We can implement auditing using Windows PowerShell with the Get-Acl and Set-Acl cmdlets. These allow us to view and modify the auditing options of a file or folder in Windows. While this can also be done through the graphical user interface, using PowerShell allows us to script such actions, as well as some extra functionality such as copying the auditing settings from one object to another.
This post will show you how to enable and configure module, script block, and transcription logging in Windows PowerShell. Module logging allows you to specify the PowerShell modules that you want to log. Script block stores PowerShell commands that are run without the output, while transcription logging records the PowerShell commands that are run along with the full result of the command.
We can configure Windows Defender scans using Windows PowerShell as an alternative to configuring them through the graphical user interface. This allows us to integrate Windows Defender features into PowerShell scripts, and configure settings that are not available through the graphical user interface.
Earlier this month Microsoft announced that PowerShell had been open sourced and would be available for use in Linux. As a result of this, PowerShell is now available for Ubuntu 14.04 and 16.04, CentOS/RHEL 7, and macOS 10.11.
If your first thought is along the lines of “who would use this abomination?”, then you’re in good company. My best thought at who this is targeted towards is the Windows system administrator that needs to be able to manage Linux systems as they are likely already quite familiar with PowerShell and perhaps unwilling to change.
Personally I’d look at using a tool such as Puppet for managing systems running various operating systems, however here’s how you can install PowerShell in Linux should you want to take this path.