📌
ibook
  • README
  • cheatsheet
    • bash
      • builtin
      • syntactic sugar
      • cmd
      • havefun
    • text-processing
      • awk
      • sed
      • html
      • json
      • regex
      • unicode
    • osx
    • curl
    • tricky
    • widget
    • proxy
    • colors
    • math
    • media
    • ssl
      • keystore
      • verification
      • server
      • client
      • tricky
    • windows
      • powershell
      • choco
      • wsl
      • wt
      • shortcut
      • clsid
      • env
      • shell:folder
  • vim
    • nvim
    • install
    • color
    • plugins
      • usage
      • other plugins
      • deprecated
    • tricky
    • viml
    • windows
    • troubleshooting
  • devops
    • admin tools
    • ssh
    • git
      • config
      • alias
      • submodule
      • eol
      • example
      • gerrit
        • gerrit API
      • github
      • troubleshooting
      • tricky
      • statistics
    • tmux
      • cheatsheet
    • ansible
    • vault
    • artifactory
      • api
      • cli
      • aql
      • nginx cert
    • klocwork
      • kwadmin
      • kwserver
      • api
      • q&a
    • elk
    • mongodb
    • android
    • mobile
  • jenkins
    • config
      • windows
    • appearance
    • troubleshooting
    • jenkinsfile
      • utility
      • parallel
      • build
      • envvar
      • properties
      • trigger
      • node
    • script
      • job
      • build
      • stage
      • agent
      • security & authorization
      • exception
      • monitor
      • tricky
    • api
      • blueocean
    • cli
    • plugins
      • kubernetes
      • docker
      • shared-libs
      • lockable-resource
      • ansicolor
      • badge
      • groovy-postbuild
      • simple-theme
      • customizable-header
      • artifactory
      • jira-steps
      • job-dsl
      • build-timeline
      • crumbIssuer
      • coverage
      • tricky
  • virtualization
    • kubernetes
      • init
        • kubespray
        • kubeadm
          • environment
          • crio v1.30.4
          • docker v1.15.3
          • HA
        • addons
        • etcd
      • kubectl
        • pod
        • deploy
        • replicasets
        • namespace
        • secrets
      • node
      • certificates
      • events
      • kubeconfig
      • kubelet
      • troubleshooting
      • cheatsheet
      • auth
      • api
      • tools
        • monitor
        • helm
        • network
        • minikube
    • docker
      • run & exec
      • voume
      • remove
      • show info
      • dockerfile
      • dockerd
      • tricky
      • troubleshooting
      • windows
    • crio
    • podman
  • ai
    • prompt
  • osx
    • apps
      • init
      • brew
    • defaults
    • system
    • network
    • script
    • tricky
  • linux
    • devenv
    • util
      • time & date
      • output formatting
      • params
      • tricky
    • nutshell
    • disk
    • network
    • troubleshooting
    • system
      • apt/yum/snap
      • authorization
      • apps
      • x11
    • ubuntu
      • systemctl
      • x
    • rpi
  • programming
    • groovy
    • python
      • config
      • basic
      • list
      • pip
      • q&a
    • others
    • archive
      • angular
      • maven
      • mysql
        • installation
        • logs
      • ruby
        • rubyInstallationQ&A
  • tools
    • fonts
    • html & css
    • Jira & Confluence
    • node & npm
      • gitbook
      • hexo
      • github.page
      • code themes
    • app
      • microsoft office
      • vscode
      • virtualbox
      • iterm2
      • browser
      • skype
      • teamviewer
      • others
  • english
Powered by GitBook
On this page
  • basic
  • powershell 7
  • system
  • modules
  • scripts
  • step-by-step guide to setup two-tier pki environment

Was this helpful?

  1. cheatsheet
  2. windows

powershell

  • basic

    • echo

    • profile

    • running powershell script

  • powershell 7

    • install

    • upgrade

  • system

    • check current user is admin

    • maximum path length limitation

    • list installed appx

    • install system apps

    • restricted strategy

    • enable pxe on the distribution point

    • search

    • cortana

    • install ssh-agent

    • deploy windows 10 in a test lab using configuration manager

    • IP

    • history

  • modules

    • list installed modules

    • get package source

    • PSReadLine

  • scripts

    • environment variable

    • timezone

    • setup powershell startup

  • step-by-step guide to setup two-tier pki environment

  • to execute powershell as administrator

  • right click 'Run As Administrator'

  • ctrl+r » powershell » ctrl + shift + enter

  • to verify powershell running as admin

    > (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
True

basic

echo

references

  • Redirection

  • Out-Null

Write-Warning "hello"
Write-Error "hello"
Write-Output "hello" | Out-Null

profile

[!NOTE|label:references:]

  • PowerShell Profile Files: Getting Started

> $PROFILE | Get-Member -Type NoteProperty

   TypeName: System.String

Name                   MemberType   Definition
----                   ----------   ----------
AllUsersAllHosts       NoteProperty string AllUsersAllHosts=C:\Program Files\PowerShell\7\profile.ps1
AllUsersCurrentHost    NoteProperty string AllUsersCurrentHost=C:\Program Files\PowerShell\7\Microsoft.Power…
CurrentUserAllHosts    NoteProperty string CurrentUserAllHosts=C:\Users\marslo\OneDrive - Company\Documents\…
CurrentUserCurrentHost NoteProperty string CurrentUserCurrentHost=C:\Users\marslo\OneDrive - Company\Documen…

running powershell script

[!NOTE|label:references:]

  • run powershell command from cmd

REM cmd
> powershell -command "..."
REM example
> powershell -command "get-process | ? {$_.Description -eq 'Sysinter Process Explorer'} | select processname | out-file $env:APPDATA\example.txt"

REM execute ps file
> powershell -file /path/to/script.ps1

powershell 7

[!NOTE|label:references:]

  • windows的powershell7 配置

install

> winget install --id Microsoft.Powershell --source winget
> winget install --id Microsoft.Powershell.Preview --source winget

# silent install
> curl -fsSL -O https://github.com/PowerShell/PowerShell/releases/download/v7.4.1/PowerShell-7.4.1-win-x64.msi
> msiexec.exe /package PowerShell-7.4.1-win-x64.msi /quiet ADD_EXPLORER_CONTEXT_MENU_OPENPOWERSHELL=1 ADD_FILE_CONTEXT_MENU_RUNPOWERSHELL=1 ENABLE_PSREMOTING=1 REGISTER_MANIFEST=1 USE_MU=1 ENABLE_MU=1 ADD_PATH=1

# check avaiable
> winget search Microsoft.PowerShell
Name               Id                           Version Source
---------------------------------------------------------------
PowerShell         Microsoft.PowerShell         7.4.1.0 winget
PowerShell Preview Microsoft.PowerShell.Preview 7.5.0.1 winget

for restriction

> Register-PSSessionConfiguration
> Update-Help -Scope AllUsers
> Enable-ExperimentalFeature -Scope AllUsers
> Set-ExecutionPolicy -Scope LocalMachine

upgrade

> winget list --name PowerShell --upgrade-available

system

check current user is admin

references:

  • How to: Tell if a PowerShell script is running as the Administrator

  • Get started with OpenSSH for Windows

  • Universal test for Admin privileges

  • well-known SIDs

    • S-1-5-32-544 : Administrators

    • S-1-5-32-545 : Users

    • S-1-5-32-547 : Power Users

  • Powershell Admin rights dont work in Windows Forms

> (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
True

# or
> $isAdmin = (new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole("Administrators")
> echo $isAdmin
True

# or via SID
> $isAdmin = (new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole(([System.Security.Principal.SecurityIdentifier]"S-1-5-32-544"))
> echo $isAdmin
True

  • or

    $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
if (-not ($currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)))
{
    Write-Warning "This script needs to be running as the administrator."
    Exit 1
}

Write-Host "You are running as the administrator."

  • others

    > echo $currentPrincipal

Identity     : System.Security.Principal.WindowsIdentity
UserClaims   : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: WORKGROUP\marslo,
               http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid:
               S-1-5-21-1801674531-527237240-682003330-164699,
               http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid: S-1-1-0,
               http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid: S-1-2-0...}
DeviceClaims : {}
Claims       : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: WORKGROUP\marslo,
               http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid:
               S-1-5-21-1801674531-527237240-682003330-164699,
               http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid: S-1-1-0,
               http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid: S-1-2-0...}
Identities   : {WORKGROUP\marslo}

maximum path length limitation

references:

  • Maximum Path Length Limitation

  • Overcoming long path problem in Windows/PowerShell

> New-ItemProperty `
      -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" `
      -Name "LongPathsEnabled" `
      -Value 1 `
      -PropertyType DWORD `
      -Force

  • or via modify regedit

    > REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v "LongPathsEnabled" /t REG_DWORD /d 0x00000001 /f

REM .reg
REM Windows Registry Editor Version 5.00
REM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
REM "LongPathsEnabled"=dword:00000001

list installed appx

references:

  • Get-AppxPackage

  • List all installed APPX packages, along with their display names

  • How to view installed apps with PowerShell on Windows 10

> Get-AppxPackage –AllUsers | Select Name, PackageFullName

# or
> winget list

  • or search via keywords

    PS C:\Users\marslo> Get-AppxPackage -Name *edge*
Name              : Microsoft.MicrosoftEdgeDevToolsClient
Publisher         : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture      : Neutral
ResourceId        : neutral
Version           : 1000.19041.1023.0
PackageFullName   : Microsoft.MicrosoftEdgeDevToolsClient_1000.19041.1023.0_neutral_neutral_8wekyb3d8bbwe
InstallLocation   : C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe
IsFramework       : False
PackageFamilyName : Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe
PublisherId       : 8wekyb3d8bbwe
IsResourcePackage : False
IsBundle          : False
IsDevelopmentMode : False
NonRemovable      : True
IsPartiallyStaged : False
SignatureKind     : System
Status            : Ok

# or
> winget list chrome
Name          Id            Version       Source
-------------------------------------------------
Google Chrome Google.Chrome 113.0.5672.93 winget

  • or

    Get-AppxPackage | Get-AppxPackageManifest |
  ForEach-Object {
    $_.Package.Applications.Application.VisualElements.DisplayName
  }

    • or exclude all ms-

      Get-AppxPackage | Get-AppxPackageManifest |
  ForEach-Object {
      $_.Package.Applications.Application.VisualElements.DisplayName
  } | Where-Object {
      $_ -notmatch '^ms'
  }

  • or show name and display name

    $Packages=Get-AppxPackage -PackageTypeFilter Main
$PackageManager = New-Object Windows.Management.Deployment.PackageManager
foreach ($Package in $Packages) {
  Write-Output $Package.PackageFullName
  try {
    $PackageUWP = $PackageManager.FindPackage($Package.PackageFullName)
    Write-Output $PackageUWP.DisplayName
    Write-Output ''
  }
  catch {
    throw
    break
  }
}
Remove-Variable Packages,PackageManager,Package,PackageUWP

install system apps

references:

  • SearchUI.exe Suspended Error on Windows 10 / 11 Fix

  • How to Fix SearchUI.exe Suspended on Windows 10

> Get-AppXPackage -AllUsers | Where-Object {$_.InstallLocation -like "*SystemApps*"} | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

  • repaire all appx

    > Get-AppxPackage Microsoft.Windows.ShellExperienceHost | foreach {Add-AppxPackage -register "$($_.InstallLocation)\appxmanifest.xml" -DisableDevelopmentMode}
> Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

restricted strategy

references:

  • How to fix search problems in Windows 10

  • Fix problems in Windows Search

  • check policy

    > Get-ExecutionPolicy

  • modify policy

    > Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted

  • revert to previous policy

    > Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy <policy>
# i.e.:
> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Restricted

enable pxe on the distribution point

> WDSUTIL.exe /Set-Server /AnswerClients:None

# check macaddress
> (Get-NetAdapter "Ethernet").MacAddress

search

references:

  • Windows 10 - Search bar not allowing me to type

  • Troubleshoot Windows Search performance

> Get-AppXPackage -Name Microsoft.Windows.Search
Name              : Microsoft.Windows.Search
Publisher         : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture      : Neutral
ResourceId        : neutral
Version           : 1.14.9.19041
PackageFullName   : Microsoft.Windows.Search_1.14.9.19041_neutral_neutral_cw5n1h2txyewy
InstallLocation   : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy
IsFramework       : False
PackageFamilyName : Microsoft.Windows.Search_cw5n1h2txyewy
PublisherId       : cw5n1h2txyewy
IsResourcePackage : False
IsBundle          : False
IsDevelopmentMode : False
NonRemovable      : True
IsPartiallyStaged : False
SignatureKind     : System
Status            : Ok

scan health and restore health

> DISM.exe /Online /Cleanup-image /Scanhealth
> DISM.exe /Online /Cleanup-image /Restorehealth

execute searching diagnostic

> msdt -ep WindowsHelp id SearchDiagnostic

defragment the index database

> sc config wsearch start=disabled
> net stop wsearch
> esentutl.exe /d %AllUsersProfile%\Microsoft\Search\Data\Applications\Windows\Windows.edb
> sc config wsearch start=delayed-auto
> net start wsearch

reinstall windows search

> Get-AppXPackage -Name Microsoft.Windows.Search | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

reinstall cortana

> Get-AppXPackage -Name Microsoft.Windows.Cortana | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

reinstall StartMenuExperienceHost

> taskkill /f /im explorer.exe
SUCCESS: The process "explorer.exe" with PID 20256 has been terminated.
> Get-AppXPackage -Name Microsoft.Windows.StartMenuExperienceHost | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
> start explorer

  • status

    PS C:\> Get-AppXPackage -Name Microsoft.Windows.StartMenuExperienceHost                                                                                                                                                                                                                                                                                                                                           Name              : Microsoft.Windows.StartMenuExperienceHost                                                                         Publisher         : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US                                      Architecture      : Neutral
ResourceId        : neutral
Version           : 10.0.19041.1023
PackageFullName   : Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
InstallLocation   : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy
IsFramework       : False
PackageFamilyName : Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy
PublisherId       : cw5n1h2txyewy
IsResourcePackage : False
IsBundle          : False
IsDevelopmentMode : False
NonRemovable      : True
IsPartiallyStaged : False
SignatureKind     : System
Status            : Ok

re-build ShellExperienceHost

> taskkill /f /im explorer.exe
> taskkill /f /im shellexperiencehost.exe
> timeout /t 3 /NOBREAK > nul
> del %localappdata%\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\* /q
> timeout /t 2 /NOBREAK > nul
> start explorer
> @echo on

cortana

install

references:

  • SearchUI.exe Suspended Error on Windows 10 / 11 Fix

  • How to Fix SearchUI.exe Suspended on Windows 10

> Get-AppXPackage -Name Microsoft.Windows.Cortana | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

  • remove the cache

    > RD /S /Q "%LOCALAPPDATA%\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\RoamingState"

remove

> Get-AppxPackage -AllUsers Microsoft.549981C3F5F10
Name                   : Microsoft.549981C3F5F10
Publisher              : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture           : X64
ResourceId             :
Version                : 4.2204.13303.0
PackageFullName        : Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe
InstallLocation        : C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe
IsFramework            : False
PackageFamilyName      : Microsoft.549981C3F5F10_8wekyb3d8bbwe
PublisherId            : 8wekyb3d8bbwe
PackageUserInformation : {S-1-5-21-1801674531-527237240-682003330-164699 [Company\marslo]: Installed}
IsResourcePackage      : False
IsBundle               : False
IsDevelopmentMode      : False
NonRemovable           : False
Dependencies           : {Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe,
                         Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe,
                         Microsoft.VCLibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe,
                         Microsoft.VCLibs.140.00.UWPDesktop_14.0.30704.0_x64__8wekyb3d8bbwe...}
IsPartiallyStaged      : False
SignatureKind          : Store
Status                 : Ok

> Get-AppxPackage -allusers Microsoft.549981C3F5F10 | Remove-AppxPackage

install ssh-agent

references:

  • Get started with OpenSSH for Windows

# check available version
> Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

# install
> Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
> Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

> Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service

  • start service

    # Start the sshd service
Start-Service sshd

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

  • uninstall

    # Uninstall the OpenSSH Client
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Uninstall the OpenSSH Server
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

deploy windows 10 in a test lab using configuration manager

references:

  • Deploy Windows 10 in a test lab using Configuration Managerf

  • prerequisites

    > Install-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ
# download SQLServer
> Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\SQLServer2014SP2-FullSlipstream-x64-ENU.iso
> D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms
# elevated windows powershell
> New-NetFirewallRule -DisplayName "SQL Server" -Direction Inbound -Protocol TCP -LocalPort 1433 -Action allow
> New-NetFirewallRule -DisplayName "SQL Admin Connection" -Direction Inbound -Protocol TCP -LocalPort 1434 -Action allow
> New-NetFirewallRule -DisplayName "SQL Database Management" -Direction Inbound -Protocol UDP -LocalPort 1434 -Action allow
> New-NetFirewallRule -DisplayName "SQL Service Broker" -Direction Inbound -Protocol TCP -LocalPort 4022 -Action allow
> New-NetFirewallRule -DisplayName "SQL Debugger/RPC" -Direction Inbound -Protocol TCP -LocalPort 135 -Action allow
# download ADK : https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install

  • microsoft configuration manager

    > $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
> Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
> Stop-Process -Name Explorer
# download winmgmt (Microsoft Configuration Manager) : https://www.microsoft.com/en-us/evalcenter/evaluate-microsoft-endpoint-configuration-manager

# verify WMI
> Get-Service Winmgmt
Status   Name               DisplayName
------   ----               -----------
Running  Winmgmt            Windows Management Instrumentation

> Test-NetConnection -ComputerName 192.168.0.2 -Port 135 -InformationLevel Detailed
ComputerName             : 192.168.0.2
RemoteAddress            : 192.168.0.2
RemotePort               : 135
AllNameResolutionResults :
MatchingIPsecRules       :
NetworkIsolationContext  : Internet
InterfaceAlias           : Ethernet
SourceAddress            : 192.168.0.2
NetRoute (NextHop)       : 0.0.0.0
PingSucceeded            : True
PingReplyDetails (RTT)   : 0 ms
TcpTestSucceeded         : True

# from bat
> C:\configmgr\SMSSETUP\BIN\X64\extadsch.exe
> adsiedit.msc
…

# re-enable IE Enhanced Security Configuration
> Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1
> Stop-Process -Name Explorer

  • download mdop and install dart

  • prepare for zero touch installation

  • create a boot image for configuration manager

    > Copy-Item -Path "C:\ProgramData\Microsoft\User Account Pictures\user.bmp" -Destination "C:\Sources\OSD\Branding\contoso.bmp"

  • create a windows 10 reference image

    > Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
...

# setup hyper-v host computer
> New-VM -Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
> Set-VMMemory -VMName REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
> Set-VMDvdDrive -VMName REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
> Start-VM REFW10X64-001
> vmconnect localhost REFW10X64-001

  • add a windows 10 os image

    > New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
> cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"

  • create a task sequence

  • finalize the os configuration

  • deploy windows 10 using pxe and configuration manager

    > New-VM -Name "PC4" -NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 40GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
> Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
> Start-VM PC4
> vmconnect localhost PC4

    • deploy PC4

      > New-VM -Name "PC4" -NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
> Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 2048MB -Buffer 20
> Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF

    • open configuration management property

      > control.exe smscfgrc

  • replace a client with windows 10 using configuration manager

IP

  • get network interface (NIC)

    > Get-NetAdapter | Sort-Object -Property MacAddress

  • get ip route

    # ipv4
> Get-NetRoute -AddressFamily IPv4 | Where-Object -FilterScript {$_.NextHop -ne '0.0.0.0'}

# ipv6
> Get-NetRoute -AddressFamily IPv6 | Where-Object -FilterScript {$_.NextHop -ne '::'}

history

[!NOTE|label:references:]

  • PowerShell Command History Forensics

    • Console History File: $env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

    • PSReadLine history File: (Get-PSReadlineOption).HistorySavePath

  • ConsoleHost_history.pdf

  • PowerShell History File

  • info

    > Get-PSReadLineOption | select -ExpandProperty HistorySavePath
C:\Users\marslo\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

# or
> (Get-PSReadlineOption).HistorySaveStyle
SaveIncrementally
> (Get-PSReadlineOption).HistoryNoDuplicates
True
> (Get-PSReadlineOption).MaximumHistoryCount
4096
> (Get-PSReadlineOption).HistorySavePath
C:\Users\marslo\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

# list history with timeline
> Get-History | Format-List -Property *

  • backup

    > Get-Content (Get-PSReadlineOption).HistorySavePath > D:\PowerShellHistory.txt

  • search in history

    > Select-String '..keywords..' (Get-PSReadlineOption).HistorySavePath

  • rename

    > rename-item -path $env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt -newname ConsoleHost_history_before.txt

  • remove

    > remove-item -force -path $env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

  • clear history

    > Set-PSReadlineOption -HistorySaveStyle SaveNothing
> Set-PSReadlineOption -HistorySaveStyle SaveIncrementally

# or
> Clear-History
> Clear-History -count 1 -newest
> Clear-History -CommandLine *set-ad*

  • add history

    > Get-History | Export-Clixml -Path C:\Users\marslo\commands_hist.xml
> Add-History -InputObject (Import-Clixml -Path C:\Users\marslo\commands_hist.xml)

# automatic import
> $HistFile = Join-Path ([Environment]::GetFolderPath('UserProfile')) .ps_history
> Register-EngineEvent PowerShell.Exiting -Action { Get-History | Export-Clixml $HistFile } | out-null
> if (Test-path $HistFile) { Import-Clixml $HistFile | Add-History }

modules

[!NOTE|label:references:]

  • PowerShell Gallery

    • DockerProvider

    • Difference between Docker from DockerProvider and DockerMsftProvider

  • Get-InstalledModule

  • Get-Module

list installed modules

[!NOTE|label:references:]

  • powershell 自定义tab键下拉菜单智能提示

> Get-InstalledModule

Version    Name                                Repository           Description
-------    ----                                ----------           -----------
1.13.0     7Zip4Powershell                     PSGallery            Powershell module for creating and extracting...
1.6.3133.0 Microsoft.WinGet.Client             PSGallery            PowerShell Module for the Windows Package Man...
2.3.4      PSReadLine                          PSGallery            Great command line editing in the PowerShell ...
1.0.1      PSWriteColor                        PSGallery            Write-Color is a wrapper around Write-Host al...
2.2.16     VSSetup                             PSGallery            Visual Studio Setup PowerShell Module
0.5.2      WebKitDev                           PSGallery            PowerShell scripts for WebKit development on ...

get package source

> Get-PackageSource -ProviderName DockerMsftProvider
Name                             ProviderName     IsTrusted  Location
----                             ------------     ---------  --------
DockerDefault                    DockerMsftPro... False      https://go.microsoft.com/fwlink/?LinkID=825636&clcid=0x409

> Get-PackageSource
Name                             ProviderName     IsTrusted  Location
----                             ------------     ---------  --------
PSGallery                        PowerShellGet    False      https://www.powershellgallery.com/api/v2
DockerDefault                    DockerMsftPro... False      https://go.microsoft.com/fwlink/?LinkID=825636&clcid=0x409

PSReadLine

[!NOTE|label:references:]

  • Getting started with the PSReadLine module for PowerShell

  • keys:

  • install

    > Install-Module PSReadLine
# or
> Install-Module PSReadLine -RequiredVersion 2.1.0

> Import-Module PSReadLine
> Set-PSReadLineOption -PredictionSource History
# or
> Set-PSReadLineOption -PredictionSource HistoryAndPlugin
# change execution policy if necessary
> Set-ExecutionPolicy RemoteSigned

  • configure

    [!TIP|label:references:]

    • PSReadLine/PSReadLine/SamplePSReadLineProfile.ps1

    # check profile
> Test-path $profile
# create profile file if necessary
> New-item –type file –force $profile
# edit profile
> notepad $profile

> cat $profile
# or
> cat %USERPROFILE%\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
# or
> cat %USERPROFILE%\Documents\PowerShell\Microsoft.PowerShell_profile.ps1

# shows navigable menu of all options when hitting tab
Set-PSReadlineKeyHandler -Key Tab -Function MenuComplete

# autocompletion for arrow keys
Set-PSReadlineKeyHandler -Key UpArrow -Function HistorySearchBackward
Set-PSReadlineKeyHandler -Key DownArrow -Function HistorySearchForward

# auto suggestions
Import-Module PSReadLine
Set-PSReadLineOption -PredictionSource History

# emaics mode
Set-PSReadLineOption -EditMode Emacs
# Set-PSReadLineKeyHandler -Key Ctrl+p -Function HistorySearchBackward
# Set-PSReadlineKeyHandler -Key Ctrl+n -Function HistorySearchForward
# Set-PSReadLineKeyHandler -Key Ctrl+u -Function RevertLine

    • setup candidate color

      > Set-PSReadLineOption -Colors @{emphasis = '#ff0000'; inlinePrediction = 'magenta'}

  • get info

    > Get-PSReadLineKeyHandler
> Get-PSReadLineOption

# get value
> echo (Get-PSReadlineOption).HistorySavePath
C:\Users\marslo\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
# or
> Test-Path ((Get-PSReadlineOption).HistorySavePath)
True

scripts

[!NOTE|label:references:]

  • Windows Server 2019 - Scripting and Sharing

  • * MicrosoftDockerProvider/DockerMsftProvider.psm1

  • * Install-DockerCE/install-docker-ce.ps1

  • * install_docker_msft.ps1

  • * install_docker_windows_server.ps1

  • * windows-tools-installation.md

    • git_install.ps1)

    • docker_install.ps1

    • golang_install.ps1

    • tcpdump_install.ps1

    • sshd_manage.ps1

environment variable

  • setup proxy

    > [Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://username:password@proxy:port/", [EnvironmentVariableTarget]::Machine)

timezone

[!NOTE|label:references:]

  • Virtualized time zone

  • get timezone

    > tzutil /g
Dateline Standard Time
    > Get-TimeZone
Id                         : Dateline Standard Time
DisplayName                : (UTC-12:00) International Date Line West
StandardName               : Dateline Standard Time
DaylightName               : Dateline Daylight Time
BaseUtcOffset              : -12:00:00
SupportsDaylightSavingTime : False

  • modify timezone

    > tzutil /s "Samoa Standard Time"
> tzutil /g

setup powershell startup

# 引入 posh-git
Import-Module posh-git

# 引入 oh-my-posh
Import-Module oh-my-posh

# 引入 ps-read-line
Import-Module PSReadLine

# 设置 PowerShell 主题
Set-PoshPrompt -Theme gmay
#------------------------------- Import Modules END   -------------------------------

#-------------------------------  Set Hot-keys BEGIN  -------------------------------
# 设置预测文本来源为历史记录
Set-PSReadLineOption -PredictionSource History

# 每次回溯输入历史,光标定位于输入内容末尾
Set-PSReadLineOption -HistorySearchCursorMovesToEnd

# 设置 Tab 为菜单补全和 Intellisense
Set-PSReadLineKeyHandler -Key "Tab" -Function MenuComplete

# 设置 Ctrl+d 为退出 PowerShell
Set-PSReadlineKeyHandler -Key "Ctrl+d" -Function ViExit

# 设置 Ctrl+z 为撤销
Set-PSReadLineKeyHandler -Key "Ctrl+z" -Function Undo

# 设置向上键为后向搜索历史记录
Set-PSReadLineKeyHandler -Key UpArrow -Function HistorySearchBackward

# 设置向下键为前向搜索历史纪录
Set-PSReadLineKeyHandler -Key DownArrow -Function HistorySearchForward
#-------------------------------  Set Hot-keys END    -------------------------------

#-------------------------------    Functions BEGIN   -------------------------------
# Python 直接执行
$env:PATHEXT += ";.py"

# 更新系统组件
function Update-Packages {
  # update pip
  Write-Host "Step 1: 更新 pip" -ForegroundColor Magenta -BackgroundColor Cyan
  $a = pip list --outdated
  $num_package = $a.Length - 2
  for ($i = 0; $i -lt $num_package; $i++) {
    $tmp = ($a[2 + $i].Split(" "))[0]
    pip install -U $tmp
  }

  # update TeX Live
  $CurrentYear = Get-Date -Format yyyy
  Write-Host "Step 2: 更新 TeX Live" $CurrentYear -ForegroundColor Magenta -BackgroundColor Cyan
  tlmgr update --self
  tlmgr update --all

  # update Chocolotey
  Write-Host "Step 3: 更新 Chocolatey" -ForegroundColor Magenta -BackgroundColor Cyan
  choco outdated
}
#-------------------------------    Functions END     -------------------------------

#-------------------------------   Set Alias BEGIN    -------------------------------
# 1. 编译函数 make
function MakeThings {
  nmake.exe $args -nologo
}
Set-Alias -Name make -Value MakeThings

# 2. 更新系统 os-update
Set-Alias -Name os-update -Value Update-Packages

# 3. 查看目录 ls & ll
function ListDirectory {
  (Get-ChildItem).Name
  Write-Host("")
}
Set-Alias -Name ls -Value ListDirectory
Set-Alias -Name ll -Value Get-ChildItem

# 4. 打开当前工作目录
function OpenCurrentFolder {
  param
  (
    # 输入要打开的路径
    # 用法示例:open C:\
    # 默认路径:当前工作文件夹
    $Path = '.'
  )
  Invoke-Item $Path
}
Set-Alias -Name open -Value OpenCurrentFolder
#-------------------------------    Set Alias END     -------------------------------

#-------------------------------   Set Network BEGIN    -------------------------------
# 1. 获取所有 Network Interface
function Get-AllNic {
  Get-NetAdapter | Sort-Object -Property MacAddress
}
Set-Alias -Name getnic -Value Get-AllNic

# 2. 获取 IPv4 关键路由
function Get-IPv4Routes {
  Get-NetRoute -AddressFamily IPv4 | Where-Object -FilterScript {$_.NextHop -ne '0.0.0.0'}
}
Set-Alias -Name getip -Value Get-IPv4Routes

# 3. 获取 IPv6 关键路由
function Get-IPv6Routes {
  Get-NetRoute -AddressFamily IPv6 | Where-Object -FilterScript {$_.NextHop -ne '::'}
}
Set-Alias -Name getip6 -Value Get-IPv6Routes

step-by-step guide to setup two-tier pki environment

# Setup Standalone Root CA
> Add-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools
> Install-ADcsCertificationAuthority -CACommonName “REBELAdmin Root CA” -CAType StandaloneRootCA -CryptoProviderName “RSA#Microsoft Software Key Storage Provider” -HashAlgorithmName SHA256 -KeyLength 2048 -ValidityPeriod Years -ValidityPeriodUnits 20

# DSConfigDN
> certutil.exe –setreg ca\DSConfigDN CN=Configuration,DC=rebeladmin,DC=com

# CDP Location
> Install-WindowsFeature Web-WebServer -IncludeManagementTools

# for virtual directory
> mkdir C:\CertEnroll
> New-smbshare -name CertEnroll C:\CertEnroll -FullAccess SYSTEM,"rebeladmin\Domain Admins" -ChangeAccess "rebeladmin\Cert Publishers"

# publish the CDP settings
> certutil -setreg CA\CRLPublicationURLs "1:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl \n10:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10\n2:http://crt.rebeladmin.com/CertEnroll/%3%8%9.crl"

# AIA Location (Authority Information Access)
> certutil -setreg CA\CACertPublicationURLs "1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11\n2:http://crt.rebeladmin.com/CertEnroll/%1_%3%4.crt"

# CA Time Limits
> certutil -setreg ca\ValidityPeriod "Years"
> certutil -setreg ca\ValidityPeriodUnits 10

# CRL Time Limits
> Certutil -setreg CA\CRLPeriodUnits 13
> Certutil -setreg CA\CRLPeriod "Weeks"
> Certutil -setreg CA\CRLDeltaPeriodUnits 0
> Certutil -setreg CA\CRLOverlapPeriodUnits 6
> Certutil -setreg CA\CRLOverlapPeriod "Hours"

> Restart-Service certsvc

# New CRL
> certutil -crl

  • Publish Root CA Data in to Active Directory

    > certutil –f –dspublish "REBEL-CRTROOT_REBELAdmin Root CA.crt" RootCA
> certutil –f –dspublish "REBELAdmin Root CA.crl"

  • Setup Issuing CA

    > Add-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools
> Add-WindowsFeature ADCS-web-enrollment
> Install-ADcsCertificationAuthority -CACommonName “REBELAdmin IssuingCA” -CAType EnterpriseSubordinateCA -CryptoProviderName “RSA#Microsoft Software Key Storage Provider” -HashAlgorithmName SHA256 -KeyLength 2048
> Install-ADCSwebenrollment

  • Issue Certificate for Issuing CA

    > certreq -submit "REBEL-CA1.rebeladmin.com_REBELAdmin IssuingCA.req"

    • go to Server Manager > Tools > Certificate Authority > Pending Certificates and the right click on the certificate > All Tasks > Issue

    • export

      > certreq -retrieve 2 "C:\REBEL-CA1.rebeladmin.com_REBELAdmin_IssuingCA.crt"
> Certutil –installcert "C:\REBEL-CA1.rebeladmin.com_REBELAdmin_IssuingCA.crt"
> start-service certsvc

  • Post Configuration Tasks

    # CDP Location
> certutil -setreg CA\CRLPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%3%8%9.crl\n2:http://crt.rebeladmin.com/CertEnroll/%3%8%9.crl\n3:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10"

# AIA Location
> certutil -setreg CA\CACertPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%1_%3%4.crt\n2:http://crt.rebeladmin.com/CertEnroll/%1_%3%4.crt\n3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11"

# CA and CRL Time Limits
> certutil -setreg CA\CRLPeriodUnits 7
> certutil -setreg CA\CRLPeriod “Days”
> certutil -setreg CA\CRLOverlapPeriodUnits 3
> certutil -setreg CA\CRLOverlapPeriod “Days”
> certutil -setreg CA\CRLDeltaPeriodUnits 0
> certutil -setreg ca\ValidityPeriodUnits 3
> certutil -setreg ca\ValidityPeriod “Years”

> Restart-Service certsvc
> certutil -crl

    • run PKIView.msc to verify the configuration.

PreviouswindowsNextchoco

Last updated 1 year ago

Was this helpful?

F2: list all candidates

check current permissions
powershell psreadline