{"id":2123,"date":"2017-03-03T18:29:57","date_gmt":"2017-03-03T18:29:57","guid":{"rendered":"http:\/\/blog.paranoidprofessor.com\/?p=2123"},"modified":"2017-03-08T16:31:19","modified_gmt":"2017-03-08T16:31:19","slug":"windows-scripting-sucks-or-does-it","status":"publish","type":"post","link":"https:\/\/blog.paranoidprofessor.com\/index.php\/2017\/03\/03\/windows-scripting-sucks-or-does-it\/","title":{"rendered":"Windows scripting sucks or does it?"},"content":{"rendered":"

I am not a fan of the big MS. \u00a0It started a long time ago when my funds were limited and I simply couldn’t afford to keep up with the MS upgrade schedule. \u00a0Not\u00a0all of their software back in the day, in my opinion, was all that great. \u00a0I went cold turkey on as many of the MS products that I could.<\/p>\n

There is a lot of open source software that could fill in the empty spots for me and since then most of my work life was on Unix which led to joys of shell scripting (ksh,bash,csh)<\/p>\n

I love Unix shell scripting because the shell is basically just the glue to tie together a lot of small command line utilities which makes it easy to create and add extra commands, and Unix has a lot of command line tools. \u00a0Windows, at that time, had a very weak batch scripting language and a limited number interesting command line commands.<\/p>\n

PowerShell<\/h2>\n

(Eventually) Those folks at MS decided to create their own scripting language called powershell. \u00a0They decided to take a slightly different route than the Unix crowd. Powershell is an interpreter that contains the logic for doing tasks. \u00a0This “shell” appears to be more of a replacement for the typical cmd.exe shell\u00a0that has existed since the beginning (well it used to be command.com) as well as all of the command line programs.<\/p>\n

The commands that exist from the powershell are called cmdlets. \u00a0Unlike Unix these are not a simple executables that can be executed from the cmd shell but are commands that are part of the powershell interpreter. \u00a0This might give a small bit of extra performance but it also means a new version of powershell is needed to add some new functionality.<\/p>\n

The one good thing about the powershell is that it was installed on my computer by default. In addition, The big MS did want to show their security credentials and they have added a security level that must be set before you are able to run any powershell scripts. \u00a0This security level is essentially determining to which extent you trust powershell scripts\u00a0with the focus being on either local or from other sources.<\/p>\n

\"\"<\/a><\/p>\n

This is actually a pretty smart as it is possible to do quite a few things using powershell once you can run the scripts. \u00a0It would be pretty serious\u00a0to have such power unlocked by default for any user who happens to execute a powershell script that is an attachment to an email.<\/p>\n

However, even accidentally running a powershell script is a bit harder as MS has associated the extension .ps1 to be assigned to notepad. \u00a0Thus if you click on a script from windows explorer you will simply open up the script in notpad.<\/p>\n

In order to run powershell scripts you need to first select an executable permission. There are four different permissions that can be selected in order to set the various rights at different levels.<\/p>\n\n\n\n\n\n\n\n\n
Level<\/th>\nDescription<\/th>\n<\/tr>\n
Restricted<\/td>\nCan not run powershell scripts<\/td>\n<\/tr>\n
RemoteSigned<\/td>\nCan run local scripts but remote scripts need to be signed.<\/td>\n<\/tr>\n
Unrestricted<\/td>\nAny script can be run.<\/td>\n<\/tr>\n
AllSigned<\/td>\nVery secure, requires all scripts to be signed.<\/td>\n<\/tr>\n
Undefined<\/td>\nRemoves existing level<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Changing the level is actually pretty easy but you do need to be an administrator to do so. Simply use the set-executionpolicy cmdlet to set the permission to one of the described levels.<\/p>\n

\"\"<\/p>\n

Signed Scripts<\/h2>\n

I personally am a fan of the unix “permissions” as it is really quite simple and very easy to modify. However, I wouldn’t say that they are the final word in preventing unauthorized scripts from being run.<\/p>\n

I guess the final word is trying to protect your scripts is to use Microsoft’s method of creating recognized certificates while using a certification authority infrastructure. \u00a0If you want you can learn more about this by visiting Microsoft and downloading their best practices document<\/a>. \u00a0I didn’t feel up to the task of going through the entire 67 page document so instead I decided to set my execution policy level to RemoteSigned.<\/p>\n

This then let me run my fabulous powershell script.<\/p>\n

$list = dir\r\necho $list<\/pre>\n
Actually this small script does quite a bit. \u00a0It does a directory listing and assigns the output to a variable. \u00a0Much like the bash shell that variable can be a list and echoed to the output device.<\/p>\n
\"\"<\/a><\/p>\n
 <\/p>\n
Note: It is possible to run any other programs from this powershell if they are in your path.<\/p>\n
Unix friendly<\/h2>\n
It is possible that the big MS wanted to create a shell that would also appeal to the Unix crowd. I think this is the case as the powershell has the alias command. \u00a0This gave them the ability to create a bunch of commands that appear to include the common Unix commands.<\/p>\n
The alias command links the name to an internal cmdlet which performs some action. One\u00a0example of this is the “clear” alias being linked to the cmdlet clear-content. \u00a0The alias’s that they choose appear to look like they were picked to make Unix guys feel comfortable.<\/p>\n
PS C:\\Windows\\system32> alias\r\n\r\nCommandType     Name                            Definition\r\n-----------     ----                            ----------\r\nAlias           %                               ForEach-Object\r\nAlias           ?                               Where-Object\r\nAlias           ac                              Add-Content\r\nAlias           asnp                            Add-PSSnapIn\r\nAlias           cat                             Get-Content\r\nAlias           cd                              Set-Location\r\nAlias           chdir                           Set-Location\r\nAlias           clc                             Clear-Content\r\nAlias           clear                           Clear-Host\r\nAlias           clhy                            Clear-History\r\nAlias           cli                             Clear-Item\r\nAlias           clp                             Clear-ItemProperty\r\nAlias           cls                             Clear-Host\r\nAlias           clv                             Clear-Variable\r\nAlias           compare                         Compare-Object\r\nAlias           copy                            Copy-Item\r\nAlias           cp                              Copy-Item\r\nAlias           cpi                             Copy-Item\r\nAlias           cpp                             Copy-ItemProperty\r\nAlias           cvpa                            Convert-Path\r\nAlias           dbp                             Disable-PSBreakpoint\r\nAlias           del                             Remove-Item\r\nAlias           diff                            Compare-Object\r\nAlias           dir                             Get-ChildItem\r\nAlias           ebp                             Enable-PSBreakpoint\r\nAlias           echo                            Write-Output\r\nAlias           epal                            Export-Alias\r\nAlias           epcsv                           Export-Csv\r\nAlias           epsn                            Export-PSSession\r\nAlias           erase                           Remove-Item\r\nAlias           etsn                            Enter-PSSession\r\nAlias           exsn                            Exit-PSSession\r\nAlias           fc                              Format-Custom\r\nAlias           fl                              Format-List\r\nAlias           foreach                         ForEach-Object\r\nAlias           ft                              Format-Table\r\nAlias           fw                              Format-Wide\r\nAlias           gal                             Get-Alias\r\nAlias           gbp                             Get-PSBreakpoint\r\nAlias           gc                              Get-Content\r\nAlias           gci                             Get-ChildItem\r\nAlias           gcm                             Get-Command\r\nAlias           gcs                             Get-PSCallStack\r\nAlias           gdr                             Get-PSDrive\r\nAlias           ghy                             Get-History\r\nAlias           gi                              Get-Item\r\nAlias           gjb                             Get-Job\r\nAlias           gl                              Get-Location\r\nAlias           gm                              Get-Member\r\nAlias           gmo                             Get-Module\r\nAlias           gp                              Get-ItemProperty\r\nAlias           gps                             Get-Process\r\nAlias           group                           Group-Object\r\nAlias           gsn                             Get-PSSession\r\nAlias           gsnp                            Get-PSSnapIn\r\nAlias           gsv                             Get-Service\r\nAlias           gu                              Get-Unique\r\nAlias           gv                              Get-Variable\r\nAlias           gwmi                            Get-WmiObject\r\nAlias           h                               Get-History\r\nAlias           history                         Get-History\r\nAlias           icm                             Invoke-Command\r\nAlias           iex                             Invoke-Expression\r\nAlias           ihy                             Invoke-History\r\nAlias           ii                              Invoke-Item\r\nAlias           ipal                            Import-Alias\r\nAlias           ipcsv                           Import-Csv\r\nAlias           ipmo                            Import-Module\r\nAlias           ipsn                            Import-PSSession\r\nAlias           ise                             powershell_ise.exe\r\nAlias           iwmi                            Invoke-WMIMethod\r\nAlias           kill                            Stop-Process\r\nAlias           lp                              Out-Printer\r\nAlias           ls                              Get-ChildItem\r\nAlias           man                             help\r\nAlias           md                              mkdir\r\nAlias           measure                         Measure-Object\r\nAlias           mi                              Move-Item\r\nAlias           mount                           New-PSDrive\r\nAlias           move                            Move-Item\r\nAlias           mp                              Move-ItemProperty\r\nAlias           mv                              Move-Item\r\nAlias           nal                             New-Alias\r\nAlias           ndr                             New-PSDrive\r\nAlias           ni                              New-Item\r\nAlias           nmo                             New-Module\r\nAlias           nsn                             New-PSSession\r\nAlias           nv                              New-Variable\r\nAlias           ogv                             Out-GridView\r\nAlias           oh                              Out-Host\r\nAlias           popd                            Pop-Location\r\nAlias           ps                              Get-Process\r\nAlias           pushd                           Push-Location\r\nAlias           pwd                             Get-Location\r\nAlias           r                               Invoke-History\r\nAlias           rbp                             Remove-PSBreakpoint\r\nAlias           rcjb                            Receive-Job\r\nAlias           rd                              Remove-Item\r\nAlias           rdr                             Remove-PSDrive\r\nAlias           ren                             Rename-Item\r\nAlias           ri                              Remove-Item\r\nAlias           rjb                             Remove-Job\r\nAlias           rm                              Remove-Item\r\nAlias           rmdir                           Remove-Item\r\nAlias           rmo                             Remove-Module\r\nAlias           rni                             Rename-Item\r\nAlias           rnp                             Rename-ItemProperty\r\nAlias           rp                              Remove-ItemProperty\r\nAlias           rsn                             Remove-PSSession\r\nAlias           rsnp                            Remove-PSSnapin\r\nAlias           rv                              Remove-Variable\r\nAlias           rvpa                            Resolve-Path\r\nAlias           rwmi                            Remove-WMIObject\r\nAlias           sajb                            Start-Job\r\nAlias           sal                             Set-Alias\r\nAlias           saps                            Start-Process\r\nAlias           sasv                            Start-Service\r\nAlias           sbp                             Set-PSBreakpoint\r\nAlias           sc                              Set-Content\r\nAlias           select                          Select-Object\r\nAlias           set                             Set-Variable\r\nAlias           si                              Set-Item\r\nAlias           sl                              Set-Location\r\nAlias           sleep                           Start-Sleep\r\nAlias           sort                            Sort-Object\r\nAlias           sp                              Set-ItemProperty\r\nAlias           spjb                            Stop-Job\r\nAlias           spps                            Stop-Process\r\nAlias           spsv                            Stop-Service\r\nAlias           start                           Start-Process\r\nAlias           sv                              Set-Variable\r\nAlias           swmi                            Set-WMIInstance\r\nAlias           tee                             Tee-Object\r\nAlias           type                            Get-Content\r\nAlias           where                           Where-Object\r\nAlias           wjb                             Wait-Job\r\nAlias           write                           Write-Output\r\n\r\nPS C:\\Windows\\system32>\r\n<\/pre>\n
This is NOT exactly like Unix. The “ls” alias does do a directory listing but unsurprisingly it does not accept the same options.<\/p>\n
Microsofts cmdlets<\/h2>\n
PowerShell actually implements all the logic in the form of cmdlets. \u00a0You could find a book that described PowerShell programming along with (hopefully) a big reference section. That is one possible approach but the good news is that PowerShell has built in help.<\/p>\n
The cmdlet get-help will return the information about any of the supported cmdlets.<\/p>\n
\"\"<\/a><\/p>\n
Microsoft also has a very complete webpage that describes the different cmdlets. This information is grouped together by function.<\/p>\n
https:\/\/technet.microsoft.com\/en-us\/library\/dd772285.aspx<\/a><\/p><\/blockquote>\n
One final note about security<\/h2>\n
Well, I am glad that I didn’t spend a whole lot of time on setting up an elaborate system to deal with signed certificates. \u00a0It turns out that there are actually a number of different ways that you can run powershell scripts and some of them get around the existing security settings.<\/p>\n
I didn’t actually come up with these methods myself, but instead happened upon the following webpage that elaborated a lot of ways to get around the execution policy.<\/p>\n
15 Ways to Bypass the PowerShell Execution Policy<\/a><\/p><\/blockquote>\n