Wednesday, May 8, 2019

PowerShell's syntax

Scripting basics

Let's get a few syntax basics down. This section is not meant to be an exhaustive tutorial on PowerShell's syntax but should serve as a good, brief introduction.

Let's walk through the following script:

$currdate = (Get-Date -Format "yyyyMMdd hhmmtt")
$servers = @("ROGUE", "CEREBRO")

#save each server's running services into a file
$servers  |
ForEach-Object {

    $computername = $_
    Write-Host "`n`nProcessing $computername"

    $filename = "C:\Temp\$($computername) - $($currdate).csv"

    Get-Service -ComputerName $computername |
    Where-Object -Property Status -EQ "Running" |
    Select-Object Name, DisplayName |
    Export-Csv -Path $filename -NoTypeInformation

}

Even if you are not very familiar with PowerShell yet, you may already be able to tell what the preceding script is trying to accomplish. Simply put, the script iterates over the listed servers and saves the list of running services into a file that acts as a timestamp.

This line creates a variable called $currdate that gets the current system date in the "yyyyMMdd hhmmtt" format:

$currdate = (Get-Date -Format "yyyyMMdd hhmmtt")

The snippet with an at (@) sign, @("ROGUE", "CEREBRO"), creates an array, which is then stored in another variable called $servers:

$servers = @("ROGUE", "CEREBRO")

Since $servers contains multiple values, when you pipe it to the Foreach-Object cmdlet, each value is fed into the script block inside Foreach-Object:

#save each server's running services into a file
$servers  |
ForEach-Object {

}

You are also introduced to a few concepts inside the Foreach-Object block.

To get the current pipeline object, you can use $_. The $_, also referred to as $PSItem, is a special variable. It is part of what PowerShell calls automatic variables. This variable only exists and can only be used in the content of a pipeline. The $_ variable contains the current object in the pipeline, allowing you to perform specific actions on it during the iteration:

    $computername = $_

A backtick is an escape character, for example, to add a newline. It is also a line continuation character:

    Write-Host "`n`nProcessing $computername"

Note that the strings are enclosed in double quotes:

    Write-Host "`n`nProcessing $computername"

Strings in PowerShell can also be enclosed in single quotes. However, if you have variables you want to be evaluated within the string, as in the preceding example, you will have to use double quotes. Single quotes will simply output the variable name verbatim.

PowerShell has a subexpression operator, $(). This allows you to embed another variable or expression inside a string in double quotes, and PowerShell will still extract the variable value or evaluate the expression:

$filename = "C:\Temp\$($computername) - $($currdate).csv"

Here is another example that demonstrates when subexpressions will be useful. The expression to get the date that is 10 days from today is as follows:

(Get-Date).AddDays(10)

If we want to display the value this expression returns, you may be tempted to use:

Write-Host "10 days from now is (Get-Date).AddDays(10)"

However, this simply redisplays the expression; it doesn't evaluate it. One way to get around this without using a subexpression would be to create a new variable and then use it in the double-quoted string:

$currdate = (Get-Date).AddDays(10)
Write-Host "10 days from now is $currdate"

With the subexpression, you don't need to create the new variable:

Write-Host "10 days from now is $((Get-Date).AddDays(10))"

The example we walked through should give you a taste of simple scripting in PowerShell.

The following is a table that outlines some of these common scripting components and operators:

Component	Symbol	Description/examples
Single line comment	`#`	This component allows you to include any comments or documentation about your code; text after `#` in a line is not executed, for example, `#get the current date`.
Multiline comment	`<#` `#>`	This allows you to create comments that span multiple lines, as shown in the following example: <# get the current date #>
Backtick	`	Backtick can be used as an escape character: $name = "Hello `n world!" This is also a line continuation character; it allows you to break a command into multiple lines—some find it more readable, but beware that some will find it less readable because the backtick character can be conspicuous: Get-Service ` -Name SQL ` -ComputerName ROGUE
Dollar sign	`$`	By default, variables in PowerShell are loosely typed (that is, the data type changes based on the value stored by the variable): $dt = Get-Date
Single quotes	`'`	This component allows you to enclose string literals: $name = 'sqlbelle'
Double quotes	`"`	This component allows you to enclose string literals: $name = "sqlbelle" This component also allows you to expand variables (that is, replace variable names within the string to their values) or interpret escape characters: $name = "sqlbelle" $message = "Hello `n $name"
Plus	`+`	This component is a string concatenation operator: $name = "sqlbelle" $message = "Hello " + $name
Dot	`.`	This component allows you to access properties or methods with the corresponding object: $dt.AddDays(10)
Subexpression	`$()`	This component allows you to embed a variable or expression in a double-quoted string; PowerShell evaluates the expression inside this operator: Write-Host "Date: $($dt.AddDays(10))"
At sign	`@()`	This component is an array subexpression operator: @("ROGUE", "CEREBRO")
Square brackets	`[]`	This component is an index operator. It allows you to access indexed collections (arrays and hash tables): $servers = @("ROGUE", "CEREBRO") $servers[0] It also acts as a casting operator: [datetime]$dt
Here-String	`@"` `"@`	This component allows you to create a multiline string to assign to a variable without having to break the string into multiple string expressions concatenated by a plus (+) sign. It starts with `@"` and must end with `"@` in a line by itself (no characters or spaces before ending `"@`): $x = "@ Hello $name. This is a multiline string "@

The table is not a comprehensive list of operators or syntax about PowerShell. As you learn more about PowerShell, you will find a lot of additional components and different variations from what has been presented here.

Note

To learn more about operators, use Get-Help *Operator* and go through all the available topics. You can also go to the TechNet page specifically for operators, which is available at http://technet.microsoft.com/en-us/library/hh847732.aspx.

Getting help

This is the most important and interesting topic. No matter what technology we consume, all we need to know is the way to get help for it. Most IT professionals and developers say that they use Google to find this.

For PowerShell, help is much more focused. It's very difficult to remember all the commands. So, we can search for a command and find help for the same. Let's take a look at how to seek help for Windows PowerShell cmdlets.

Get-Help Get-Service

The output is illustrated in the following image:

The sections in the image are explained as follows:

NAME: This is the name of the command (Get-Service)
SYNOPSIS: This is the abstract of the command
SYNTAX: This gives us the syntax of the commands, which includes all its parameters and its type
DESCRIPTION: This is the description of the command whose help we are looking for
RELATED LINKS: This contains the URL of online versions of the command, and other commands related to the one we are looking for help regarding
REMARKS: This will guide us to explore examples, detailed information, full help, and online help

If more information than that fitting the page view is to be displayed, the console is paginated. For example, if we execute the Get-Help Get-Service -Detailed | more command, the details will output as shown in the following image:

If we press Enter, we can view one line after another, whereas pressing the space key will give a page view.

Note

Keep your files updated using the Update-Help cmdlet as shown in the following command. Ensure that your machine has internet connectivity and execute the following command:

Update-Help –Verbose

This cmdlet is designed to download and install help files on our computer.

The output is illustrated in the following image:

Ensure that you have an Internet connection while updating your help. The reason for updating help is to keep the help document up-to-date. Let us learn more about the Get-Help cmdlet:

The Help cmdlet is an alias for Get-Help (Aliases will be covered in the next section).
The Get-Help cmdlet allows us to view the online help using the Online parameter. The following command will open the online URL in the default web browser:
```
Get-Help Get-Service –Online
```
The Get-Help cmdlet allows us to view the help content in a separate user interface. The following is the command that needs to be executed:
```
Get-Help Get-Service –ShowWindow
```
The output of the preceding code is illustrated in the following image:
To view only syntax, we can execute the following code:
```
(Get-Help Get-Service).Syntax
```

Windows PowerShell cmdlets

In this topic, we will cover the following:

Exploring Windows PowerShell commands
Exploring Windows PowerShell modules
Getting help
Understanding aliases, expressions, objects, pipelines, filtering, and formatting
Scripting with Windows PowerShell

Windows PowerShell is designed to execute four kinds of named commands:

Cmdlets: These are .NET programs designed to interact with PowerShell
Scripts: These are files with the FileName.PS1 extension
Functions: These are a block of code that are very helpful for script organization
Native window commands: These are internal commands such as MKDIR, CHDIR, and so on

The internal commands of Windows PowerShell are called cmdlets. Cmdlets are always named in the verb-and-noun combination. This appears as Verb-Noun, for example Get-Service and Stop-Service, where Get and Stop are verbs, and Service is a noun.

(Verb)—Action

(Noun)—Something to be acted on

For example, Get-Service

Let's execute the following command:

Get-Command

The output of this command is illustrated in the following image:

The previous command will list all the installed commands from the computer and retrieve only the cmdlets, functions, and aliases.

To retrieve only cmdlets, we can use the CommandType parameter, as shown in the following command:

Get-Command -CommandType Cmdlet

Note

Windows PowerShell supports tab completion. For example, let's run the following command:

Get-Comm + Tab + -Co + Tab + C + Tab

When we type out this command, it will result as follows:

Get-Command -CommandType Cmdlet

Now, let's explore the commands. In the following example, we will take a look at the cmdlet Get-Service. Since we know the cmdlet up front, let's collect more information such as the cmdlet version and source, as follows:

Get-Command Get-Service

The output of the preceding command is illustrated in the following image:

The points marked in the figure are explained in the following list:

1: This is the type of command
2: This is the name of the command
3: This indicates the version (From Windows PowerShell 5.0 onward)
4: This indicates the module's name

To retrieve the commands for a specific module, we need to use the Module parameter, which accepts the module name (Source) as we saw in bullet 4. The following is an example of the command:

Get-Command -Module Microsoft.PowerShell.Management

This outputs all the commands available in the Microsoft.PowerShell.Management module.

The Get-Service command will retrieve all the services running on your local computer.

Note

Refer to the following link to get more information on the ServiceController class:

https://msdn.microsoft.com/en-us/library/system.serviceprocess.servicecontroller%28v=vs.110%29.aspx

Let's see the alternate of the Get-Service cmdlet using the .NET class. To do this, let's find the TypeName of the Get-Service cmdlet by executing Get-Service | Get-Member and this gives the TypeName as System.ServiceProcess.ServiceController. Windows PowerShell allows us to use this directly as follows:

[System.ServiceProcess.ServiceController]::GetServices()

Now, let's take a look at how the command that we just discussed works.

Here, we will consume the .NET ServiceController class in PowerShell and invoke the GetServices()method.

The GetServices method has an overload with a machineName parameter. To find this, we will execute the following command:

[System.ServiceProcess.ServiceController]::GetServices

The difference is that here, we did not use parentheses. The output of OverloadDefinitions is as follows:

OverloadDefinitions
-------------------
static System.ServiceProcess.ServiceController[] GetServices()

static System.ServiceProcess.ServiceController[] GetServices(string machineName)

We can query the service information of a remote computer by passing the host name of the remote computer as the machineName parameter, as follows:

 [System.ServiceProcess.ServiceController]::GetServices('RemoteServer')

Hard deleting users

As mentioned earlier in this chapter, most user deletion operations move user accounts into the Azure Active Directory Recycle Bin rather than deleting those accounts entirely. Only after the user accounts have been stored in the recycle bin for a period of 30 days are they completely deleted. Once a user has been removed from the Azure Active Directory Recycle Bin, all licenses assigned to that user are reclaimed. Deleting a user so that their account ends up in the recycle bin is sometimes termed “soft deleting.”

You can view users that have been soft deleted using the following Windows PowerShellcommand:

Click here to view code image

Get-MsolUser -ReturnDeletedUsers

In some cases, you want to delete a user account entirely, bypassing the Azure Active Directory Recycle Bin. This is called a “hard delete.” You can hard delete a specific user as long as you know their UPN. To hard delete the user with the UPN don.funk@adatum346ER.onmicrosoft.com you would issue the following command:

Click here to view code image

Remove-MsolUser –UserPrincipalName don.funk@adatum346ER.onmicrosoft.com –Force

If you want to empty all users from the Azure Active Directory Recycle Bin, you can use the following command:

Click here to view code image

Get-MsolUser –ReturnDeletedUsers | Remove-MsolUser –RemoveFromRecycleBin -Force

More Info Remove-MsolUser

You can learn more about using Remove-MsolUser at: https://docs.microsoft.com/en-us/powershell/module/MSOnline/Restore-MsolUser.

Set-MsolUser cmdlet from the Azure Active Directory Windows PowerShell module

Configure password expiration

You can use the Set-MsolUser cmdlet from the Azure Active Directory Windows PowerShell module to configure whether an Office 365 user’s password expires. This is inadvisable from a security perspective because a password that is not changed is more likely to be compromised. If you do choose, or are required, to configure an Office 365 user’s password to not expire, consider implementing multi-factor authentication as a way of increasing the user account’s authentication requirements.

To configure the password of the user Don Funk to never expire, use the command:

Click here to view code image

Set-MsolUser –UserPrincipalName don.funk@contoso2017er.onmicrosoft.com
–PasswordNeverExpires $true

You can configure the Office 365 tenancy so that passwords don’t expire for any of the user accounts by using the Set-MsolUser cmdlet in conjunction with the Get-MsolUser cmdlet. For example, to configure all user accounts so that their passwords do not expire, use the following command:

Click here to view code image

Get-MsolUser | Set-MsolUser –PasswordNeverExpires $true

You can change this back so that the password does expire if it has been configured not to expire by setting the PasswordNeverExpires parameter to $false. For example, to configure Don Funk’s user account so that the password follows the existing password policy, use the following command:

Click here to view code image

Set-MsolUser –UserPrincipalName don.funk@contoso2017er.onmicrosoft.com
–PasswordNeverExpires $false

You can use a similar technique to the one that you use to configure the Office 365 tenancy so that no user passwords expire to configure the Office 365 tenancy so that all passwords expire according to the tenancy password policy. To do this, issue the following command:

Click here to view code image

Get-MsolUser | Set-MsolUser –PasswordNeverExpires $false

More Info Set-MsolUser

You can learn more about the Set-MsolUser Windows PowerShell cmdlet at the following address: https://docs.microsoft.com/en-us/powershell/module/MSOnline/Set-MsolUser.

Password complexity

Office 365 user accounts stored in Azure Active Directory are subject to the Azure Active Directory password policy. As you saw earlier in this chapter, this means that all user account passwords need to be between 8 and 16 characters long and need to contain three of the following four characteristics: uppercase letters, lowercase letters, numbers, and symbols. You cannot change the Azure Active Directory password policy, because this is set by Microsoft. You cannot use the Office 365 Admin Center to exempt a user account from the Azure Active Directory password policy. You can, however, use a PowerShell command to exempt a user account from the requirement of having a strong password. You can do this with the Set-MsolUser cmdlet and the StrongPasswordRequired parameter. For example, to configure Don Funk’s Office 365 user account so that it does not have to conform to the Azure Active Directory password complexity policy, issue the following command:

Click here to view code image

Set-MsolUser –UserPrincipalName don.funk@contoso2017er.onmicrosoft.com
–StrongPasswordRequired $false

To switch an account back, pass $True to the parameter instead of $false. For example, to configure Don Funk’s Office 365 user account so that it must conform to the Azure Active Directory password complexity policy, issue the following command:

Click here to view code image

Set-MsolUser –UserPrincipalName don.funk@contoso2017er.onmicrosoft.com
–StrongPasswordRequired $true

Even though you can exempt a user from the Azure AD password policy using Windows PowerShell and not the Office 365 Admin Center, it would be difficult to find an adequate justification from a security perspective for doing so.

Monday, May 6, 2019

Example file for retrieving data from the internet - Python 3

# Example file for retrieving data from the internet

#

import urllib.request # instead of urllib2 like in Python 2.7

def main():

  # open a connection to a URL using urllib2

  webUrl = urllib.request.urlopen("http://www.google.com")

  # get the result code and print it

  print ("result code: " + str(webUrl.getcode()))

  # read the data from the URL and print it

  data = webUrl.read()

  print (data)

if __name__ == "__main__":

  main()