Overview of Windows PowerShell 3.0
- 2/15/2013
Security issues with Windows PowerShell
As with any tool as versatile as Windows PowerShell, there are bound to be some security concerns. Security, however, was one of the design goals in the development of Windows PowerShell.
When you launch Windows PowerShell, it opens in your Documents folder; this ensures you are in a directory where you will have permission to perform certain actions and activities. This is far safer than opening at the root of the drive, or even opening in system root.
To change to a directory in the Windows PowerShell console, you cannot automatically go up to the next level; you must explicitly name the destination of the change-directory operation (although you can use the cd .. command to move up one level).
The running of scripts is disabled by default and can be easily managed through group policy. It can also be managed on a per-user or per-session basis.
Controlling execution of PowerShell cmdlets
Have you ever opened a CMD interpreter prompt, typed in a command, and pressed Enter so that you could see what it does? What if that command happened to be Format C:\? Are you sure you want to format your C drive? This section will cover some arguments that can be supplied to cmdlets that allow you to control the way they execute. Although not all cmdlets support these arguments, most of those included with Windows PowerShell do. The three arguments you can use to control execution are -whatif, -confirm, and suspend. Suspend is not really an argument that is supplied to a cmdlet, but rather is an action you can take at a confirmation prompt, and is therefore another method of controlling execution.
Windows PowerShell cmdlets that change system state (such as Set-Service) support a prototype mode that you can enter by using the -whatif parameter. The developer decides to implement -whatif when developing the cmdlet; however, the Windows PowerShell team recommends that developers implement -whatif. The use of the -whatif argument is shown in the following procedure. The commands used in the procedure are in the UsingWhatif.txt file.
Using -whatif to prototype a command
Open Windows PowerShell by choosing Start | Run | Windows PowerShell. The PowerShell prompt will open by default at the root of your Documents And Settings folder.
Start an instance of Notepad.exe. Do this by typing notepad and pressing the Enter key. This is shown here:
notepad
Identify the Notepad process you just started by using the Get-Process cmdlet. Type enough of the process name to identify it, and then use a wildcard asterisk (*) to avoid typing the entire name of the process, as follows:
Get-Process note*
Examine the output from the Get-Process cmdlet and identify the process ID. The output on my machine is shown here. Please note that in all likelihood, the process ID used by your instance of Notepad.exe will be different from the one on my machine.
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ------- ------ ----- ----- ----- ------ -- ----------- 39 2 944 400 29 0.05 1056 notepadUse -whatif to see what would happen if you used Stop-Process to stop the process ID you obtained in step 4. This process ID will be found under the Id column in your output. Use the -id parameter to identify the Notepad.exe process. The command is as follows:
Stop-Process -id 1056 -whatif
Examine the output from the command. It tells you that the command will stop the Notepad process with the process ID that you used in your command.
What if: Performing operation "Stop-Process" on Target "notepad (1056)"
Confirming actions
As described in the previous section, you can use -whatif to prototype a cmdlet in Windows PowerShell. This is useful for seeing what a cmdlet would do; however, if you want to be prompted before the execution of the cmdlet, you can use the -confirm argument. The cmdlets used in the “Confirming the execution of cmdlets” procedure are listed in the ConfirmingExecutionOfCmdlets.txt file.
Confirming the execution of cmdlets
Open Windows PowerShell, start an instance of Notepad.exe, identify the process, and examine the output, just as in steps 1 through 4 in the previous exercise.
Use the -confirm argument to force a prompt when using the Stop-Process cmdlet to stop the Notepad process identified by the Get-Process note* command. This is shown here:
Stop-Process -id 1768 -confirm
The Stop-Process cmdlet, when used with the -confirm argument, displays the following confirmation prompt:
Confirm Are you sure you want to perform this action? Performing operation "Stop-Process" on Target "notepad (1768)". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Type y and press Enter. The Notepad.exe process ends. The Windows PowerShell prompt returns to the default, ready for new commands, as shown here:
PS C:\>
Suspending confirmation of cmdlets
The ability to prompt for confirmation of the execution of a cmdlet is extremely useful and at times may be vital to assisting in maintaining a high level of system uptime. There may be times when you type in a long command and then remember that you need to check on something else first. For example, you may be in the middle of stopping a number of processes, but you need to view details on the processes to ensure you do not stop the wrong one. For such eventualities, you can tell the confirmation you would like to suspend execution of the command. The commands used for suspending execution of a cmdlet are in the SuspendConfirmationOfCmdlets.txt file.
Suspending execution of a cmdlet
Open Windows PowerShell, start an instance of Notepad.exe, identify the process, and examine the output, just as in steps 1 through 4 in the previous exercise. The output on my machine is shown following. Please note that in all likelihood, the process ID used by your instance of Notepad.exe will be different from the one on my machine.
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ------- ------ ----- ----- ----- ------ -- ----------- 39 2 944 400 29 0.05 3576 notepadUse the -confirm argument to force a prompt when using the Stop-Process cmdlet to stop the Notepad process identified by the Get-Process note* command. This is illustrated here:
Stop-Process -id 3576 -confirm
The Stop-Process cmdlet, when used with the -confirm argument, displays the following confirmation prompt:
Confirm Are you sure you want to perform this action? Performing operation "Stop-Process" on Target "notepad (3576)". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
To suspend execution of the Stop-Process cmdlet, enter s. A triple-arrow prompt will appear, as follows:
PS C:\>>>
Use the Get-Process cmdlet to obtain a list of all the running processes that begin with the letter n. The syntax is as follows:
Get-Process n*
On my machine, two processes appear. The Notepad process I launched earlier and another process. This is shown here:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ------- ------ ----- ----- ----- ------ -- ----------- 39 2 944 400 29 0.05 3576 notepad 75 2 1776 2708 23 0.09 632 nvsvc32Return to the previous confirmation prompt by typing exit.
Once again, the confirmation prompt appears as follows:
Confirm Are you sure you want to perform this action? Performing operation "Stop-Process" on Target "notepad (3576)". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Type y and press Enter to stop the Notepad process. There is no further confirmation. The prompt now displays the default Windows PowerShell prompt, as shown here:
PS C:\>