This is a brain dump of the steps needed to utilise Kansa at its best.
- Sysinternals
- handle.exe
- autorunsc.exe
- LogParser
- Ensure PowerShell 3.0 or later is deployed domain wide
- On investigator machine install
handle.exeandautorunssc.exefrom Sysinternals (ideally into C:\Windows) - Check the kansa
\bin\folder to ensure any deployable executables are stored - On the investigator machine install
Logparserfrom Microsoft - Ensure all target machines have WinRM enabled (
winrm quickconfig) - Create a hosts file listing all the targeted machines
- edit the
Modules\Modules.conffile to match needs- Comment out any which cause errors
- Check ones which need specific binaries
- edit the
Analysis\Analysis.conffile to match needs
kansa.ps1 -TargetList .\hosts.txt -ModulePath .\Modules -PushBin -RmBin -Verbose -Analysis