ak9999
/ Get Recovery Keys.ps1
Created
February 7, 2020 13:48
Retrieve BitLocker Recovery Keys From Active Directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate Report of BitLocker Status for Computers in the BitLocker Machines OU. | |
| # Sources: https://4sysops.com/archives/find-bitlocker-recovery-passwords-in-active-directory-with-powershell/ | |
| param([string]$OutputDirectory="~/Desktop",[string]$OrganizationalUnit=([adsi]'').distinguishedName) | |
| if(!([Security.Principal.WindowsPrincipal] ` | |
| [Security.Principal.WindowsIdentity]::GetCurrent() ` | |
| ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { | |
| Write-Host -ForegroundColor Yellow "Only Administrators can read BitLocker Recovery Keys." | |
| exit | |
| } | |
| $computers = Get-ADComputer -Filter * -SearchBase $OrganizationalUnit |
ak9999
/ Get BitLocker Info.ps1
Created
February 7, 2020 13:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate Report of BitLocker Status for Computers in the BitLocker Machines OU. | |
| param([string]$OutputDirectory="~/Desktop",[string]$OrganizationalUnit=([adsi]'').distinguishedName) | |
| if(!([Security.Principal.WindowsPrincipal] ` | |
| [Security.Principal.WindowsIdentity]::GetCurrent() ` | |
| ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { | |
| Write-Host -ForegroundColor Yellow "Only Administrators can read BitLocker Recovery Keys." | |
| exit | |
| } | |
| $computers = Get-ADComputer -Filter * -SearchBase $OrganizationalUnit | |
| $results = ForEach ($computer in $computers) { |
ak9999
/ DefineLocalAdminAccount.ps1
Created
September 21, 2019 23:51
Create or update a local administrator account, optionally choosing username and password.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param([string]$username='LocalAdministrator',[string]$password='P@ssw0rd!') | |
| $secure_password = $password | ConvertTo-SecureString -AsPlainText -Force | |
| try { | |
| $LocalUserObject = Get-LocalUser -Name $username -ErrorAction Stop | |
| } | |
| catch [Microsoft.PowerShell.Commands.UserNotFoundException] { | |
| "User $($username) Not Found" | Write-Warning | |
| } |
ak9999
/ UninstallLabTechAgent.ps1
Created
September 21, 2019 23:48
Uninstall LabTech and ScreenConnect Agents: For those who are having a hard time uninstalling the LabTech Agent from their computer, the first script will remove the LabTech Agent, and the second will remove ScreenConnect aka (ConnectWise Control).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $url = "https://s3.amazonaws.com/assets-cp/assets/Agent_Uninstaller.zip" | |
| $output = "C:\Windows\Temp\Agent_Uninstaller.zip" | |
| (New-Object System.Net.WebClient).DownloadFile($url, $output) | |
| # The below usage of Expand-Archive is only possible with PowerShell 5.0+ | |
| # Expand-Archive -LiteralPath C:\Windows\Temp\Agent_Uninstaller.zip -DestinationPath C:\Windows\Temp\LTAgentUninstaller -Force | |
| # Use .NET instead | |
| [System.Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") | Out-Null | |
| # Now we can expand the archive | |
| [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Windows\Temp\Agent_Uninstaller.zip', 'C:\Windows\Temp\LTAgentUninstaller') | |
| Start-Process -FilePath "C:\Windows\Temp\LTAgentUninstaller\Agent_Uninstall.exe" |
ak9999
/ remove_drivefileacls.py
Last active
August 23, 2019 00:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from csv import reader | |
| from collections import namedtuple | |
| import logging | |
| import subprocess | |
| # TODO: In the future this script should also possibly generate the data so that no other steps are required. | |
| # E.g.: | |
| # gam all users show filelist id alternateLink query "'[email protected]' in readers" > file.csv | |
| # gam all users show filelist id alternateLink query "'[email protected]' in writers" > file.csv |