Tohuwabohu excorcism

User Tools

Site Tools

Trace: powershell
programming:powershell

Table of Contents

Powershell

Execution of Powershell Scripts

Execution of *.ps1 files by doubleclicking is forbidden on default.
There are sevaral ways to still execute Scripts, e.g. by starting a powerShell with the script as command parameter

There is a detailed describtion of that https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/

Execution scope in powershell

The scope in which powershell variables are visible: http://technet.microsoft.com/en-us/library/hh847849.aspx

Policy

Get-ExecutionPolicy -List | Format-Table -AutoSize

The execution policies you can use are:

  • Restricted - Scripts won’t run.
  • RemoteSigned - Scripts created locally will run, but those downloaded from the Internet will not (unless they are digitally signed by a trusted publisher).
  • AllSigned - Scripts will run only if they have been signed by a trusted publisher.
  • Unrestricted - Scripts will run regardless of where they have come from and whether they are signed.
  • You can set PowerShell’s execution policy by using the following cmdlet:
Set-ExecutionPolicy <policy name>

Execution of commands on remote PCs

Remote execution of Scripts via powershell is described here: https://www.opswat.com/blog/powershell-vs-psexec-remote-command-execution

  1. On the remote machine, enable remote commands 

    PS C:\Windows\system32> Enable-PSRemoting -force

  2. On a local machine, add remote system to the trusted list 

    C:\Windows\system32> Set-Item wsman:\localhost\Client\TrustedHosts -value 10.0.X.X

  3. On a local machine, set the execution policy to remote signed 

    PS C:\Windows\system32> Set-ExecutionPolicy RemoteSigned

  4. Execute Scripts on the remote machine 

    PS C:\Windows\system32> invoke-command -computername YOURNAMEHERE -scriptblock {echo "Test" > D:\tmp\1Remote\testRemote.txt}

  5. Execute Script file on remote pc and log to *.txt 

    PS C:\Windows\system32> invoke-command -computername ANB13010 -scriptblock {powershell -File D:\script.ps1 > D:\logs.txt}

Executing with autehntification: 

$username = 'your-domain.com\username'
$password = 'yourpassword'

$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))

invoke-command -computername ANB13010 -Credential $cred -Authentication CredSSP -scriptblock {powershell -File D:\script.ps1 > D:\logs.txt} | Write-Host
ACHTUNG: Powershell is not able to execute interactive processes

As stated here: http://stackoverflow.com/questions/6178437/start-remote-process-within-the-context

You cannot start interactive processes using WMI or PowerSHell remoting. This is a security limitation/feature. You need to use PSExec if you want to start remote interactive processes.

You can use PSExec tool for that, available here http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx 

# WORKS!

$remoteMachine = 'PCNAMEHERE'
$username = 'your.domain.com\usernamehere'
$password = 'passwordhere'

D:\Temp\22symantec\PsExec.exe \\$remoteMachine -u $username -p $password  /accepteula -d cmd /c "powershell -noninteractive D:\path\to\script\scriptname.ps1"

Executing Executables

Just write the .exe down with the parameters or use the call operator &

Details are here http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx

Second Hop Problem

When executing commands on foreign computer B - B will not be able to access another computer C via Network.
This happens because B can not pass the creadentials further to another PCs on default.

You can bypass this problem by giving B this ability.

1) Execute on local PC - the first PC in a row. This PC will call invoke-command. Here its name is a-pc-p31dash01
#Erlauben die Powershell Skripte auszufuhren
Set-ExecutionPolicy RemoteSigned 

#workaround second-hop um auf Netzfreigaben zu zugreifen http://technet.microsoft.com/en-us/magazine/jj853299.aspx
Enable-WSManCredSSP –Role client –DelegateComputer * -force

# trust the deployment machine
Set-Item wsman:\localhost\Client\TrustedHosts -value ANB13010
Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.51.116
2) Execute on remote PC B. On this PC the commands will be executed remotely. Here it's name is ANB13010
#Erlauben die Powershell Skripte auszufuhren
Set-ExecutionPolicy RemoteSigned 

#erlaube den remote Zugriff via Skripte
Enable-PSRemoting -force

#workaround second-hop um auf Netzfreigaben zu zugreifen http://technet.microsoft.com/en-us/magazine/jj853299.aspx
Enable-WSManCredSSP –Role server -force

#fuge die BuildSlaves zu TrustedHosts hinzu
Set-Item wsman:\localhost\Client\TrustedHosts -value a-pc-p31dash01
Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.51.116
3) Now execute remote commands with request to Network PCs. here it happens on a-pc-p31dash01

You can invoke commands on foreign PCs as following. The following command can be called from PC A
to be executed on PC B with name ANB13010
in order to list files on network share on PC C with ip 192.168.51.116 

$username = 'my-domain.com\username'
$password = 'password'

$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))

invoke-command -computername ANB13010 -Credential $cred -Authentication CredSSP -scriptblock { Get-ChildItem -Path \\192.168.51.116\networkShare | echo}

API

Replacement in Files using regex

(Get-Content c:\temp\replace\tnsnames.txt) `
    -replace 'HOST=.*?\)', 'HOST=MyHost)' |
  Out-File c:\temp\replace\tnsnames.txt
programming/powershell.txt · Last modified: 2023/11/01 07:31 by skipidar