It is NOT (repeat it is not) a TOOL.
It is an automation engine that relies on the Microsoft .NET Framework and involves the execution of cmdlets which are basically specialized .NET classes which implement specific operations.
It can however be used to perform a variety of functions on the Windows Platform. It can also be used to query data from Active Directory and to perform common day-to-day aspects of AD management.
One advantage of using Powershell is that it makes it easy for IT admins to derive greater value out of their efforts in scripting so they can automate (at least parts of) common day-to-day IT management and reporting tasks. It also lets IT admins leverage the work of other admins as these scripts can be shared with the community.
The disadvantage of PowerShell is that it relies largely on the development of scripts and even though it makes it easier to derive greater value from scripts, it certainly leaves the possibility of human error. It also takes additional effort to generate reports that are in a presentable fashion and decent enough for submission for any audit or as regulatory compliance evidence.
In my research, I have found that the disadvantages of PowerShell can be made up with a good Active Directory Audit/Reporting Tool. However, there are many Active Directory reporting tools out there and it is difficult to select one that's right for you. In case it helps, I've found the best collection of Active Directory security tools here.
+ Pros: Free, Can be used to simply day-to-day IT management tasks and perform basic AD reporting
- Cons: Limited in its ability to generate custom IT management and security reports (e.g. True Last Logon), Relies on scripts which can be prone to human-error, Relies on executing code written by someone else in a trusted environment
# Download Point: To install Powershell, you need to download and install the Windows Powershell Installation Package
Summary: PowerShell for Windows is very powerful and certainly help automate basic Active Directory reporting needs. However, there are still some things that are very difficult to do with PowerShell, such as how to correctly audit Active Directory permissions.
No comments:
Post a Comment