You are on page 1of 9

Desistalar feature PowerShell: Uninstall-WindowsFeature Server-Gui Shell -Remove

Instalar feature PowerShell: Install-WindowsFeature cmdlet


Cambiar Nombre CMD: netdom renamecomputer %ComputerName% /NewName:
<NewComputerName>
reniciar cmd: restart /r
Unir equipo al dominio cmd: netdom join %ComputerName% /doamain: <DomainName>
/userd: <UserName> /passwordd:*
Asignar ip estatica cmd: Netsh.exe o el servicio instrumental de administracin de
windows (WMI) de acceso Propercioando por PowerShell
Activar remote Desktop PowerShell cmdlet: Set-RemoteDesktop Enable
De Server Core a GUI PS: Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell
Restart
De GUI a Server Core PS: Uninstall-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-
Shell Restart
Remover los archivos Gui del sistema PS: Uninstall-WindowsFeature Server-Gui-Mgmt-
Infra,Server-Gui-Shell Remove
Instalar Roles y Features en PS con u xml exportado: Install-WindowsFeature
ConfigurationFilePath <ExportedConfig.xml>
Administrador de Discos cmd: Diskpart.exe
Crear Storage pool PS: New-StoragePool FriendlyName <pool name> -
StorageSubSystemFriendlyName <subsystem name> -PhysicalDisks <disk names>
To obtain the correct designations for the storage subsystem and the physical disks, use
the Get-StorageSubsystem and Get-PhysicalDisk cmdlets.
What PowerShell command should Deepak use to install the required roles on the
servers? Install-WindowsFeature
What PowerShell command can Deepak use to obtain the short names for the roles used
by PowerShell? Get-WindowsFeature

List the commands that Deepak must run on the new server to install the required
modules.
Deepak must run the following commands:
Install-WindowsFeature FS-FileServer
Install-WindowsFeature FS-DFS-Namespace
Install-WindowsFeature FS-DFS-Replication
Install-WindowsFeature FS-NFS-Service
Install-WindowsFeature Print-Services allsubfeatures
Install-WindowsFeature Web-Server
Install-WindowsFeature Web-Windows-Auth
Install-WindowsFeature Web-Ftp-Service
Para que se pueda conectar impresoras a travs de gpo en anteriores a 2008 y vista:
PushPrinterConnections.exe
Para gestionar WinRM de una sesin de PowerShell: Configure-SMRemoting -Get|-Enable|-
Disable
-Get Displays the current WinRM status
-Enable Enables WinRM
-Disable Disables WinRM
Reglas de entrada a modificar en el firewall para acceso mmc remoto:
COM+ Network Access (DCOM-In)
Remote Event Log Management (NP-In)
Remote Event Log Management (RPC)
Remote Event Log Management (RPC-EPMAP)

Mtodos de configuracin de las reglas anteriores:

Open the Windows Firewall with Advanced Security MMC snap-in on the remote server (if it is a Full GUI
installation).
Run the Netsh AdvFirewall command from an administrative command prompt.
Use the NetSecurity module in Windows PowerShell.
Create a GPO containing the appropriate settings and apply it to the remote server.

Configuracin de las anteriores reglas en Power Shell

Set-NetFirewallRule name <rule name> -enable true

Para obtener los nombres de PowerShell de las reglas preconfiguradas de Firewall de
Windows, se utiliza el comando Get-NetFirewallRule. Los comandos que resultan para
que las cuatro reglas enumeradas anteriormente son por lo tanto de la siguiente manera

Set-NetFirewall name
ComPlusNetworkAccess-DCOM-IN enabled true


Set-NetFirewall name
RemoteEventLogSvc-In-TCP enable True

Set-NetFirewall name RemoteEventLogSvc-NP-IN-TCP
-enabled True

Set-NetFirewallRule name
RemoteEventLogSvc-RPCSS-In-TCP Enable True

Iniciar session remota desde PS: Enter-PSSesion <remote server name> -credential <username>

Salir session remota desde PS: Exit-PSSesion

Lista de roles PS: Get-WindowsFeature

Agregar windows feature PS: Add-WindowsFeature <feature name>

Instalar Hyper V role PS: Install-WindowsFeature Name Hyper-V ComputerName <name> -
IncludeManagementTools Restart

Crear Maquina virtual PS Sintaxis: New-VM Name VM name MemoryStartupBytes
<memory>
-NewVHDSizeBytes <disk size>

Ejemplo: New VM Name ServerA MemoryStartupBytes 1GB
-NewVHDSizeBytes 60GB

Ayuda para ver comandos PS: cmdlet Get-Help.

Configuracin de memoria PS: Set-VMMemory <VM name> -DynamicMemoryEnabled $true
-MinimumBytes <memory> -StartupBytes <memory>
-MaximumBytes <memory> -Priority <value> -Buffer <percentage>

Ejemplo: Set-VMMemory TestVM -DymamicMemoryEnabled $true
-MinimimBytes 64MB
Medicin de recursos Hyper V PS: Enable-VMResourceMetering VMName <name>
Sacar estadstica de medicin de recursos Hyper v PS: Measure-VM VMname <name>
Crear pool de recursos de Hyper V PS: New-VMResourcePool cmdlet
Estadistica de medicin de pool Hyper V PS: Enable-VMResourceMetering.


Disco vhd o vhdx con ps sintaxis: New-VHD Path c:\filename.vhd|c:\filename.vhdx
-Fixed|-Dynamic|-Differencing SizeBytes <size>
[-BlockSizeBytes <block size>]
[-LogicalSectorSizeBytes 512|4096] [-PatentPath <pathname>]
Ejemplo: New-VHD Path c:\diskfiel.vhdx Fixed
-SizeBytes 400GB -LogicalSectorSizeBytes 4096
In the same way, if you create the differencing disk by using Windows PowerShell, you must run
the New-VHD cmdlet with the Differencing parameter and the ParentPath parameter, specifying
the location of the parent disk.
USING WINDOWS POWERSHELL
To create a new virtual switch by using Windows PowerShell, you use the New-VMSwitch
cmdlet with the following basic syntax:
New-VMSwitch <switch name> -NetAdapterName <adapter name>
[-SwitchType Internal|Private]
For example, to create an external switch called LAN Switch, you would use the following
command:
New-VMSwitch LAN Switch NetAdapterName Ethernet
Tunel ipV6 a travez de ipv4 ps: netsh interface ipv6 add v6v4tunnel interface localaddress
remoteaddress
Ejemplo: netsh interface ipv6 add v6v4tunnel tunnel 206.73.118.18 157.54.206.43
Instalacin de AD DS Rol PS: Install-WindowsFeature name AD-Domain-Services
-IncludeManagementTools
Una vez que haya instalado el rol, promoviendo el servidor a un controlador de dominio es un
poco ms complicado. El mdulo incluye cmdlets PowerShell ADDSDeployment separadas para
las tres configuraciones de implementacin contemplados en los apartados anteriores:
Install-AddsForest
Install-AddsDomainController
Install-AddsDomain
Instalar controlador de dominio en nuevo bosque PS: Install-AddsForest DomainName
adatum.com

Instalar AD DS a travs de archivo o medio.
Para crear un soporte de IFM, debe ejecutar el programa de Ntdsutil.exe en un controlador de
dominio que ejecute la misma versin de Windows que desea desplegar. El programa es
interactivo, lo que requiere que se introduzca una secuencia de comandos como la siguiente:

nstance

read-only domain controller and saves it to the folder specified by the path name variable
Demote to domain controller (bajar controlador) : Uninstall-ADDSDomainController
ForceRemoval -LocalAdministratorPassword <password> -Force
Confirmar a que DC est registrado cmd con admin permisos: dcdiag /test:registerdns
/dnsdomain:<damain name> /v
Crear usuario con Dsadd.exe cmd: dsadd user <distinguished name> -samit <SAM account name>
Ejemplo Dsadd.exe: dsadd user cn=Elizabeth Andresen,ou=Research,dc=adatum,dc=com samit
eander
Dsadd.exe tool:
Dsadd.exe user
Elizabeth Andresen,ou=Research,dc=adatum,dc=local
- samid eander
-fn Elizabeth
-ln Andresen
-disabled no
-mustchpwd yes
-pwd Pa$$w0rd
Crear usuarios Power Shell:
New-ADUser
-Name Elizabeth Andersen
-SamAccountName eander
-GivenName Elizabeth
-SurName Andersen
-path OU=Research,DC=adatum.dc=local
-Enabled $true
-AccountPassword Pa$$w0rd
-ChangePasswordAtLogon $true
Multiples usuarios PS:
Import-CSVusers Finance.cvs | foreach
{New-ADUser SamAccount $_.SamAccountName
-Name $_.Name Surname $_.Surname
-GivenName $_.GivenName Path OU=Research,DC=adatum,DC=COM AccountPassword
Pa$$w0rd Enabled $true}
Unir equipos al dominio Netdom.exe cmd:
netdom join <computername> /Domain:<DomainName>
[/UserD;<User> /PasswordD:<UserPassword>] [/OU:OUDN]
Unir equipos al dominio sin conexion:
-En el computador con dominio
djoin /provision /domain <damain name>
/machine <computer name> /savefile <filename.txt>
-En el computador sin dominio
djoin /request0DJ /loadfile <filename.txt>
/windowspath %SystemRoot% /localos
Deshabilitar y habilitar cuentas:
Disable-ADAccount Identity <account name>
Enable-ADAccount Identity <account name>
Crear grupos dsadd cmd:
dsadd group <GruopDN> [parameters]

-secgrp yes|no Specifies whether the program should create a security group (yes) or a
distribution group (no). The default value is yes.
-scope l|g|u Specifies whether the program should create a domain local (l), global (g), or
universal (u) group. The default value is g.
-samid <SAMName> Specifies the SAM name for the group object. Download from Wow! eBook
<www.wowebook.com>
-desc <description> Specifies a description for the group object.
-memberof <GroupDN> Specifies the DNs of one or more groups of which the new group should
be made a member.
-member <GroupDN> Specifies the DNs of one or more objects that should be made members of
the new group.
For example, to create a new group called Sales in the Users container and make the
Administrator user a member, you would use the following command:
Dsadd group CN=Sales,CN=Users,DC=adatum,DC=com member
CN-Administrator,CN=Users,DC=adatum.DC=com
CREAR GRUPO PS:
New-ADGroup
-Name<group name>
-SamAccount <SAM name>
-GroupCateory Distribution|Category
-GroupScope Domain|Global|Universal
-Path <distinguished name>
Ejemplo: New-ADGroup Name Sales SamAccountName Sales
-GroupCategory Security GroupScope Global
-Path OU=Chicago,DC=Adatum,DC=Com

Modificar Grupos con DSMOD.exe:
Dsmod group <GroupDN> [Parameters]
-secgrp yes|no Sets the group type to security group (yes) or distribution group (no).
-scope l|g|u Sets the group scope to domain local (l), global (g), or universal (u).
-addmbr <members> Adds members to the group. Replace members with the DNs of one or
more objects.
-rmmbr <members> Removes members from the group. Replace members with the DNs of one
or more objects.
-chmbr <members> Replaces the complete list of group members. Replace members with the
DNs of one or more objects.
Ejemplo: dsmod group CN=Guest,CN=Builtin,DC=adatum,DC=COM addmbr
CN=Administrator,CN=Users,DC=atatum,DC=com




Ver GPO Starter PS: PS C:\Users\Administrador> Get-GPStarterGPO -Name "Nombre GPO"
Crear GPO desde Starter PS: PS C:\> New-GPO -Name "BO-1-Desktops" -StarterGpoName
"Computers-Desktop"
Linkear GPO creada a OU: PS C:\> New-GPLink -Name "BO-1-Desktops" `-Target "ou=BO-1-
SEA,dc=corp,dc=fabrikam,dc=com"
Realizar todo el proceso concatenando |: Get-GPStarterGPO -Name "Computers-Desktop" | New-
GPO -Name "BO-1-Desktops" | `New-GPLink -Target "ou=BO-1-SEA,dc=corp,dc=fabrikam,dc=com"
Abrir puertos en equipos para refrescar GPO: New-GPO -Name "EnableRemoteRefresh" `-
StarterGPOName "Group Policy Remote Update Firewall Ports" | `New-GPLink -Target
"dc=corp,dc=fabrikam,dc=com"
Refrescar GPO en los equipos de la OU PS: Get-ADComputer -Filter * `-SearchBase
"ou=Desktops,ou=Computers,ou=HQ-NYC,dc=corp,dc=fabrikam,dc=com" | `foreach{Invoke-
GPUpdate -Computer $_.Name -force -RandomDelayInMinutes 0}
Generar Backup GPO PS: PS C:\> Get-GPO -Name "BO-1-Desktops" | Backup-GPO -Path
"C:\GPOBackups" `-Comment "Todays backup"
Verificar los datos del Backup GPO PS: PS C:\> Get-ChildItem "C:\GPOBackups" -Recurse
Actual configuracin firewall ps: PS C:\> Get-NetFirewallProfile -Name Domain -PolicyStore
ActiveStore
Modificar firewall ps: Set-NetFirewallProfile
Obtener ayuda cmlets firewall ps: Get-Help Set-NetFirewallProfile
Mostar reglas de entrada FW ps: C:\> Get-NetFirewallRule -PolicyStore ActiveStore `-DisplayGroup
Network Discovery -Direction Inbound | `ft Name,DisplayName,Enabled,Action AutoSize
Crear regla de salida bloqueando el Puerto 80 ps: PS C:\> New-NetFirewallRule -DisplayName
Block Outbound Port 80 `-Direction Outbound -LocalPort 80 -Protocol TCP -Action Block
Verificar NotifyOnListen policy conf en fr ps: PS C:\> Get-NetFirewallProfile -Name Domain -
PolicyStore corp.fabrikam.com\Sales | `fl NotifyOnListen
Activar NotifyOnListen fr ps: C:\> Get-NetFirewallProfile -Name Domain -PolicyStore
corp.fabrikam.com\Sales | `Set-NetFirewallProfile -NotifyOnListen True
Verificar si hay GPO de FW configurado en GPO: PS C:\> Get-NetFirewallRule -PolicyStore
corp.fabrikam.com\Sales
Implementar GPO para bloquear el trafico de salida puerto 80: PS C:\> New-NetFirewallRule -
PolicyStore corp.fabrikam.com\Sales `-DisplayName Block Outbound Port 80 -Direction
Outbound -LocalPort 80 `-Protocol TCP -Action Block
Ver criptografia main-mode fw ps: PS C:\> Get-NetIPsecMainModeCryptoSet -PolicyStore
ActiveStore
To configure the main mode cryptographic sets on the computer, you can use the Set-
NetIPsecMainModeCryptoSet cmdlet.
Ver primera autenticacin en pc fw ps: PS C:\> Get-NetIPsecPhase1AuthSet -PolicyStore
ActiveStore
Compare the preceding command output to Figure 11-18 earlier in this lesson.To configure first
authentication on the computer, you can use the Set-NetIPsecPhase1AuthSet cmdlet.
New server insolation ps fw: PS C:\> New-NetIPsecRule -DisplayName Server Isolation Rule `-
InboundSecurity Require -OutboundSecurity Require
You can also use the Get-NetIPsecRule cmdlet to view connection security rules, Set-NetIPsecRule
to modify them, or Remove-NetIPsecRule to delete them. For more help concerning any of these
cmdlets, use the Get-Help cmdlet.
Monitorear SA FW PS: PS C:\> Get-NetIPsecMainModeSA
Ver equipos activos en quick mode: PS C:\> Get-NetIPsecQuickModeSA





1098650441 Diego Sisa avisa

15 100
10.5