POWERSHELL

 
 PowerShell Scriptin’1
&
Old Computer Accounts
Old User Accounts
 
 
– Jaké počítače a uživatelé se nepřihlásili déle než 60 dní.
– Jak spouštět skripty v PowerShellu
 
1) Nejdříve je třeba zjistit, jaká je nastavena politika pro spouštění skriptů ps1. Zadejte do PowerShell okna příkaz:
Get-ExecutionPolicy
 
Jaké jsou politiky:
POWERSHELL EXECUTION POLICIES
——————————————
The PowerShell execution policies are:
    Restricted
        – Default execution policy.
        – Permits individual commands, but scripts cannot run.
    AllSigned
        – Scripts can run.
        – Requires a digital signature from a trusted publisher on all scripts
          and configuration files, including scripts that you write on the
          local computer.
        – Prompts you before running scripts from trusted publishers.
        – Risks running signed, but malicious, scripts.
    RemoteSigned
        – Scripts can run.
        – Requires a digital signature from a trusted publisher on scripts and
          configuration files that are downloaded from the Internet (including
          e-mail and instant messaging programs).
        – Does not require digital signatures on scripts run from the
          local computer.
        – Does not prompt you before running scripts from trusted publishers.
        – Risks running signed, but malicious, scripts.
    Unrestricted
        – Unsigned scripts can run.
        – Scripts and configuration files that are downloaded from the Internet
          (including Microsoft Outlook, Outlook Express and Windows Messenger)
          run after warning you that the file originated from the Internet.
        – Risks running malicious scripts.
 
2) Změna politiky – příkaz:
Set-ExecutionPolicy RemoteSigned
 
3) Spouštění skriptů:
 
cd D:\Skripty
.\skript.ps1
 
nebo
 
& "D:\Skripty\skript.ps1"
_____________________________________________________________
#old comps accounts
$maxOldLogonDays = 60
$adsiSearcher = new-object DirectoryServices.DirectorySearcher("
LDAP://rootdse")
$adsiSearcher.filter = "objectCategory=computer"
$adsiSearcher.findall() |
Foreach-Object `
{
 "Processing $($_.path)"
 $rawLogon = $_.properties.item("lastlogon")
 $convertedLogOn = [datetime]::FromFileTime([int64]::Parse($rawLogon))
 If( ((get-date) – $convertedLogOn).days  -ge $maxOldLogonDays )
  {
    "$($_.properties.item(‘distinguishedName’))
     has not logged on for more than  $maxOldLogonDays days"
  } #end if
} #end foreach
_____________________________________________________________________________________
#old user accounts
$maxOldLogonDays = 60
$adsiSearcher = new-object DirectoryServices.DirectorySearcher("
LDAP://rootdse")
$adsiSearcher.filter = "objectCategory=User"
$adsiSearcher.findall() |
Foreach-Object `
{
 "Processing $($_.path)"
 $rawLogon = $_.properties.item("lastlogon")
 $convertedLogOn = [datetime]::FromFileTime([int64]::Parse($rawLogon))
 If( ((get-date) – $convertedLogOn).days  -ge $maxOldLogonDays )
  {
    "$($_.properties.item(‘distinguishedName’))
     has not logged on for more than  $maxOldLogonDays days"
  } #end if
} #end foreach
 
Advertisements