- My View
We've upgraded to Powershell 5 and want to begin securing Powershell such as restricting what cmdlets can be executed remotely and from where. Is there a list of istanbul/jakarta cmdlets executed by the Discovery process? When I look at a completed discovery, I see the WMI-Runner probes, but we've enabled Powershell on all our MID servers. Is new-pssession and get-wmiobject the only cmdlets I need to concern myself with?
Thanks Dan, I looked at those. Didn't see any that specifically called out
things like Installed Software, Windows Services, etc. so I got confused as
to what Powershell scripts would get those. Near as I could guess the
cmdlet is the get-wmiobject then somehow the WMIRunner entries get
invoked? The Powershell entries I can see if MSSQL, MySQL, et.al. were
On Wed, Jan 3, 2018 at 1:04 PM, danpatino <firstname.lastname@example.org