mortenya
mortenya
/ Backup-SecurityEventLog.ps1
Last active
August 29, 2015 14:16
From a few examples on StackOverflow I put together this POC script for backing up and zipping Windows Security Logs to save them for compliance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Function to zip the archived log, requires .NET 4.5 | |
| function zipFiles($sourceDir, $zipFileName) | |
| { | |
| Add-Type -Assembly System.IO.Compression.FileSystem | |
| $compressionLevel = [System.IO.Compression.CompressionLevel]::Optimal | |
| [System.IO.Compression.ZipFile]::CreateFromDirectory($sourceDir, $zipFileName, $compressionLevel, $false) | |
| } | |
| # Function to zip the archived log, requires 7zip (has command line version) | |
| function create-7zip([String] $sourceDir, [String] $zipFileName) |
mortenya
/ Get-DisabledInheritanceUsers.ps1
Last active
August 29, 2015 14:16
Had a number of users in my environment that had AdminCount=1 and Security Inheritance disabled, AdminCount was easy, enabling inheritance required a bit more work. This is so I don't forget how I did it. Seems to take a few minutes to replicate up where ADUC will see the changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## list of users, I wanted to control exactly what got modified. | |
| ## this command will get all the users we want to work with: | |
| ### Get-ADUser -Filter * -Properties nTSecurityDescriptor | ` | |
| ### where { $_.nTSecurityDescriptor.AreAccessRulesProtected -eq $true } | ` | |
| ### select Name,SamAccountName,DistinguishedName,nTSecurityDescriptor | |
| $users = Import-Csv C:\scripts\users.csv | |
| ## allows inheritance | |
| [bool]$isProtected = $false | |
| ## preserves inherited rules | |
| [bool]$PreserveInheritance = $true |
mortenya
/ Manage-EventLogArchives.ps1
Last active
August 29, 2015 14:17
I wanted to keep a log of all fileshare access, at the file access level, so I enabled 'Detailed File Share - Success' logging. 2 of my fileshares generate minimal logs, 1-2GB per day, but 1 of them is generating about 20GB or more (we need to evaluate usage...) so I'm running this script to trigger off Event ID 1105 (the Event Log has been arch…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Function to zip the archived log, requires 7zip (has command line version) | |
| function Create-7zip([String] $sourceDir, [String] $zipFileName) | |
| { | |
| [string]$pathToZipExe = "C:\scripts\7zip\7za.exe"; | |
| [Array]$arguments = "a", "-tzip", "$zipFileName", "$sourceDir", "-r"; | |
| & $pathToZipExe $arguments; | |
| } | |
| # get the event that containts the filename for the archived security log | |
| # for v3.0+ Get-WinEvent -LogName Security -MaxEvents 1 -Oldest |
mortenya
/ Send-AccountLockoutEmail.ps1
Created
April 17, 2015 21:10
I created this script to send a notification email about account lockouts. Just run as a Scheduled Task on all AD DCs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| For use in a scheduled task on an Active Directory Domain Controller | |
| Name: Lockout Email | |
| Trigger: On event - Log: Security, Source: Microsoft-Windows-Security-Auditing, Event ID: 4740 | |
| #> | |
| $AccountLockOutEvent = Get-EventLog -LogName "Security" -InstanceID 4740 -Newest 1 | |
| $LockedAccount = $($AccountLockOutEvent.ReplacementStrings[0]) | |
| $AccountLockedAt = $($AccountLockOutEvent.ReplacementStrings[1]) | |
| $AccountLockOutEventTime = $AccountLockOutEvent.TimeGenerated |
mortenya
/ Remove-OldIISLogs.ps1
Last active
September 26, 2024 15:14
Script to run as a Scheduled Task to clean out IIS logs older than 30 days.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Shamelessly liberated from http://foxdeploy.com/2015/02/11/automatically-delete-old-iis-logs-w-powershell/ | |
| Because it was better than my own. | |
| #> | |
| $LogPath = "C:\inetpub\logs" | |
| $maxDaystoKeep = -30 | |
| $outputPath = "c:\CleanupTask\Cleanup_Old_logs.log" | |
| $itemsToDelete = dir $LogPath -Recurse -File *.log | Where LastWriteTime -lt ((get-date).AddDays($maxDaystoKeep)) |
mortenya
/ Microsoft.PowerShell_profile.ps1
Last active
May 25, 2023 07:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if ($host.UI.RawUI.WindowTitle -like "Administrator:*") | |
| { | |
| Write-Host -ForegroundColor Green "PowerShell is running as 'Administrator'..." | |
| } else { | |
| Write-Host -ForegroundColor Magenta "PowerShell is not running as 'Administrator'..." | |
| } | |
| # check if current user is in BUILTIN\Administrators (from https://github.com/tomasr/dotfiles/blob/master/.profile.ps1) | |
| function Get-IsAdministrator | |
| { |
mortenya
/ Provision-TestLabDC.ps1
Last active
February 12, 2024 14:50
A PowerShell script to provision a DC with DNS and DHCP from a Server Core install
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| This is an attempt at a script to provision a DC VM in a disposable testlab | |
| This will also set the DC as authoritative time source, DHCP, and DNS server | |
| Windows Server® 2012 and 2012 R2 Core Network Guide | |
| https://gallery.technet.microsoft.com/Windows-Server-2012-and-7c5fe8ea | |
| #> | |
| # rename the computer and reboot, this isn't needed if using Vagrant | |
| #Rename-Computer -NewName newhost -Restart -Force |
mortenya
/ Get-LocalAdministrators.ps1
Created
June 29, 2015 17:48
This script will query the computers in (Get-ADComputer -Filter *) and then output the members of BUILTIN\Administrators to c:\psresults\ListOfLocalAdministratorsGroup.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #The Third section will query each computer in the ListOfComputers.txt to get the members of the local group Administrators | |
| #$Servers = (Get-ADComputer -Filter *).name | |
| $output = 'c:\psresults\ListOfLocalAdministratorsGroup.txt' | |
| $results = New-Object System.Collections.ArrayList | |
| $objSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544") | |
| $objgroup = $objSID.Translate([System.Security.Principal.NTAccount]) | |
| $objgroupname = ($objgroup.Value).Split("\")[1] | |
| foreach($server in (Get-ADComputer -Filter *).name) |
mortenya
/ Get-GWArchive.ps1
Created
November 17, 2015 00:57
This little script crawls a file share and adds the file size for GroupWise Archives. I split the name out from the path, but that's unique to my environment. The last bit converts the number to a readable format, and groups duplicate entries.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $tSize = 0 | |
| Get-ChildItem -Path \\personal\users\ -Directory -Filter "of*arc" -Exclude '* *' -Recurse | % { | |
| $pSize = 0 | |
| Get-ChildItem $_.FullName -File -Recurse | % { | |
| $pSize += $_.Length | |
| $tSize += $_.Length | |
| } | |
| $pProps = New-Object psobject -Property @{ | |
| 'user'=$(($_.FullName -split '\\')[4]); | |
| 'size'=$($pSize) |
mortenya
/ Add-SystemToFolderACL.ps1
Created
February 17, 2016 16:19
This is more of a POC on adding or editing ACLs via PowerShell. This will add the account 'NT AUTHORITY\System' to have FullControl access to the folder in question. This also is looking for a specific UNC, but that can easily be edited.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| This Function will add "NT Authority\SYSTEM" to a folder ACL. | |
| .DESCRIPTION | |
| This Function will add "NT Authority\SYSTEM" to a folder ACL, specifically to \\folder\path\. | |
| .EXAMPLE | |
| Add-SystemToFolderACL \\folder\path\user1 | |
| .EXAMPLE | |
| Add-SystemToFolderACL user1,user2 | |
| #> |