Don’t miss Scripting Guys Security week where i’ll present
5 different articles regarding PowerShell and Security.
[?]
PowerShell Security Week
1
PowerShell V3 Geek Week
Labcenter is hosting a PowerShell V3 Geek Week June, 11 to June, 15 in Stockholm, Sweden.
The course covers new features in Windows PowerShell V 3.0, and a large number of techniques you can use to automate your Windows environments. If you are you working on Microsoft platforms and want to be in the forefront with the latest technology from Microsoft, this is a lab you just can’t miss.
If your interested in taking the course, check out this link: http://www.labcenter.se/Labs#lab=Windows_PowerShell_V3_Geekweek
[?]
Branding your SharePoint Sites
Branding your SharePoint Site and adding your custom masterpage, stylesheet, logo and favicon is fun and, thanks to Thomas Balkeståhl, its also rather simple.
Thomas has done a great job releasing a SharePoint 2010 Branding Project that helps you brand your SharePoint 2010 sites. And the best part: It’s free
[?]
2W – Pentest & Security – with a touch of PowerShell
Yesterday I did a presentation on Pentesting & PowerShell togheter with Security MVP Hasain Alshakarti. We demonstrated how you can use use PowerShell instead of third-party applications when performing pentests. We also talked about how to secure your environment.
Click here to download the presentation: 2W-Pentest-PowerShell (It’s in Swedish, Bork, bork, bork!)[?]
System Center Virtual Machine 2012, Orchestrator 2012 and PowerShell.
Windows PowerShell offers great administrative possibilities when working with the System Center products. In this blogpost we’ll take a closer look at Virtual Machine Manager 2012 and Orchestrator 2012.
Virtual Machine Manager
Virtual Machine Manager includes a module, virtualmachinemanager, which you can import and gain access to the Virtual Machine Manager CmdLets (PowerShell commands). The example below demonstrates how to import the module.
PS > Import-Module virtualmachinemanager
The module includes alot of CmdLets that we can use to automate Virtual Machine Manager. We can find out the number of CmdLets by combining Get-Command and Measure-Object as shown below.
PS > Get-Command -Module virtualmachinemanager | Measure-Object Count : 442 Average : Sum : Maximum : Minimum : Property :
Notice how the Count property displays that we have 442 CmdLets to play with .
Let’s move on with some scenarios.
Finding duplicate MAC Addresses
Using Windows PowerShell simplifies process when checking for duplicate MAC Addresses in your Virtual Machine Manager environment. Instead of manually clicking on each Virtual Machine, typing the MAC Address in Excel, and finally using Excel to look for duplicate Addresses you could simply type:
PS > Get-SCVirtualMachine -VmHost Host01 | Select-Object -ExpandProperty VirtualNetworkAdapters | Group-Object MACAddress
Count Name Group
----- ---- -----
1 00:23:5D:0B:1A:A2 {SRV01}
1 00:1D:D7:A7:34:0B {SRV02}
2 00:1D:D1:B2:2C:07 {SRV03, SRV04}
The example demonstrates that we have two Virtual Machines with duplicate MAC Addresses.
Finding Virtual Machine Operating System
Another simple task that we can perform using Windows PowerShell is finding the most common used Operating Systems in our Virtual Machine environment.
PS > Get-SCVirtualMachine -VmHost Host02 | Group-Object OperatingSystem | Sort Count -Descending | Select Name, Count Name Count ---- ----- 64-bit edition of Windows Server 2008 R2 Enterprise 10 Unknown 3 Windows 7 1
The example above demonstrates how to display the most commonly used OperatingSystems on the Host: Host02.
Creating Virtual Machines using a template
When creating new virtual machines we can click on “Create Virtual Machine” in the Virtual Machine Manager Console and simply follow the wizard. However, if you want to automate this process using Windows PowerShell, the wizard also offers autogenerated powershell code which we can simply copy-paste and reuse. Simply follow the wizard until you get to the summary page. notice the “View Script” button in the lower right corner.
Simply click on “View Script”, copy the autogenerated code, and modify it to fit your needs.
Finding Checkpoints
Finding Checkpoints and when Checkpoints where added is a real simple task using Windows PowerShell. Simply use the Get-SCVirtualMachine CmdLet, pipe the objects to Select-Object expand the VMCheckpoints property, and display the VM Name and AddedTime as shown below.
PS > Get-SCVirtualMachine -VmHost Host02 | Select-Object -ExpandProperty VMCheckpoints | Select-Object VM, AddedTime VM AddedTime -- --------- SRV01 2012-02-12 18:27:43 SRV01 2012-02-23 22:59:05 SRV02 2012-02-23 23:25:14 SRV02 2011-08-01 10:31:40 SRV03 2012-01-29 21:12:27 SRV03 2012-02-23 22:24:07 SRV04 2012-01-29 21:11:42 SRV04 2012-02-23 22:24:00
Dynamic MAC Addresses
To find Virtual Machines that use Dynamic MAC Addresses we can use the Get-SCVirtualMachine CmdLet, expand the VirtualNetworkAdapters and filter out the MAC Addresses where the MACAddressType is equal to dynamic.
PS > Get-SCVirtualMachine -VmHost Host02 | Select-Object -ExpandProperty VirtualNetworkAdapters |
Where-Object { $_.MACAddressType -eq "Dynamic" } | Measure-Object
Count : 2
Average :
Sum :
Maximum :
Minimum :
Property :
To display the Name of the Virtual Machines, simply type:
PS > Get-SCVirtualMachine -VmHost Host02 | Select-Object -ExpandProperty VirtualNetworkAdapters |
Where-Object { $_.MACAddressType -eq "Dynamic" } | Select-Object Name
Name
----
SRV01
SRV02
Finally, let’s take a look at Virtual Machine Disk Size. In the example below we use foreach statement to iterate through each Virtual Machine on Host02. We expand the Machines VirtualHarDisks, and display the Name, Size and MaximumSize. We also perform a calculation to display the FreeSpace.
foreach($vm in (Get-SCVirtualMachine -VmHost Host02)) {
$vm | Select-Object -ExpandProperty VirtualHardDisks |
Select-Object @{Name="Name";Expression={ $vm.Name }},
@{Name="FreeSpace";Expression={ $_.MaximumSize - $_.Size }},
Size, MaximumSize
}
Name FreeSpace Size MaximumSize
---- --------- ---- -----------
SRV01 45572620288 18851889152 64424509440
SRV02 41353731584 33808196096 75161927680
SRV03 35004575744 72369606656 107374182400
SRV04 262144000 9049894400 268435456000
Orchestrator
Orchestrator lets you automate the creation, monitoring, and deployment of resources in your environment. Orchestrator supports a large number of integration packsthat you can use to automate your System Center environment. Orchestrator also supports Windows PowerShell .
Combining Virtual Machine Manager & Orchestrator using PowerShell
In this example we’ll take a look at how to monitor Virtual Machines with low disk space using Orchestrator and PowerShell.
PowerShell Code
First, let’s take a look at the PowerShell code that we want to execute. In the example below we use Invoke-Command to execute PowerShell code on a Remote machine. On the remote machine, we import the virtualmachinemanager module, store a host in $vmHost and use a foreach statment to iterate through each virtual machine on the host and display information about disk space. We also store the output from the command in the variable $result. Next we divide the results into two additional variables, $lowDiskSpace and $highDiskSpace.
$result = Invoke-Command -ComputerName VMM01 -ScriptBlock {
import-module virtualmachinemanager
$vmHost = Get-VMHost eduHost02
foreach($vm in (Get-SCVirtualMachine -VMHost $vmHost)) {
$vm | Select-Object -ExpandProperty VirtualHardDisks |
Select-Object @{Name="Name";Expression={ $vm.Name }},
@{Name="FreeSpace";Expression={ $_.MaximumSize - $_.Size }},
Size, MaximumSize
}
}
PS > $lowDiskSpace = $result |
Where-Object { $_.FreeSpace -le 300MB } |
Select-Object -ExpandProperty Name
PS > $highDiskSpace = $result |
Where-Object { $_.FreeSpace -ge 300MB } |
Select-Object -ExpandProperty Name
When we run the command shown above we store all virtual machines with less than 300MB of free disk space in $lowDiskSpace. the rest are placed in $highDiskSpace.
The Invoke-Command CmdLet also supports the Credential parameter. You can use the Credential parameter to specify a user account that has permission to perform this action.
The example below demonstrates how to run a remote command using different credentials.
$credential = Get-Credential
Invoke-Command -ComputerName VMM01 -Credential $credential -ScriptBlock { "foo" }
Notice how the example above uses Get-Credential get a credential object based on a user name and password. When running PowerShell interctive, this approach is great, however, if you are planning on automating the task you can use the alternative demonstrated below instead.
PS > $userName = "domain\user" PS > $password = "Password1" PS > $securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force PS > $credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName, $securePassword
Orchestrator
On the Orchstrator Server, we start by opening the System Center 2012 Orchestrator Runbook Designer.
Next, Click on Runbooks > New Runbook
Next, Locate Activities, Click on System, and drag/drop the Run .Net Script into your runbook.
The Actions performed by Orchestrator execute using the account connected to the “Orchestrator Runbook Service”. If we want to perform an action against a remote machine using different credentials we can use Invoke-Command.
So how do we store a users Credentials in Orchestrator without displaying the credentials as simple text?.
One way of solving this is by storing the credentials in secure variables. To store information in secure variables in Orchestrator, click on Global Settings > Variables.
Next, Click on New > Variable.
Type a name and a value for your variable. Remember to click the checkbox “Encrypted Variable”.
Add to variables, on called password and on called user.
It’s also possible to set specific permissions on variables in orchestrator bu right-clicking the variable and clicking on permissions.
Next, Click on Runbooks and right-click on the “Run .Net Script” action and click on Properties.
Under Language, click on Type and select PowerShell. Add the Following code under Script:
$user = ""
$password = ""
$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
# Creating a PSCredential object
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user, $securePassword
$result = Invoke-Command -ComputerName VMM01 -Credential $credential -ScriptBlock {
import-module virtualmachinemanager
$vmHost = Get-VMHost eduHost02
foreach($vm in (Get-SCVirtualMachine -VMHost $vmHost)) {
$vm | Select-Object -ExpandProperty VirtualHardDisks |
Select-Object @{Name="Name";Expression={ $vm.Name }},
@{Name="FreeSpace";Expression={ $_.MaximumSize - $_.Size }},
Size, MaximumSize
}
}
$lowDiskSpace = $result | Where { $_.FreeSpace -le 300MB } | Select -ExpandProperty Name
$highDiskSpace = $result | Where { $_.FreeSpace -ge 300MB } | Select -ExpandProperty Name
Next, $user = “<Right-Click Here>” and insert the variable from global settings. repeat the same task for the $password variable.
Next, click on Published Data and add two items as shown below. (note that the dollar-sign is not used in Variable).
Click on Finish.
You can display the data in various ways, we’ll keep it simple and simply write the information to textfiles.
Under Activities, click on Text File Management > Append Line. Drag/Drop two Append Line activities to your runbook.
Connect the Run .Net Script activity to the Append Line activities.
Next, Right-Click on one of the Append Line Activities and fill in a File Path and an Encoding.
Next, Right-Click on the Text field and click on Subscribe > Published Data.
Select the lowDiskSpace Published Data and click on OK.
Repeat the same steps on the second Append Line Activity but select the highDiskSpace Published Data instead.
And we’re all set. Click on “Check In” and Run to test your RunBook. If the runbook is set up correctly you should see two files under C:\Logs containing information about your VM Machines.
[?]