Defender Management Shell, built on Microsoft Windows PowerShell technology, provides a command-line interface that enables automation of Defender administrative tasks. With the Defender Management Shell, administrators can perform token-related tasks such as assigning tokens to users, assigning PINs, or checking for expired tokens.
The Defender Management Shell command-line tools (cmdlets), like Windows PowerShell cmdlets, are designed to deal with objects—structured information that is more than just a string of characters appearing on the screen. The cmdlets do not use text as the basis for interaction with the system, but use an object model that is based on the Microsoft .NET platform. In contrast to traditional, text-based commands, the cmdlets do not require the use of text-processing tools to extract specific information. Rather, you can access required data directly by using standard Windows PowerShell object manipulation commands.
Before installing the Defender Management Shell feature, make sure your computer meets the system requirements described in the Defender Release Notes.
All cmdlets are presented in verb-noun pairs. The verb-noun pair is separated by a hyphen (-) without spaces, and the cmdlet nouns are always singular. The verb refers to the action that the cmdlet performs. The noun identifies the entity on which the action is performed. For example, in the Add-TokenToUser cmdlet name, the verb is Add and the noun is TokenToUser.
To install the Defender Management Shell
- In the Defender distribution package, open the Setup folder, and run the Defender.exe file.
- Complete the Defender Setup Wizard.
When stepping through the wizard, make sure to select the Defender Management Shell feature for installation. For more information about the wizard steps and options, see Defender Setup Wizard reference.
To uninstall the Defender Management Shell
- Open the list of installed programs (appwiz.cpl).
- In the list, click to select the Defender entry.
- At the top of the list, click the Change button and step through the wizard that starts.
- In the Change, Repair, or Remove Installation step, click the Change button.
- In the Select Features step, click the Defender Management Shell feature, and then click Entire feature will be unavailable.
- Complete the wizard.
You can open the Defender Management Shell by using either of the following procedures. Each procedure loads the Defender Management Shell snap-in into Windows PowerShell. If you do not load the Defender Management Shell snap-in before you run a command (cmdlet) provided by that snap-in, you will receive an error.
To open the Defender Management Shell
- Start a 32-bit version of Windows PowerShell.
- At the Windows PowerShell prompt, enter the following command:
Add-PSSnapin OneIdentity.Defender.AdminTools
Alternatively, you can complete the following steps related to your version of Windows:
Table 33:
Alternative steps to open the Management Shell
|
On the Apps screen (Windows logo key + Q), click the Defender Management Shell tile. |
- Click the Windows Start button, and then scroll through the alphabetical list on the left.
- Click One Identity to expand the list of components of Defender products installed on the system.
- Click Defender Management Shell.
|
Upon the shell start, the console may display a message stating that a certain file published by One Identity is not trusted on your system. This security message indicates that the certificate the file is digitally signed with is not trusted on your computer, so the console requires you to enable trust for the certificate issuer before the file can be run. Either press R (Run once) or A (Always run). To prevent this message from appearing in the future, it is advisable to choose the second option (A).
