Securing Windows Using PowerShell Automation

• A general understanding of Windows Server and Active Directory concepts
• Familiarity with command-line shell and scripting language

Audience

• SysAdmins
• Systems engineers
• Security architects
• Security analysts

PowerShell is a task management framework that allows systems administrators to configure and automate tasks using scripting language and command-line shells. PowerShell’s task automation capabilities enable users to manage and enhance Windows environment security across their organization.

This instructor-led, live training (online or onsite) is aimed at SysAdmins, systems engineers, security architects, and security analysts who wish to write, execute, and deploy PowerShell scripts and commands to automate Windows security management in their organization.

By the end of this training, participants will be able to:

• Write and execute PowerShell commands to streamline Windows security tasks.
• Use PowerShell for remote command execution to run scripts on thousands of systems across an organization.
• Configure and harden Windows Server and Windows Firewall to protect systems from malware and attacks.
• Manage certificates and authentication to control user access and activity.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Introduction

Overview of Windows Security Using PowerShell Automation

Getting Started with PowerShell Automation

Using PowerShell Features for Windows Security

Writing PowerShell Scripts, Functions, and Modules

Executing PowerShell Commands and Scripts

Passing Arguments and Piping Data for PowerShell Scripts

Running Remote Command Shells

Integrating PowerShell Core with OpenSSH on Windows

Exploring PowerShell Just Enough Admin (JEA)

Deploying PowerShell, Group Policy, and Task Scheduler

Using PowerShell for Windows Management Instrumentation (WMI)

Using PowerShell for Active Directory Queries and Management

Server Hardening Automation with AppLocker Using PowerShell

Managing Windows Firewall Using PowerShell Scripting

Using IPsec to Share Permissions for Listening Ports

Working with PowerShell Transcription Logging, Windows Event Logs, and Namespace Auditing

Using Certificate Authentication and TLS Encryption

Configuring Public Key Infrastructure and Windows Certificates

Employing Multi-Factor Authentication Using Smart Cards and Tokens

Learning About Security Best Practices

Signing PowerShell Scripts Digitally

Writing a PowerShell Ransomware Script

Blocking Hackers and Ransomware Using Various Security Methods

Mitigating Kerberos Attacks, Remote Desktop Protocol Attacks, Security Access Token Abuse, and More

Deploying Anti-Exploitation Defenses for PowerShell

Summary and Conclusion