary  119
Chapter 5: PowerShell/Python Investigation Example  ..121
Enable PowerShell Remoting  122
Gathering and Analyzing Remote Evidence  126
Invoking Remote Access  130
Building a PowerShell Script for DnsCache Acquisition  131
Python Script and PowerShell CacheAquire Script  136
Overview of Client DNS Cache Acquisition and Search  144
Challenge Problem: Multiple Target Computer DNSCache Acquisition  144
Summary  145
Chapter 6: Launching Python from PowerShell . .147
Reversing Roles from PowerShell to Python  147
Examine the PowerShell Script  148
Examine the Corresponding Python Script  149
Executing the Combined PowerShell to Python Scripts  150
Extracting Possible Proper Names from Text Documents  150
Examine the PowerShell Script  151
Examine the Corresponding Python ProperNames Script  153
Executing the Combined PowerShell to Python ProperNames Scripts  162
Extracting EXIF Data from Photographs  164
PowerShell Script  164 Python Script  166
Executing the Combined PowerShell to Python exifxtract Scripts  177
Summary  178
Chapter 7: Loose Ends and Future Considerations ...181
Loose Ends  181
Future Considerations  186
Summary  187
Appendix A: Challenge Problem Solutions  ..189
Chapter 1: Investigative CmdLets to Explore  190
Challenge One: Executing a “Find” Based on File Extension  190
Challenge Two: Examining Network Settings  192
Challenge Three: Examining Firewall Settings  193
Chapter 2: CmdLet Experimentation  194
Transcript of Commands and Responses  195
Chapter 3: Create File Inventory List with Hashes  203
Sample PowerShell Script Output  206
HTML Screenshots  206
Chapter 4: Perform Remote Script Execution  208
Example A: Acquire Remote Processes from PLUTO  209
Example B: Acquire Remote Services from PLUTO  210
Example C: Acquire Remote IP Configuration from PLUTO 211
Chapter 5: Multiple Target Computer DNSCache Acquisition  212
Index .................................................................................................213

e-books shop

Managing Director, Apress Media LLC: Welmoed Spahr
Acquisitions Editor: Susan McDermott
Development Editor: Laura Berendson
Coordinating Editor: Rita Fernando
Cover designed by eStudioCalamar
Cover image designed by Freepik (

Bruce Payette & Richard Siddaway

Brief Table of Contents

Brief Table of Contents
Table of Contents
Praise for the Second Edition
Praise for the First Edition
About this Book
About the Cover Illustration
Chapter 1. Welcome to PowerShell
Chapter 2. Working with types
Chapter 3. Operators and expressions
Chapter 4. Advanced operators and variables
Chapter 5. Flow control in scripts
Chapter 6. PowerShell functions
Chapter 7. Advanced functions and scripts
Chapter 8. Using and authoring modules
Chapter 9. Module manifests and metadata
Chapter 10. Metaprogramming with scriptblocks and dynamic code
Chapter 11. PowerShell remoting
Chapter 12. PowerShell workflows
Chapter 13. PowerShell Jobs
Chapter 14. Errors and exceptions
Chapter 15. Debugging
Chapter 16. Working with providers, files, and CIM
Chapter 17. Working with .NET and events
Chapter 18. Desired State Configuration Chapter
19. Classes in PowerShell
Chapter 20. The PowerShell and runspace APIs
PowerShell 6.0 for Windows, Linux, and macOS
List of Figures
List of Tables
List of Listings

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 938 p
 File Size 
 11,096 KB
 File Type
 PDF format
 2018 by Manning Publications Co 

About the Author
BRUCE PAYETTE is one of the founding members of the Windows PowerShell team. He is codesigner of the PowerShell language along with Jim Truher and the principal author of the
language implementation. He joined Microsoft in 2001 working on Interix, the POSIX
subsystem for Windows. Shortly after that, he moved to help found the PowerShell project. Prior
to joining Microsoft, he worked at various companies including Softway (the creators of Interix)
and MKS (producers of the MKS Toolkit) building UNIX tools for Windows. He lives in
Bellevue, Washington, with his wife, many computers, and two extremely over-bonded
codependent cats.

RICHARD SIDDAWAY has been using PowerShell since the early beta versions of PowerShell
v1. He has introduced PowerShell to many organizations while producing automation-based
solutions to their problems. He has written, and co-authored, a number of PowerShell books for
Manning including PowerShell in Practice, PowerShell and WMI, and PowerShell in Depth. His
books on Hyper-V and Active Directory contain many practical PowerShell examples. An active
blogger and speaker, Richard has also received Microsoft’s PowerShell MVP award for 10 years.

About the title
By combining introductions, overviews, and how-to examples, the In Action books are designed
to help learning and remembering. According to research in cognitive science, the things people
remember are things they discover during self-motivated exploration.
Although no one at Manning is a cognitive scientist, we are convinced that for learning to
become permanent it must pass through stages of exploration, play, and, interestingly, retelling
of what is being learned. People understand and remember new things, which is to say they
master them, only after actively exploring them. Humans learn in action. An essential part of an
In Action book is that it is example-driven. It encourages the reader to try things out, to play with
new code, and explore new ideas.
There is another, more mundane, reason for the title of this book: Our readers are busy. They use
books to do a job or solve a problem. They need books that allow them to jump in and jump out
easily and learn just what they want just when they want it. They need books that aid them in
action. The books in this series are designed for such readers.

About this Book
Windows PowerShell is the next-generation scripting environment created by Microsoft. It’s
designed to provide a unified solution for Windows scripting and automation, able to access the
wide range of technologies such as .NET, COM, and WMI through a single tool. Since its release
in 2006, PowerShell has become the central component of any Windows management solution.
In addition, due to PowerShell’s comprehensive support for .NET, it has broad application
potential outside of the system administration space. PowerShell can be used for text processing,
general scripting, build management, creating test frameworks, and so on. With PowerShell v6
being available on Linux and macOS as well as Windows, the benefits of PowerShell now
extend cross-platform bringing a unified approach to system management.

The authors have extensive experience with PowerShell. Bruce was one of the principal creators
of PowerShell. Richard has been using PowerShell since it first became available to apply
automation techniques to many organizations. Using many examples, both small and large, this
book illustrates the features of the language and environment and shows how to compose those
features into solutions, quickly and effectively.

Note that, because of the broad scope of the PowerShell product, this book has a commensurately
broad focus. It was not designed as a cookbook of pre-constructed management examples, like
how to deal with Active Directory or how to script Exchange. Instead it provides information
about the core of the PowerShell runtime and how to use it to compose solutions the “PowerShell
Way.” After reading this book, the PowerShell user should be able to take any example written
in other languages like C# or Visual Basic and leverage those examples to build solutions in

Who should read this book?
This book is designed for anyone who wants to learn PowerShell and use it well. Rather than
simply being a book of recipes to read and apply, this book tries to give the reader a deep
knowledge about how PowerShell works and how to apply it. 
All users of PowerShell should read this book.

So, if you’re a Windows sysadmin, this book is for you. If you’re a developer and you need to
get things done in a hurry, if you’re interested in .NET, or just if you like to experiment with
computers, PowerShell is for you and this book is for you.

Table of Contents
Brief Table of Contents
Table of Contents
Praise for the Second Edition
Praise for the First Edition Preface
About this Book
About the Cover Illustration
Chapter 1. Welcome to PowerShell
1.1. What is PowerShell?
1.1.1. Shells, command lines, and scripting languages
1.2. PowerShell example code
1.2.1. Navigation and basic operations
1.2.2. Basic expressions and variables
1.2.3. Processing data
1.2.4. Flow-control statements 
1.2.5. Scripts and functions
1.2.6. Remote administration
1.3. Core concepts
1.3.1. Command concepts and terminology
1.3.2. Commands and cmdlets
1.3.3. Command categories
1.3.4. Aliases and elastic syntax
1.4. Parsing the PowerShell language
1.4.1. How PowerShell parses
1.4.2. Quoting
1.4.3. Expression-mode and command-mode parsing
1.4.4. Statement termination
1.4.5. Comment syntax in PowerShell
1.5. How the pipeline works
1.5.1. Pipelines and streaming behavior
1.5.2. Parameters and parameter binding
1.6. Formatting and output
1.6.1. Formatting cmdlets
1.6.2. Outputter cmdlets
1.7. Summary
Chapter 2. Working with types
2.1. Type management in the wild, wild West
2.1.1. Types and classes
2.1.2. PowerShell: A type-promiscuous language
2.1.3. Type system and type adaptation
2.1.4. Finding the available types
2.2. Basic types and literals
2.2.1. String literals
2.2.2. Numbers and numeric literals
2.3. Collections: dictionaries and hashtables
2.3.1. Creating and inspecting hashtables
2.3.2. Ordered hashtables
2.3.3. Modifying and manipulating hashtables
2.3.4. Hashtables as reference types
2.4. Collections: arrays and sequences
2.4.1. Collecting pipeline output as an array
2.4.2. Array indexing
2.4.3. Polymorphism in arrays
2.4.4. Arrays as reference types
2.4.5. Singleton arrays and empty arrays
2.5. Type literals
2.5.1. Type name aliases
2.5.2. Generic type literals
2.5.3. Accessing static members with type literals
2.6. Type conversions
2.6.1. How type conversion works
2.6.2. PowerShell’s type-conversion algorithm
2.6.3. Special type conversions in parameter binding
2.7. Summary
Chapter 3. Operators and expressions
3.1. Arithmetic operators
3.1.1. Addition operator
3.1.2. Multiplication operator
3.1.3. Subtraction, division, and the modulus operators
3.2. Assignment operators
3.2.1. Multiple assignments
3.2.2. Multiple assignments with type qualifiers
3.2.3. Assignment operations as value expressions
3.3. Comparison operators
3.3.1. Scalar comparisons
3.3.2. Comparisons and case sensitivity
3.3.3. Using comparison operators with collections
3.4. Pattern matching and text manipulation
3.4.1. Wildcard patterns and the -like operator
3.4.2. Regular expressions
3.4.3. The -match operator
3.4.4. The -replace operator
3.4.5. The -join operator
3.4.6. The -split operator
3.5. Logical and bitwise operators
3.6. Where() and ForEach() methods
3.6.1. Where() method
3.6.2. ForEach() method
3.7. Summary
Chapter 4. Advanced operators and variables
4.1. Operators for working with types
4.2. Unary operators
4.3. Grouping and subexpressions
4.3.1. Subexpressions $( ... )
4.3.2. Array subexpressions @( ... )
4.4. Array operators
4.4.1. Comma operator
4.4.2. Range operator
4.4.3. Array indexing and slicing
4.4.4. Using the range operator with arrays
4.4.5. Working with multidimensional arrays
4.5. Property and method operators
4.5.1. Dot operator
4.5.2. Static methods and the double-colon operator
4.5.3. Indirect method invocation 
4.6.  Format operator
4.7. Redirection and redirection operators
4.8. Working with variables
4.8.1. Creating variables
4.8.2. Variable name syntax
4.8.3. Working with variable cmdlets
4.8.4. Splatting a variable
4.9. Summary
Chapter 5. Flow control in scripts
5.1. Conditional statement
5.2. Looping statements
5.2.1. while loop
5.2.2. do-while loop
5.2.3. for loop 
5.2.4. foreach loop
5.3. Labels, break, and continue
5.4. switch statement
5.4.1. Basic use of the switch statement
5.4.2. Using wildcard patterns with the switch statement
5.4.3. Using regular expressions with the switch statement 
5.4.4. Processing files with the switch statement
5.4.5. Using the $switch loop enumerator in the switch statement
5.5. Flow control using cmdlets
5.5.1. ForEach-Object cmdlet
5.5.2. Where-Object cmdlet
5.6. Statements as values
5.7. A word about performance
5.8. Summary
Chapter 6. PowerShell functions
6.1. Fundamentals of PowerShell functions
6.1.1. Passing arguments using $args
6.1.2. Example functions: ql and qs
6.2. Declaring formal parameters for a function
6.2.1. Mixing named and positional parameters
6.2.2. Adding type constraints to parameters
6.2.3. Handling variable numbers of arguments
6.2.4. Initializing function parameters with default values
6.2.5. Using switch parameters to define command switches
6.2.6. Switch parameters vs. Boolean parameters
6.3. Returning values from functions
6.3.1. Debugging problems in function output
6.3.2. The return statement
6.4. Using simple functions in a pipeline
6.4.1. Functions with begin, process, and end blocks
6.5. Managing function definitions in a session
6.6. Variable scoping in functions
6.6.1. Declaring variables
6.6.2. Using variable scope modifiers
6.7. Summary
Chapter 7. Advanced functions and scripts
7.1. PowerShell scripts
7.1.1. Script execution policy
7.1.2. Passing arguments to scripts
7.1.3. Exiting scripts and the exit statement
7.1.4. Scopes and scripts
7.1.5. Managing your scripts
7.1.6. Running PowerShell scripts from other applications
7.2. Writing advanced functions and scripts
7.2.1. Specifying script and function attributes
7.2.2. The CmdletBinding attribute
7.2.3. The OutputType attribute
7.2.4. Specifying parameter attributes
7.2.5. Creating parameter aliases with the Alias attribute
7.2.6. Parameter validation attributes
7.3. Dynamic parameters and dynamicParam
7.3.1. Steps for adding a dynamic parameter
7.3.2. When should dynamic parameters be used?
7.4. Cmdlet default parameter values
7.4.1. Creating default values
7.4.2. Modifying default values
7.4.3. Using scriptblocks to determine default value
7.5. Documenting functions and scripts
7.5.1. Automatically generated help fields
7.5.2. Creating manual help content
7.5.3. Comment-based help
7.5.4. Tags used in documentation comments
7.6. Summary
Chapter 8. Using and authoring modules
8.1. The role of a module system
8.1.1. Module roles in PowerShell
8.1.2. Module mashups: composing an application
8.2. Module basics
8.2.1. Module terminology
8.2.2. Modules are single-instance objects
8.3. Working with modules
8.3.1. Finding modules on the system
8.3.2. Loading a module
8.3.3. Removing a loaded module
8.4. Writing script modules
8.4.1. A quick review of scripts
8.4.2. Turning a script into a module
8.4.3. Controlling member visibility with Export-ModuleMember
8.4.4. Installing a module
8.4.5. How scopes work in script modules
8.4.6. Nested modules
8.5. Binary modules
8.5.1. Creating a binary module
8.5.2. Nesting binary modules in script modules
8.6. Summary
Chapter 9. Module manifests and metadata
9.1. Module folder structure 9.2.
Module manifest structure 9.3.
Production manifest elements
9.3.1. Module identity
9.3.2. Runtime dependencies
9.4. Construction manifest elements
9.4.1. The loader manifest elements
9.4.2. Module component load order
9.5. Content manifest elements
9.6. Advanced module operations
9.6.1. The PSModuleInfo object
9.6.2. Using the PSModuleInfo methods
9.6.3. The defining module vs. the calling module
9.6.4. Setting module properties from inside a script module
9.6.5. Controlling when modules can be unloaded
9.6.6. Running an action when a module is removed
9.7. Publishing a module to a PowerShell Gallery
9.7.1. A module to publish
9.7.2. PSData Packaging elements
9.7.3. Publishing a module 
9.7.4. Publishing module updates
9.8. Summary
Chapter 10. Metaprogramming with scriptblocks and dynamic code
10.1. Scriptblock basics
10.1.1. Invoking commands
10.1.2. Getting CommandInfo objects
10.1.3. The scriptblock literal 
10.1.4. Defining functions at runtime
10.2. Building and manipulating objects
10.2.1. Looking at members
10.2.2. Defining synthetic members
10.2.3. Using Add-Member to extend objects
10.2.4. Adding note properties with New-Object
10.3. Using the Select-Object cmdlet
10.4. Dynamic modules
10.4.1. Dynamic script modules
10.4.2. Closures in PowerShell
10.4.3. Creating custom objects from modules
10.5. Steppable pipelines
10.5.1. How steppable pipelines work
10.5.2. Creating a proxy command with steppable pipelines
10.6. A closer look at the type-system plumbing
10.6.1. Adding a property
10.6.2. Shadowing an existing property
10.7. Extending the PowerShell language
10.7.1. Little languages
10.7.2. Type extension
10.8. Building script code at runtime
10.8.1. The Invoke-Expression cmdlet
10.8.2. The ExecutionContext variable
10.8.3. The ExpandString() method
10.8.4. The InvokeScript() method
10.8.5. Mechanisms for creating scriptblocks
10.8.6. Creating functions using the function: drive
10.9. Compiling code with Add-Type
10.9.1. Defining a new .NET class: C#
10.9.2. Defining a new enum at runtime
10.9.3. Dynamic binary modules
10.10. Summary
Chapter 11. PowerShell remoting
11.1. PowerShell remoting overview
11.1.1. Commands with built-in remoting
11.1.2. The PowerShell remoting subsystem
11.1.3. Enabling remoting
11.1.4. Additional setup steps for workgroup environments
11.1.5. Authenticating the connecting user
11.1.6. Enabling remoting in the enterprise
11.2. Applying PowerShell remoting
11.2.1. Basic remoting examples
11.2.2. Adding concurrency to the examples
11.2.3. Solving a real problem: multi-machine monitoring
11.3. PowerShell remoting sessions and persistent connections
11.3.1. Additional session attributes
11.3.2. Using the New-PSSession cmdlet
11.3.3. Interactive sessions
11.3.4. Managing PowerShell sessions
11.3.5. Copying files across a PowerShell remoting session
11.4. Implicit remoting
11.4.1. Using implicit remoting
11.4.2. How implicit remoting works
11.5. Considerations when running commands remotely
11.5.1. Remote session startup directory 
11.5.2. Profiles and remoting
11.5.3. Issues running executables remotely
11.5.4. Using files and scripts
11.5.5. Using local variables in remote sessions
11.5.6. Reading and writing to the console
11.5.7. Remote output vs. local output
11.5.8. Processor architecture issues
11.6. Building custom remoting services
11.6.1. Working with custom configurations
11.6.2. Creating a custom configuration
11.6.3. Access controls and endpoints
11.6.4. Constraining a PowerShell session
11.7. PowerShell Direct
11.8. Summary
Chapter 12. PowerShell workflows
12.1. Workflow overview
12.1.1. Why use workflows
12.1.2. Workflow architecture
12.1.3. Your first workflow
12.1.4. Running a workflow
12.1.5. Cmdlets vs. activities
12.1.6. Workflow restrictions
12.2. Workflow keywords
12.2.1. Parallel 12.2.2.
Sequence 12.2.3.
InlineScript 12.2.4.
Foreach -parallel
12.3. Using workflows effectively
12.3.1. Workflow parameters
12.3.2. Variables in workflows
12.3.3. Nested workflows
12.4. Workflow cmdlets
12.4.1. Workflow execution options
12.4.2. Workflow sessions
12.4.3. Invoking as workflow
12.5. Summary
Chapter 13. PowerShell Jobs
13.1. Background jobs in PowerShell
13.1.1. The job commands
13.1.2. Working with the job cmdlets
13.1.3. Working with multiple jobs
13.1.4. Starting jobs on remote computers
13.1.5. Running jobs in existing sessions
13.1.6. Job types
13.2. Workflows as jobs
13.2.1. Checkpoints
13.2.2. Suspending workflows
13.2.3. Workflows and reboots
13.3. Scheduled jobs
13.3.1. Creating scheduled jobs
13.3.2. Modifying a scheduled job
13.3.3. Managing scheduled jobs
13.4. Summary
Chapter 14. Errors and exceptions
14.1. Error handling
14.1.1. ErrorRecords and the error stream
14.1.2. The $error variable and –ErrorVariable parameter
14.1.3. Determining whether a command had an error
14.1.4. Controlling the actions taken on an error
14.2. Dealing with errors that terminate execution
14.2.1. The try/catch/finally statement
14.2.2. The throw statement 
14.3. PowerShell and the event log
14.3.1. The EventLog cmdlets
14.3.2. Examining the PowerShell event log
14.3.3. Get-WinEvent
14.4. Summary
Chapter 15. Debugging
15.1. Script instrumentation
15.1.1. The Write* cmdlets
15.1.2. Writing events to the event Log
15.1.3. Catching errors with strict mode
15.1.4. Static analysis of scripts
15.2. Capturing session output
15.2.1. Starting the transcript
15.2.2. What gets captured in the transcript
15.3. PowerShell script debugging features
15.3.1. The Set-PSDebug cmdlet
15.3.2. Nested prompts and the Suspend operation
15.4. Command-line debugging
15.4.1. Working with breakpoint objects
15.4.2. Setting breakpoints on commands 15.4.3.
Setting breakpoints on variable assignment 15.4.4.
Debugger limitations and issues
15.5. Beyond scripts
15.5.1. Debugging PowerShell jobs
15.5.2. Debugging remote scripts
15.5.3. Debugging PowerShell runspaces
15.6. Summary
Chapter 16. Working with providers, files, and CIM
16.1. PowerShell providers
16.1.1. PowerShell core cmdlets
16.1.2. Working with PSDrives
16.1.3. Working with paths
16.1.4. The Registry provider
16.2. Files, text, and XML
16.2.1. File processing
16.2.2. Unstructured text
16.2.3. XML structured text processing
16.2.4. Converting text output to objects
16.3. Accessing COM objects
Creating COM objects
Identifying and locating COM classes
Automating Windows with COM Using
Microsoft Word for spell checking Issues
with COM
16.4. Using CIM
16.4.1. The CIM cmdlets
16.4.2. CIM sessions
16.5. Summary
Chapter 17. Working with .NET and events
17.1. .NET and PowerShell
17.1.1. Using .NET from PowerShell
17.1.2. PowerShell and GUIs
17.2. Real-time events
17.2.1. Foundations of event handling
17.2.2. Synchronous events
17.2.3. Asynchronous events
17.2.4. Working with asynchronous .NET events
17.2.5. Asynchronous event handling with scriptblocks
17.2.6. Automatic variables in the event handler 17.2.7.
Dynamic modules and event handler state 17.2.8.
Queued events and the Wait-Event cmdlet 17.2.9.
Working with CIM events
17.2.10. Class-based CIM event registration
17.2.11. Engine events
17.2.12. Generating events in functions and scripts
17.2.13. Remoting and event forwarding
17.2.14. How eventing works
17.3. Summary
Chapter 18. Desired State Configuration
18.1. DSC model and architecture
18.1.1. The need for configuration management
18.1.2. Desired State Configuration model
18.1.3. DSC architecture
18.2. Push mode to a single node
18.2.1. Create configuration
18.2.2. MOF file contents
18.2.3. Applying the configuration
18.2.4. Testing the configuration application
18.2.5. Viewing the current configuration
18.2.6. Removing a configuration
18.3. Pushing to multiple nodes
18.3.1. Parameterizing the computer name
18.3.2. Using configuration data
18.3.3. Configuration data and roles
18.3.4. Issues with push mode
18.4. DSC in pull mode
18.4.1. Pull server architecture
18.4.2. Creating a pull server
18.4.3. Publishing a MOF file
18.5. Configuring the Local Configuration Manager
18.5.1. LCM settings
18.5.2. Configuring LCM to use a pull server
18.6. Partial configurations
18.6.1. Partial configurations: yes or no
18.6.2. Pushing partial configurations
18.6.3. Pulling partial configurations
18.7. Summary
Chapter 19. Classes in PowerShell
19.1. Writing classes in PowerShell
19.1.1. Using properties in a PowerShell class
19.1.2. Class member attributes
19.1.3. PowerShell enumerations
19.2. Methods in PowerShell classes
19.2.1. Method basics
19.2.2. Static methods
19.2.3. Instance methods
19.2.4. Method overloads
19.2.5. Hidden methods
19.2.6. Constructors in PowerShell classes
19.3. Extending existing classes
19.3.1. Creating a derived class
19.3.2. Overriding members on the base class
19.3.3. Extending .NET classes
19.4. Classes, modules, using, and namespaces
The using assembly pattern
The using namespace pattern
The using module pattern
Using modules and namespaces
19.5. Writing class-based DSC resources
19.6. Summary
Chapter 20. The PowerShell and runspace APIs
20.1. PowerShell API basics
20.1.1. Multi-command pipelines
20.1.2. Building pipelines incrementally
20.1.3. Handling execution errors
20.1.4. Adding scripts and statements
20.2. Runspaces and the PowerShell API
20.2.1. Existing runspaces and isolated execution
20.2.2. Creating runspaces
20.2.3. Using runspaces for concurrency
20.3. Runspace pools
20.4. Out-of-process runspaces
20.5. Remote runspaces
20.5.1. Sessions and runspaces
20.5.2. Creating remote runspaces
20.6. Managing runspaces
20.7. Summary
PowerShell 6.0 for Windows, Linux, and macOS
The PowerShell open source project
.NET Core Installing
on Windows
PowerShell on Linux and macOS
Known issues
Using PowerShell v6 on Linux
PowerShell remoting and Linux
DSC and Linux
Installing DSC for Linux
Using DSC for Linux
List of Figures
List of Tables
List of Listings

e-books shop

Praise for the Second Edition
First he wrote the language, then he wrote the book.
Jeffrey Snover, Microsoft
Really understanding a scripting language means getting inside the heads of the designers
and developers. Windows PowerShell in Action makes that possible in one really
informative and entertaining book.
Jason Zions, Microsoft
Unleashes the power in PowerShell.
Sam Abraham, SISCO
Who better than the lead language designer to provide the definitive reference on the
PowerShell language!
Keith Hill, Agilent Technologies
If you like to learn by example, there is no better example of examples than Payette’s
incredible book.
Oisin Grehan, .NET Solution Architect & Microsoft PowerShell MVP

Praise for the First Edition
The book on PowerShell. It has all the secrets.
James Truher, PowerShell Program Manager, Microsoft
If all it had going for it was the authoritative pedigree of the writer, it might be worth it, but
it’s also well-written, well-organized, and thorough, which I think makes it invaluable as
both a learning tool and a reference. encyclopedic tome of PowerShell scripting bringing the reader through the basics with
simple shell scripts through powerful and flexible scripts any Windows systems
administrator will find immediately useful.
[It gives you] inside information, excellent examples, and a colorful writing style.
Marc van Orsouw (MOW), PowerShell MVP

Automate manual administrative tasks with ease

Thomas Lee

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 651 p
 File Size 
 31,058 KB
 File Type
 PDF format
 2017 Packt Publishing  

About the Author
Thomas Lee is a consultant/trainer/writer from England and has been in the IT business
since the late 1960's. After graduating from Carnegie Mellon University, Thomas joined
ComShare where he was a systems programmer building the Commander II time-sharing
operating system, a forerunner of today's Cloud computing paradigm. He moved to
Comshare UK in 1975 and later went to work for ICL, again developing operating systems.
After a sabbatical in 1980/81, he joined Arthur Andersen Management Consultants (now
known as Accenture). He left in 1988 to run his own consulting and training business,
which is still active today.
Thomas holds numerous Microsoft certifications, including MCSE (one of the first in the
world) and later versions, MCT (22 years), and was awarded Microsoft's MVP award 17
times. He is also a Fellow of the British Computer Society. He has written extensively for
the UK trade press, including PC Pro.
Today, Thomas writes and talks mainly on PowerShell and Azure. He currently works for a
number of clients to deliver training and to build training courses. Having traveled the
world, he entered semi-retirement in 2016 and is spending more time at his cottage in the
English countryside, along with his wife, Susan, and their daughter, Rebecca. He continues
to give back to the community and spends a lot of time as group administrator for the
PowerShell forum on Spiceworks, where he is also a Moderator.

About the Reviewer
Mike F. Robbins is a Microsoft MVP on Windows PowerShell and a SAPIEN Technologies
MVP. He is a co-author of Windows PowerShell TFM 4th Edition and is a contributing author
of a chapter in the PowerShell Deep Dives book. Mike has written guest blog articles for the
Hey, Scripting Guy! blog, PowerShell Magazine, and He is the winner of
the advanced category in the 2013 PowerShell Scripting Games. Mike is also the leader and
co-founder of the Mississippi PowerShell User Group. He blogs at and
can be found on Twitter at @mikefrobbins.

PowerShell was first introduced to the world at the Professional Developer's conference in
Los Angles in 2003 by Jeffrey Snover. Code named Monad, it represented a complete
revolution in management. A white paper written around that time, The Monad Manifesto
amazing analysis of the problem at the time of managing large number of Windows
systems. A key takeaway—the GUI does not scale, whereas PowerShell does.

PowerShell has transformed managing of complex, network-based Windows infrastructure
and increasingly non-Windows infrastructure. Knowledge of PowerShell and how to get
the most from PowerShell is now obligatory for any IT Pro job—the adage being Learn
PowerShell or learn Golf.

This book takes you through the use of PowerShell in a variety of scenarios using many of
the rich set of features included in Windows Server 2016. This preface provides you with an
introduction to what is in the book and some tips on how to get the most out of the content.

Table of Contents
Preface 1
Chapter 1: What's New in PowerShell and Windows Server 11
Introduction 11
Exploring Remote Server Administration Tools (RSAT) 12
How to do it... 12
How it works... 14
There's more... 18
Discovering new cmdlets in PowerShell 4 and Windows Server 2012 R2 18
New cmdlets 19
How to do it... 19
How it works... 20
There's more... 22
Discovering new cmdlets in PowerShell 5/5.1 and Windows Server 2016 22
Getting ready 23
PowerShellGet module 23
PackageManagement module 23
Microsoft.PowerShell.Archive module 23
Microsoft.PowerShell.Utility module 23
Other new modules 24
Other new cmdlets 25
How to do it... 25
How it works... 28
There's more... 32
Exploring PowerShellGet 32
How to do it... 32
How it works... 36
There's more... 43
Exploring PackageManagement 43
How to do it... 44
How it works... 47
There's more... 51
Creating an internal PowerShell repository 51
How to do it... 52
How it works... 56
There's more... 57
Chapter 2: Implementing Nano Server 58
Introduction 58
Deploying a Nano Server in a VM 58
Getting ready 59
How to do it... 59
How it works... 61
There's more... 64
Connecting to and managing a Nano Server 64
Getting ready 65
How to do it... 65
How it works... 68
There's more... 79
Installing features with Nano Server packages 80
Getting ready 80
How to do it... 81
How it works... 83
There's more... 88
Chapter 3: Managing Windows Updates 91
Introduction 91
Installing Windows Server Update Services 92
Getting ready 92
How to do it... 92
How it works... 94
There's more... 99
Configuring WSUS update synchronization 100
Getting ready 100
How to do it... 100
How it works... 103
There's more... 106
Configuring the Windows Update client 106
Getting ready 106
How to do it... 106
How it works... 108
There's more... 109
Creating computer target groups 109
Getting ready 110
How to do it... 110
How it works... 110
There's more... 111
Configuring WSUS auto-approvals 112
Getting ready 112
How to do it... 112
How it works... 113
There's more... 114
Managing updates 115
Getting ready 115
How to do it... 115
How it works... 117
There's more... 120
Chapter 4: Managing Printers 121
Introduction 121
Installing and sharing printers 122
Getting ready 122
How to do it... 122
How it works... 123
Publishing a printer 125
Getting ready 125
How to do it... 125
How it works... 126
There's more... 126
Changing the spool directory 128
Getting ready 128
How to do it... 128
How it works... 130
Changing printer drivers 131
Getting ready 131
How to do it... 132
How it works... 132
Printing a test page on a printer 133
Getting ready 133
How to do it... 133
How it works... 134
Reporting on printer security 135
Getting ready 135
How to do it... 135
How it works... 137
Modifying printer security 137
Getting ready 138
How to do it... 138
How it works... 139
Deploying shared printers 139
Getting ready 140
How to do it... 145
How it works... 147
There's more... 147
Enabling Branch Office Direct Printing 147
Getting ready 148
How to do it... 148
How it works... 149
There's more... 150
Creating a printer pool 150
Getting ready 150
How to do it... 150
How it works... 151
Reporting on printer usage 152
Getting ready 153
How to do it... 153
How it works... 154
There's more... 155
Chapter 5: Managing Server Backup 156
Introduction 156
Configure and set backup policy 158
Getting ready 158
How to do it... 159
How it works... 160
There's more... 164
Examine the results of a backup 164
Getting ready 165
How to do it... 165
How it works... 166
There's more... 169
Initiate a backup manually 169
Getting ready 169
How to do it... 170
How it works... 171
There's more... 173
Restore files and folders 173
Getting ready 174
How to do it... 175
How it works... 176
There's more... 178
Backup and restore a Hyper-V Virtual Machine 178
Getting ready 178
How to do it... 178
How it works... 180
There's more... 185
Backup and perform bare metal recovery 186
Getting ready 186
How to do it... 186
How it works... 189
There's more... 202
Restore the registry from a backup 202
Getting ready 202
How to do it... 203
How it works... 207
There's more... 209
Create a daily backup report 210
Getting ready 210
How to do it... 210
How it works... 213
There's more... 214
Backup and restore using Microsoft Azure 215
Getting ready 215
How to do it... 215
How it works... 219
There's more... 226
Chapter 6: Managing Performance 227
Introduction 227
Explore performance counters with Get-Counter 229
Getting ready 229
How to do it... 230
How it works... 231
There's more... 235
Explore performance counters using CIM cmdlets 236
Getting ready 237
How to do it... 237
How it works... 238
There's more... 241
Configuring and using Data Collector Sets 242
Getting ready 242
How to do it... 243
How it works... 244
There's more... 246
Reporting on performance data 247
Getting ready 247
How to do it... 247
How it works... 248
There's more... 249
Generating performance monitoring graph 250
Getting ready 250
How to do it... 250
How it works... 251
There's more... 253
Creating a system diagnostics report 253
Getting ready 253
How to do it... 253
How it works... 254
There's more... 255
Chapter 7: Troubleshooting Windows Server 2016 256
Introduction 256
Checking network connectivity 257
Getting ready 258
How to do it... 258
How it works... 259
There's more... 262
Using troubleshooting packs 263
Getting ready 263
How to do it... 263
How it works... 264
There's more... 267
Use best practice analyzer 267
Getting ready 268
How to do it... 268
How it works... 270
There's more... 273
Managing event logs 274
Getting ready 274
How to do it... 275
How it works... 276
There's more... 280
Forward event logs to a central server 280
Getting ready 281
How to do it... 281
How it works... 284
There's more... 287
Chapter 8: Managing Windows Networking Services 288
Introduction 289
New ways to do old things 291
Getting ready 291
How to do it... 292
How it works... 293
There's more... 297
Configuring IP addressing 298
Getting ready 299
How to do it... 299
How it works... 300
There's more... 302
Converting IP address from static to DHCP 302
Getting ready 302
How to do it... 303
How it works... 303
There's more... 304
Installing domain controllers and DNS 304
Getting ready 305
How to do it... 305
How it works... 306
There's more... 309
Configuring zones and resource records in DNS 310
Getting ready 310
How to do it... 311
How it works... 312
There's more... 314
Installing and authorizing a DHCP server 315
Getting ready 315
How to do it... 316
How it works... 316
There's more... 317
Configuring DHCP scopes 318
Getting ready 318
How to do it... 318
How it works... 319
There's more... 320
Configuring DHCP server failover and load balancing 320
Getting ready 321
How to do it... 321
How it works... 322
There's more... 323
Building a public key infrastructure 323
Getting ready 323
How to do it... 324
How it works... 329
There's more... 337
Creating and managing AD users, groups, and computers 338
Getting ready 339
How to do it... 339
How it works... 341
There's more... 344
Adding users to AD using a CSV file 345
Getting ready 345
How to do it... 345
How it works... 346
There's more... 346
Reporting on AD users 347
Getting ready 347
How to do it... 347
How it works... 349
There's more... 350
Finding expired computers in AD 350
Getting ready 350
How to do it... 350
How it works... 351
There's more... 351
Creating a privileged user report 352
Getting ready 352
How to do it... 352
How it works... 354
There's more... 356
Chapter 9: Managing Network Shares 357
Introduction 357
Securing your SMB file server 359
Getting ready 359
How to do it... 359
How it works... 360
There's more... 361
Creating and securing SMB shares 362
Getting ready 362
How to do it... 362
How it works... 364
There's more... 365
Accessing SMB shares 365
Getting ready 366
How to do it... 366
How it works... 367
There's more... 370
Creating an iSCSI target 370
Getting ready 371
How to do it... 371
How it works... 372
There's more... 373
Using an iSCSI target 374
Getting ready 374
How to do it... 374
How it works... 375
There's more... 377
Creating a scale-out SMB file server 378
Getting ready 378
How to do it... 378
How it works... 380
There's more... 383
Configuring a DFS Namespace 383
Getting ready 385
How to do it... 385
How it works... 389
There's more... 393
Configuring DFS Replication 394
Getting Ready 395
How to do it... 395
How it works... 400
There's more... 405
Chapter 10: Managing Internet Information Server 406
Introduction 406
Installing IIS 407
Getting ready 407
How to do it... 407
How it works... 408
There's more... 412
Configuring IIS for SSL 413
Getting ready 414
How to do it... 414
How it works... 415
There's more... 416
Managing TLS cipher suites 417
Getting ready 417
How to do it... 417
How it works... 418
There's more... 419
Configuring a central certificate store 420
Getting ready 420
How to do it... 420
How it works... 423
Configuring IIS bindings 424
Getting ready 425
How to do it... 425
How it works... 426
There's more ... 427
Configuring IIS logging and log files 427
Getting ready 428
How to do it... 428
How it works... 429
There's more... 431
Managing applications and application pools 431
Getting ready 433
How to do it... 433
How it works... 434
There's more... 436
Managing and monitoring network load balancing 436
Getting ready 437
How to do it... 437
How it works... 439
There's more... 442
Chapter 11: Managing Hyper-V 443
Introduction 443
Installing and configuring Hyper-V feature 444
Getting ready 444
How to do it... 445
How it works... 446
There's more... 448
Using Windows PowerShell Direct 450
Getting ready 450
How to do it... 450
How it works... 451
There's more... 452
Securing Hyper-V host 453
Getting ready 453
How to do it... 453
How it works... 455
There's more... 456
Create a virtual machine 457
Getting ready 457
How to do it... 457
How it works... 458
There's more... 461
Configuring VM hardware 461
Getting ready 462
How to do it... 462
How it works... 463
There's more... 465
Configuring Hyper-V networking 466
Getting ready 466
How to do it... 466
How it works... 468
There's more... 470
Implementing nested Hyper-V 471
Getting ready 472
How to do it... 472
How it works... 473
There's more... 475
Managing VM state 475
Getting ready 475
How to do it... 476
How it works... 477
There's more... 479
Configuring VM and storage movement 479
Getting ready 480
How to do it... 480
How it works... 482
There's more... 484
Configuring VM replication 484
Getting ready 485
How to do it... 485
How it works... 487
There's more... 490
Managing VM checkpoints 492
Getting ready 493
How to do it... 493
How it works... 495
There's more... 499
Monitoring Hyper-V utilization and performance 500
Getting ready 500
How to do it... 501
How it works... 502
There's more... 504
Creating a Hyper-V health report 504
Getting ready 505
How to do it... 505
How it works... 507
There's more... 509
Chapter 12: Managing Azure 510
Introduction 510
Using PowerShell with Azure 512
Getting ready 515
How to do it... 515
How it works... 517
There's more... 522
Creating Core Azure Resources 523
Getting Ready 523
How to do it... 524
How it works... 524
There's more... 526
Exploring your storage account 526
Getting ready 529
How to do it... 529
How it works... 531
There's more... 533
Creating Azure an SMB File Share 534
Getting ready 535
How to do it... 535
How it works... 537
There's more... 539
Creating and using websites 540
Getting ready 540
How to do it... 541
How it works... 543
There's more... 547
Creating and using Azure virtual machines 547
Getting ready 549
How to do it... 549
How it works... 553
There's more... 558
Chapter 13: Using Desired State Configuration 560
Introduction 560
Using DSC and built-in resources 563
Getting ready 563
How to do it... 564
How it works... 565
There's more... 570
Parameterizing DSC configuration 571
Getting ready 572
How to do it... 572
How it works... 574
There's more... 576
Finding and installing DSC resources 576
Getting ready 577
How to do it... 577
How it works... 578
There's more... 581
Using DSC with PSGallery resources 581
Getting ready 582
How to do it... 584
How it works... 585
There's more... 587
Configuring Local Configuration Manager 588
Getting ready 588
How to do it... 589
How it works... 590
There's more... 592
Implementing a SMB pull server 592
Getting ready 593
How to do it... 593
How it works... 595
There's more... 597
Implementing a DSC web-based pull server 597
Getting ready 597
How to do it... 598
How it works... 601
There's more... 607
Using DSC partial configurations 607
Getting ready 608
How to do it... 608
How it works... 614
There's more... 621
Index 622

e-books shop

What you need for this book
To get the most out of this book, you need to experiment with the code contained in the
recipes. To avoid errors impacting live production servers, you should instead use
virtualization to create a test lab, where mistakes do not cause any serious damage. This
book uses a variety of servers within a single Reskit.Org domain containing multiple
servers, and using an IP address block of 10.10.10/24 described in Getting the most from this book.

Ideally, you should have a Windows 10 or Windows Server 2016 host with virtualization
capabilities and use a virtualization solution. If you have access to a cloud computing
platform, then you could perform most of the recipies in cloud-hosted virtual machines
although that has not been tested. You can use any virtualization.
The book was developed using Hyper-V and nested Hyper-V on Windows 10 Creator's
Update and Windows Server 2016. More details of the servers are contained in the preface
and each recipe.

Who this book is for
This book is aimed at IT Pros, including system administrators, system engineers, as well as
architects and consultants who need to leverage PowerShell to simplify and automate their daily tasks.
Loading... Protection Status