powershellを使用したwindows serverの管理

Click here to load reader

Post on 03-Jul-2015

13.256 views

Category:

Technology

14 download

Embed Size (px)

DESCRIPTION

Windows PowerShell 2.0 を使用した ・Server Core の設定 ・Hyper-Vの管理 ・Active Directoryの管理 ・EventLogの管理

TRANSCRIPT

  • 1. Windows PowerShell Server Core Anno Junichi http://blogs.technet.com/junichia/ 1

2. Windows Script PowerShell PowerShell 2 3. Agenda PowerShell OS Hyper-V Active Directory EventLog 3 4. OS 4 5. OS Windows Server 2008 R2 Server Core GUI Sconfig.cmd 5 6. PowerShell PowerShell WinRMSet-WSManQuickConfig WinRM WinRM WS-ManagementHTTPFirewall 6 PowerShell 7. PowerShell Remoting CL01 7 8. PowerShell Remoting 1 c:tmphosts.txt8 9. Server Core WG TrustedHosts Server Core 9 10. 10 11. 11 12. Windows Update 12 13. 43882AFB-EB1A-406B-98F8-BDC4D019D84E13 14. PowerShell Netdom renamecomputer %computername%/NewName:Server2008-01 DHCPNetsh interface ipv4 show interfacesNetsh interface ipv4 add address name= address=192.168.7.100mask=255.255.255.0gateway=192.168.7.254Netsh interface ipv4 add dnsserver name= 192.168.7.11 index=1 WSH wscript Cscript.exe //h:cscript cscript Windows Update Scregedit.wsf /AU 4 Powercfg.exe Oclist.exe Ocsetup.exe Netdom join %computername%/domain:/userd:/passwordd: Shutdown.exe /r , logoff.exe 14 15. Server Core MMC/Server Manager /PowerShell /PowerShell / Server Core Remote PC15 16. MMC Server Manager Windows PowerShell16 17. MMC sconfig.cmd 17 18. 18 19. Workgroup Server Core 19 20. Hyper-V20 21. Server Core Hyper-V Hyper-V GUIHyper-V OSOS System Center Virtual Machine Manager GUIHyper-V OS PowerShell WMIPowerShell , Hyper-V OS OS Server Core 21 22. rootvirtualization MSVM_VirtualSystemManagementServiceSettingData MSVM_virtualSystemManagementService MSVM_ShutdownComponent MSVM_SwitchLANEndpoint MSVM_SyntheticEthernetPortSettingData MSVM_VirtualSwitchManagementService MSVM_VirtualSystemGlobalSettingData MSVM_VirtualSystemSettingData MSVM_EmulatedEthernetPortSettingData MSVM_Vlanendpoint MSVM_ExternalEthernetPort MSVM_AllocationCapabilities MSVM_HeartbeatComponent MSVM_ComputerSystem MSVM_InternalEthernetPort MSVM_DiskDriveMSVM_KvpExchangeComponent MSVM_SwitchPort MSVM_KvpExchangeDataItem MSVM_VirtualSwitchMSVM_MemorySettingData MSVM_MountedStorageImage MSVM_Processor MSVM_ProcessorSettingData MSVM_ResourceAllocationSettingData MSVM_ResourcePool MSVM_SettingsDefineCapabilities22 23. MSVM 23 24. Msvm_VirtualSystemManagementService Hyper-VAddKvpItems ImportVirtualSystemAddVirtualSystemResources ImportVirtualSystemExApplyVirtualSystemSnapshotInstantiateVirtualSystemApplyVirtualSystemSnapshotExModifyKvpItemsCheckSystemCompatibilityInfoModifyServiceSettingsCloneVirtualSystemModifyVirtualSystemCreateVirtualSystemSnapshot ModifyVirtualSystemResourcesDefineVirtualSystem PlanVirtualSystemDestroyVirtualSystemRemoveKvpItemsExportVirtualSystem RemoveVirtualSystemResourcesExportVirtualSystemEx RemoveVirtualSystemSnapshotFormatError RemoveVirtualSystemSnapshotTreeGetSummaryInformation RequestStateChangeGetSystemCompatibilityInfoStartServiceGetVirtualSystemImportSettingData StopServiceGetVirtualSystemThumbnailImage24 25. 25 26. PowerShell modules for Hyper-VCodeplex PowerShell20091130 http://pshyperv.codeplex.com/26 27. Active Directory Eventlog 27 28. AD DS Active Directory Active Directory 28 29. Windows PowerShell ADAdd-ADComputerServiceAccountAdd-ADDomainControllerPasswordReplicationPolicyAdd-ADFineGrainedPasswordPolicySubjectAdd-ADGroupMemberAdd-ADPrincipalGroupMembership Get-ADAccountAuthorizationGroup Get-ADAccountResultantPasswordReplicationPolicyClear-ADAccountExpirationGet-ADComputer Get-ADComputerServiceAccountDisable-ADAccountGet-ADDefaultDomainPasswordPolicyDisable-ADOptionalFeatureGet-ADDomain Get-ADDomainControllerEnable-ADAccount Get-ADDomainControllerPasswordReplicationPolicyEnable-ADOptionalFeature Get-ADDomainControllerPasswordReplicationPolicyUsage Get-ADFineGrainedPasswordPolicy Get-ADFineGrainedPasswordPolicySubject Get-ADForest Get-ADGroup Get-ADGroupMember Get-ADObject Get-ADOptionalFeature Get-ADOrganizationalUnit Get-ADPrincipalGroupMembership Get-ADRootDSE Get-ADServiceAccount Get-ADUser Get-ADUserResultantPasswordPolicy 29 30. Install-ADServiceAccount Search-ADAccountMove-ADDirectoryServer Set-ADAccountControl Move-ADDirectoryServerOperationMasterRoleSet-ADAccountExpiration Move-ADObjectSet-ADAccountPasswordSet-ADComputer New-ADComputer Set-ADDefaultDomainPasswordPolicy New-ADFineGrainedPasswordPolicySet-ADDomain New-ADGroupSet-ADDomainMode New-ADObject Set-ADFineGrainedPasswordPolicy New-ADOrganizationalUnit Set-ADForest New-ADServiceAccount Set-ADForestMode New-ADUser Set-ADGroupSet-ADObject Remove-ADComputerSet-ADOrganizationalUnit Remove-ADComputerServiceAccountSet-ADServiceAccount Remove-ADDomainControllerPasswordReplicationPolicy Set-ADUser Remove-ADFineGrainedPasswordPolicy Remove-ADFineGrainedPasswordPolicySubjectUninstall-ADServiceAccount Remove-ADGroup Remove-ADGroupMember Unlock-ADAccount Remove-ADObject Remove-ADOrganizationalUnit Remove-ADPrincipalGroupMembership Remove-ADServiceAccount Remove-ADUser Rename-ADObject Reset-ADServiceAccountPassword Restore-ADObject 30 31. ID 31 32. AD DS PS C:>cd AD:PS AD:>dir NameObjectClassDistinguishedName-------------------------------------------------------------------------Contoso domainDNSdc=Contoso,dc=ComConfiguration configurationcn=Configuration,dc=contoso,SchemadMDcn=schema,cn=Configuration,PS AD:>cd .DC=Contoso,DC=ComPS AD:DC=Contoso,DC=Com>dir NameObjectClassDistinguishedName-------------------------------------------------------------------------Builtin BuiltinDomain cn=Builtin,dc=contoso,dc=comComputers containercn=Computers,dc=contoso,dc 32 33. ID test 33 34. 1 3652009/11/1817:00:0034 35. # cd AD: cd .DC=contoso,DC=com#OU New-ADOrganizationalUnit TESTOU#OU cd .OU=TESTOU# New-ADUser Name itanaka -UserPricipalName itanaka@demodomain.com -displayName 35 36. UserAccountControl Set-AccountControl Identity -AccountNotDelegated $True | $False -AllowReversiblePasswordEncryption $True | $False -AuthType {Negotiate | Basic} -CannotChangePassword -DoesNotRequirePreAuth Kerberos -Enabled / -HomedirRequired -MNSLogonAccount -Partition Active Directory -PasswordNeverExpires -PasswordNotRequired -TrustedForDelegation -TrustedToAuthForDelegation -UseDESKeyOnly Kerberos DES 36 37. Set-ADAccountPassword -Identity -NewPassword -OldPassword Set-ADAccountPassword -Identity -NewPassword -Reset 37 38. PowerShell Active Directory Recycle Bin180Authoritative RestoreLinked-Value Active Directory Windows Server 2008 R2DIT1015% Windows PowerShell 38 39. Active Directory Recycle Bin LifetimeLifetime180 Days180 Days GarbageCollection 39 40. 40 41. Recycle Bin2008 R2 41 42. 42 43. Active Directory Recycle Bin Deleted Objects IsDeleted TrueRDN0ADEL: CN=Deleted Objects OU=FinanceCN=Robert0ADEL: CN=RobertCN=Mark0ADEL: CN=Mark CN=Tom0ADEL: CN=Tom CN=Sally0ADEL: OU=Admins OU=Admins0ADEL:CN=Sally OU=Finance0ADEL:...43 44. lastKnownParent CN=Deleted ObjectsOU=Finance CN=Robert0ADEL:CN=Robert CN=Mark0ADEL:CN=Mark CN=Tom0ADEL:CN=Tom CN=Sally0ADEL: OU=Admins OU=Admins0ADEL:CN=Sally OU=Finance0ADEL:...44 45. 1. 2. Finance_Department 3. Admins45 46. ID - Before WS2003WS200846 47. ID - After Windows Server 2008 R2 47 48. ID - After 48 49. [ADSI] Everyone 49 50. 50 51. ID 5136 department 51 52. EventID 5136 searchEvent.ps152 53. 53 54. AD Recycle Bin + PowerShell Authoritative Restore Snapshot Windows Server 2008 Windows PowerShell ID 54 55. 55 56. WMIVBSGUIServer56 57. 57 58. Appndix - WMI Windows Server VBScript 58 59. WMI Windows Management Instrumentation WBEM/CIM Windows Management Service Windows 2000OS WMI 59 60. 60 61. WMI WMICWindows XP Windows Script Host Windows PowerShell Visual Studio GUIWMI Admin Tools 61 62. WMI%WinDir%System32wbem mof Managed Object FormatNamespace NamespaceClass NamespaceClass RootCIMV2 ROOTCOMV2 Win32_OperatingSystem Win32_NTLogEventLog ROOTDefault STDREGPROVROOTmicrosoftSqlServerComputerManagement10 SqlService 62 63. WMI Win32_ Win32_ActiveRouteWin32_ModuleTrace Win32_ComputerShutdownEventWin32_NamedJobObject Win32_ComputerSystemEventWin32_NTDomain Win32_ConnectionShareWin32_PingStatus Win32_CurrentTimeWin32_ProcessStartTrace Win32_DeviceChangeEventWin32_ProcessStopTrace Win32_DiskQuotaWin32_Proxy Win32_GroupInDomainWin32_QuotaSetting Win32_IP4PersistedRouteTable Win32_ServerConnection Win32_IP4RouteTableWin32_SessionConnection Win32_IP4RouteTableEvent Win32_TokenGroups Win32_JobObjectStatusWin32_TokenPrivileges Win32_LoggedOnUser Win32_VolumeChangeEvent Win32_LogonSession Win32_WindowsProductActivation Win32_LogonSessionMappedDisk Win32_ControllerHasHub Win32_NetworkAdapter Win32_ComputerSystem 63 64. WMI Tools CIM StudioWMI64 65. VBScriptWMI65 66. WMI Scripting'SWbemLocator Set Locator = CreateObject("WbemScripting.SWbemLocator") Set Service = Locator.ConnectServer("", "rootcimv2", "", "") WQLWMI Query LanguagestrQuery = "Select * from Win32_NetworkAdapterConfiguration " & _ "where IPEnabled = True" Set objNet = Service.ExecQuery(strQuery) 'For each n in objNetWScript.Echo n.captionWScript.Echo n.MACAddressNext 66 67. WMI Set Service = Locator.ConnectServer(RemoteHost,Namespace,User,Password) Set Locator = CreateObject("WbemScripting.SWbemLocator")Set Service = Locator.ConnectServer("DC01", "rootcimv2", "Domadministrator", "pass")Service.Security_.Privileges.AddAsString "SeBackupPrivilege", True Service.Security_.Privileges.AddAsString "SeSecurityPrivilege", TruestrQuery = "Select * from Win32_NTEventlogFile" & _ " Where LogfileName = 'Security' "Set obj = Service.ExecQuery(strQuery)For each n in obj r = n.BackupEventLog("C:tmpSecurity.evt") Next 67 68. 68 69. 69 70. Windows Server 70 71. __InstanceCreationEvent __InstanceModificationEvent __InstanceDeletionEvent 71 72. WORDUSB IP 72 73. __InstanceCreationEventSet objLocator = CreateObject("WbemScripting.S

View more