commit 9161956fa7c7d0e334c5b77ffbc926051462d639 Author: djorgensen Date: Thu Nov 6 16:27:37 2025 -0700 Add pastejunk.txt diff --git a/pastejunk.txt b/pastejunk.txt new file mode 100644 index 0000000..719425e --- /dev/null +++ b/pastejunk.txt @@ -0,0 +1,206 @@ +Import-Module ActiveDirectory + +Get-Aduser -Identity xxxxxx + +Unlock-ADAccount -Identity xxxxxx + +Set-ADAccountPassword -Identity xxxxxx -NewPassword (ConvertTo-SecureString -AsPlainText "Winter22" -Force) -PassThru +Set-Aduser -Identity xxxxxx -ChangePasswordAtLogon $true + + +$userlist = Import-Csv c:\temp\adusers_list-updated.csv +foreach ($Account in $userlist) { + $Account.samaccountname +Set-Aduser -Identity $Account.samaccountname -PasswordNeverExpires $false -ChangePasswordAtLogon $true +} + + +//get groups from ad user +(Get-ADUser xxxxxxxx –Properties MemberOf).memberof | Get-ADGroup | Select-Object name + +------------------------------------------------ +## access exchange + Set-ExecutionPolicy RemoteSigned + + $UserCredential = Get-Credential + + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mg-data4.milltech-group.com/PowerShell/ -Authentication Kerberos -Credential $UserCredential + + Import-PSSession $Session -DisableNameChecking + +------------------------------------------------- + +Fortigate ssh -- like cisco, sort of +https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/969597/firewall-address-address6 +https://docs.fortinet.com/document/fortigate/7.0.0/cli-reference/254620/config-firewall-address + +config firewall address +edit [NAME] +set subnet x.x.x.x x.x.x.x + +#run install for zabbix agent through powershell +c:\zabbix\zabbix_agentd.exe -c c:\zabbix\zabbix_agentd.conf -i + + +# Load Exchange Management Shell PowerShell Snap-In +Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn +Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | Set-User -RemotePowerShellEnabled $false +Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | ft Name,UserPrincipalName +Set-User -Identity "userprincipalname" -RemotePowerShellEnabled $true + + + +# Allow Remote PowerShell Group +$AllowRPSGroup = "MG-AllowRemotePS" + +# Get all users with enabled Remote PowerShell +$AllUsers = Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | select SamAccountName, RemotePowerShellEnabled + +# Get all users from AllowRPSGroup +$AllowUsers = Get-ADGroupMember $AllowRPSGroup -Recursive | ForEach-Object { Get-User -Identity $_.SamAccountName | select SamAccountName, RemotePowerShellEnabled } + +# Enable Remote PowerShell for allowed users +foreach ($AllowUser in $AllowUsers) { + if ($AllowUser.RemotePowerShellEnabled -eq $false) { + Set-User $AllowUser.SamAccountName -RemotePowerShellEnabled $true + } +} + +# Disable Remote PowerShell for all users +foreach ($User in $AllUsers) { + if ($AllowUsers.SamAccountName -notcontains $User.SamAccountName) { + Set-User $User.SamAccountName -RemotePowerShellEnabled $false + } +} + + + +#graylog search +NOT srcip:fe80\: AND NOT dstip:128.50.255.255 AND NOT SourceName:IIS AND NOT dstip:255.255.255.255 AND NOT full_message:"The following fatal alert was received: 46." + +#remote computer management ps +compmgmt.msc /computer:SYS-151 + +e6815f0d6cd00557f1369ba88c43d771f75137a22d49ba02c341d0a136c8c66f +dSlesAHo2duNsvel7fUr05tsQz96DO2iLUV7xzeHBvyfNPq7FLODEyVPhHA8hlXWYL50p7WTEf40tyJHuYKuV9H8V3KdMNGb + + +Get-WmiObject Win32_logicaldisk -ComputerName SYS-138 ` +| Format-Table DeviceID, ` +@{Name="Drive Size(GB)";Expression={[decimal]("{0:N0}" -f($_.size/1gb))}}, ` +@{Name="Drive Free Space(GB)";Expression={[decimal]("{0:N0}" -f($_.freespace/1gb))}}, ` +@{Name="Drive Free pct";Expression={"{0,6:P0}" -f(($_.freespace/1gb) / ($_.size/1gb))}} ` +-AutoSize + + +$output = Get-WmiObject -Query "select * from Win32_Product Where NOT Name Like 'Adobe Acrobat%' AND NOT Name Like 'Office%' AND NOT Name Like 'Auto%' AND NOT Name Like 'Microsoft%' AND NOT Name Like 'Windows%' AND NOT Name Like 'Dell%'" -ComputerName $computer | select InstallDate, Name, Version, PSComputerName | Out-String; + + +$registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', 'SYS-169') +$registryKey= $registry.OpenSubKey("Software") +Invoke-Command -cn $pcname -ScriptBlock {Get-Itemproperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate } + + +Get-CimInstance -Filter 'NAME LIKE "%1C%"' -ClassName 'Win32_Product' | + Select -ExpandProperty 'Version' + +-------------------------------------------- + +#kill open files in powershell +$sessn = New-CIMSession -Computername mg-hal1 +Get-SMBOpenFile -CIMSession $sessn |select ClientUserName,Locks,Path,SessionID,FileID | Out-GridView -PassThru –title “Select Open Files”|Close-SmbOpenFile -CIMSession $sessn -Confirm:$true -Verbose + + +Get-SMBOpenFile -CIMSession $sessn |Where-Object {$_.Path -Like “*.msg*”} |select ClientUserName,Locks,Path,SessionID,FileID | Out-GridView -PassThru –title “Select Open Files”|Close-SmbOpenFile -CIMSession $sessn -Confirm:$true -Verbose + +Where-Object {$_.Path -Like “*.msg*”} + + +useradd -m -G sudo ansible +su -c "mkdir -p ~/.ssh/" ansible +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBX2aDGxUt1lLO4IQf2O0RaAUv+FjX6Dlt68KJTd22pk ansible@ansible" >> /home/ansible/.ssh/authorized_keys +chown ansible:ansible /home/ansible/.ssh/authorized_keys +chmod 664 /home/ansible/.ssh/authorized_keys +echo -e "Include /etc/ssh/sshd_config.d/*.conf\nPort 22\nLoginGraceTime 2m\nPermitRootLogin no\nStrictModes yes\nMaxAuthTries 6\nMaxSessions 10\nPasswordAuthentication no\nPubkeyAuthentication yes\nAllowUsers djorgensen ansible\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nX11Forwarding yes\nPrintMotd no\nAcceptEnv LANG LC_*\nSubsystem sftp /usr/lib/openssh/sftp-server\n" | tee /etc/ssh/sshd_config +systemctl restart sshd +systemctl status sshd + + + +$pcname="sys-155" +$list=@() +$InstalledSoftwareKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" +$InstalledSoftware=[microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$pcname) +$RegistryKey=$InstalledSoftware.OpenSubKey($InstalledSoftwareKey) +$SubKeys=$RegistryKey.GetSubKeyNames() +Foreach ($key in $SubKeys){ +$thisKey=$InstalledSoftwareKey+"\\"+$key +$thisSubKey=$InstalledSoftware.OpenSubKey($thisKey) +$obj = New-Object PSObject +$obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $pcname +$obj | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $($thisSubKey.GetValue("DisplayName")) +$obj | Add-Member -MemberType NoteProperty -Name "DisplayVersion" -Value $($thisSubKey.GetValue("DisplayVersion")) +$obj | Add-Member -MemberType NoteProperty -Name "InstallDate" -Value $($thisSubKey.GetValue("InstallDate")) +$list += $obj +} +$list | where { $_.DisplayName } | select ComputerName, DisplayName, DisplayVersion, InstallDate | FT + + +Invoke-Command -cn $pcname -ScriptBlock {Get-Itemproperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate } + + +$program = Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | Get-ItemProperty | Where-Object {$_.DisplayName -match "Autodesk" } | Select-Object -Property DisplayName, Uninstallstring, QuietUninstallString + +start-process cmd.exe -argumentlist "/c ""$($prog.quietUninstallString) /norestart""" -Wait + + + +zabbix +token id: zabbix@pam!zabbix +secret: ea502580-3891-43ca-bc28-cc613decb475 + + +useradd -m -G sudo ansible +su -c "mkdir -p ~/.ssh/" ansible +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBX2aDGxUt1lLO4IQf2O0RaAUv+FjX6Dlt68KJTd22pk ansible@ansible" >> /home/ansible/.ssh/authorized_keys +chown ansible:ansible /home/ansible/.ssh/authorized_keys +chmod 664 /home/ansible/.ssh/authorized_keys +echo -e "Include /etc/ssh/sshd_config.d/*.conf\nPort 22\nLoginGraceTime 2m\nPermitRootLogin no\nStrictModes yes\nMaxAuthTries 6\nMaxSessions 10\nPasswordAuthentication no\nPubkeyAuthentication yes\nAllowUsers djorgensen ansible\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nX11Forwarding yes\nPrintMotd no\nAcceptEnv LANG LC_*\nSubsystem sftp /usr/lib/openssh/sftp-server\n" | tee /etc/ssh/sshd_config +systemctl restart sshd +systemctl status sshd +apt install sudo -y +passwd ansible + + + + + +$computer="MG-ENGINEERING2" +$cimSession = New-CimSession -ComputerName $computer -SessionOption (New-CimSessionOption -Protocol Dcom) +Invoke-CimMethod -CimSession $cimSession -ClassName Win32_Process -MethodName Create -Arguments @{ commandline = 'C:\Windows\system32\winrm.cmd quickconfig -quiet' } +Invoke-CimMethod -CimSession $cimSession -query 'select * from win32_service where name = "winrm"' -MethodName startservice +Get-CimInstance -ComputerName $computer -class win32_bios | Select SerialNumber +Get-CimInstance Win32_OperatingSystem -ComputerName $computer | Select-Object Caption +Get-CimInstance Win32_Processor -ComputerName $computer | Select-Object DeviceID, Name +(Get-CimInstance Win32_PhysicalMemory -ComputerName $computer | Measure-Object -Property capacity -Sum).sum /1gb +get-ciminstance win32_diskdrive -ComputerName $computer |Select-Object -ExpandProperty Status +Invoke-CimMethod -CimSession $cimSession -query 'select * from win32_service where name = "winrm"' -MethodName stopservice + + + Get-CimInstance -Name root\cimv2\power -Class win32_PowerPlan + +Import-Module ExchangeOnlineManagement +Connect-ExchangeOnline -UserPrincipalName [-ExchangeEnvironmentName ] [-ShowBanner:$false] [-DelegatedOrganization ] [-SkipLoadingFormatData] + +Set-CASMailbox -Identity -OneWinNativeOutlookEnabled <$true | $false> + + +$date = get-date -format "dd-MM-yy" +C:\scripts\disk2vhd\disk2vhd64.exe -h C: \\denby\D$\$env:computername"_"$date".vhdx" -accepteula + +useradd -m -G sudo infotech +su -c "mkdir -p ~/.ssh/" infotech +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPphyoiEH5LFLEHgmtjrT4HmYKsYt/eY19LMvYdYLneI root@SYS-179" >> /home/infotech/.ssh/authorized_keys +chown infotech:infotech /home/infotech/.ssh/authorized_keys +chmod 664 /home/infotech/.ssh/authorized_keys +passwd infotech