===== Powershell =====

==== Execution of Powershell Scripts ====
Execution of *.ps1  files by doubleclicking is forbidden on default. \\
There are sevaral ways to still execute Scripts, e.g. by starting a **powerShell** with the script as command parameter

There is a detailed describtion of that https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/


==== Execution scope in powershell ====
The scope in which powershell variables are visible: http://technet.microsoft.com/en-us/library/hh847849.aspx
==== Policy ====

<code>Get-ExecutionPolicy -List | Format-Table -AutoSize</code>

The execution policies you can use are:

  * Restricted - Scripts won’t run.
  * **RemoteSigned** - Scripts created locally will run, but those downloaded from the Internet will not (unless they are digitally signed by a trusted publisher).
  * AllSigned - Scripts will run only if they have been signed by a trusted publisher.
  * Unrestricted - Scripts will run regardless of where they have come from and whether they are signed.
  * You can set PowerShell’s execution policy by using the following cmdlet:

<code>Set-ExecutionPolicy <policy name></code>


==== Execution of commands on remote PCs ====

Remote execution of Scripts via powershell is described here: https://www.opswat.com/blog/powershell-vs-psexec-remote-command-execution

  - <WRAP> On the remote machine, enable remote commands
<code>
PS C:\Windows\system32> Enable-PSRemoting -force
</code>
</WRAP>
  - <WRAP> On a local machine, add remote system to the trusted list
<code>
C:\Windows\system32> Set-Item wsman:\localhost\Client\TrustedHosts -value 10.0.X.X
</code>
</WRAP>
  - <WRAP> On a local machine, set the execution policy to remote signed
<code>
PS C:\Windows\system32> Set-ExecutionPolicy RemoteSigned
</code>
</WRAP>
  - <WRAP> Execute Scripts on the remote machine 
<code>
PS C:\Windows\system32> invoke-command -computername YOURNAMEHERE -scriptblock {echo "Test" > D:\tmp\1Remote\testRemote.txt}
</code>
</WRAP>
  - <WRAP> Execute Script file on remote pc and log to *.txt
<code>
PS C:\Windows\system32> invoke-command -computername ANB13010 -scriptblock {powershell -File D:\script.ps1 > D:\logs.txt}
</code>
</WRAP>


Executing with autehntification:

<code>
$username = 'your-domain.com\username'
$password = 'yourpassword'

$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))

invoke-command -computername ANB13010 -Credential $cred -Authentication CredSSP -scriptblock {powershell -File D:\script.ps1 > D:\logs.txt} | Write-Host
</code>


== ACHTUNG: Powershell is not able to execute interactive processes ==
As stated here: http://stackoverflow.com/questions/6178437/start-remote-process-within-the-context

You cannot start interactive processes using WMI or PowerSHell remoting. This is a security limitation/feature. You need to use PSExec if you want to start remote interactive processes.

You can use PSExec tool for that, available here http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
<code>
# WORKS!

$remoteMachine = 'PCNAMEHERE'
$username = 'your.domain.com\usernamehere'
$password = 'passwordhere'

D:\Temp\22symantec\PsExec.exe \\$remoteMachine -u $username -p $password  /accepteula -d cmd /c "powershell -noninteractive D:\path\to\script\scriptname.ps1"

</code>

==== Executing Executables ====

Just write the .exe  down with the parameters or use the call operator **&**

Details are here http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx


==== Second Hop Problem ====

When executing commands on foreign computer B - B will not be able to access another computer C via Network. \\
This happens because B can not pass the creadentials further to another PCs on default.

You can bypass this problem by giving B this ability.

== 1) Execute on local PC - the first PC in a row. This PC will call invoke-command. Here its name is a-pc-p31dash01 == 
<code>
#Erlauben die Powershell Skripte auszufuhren
Set-ExecutionPolicy RemoteSigned 

#workaround second-hop um auf Netzfreigaben zu zugreifen http://technet.microsoft.com/en-us/magazine/jj853299.aspx
Enable-WSManCredSSP –Role client –DelegateComputer * -force

# trust the deployment machine
Set-Item wsman:\localhost\Client\TrustedHosts -value ANB13010
Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.51.116
</code>


== 2) Execute on remote PC B. On this PC the commands will be executed remotely. Here it's name is ANB13010 == 
<code>
#Erlauben die Powershell Skripte auszufuhren
Set-ExecutionPolicy RemoteSigned 

#erlaube den remote Zugriff via Skripte
Enable-PSRemoting -force

#workaround second-hop um auf Netzfreigaben zu zugreifen http://technet.microsoft.com/en-us/magazine/jj853299.aspx
Enable-WSManCredSSP –Role server -force

#fuge die BuildSlaves zu TrustedHosts hinzu
Set-Item wsman:\localhost\Client\TrustedHosts -value a-pc-p31dash01
Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.51.116
</code>

== 3) Now execute remote commands with request to Network PCs. here it happens on a-pc-p31dash01 == 
You can invoke commands on foreign PCs as following. The following command can be called from PC A \\
to be executed on PC B with name ANB13010 \\
in order to list files on network share on PC C with ip 192.168.51.116
<code>

$username = 'my-domain.com\username'
$password = 'password'

$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))

invoke-command -computername ANB13010 -Credential $cred -Authentication CredSSP -scriptblock { Get-ChildItem -Path \\192.168.51.116\networkShare | echo}
</code>


==== API ====

=== Replacement in Files using regex===
<code>
(Get-Content c:\temp\replace\tnsnames.txt) `
    -replace 'HOST=.*?\)', 'HOST=MyHost)' |
  Out-File c:\temp\replace\tnsnames.txt
</code>