10 essential PowerShell security scripts for Windows administrators

PowerShell is a valuable tool for automating Windows administration tasks, including laborious security chores

10 essential PowerShell security scripts for Windows administrators
Thinkstock

In the 12 years since Microsoft released PowerShell, it has become the de facto tool to dependably administer servers. In August of 2016, it was made open-source and cross-platform with the introduction of PowerShell Core. Microsoft also purchased Github in June 2018, making it the home of the increasing catalog of PowerShell scripts.

CSO has identified ten of those scripts that should be part of your security team’s toolbox. You can use some of the scripts below to add security. Some let you review the security status of a network. Others allow you to see what an attacker would do to a system. All show that PowerShell is now a key part of a Windows administrator’s toolkit.

These 10 PowerShell scripts should not be considered standalone, but as a much larger collection of tools needed to manage workstations and servers. Even attackers acknowledge that PowerShell is key to controlling workstations making PowerShell a key way that attackers pivot and do lateral movement on a network once they gain access.

As always, remember that if you have not run PowerShell scripts on a system, you have to adjust the settings to allow them to run. If Execution-Policy is not already set to allow running scripts, then manually set it as below and then use the readiness script: Set-ExecutionPolicy Unrestricted, and then adjust the Execution policy to the setting desired in your firm.

1. POSH-Sysmon: Configuring Sysmon

To continue reading this article register now

Microsoft's very bad year for security: A timeline