djorgensen/pastejunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add pastejunk.txt

Browse Source
This commit is contained in:
djorgensen 2025-11-06 16:27:37 -07:00
commit 9161956fa7
1 changed files with 206 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
pastejunk.txt Normal file
View File

@ -0,0 +1,206 @@
Import-Module ActiveDirectory
Get-Aduser -Identity xxxxxx
Unlock-ADAccount -Identity xxxxxx
Set-ADAccountPassword -Identity xxxxxx -NewPassword (ConvertTo-SecureString -AsPlainText "Winter22" -Force) -PassThru
Set-Aduser -Identity xxxxxx -ChangePasswordAtLogon $true
$userlist = Import-Csv c:\temp\adusers_list-updated.csv
foreach ($Account in $userlist) {
$Account.samaccountname
Set-Aduser -Identity $Account.samaccountname -PasswordNeverExpires $false -ChangePasswordAtLogon $true
}
//get groups from ad user
(Get-ADUser xxxxxxxx Properties MemberOf).memberof | Get-ADGroup | Select-Object name
------------------------------------------------
## access exchange
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mg-data4.milltech-group.com/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session -DisableNameChecking
-------------------------------------------------
Fortigate ssh -- like cisco, sort of
https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/969597/firewall-address-address6
https://docs.fortinet.com/document/fortigate/7.0.0/cli-reference/254620/config-firewall-address
config firewall address
edit [NAME]
set subnet x.x.x.x x.x.x.x
#run install for zabbix agent through powershell
c:\zabbix\zabbix_agentd.exe -c c:\zabbix\zabbix_agentd.conf -i
# Load Exchange Management Shell PowerShell Snap-In
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | Set-User -RemotePowerShellEnabled $false
Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | ft Name,UserPrincipalName
Set-User -Identity "userprincipalname" -RemotePowerShellEnabled $true
# Allow Remote PowerShell Group
$AllowRPSGroup = "MG-AllowRemotePS"
# Get all users with enabled Remote PowerShell
$AllUsers = Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | select SamAccountName, RemotePowerShellEnabled
# Get all users from AllowRPSGroup
$AllowUsers = Get-ADGroupMember $AllowRPSGroup -Recursive | ForEach-Object { Get-User -Identity $_.SamAccountName | select SamAccountName, RemotePowerShellEnabled }
# Enable Remote PowerShell for allowed users
foreach ($AllowUser in $AllowUsers) {
if ($AllowUser.RemotePowerShellEnabled -eq $false) {
Set-User $AllowUser.SamAccountName -RemotePowerShellEnabled $true
}
}
# Disable Remote PowerShell for all users
foreach ($User in $AllUsers) {
if ($AllowUsers.SamAccountName -notcontains $User.SamAccountName) {
Set-User $User.SamAccountName -RemotePowerShellEnabled $false
}
}
#graylog search
NOT srcip:fe80\: AND NOT dstip:128.50.255.255 AND NOT SourceName:IIS AND NOT dstip:255.255.255.255 AND NOT full_message:"The following fatal alert was received: 46."
#remote computer management ps
compmgmt.msc /computer:SYS-151
e6815f0d6cd00557f1369ba88c43d771f75137a22d49ba02c341d0a136c8c66f
dSlesAHo2duNsvel7fUr05tsQz96DO2iLUV7xzeHBvyfNPq7FLODEyVPhHA8hlXWYL50p7WTEf40tyJHuYKuV9H8V3KdMNGb
Get-WmiObject Win32_logicaldisk -ComputerName SYS-138 `
| Format-Table DeviceID, `
@{Name="Drive Size(GB)";Expression={[decimal]("{0:N0}" -f($_.size/1gb))}}, `
@{Name="Drive Free Space(GB)";Expression={[decimal]("{0:N0}" -f($_.freespace/1gb))}}, `
@{Name="Drive Free pct";Expression={"{0,6:P0}" -f(($_.freespace/1gb) / ($_.size/1gb))}} `
-AutoSize
$output = Get-WmiObject -Query "select * from Win32_Product Where NOT Name Like 'Adobe Acrobat%' AND NOT Name Like 'Office%' AND NOT Name Like 'Auto%' AND NOT Name Like 'Microsoft%' AND NOT Name Like 'Windows%' AND NOT Name Like 'Dell%'" -ComputerName $computer | select InstallDate, Name, Version, PSComputerName | Out-String;
$registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', 'SYS-169')
$registryKey= $registry.OpenSubKey("Software")
Invoke-Command -cn $pcname -ScriptBlock {Get-Itemproperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate }
Get-CimInstance -Filter 'NAME LIKE "%1C%"' -ClassName 'Win32_Product' |
Select -ExpandProperty 'Version'
--------------------------------------------
#kill open files in powershell
$sessn = New-CIMSession -Computername mg-hal1
Get-SMBOpenFile -CIMSession $sessn |select ClientUserName,Locks,Path,SessionID,FileID | Out-GridView -PassThru title “Select Open Files”|Close-SmbOpenFile -CIMSession $sessn -Confirm:$true -Verbose
Get-SMBOpenFile -CIMSession $sessn |Where-Object {$_.Path -Like “*.msg*”} |select ClientUserName,Locks,Path,SessionID,FileID | Out-GridView -PassThru title “Select Open Files”|Close-SmbOpenFile -CIMSession $sessn -Confirm:$true -Verbose
Where-Object {$_.Path -Like “*.msg*”}
useradd -m -G sudo ansible
su -c "mkdir -p ~/.ssh/" ansible
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBX2aDGxUt1lLO4IQf2O0RaAUv+FjX6Dlt68KJTd22pk ansible@ansible" >> /home/ansible/.ssh/authorized_keys
chown ansible:ansible /home/ansible/.ssh/authorized_keys
chmod 664 /home/ansible/.ssh/authorized_keys
echo -e "Include /etc/ssh/sshd_config.d/*.conf\nPort 22\nLoginGraceTime 2m\nPermitRootLogin no\nStrictModes yes\nMaxAuthTries 6\nMaxSessions 10\nPasswordAuthentication no\nPubkeyAuthentication yes\nAllowUsers djorgensen ansible\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nX11Forwarding yes\nPrintMotd no\nAcceptEnv LANG LC_*\nSubsystem sftp /usr/lib/openssh/sftp-server\n" | tee /etc/ssh/sshd_config
systemctl restart sshd
systemctl status sshd
$pcname="sys-155"
$list=@()
$InstalledSoftwareKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"
$InstalledSoftware=[microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$pcname)
$RegistryKey=$InstalledSoftware.OpenSubKey($InstalledSoftwareKey)
$SubKeys=$RegistryKey.GetSubKeyNames()
Foreach ($key in $SubKeys){
$thisKey=$InstalledSoftwareKey+"\\"+$key
$thisSubKey=$InstalledSoftware.OpenSubKey($thisKey)
$obj = New-Object PSObject
$obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $pcname
$obj | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $($thisSubKey.GetValue("DisplayName"))
$obj | Add-Member -MemberType NoteProperty -Name "DisplayVersion" -Value $($thisSubKey.GetValue("DisplayVersion"))
$obj | Add-Member -MemberType NoteProperty -Name "InstallDate" -Value $($thisSubKey.GetValue("InstallDate"))
$list += $obj
}
$list | where { $_.DisplayName } | select ComputerName, DisplayName, DisplayVersion, InstallDate | FT
Invoke-Command -cn $pcname -ScriptBlock {Get-Itemproperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate }
$program = Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | Get-ItemProperty | Where-Object {$_.DisplayName -match "Autodesk" } | Select-Object -Property DisplayName, Uninstallstring, QuietUninstallString
start-process cmd.exe -argumentlist "/c ""$($prog.quietUninstallString) /norestart""" -Wait
zabbix
token id: zabbix@pam!zabbix
secret: ea502580-3891-43ca-bc28-cc613decb475
useradd -m -G sudo ansible
su -c "mkdir -p ~/.ssh/" ansible
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBX2aDGxUt1lLO4IQf2O0RaAUv+FjX6Dlt68KJTd22pk ansible@ansible" >> /home/ansible/.ssh/authorized_keys
chown ansible:ansible /home/ansible/.ssh/authorized_keys
chmod 664 /home/ansible/.ssh/authorized_keys
echo -e "Include /etc/ssh/sshd_config.d/*.conf\nPort 22\nLoginGraceTime 2m\nPermitRootLogin no\nStrictModes yes\nMaxAuthTries 6\nMaxSessions 10\nPasswordAuthentication no\nPubkeyAuthentication yes\nAllowUsers djorgensen ansible\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nX11Forwarding yes\nPrintMotd no\nAcceptEnv LANG LC_*\nSubsystem sftp /usr/lib/openssh/sftp-server\n" | tee /etc/ssh/sshd_config
systemctl restart sshd
systemctl status sshd
apt install sudo -y
passwd ansible
$computer="MG-ENGINEERING2"
$cimSession = New-CimSession -ComputerName $computer -SessionOption (New-CimSessionOption -Protocol Dcom)
Invoke-CimMethod -CimSession $cimSession -ClassName Win32_Process -MethodName Create -Arguments @{ commandline = 'C:\Windows\system32\winrm.cmd quickconfig -quiet' }
Invoke-CimMethod -CimSession $cimSession -query 'select * from win32_service where name = "winrm"' -MethodName startservice
Get-CimInstance -ComputerName $computer -class win32_bios | Select SerialNumber
Get-CimInstance Win32_OperatingSystem -ComputerName $computer | Select-Object Caption
Get-CimInstance Win32_Processor -ComputerName $computer | Select-Object DeviceID, Name
(Get-CimInstance Win32_PhysicalMemory -ComputerName $computer | Measure-Object -Property capacity -Sum).sum /1gb
get-ciminstance win32_diskdrive -ComputerName $computer |Select-Object -ExpandProperty Status
Invoke-CimMethod -CimSession $cimSession -query 'select * from win32_service where name = "winrm"' -MethodName stopservice
Get-CimInstance -Name root\cimv2\power -Class win32_PowerPlan
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName <UPN> [-ExchangeEnvironmentName <Value>] [-ShowBanner:$false] [-DelegatedOrganization <String>] [-SkipLoadingFormatData]
Set-CASMailbox -Identity <MailboxIdentity> -OneWinNativeOutlookEnabled <$true | $false>
$date = get-date -format "dd-MM-yy"
C:\scripts\disk2vhd\disk2vhd64.exe -h C: \\denby\D$\$env:computername"_"$date".vhdx" -accepteula
useradd -m -G sudo infotech
su -c "mkdir -p ~/.ssh/" infotech
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPphyoiEH5LFLEHgmtjrT4HmYKsYt/eY19LMvYdYLneI root@SYS-179" >> /home/infotech/.ssh/authorized_keys
chown infotech:infotech /home/infotech/.ssh/authorized_keys
chmod 664 /home/infotech/.ssh/authorized_keys
passwd infotech