This is a PowerShell Module with functions and cmdlets related to Windows and application security. It unites multiple handy tools into one module.
You can invoke PowerShell scripts or script blocks in an elevated context with sudo or test your credentials against the local system or an Active Directory domain with Test-Credential.
With the security activity and audit policy cmdlets, you can get the security related configuration of security audit events in the Audit Policy and check the latest activity on the target computer.
With the Vault cmdlets, you can interact with the Windows Credential Manager to store and received PowerShell credentials and secure strings.
The Impersonation cmdlets allow you to impersonate another user in the current session. With this, you can execute certain commands as another user account.
-
Get-VaultEntry With this cmdlet, the entires form the Windows Credential Manager vault can be retrieved. The entries contain a PSCredential object and all additional metadata like target name, type and persistence location.
-
Get-VaultCredential This cmdlet works similar like the Get-VaultEntry, but returns only a native PSCredential object without additional metadata. This is useful if just the simple PSCredential object is required.
-
Get-VaultSecureString This cmdlet works similar like the Get-VaultEntry, but returns only a native secure string object containing the password without additional metadata. This is useful if just the simple secure string object is required.
-
New-VaultEntry
Create a new entry in the Windows Credential Manager vault. The credential type and persist location can be specified. By default, a generic entry with no special purpose is created on the local machine persist location. It will not override existing entries. -
Update-VaultEntry Update an existing entry in the Windows Credential Manager vault. The credential target name and type are required to identify the entry to update. The persist location and the credentials (or username/password) can be updated.
-
Remove-VaultEntry Remove an existing entry in the Windows Credential Manager vault. The cmdlet accepts pipeline input with credential entry objects.
-
Use-VaultCredential Get the PSCredential object from the Windows Credential Manager vault or query the caller to enter the credentials. These credentials will be stored in the vault.
-
Get-SecurityAuditPolicy List the current local security audit policy settings. It will execute the auditpol.exe command and parse the result into objects.
-
Get-SecurityAuditPolicySetting Return the value of one security audit policy setting. It will use the Get-SecurityAuditPolicy cmdlet and just filter and expand the result.
-
Get-ImpersonationContext Get the current impersonation context and the active windows identity.
-
Push-ImpersonationContext Create a new impersonation context by using the specified credentials. All following commands will be executed as the specified user until the context is closed.
-
Pop-ImpersonationContext Leave the current impersonation context.
-
Invoke-Elevated Invoke a script block or an executable in an elevated session. It will handle the parameter passing into the elevated session and return the result as object to the caller. Because it's running in a different elevated process, XML serialization is used to return the result. The cmdlet has the alias sudo, as used on *nix systems.
-
Invoke-PowerShell Start a new PowerShell Console session with alternative credentials. The cmdlet has the alias posh.
-
Get-TimeBasedOneTimePassword Generate a Time-Base One-Time Password based on RFC 6238. The aliases Get-TOTP or totp can also be used.
-
Test-Credential With this cmdlet, credential objects or username and password pairs can be tested, if they are valid. With the method parameter, it's possible to choose how the credentials are validated (start process, Active Directory). Be aware, multiple testing with wrong credentials can lock out the used account depending on your security settings.
-
Get-SecurityActivity Get security and life-cycle related events on the target computer like start up / shutdown, user log on / log off, workstation locked /unlocked, session reconnected / disconnected and screen saver invoke / dismiss.
-
Protect-String Convert a string into a secure string.
-
Unprotect-SecureString Convert a secure string into a string.
-
Get-TrustedHost Get trusted host list entries.
-
Add-TrustedHost Add an entry to the trusted host list.
-
Remove-TrustedHost Remove an entry from the trusted host list.
Please find all versions in the GitHub Releases section and the release notes in the CHANGELOG.md file.
Use the following command to install the module from the PowerShell Gallery, if the PackageManagement and PowerShellGet modules are available:
# Download and install the module
Install-Module -Name 'SecurityFever'Alternatively, download the latest release from GitHub and install the module manually on your local system:
- Download the latest release from GitHub as a ZIP file: GitHub Releases
- Extract the module and install it: Installing a PowerShell Module
The following minimum requirements are necessary to use this module, or in other words are used to test this module:
- Windows PowerShell 3.0
- Windows Server 2008 R2 / Windows 7
Please feel free to contribute by opening new issues or providing pull requests. For the best development experience, open this project as a folder in Visual Studio Code and ensure that the PowerShell extension is installed.
- Visual Studio Code with the PowerShell Extension
- Pester, PSScriptAnalyzer and psake PowerShell Modules