Powershell

Recovered from the older tannerjc.net wiki snapshot dated January 23, 2016.

Basics

• getting help on a command Get-Help command

Remote

RedHat doesn’t indicate that a linux powershell client exists. They do seem to advocate installing cygwin+ssh to offer a method of getting into powershell from a linux machine.

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/API_Guide/chap-API_Guide-Accessing_the_API_remotely_from_Linux_clients.html

The redhat documentation on cygwin and sshd is very specific to their use cases.

10:01 jtanner: i'm trying to invoke powershell from cygwin over ssh, but i keep getting invalid characters in path errors. Has anyone seen this before and knows how to workaround it?
10:02 kenh: We gave up on using SSH and are now moving to WS-Mgmt / WinRM
10:02 kenh: we're just getting started but I hope to blog this and get it out there.  It's pretty slick
10:03 kenh: we're using it to do Exchange provisioning becuase there's no Exchange web service call (yet) to create a mailbox for a user.
10:10 jtanner: kenh: so i guess you experienced issues with ssh ?
10:10 jtanner: kenh: have you found a suitable winrm client for linux or osx?
10:11 jtanner: something that can be shoved into a bash script?
10:12 kenh: jtanner : yes, java :-D
10:12 jtanner: heh
10:13 kenh: one of our developers created a java library which wraps the calls and does a bunch of sanitizing to make it really easy to make the call from java - basically you insert the command you want executed from the command prompt on the other side (i.e. powershell.exe striptname.ps1 and off you go
10:13 jtanner: ah
10:13 jtanner: makes sense
10:13 kenh: I'm trying to get confirmation that it's open-sourced like most of his other stuff was
10:13 jtanner: just wish there was something native for linux though
10:13 jtanner: but if you guys opensource that, i'd use it
10:14 kenh: apparently he had a lot of fun trying to make sense of how the responses come back - stdout and stderr are on separate channels
10:15 kenh: one of his team walked me through it just last Friday for the first time so I'm still getting my brain around this but it looks really promising for any kind of cross-platform automation
10:15 jtanner: hrm
10:15 jtanner: is it on gitbhub or bitbucket yet? =)
10:16 kenh: nope
10:17 kenh: yes, we have had nothing but paint trying to do automation with SSH.  I detest Cygwin.
10:17 kenh: *pain
10:18 kenh: This WS-management stuff looks like it will break through  logjams on multiple fronts here

• ruby library for winrm

• https://github.com/zenchild/WinRM

• python library for WMI

• http://pypi.python.org/pypi/WMI/

• java library for WMI

• http://j-interop.org/

• pash

• http://sourceforge.net/projects/pash/

---

• enable remote connections Enable-PSRemoting

• search for open WinRM services (look for port 5985) winrm enumerate winrm/config/listener

• Add a trusted host for remote connections

PS C:\Windows\system32 winrm set winrm/config/client '@{TrustedHosts=sasha}'
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts = sasha

• open shell session NewPSSession hostname

• note that this will only work on localhost/loopback until the remote host lists your connecting machine as a trusted host.

• Make connection with default auth and a username Enter-PSSession -ComputerName sasha -Authentication Default -Credential Administrator

• Make connection with basic http auth and a username Enter-PSSession -ComputerName sasha -Authentication Basic -Credential Administrator

ruby winrm client

• Fedora 15 and RHEL 4,5,6 do not have ruby 1.9.x which is absolutely required for this gem

• Arch linux has 1.9.x by default

• install arch

• pacman -Syu

• pacman -S ruby

• pacman -S libxml2 libxslt

• gem update –system

• gem install winrm

zenoss wmi client for linux

• references

• http://pzolee.blogs.balabit.com/2010/09/wmi-client-for-linux/

• http://dev.zenoss.org/svn/trunk/inst/externallibs/

• notes

• 2012-02-22 - trunk of googlebreakpad has a bug in postfix_evaluator-inl.h introduced by a recent commit. I commented out those changes.

• 2012-02-22 - wmi-1.3.16 does not compile, so i used 1.3.13 instead

• export ZENHOME=/opt/wmi-zenoss/wmi-1.3.13

• svn checkout http://google-breakpad.googlecode.com/svn/trunk/ google-breakpad-read-only

• cd google-breakpad-read-only

• cp ./src/processor/postfix_evaluator-inl.h ./src/processor/postfix_evaluator-inl.h.bak

• vim ./src/processor/postfix_evaluator-inl.h … http://code.google.com/p/google-breakpad/source/diff?spec=svn923r=923format=sidepath=/trunk/src/processor/postfix_evaluator-inl.hold_path=/trunk/src/processor/postfix_evaluator-inl.hold=688

• ./configure –prefix=$ZENHOME

• make

• make install

• cd ~

• svn co http://dev.zenoss.org/svn/tags/wmi-1.3.13/

• cd wmi-1.3.13

• make

• http://msdn.microsoft.com/en-us/library/windows/desktop/aa394572(v=vs.85).aspx

## windows 7 has login errors ...

[root@jtshell bin]# ./wmic -U JT-WIN7-X86/Administrator%MYPASS  -W WORKGROUP //172.16.175.222 SELECT CommandLine,Name,ProcessId FROM Win32_Process
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706ba - NT code 0x800706ba

## Server 2008R2 works fine ...

[root@jtshell bin]# ./wmic -U Administrator%MYPASS //dhcp253.eng.rpath.com SELECT CommandLine,Name,ProcessId FROM Win32_Process
CLASS: Win32_Process
CommandLine|Handle|Name|ProcessId
(null)|0|System Idle Process|0
(null)|4|System|4
\SystemRoot\System32\smss.exe|224|smss.exe|224
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16|312|csrss.exe|312
wininit.exe|352|wininit.exe|352
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16|364|csrss.exe|364
winlogon.exe|392|winlogon.exe|392
C:\Windows\system32\services.exe|452|services.exe|452
C:\Windows\system32\lsass.exe|460|lsass.exe|460
C:\Windows\system32\lsm.exe|472|lsm.exe|472
C:\Windows\system32\svchost.exe -k DcomLaunch|564|svchost.exe|564
C:\Windows\system32\svchost.exe -k RPCSS|636|svchost.exe|636
LogonUI.exe /flags:0x0|720|LogonUI.exe|720
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted|728|svchost.exe|728
C:\Windows\system32\svchost.exe -k netsvcs|772|svchost.exe|772
C:\Windows\system32\svchost.exe -k LocalService|844|svchost.exe|844
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted|928|svchost.exe|928
C:\Windows\system32\svchost.exe -k NetworkService|968|svchost.exe|968
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork|308|svchost.exe|308
C:\Windows\System32\spoolsv.exe|1064|spoolsv.exe|1064
C:\Windows\system32\svchost.exe -k regsvc|1108|svchost.exe|1108
C:\Windows\System32\svchost.exe -k termsvcs|1416|svchost.exe|1416
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted|1448|svchost.exe|1448
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation|1640|svchost.exe|1640
C:\Windows\System32\msdtc.exe|1680|msdtc.exe|1680
C:\Windows\system32\sppsvc.exe|1300|sppsvc.exe|1300
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16|1292|csrss.exe|1292
winlogon.exe|1884|winlogon.exe|1884
taskhost.exe|1924|taskhost.exe|1924
rdpclip|360|rdpclip.exe|360
C:\Windows\system32\Dwm.exe|1972|dwm.exe|1972
C:\Windows\Explorer.EXE|1816|explorer.exe|1816
C:\Windows\System32\slui.exe -Embedding|560|slui.exe|560
C:\Windows\system32\wuauclt.exe|2188|wuauclt.exe|2188
C:\Windows\system32\wbem\wmiprvse.exe|2900|WmiPrvSE.exe|2900

example wmi queries

• get process table ./wmic -U Administrator%PASS //dhcp253.eng.rpath.com SELECT CommandLine,Name,ProcessId FROM Win32_Process
• get network config ./wmic -U Administrator%PASS //dhcp253.eng.rpath.com SELECT * FROM Win32_NetworkAdapterConfiguration
• get OS details ./wmic -U Administrator%PASS //dhcp253.eng.rpath.com SELECT * FROM Win32_OperatingSystem
• get all users ./wmic -U Administrator%PASS //dhcp253.eng.rpath.com SELECT * FROM Win32_UserAccount
• get local users ./wmic -U Administrator%PASS //dhcp253.eng.rpath.com SELECT * FROM Win32_UserAccount where LocalAccount = True