Powershell Copy 2

Introduc)on to Microso. PowerShell for Security Professionals DerbyCon 2012

Introduc)on to Microso. PowerShell for Security

ProfessionalsBy Carlos Perez

[email protected]

Tuesday, November 20, 12


For whom is this Class?

• Security Professionals that need to audit, secure or penetrate Windows environments.• Security Professionals that consume data generated by other tools in a Windows Environment.• Security Professionals that like to build their own tools and automate tasks.

2



Why PowerShell

• PowerShell now forms part of Microso. Common Engineering Criteria for Server Products.• More flexibility and capabili)es than VBScript or CMD.exe.• Because we are smarter than GUI Clicking admins and want to automate our work in a more efficient and reliable way.

3



What is PowerShell

• Command shell with scrip)ng capabili)es based on other shells like Bash and scrip)ng languages like Perl• The shell operates with objects vs a command prompt or *nix shell that operates with text• Designed for management and automa)on

4



What is PowerShell

• PowerShell can leverage on Windows:–WMI–COM–.Net Framework –ADSI–Loading of DLLs

5



PowerShell v2 Requirements

• Comes Pre-‐Installed on Windows 7 and 2008R2• Requires .Net Framework 3.5 or above• For Windows XP and 2003 you need to download it from Microso. in the download center as KB968930 or hgp://www.microso..com/powershell

6


http://www.microsoft.com/powershell






• ISE is only installed on Windows 7 on 2008 R2 it is a feature that needs to be install from Server Manager• On Windows 2008 in Features inside Server Manager the version that comes is Version 1.0 and there is no ISE for v1• Can not be installed side by side with v1

7




• Comes Pre-‐Installed on Windows 8 and 2012• Requires .Net Framework 4.0 or above• Can be installed on Windows 7 SP1 and Windows 2008 R2 from hgp://www.microso..com/powershell• It is compa)ble with v1 and v2 of PowerShell• Can be installed side by side with v2

8








•Windows Remote Management v3 is a requirement for PowerShell v3

9



PowerShell v3

• PowerShell v3 has both engines

10



PowerShell v3

• In the case of Windows 8 PowerShell v2 engine can be enabled or disable via the Windows Features configura)on app

11



PowerShell Architectures

12



PowerShell as Administrator

13



PowerShell v3 Windows 8

14



PowerShell v3 Windows 8

15



The Console

16



PowerShell Shell

• The PowerShell Shell allows the running of regular executables and PowerShell Cmdlets.• As a scrip)ng shell it also provides access to aliases and func)ons like we have on *nix style shells.• Commands that are part of cmd.exe are not available.• The use of environment variables and shell variables differ.

17



PowerShell Shell

• Sub-‐Shells like Netsh and WMIC remain the same (Some commands Break ISE Terminal Emula)on).• The shell has Cisco IOS Shell characteris)cs where only the first unique characters of a cmdlet parameter is required.

18



Advantages

• It has Tab comple)ons where one can type the first part of a command, op)on or directory path and hit Tab key to complete• One can create Transcripts of all ac)ons taken with the transcript cmdlets (Not available in ISE)• Both Windows commands and cmdlets can be ran• Low memory footprint

19



Advantages

• Requires less of the .Net Framework for it to be used.

20



Disadvantages

• Only supports single byte character sets, so non-‐english languages won’t display properly• Copy and Paste of text uses nonstandard keystrokes• Offers no color coding for the commands being typed

21



Senng up your Environment

22




23




24



Keyboard Commands

25

Keyboard Ac+on

Le./Right Arrow Keys Move Cursor le. and right

Crtl+Le. Arrow, Crtl+Right Arrow Keys Move Cursor one Word each )me

Home Move Cursor to Beguining

End Move Cursor to End

Up/Down Arrow Keys Move thru Command History

Tab Command and Op)on Comple)on

F7 Command History Window

Insert Key Toggle Character Inser)on/Overwrite

Delete Key Delete character under cursor

Backspace Key Delete character to le. of cursor



PowerShell v2 ISE

26



PowerShell v3 ISE

27



Advantages of ISE

• Color coding• Keyboard Copy and Paste• Tab complete for Op)ons, Commands and Paths• IntelliSense on ISEv3• Command Reference Pane on ISEv3

28



ISE v3 Almost the Best Terminal!

• Intellisense for Cmdlets and parameters with parameter help popup.• Intellisense will provide values for parameters based on enumera)ons and pre-‐defined sets.• Intellisense will perform smart matching for cmdlet names• Intellisense will show path op)ons for filesystems and PSProviders• Intellisense will show variables• Intellisense will show for objects proper)es and methods available

29




• Intellisense for history when one types # followed by Ctrl-‐Space

30




• The terminal emula)on in PowerShell ISEv3 breaks with certain Windows Commands like WMIC, Netsh and others that create a sub-‐shell

31



History

• To get a list of the commands entered in the shell one can use the up and down keyboard arrows to move thru it or use the Get-‐History cmdlet.• To execute one of the command that are in the history buffer one would enter the # symbol followed by the Id number and press the Tab key to have the shell retrieve it.

32



History• On the shell only one can also use the F7 key to get a list of the commands entered.

33



History• PowerShell differs from other shells in that history of the commands entered is lost when the shell is closed.• Transcript cmdlets can be used to keep a log of entries in the shell:–Start-‐Transcript -‐ this will save all of our commands and output to a file –Stop-‐Transcript it will stop recording our ac)on.

• The Append op)on can be used to append to the end of the file entered for the transcript.

34



Using Help

35



Using Help

• GUI Provides discoverability using Tool)ps, Menus and Context Menus. • In PowerShell the discoverability comes from using the help system.• As we preach to users, family and friends we must RTFM.• The mastery of the help system is what will determine if you will be effec)ve or not with PowerShell.

36



Using Help

• To get you used to using the help system in the labs you will not be given the commands for the tasks and will be encouraged to use help to figure out the commands and op)ons.

37



Using Help

• To get you used to using the help system in the labs you will not be given the commands for the tasks and will be encouraged to use help to figure out the commands and op)ons.• Many )mes you will see that using the help system is faster and even beger than using Google for many discovery tasks.

38



Using Help

• To access the help system we use the Get-‐Help cmdlet also aliased in the shell as help and also aliased as man• The help command can be used to get help on cmdlets and topics• If the author included the proper comments in his code help can also be used with help

39



Using Help

• help [cmdlet|func+on|script|topic|provider] <op+ons> would be for genng specific help.• help about will show all PowerShell conceptual topics areas.• help <wildcard expression> will look for the word or expression in the )tles of the help files, if none is found it will look in the content of the help for it.

40



Using Help

• One can select what parts of a help file we want to see.–Wen used against a cmdlet with no op)ons it will show Name, Synopsis, Syntax, Descrip)on, Related Links and Remarks.–When the -‐Detailed op)on is given it will show Parameter Informa)on and Examples.–When the -‐Full op)on is given it will show a more detailed list of info for Parameters.–When the -‐Examples op)on is given only examples are shown.

41



Using Help

• PowerShell also provides ways to get the latest Help informa)on.– The -‐online op)on will open the default web browser showing the help page for the selected cmdlet or topic. – On PowerShell v3 the Update-‐Help cmdlet was added and it will update the help files for PowerShell. It must be ran as Administrator.

42



Using Help -‐ Reading Syntaxt

–A cmdlet can have more than one way for it to be invoked and this can be seen in the syntax

43



Using Help -‐ Reading Syntax

–Required for required op)ons or values they will not be enclosed in any bracket.–Op)ons or values enclosed in [ ] are op)onal–Values are represent with the type they take between < >–Those values that can be lists are represented as <type[ ]> –Those that have a predefined list of op)ons it can take are represented as < op+on1 | op+on2 | op+on3>

44



Using Help -‐ Reading Syntax

–When the help cmdlet is used with the -‐full op)on is used we get addi)onal informa)on on the parameters:• required? -‐ specifies if the op)on is required or not.• posi)on? -‐ specified if the posi)on is a named one or an order one. For ordered one it will give the number of the posi)on for the value it will map to it.• Default value -‐ Default value the op)on has.• Accept pipeline input? -‐ specified if the op)on accepts input from the pipeline and if the input is by value type or by property name.• Accept Wildcard Characters? -‐ specifies if wildcard characters can be used.

45



PowerShell Cmdlets

46



Cmdlet

• PowerShell specific commands are called cmdlets.• They are in the form of a <verb>-‐<noun>• The verbs are grouped for the tasks of:

47

–Common–Communica)on–Data–Diagnos)c

–Lifecycle–Other–Security



Cmdlet

• Cmdlets are wrigen in .Net Framework Language, most are in C#.• Func+ons are like cmdlets but they are wrigen in PowerShell.• Applica+ons are any type of executable that can be ran from the shell.

48



Cmdlet

• For finding what cmdlets are available the Get-‐Command cmdlet is used.• The Get-‐Command cmdlet will allow for the searching of Cmdlet, Alias and Func)on using wild cards.• A recommended method for using Get-‐Command or its alias gcm is to use the -‐noun and/or -‐verb op)on so as to filter none cmdlets or use -‐CommandType cmdlet

49



Cmdlet

• cmdlets can be explored in PowerShel v3 with the Show-‐Command cmdlet

50



Cmdlet

• PowerShell provides to all cmdlets a set of common parameter.• Some of these parameters depending on the command do not generate any results unless the cmdlet has been coded to take advantage of them.• Some of the common parameter override system default preferences only for the cmdlet in ques)on. • To read on then help common provides a details on each parameter

51



Wildcard Characters

52

Wildcard Character Descrip+on Example

* Matches zero or more characters, star)ng at the specified posi)on a*

? Matches any character at the specified posi)on ?n

[ <start>-‐<end>] Matches a range of characters name[1-‐20]

[ ] Matches the specified characters [ab]jhones

-‐CommandType cmdlet

Many of the cmdlet op)on accept wildcards characters. In PowerShell the Wildcards Characters are:



Cmdlet

• PowerShell supports Aliases for cmdlets. This are like shortcuts that can be used.• To get a full list of exis)ng aliases in the current shell the Get-‐Alias cmdlet can be used. • They should be avoided in Scripts or Func)ons since they may change or be overwrigen by accident.

53



The Shell

• PowerShell has characteris)cs not present in the old command prompt or some *nix shells since it also acts almost like a REPL (Read-‐Eval-‐Print Loop) like what we have with Ruby IRB and Python Shell.• Arithme)c expressions can be entered directly in to the shell

54



Parenthe)cal Precedence

• Parenthesis apply to commands and it is refereed to as Parenthe)cal Commands

55

Get-Service -ComputerName (Get-Content .\serverlist.txt)



Expression Evalua)on

• Evalua)ons are determined by the le.most object. • If elements are of different types PowerShell will try to convert the rightmost element to the same type as the le.most element.

56

"string" + 10 = string1010 + "string" = Error10 + "10" = 20



Line Con)nua)on

• When working on the shell and you see the >> as part of the prompt it means your command is con)nuing in another line.

• An open brace { , parenthesis ( , or square bracket [ will allow for con)nua)on across mul)ple lines un)l the block is closed by the corresponding } ) ]

• A trailing comma (the array operator) will allow for a line break un)l the next array member

• Double quotes “ and single quote ‘ can also be used but @” <string> “@ is recommended

57

PS > Get-Service -Name "BITS>>



Script Block

• In PowerShell it interpreters a new line or ; as the end of a command.• Script Block is a special structure that contains a command or a ordered collec)on of commands• a Script Block is declared by using { <command> ; command}• It can be passed to cmdlets or structures that accept them (More on this later)

58



Extending the Shell

• PowerShell provides to ways to expand the number of cmdlets, func)ons and providers available to a user. These are:–PSSnapins -‐ They are wrigen in a .Net Language and are packaged as DLLs that get registered with the systems. MS Recommend to not use this method anymore to developers.–Modules -‐ They where introduced in v2 of PowerShell and are mainly self contained in and can be copied to system to system if dependencies are included. On v3 they added the capacity for Autoloading.

59



Extending the Shell

• On v2 modules need to be loaded by hand to be able to see the commands it contains.• On v3 the commands available in modules that are located in the $env:PSModulePath variable can be listed and seen without loading the module explicitly and when the command is ran it autoloads the module.

60



Extending the Shell

• Discovering new commands from PSSnapins:–For all available PSSnapins Get-‐PSSnapin –Registered–For currently loaded PSSnapins Get-‐PSSnapin–For lis)ng commands from a loaded PSSnapin Get-‐Command -‐PSSnapin <PSSnapin Name>

• Discovering new commands from Modules:–For lis)ng all available modules Get-‐Module –ListAvailable–For Currently loaded modules Get-‐Module–For lis)ng commands from a module Get-‐Command -‐moduel <module Name> (On v2 only loaded ones)

61



Extending the Shell

• Loading Extensions:–On v2 to load a module the Import-‐Module <name> on v3 modules located on the $env:PSModulePath variable are automa)cally loaded, if not on any of those paths the path would be included with the module name.–Add-‐PsSnapin <Name> will load a PSSnapin.

• Removing Extensions:–Remove-‐Module <name> to unload a module.–Remove-‐PSSnapin <name> to unload a PSSnapin

62



Extending the Shell

• Managing autoloading of modules is done by senng the PSModuleAutoloadingPreference variable:–All -‐ Modules are imported automa)cally on first-‐use. –ModuleQualified -‐ Modules are imported automa)cally only when a user uses the module-‐qualified name of a command in the module <Module Name>\<Cmdlet Name>–None -‐ Automa)c impor)ng of modules is disabled in the session. To import a module, use the Import-‐Module cmdlet.

63



Extending the Shell

–Name conflicts may happen when impor)ng new commands from extensions. PowerShell will Hide or Replace commands. –Tp minimize risk of this happening import new modules with either the -‐NoClober parameter or the -‐Prefix <prefix> parameter–One can also select what import by passing the names to the parameters Alias, Cmdlet, Func+on, and Variable

64



Pipeline

65



Pipeline On Other Shells

66

Command' StdIn' Command'StdOut'



The Pipeline

• The pipeline is what makes PowerShell so powerful as a shell.• It )es commands and cmlets together in ways a regular shell can not.• Mastery of the Pipeline is what makes the difference in mastering or not PowerShell

67



Pipeline ByValue

68

cmdlet' (InputObject'[]' cmdlet'Objects'



Pipeline ByValue

• The Object Type has to be same from the output to of the cmdlet to the Parameter receiving it.• Te Parameter mus accept input from the pipeline and it must also accept a collec)on

69



Pipeline ByPropertyName

70

cmdlet' ValueName'[]' cmdlet'Objects'



Pipeline ByValue

• The Object has to have a property which name matches the Parameter name• Te Parameter must accept input from the pipeline and it must also accept a collec)on

71



Pipeline

•When and object collec)on is send thru the pipeline to another cmdlet that takes a collec)on of objects each object is referred to as $_

72

Get-Service | where-object { $_.Status -eq "Running" }



PowerShell Objects

73



PowerShell Objects

• Every ac)on taken inside of PowerShell is done in the context of objects. • Data is moved from one cmdlet to another as a single object or collec)on of objects.• Objects are composed of:–Type -‐ What kind of objects is it.–Method -‐ Ac)on that can be taken on the object.–Property -‐ Informa)on about the state of an object

• Even the data returned by a regular command is retuned as an object.

74



PowerShell Objects

• To get a list of the methods and proper)es an object has the Get-‐Member cmdlet is used.• One can use the Pipe to pass an object or a collec)on of objects to Get-‐Member• If a collec)on is given it will return the informa)on for each unique type in the collec)on.

75



PowerShell Objects

• For the manipula)on of objects we will cover first the Operators in PowerShell since they are used against Objects and the Proper)es of objects.• PowerShell operators differ from the operators of other scrip)ng and programing languages, the design reasons where to mimic those found in Shell Languages found on *nix systems.• When comparisons are done PowerShell has the special variables $True and $False to represent Boolean values

76



Arithme)c Operators

77

Operator Descrip+on

+ Adds integers and floa)ng numbers; concatenates strings, arrays, and hash tables.

-‐ Subtracts one value from another. When placed in-‐front of an integer it makes the numbers a nega)ve one.

/ Divides two values.

* Mul)plies integers and floa)ng numbers. Copies strings and arrays the specified number of )mes.

% Returns the remainder of a division opera)on.



Arithme)c Operators

78

Operator Descrip+on

++ Unary addi)on. Adds 1 to the variable it is used against.

-‐-‐ Unary subtrac)on. Subtracts 1 from the variable it is used against.

+=, -‐=, /=, *= Shortcuts for taking the content of a variable and replacing it with the content plus the ac)on and a new variable like $var = $var + 10 would be $var += 10



Arithme)c Operators

• PowerShell follows the same rules as Arithme)c where the other of precedence is as follows:– ( ) Parenthesis.– -‐ Transforming Nega)ve Numbers.– *, / and % Mul)plica)on, division and modulus.– + and -‐ Addi)on and subtrac)on.

79



Comparison Operators

80

Operator Descrip+on

-‐eq Equal to

-‐ne Not Equal to

-‐gt Greater than

-‐lt Less than

-‐le Less or Equal to

-‐ge Greater or Equal to




81

Operator Descrip+on

-‐contains -‐notcontains Collec)on of element contains a specific element.

-‐in -‐no)n A specific element is present in a collec)on of elements.

-‐like -‐notlike Wildcard string comparison

-‐match Matches a regular expression




• In PowerShell comparisons are not case sensi)ve for string comparison

• To make a comparison be case sensi)ve one only need to add a “c” to the comparison.

• PowerShell will try to convert the types of the element for evalua)on by analyzing them.

82

PS >"hello" -eq "HELLO"True

PS >"hello" -ceq "HELLO"False

PS >1 -eq "1"True




• Many )mes -‐contains and -‐in operators are used by mistake to search in strings, this is a common mistake. Their use is for Arrays or Hash lists

83

PS >"a","b","c" -contains "b"True

PS >"b" -in "a","b","c"True



Boolean Operators

84

Operator Descrip+on

-‐and Return True if all sub-‐expressions are True

-‐or Return True if any sub-‐expression is True

-‐not Return the opposite

-‐xor Return True if one sub-‐expression is True, but not if both are True



Boolean Operators

• Boolean Operators are used to combine several comparison subexpressions. • Subexpressions can be parenthe)cal or cmdlets that return a boolean.

85

PS C:\> ((1 -eq 1) -or (15 -gt 20)) -and ("runnung" -like "*run*")True



Type Operators

86

Operator Descrip+on

-‐is Return True when an input is of the specified .Net type

-‐isnot Return False when an input is of the specified .Net type

-‐as Converts the input to a specified type



Type Operators

• Type operators are mostly used to make sure the proper type is used in scripts

87

C:\PS> (get-date) -is [datetime]True

C:\PS> (get-date) -isnot [datetime]False

C:\PS> "9/28/12" -as [datetime]Friday, September 28, 2012 12:00:00 AM



Filtering Objects

• For filtering objects PowerShell the Where-‐Object cmdlet is used since it allows to filter by property value. • On PowerShell v2 this is done with a Script Block

• On PowerShell v3 this can be done with a Script Block or by Specifying the property and value as parameters.

88

Get-Service | where-object { $_.Status -eq "Running" }

Get-Service | Where-Object -Property Status -eq -Value Running Get-Service | Where-Object Status -eq Running



Selec)ng Objects

• The Select-‐Object cmdlet allows for:–Selec)ng specific objects or a Range of objects from an ordered list objects.–Selec)ng a given number from the beginning or end of a ordered list of objects.–Select specific proper)es from objects.–Create a new object proper)es–Rename object proper)es

89



Selec)ng Objects

• Selec)ng specific Objects from a list

• Selec)ng a range of objects from a list

• Select the first 5 from a list

• Crea)ng/Renaming a property

90

PS >Get-Process | Sort-Object workingset -Descending | Select-Object -Index 0,1,2,3,4

PS >Get-Process | Sort-Object workingset -Descending | Select-Object -Index (0..4)

PS >Get-Process | Sort-Object workingset -Descending | Select-Object -first 5

PS >Get-Process | Select-Object -Property name,@{name='PID';expression={$_.id}}



Itera)ng Objects–Itera)on is the method by which several objects in a collec)on are processed one by one and ac)ons are taken against them.–In PowerShell there are 2 methods for itera)ng thru objects and are o.en confused:• ForeEach-‐Object cmdlet and its aliases foreach and %.• foreach(<variable> in <collec+on>){} statement.

–Each method will take a collec)on a collec)on and process the objects in a ScriptBlock but each behaves differently and it use will vary case by case.

91



Itera)ng Objects• The ForEach-‐Object cdmlet takes a stream of objects from the pipeline and processes each.

• Uses less memory do to garbage control as objects gets processed as they are passed thru the pipeline.

• The cmdlet takes 4 main parameters:– Begin <ScriptBlock> Script block executed before processing all objects– Process <ScriptBlock> Script block executed per each object being processed

– End <ScriptBlock> Script block to be executed a.er all objects have been processing all objects.

– InputObject <PSObject> Object to take ac)ons against. Typically this is taken thru the pipeline.

92



Itera)ng Objects• The ScriptBlocks parameters are also posi)onal

• To skip to the next object to be process in ForEach-‐Object the keyword return is used.• For exi)ng the loop inside of a ForEach-‐Object the break keyword is used.

93

C:\PS> $Numbers = 4..7C:\PS> 1..10 | foreach-object { if ($Numbers -contains $_) { continue }; $_ } 123 C:\PS>

PS C:\> 1..5 | ForEach-Object { $Sum = 0 } { $Sum += $_ } { $Sum }15



Itera)ng Objects• The foreach(<variable> in <collec+on>){} statement places on each itera)on an element of a collec)on loaded in to memory and processes each.• Since the collec)on being worked on is loaded in to memory it tends to be faster than the ForEach-‐Object cmdlet.• To skip to the next object to be process in foreach statement the keyword con+nue is used.• For exi)ng the loop inside of a foreach statement the break keyword is used.

94



Itera)ng Objects• The foreach statement has a special variable called $foreach with 2 special methods that can be used:–$foreach.MoveNetx() to skip to the next element in the collec)on and con)nue to process the next element in the collec)on. Returns a Boolean true value that should be handled.–$foreach.Current to represent the current element being processed

95



Itera)ng Objects• The foreach statement can be used in the shell as well as in scripts

96

PS >foreach ($i in (1..10)){>> if ($i -gt 5){>> continue>> }>> $i>> }>>12345



PowerShell Security

97



PowerShell Security

• Iden)ty -‐ Is the script created and signed by a developer I trust and/or a signed with a cer)ficate from a Cer)ficate Authority I trust.• Integrity -‐ Scripts can not be modified by malware or malicious user.• Control of Execu)on -‐ Control the level of trust for execu)ng scripts.• Command Highjack -‐ Prevent injec)on of commands in my path.

98



Execu)on Policy

• Restricted -‐ No Script either local, remote or downloaded can be executed on the system.• AllSigned -‐ All script that are ran require to be digitally signed.• RemoteSigned -‐ All remote scripts (UNC) or downloaded need to be signed.• Unrestricted -‐ No signature for any type of script is required.

99



PowerShell Profile

• Paths for PowerShell Profile:– %windir%\system32\WindowsPowerShell\v1.0\profile.ps1 -‐ Applies to all local shells and all users.

– %windir%\system32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 -‐ Applies to all shells and all users.

– %UserProfile%\My Documents\WindowsPowerShell\profile.ps1 -‐ Applies to current user user shells on the local host.

– %UserProfile%\My Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 -‐ Applies to local user shell and all shells created by the user on all hosts.

100



PowerShell Profile

• Paths for PowerShell ISE Profile:– %windir%\system32\WindowsPowerShell\v1.0\Microsoft.PowerShellISE_profile.ps1 -‐ Applies to all local ISE Shells and all users.

– %UserProfile%\Documents\WindowsPowerShell\ Microsoft.PowerShellISE_profile.ps1 -‐ Applies to current user user ISE shells on the local host.

101



Error Handling

102



Erros

103

• PowerShell can handle errors directly from the cmdlet, Scrip Error handling or thru senngs in the shell configura)on.• PowerShell has 2 types of errors:– Termina)ng Errors -‐ Stops the execu)on of the command chain or script.– Non-‐Termina)ng Errors -‐ Error does not stop the execu)on of the command chain or script.



Errors

• Termina)ng errors happen when:– Syntax error on a script of syntax error when invoking a cmdlet.–Cmdlet with the parameter -‐ErrorAc+on set with a value of Stop–Script using the “Thow” Keyword to invoke a termina)ng Error.

104



Errors

• Non-‐Termina)ng errors happen when:– Script uses the Write-‐Error cmdlet to display and log an error.–Cmdlet with the parameter -‐ErrorAc+on set with a value of Con+nue, Ignore or SilentlyCon+nue–An excep)on is throws when a call is made to a member of a .Net object.–Use of the “Trap” Keyword in a script.

105



Errors• Error Variables for PowerShell are:– $? Execu)on status of the last PS Specific opera)on. $true if the opera)on ran without any errors $false if errors where encountered during the opera)on.

– $LASTEXITCODE -‐ The exit code for the last Windows executable ran in the current session.

– $Error -‐ Array containing the errors that have occured in the current session.– $MaximumErrorCount -‐ The maximum size for the $Error list (256-‐32768)– $ErrorAc+onPreference -‐ Influences the handling of Non-‐Termina)ngErrors. Default to Con+nue.

– $ErrorView -‐ Specifies the view of Errors. NormalView shows several lines of informa)on and CategoryView to get single line error messages displayed. Full details s)ll saved to $Error

106


Powershell Copy 2

Documents

windirsystem32windowspowershell

ng errors

powershell

ng specic

move cursor

ise v3

local host

ng errors