0 оценок0% нашли этот документ полезным (0 голосов)
123 просмотров9 страниц
PowerShell can be used to install windows Features on a new server. List the commands that Deepak must run on the new server to install the required modules.
PowerShell can be used to install windows Features on a new server. List the commands that Deepak must run on the new server to install the required modules.
PowerShell can be used to install windows Features on a new server. List the commands that Deepak must run on the new server to install the required modules.
Cambiar Nombre CMD: netdom renamecomputer %ComputerName% /NewName: <NewComputerName> reniciar cmd: restart /r Unir equipo al dominio cmd: netdom join %ComputerName% /doamain: <DomainName> /userd: <UserName> /passwordd:* Asignar ip estatica cmd: Netsh.exe o el servicio instrumental de administracin de windows (WMI) de acceso Propercioando por PowerShell Activar remote Desktop PowerShell cmdlet: Set-RemoteDesktop Enable De Server Core a GUI PS: Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell Restart De GUI a Server Core PS: Uninstall-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui- Shell Restart Remover los archivos Gui del sistema PS: Uninstall-WindowsFeature Server-Gui-Mgmt- Infra,Server-Gui-Shell Remove Instalar Roles y Features en PS con u xml exportado: Install-WindowsFeature ConfigurationFilePath <ExportedConfig.xml> Administrador de Discos cmd: Diskpart.exe Crear Storage pool PS: New-StoragePool FriendlyName <pool name> - StorageSubSystemFriendlyName <subsystem name> -PhysicalDisks <disk names> To obtain the correct designations for the storage subsystem and the physical disks, use the Get-StorageSubsystem and Get-PhysicalDisk cmdlets. What PowerShell command should Deepak use to install the required roles on the servers? Install-WindowsFeature What PowerShell command can Deepak use to obtain the short names for the roles used by PowerShell? Get-WindowsFeature
List the commands that Deepak must run on the new server to install the required modules. Deepak must run the following commands: Install-WindowsFeature FS-FileServer Install-WindowsFeature FS-DFS-Namespace Install-WindowsFeature FS-DFS-Replication Install-WindowsFeature FS-NFS-Service Install-WindowsFeature Print-Services allsubfeatures Install-WindowsFeature Web-Server Install-WindowsFeature Web-Windows-Auth Install-WindowsFeature Web-Ftp-Service Para que se pueda conectar impresoras a travs de gpo en anteriores a 2008 y vista: PushPrinterConnections.exe Para gestionar WinRM de una sesin de PowerShell: Configure-SMRemoting -Get|-Enable|- Disable -Get Displays the current WinRM status -Enable Enables WinRM -Disable Disables WinRM Reglas de entrada a modificar en el firewall para acceso mmc remoto: COM+ Network Access (DCOM-In) Remote Event Log Management (NP-In) Remote Event Log Management (RPC) Remote Event Log Management (RPC-EPMAP)
Mtodos de configuracin de las reglas anteriores:
Open the Windows Firewall with Advanced Security MMC snap-in on the remote server (if it is a Full GUI installation). Run the Netsh AdvFirewall command from an administrative command prompt. Use the NetSecurity module in Windows PowerShell. Create a GPO containing the appropriate settings and apply it to the remote server.
Configuracin de las anteriores reglas en Power Shell
Set-NetFirewallRule name <rule name> -enable true
Para obtener los nombres de PowerShell de las reglas preconfiguradas de Firewall de Windows, se utiliza el comando Get-NetFirewallRule. Los comandos que resultan para que las cuatro reglas enumeradas anteriormente son por lo tanto de la siguiente manera
Set-NetFirewall name ComPlusNetworkAccess-DCOM-IN enabled true
Set-NetFirewall name RemoteEventLogSvc-In-TCP enable True
Set-NetFirewall name RemoteEventLogSvc-NP-IN-TCP -enabled True
Set-NetFirewallRule name RemoteEventLogSvc-RPCSS-In-TCP Enable True
Iniciar session remota desde PS: Enter-PSSesion <remote server name> -credential <username>
Salir session remota desde PS: Exit-PSSesion
Lista de roles PS: Get-WindowsFeature
Agregar windows feature PS: Add-WindowsFeature <feature name>
Instalar Hyper V role PS: Install-WindowsFeature Name Hyper-V ComputerName <name> - IncludeManagementTools Restart
Crear Maquina virtual PS Sintaxis: New-VM Name VM name MemoryStartupBytes <memory> -NewVHDSizeBytes <disk size>
Ejemplo: New VM Name ServerA MemoryStartupBytes 1GB -NewVHDSizeBytes 60GB
Ejemplo: Set-VMMemory TestVM -DymamicMemoryEnabled $true -MinimimBytes 64MB Medicin de recursos Hyper V PS: Enable-VMResourceMetering VMName <name> Sacar estadstica de medicin de recursos Hyper v PS: Measure-VM VMname <name> Crear pool de recursos de Hyper V PS: New-VMResourcePool cmdlet Estadistica de medicin de pool Hyper V PS: Enable-VMResourceMetering.
Disco vhd o vhdx con ps sintaxis: New-VHD Path c:\filename.vhd|c:\filename.vhdx -Fixed|-Dynamic|-Differencing SizeBytes <size> [-BlockSizeBytes <block size>] [-LogicalSectorSizeBytes 512|4096] [-PatentPath <pathname>] Ejemplo: New-VHD Path c:\diskfiel.vhdx Fixed -SizeBytes 400GB -LogicalSectorSizeBytes 4096 In the same way, if you create the differencing disk by using Windows PowerShell, you must run the New-VHD cmdlet with the Differencing parameter and the ParentPath parameter, specifying the location of the parent disk. USING WINDOWS POWERSHELL To create a new virtual switch by using Windows PowerShell, you use the New-VMSwitch cmdlet with the following basic syntax: New-VMSwitch <switch name> -NetAdapterName <adapter name> [-SwitchType Internal|Private] For example, to create an external switch called LAN Switch, you would use the following command: New-VMSwitch LAN Switch NetAdapterName Ethernet Tunel ipV6 a travez de ipv4 ps: netsh interface ipv6 add v6v4tunnel interface localaddress remoteaddress Ejemplo: netsh interface ipv6 add v6v4tunnel tunnel 206.73.118.18 157.54.206.43 Instalacin de AD DS Rol PS: Install-WindowsFeature name AD-Domain-Services -IncludeManagementTools Una vez que haya instalado el rol, promoviendo el servidor a un controlador de dominio es un poco ms complicado. El mdulo incluye cmdlets PowerShell ADDSDeployment separadas para las tres configuraciones de implementacin contemplados en los apartados anteriores: Install-AddsForest Install-AddsDomainController Install-AddsDomain Instalar controlador de dominio en nuevo bosque PS: Install-AddsForest DomainName adatum.com
Instalar AD DS a travs de archivo o medio. Para crear un soporte de IFM, debe ejecutar el programa de Ntdsutil.exe en un controlador de dominio que ejecute la misma versin de Windows que desea desplegar. El programa es interactivo, lo que requiere que se introduzca una secuencia de comandos como la siguiente:
nstance
read-only domain controller and saves it to the folder specified by the path name variable Demote to domain controller (bajar controlador) : Uninstall-ADDSDomainController ForceRemoval -LocalAdministratorPassword <password> -Force Confirmar a que DC est registrado cmd con admin permisos: dcdiag /test:registerdns /dnsdomain:<damain name> /v Crear usuario con Dsadd.exe cmd: dsadd user <distinguished name> -samit <SAM account name> Ejemplo Dsadd.exe: dsadd user cn=Elizabeth Andresen,ou=Research,dc=adatum,dc=com samit eander Dsadd.exe tool: Dsadd.exe user Elizabeth Andresen,ou=Research,dc=adatum,dc=local - samid eander -fn Elizabeth -ln Andresen -disabled no -mustchpwd yes -pwd Pa$$w0rd Crear usuarios Power Shell: New-ADUser -Name Elizabeth Andersen -SamAccountName eander -GivenName Elizabeth -SurName Andersen -path OU=Research,DC=adatum.dc=local -Enabled $true -AccountPassword Pa$$w0rd -ChangePasswordAtLogon $true Multiples usuarios PS: Import-CSVusers Finance.cvs | foreach {New-ADUser SamAccount $_.SamAccountName -Name $_.Name Surname $_.Surname -GivenName $_.GivenName Path OU=Research,DC=adatum,DC=COM AccountPassword Pa$$w0rd Enabled $true} Unir equipos al dominio Netdom.exe cmd: netdom join <computername> /Domain:<DomainName> [/UserD;<User> /PasswordD:<UserPassword>] [/OU:OUDN] Unir equipos al dominio sin conexion: -En el computador con dominio djoin /provision /domain <damain name> /machine <computer name> /savefile <filename.txt> -En el computador sin dominio djoin /request0DJ /loadfile <filename.txt> /windowspath %SystemRoot% /localos Deshabilitar y habilitar cuentas: Disable-ADAccount Identity <account name> Enable-ADAccount Identity <account name> Crear grupos dsadd cmd: dsadd group <GruopDN> [parameters]
-secgrp yes|no Specifies whether the program should create a security group (yes) or a distribution group (no). The default value is yes. -scope l|g|u Specifies whether the program should create a domain local (l), global (g), or universal (u) group. The default value is g. -samid <SAMName> Specifies the SAM name for the group object. Download from Wow! eBook <www.wowebook.com> -desc <description> Specifies a description for the group object. -memberof <GroupDN> Specifies the DNs of one or more groups of which the new group should be made a member. -member <GroupDN> Specifies the DNs of one or more objects that should be made members of the new group. For example, to create a new group called Sales in the Users container and make the Administrator user a member, you would use the following command: Dsadd group CN=Sales,CN=Users,DC=adatum,DC=com member CN-Administrator,CN=Users,DC=adatum.DC=com CREAR GRUPO PS: New-ADGroup -Name<group name> -SamAccount <SAM name> -GroupCateory Distribution|Category -GroupScope Domain|Global|Universal -Path <distinguished name> Ejemplo: New-ADGroup Name Sales SamAccountName Sales -GroupCategory Security GroupScope Global -Path OU=Chicago,DC=Adatum,DC=Com
Modificar Grupos con DSMOD.exe: Dsmod group <GroupDN> [Parameters] -secgrp yes|no Sets the group type to security group (yes) or distribution group (no). -scope l|g|u Sets the group scope to domain local (l), global (g), or universal (u). -addmbr <members> Adds members to the group. Replace members with the DNs of one or more objects. -rmmbr <members> Removes members from the group. Replace members with the DNs of one or more objects. -chmbr <members> Replaces the complete list of group members. Replace members with the DNs of one or more objects. Ejemplo: dsmod group CN=Guest,CN=Builtin,DC=adatum,DC=COM addmbr CN=Administrator,CN=Users,DC=atatum,DC=com
Ver GPO Starter PS: PS C:\Users\Administrador> Get-GPStarterGPO -Name "Nombre GPO" Crear GPO desde Starter PS: PS C:\> New-GPO -Name "BO-1-Desktops" -StarterGpoName "Computers-Desktop" Linkear GPO creada a OU: PS C:\> New-GPLink -Name "BO-1-Desktops" `-Target "ou=BO-1- SEA,dc=corp,dc=fabrikam,dc=com" Realizar todo el proceso concatenando |: Get-GPStarterGPO -Name "Computers-Desktop" | New- GPO -Name "BO-1-Desktops" | `New-GPLink -Target "ou=BO-1-SEA,dc=corp,dc=fabrikam,dc=com" Abrir puertos en equipos para refrescar GPO: New-GPO -Name "EnableRemoteRefresh" `- StarterGPOName "Group Policy Remote Update Firewall Ports" | `New-GPLink -Target "dc=corp,dc=fabrikam,dc=com" Refrescar GPO en los equipos de la OU PS: Get-ADComputer -Filter * `-SearchBase "ou=Desktops,ou=Computers,ou=HQ-NYC,dc=corp,dc=fabrikam,dc=com" | `foreach{Invoke- GPUpdate -Computer $_.Name -force -RandomDelayInMinutes 0} Generar Backup GPO PS: PS C:\> Get-GPO -Name "BO-1-Desktops" | Backup-GPO -Path "C:\GPOBackups" `-Comment "Todays backup" Verificar los datos del Backup GPO PS: PS C:\> Get-ChildItem "C:\GPOBackups" -Recurse Actual configuracin firewall ps: PS C:\> Get-NetFirewallProfile -Name Domain -PolicyStore ActiveStore Modificar firewall ps: Set-NetFirewallProfile Obtener ayuda cmlets firewall ps: Get-Help Set-NetFirewallProfile Mostar reglas de entrada FW ps: C:\> Get-NetFirewallRule -PolicyStore ActiveStore `-DisplayGroup Network Discovery -Direction Inbound | `ft Name,DisplayName,Enabled,Action AutoSize Crear regla de salida bloqueando el Puerto 80 ps: PS C:\> New-NetFirewallRule -DisplayName Block Outbound Port 80 `-Direction Outbound -LocalPort 80 -Protocol TCP -Action Block Verificar NotifyOnListen policy conf en fr ps: PS C:\> Get-NetFirewallProfile -Name Domain - PolicyStore corp.fabrikam.com\Sales | `fl NotifyOnListen Activar NotifyOnListen fr ps: C:\> Get-NetFirewallProfile -Name Domain -PolicyStore corp.fabrikam.com\Sales | `Set-NetFirewallProfile -NotifyOnListen True Verificar si hay GPO de FW configurado en GPO: PS C:\> Get-NetFirewallRule -PolicyStore corp.fabrikam.com\Sales Implementar GPO para bloquear el trafico de salida puerto 80: PS C:\> New-NetFirewallRule - PolicyStore corp.fabrikam.com\Sales `-DisplayName Block Outbound Port 80 -Direction Outbound -LocalPort 80 `-Protocol TCP -Action Block Ver criptografia main-mode fw ps: PS C:\> Get-NetIPsecMainModeCryptoSet -PolicyStore ActiveStore To configure the main mode cryptographic sets on the computer, you can use the Set- NetIPsecMainModeCryptoSet cmdlet. Ver primera autenticacin en pc fw ps: PS C:\> Get-NetIPsecPhase1AuthSet -PolicyStore ActiveStore Compare the preceding command output to Figure 11-18 earlier in this lesson.To configure first authentication on the computer, you can use the Set-NetIPsecPhase1AuthSet cmdlet. New server insolation ps fw: PS C:\> New-NetIPsecRule -DisplayName Server Isolation Rule `- InboundSecurity Require -OutboundSecurity Require You can also use the Get-NetIPsecRule cmdlet to view connection security rules, Set-NetIPsecRule to modify them, or Remove-NetIPsecRule to delete them. For more help concerning any of these cmdlets, use the Get-Help cmdlet. Monitorear SA FW PS: PS C:\> Get-NetIPsecMainModeSA Ver equipos activos en quick mode: PS C:\> Get-NetIPsecQuickModeSA