3RZHU6KHOO

[Pages:55]Lab Answer Key

PowerShell

For Auditing and Security

Lab 1: Configuring Windows PowerShell

Exercise 1: Configure the Windows PowerShell Console Application

Task 1: Start the 64-bit console application as Administrator and pin Windows PowerShell icon to the taskbar

NOTE: There are multiple keyboard languages installed to support course delivery globally. As such some key strokes may give different results than expected if a language different to what you expect is set as the input method. In the LON-CL1 virtual machine the default keyboard language is set to ENG (US). If you require a different keyboard language you should click on the system icon in the bottom right hand corner, which indicates the keyboard language, and select the appropriate language for you region. Alternatively you can use the following short cut keys sequence, hold down the Left ALT+ press Left SHIFT one key stroke at a time, while continuing to hold down the Left ALT key, to scroll through the languages or by pressing Windows Key + Space to select your required language.

1. On the LON-CL1 virtual machine, log on as Adatum\Administrator.

2. Press the Windows key on your keyboard.

3. Type powersh to display the Windows PowerShell icon.

4. Make sure that the icon caption says Windows PowerShell and that it does not say Windows PowerShell (x86). Rightclick the icon, and then click Run as administrator.

5. Make sure that the window title bar says Administrator and does not include the text (x86). This indicates that it is the 64-bit console application and it is being run as Administrator.

6. On the taskbar, right-click the Windows PowerShell icon and then click Pin this program to taskbar. 64-bit Windows PowerShell should now be open, running as Administrator, and available on the taskbar for future use.

Task 2: Configure the Windows PowerShell console application

1. To configure the shell to use the Consolas font:

a. Click the control box in the upper-left corner of the Windows PowerShell console window.

b. Click Properties.

c. In the Windows PowerShell Properties dialog box on the Font tab, select Consolas. Select a font size that is comfortable to read.

2. To select alternate display colors: On the Colors tab, review the available foreground (text) and background colors.

3. To size the window and to remove the horizontal scroll bar:

1. On the Layout tab, in the Window Size settings, change the area's Width and Height values until the Windows PowerShell console pane preview fits completely within the Window Preview area.

2. On the Layout tab in the Screen Buffer Size settings, change the Width value to be the same as the Windows Size settings Width value.

3. Click OK. The console application should now be ready for use.

Task 3: Start a shell transcript

1. To start a transcript in the Windows PowerShell console, run:

Start-Transcript C:\DayOne.txt

You have now started a transcript, and it will save all of your commands and command output until you run StopTranscript or until you close the shell window.

2. You can view all the commands you have run and the command output by opening the file C:\DayOne.txt.

PowerShell for Auditing and Security

Lab Answers

Page 1

Results: After completing this lab, you will have opened and configured the Windows PowerShell console application and configured its appearance and layout.

Exercise 2: Configure the Windows PowerShell ISE Application

Task 1: Open the 64-bit Windows PowerShell ISE application as Administrator

1. Ensure you are still logged onto the LON-CL1 virtual machine as Adatum\Administrator. 2. Do one of the following: In the Windows PowerShell console application, type ise and then press Enter. Notice that this will work correctly only when the console is running as Administrator. or Right-click the Windows PowerShell icon on the taskbar and then click Run ISE as Administrator. 3. You should now have a 64-bit ISE application running as Administrator.

Task 2: Customize the appearance of the ISE to use the single-pane view, hide the Command Pane, and adjust the font size

1. To configure the ISE to use a single-pane view: a. On the Windows PowerShell ISE toolbar, click the Show Script Pane Maximized button (third from the right). b. Click the blue Hide Script Pane up-arrow icon on the extreme right side until the console pane is displayed. 2. Use the Show Command Add-on button (rightmost button on the toolbar) to hide or view the Command Pane. 3. To adjust the font size, use the slider in the lower-right corner of the window to adjust the font size until you can read it comfortably. Results: After completing this lab, you will have customized the appearance of the Windows PowerShell ISE application.

Page 2

Lab Answers

PowerShell for Auditing and Security

Lab 2: Finding and Running Basic Commands

Exercise 1: Finding Commands

Task 1: Find commands that will accomplish specified tasks

1. Press the Windows logo key, type PowerShell, right click the Windows PowerShell tile, and click Run as administrator. 2. Run:

help *resolve*

or:

Get-Command *resolve*

These display a list of commands that use Resolve in their names. This should lead you to the Resolve-DNSName command. 3. Run:

help *adapter*

or:

Get-Command *adapter*

These display a list of commands that use Adapter in their names. This should lead you to the Set-NetAdapter command. Then, run help set-netadapter to view the Help for that command. This should lead you to the ?MACAddress parameter. 4. Run:

help *sched*

or:

Get-Command *sched*

These display a list of commands that use Sched in their name. This should lead you to the Enable-ScheduledTask command (you may also find the Enable-PSScheduledTask command that is similar). 5. Run:

Get-Command ?Verb Block

Or:

help *block*

These display a list of commands. This should lead you to the Block-SMBShare command. Then, run help blocksmbshare to learn that the command applies a Deny entry to the file share Discretionary Access Control List (DACL). 6. Run:

help *branch*

This will cause the Help system to conduct a full-text search, because no commands use branch in their names. Or, run:

help *cache*

or:

Get-Command *cache*

These will display a list of commands. Either way, you should discover the Clear-BCCache command. 7. Run any of the following:

help *firewall*

or

PowerShell for Auditing and Security

Lab Answers

Page 3

Get-Command *firewall*

or

help *rule*

or

Get-Command *rule*

These display a list of commands that use those keywords in their names. This should lead you to the GetNetFirewallRule command Then, run:

help get-netfirewallrule ?full

This will display the Help for the command. This should let you discover the ?Enabled parameter. 8. Run:

help *address*

This will display a list of commands that use address in their names. This should lead you to the Get-NetIPAddress command. 9. Run:

help *suspend*

or:

Get-Command ?verb suspend

These display a list of commands. This should lead you to the Suspend-PrintJob command. 10. Run:

help *format*

or:

Get-Command ?Verb format

These display a list of commands. This should lead you to the Format-Volume command. Results: After completing this exercise, you will have demonstrated your ability to use the command discoverability features of Windows PowerShellTM to find new commands that perform specific tasks.

Exercise 2: Finding and Running Commands

Task 1: Run commands to accomplish specified tasks

1. Ensure you are working on the LON-CL1 virtual machine logged on as Adatum\Administrator. 2. To display a list of enabled firewall rules, run:

Get-NetFirewallRule -Enabled True

3. To display a list of all local IPv4 addresses, run

Get-NetIPAddress ?AddressFamily IPv4

4. To set the startup type of the BITS service, run :

Set-Service ?Name BITS ?StartupType Automatic

5. To test the connection to LON-DC1, run:

Test-Connection ?ComputerName LON-DC1 ?Quiet

Notice that this command returns only a True or False value, without any other output. 6. To display the newest 10 entries from the Security event log, run:

Page 4

Lab Answers

PowerShell for Auditing and Security

Get-EventLog ?LogName Security ?Newest 10

Results: After completing this exercise, you will have demonstrated your ability to run Windows PowerShell commands by using correct command-line syntax.

Exercise 3: Using "About" Files

Task 1: Locate and read "About" Help files

1. Ensure you are still on the LON-CL1 virtual machine logged on as Adatum\Administrator from the previous exercise. 2. To find operators used for wildcard string comparison, run:

help *comparison*

then run:

help about_comparison_operators -ShowWindow.

Notice the ?Like operator in the about_Comparison_Operators. To find it, in the Find text box, type wild, and then click Next. 3. After reading the about_Comparison_Operators file, you should learn that typical operators are not case-sensitive. Specific case-sensitive operators are provided in about_Comparison_Operators. 4. To display the COMPUTERNAME environment variable, run:

$env:computername

You could read about this technique in about_environment_variables. 5. Run:

help *signing*

then run:

help about_signing

Then read about code signing. You should learn that Makecert.exe is used to create a self-signed digital certificate.

Task 2: To prepare for the next module

When you have finished the lab, revert the virtual machines to their initial state. To do this, perform the following steps: 1. On the host computer, start Hyper-V Manager. 2. In the Virtual Machines list, right click LON-DC1, and then click Revert. 3. In the Revert Virtual Machine dialog box, click Revert. 4. Repeat steps 2 and 3 for LON-CL1. Results: After completing this exercise, you will have demonstrated your ability to locate Help content in "About" files.

PowerShell for Auditing and Security

Lab Answers

Page 5

Page 6

Lab Answers

PowerShell for Auditing and Security

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download