Keith Templin Torxsmind
Torxsmind
/ get_oldest_and_newest_defender_logs
Created
June 16, 2020 20:46
get oldest and newest logs from log analytics
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let oldest = ProtectionStatus | |
| | where TimeGenerated < ago(1h) | |
| | top 10 by TimeGenerated desc; | |
| let newest = ProtectionStatus | |
| | where TimeGenerated < ago(1h) | |
| | top 10 by TimeGenerated asc; | |
| union oldest, newest |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SigninLogs | |
| | where Status contains "MFA" | |
| | project TimeGenerated,OperationName,ResultDescription,AuthenticationRequirement,Status.additionalDetails,AuthenticationDetails,ConditionalAccessPolicies |
Torxsmind
/ get-aduser-password-dates.ps1
Created
April 20, 2020 19:33
Get Domain User's password dates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $now = Get-Date -UFormat "%Y-%m-%d_%H-%M-%S" | |
| $filepath = 'C:\temp\AD_User_password_dates_' + $now + '.csv' | |
| $ADUsers = Get-ADUser ` | |
| -Searchbase "OU=A,DC=domain,DC=com" ` | |
| -Filter {PasswordExpired -eq "False" -and PasswordNeverExpires -eq "False" -and Enabled -eq "True"} ` | |
| –Properties "DisplayName", "DistinguishedName", "msDS-UserPasswordExpiryTimeComputed", "passwordlastset", "PasswordExpired", "PasswordNeverExpires", "Enabled" ` | |
| | Where-Object {($_.DistinguishedName -notmatch "OU=1,OU=A,DC=domain,DC=com") ` | |
| -and ($_.DistinguishedName -notmatch "OU=A,OU=2,OU=A,DC=domain,DC=com") ` | |
| -and ($_.DistinguishedName -notmatch "OU=B,OU=2,OU=A,DC=domain,DC=com") ` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $now = Get-Date -UFormat "%Y-%m-%d_%H-%M-%S" | |
| $filepath = 'C:\temp\Azure_vnet_export_' + $now + '.csv' | |
| $subs = Get-AzSubscription | |
| foreach ($sub in $subs) { | |
| Select-AzSubscription -Subscription $sub.Name | |
| $VNETs = Get-AzVirtualNetwork | |
| foreach ($VNET in $VNETs) { | |
| $subnets = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet | |
| foreach ($subnet in $Subnets) { |
Torxsmind
/ Bypass_Windows_Store_GPO_Block.reg
Created
April 17, 2020 13:18
Bypass_Windows_Store_GPO_Block
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore] | |
| "DisableStoreApps"=dword:00000000 | |
| "RemoveWindowsStore"=dword:00000000 | |
| [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsStore] | |
| "DisableStoreApps"=dword:00000000 | |
| "RemoveWindowsStore"=dword:00000000 |
Torxsmind
/ Azure_Get-AzPublicIpAddress_All_Subscriptions.ps1
Last active
April 5, 2020 02:28
Get all Azure Public IPs from all subscriptions that the current in user has access to.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $now = Get-Date -UFormat "%Y-%m-%d_%H-%M-%S" | |
| $filepath = 'C:\temp\Azure_PIP_export_' + $now + '.csv' | |
| $subs = Get-AzSubscription | |
| foreach ($sub in $subs) { | |
| Select-AzSubscription -Subscription $sub.Name | |
| Get-AzPublicIpAddress ` | |
| | Select-Object -Property Name, ResourceGroupName, IpAddress, ` | |
| @{label='FQDN';expression={$_.DnsSettings.Fqdn}}, ` |
Torxsmind
/ Powershell_create_scheduled_service_restart
Created
March 9, 2020 21:55
Powershell to create a automated service restart
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $settings = New-ScheduledTaskSettingsSet ` | |
| –AllowStartIfOnBatteries ` | |
| –DontStopIfGoingOnBatteries ` | |
| -Hidden ` | |
| -ExecutionTimeLimit (New-TimeSpan -Minutes 5) ` | |
| -RestartCount 3 | |
| $Time = New-ScheduledTaskTrigger -At 01:00 -Daily | |
| $PS = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "Restart-Service -Name Spooler" | |
| Register-ScheduledTask -TaskName "Restart-Service-Spooler" -Trigger $Time -Action $PS -Settings $settings -User System |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import-module MSOnline | |
| Connect-MsolService | |
| $now = Get-Date -UFormat "%Y-%m-%d_%H-%M-%S" | |
| $filepath = 'C:\temp\MFA_Users_' + $now + '.csv' | |
| Get-MsolUser -All | Select-Object UserPrincipalName, DisplayName, Title, | |
| @{n="MFA"; e={$_.StrongAuthenticationRequirements.State}}, | |
| @{n="Default Method"; e={($_.StrongAuthenticationMethods | where-object isdefault -eq 'true').MethodType}}, | |
| @{n="Methods"; e={($_.StrongAuthenticationMethods).MethodType}} | Export-Csv -Path $filepath -NoTypeInformation |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AzureDiagnostics | |
| | where ResourceProvider == "MICROSOFT.NETWORK" | |
| | where Category == "NetworkSecurityGroupEvent" | |
| | where direction_s == "In" and type_s == "block" |
Torxsmind
/ gist:9988f6f33133fbd1ad6ae595fc468eec
Created
January 24, 2020 21:21
O365 Litigation Hold Export
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-Mailbox -ResultSize Unlimited | Where {$_.LitigationHoldEnabled -match "True"} | Select Name,LitigationHoldDate,AccountDisabled | Sort-Object Name | Export-CSV -Path c:\temp\lit-hold.csv |