powershell.jpg

PowerShell Tutorial: PowerShell Scripting Basics

Illustration: Lisa Hornung

Microsoft PowerShell, generally referred to as Windows PowerShell, offers a handy way to automate various chores whether you’re working on a Windows Server or a Windows workstation.

System administrators would do well to learn this scripting language as a skill with which to automate tasks – particularly repetitive tasks – and develop advanced administrative tasks to help lighten their workloads and execute operations via predictable, proven commands. These commands can be run on local systems or remote ones using the PowerShell remoting function, for example, to make updates to the Windows registry on multiple systems.

SEE: Feature comparison: Time tracking software and systems (TechRepublic Premium)

PowerShell isn’t a programming language like Visual Studio Code aka VS Code so much as a scripting language. PowerShell variables, cmdlets, modules and providers are the foundation and constitute powerful PowerShell tools to help get the job done.

  • A variable is a term to identify a specific value for easy reference and reuse.
  • A cmdlet is a built-in PowerShell command (The Get command cmdlet being one of the most common with multiple uses such as retrieving existing settings or seeking assistance via the get-help cmdlet).
  • A module is a package containing multiple objects such as cmdlets, variables and more.
  • A provider is a .NET program which provides access to information such as the registry, aliases, functions, variables, file systems and the overall operating system environment.

Windows PowerShell, which runs on the Windows OS exclusively, is augmented by PowerShell Core, which is an advanced version capable of running on the operating systems Windows, Mac and Linux in the same manner Visual Studio Code does.

Here is a Windows PowerShell scripting tutorial intended as a beginner’s guide to illustrate scripting basics to help beginners as they start working with existing Windows PowerShell scripts or PowerShell cmdlets or building new ones.

You can launch Windows PowerShell from the Start Menu under the Windows PowerShell folder in order to orient yourself to use this PowerShell tutorial. The two programs to work with are Windows PowerShell and Windows PowerShell ISE (Integrated Scripting Environment). The first executable is the command prompt interface, and the second is a GUI-based interface which appears as follows:

I prefer using Windows PowerShell ISE for PowerShell scripting since it provides a PowerShell console window to permit command prompt functionality along with a handy toolbar ribbon and command references listed on the right which you can click to insert PowerShell commands as well as learn more about them.

Note that the default executables are 64-bit but a 32-bit PowerShell version of each can be found in this folder for backwards-compatibility purposes.

1. PS1 files

PowerShell syntax can be a bit daunting for the newcomer, so let’s start with the basics of scripts which are also called PS1 files. A Windows PowerShell script is really nothing more than a simple text file that can be run in either Windows PowerShell or Windows PowerShell ISE. The PowerShell scripting language operates by executing a series of PowerShell commands (or a single one), with each command appearing on a separate line. For the text file to be treated as a PowerShell script, its filename needs to end in .PS1 to connote a PowerShell extension.

The simplest, most basic PowerShell example is a file called Datecheck.ps1, which contains the following entry:

Get-Date

Running this will provide you output similar to the following:

Tuesday, May 10, 2022 3:20:04 pm

2. Execution permissions

To prevent the execution of malicious scripts, PowerShell enforces an execution policy. By default, the execution policy is set to Restricted, which means that PowerShell scripts will not run. You can determine the current execution policy by using the following cmdlet:

Get-ExecutionPolicy

The execution policies you can use are:

  • Restricted–Scripts won’t run.
  • RemoteSigned–Scripts created locally will run, but those downloaded from the internet will not (unless they are digitally signed by a trusted publisher).
  • AllSigned–Scripts will run only if they have been signed by a trusted publisher.
  • Unrestricted–Scripts will run regardless of where they have come from and whether they are signed.

You can set PowerShell’s execution policy by using the following cmdlet:

Set-ExecutionPolicy <policy name>

Note: when typing in the PowerShell command prompt you can enter part of the command and hit Tab to autofill the rest (or show multiple choices matching what you’ve put in). For instance, typing Set-Ex and pressing tab will autofill the entire Set-ExecutionPolicy command and save you some time.

3. Running a script

For years now, if you wanted to run an executable file from the command line the practice was to navigate to the file’s path and then type the name of the executable file. However, this age-old method doesn’t work for PowerShell scripts.

If you want to execute a PowerShell script, you will usually have to type the full path along with the filename. For example, to run a script named SCRIPT.PS1, you might type:

C:ScriptsScript.ps1

The big exception is that you can execute a script by simply typing its name if the folder containing the script is in your system’s path. There is also a shortcut you can use if you are already in the folder containing the script. Instead of typing the script’s full path in such a situation, you can enter . and the script’s name. For example, you might type:

.Script.ps1

4. Pipelining

Pipelining is the term for feeding one command’s output into another command. This allows the second command to act on the input it has received. To pipeline two commands (or cmdlets), simply separate them with the pipe symbol (|).

To help you understand how pipelining works, imagine that you want to create a list of processes that are running on a server and sort that list by process ID number. You can get a list of processes by using the Get-Process cmdlet, but the list will not be sorted. However, if you pipeline the cmdlet’s output into the Sort-Object ID command, the list will be sorted. The string of commands used looks like this:

Get-Process | Sort-Object ID

5. Variables

Although you can use pipelining to feed one command’s output into another command, sometimes pipelining alone won’t get the job done. When you pipeline a command’s output into another command, that output is used immediately. Occasionally, you may need to store the output for a while so that you can use (or reuse) it later. This is where a PowerShell variable can come into play.

It’s easy to think of a variable as a repository for storing a value, but in PowerShell, a variable can store a command’s full output. For example, suppose you want to store the list of processes running on a server as a variable. To do so, you could use this line of code:

$a = Get-Process

Here, the variable is named $a. If you want to use the variable, simply call it by name. For example, typing $a prints the variable’s contents on the screen.

You can assign a variable to the final output of multiple commands that have been pipelined together. Just surround the commands with parentheses. For example, to sort the running processes by process ID and then assign the output to a variable, you could use this command:

$a = (Get-Process | Sort-Object ID)

Running “echo $a” will then execute the command you assigned to the variable.

6. The @ symbol

By using the @ symbol, you can turn the contents of a list into an array. For example, take the following line of code, which creates a variable named $Procs that contains multiple lines of text (an array):

$procs = @{name="explorer","svchost"}

You can also use the @ symbol when the variable is used, to ensure that it is treated as an array rather than a single value. For instance, the line of code below will run the Get-Process cmdlet against the variable I defined a moment ago. In doing so, Windows will display all the processes used by Windows Explorer and Svchost. Notice how the @ symbol is being used in front of the variable name rather than the dollar sign that we usually see used:

Get-Process @procs

7. Split

The split operator splits a text string based on a character you designate. For example, suppose that you want to break a sentence into an array consisting of each individual word in the sentence. You could do so by using a command like this one:

"This is a test" -split " "

The result would look like this:

This

is

a

test

8. Join

Just as split can split a text string into multiple pieces, the join operator can combine multiple blocks of text into one. For example, this line will create a text string consisting of my first name and last name:

"Scott","Matteson" -join " "

The space between the quotation marks at the end of the command tells Windows to insert a space between the two text strings.

9. Breakpoints

Running a newly created PowerShell script can have unintended consequences if the script contains bugs. One way to protect yourself is to insert breakpoints at strategic locations within your script. That way, you can make sure that the script is working as intended before you process the entire thing.

The easiest way to insert a breakpoint is by line number. For instance, to insert a breakpoint on the 10th line of a script, you could use a command like this:

Set-PSBreakpoint -Script C:ScriptsScript.ps1 -Line 10

You can also bind a breakpoint to a variable. So, if you wanted your script to break any time the contents of a$ changed, you could use a command like this one:

Set-PSBreakpoint -Script C:scriptsScript.ps1 -variables a

Notice that I didn’t include the dollar sign after the variable name.

There are a number of verbs you can use with PSBreakpoint including Get, Enable, Disable and Remove.

10. Step

When debugging a script, it may sometimes be necessary to run the script line by line. To do so, you can use the Stepping process in PowerShell ISE to cause the script to pause after each line regardless of whether a breakpoint exists. Utilize the functions outlined in the table below.

Image: Microsoft

linux-10-trouleshoot.jpeg

10 ways to check ports in Linux to help troubleshoot systems

Image: Julien Tromeur/Adobe Stock

Networking is the backbone behind much of technology, and while a standalone device isn’t without significant value due to its local processing capabilities, the bread and butter behind business operations involves communication. Namely, getting systems and devices communicating with one another across networks to access or share data, maintain security and monitor operations.

When using TCP/IP, the universal language of networks, the process of checking ports to ensure they are configured, listening and accepting traffic is standard fare for system and network administrators. Ports are associated with processes running on target systems such as web servers, email servers, Active Directory domain controllers and other centralized resources. Gathering information about them is essential to proper communicative functionality.

SEE: Linux turns 30: Celebrating the open source operating system (free PDF) (TechRepublic)

Here are 10 ways you can work with ports using Linux to troubleshoot issues and maintain operations.

How to check to see what protocols and ports are associated with a given service

This command can show you a reference guide which will tell you the protocols and ports used (in theory) by any service in case you’re looking for more information. It does not show you what’s actively listening, but rather is used to help narrow down what could or should be used for any given function, such as FTP or SSH.

Run:

cat /etc/services | less

The output will show an extensive list of dozens of services and the ports associated with them to help serve as a reference point for you.

How to check to see what ports are actively connected from or to a local system

Run the ss command and you will see a list of the ports to which a particular system is connected, either locally or remotely: Details will depend on the system and functions involved.

How to use nmap to scan a remote system for open ports

The nmap utility, also known as ncat, is a handy Swiss army knife which works for Linux and Windows that can be used to see what ports are open on a remote system. Keep in mind port scanning may attract the attention of a security team, so only do this for authorized business purposes.

Let’s say you want to see what ports are open on the remote system website for Microsoft.

In Linux, run:

nmap microsoft.com

The results will reveal open ports on that host similar to the following:

Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 15:32 Eastern Daylight Time

Nmap scan report for microsoft.com (20.81.111.85)

Host is up (0.018s latency).

Other addresses for microsoft.com (not scanned): 20.84.181.62 20.103.85.33 20.53.203.50 20.112.52.29

Not shown: 998 filtered tcp ports (no-response)

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 47.51 seconds

To check for a specific port such as 443, run nmap -p 443 microsoft.com.

You can check multiple ports such as 80 and 443 with nmap -p 80,443 microsoft.com.

How to check a local system to see which application is associated with a port

Let’s say you want to see what local application is listening on port 8443.

Run:

netstat -tulpn | grep 8443

This will return the process ID (PID), for instance 8971 (there may be multiple PIDs) as well as the application name (in this case it’s Java).

How to kill an application or service associated with a specific port

This can come in handy for applications or services you don’t recognize and suspect may be malicious. Follow the above command to get the PID(s), then run:

kill -9 (PID)

Repeat as needed for each PID to kill the process.

How to check a remote system with telnet to see if a port is listening and can be connected to

Let’s say you want to see if a remote system called host.company.com is listening on port 443 and can be connected to.

Run:

telnet host.company com 443

If you see a Connected response, the host is listening on that port and can be connected to.

If you get a Connection Refused error or the connection times out, the host either isn’t listening, access may be blocked from that host or you can’t get to the host (check for firewall access).

How to check a remote system without telnet to see if a port is listening and can be connected to

Not every system has telnet installed, and while you can usually install it from a yum repository using yum install telnet, sometimes the repositories don’t contain that package or the system is locked down preventing any software installation. You might also be in too much of a hurry to conduct a yum install. Let’s say you’d like to see if the host with the IP of 10.37.39.141 is listening on port 636:

echo > /dev/tcp/10.37.39.141/636

Ironically, if you get no response back, that’s actually a good thing and means the access worked.

If you get a Connection Refused error or the connection times out, the host either isn’t listening, access may be blocked from that host or you can’t get to the host (check for firewall access).

How to check a remote system using curl to see if a TCP port is listening

This achieves the same result as the prior step, but is a handy way to get oriented towards the curl application.

Let’s say you’d like to see if the host with the IP address of 10.37.34.21 is listening on port 16667:

Run:

curl -v telnet://10.37.34.21:16667

If you see a Connected response, the host is listening on that port and can be connected to.

If you get a Connection Refused error or the connection times out, the host either isn’t listening, access may be blocked from that host or you can’t get to the host (check for firewall access).

Note that this only works for TCP ports.

How to check what SSL certificate is listening on a port

This is one of my favorites and it has been a lifesaver for me during SSL certificate replacements in order to make sure things were done correctly.

Let’s say you have a server named splunk.company.com with an SSL certificate attached to port 8000, which you’ve just replaced and want to confirm is present.

Run:

openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout

This will return the full details of the SSL certificate such as the CN and issuer.

How to check the expiration date of an SSL certificate listening on a port

For quick way to establish the server in question has the right certificate attached to that port, run:

openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout -dates

This will return output similar to the following:

notBefore=May 31 21:46:06 2021 GMT

notAfter=May 31 21:56:06 2022 GMT

With the above information in mind you can rest easy knowing the right certificate is in place.