« Previous 1 2
The Strength of PowerShell
Running Commands on Remote Computers
You do have the ability, via PowerShell, to run commands on remote computers that have non-interactive output to the screen. For example, if you want to see a quick NETSTAT on a system, you can do so by issuing the command:
PS C:\Users\khess> Invoke-Command { netstat } -ComputerName XENAPP0 Active Connections Proto Local Address Foreign Address State TCP 192.168.1.91:445 KEN:34268 ESTABLISHED TCP 192.168.1.91:5985 KEN:34534 ESTABLISHED TCP 192.168.1.91:5985 KEN:34535 ESTABLISHED
Or, check the TCP/IP configuration:
PS C:\Users\khess> Invoke-Command { ipconfig /all } -ComputerName XENAPP0 Windows IP Configuration Host Name . . . . . . . . . . . . : XENAPP0 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Ethernet adapter Local Area Connection 4: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Citrix PV Ethernet Adapter Physical Address. . . . . . . . . : 5A-65-68-CB-55-BA DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.91(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Friday, April 13, 2012 10:55:02 AM Lease Expires . . . . . . . . . . : Monday, April 23, 2012 10:55:02 AM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled
If you try launching a CMD window using this method, you’ll understand what happens when you attempt to run an interactive application.
PS C:\> Invoke-Command { cmd } -ComputerName XENAPP0 Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\khess\Documents> <--Remote system directory. C:\> <--Local system prompt.
The CMD did launch but died on the remote system, and you received screen output from the results of that launch.
If you’re familiar with the PsTools suite, now owned by Microsoft, the PsExec command performs a similar function, as do these commands in PowerShell: You launch a command on a remote system in a non-interactive way; you send the command; and you receive a response. There is a way to carry on an interactive PowerShell session but that’s the topic of a future post.
I hope that you can see the potential for PowerShell in your environment. Be aware that systems in a domain act differently from those in a standalone environment. Administrators might have to make domain-wide policy changes to allow remote management on systems. PowerShell and remote management are System Administrator tools and aren’t necessarily inherent security risks, but you might have a difficult time ahead of you when you plead your case to your Security team.
Normal users (those without Local Administrator or Domain Administrator privileges) can’t run these commands. PowerShell has security checks built in to it so that non-Administrator staff can’t issue system-changing commands and wreak havoc in your environment. Keep practicing, and next time, I’ll look at gathering information from multiple systems.
[Part 3]
« Previous 1 2