Difference between revisions of "Powershell"
Jump to navigation
Jump to search
| (14 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
# Command One liners | # Command One liners | ||
``` | ``` | ||
| + | https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-counter?view=powershell-7 | ||
| + | get-counter | ||
| + | get-counter -listset * | ||
| + | get-counter -listset * | findstr -i physicaldisk | ||
| + | Get-Counter '\physicaldisk(_total)\current disk queue length' | ||
| + | (Get-Counter -ListSet PhysicalDisk).PathsWithInstances | ||
While(1) {ps | sort -des cpu | select -f 15 | ft -a; sleep 1; cls} | While(1) {ps | sort -des cpu | select -f 15 | ft -a; sleep 1; cls} | ||
| + | Get-Counter '\Process(*)\IO Data Operations/sec' | ||
| + | Get-Counter '\Memory\Page Faults/sec' | ||
robocopy <source> <destination> /mir /copyall | robocopy <source> <destination> /mir /copyall | ||
get-service -Name *Examp* | get-service -Name *Examp* | ||
| Line 9: | Line 17: | ||
(Get-Counter '\Process(*)\% Processor Time').Countersamples | Where cookedvalue -gt ($NumberOfLogicalProcessors*10) | Sort cookedvalue -Desc | ft -a instancename, @{Name='CPU %';Expr={[Math]::Round($_.CookedValue / $NumberOfLogicalProcessors)}} | (Get-Counter '\Process(*)\% Processor Time').Countersamples | Where cookedvalue -gt ($NumberOfLogicalProcessors*10) | Sort cookedvalue -Desc | ft -a instancename, @{Name='CPU %';Expr={[Math]::Round($_.CookedValue / $NumberOfLogicalProcessors)}} | ||
Get-Process | Sort CPU -Descending | Select -First 3 -Property ID,ProcessName,CPU | Get-Process | Sort CPU -Descending | Select -First 3 -Property ID,ProcessName,CPU | ||
| + | Get-Process -IncludeUserName | ||
| + | Get-Process | Where-Object {$_.mainWindowTitle} | Format-Table Id, Name, mainWindowtitle -AutoSize | ||
| + | Get-WinEvent -ListLog * | findstr -i dns | ||
| + | Get-WinEvent "DNS Server" -MaxEvents 20 | ||
| + | ``` | ||
| + | - https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-process?view=powershell-7 | ||
| + | |||
| + | More | ||
| + | ``` | ||
| + | Get-Counter -ErrorAction SilentlyContinue '\Process(*)\% Processor Time' | Select-Object -ExpandProperty countersamples| Select-Object -Property instancename, cookedvalue| ? {$_.instanceName -notmatch "^(idle|_total|system)$"} | Sort-Object -Property cookedvalue -Descending| Select-Object -First 10| ft InstanceName,@{L='CPU';E={($_.Cookedvalue/100/$env:NUMBER_OF_PROCESSORS).toString('P')}} -AutoSize | ||
| + | ``` | ||
| + | |||
| + | # Salt | ||
| + | ``` | ||
| + | sudo salt -C 'G@os:Windows' cmd.powershell "(Get-Process | Sort CPU -Descending | Select -First 3 -Property ID,ProcessName,CPU)" | ||
sudo salt -C 'example*' cmd.powershell "(Get-Process | Sort CPU -Descending | Select -First 3 -Property ID,ProcessName,CPU)" | sudo salt -C 'example*' cmd.powershell "(Get-Process | Sort CPU -Descending | Select -First 3 -Property ID,ProcessName,CPU)" | ||
``` | ``` | ||
| Line 39: | Line 62: | ||
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 1 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 1 | ||
Disable-NetFirewallRule -DisplayGroup "Remote Desktop" | Disable-NetFirewallRule -DisplayGroup "Remote Desktop" | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | # Search Active Directory and via regular expression like filter and runs command | ||
| + | Param( | ||
| + | [Parameter(Mandatory=$true)][string]$domain, | ||
| + | [Parameter(Mandatory=$true)][string]$regexp, | ||
| + | [Parameter(Mandatory=$true)][string]$command | ||
| + | ) | ||
| + | |||
| + | $SearchBase = "" | ||
| + | $domain.Split(".") | ForEach { | ||
| + | $SearchBase = $SearchBase + "DC=$_," | ||
| + | } | ||
| + | $SearchBase = $SearchBase.Substring(0,$SearchBase.Length-1) | ||
| + | |||
| + | $cred = Get-Credential | ||
| + | |||
| + | $hostnames = (Get-ADComputer -Filter "Name -like '$regexp'" -SearchBase $SearchBase -Server $domain -Properties Name | select-object -expandproperty name) | ||
| + | foreach ($hostname in $hostnames) | ||
| + | { | ||
| + | $fqdn = "$hostname.$domain" | ||
| + | Write-Host "$fqdn running cmd: $command" | ||
| + | Invoke-Command -ComputerName $fqdn -Credential $cred -ScriptBlock { iex $Using:command } | ||
| + | } | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ``` | ||
| + | # Disable UDP DNS on authoritative domain hosts | ||
| + | $ErrorActionPreference = "Stop" | ||
| + | $domain = "example.com" | ||
| + | $hosts = @("ns1", "ns2", "ns3", "ns4") | ||
| + | $command = "foo" | ||
| + | |||
| + | $cred = Get-Credential | ||
| + | |||
| + | foreach ($h in $hosts){ | ||
| + | $fqdn = "$h.$domain" | ||
| + | Write-Host "$fqdn updating" | ||
| + | $command = "Set-NetFirewallProfile -Profile Domain -DefaultInboundAction Allow -DefaultOutboundAction Allow -Enabled True" | ||
| + | Invoke-Command -ComputerName $fqdn -Credential $cred -ScriptBlock { iex $Using:command } | ||
| + | $command = 'New-NetFirewallRule -DisplayName "DNS block udp 53" -Direction Inbound -Protocol UDP -Action Block -LocalPort 53' | ||
| + | Invoke-Command -ComputerName $fqdn -Credential $cred -ScriptBlock { iex $Using:command } | ||
| + | Resolve-DnsName -TcpOnly www.extendhealth.com -Server wjp2-dmzdns.ehdmz.com | ||
| + | Write-Host "Testing UDP resolution to make sure it doesn't work." | ||
| + | try { Resolve-DnsName www.extendhealth.com -Server $fqdn } | ||
| + | catch { "DNS query udp 53 failed on $fqdn which is wanted. Rule applied ok" } | ||
| + | } | ||
``` | ``` | ||
Latest revision as of 21:08, 1 February 2021
Command One liners
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-counter?view=powershell-7
get-counter
get-counter -listset *
get-counter -listset * | findstr -i physicaldisk
Get-Counter '\physicaldisk(_total)\current disk queue length'
(Get-Counter -ListSet PhysicalDisk).PathsWithInstances
While(1) {ps | sort -des cpu | select -f 15 | ft -a; sleep 1; cls}
Get-Counter '\Process(*)\IO Data Operations/sec'
Get-Counter '\Memory\Page Faults/sec'
robocopy <source> <destination> /mir /copyall
get-service -Name *Examp*
Get-Process -ID 1111 | Select-Object *
systeminfo | find "Virtual Memory"
stop-service, restart-service
(Get-Counter '\Process(*)\% Processor Time').Countersamples | Where cookedvalue -gt ($NumberOfLogicalProcessors*10) | Sort cookedvalue -Desc | ft -a instancename, @{Name='CPU %';Expr={[Math]::Round($_.CookedValue / $NumberOfLogicalProcessors)}}
Get-Process | Sort CPU -Descending | Select -First 3 -Property ID,ProcessName,CPU
Get-Process -IncludeUserName
Get-Process | Where-Object {$_.mainWindowTitle} | Format-Table Id, Name, mainWindowtitle -AutoSize
Get-WinEvent -ListLog * | findstr -i dns
Get-WinEvent "DNS Server" -MaxEvents 20
More
Get-Counter -ErrorAction SilentlyContinue '\Process(*)\% Processor Time' | Select-Object -ExpandProperty countersamples| Select-Object -Property instancename, cookedvalue| ? {$_.instanceName -notmatch "^(idle|_total|system)$"} | Sort-Object -Property cookedvalue -Descending| Select-Object -First 10| ft InstanceName,@{L='CPU';E={($_.Cookedvalue/100/$env:NUMBER_OF_PROCESSORS).toString('P')}} -AutoSize
Salt
sudo salt -C 'G@os:Windows' cmd.powershell "(Get-Process | Sort CPU -Descending | Select -First 3 -Property ID,ProcessName,CPU)" sudo salt -C 'example*' cmd.powershell "(Get-Process | Sort CPU -Descending | Select -First 3 -Property ID,ProcessName,CPU)"
def jtest(var):
var2 = var + 1 print(var2)
var2 = var + 1 print(var2)
Powershell security
Set-ExecutionPolicy RemoteSigned
Enable RDP
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Disable RDP
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 1 Disable-NetFirewallRule -DisplayGroup "Remote Desktop"
# Search Active Directory and via regular expression like filter and runs command
Param(
[Parameter(Mandatory=$true)][string]$domain,
[Parameter(Mandatory=$true)][string]$regexp,
[Parameter(Mandatory=$true)][string]$command
)
$SearchBase = ""
$domain.Split(".") | ForEach {
$SearchBase = $SearchBase + "DC=$_,"
}
$SearchBase = $SearchBase.Substring(0,$SearchBase.Length-1)
$cred = Get-Credential
$hostnames = (Get-ADComputer -Filter "Name -like '$regexp'" -SearchBase $SearchBase -Server $domain -Properties Name | select-object -expandproperty name)
foreach ($hostname in $hostnames)
{
$fqdn = "$hostname.$domain"
Write-Host "$fqdn running cmd: $command"
Invoke-Command -ComputerName $fqdn -Credential $cred -ScriptBlock { iex $Using:command }
}
# Disable UDP DNS on authoritative domain hosts
$ErrorActionPreference = "Stop"
$domain = "example.com"
$hosts = @("ns1", "ns2", "ns3", "ns4")
$command = "foo"
$cred = Get-Credential
foreach ($h in $hosts){
$fqdn = "$h.$domain"
Write-Host "$fqdn updating"
$command = "Set-NetFirewallProfile -Profile Domain -DefaultInboundAction Allow -DefaultOutboundAction Allow -Enabled True"
Invoke-Command -ComputerName $fqdn -Credential $cred -ScriptBlock { iex $Using:command }
$command = 'New-NetFirewallRule -DisplayName "DNS block udp 53" -Direction Inbound -Protocol UDP -Action Block -LocalPort 53'
Invoke-Command -ComputerName $fqdn -Credential $cred -ScriptBlock { iex $Using:command }
Resolve-DnsName -TcpOnly www.extendhealth.com -Server wjp2-dmzdns.ehdmz.com
Write-Host "Testing UDP resolution to make sure it doesn't work."
try { Resolve-DnsName www.extendhealth.com -Server $fqdn }
catch { "DNS query udp 53 failed on $fqdn which is wanted. Rule applied ok" }
}