Powershell Useful Commands

Import Web Admin Module

Import-Module WebAdministration

Default IIS Log Directory

(Get-WebConfigurationProperty '/system.applicationHost/sites/siteDefaults' -Name 'logfile.directory').Value

Get All Websites on The IIS

PS>Get-WebSite

Name             ID   State      Physical Path                  Bindings

----             --   -----      -------------                  --------

mypool              2    Stopped    E:\mypool                         http *:80:

                                                                https *:443: sslFlags=0

mypoolpoc           3    Started    e:\mypoolPoc                      http *:80:

OR

# To show configured IIS sites:

# -----------------------------------------------------------------------------

Get-ChildItem IIS:\Sites

Stop Website

PS> Stop-WebSite -Name "mysite"

Start Website

PS> Start-WebSite -Name 'mysite'

Invoke URL

PS>Invoke-WebRequest -URI http://localhost

Telnet

PS> Test-NetConnection <SERVERNAME> -Port <PORT>

Tail File

PS> Get-Content  .\error.log -Tail 2 –Wait

Last 10 reboot

PS> Get-WinEvent -FilterHashtable @{logname = 'System'; id = 1074, 6005, 6006, 6008} -MaxEvents 8 | Format-Table -wrap

Install IIS Server

Install-WindowsFeature -name Web-Server -IncludeManagementTools

IIS Server Version

Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp\ | Select-Object

[System.Diagnostics.FileVersionInfo]::GetVersionInfo(“C:\Windows\system32\notepad.exe”).FileVersion

reg query HKLM\SOFTWARE\Microsoft\InetStp\

Windows Server

(Get-WmiObject -class Win32_OperatingSystem).Caption

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Share Folder with Multiple Users

net share GlobalScape=E:\Globalscape /grant:"DOMAIN\ADGROUP",FULL  /grant:"DOMAIN\USERNAME",FULL

Get Permission on the Folder

Get-SmbShareAccess -Name "Globalscape"

(Get-Acl -Path \\HOSTNAME\GLOBALSCAPE).Access | Format-Table -AutoSize

Change Permission on the Folder

(Get-ACL -Path .\Certificates\).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

$ACL = Get-ACL -Path ".\Certificates"

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("username","FullControl","Allow")

$ACL.SetAccessRule($AccessRule)

$ACL | Set-Acl -Path ".\Certificates"

(Get-ACL -Path ".\Certificates").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

Remove Permission on the Folder

$ACL = Get-Acl -Path ".\sample.txt"

$ACL.SetAccessRuleProtection($true,$false)

$ACL | Set-Acl -Path ".\sample.txt"

(Get-ACL -Path ".\sample.txt").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

$ACL = Get-ACL -Path ".\sample.txt"

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators","FullControl","Allow")

$ACL.RemoveAccessRule($AccessRule)

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")

$ACL.RemoveAccessRule($AccessRule)

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Users","ReadAndExecute, Synchronize","Allow")

$ACL.RemoveAccessRule($AccessRule)

$ACL | Set-Acl -Path ".\sample.txt"

(Get-ACL -Path ".\sample.txt").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

$ACL = Get-ACL -Path ".\sample.txt"

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")

$ACL.RemoveAccessRule($AccessRule)

$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Users","ReadAndExecute, Synchronize","Allow")

$ACL.RemoveAccessRule($AccessRule)

$ACL | Set-Acl -Path ".\sample.txt"

(Get-ACL -Path ".\sample.txt").Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize

Unzip the .zip file:

PS E:\Program Files\Java> Expand-Archive -Force jdk1.8.0_271.zip .\jre-8u271-windows-x64.tar\

Get Powershell Version

Get-Host | Select-Object Version

RAM Size

([Math]::Round(((Get-WmiObject -Class Win32_ComputerSystem).TotalPhysicalMemory/1GB),0))

CPU

Get-WmiObject -Class Win32_Processor | Select-Object -Property Name, Number*

Show Certificates

Get-ChildItem -Path Cert:\LocalMachine\Root

Import Certificates

Import-Certificate -FilePath "E:\Maintenance\wsctt.pem" -CertStoreLocation Cert:\LocalMachine\Root

Delete Service

(Get-Service).where({$_.Name -like 'wpnuserservice*'}) | Select-Object -Property *

$service = Get-WmiObject -Class Win32_Service -Filter "Name='servicename'"

$service.delete()

Get  IIS Application Pool Identity Account Passwords in Clear Text

Method#1:

Get-CimInstance -Namespace root/MicrosoftIISv2 -ClassName IIsApplicationPoolSetting -Property Name, WAMUserName, WAMUserPass | select Name, WAMUserName, WAMUserPass

If errors out then run

Add-WindowsFeature Web-WMI | Format-List

Method#2:

$appPools = Get-WebConfiguration -Filter '/system.applicationHost/applicationPools/add'

foreach($appPool in $appPools)

{

if($appPool.ProcessModel.identityType -eq "SpecificUser")

{

Write-Host $appPool.Name -ForegroundColor Green -NoNewline

Write-Host " -"$appPool.ProcessModel.UserName"="$appPool.ProcessModel.Password

}

}

Install Module Offline

On Local Machine:

Save-Module IISAdministration -Path \\HOSTNAME\E$\Maintenance -Repository PSGallery

On Server:

cd "C:\Program Files\WindowsPowerShell\Modules"

Copy-Item E:\Maintenance\IISAdministration -Destination .\ -Recurse

Import-Module IISAdministration

Get-Module IISAdministration

Test HTTPS URL

Enable TLS1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Ignore Certificate

if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)

{

$certCallback = @"

    using System;

    using System.Net;

    using System.Net.Security;

    using System.Security.Cryptography.X509Certificates;

    public class ServerCertificateValidationCallback

    {

        public static void Ignore()

        {

            if(ServicePointManager.ServerCertificateValidationCallback ==null)

            {

                ServicePointManager.ServerCertificateValidationCallback +=

                    delegate

                    (

                        Object obj,

                        X509Certificate certificate,

                        X509Chain chain,

                        SslPolicyErrors errors

                    )

                    {

                        return true;

                    };

            }

        }

    }

"@

    Add-Type $certCallback

 }

[ServerCertificateValidationCallback]::Ignore()

Execute the command

Invoke-WebRequest -URI https://localhost:8443 -UseBasicParsing

Get AppPool Recycling Settings

$ConfigSection = Get-IISConfigSection -SectionPath "system.applicationHost/applicationPools"

$SitesCollection = Get-IISConfigCollection -ConfigElement $ConfigSection

$Site = Get-IISConfigCollectionElement -ConfigCollection $SitesCollection -ConfigAttribute @{"name" = "myapppool"}

$recycling = Get-IISConfigElement -ConfigElement $Site -ChildElementName "recycling"

$flags = $recycling.Attributes["logEventOnRecycle"].Value

$onRecycle = @{

'Time' = [bool]($flags -band 1) # Specific Time

'Requests' = [bool]($flags -band 2) # Request Limit Exceeded

'Schedule' = [bool]($flags -band 4) # Regular Time Interval

'Memory' = [bool]($flags -band 8) # Virtual Memory Limit Exceeded

'IsapiUnhealthy' = [bool]($flags -band 16) # Isapi Reported Unhealthy

'OnDemand' = [bool]($flags -band 32) # Manual Recycle

'ConfigChange' = [bool]($flags -band 64) # Application Pool Configuration Changed

'PrivateMemory' = [bool]($flags -band 128) # Private Memory Limit Exceeded

}

$onRecycle

Find files modified in last 21 days

$days_to_check=$(Get-Date).AddDays(-21)

Get-ChildItem E:\Inetpub\*.* -Recurse | where { $_.LastWriteTime -gt $days_to_check } | Foreach {

"File Name: " + $_.Name

Web Module Installed on IIS

PS> Get-WebGlobalModule

Get Scheduled Task Details

PS> Get-ScheduledTask -TaskName VU* | Format-Table State, TaskName, Triggers

State TaskName Triggers
----- -------- --------
Ready VU_AUTO_FileXfer_Daily {MSFT_TaskDailyTrigger}

PS> Get-ScheduledTask -TaskName VU* | Get-ScheduledTaskInfo | Format-Table TaskName, LastRuntime, NextRuntime

TaskName LastRuntime NextRuntime
-------- ----------- -----------
VU_AUTO_FileXfer_Daily 8/10/2021 12:00:00 PM 8/11/2021 12:00:00 PM

Ansible Installation using non-root user on Linux

Install required RPMs:

yum install gcc*

yum install zlib

yum install zlib-devel

yum install perl

yum install libffi-*

Install OpenSSL using source code:

Download OpenSSL and unzip it. 

Change directory to openssl and execute the below commands.

$ cd openssl-1.1.1i

$ ./config --prefix=/app/openssl --openssldir=/app/openssl

Operating system: x86_64-whatever-linux2

Configuring OpenSSL version 1.1.1i (0x1010109fL) for linux-x86_64

Using os-specific seed configuration

Creating configdata.pm

Creating Makefile

**********************************************************************

*** ***

*** OpenSSL has been successfully configured ***

*** ***

*** If you encounter a problem while building, please open an ***

*** issue on GitHub <https://github.com/openssl/openssl/issues> ***

*** and include the output from the following command: ***

*** ***

*** perl configdata.pm --dump ***

*** ***

*** (If you are new to OpenSSL, you might want to consult the ***

*** 'Troubleshooting' section in the INSTALL file first) ***

*** ***

**********************************************************************

$ make prefix=/app/openssl

.

.

.

chmod a+x tools/c_rehash

/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \

"-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh"

chmod a+x util/shlib_wrap.sh

make[1]: Leaving directory `/app/software/openssl-1.1.1i'

rm -f test/x509aux

${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \

-o test/x509aux test/x509aux.o \

test/libtestutil.a -lcrypto -ldl -pthread

make[1]: Leaving directory `/app/software/openssl-1.1.1i'

$ make install prefix=/app/openssl

.

.

.

/app/openssl/share/doc/openssl/html/man7/des_modes.html

/app/openssl/share/doc/openssl/html/man7/evp.html

/app/openssl/share/doc/openssl/html/man7/ossl_store-file.html

/app/openssl/share/doc/openssl/html/man7/ossl_store.html

/app/openssl/share/doc/openssl/html/man7/passphrase-encoding.html

/app/openssl/share/doc/openssl/html/man7/proxy-certificates.html

/app/openssl/share/doc/openssl/html/man7/scrypt.html

/app/openssl/share/doc/openssl/html/man7/ssl.html

/app/openssl/share/doc/openssl/html/man7/x509.html

$ export LD_LIBRARY_PATH=/app/openssl/lib

$ export PATH=/app/openssl/bin:$PATH

Install Python using source code:

$ cd /app/software/Python-3.9.1/Modules

Update openssl location in Setup file as shown below

$ vi Setup

#SSL=/usr/local/ssl

SSL=/app/openssl

_ssl _ssl.c \

-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \

-L$(SSL)/lib -lssl -lcrypto

$ cd ..

$ ./configure --prefix=/app/python --with-openssl=/app/openssl

.

.

.

checking whether compiling and linking against OpenSSL works... no

checking for --with-ssl-default-suites... python

checking for --with-builtin-hashlib-hashes... md5,sha1,sha256,sha512,sha3,blake2

configure: creating ./config.status

config.status: creating Makefile.pre

config.status: creating Misc/python.pc

config.status: creating Misc/python-embed.pc

config.status: creating Misc/python-config.sh

config.status: creating Modules/ld_so_aix

config.status: creating pyconfig.h

creating Modules/Setup.local

creating Makefile

If you want a release build with all stable optimizations active (PGO, etc),

please run ./configure --enable-optimizations

$ make

Python build finished successfully!

The necessary bits to build these optional modules were not found:

_bz2 _curses _curses_panel

_dbm _gdbm _lzma

_sqlite3 _tkinter _uuid

readline

To find the necessary bits, look in setup.py in detect_modules() for the module's name.

The following modules found by detect_modules() in setup.py, have been

built by the Makefile instead, as configured by the Setup files:

_abc _ssl atexit

pwd time

running build_scripts

copying and adjusting /app/software/Python-3.9.1/Tools/scripts/pydoc3 -> build/scripts-3.9

copying and adjusting /app/software/Python-3.9.1/Tools/scripts/idle3 -> build/scripts-3.9

copying and adjusting /app/software/Python-3.9.1/Tools/scripts/2to3 -> build/scripts-3.9

changing mode of build/scripts-3.9/pydoc3 from 644 to 755

changing mode of build/scripts-3.9/idle3 from 644 to 755

changing mode of build/scripts-3.9/2to3 from 644 to 755

renaming build/scripts-3.9/pydoc3 to build/scripts-3.9/pydoc3.9

renaming build/scripts-3.9/idle3 to build/scripts-3.9/idle3.9

renaming build/scripts-3.9/2to3 to build/scripts-3.9/2to3-3.9

gcc -pthread -Xlinker -export-dynamic -o Programs/_testembed Programs/_testembed.o libpython3.9.a -lcrypt -lpthread -ldl -lutil -lm -L/app/openssl/lib -lssl -lcrypto -lm

sed -e "s,@EXENAME@,/app/python/bin/python3.9," < ./Misc/python-config.in >python-config.py

LC_ALL=C sed -e 's,\$(\([A-Za-z0-9_]*\)),\$\{\1\},g' < Misc/python-config.sh >python-config

$ make --prefix=/app/python install

Looking in links: /tmp/tmpxpcao9pg

Processing /tmp/tmpxpcao9pg/setuptools-49.2.1-py3-none-any.whl

Processing /tmp/tmpxpcao9pg/pip-20.2.3-py2.py3-none-any.whl

Installing collected packages: setuptools, pip

WARNING: The script easy_install-3.9 is installed in '/app/python/bin' which is not on PATH.

Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.

WARNING: The scripts pip3 and pip3.9 are installed in '/app/python/bin' which is not on PATH.

Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.

Successfully installed pip-20.2.3 setuptools-49.2.1

Update .bashrc and add Python path:

export LD_LIBRARY_PATH=/app/openssl/lib

export PATH=/app/openssl/bin:/app/python/bin:$PATH

Download and install below python modules:

Install setuptools

$ cd setuptools-53.0.0

$ python3 setup.py install --prefix=/app/python/

Install pycryptodome

$ cd pycryptodome-3.9.9

$ python3 setup.py install --prefix=/app/python/

Install pycparser

$ cd pycparser-2.20

$ python3 setup.py install --prefix=/app/python/

Install cffi

$ cd cffi-1.14.4

$ python3 setup.py install --prefix=/app/python/

Install pyparsing

$ cd pyparsing-2.4.7

$ python3 setup.py install --prefix=/app/python/

Install packaging

$ cd packaging-20.9

$ python3 setup.py install --prefix=/app/python/

Install setuptools_scm

$ cd setuptools_scm-5.0.1

$ python3 setup.py install --prefix=/app/python/

Install wheel

$ cd wheel-0.36.2

$ python3 setup.py install --prefix=/app/python/

Install toml

$ cd toml-0.10.2

$ python3 setup.py install --prefix=/app/python/

Install semantic_version

$ cd semantic_version-2.8.5

$ python3 setup.py install --prefix=/app/python/

Install setuptools_rust

$ cd setuptools-rust-0.11.6

$ python3 setup.py install --prefix=/app/python/

Install MarkupSafe

$ pip3 install MarkupSafe-1.1.1-cp39-cp39-manylinux2010_x86_64.whl

Install pyYAML

$ pip3 install PyYAML-5.4.1-cp39-cp39-manylinux1_x86_64.whl

Install Jinja2

$ pip3 install Jinja2-2.11.3-py2.py3-none-any.whl

Install cryptography

$ pip3 install cryptography-3.4.2-cp36-abi3-manylinux2014_x86_64.whl

Install ansible-base

$ cd ansible-base-2.10.5

$ python3 setup.py install --prefix=/app/python/

Using /app/python/lib/python3.9/site-packages

Finished processing dependencies for ansible-base==2.10.5

Install ansible

$ cd ansible-2.10.6

$ python3 setup.py install --prefix=/app/python/

Using /app/python/lib/python3.9/site-packages

Finished processing dependencies for ansible==2.10.6

Install six

$ cd six-1.15.0

$ python3 setup.py install --prefix=/app/python/

Install ntlm_auth

$ cd ntlm-auth-1.5.0

$ python3 setup.py install --prefix=/app/python/

Install certifi

$ cd certifi-2020.12.5

$ python3 setup.py install --prefix=/app/python/

Install urllib3

$ cd urllib3-1.26.3

$ python3 setup.py install --prefix=/app/python/

Install idna

$ cd idna-2.10

$ python3 setup.py install --prefix=/app/python/

Install chardet

$ cd chardet-4.0.0

$ python3 setup.py install --prefix=/app/python/

Install requests

$ cd requests-2.25.1

$ python3 setup.py install --prefix=/app/python/

Install requests_ntlm3

$ cd requests_ntlm3-6.1.3b1

$ python3 setup.py install --prefix=/app/python/

Install requests_ntlm

$ cd requests_ntlm-1.1.0

$ python3 setup.py install --prefix=/app/python/

Install xmltodict

$ cd xmltodict-0.12.0

$ python3 setup.py install --prefix=/app/python/

Install pywinrm

$ cd pywinrm2-0.0.0

$ python3 setup.py install --prefix=/app/python/

$ ansible --version

ansible 2.10.5

config file = None

configured module search path = ['/home/cipamgr/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

ansible python module location = /app/python/lib/python3.9/site-packages/ansible_base-2.10.5-py3.9.egg/ansible

executable location = /app/python/bin/ansible

python version = 3.9.1 (default, Feb 9 2021, 00:46:54) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]