Scenario 1: Scanning for open network shares that users have haphazardly enabled They aren't difficult to use, but you may end up making Windows do more than you intended and crash your system or lose important data.
These tools are not for the faint of heart. I suggest you read the documentation that comes with each tool and proceed with cautious enthusiasm. Analyzing TCP sessions to determine who's talking to what and vice versaīe forewarned that you shouldn't jump in head first with Sysinternals tools.Monitoring system activity during a suspected intrusion or malware infection.Scanning for open network shares that users have haphazardly enabled.
In our next tip we show you how you can get rid of the EULA via PowerShell so you don’t even need to click the EULA once. Once you accept it, you can run commands unattended in the future. When you run any Sysinternals tool for the first time, a EULA window pops up. Note: Do not use Start-Process to run the tools, or else the output will show in a separate console window which closes again in a split-second. Now how can you run a command via PowerShell? Since the Sysinternals suite consists of console commands, you can directly launch them for example, psloggedon64.exe which tells you the user names of users that are currently logged on to a machine: $destinationFolder = " $env:temp\pstools " & " $destinationFolder\PsLoggedOn64.exe " Here is what we did: $destinationZipPath = " $env:temp\pstools.zip " $destinationFolder = " $env:temp\pstools " $link = "" Invoke-RestMethod -Uri $link -OutFile $destinationZipPath -UseBasicParsing Unblock-File -Path $destinationZipPath Expand-Archive -Path $destinationZipPath -DestinationPath $destinationFolder -Force Remove-Item -Path $destinationZipPath explorer / select, $destinationFolder In our previous tip we used PowerShell to download and set up the Sysinternals suite of console commands.
0 kommentar(er)
