Gl-Komp-IT-Sys/docs/powershell.md

Basic-config

Set-Password, Set-Hostname, IP-Config, DNS-Config, Firewall

Expand

Set-Password

Get-LocalUser -Name [Username] | Set-LocalUser -Password (ConvertTo-SecureString -AsPlainText [Password] -Force)

Get-LocalUser -Name 'Administrator' | Set-LocalUser -Password (ConvertTo-SecureString -AsPlainText 'Passw0rd' -Force)

IP-Config

New-NetIPAddress -InterfaceIndex [Index des Interfaces] -AddressFamily [IPv4/IPv6] -IPAddress [IP-Adress] -PrefixLength [SNM / Prefix] -DefaultGateway [IP-Adresse des Default-Gateway]

New-NetIPAddress -InterfaceIndex 3 -AddressFamily IPv4 -IPAddress '172.16.7.100' -PrefixLength '255.255.255.0' -DefaultGateway '172.16.7.254'

DNS-Config

Set-DnsClientServerAddress -InterfaceIndex [Index des Interfaces] -ServerAddresses ("[IP-Adresse primärer DNS]","[IP-Adresse sekundärer DNS]")

Set-DnsClientServerAddress -InterfaceIndex '3' -ServerAddresses ('172.16.7.11','172.16.7.12')

Set-Hostname

Rename-Computer -NewName [Name der Maschine] -Restart -Force

Rename-Computer -NewName 'DC01' -Restart -Force

Join-Domain

Add-Computer -Domain [DOMAIN] -Restart -Force

Add-Computer -Domain 'pod07.spielwiese.intern' -Restart -Force

Firewall-on/off

netsh advfirewall set allprofiles state [off/on]

netsh advfirewall set allprofiles state off

Interface Options

Infos auslesen, IPv6 on/off, DHCPv6 on/off, Networkmode [Public/Private/Domain]

Expand

Adapterinfos auslesen [Name/Index/Ip-Adress]

Get-NetIPInterface -AddressFamily [IPv4/6]

Get-NetIPInterface

IPv6-an/abschalten

[Disable/Enable]-NetAdapterBinding -Name [Name der Netzwerkkarte] -ComponentID ms_tcpip6

Disable-NetAdapterBinding -Name 'eth0' -ComponentID ms_tcpip6

Enable-NetAdapterBinding -Name 'eth0' -ComponentID ms_tcpip6

IPv6-DHCP-abschalten

Set-NetIPInterface -InterfaceAlias [Name der Netzwerkkarte] -AddressFamily [IPv4/IPv6] -Dhcp Disabled

Set-NetIPInterface -InterfaceAlias 'Inside' -AddressFamily 'IPv6' -Dhcp Disabled

Set-NetIPInterface -InterfaceIndex [Index der Netzwerkkarte] -AddressFamily [IPv4/IPv6] -Dhcp Disabled

Set-NetIPInterface -InterfaceIndex '3' -AddressFamily 'IPv6' -Dhcp Disabled

Set-Networkcard-to-private

Set-NetConnectionProfile -InterfaceIndex [Index der Netzwerkkarte] -NetworkCategory [Public/Private/Domain]

Set-NetConnectionProfile -InterfaceIndex '3' -NetworkCategory 'Private'

Add-Route

Command: New-NetRoute -DestinationPrefix [Subnet] -InterfaceIndex [Index der Netzwerkkarte] -NextHop [IP-Adress] -RouteMetric [Metric]

New-NetRoute -DestinationPrefix '172.16.0.0/20' -InterfaceIndex '7' -NextHop '172.16.X.254' -RouteMetric '1'

Remote-Access

Expand

Read TrustedHosts

Get-Item WSMan:localhost\client\TrustedHosts

Set TrustedHost

Set-Item WSMan:localhost\client\TrustedHosts –Value '[IP bzw. hostname]'

Set-Item WSMan:localhost\client\TrustedHosts –Value '[IP bzw. hostname],[IP bzw. hostname]'

Set-Item WSMan:localhost\client\TrustedHosts –Value '172.16.7.254'

Activate Remote-PS

Enable-PsRemoting

Remote PS Execute

Remote befehle oder scirptblöcke ausführen

Command: Invoke-Command –ComputerName [IP bzw. FQDN] –Credential [User] –Command {[Befehl]}

Command: Invoke-Command –ComputerName [IP bzw. FQDN] –Credential [User] –ScriptBlock {[Befehle]}

Invoke-Command –ComputerName [IP bzw. FQDN] –Credential [User] –Command {[Befehl]}

Invoke-Command –ComputerName [IP bzw. FQDN] –Credential [User] –ScriptBlock {[Befehle]}

AD Set-Serverroll, Join-Domain, Add-User

Expand

Change-Serverrolle-im-AD

Move-ADDirectoryServerOperationMasterRole -Identity [Ziel-DC] -OperationMasterRole [SchemaMaster/RIDMaster/InfrastructureMaster/DomainNamingMaster/PDCEmulator] Move-ADDirectoryServerOperationMasterRole -Identity [Ziel-DC] -OperationMasterRole [0/1/2/3/4]

Move-ADDirectoryServerOperationMasterRole -Identity 'DC01' -OperationMasterRole PDCEmulator

Add-User

New-ADUser -Name [Vor Nachname] `
-GivenName [Vorname] `
-Surname [Nachname] `
-SamAccountName [Anmeldename] `
-UserPrincipalName [Anmedldename@domain.tld] `
-Path "OU=Users,DC=yourdomain,DC=com" `
-AccountPassword (ConvertTo-SecureString [Passw0rd] -AsPlainText -Force) `
-Enabled $true

New-ADUser -Name "John Doe" -GivenName "John" -Surname "Doe" -SamAccountName "jdoe" -UserPrincipalName "jdoe@yourdomain.com" -Path "OU=Users,DC=yourdomain,DC=com" -AccountPassword (ConvertTo-SecureString "P@ssword1" -AsPlainText -Force) -Enabled $true

AddGroup

New-ADGroup -Name [name] -GroupScope [DomainLocal/Global/Universal] -GroupCategory [Security/Distribution] -Path [OU=(Ordner),DC=(Subdomain),DC=(Domain),DC=(.tld)]

New-ADGroup -Name "Trans_R" -GroupScope DomainLocal -GroupCategory Security -Path "OU=BTL-klein,OU=pod07,DC=pod07,DC=spielwiese,DC=intern"

Command: