PowerShell remains a ubiquitous and formidable arrow in the quiver of Windows tech guys. Much has been written about PowerShell—books, columns, and blogs—tips and tricks, secret techniques, and simply how to easily get the most out of this powerful ally. PowerShell is fairly unique in that it is truly valuable regardless of how deep you choose to dive into its capabilities. There is plenty to find about how to best use PowerShell for troubleshooting at a variety of levels. Here's a look:
Naturally, you expect to find a lot of great scoop on troubleshooting with PowerShell from the Scripting Guys at Microsoft. And indeed Hey Scripting Guy! does not let you down. They not only touch on using PowerShell to troubleshoot something like Windows 7, but also using PowerShell to troubleshoot PowerShell scripts and its remoting functions. PowerShell heal thyself.
Use PowerShell to Troubleshoot Your Windows 7 Computer: "One of the more impressive things one can do with Windows PowerShell is to use the troubleshooting packs. When combined with Windows PowerShell remoting, the results can be as impressive as Oahu's North Shore. The TroubleShootingPack module is available in Windows 7. Because it is a module, it first needs to be imported into the current Windows PowerShell session. When working with modules, I first like to use the Get-Module command to see which modules are available."
Use the PowerShell Debugger to Troubleshoot Scripts: "Invariably, when I am talking to people about writing Windows PowerShell scripts, someone comes up with the question about script debugging. To be honest, I rarely fire up a debugger. Never have, even back in the VBScript days. I generally write code in such a way that when a problem occurs, it is obvious where the problem lies and how to correct it. Every once in a while, however, the problem is not obvious, and being able to actually debug the script comes in helpful. In Windows PowerShell 2.0, we introduced several Windows PowerShell cmdlets that make it easier to debug scripts."
Troubleshooting Windows PowerShell Remoting: "The first tool to use to see if Windows PowerShell remoting is working (or not) is the Test-WSMan cmdlet. Use it first on the local computer (no parameters are required). The command and its associated output are shown here:
PS C:\> Test-WSMan
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0
To test a remote computer, specify the –ComputerName parameter. This following command runs against a Windows Server 2012 domain controller named DC3.
PS C:\> Test-WSMan -ComputerName dc3
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0"
Hey Scripting Guy posts pretty regularly, so if you have questions, that's the place to go.
This is an excellent site to find tutorials on Microsoft Exchange Server, cloud, virtualization, security, and other functions. For this one, post author Mitch Tulloch writes, "PowerShell can not only be used to manage networking configurations but also to troubleshoot network issues when they occur in your environment. This present article provides a few examples of what you can do in this area. The explanation and procedures included below are adapted from my book, Training Guide: Installing and Configuring Windows Server 2012 R2 (Microsoft Press, 2014)."
Then he gets into how to use individual cmdlets to accomplish what you need:
- "Get-NetAdapter: introduced in Windows Server 2012 to enable you to retrieve the configuration of all physical network adapters in the server.
- The Get-NetIPAddress: introduced in Windows Server 2012 to enable you to retrieve the IP addresses configured on the system's network adapters. You can use the Get-NetIPAddress cmdlet both on physical servers and within virtual machines.
- Get-NetIPConfiguration: introduced in Windows Server 2012 to enable you to retrieve able network interfaces, IP addresses, and DNS servers configured on a system.
- Test-NetConnection: introduced in Windows Server 2012 R2 to enable you to perform ICMP and TCP connectivity tests."
Richard Hicks is someone you can certainly look to for solid PowerShell counsel. He has his favorites for troubleshooting PowerShell commands. He writes,
"Native PowerShell commands in Windows 10 make DirectAccess troubleshooting much easier than older operating systems like Windows 7. For example, with one PowerShell command an administrator can quickly determine if a DirectAccess client has received the DirectAccess client settings policy. In addition, PowerShell can be used to view the status of the connection and retrieve additional information or error codes that can be helpful for determining the cause of a failed connection. Further, PowerShell can also be used to review configuration details and perform other troubleshooting and connectivity validation tasks. Here are my top 5 PowerShell commands for troubleshooting DirectAccess on Windows 10:
Richard Hicks is of course a veteran presenter at TechMentor events. He's also the founder and principal consultant of his own firm Richard M. Hicks Consulting.
Posted by Lafe Low on February 12th, 2018 at 10:09 AM0 comments
The battle of the hypervisors continues. Microsoft has done an admirable job positioning Hyper-V as one you must contend with, even if you prefer vSphere for certain virtualization tasks. You’ll find plenty of sound advice for working with and configuring Hyper-V in the blogs presented here. As a side note, I don't know why anyone hasn't yet latched onto the title The Hypervisor Advisor. If you’re a virtualization expert looking to start up a blog, feel free to steal that title!
This is the official virtualization blog for Microsoft, so it covers a lot of Hyper-V and related topics. One recent post by Sarah Cooley describes, "What's new in Hyper-V for the Windows 10 Creators Update?
" Microsoft recently released the Windows 10 Creators Update, which describes several improvements made with Hyper-V in mind:
- Quick Create
- Checkpoint and Save for nested Hyper-V
- Dynamic resize for VM Connect
- Zoom for VM Connect
- Networking improvements (NAT)
- Developer-centric memory management
This is actually another official Microsoft blog, this one by Ben Armstrong, Microsoft's Hyper-V program manager, so you know the info is good. Recent posts on Armstrong's blog cover:
Blogger Aidan Finn describes his blog as "A Hyper-V blog, but you'll also find Windows Server, desktop, systems management, deployment, and so on." So while you’ll get mostly some good Hyper-V stuff, there are plenty of related topics in the mix as well.
One recent post, "VMQ on Team Interface Breaking Hyper-V Networking," gets into the nitty gritty of why several VMs weren't communicating:
"I recently had a situation where virtual machines on a Windows Server 2016 (WS2016) Hyper-V host could not communicate with each other. Ping tests were failing:
- Extremely high latency
- Lost packets
In this case, I was building a new Windows Server 2016 demo lab for some upcoming community events in The Netherlands and Germany, an updated version of my Hidden Treasures in Hyper-V talk that I’ve done previously at Ignite and TechEd Europe (I doubt I'll ever do a real talk at Ignite again because I’m neither a MS employee or a conference sponsor). The machine I’m planning on using for these demos is an Intel NUC. It’s small, powerful, and is built with lots of flash storage. My lab consists of some domain controllers, storage, and some virtualized (nested) hosts, all originally connected to an external vSwitch. I built my new hosts, but could not join them to the domain. I did a ping from the new hosts to the domain controllers, and the tests resulted in massive packet loss. Some packets go through but with 3000+ MS latency."
Here's another blog that covers mostly Hyper-V, but some other stuff as well (as you can discern from the title). This one gets into some good detail. One post is, "HYPER-V R2 Networking—How to configure management and VM networks
." This provides a decent overview of the topic.
"I see very often confusion around the configuration of the Hyper-V networking and the creation of the virtual networks (Hyper-V). Therefore I will try to give you here a short/simple overview how you can configure your Hyper-V Host networking environment in regards to best practice which ensures the reliability and availability of your virtualized workloads."
shares a PowerPoint presentation originally published by Microsoft focusing on network performance improvements with Hyper-V, covering all the different approaches like VMDQ and Chimney Offloading.
What are some of your favorite Hyper-V blogs? Drop me a line at email@example.com!
Posted by Lafe Low on July 7th, 2017 at 1:08 PM0 comments
The TechMentor video library is now up and running. Get a free preview of the session content you can expect at a TechMentor conference, and consider joining us at Microsoft Headquarters in August!
Check out these presentations from two of our top TechMentor expert presenters:
Penetration Tests in Real Life: In this session, you can follow one of the world's leading operating system security experts Sami Laiho. Sami will take you through a real-life penetration test. You can learn how to protect and how to test your own environment before a legal or illegal penetration takes place. This session was recorded at TechMentor/Live! 360 Orlando 2016.
You're Writing Your PowerShell Functions Wrong. Stop It: Renowned PowerShell expert Don Jones is the co-author of Learn PowerShell Toolmaking in a Month of Lunches. Checkout this video as he takes a hard look at the rights and wrongs of advanced functions and scripting in PowerShell. This session was recorded at TechMentor/Live! 360 Orlando 2016.
Keep checking back as we’ll be posting more videos as we can.
More TechMentor resources:
Posted by Lafe Low on June 20th, 2017 at 5:33 PM0 comments
Security remains a top of mind issue across the board. The recent worldwide sweep of the WannaCry ransomware attack served as a reminder—not that we needed one—that cybersecurity seems to be a fire that simply refuses to be put out. And indeed it may never be. As our cybersecurity solutions and policies evolve, it seems the bad guys evolve just a couple of steps ahead. Thankfully, for every successful attack, there are many more successful defenses. If you’re looking to broaden your security knowledge, or just looking for some specific resources, take a trip through some of these Windows security blogs. They're sure to shore up your security smarts.
This is the latest word in security from Microsoft itself. The lead post right now announces that the Microsoft Security Intelligence Report Volume 21 is now available
. Besides tactical advice and analysis of the latest cybersecurity headlines, this blog is good place to find resources like this.
Posted by the Microsoft Secure Blog Staff, this post states, "The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir. This new volume of the report includes threat data from the first half of 2016 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. The report also provides specific threat data for over 100 countries/regions."
The post entitled "Security in agile development," written by Talhah Mir, Principal PM Manager, looks a good practical look at how agile development can have a direct impact on software. Mir writes, "Most enterprises' security strategies today are multifaceted—encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more secure enterprise. But, security really starts at the fundamental core, at the software development level. It’s here that security can be "built in" to ensure that applications meet the security requirements of enterprises today and are aligned to a holistic, end to end security strategy."
Other posts, like Cybersecurity and cyber-resilience – Equally important but different, by Paul Nicholas, Senior Director of Trustworthy Computing take a high level philosophical look at the current state of cybersecurity, the larger scale trends, and what we're likely to face in the future. Nicholas writes, "The October Mirai-based IoT attack demonstrated an important and often neglected consequence of technology’s expansion into every aspect of our daily lives, as well as into the systems that underpin our economies and societies. We have never been as exposed to cyberattacks and because technology's pervasiveness in our lives the possible consequences of attacks, such as the one that occurred last month, are going to be more widespread and troublesome than in the past."
Bruce Schneier, a distinguished security expert who has written 13 books on the topic, is a fellow at Harvard University and appears regularly on a host of TV and radio programs. His blog explores policy and current events as well as in-the-trenches tips.
In this post, he covers the NSA decision to no longer collect information solely based on message content: "Earlier this month, the NSA said that it would no longer conduct "about" searches of bulk communications data. This was the practice of collecting the communications of Americans based on keywords and phrases in the contents of the messages, not based on who they were from or to."
If you are still searching for info on WannaCry, Schneier covers it here: "Criminals go where the money is, and cybercriminals are no exception. And right now, the money is in ransomware. It's a simple scam. Encrypt the victim's hard drive, then extract a fee to decrypt it. The scammers can't charge too much, because they want the victim to pay rather than give up on the data. But they can charge individuals a few hundred dollars, and they can charge institutions like hospitals a few thousand. Do it at scale, and it's a profitable business."
Here, he discusses an extremely interesting discovery regarding HP laptops: "This is a weird story: researchers have discovered that an audio driver installed in some HP laptops includes a keylogger, which records all keystrokes to a local file. There seems to be nothing malicious about this, but it's a vivid illustration of how hard it is to secure a modern computer."
This is a solid, in-depth resource that gets sufficiently technical to satisfy the deepest security geeks. Penned by Randy Franklin Smith, some recent posts include:
In this post, Work Smarter—Not Harder: Internal Honeynets Allow You to Detect Bad Guys Instead of Just Chasing False Positives
, he discusses how honeynets could change the detection game: "Log collection, SIEM and security monitoring are the journey not the destination. Unfortunately, the destination is usually a false positive. This is because we’ve gotten very good at collecting logs and other information from production systems, filtering that data and presenting it on a dashboard. But we haven't gotten that good at distinguishing events triggered by bad guys from those triggered by normal every day activity. A honeynet changes that completely."
This entry, Tracking removable storage with the Windows Security Log, discusses auditing the removeable storage access in Windows: "With data breaches and Snowden-like information grabs I'm getting increased requests for how to track data moving to and from removable storage such as flash drives. The good news is that the Windows Security Log does offer a way to audit removable storage access."
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online reveals how important monitoring the email inbox actually is: "E-mail remains one of the most heavily used communications mediums within organizations today. With as much as 75 percent of your organization's intellectual property stored in e-mail, Microsoft Exchange is for all practical purposes a treasure trove of organization’s most valuable secrets—just waiting for inappropriate access."
This blog is a great technical resource for IT teams. There's a lengthy list of topics covered that span the range of platforms you're tasked with supporting and securing.
What are some of your favorite Windows security blogs? Drop me a line at firstname.lastname@example.org!
Posted by Lafe Low on May 19th, 2017 at 2:21 PM0 comments
PowerShell is indeed a powerful ally. Using its raw command-line power for automation and configuration management has given Windows devotees a fundamental level of precision control for years. PowerShell has been around long enough that there are some incredibly rich and detailed references in the blog world. Here are a few PowerShell blogs you should add to your favorites list.
This is the official word straight from the proverbial horse's mouth—the Microsoft PowerShell team blog. You can pretty much take what you read here and put it right to work without questioning its validity or accuracy.
In a recent post entitled, "A Comparison of Shell and Scripting Language Security," the team describes its current stance on security and the role PowerShell can play. The team writes, "As PowerShell has become more popular, it has also become more popular for unauthorized administrators—also known as 'Attackers.' In any operating system or platform, the power and efficiency you provide authorized administrators is also available to unauthorized administrators. For example, Unix, Linux, and Mac all have dozens of powerful built in compilers, scripting languages, and debuggers. It’s a power user's dream, but also a liability. The PowerShell team has recognized this double-edged sword since the introduction of PowerShell in 2006. In the last 10 years, we’ve invested greatly in both securing and hardening PowerShell. In PowerShell version 5, we really cranked up the dials on making PowerShell security transparent—the results of which we describe in our post, PowerShell ♥ the Blue Team."
By all means check out the security improvements to PowerShell listed in that referenced post. Other recent posts on the official Microsoft PowerShell team blog include everything from availability announcements to specific step-by-step how-to posts:
This is also a Microsoft blog, but is clearly focused more on the how-to angle. Recent posts on this well-done blog include Debugging PowerShell script in Visual Studio Code—Part 1 and Part 2. The posts are clear, well-organized and at a good technical level for enterprise admins.
There's also a four part series on a PSScriptAnalyzer deep dive. Part four leads off with: "PSScriptAnalyzer comes with a total of 45 rules that are based on community best practices. PowerShell team members at Microsoft and the community developed these rules. The built-in rules are a great baseline, and a good starting point that will quickly tell you if a script or module has any glaring flaws before you get too deep into it. That's great, but what if you or your team has some more stringent standards or you want to borrow the PSSA engine to check scripts for some other reason? You'll need a custom rule."
Other current posts include "Cloud operating system deployment: WinPE in Azure." There's also a series called PowerTips, which includes posts on:
- PowerTip: Get a list of security patches installed in the last 90 days
- PowerTip: Get a list of suspended Azure Automation jobs
- PowerTip: Convert from UTC to my local time zone
This is Jeffrey Hicks' PowerShell blog, in which he lists plenty of other training references and books on "the shell." A lot of books he references he has authored or co-authored himself, including the two titles he would consider essential. He also references to two Microsoft blogs mentioned above. On his blog, he writes, "If you want to get up to speed even faster, you can get a copy of my free eBook on PowerShell 4
for beginners that I wrote for Veeam. After that, get a copy of The Windows PowerShell Cookbook
by Lee Holmes. This is a fantastic resource on all the things you can do with PowerShell."
Jeff further recommends, "You should keep up with the official Microsoft PowerShell team and Hey, Scripting Guy! blogs. It also wouldn’t hurt to bookmark the Microsoft Script Center."
For a veteran PowerShell guy (and veteran TechMentor presenter!) like Jeffrey Hicks, this is a good one to follow.
What are your favorite PowerShell blogs? Let me know at email@example.com. Stay tuned for more PowerShell blogs in future posts!
Posted by Lafe Low on April 20th, 2017 at 11:37 AM0 comments
There's nothing quite like information straight from the source. That's exactly what TechMentor delivers this August 7-11 as we return to the Microsoft Campus for another week of straight-from-the-mothership IT learning.
The conversation continues this year with another look at the topics and technologies that are relevant and immediately-usable in your IT datacenter. Like always, each of our sessions is taught by either an independent industry expert who knows and uses their technology in the trenches; or, by one of Microsoft’s “blue badges” themselves. No one knows these topics better, and no one is better equipped to knowledge transfer them to you.
We break the content apart this year into seven major tracks, giving you the opportunity to hone your server and datacenter skills, learn the details of implementing DevOps, dig deep into the biggest client issues of the day, enhance your infrastructure and security positioning, get the real-world and immediately-usable guidance for cloud services, and even brush up on your soft skills. Take a tour through this extensive catalog of courses for all the details.
That's not all, though. TechMentor is also…not…the biggest IT learning conference out there. At TechMentor, we're not large and you're not a number. You'll get one-on-one with our speakers and experts during our Birds-of-a-Feather lunch events, our kick-off Dine A-Round Dinner, and our Wednesday evening Seattle Sunset Cruise, among a week of opportunities.
You're also not bound by the usual 75-minute sessions seen at most other conferences. TechMentor goes deep with morning three-hour Deep Dives along with an entire Monday and Friday of long-form, and in some cases Hands-On, sessions that are not to be missed.
Whether your datacenter has a dozen servers or a thousand; whether they're centralized or distributed globally; whether they're physical or virtual; whether they're on-premises or deployed in the cloud; TechMentor offers cutting-edge education designed to help you get the most from your current investment, while making smart decisions for future technology investments.
Are you ready for an unforgettable week in the middle of everything? We'll see you in Redmond!
Senior Technical Fellow, Adminize
Author Evangelist, Pluralsight
TechMentor Conference Co-Chairs
Posted by Lafe Low on March 24th, 2017 at 11:37 AM0 comments