Articles and Ideas

PowerShell: Disable POSIX subsystem

Posted by:

PowerShell: Disable POSIX subsystem

I have been instructed by Auditors to disable unwanted POSIX subsystem on many servers not needing it. I have been given a list of server names on which I had to disable POSIX.
Again, the PowerShell kicked in. Just to demonstrate the importance of PowerShell usage I will explain how you can disable POSIX subsystem manually:

You need to change local group policy on each individual server!
The manual way would require RDC login to each server, and change in Local GP – let’s say – 5 minutes per server. I had in this task involved more than 200 servers. That is around full 3 days’ work!

GPO Posix SubsystemNavigate to Local Computer PolicyComputer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options in Local Security Policies, double click System settings: Optional subsystems, delete Posix value and click OK.

By setting this GPO we are actually changing the MULTI_SZ Registry key’s value located at HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ SubSystems \ Optional.

We can simply use PowerShell to navigate to that key and delete its value. In PowerShell you can navigate through various system objects (Registry, Certificates, etc.) like going through file system. Use Get-PSDrive cmdlet to see all possibilities. So we will use the following command to achieve this:

So I have built this PowerShell script to automate process since all of my servers had WinRM enabled and configured. It took me 15 minutes to develop script and everything went smooth in 1 hour time. To use it on all of the servers provided by Auditors in txt file, the script goes as follows:

Have fun exploring PowerShell on your own!

0


Predrag Mirjanić

About the Author:

I am capable of working as an engineer on complicated projects or as a "one-man band" bringing the project from scratch to successful fruition. Regarding my technical skills I have quite a lot to offer. Primarily I am a Systems Administrator (Engineer). I have acquired experience in the field by installing, implementing and administering many different Microsoft based network setups in large ICT environments, in diverse industry and government companies. I am familiar with older operating systems including Linux/UNIX based systems. I have designed, installed and implemented different technologies like: Exchange, IP CCTV, BES, SCCM (specifically ZTI), network QoS optimization, and much more. I have good experience with virtualized environments (Microsoft based). I can apply my skills to help automate processes in order to reduce administrative overheads and/or human errors. I am in process of developing WAMP based (Windows, Apache, MySQL and PHP) intranet (company-wide) social networking site for document and project management purposes. Engineering hardware based cloud (powered by Linux OS) for purposes of rendering video material. Also programming several different RouterOS based MikroTik routers to deliver ultimate network management solution (QoS, bandwidth control, L7 protocol traffic control etc.).

Add a Comment