Auditing with PowerShell

 

Windows PowerShell is a new Windows command-line shell designed especially for system administrators. PowerShell includes an interactive prompt and a scripting environment that can be used independently or in combination.

Unlike most shells, which accept and return text, Windows PowerShell is built on top of the .NET Framework. This makes an entirely new set of tools and methods available to manage Windows systems, and these tools are also available to auditors.

Windows PowerShell introduces the concept of a cmdlet, a simple, single-function command-line tool built into the shell. You can use each cmdlet separately, but their power is increased when you use these simple tools in combination to perform complex tasks. Windows PowerShell includes more than one hundred basic core cmdlets, and you can write your own cmdlets to extend the power and flexibility of the language.

Like many shells, Windows PowerShell gives you access to the file system on the computer. In addition, Windows PowerShell providers enable you to access other data stores, such as the registry and the digital signature certificate stores, as easily as you access the file system.  Other PowerShell extensions allow you to manage any strategic Microsoft system including SQL Server, Exchange, SharePoint and Active Directory.  PowerShell can also be used to manage Microsoft's Hyper-V and VMware's Vsphere.

In this practical course, you will learn how to use PowerShell to extract audit data from a range of operating systems and business environments, how to use PowerShell's existing features, and how to create your own audit PowerShell scripts.

Suggested duration: 1 day, but can be customised to your requirements.

Agenda

What is PowerShell?

How to deploy PowerShell on a Windows system - what's required?

Using PowerShell for the first time - getting help

Basic PowerShell control constructs

The PowerShell object model and how to use it

The built-in cmdlets and what they can do

Accessing the Windows file system

Accessing the Registry

Listing Windows services

Accessing patch/hotfix information

Accessing Active Directory

PowerShell scripts

Script security - setting Execution Policy

Designing PowerShell scripts for audit data extraction

  • Basic Windows information
  • Active Directory reporting
  • SQL Server auditing
  • Exchange and SharePoint
  • Hyper-V and VSphere

Third-party PowerShell tools and cmdlets