Ricc Babbitt ScriptingPro
ScriptingPro
/ Save-Credential.ps1
Created
November 28, 2018 00:10
save powershell credential to xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| powershell save credentials to xml file | |
| export-clixml powershell credentials | |
| powershell save credentials to disk | |
| powershell script credential file | |
| powershell write credential to file | |
| #> | |
| # this way for v4 | |
| function savecred |
ScriptingPro
/ get linked attributes.ps1
Last active
March 8, 2019 21:54
look in AD schema and list all linked attributes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Schema = [DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Schema | |
| $Schema.FindAllProperties() | ?{$_.link} |
ScriptingPro
/ Uninstall BeyondTrust PowerBroker.ps1
Created
October 15, 2019 00:14
Uninstall BeyondTrust PowerBroker from Windows System
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PBIS / Likewise / PowerBroker | |
| # Removes PowerBroker and leftover registry and file remnants | |
| Invoke-Expression 'C:\Windows\SysWOW64\msiexec.exe /x {0972AA62-BF13-4B6E-9AD2-1C290A1AFB65}' | |
| Remove-Item -Path "C:\Program Files\BeyondTrust" -Recurse -Force # get rid of the leftovers | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | |
| Get-ChildItem HKCR:\CLSID | ?{$_.Property -contains "(default)"} | Get-ItemProperty -name "(default)" | ?{$_.'(default)' -like "Centeris.Likewise*"} | Remove-Item -Recurse | |
| Get-ChildItem HKCR:\Record -Recurse | ?{$_.Property -contains "Class"} | Get-ItemProperty -name "Class" | ?{$_.Class -like "Centeris.Likewise*"} | %{Remove-Item $_.PSParentPath -Recurse} | |
| Remove-Item "HKCR:\Centeris.Likewise.Auth.FindShellExt.ShellExtensionBridge" -Recurse | |
| Get-ChildItem HKCR:\CLSID -Recurse | ?{$_.Property -contains "Class"} | Get-ItemProperty -name "Class" | ?{$_.Class -like "Centeris.Likewise*"} | %{Get-Item $_.psparentpath | %{remove-item $_.psparentpath -Recurse }} |
ScriptingPro
/ Remove_EVERYONE.ps1
Last active
February 3, 2020 21:23
Remove Any Explicitly Defined Permissions for EVERYONE Security Principal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this removes only non-inherited "EVERYONE" user recursively from folders | |
| # execute this from the starting directory | |
| gci -Recurse -Directory | %{ | |
| $Descriptor = Get-Acl $_.FullName | |
| $Access2Remove = $Descriptor.Access | ?{$_.IdentityReference -eq 'Everyone' -and $_.IsInherited -eq $false} | |
| if($Access2Remove){ | |
| $Descriptor.RemoveAccessRule($Access2Remove) | |
| Set-Acl -Path $_.FullName -AclObject $Descriptor | |
| } |
ScriptingPro
/ Remove_EVERYONE+Inherited.ps1
Last active
February 3, 2020 22:07
Removes Everyone including Inherited Everyone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # run as admin | |
| # USE WITH CAUTION and test for desired results | |
| gci -Recurse -Directory | %{ | |
| $Descriptor = Get-Acl $_.FullName | |
| # first look for inherited access to we can disable inheritance and copy the AuthorizationRuleCollection | |
| $InheritedAccess2Remove = $Descriptor.Access | ?{$_.IdentityReference -eq 'Everyone' -and $_.IsInherited -eq $true} | |
| if($InheritedAccess2Remove){ | |
| $Descriptor.SetAccessRuleProtection($True, $True) | |
| Set-Acl -Path $_.FullName -AclObject $Descriptor | |
| } |
ScriptingPro
/ Get-Local-Group-Members.ps1
Created
May 25, 2022 16:18
get local group members powershell remote computer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PS C:\Windows\system32> $htVmDatacenters.Values | %{ | |
| Get-WmiObject -ComputerName $_.Replace("`$", '') -Query "SELECT * FROM Win32_GroupUser" | ?{([WMI]$_.GroupComponent).Caption -like "*\Administrators"} | %{ | |
| $PartComponent = $_.PartComponent -replace "^.*\\cimv2:","Class=" -replace '"','' -replace "[\.,]",[environment]::NewLine | ConvertFrom-StringData | |
| [PSCustomObject]@{ | |
| LocalGroup = ([WMI]$_.GroupComponent).Caption | |
| Member = "$($PartComponent.Domain)\$($PartComponent.Name)" | |
| } | |
| } | |
| } |
ScriptingPro
/ LockoutFinder.ps1
Last active
February 16, 2024 00:41
Find the source of AD user's account lockouts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module ActiveDirectory | |
| $samID = "USERIDHERE" | |
| $Host.UI.RawUI.WindowTitle = "Finding lockouts for $samID" #change window title just incase we have multiple running | |
| $DCs = Get-ADDomainController -Filter * | select -ExpandProperty name | |
| # do infinite loop, sleeping for 60 seconds each iteration, and when i find the account locked search for lockout source and log it | |
| do{ |
ScriptingPro
/ Compare-RDG-Files.ps1
Created
July 26, 2022 12:19
Compare two Remote Desktop Connection Manager RDG files and find out what's different
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Flatten-RDGFile | |
| { | |
| Param | |
| ( | |
| # Param1 help description | |
| [Parameter(Mandatory=$true)] | |
| [string]$RDGFile | |
| ) |
ScriptingPro
/ Validate AD SRV DNS Records.ps1
Last active
February 16, 2024 00:41
Check Active Directory DNS SRV Records
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # validate srv records | |
| $domain = 'contoso.com' | |
| $sites = 'Dallas','Austin','Houston' | |
| foreach($site in $sites){ | |
| @" | |
| _kerberos._udp.$domain | |
| _kpasswd._udp.$domain | |
| _gc._tcp.$domain |
ScriptingPro
/ Active_Directory_Port_Check.ps1
Created
November 16, 2022 22:35
Check if necessary AD Ports are Open using PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TargetDC = “dc1.contoso.com” | |
| Test-NetConnection -ComputerName $TargetDC -Port 88 # Kerberos | |
| Test-NetConnection -ComputerName $TargetDC -Port 135 # RPC | |
| Test-NetConnection -ComputerName $TargetDC -Port 139 # NetBIOS SS | |
| Test-NetConnection -ComputerName $TargetDC -Port 389 # LDAP |