Using PowerGUI® to manage security

One part of my job that I find particularly enjoyable is working closely with other members of the PowerShell Community.  It doesn’t take any time at all when working with these people to feel the passion and excitement that they have for Windows PowerShell and PowerGUI.  One such person I have been working with a fair amount recently is Vadims Podans.  Vadims is a PowerShell MVP from Latvia and you may have seen some of his work in the past on his blog or in the Enterprise PKI Management PowerPack that he entered in our PowerPack Challenge contest last year.  From my experience working with him I’ve come to learn that he knows a heck of a lot about PKI and security in general, not to mention PowerShell.  Vadims’ expertise in these areas has resulted in quite a few new security-related releases in the past several weeks, as follows:

AD-PKI Cmdlets Tech Brief

Quest Software recently published an AD-PKI Cmdlets tech brief that was written by Vadims.  This tech brief reviews the security concepts surrounding digital certificate management and provides details and many examples showing how the AD-PKI cmdlets can be used with Active Directory to simplify PKI management.

Download the AD-PKI Cmdlet Tech Brief here.

Enterprise PKI Management PowerPack

Vadims recently released version 1.5 of his Enterprise PKI Management PowerPack.  This update includes support for the AD-PKI cmdlets that were introduced as part of the 1.4 release of the Quest AD cmdlets.  Notable features listed on the PowerPack page include:

  • A lot of code now uses native Quest AD Cmdlets (version 1.4.2) so the PowerPack demonstrates new PKI cmdlets in action!
  • Added additional error handling.
  • In Certification Authorities node added properties that contains helpful information about CA CRL status. In addition there was revisited View CRL action and renamed to View CRL Info
  • Added Active Directory PKI node that contains the most common AD PKI-related containers. You will be able to review container contents and publish/unpublish certificates/CRLs by using new actions.
  • Changed Enterprise OCSP location behavior. Now the PowerPack realizes the same behavior as it is implemented in pkiview.msc MMC snap-in. Now the PowerPack correctly retrieves all available Enterprise OCSP Responders even if they are not running CA service
  • For Certificates node added two subcontainers (subnodes, as shown in the last screenshot) — Certificates and CRLs. This allows you to browse both — certificates and CRLs in the local certificate store. For CRLs added new basic actions.
  • Revisited certificate export and import actions. In addition to Quest AD cmdlet usage, the interface is provided in GUI form. So now you will be able to use standard dialogs to select a file to save/open.

Learn more and download the Enterprise PKI Management PowerPack here.

Script Signing Add-on

Very shortly after I released the first version of the Script Signing Add-on for the PowerGUI Script Editor, Vadims provided me with some great feedback that I was finally able to incorporate into an update.  Yesterday I released version 1.1 of this Add-on, which includes the following changes:

  • Replaced “Test Certificate” functionality with View Signature, allowing users to view script signing certificates used to sign files in the native Windows Certificate properties dialog.
  • Added View Certificate support to the Script Signing Options dialog.
  • Changed the default signing method to include all certificates in the certificate chain.
  • Optimized the script signing certificate search algorithm so that it only searches for script signing certificates in the My containers.

Learn more and download the latest version of the Script Signing Add-on here.

And if that’s not enough for you, you can also keep your scripts secure by using the integrated source control functionality in the Script Editor in PowerGUI Pro so that you can track any and all changes that are made to your scripts whether they are signed or not!

Please let us know what you think of these and other releases, as well as what you would like to see us add in the future, either here or on the PowerGUI Forums.  The feedback system really works!

Kirk out.

Share this post:

Advertisements

Recover deleted Active Directory objects with the AD Recycle Bin PowerPack

Last week Microsoft made the announcement that Windows Server 2008 R2 reached RTM.  Among the many cool new features provided with that release (Hello?  PowerShell v2?  Need I say more?), Microsoft has now added a recycle bin feature to Active Directory.  The management interface provided by Microsoft for this feature is the command line, or more specifically, PowerShell.  That’s great if you’re like me and you love to manage your infrastructure using PowerShell, but what if you prefer a GUI?  Fortunately there is a solution for you too.

As Jackson Shaw suggested on his blog about a week ago, PowerGUI provides an admin console that allows you to create your own management UI that is layered on top of PowerShell.  This admin console can be extended with PowerPacks, which are essentially add-ins that provide additional user interface elements in PowerGUI that invoke PowerShell script when clicked.  All you need to do is add the user interface elements you want and then provide the scripts to power those elements, managing the Active Directory Recycle Bin objects or anything else you need to manage.  Or alternatively you can check to see if someone on the PowerGUI Community like myself has already created a PowerPack with the functionality you are looking for.

In the case of the Active Directory Recycle Bin, you’re in luck.  I just finished creating the first release of a new PowerPack that is designed to allow you to manage any objects in your recycle bin.  You can find the Active Directory Recycle Bin PowerPack by following the hyperlink here or by going directly to http://www.powergui.org and browsing into the Active Directory subcategory in the PowerPack Library.  This PowerPack includes the following features:

  • View the contents of the recycle bin, including hierarchies
  • Restore individual items in the recycle bin (recursively or not) to their original location
  • Restore individual items in the recycle bin (recursively or not) to a specified location
  • Permanently delete objects in the recycle bin (recursively or not)
  • Empty the contents of the recycle bin
  • Modify the number of days that the recycle bin is configured to retain objects and the number of days that objects are to be kept in a tombstone state before permanent deletion

If you would like to see a demo of the Active Directory Recycle Bin PowerPack, watch this screencast:

If you prefer watching a high resolution version of the screencast, you can watch it in flash format here or on YouTube directly in HD format here.

This is the initial release of this PowerPack and it contains a good amount of new functionality.  If you are experimenting with the Active Directory Recycle Bin feature, please take a look at this PowerPack and provide any feedback you have so that we can continue to provide improvements that are valuable to you and others in future releases.

Thanks for listening!

Kirk out.

Share this post: