Import-Module ActiveDirectory Get-Aduser -Identity xxxxxx Unlock-ADAccount -Identity xxxxxx Set-ADAccountPassword -Identity xxxxxx -NewPassword (ConvertTo-SecureString -AsPlainText "Winter22" -Force) -PassThru Set-Aduser -Identity xxxxxx -ChangePasswordAtLogon $true $userlist = Import-Csv c:\temp\adusers_list-updated.csv foreach ($Account in $userlist) { $Account.samaccountname Set-Aduser -Identity $Account.samaccountname -PasswordNeverExpires $false -ChangePasswordAtLogon $true } //get groups from ad user (Get-ADUser xxxxxxxx –Properties MemberOf).memberof | Get-ADGroup | Select-Object name ------------------------------------------------ ## access exchange Set-ExecutionPolicy RemoteSigned $UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mg-data4.milltech-group.com/PowerShell/ -Authentication Kerberos -Credential $UserCredential Import-PSSession $Session -DisableNameChecking ------------------------------------------------- Fortigate ssh -- like cisco, sort of https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/969597/firewall-address-address6 https://docs.fortinet.com/document/fortigate/7.0.0/cli-reference/254620/config-firewall-address config firewall address edit [NAME] set subnet x.x.x.x x.x.x.x #run install for zabbix agent through powershell c:\zabbix\zabbix_agentd.exe -c c:\zabbix\zabbix_agentd.conf -i # Load Exchange Management Shell PowerShell Snap-In Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | Set-User -RemotePowerShellEnabled $false Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | ft Name,UserPrincipalName Set-User -Identity "userprincipalname" -RemotePowerShellEnabled $true # Allow Remote PowerShell Group $AllowRPSGroup = "MG-AllowRemotePS" # Get all users with enabled Remote PowerShell $AllUsers = Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | select SamAccountName, RemotePowerShellEnabled # Get all users from AllowRPSGroup $AllowUsers = Get-ADGroupMember $AllowRPSGroup -Recursive | ForEach-Object { Get-User -Identity $_.SamAccountName | select SamAccountName, RemotePowerShellEnabled } # Enable Remote PowerShell for allowed users foreach ($AllowUser in $AllowUsers) { if ($AllowUser.RemotePowerShellEnabled -eq $false) { Set-User $AllowUser.SamAccountName -RemotePowerShellEnabled $true } } # Disable Remote PowerShell for all users foreach ($User in $AllUsers) { if ($AllowUsers.SamAccountName -notcontains $User.SamAccountName) { Set-User $User.SamAccountName -RemotePowerShellEnabled $false } } #graylog search NOT srcip:fe80\: AND NOT dstip:128.50.255.255 AND NOT SourceName:IIS AND NOT dstip:255.255.255.255 AND NOT full_message:"The following fatal alert was received: 46." #remote computer management ps compmgmt.msc /computer:SYS-151 e6815f0d6cd00557f1369ba88c43d771f75137a22d49ba02c341d0a136c8c66f dSlesAHo2duNsvel7fUr05tsQz96DO2iLUV7xzeHBvyfNPq7FLODEyVPhHA8hlXWYL50p7WTEf40tyJHuYKuV9H8V3KdMNGb Get-WmiObject Win32_logicaldisk -ComputerName SYS-138 ` | Format-Table DeviceID, ` @{Name="Drive Size(GB)";Expression={[decimal]("{0:N0}" -f($_.size/1gb))}}, ` @{Name="Drive Free Space(GB)";Expression={[decimal]("{0:N0}" -f($_.freespace/1gb))}}, ` @{Name="Drive Free pct";Expression={"{0,6:P0}" -f(($_.freespace/1gb) / ($_.size/1gb))}} ` -AutoSize $output = Get-WmiObject -Query "select * from Win32_Product Where NOT Name Like 'Adobe Acrobat%' AND NOT Name Like 'Office%' AND NOT Name Like 'Auto%' AND NOT Name Like 'Microsoft%' AND NOT Name Like 'Windows%' AND NOT Name Like 'Dell%'" -ComputerName $computer | select InstallDate, Name, Version, PSComputerName | Out-String; $registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', 'SYS-169') $registryKey= $registry.OpenSubKey("Software") Invoke-Command -cn $pcname -ScriptBlock {Get-Itemproperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate } Get-CimInstance -Filter 'NAME LIKE "%1C%"' -ClassName 'Win32_Product' | Select -ExpandProperty 'Version' -------------------------------------------- #kill open files in powershell $sessn = New-CIMSession -Computername mg-hal1 Get-SMBOpenFile -CIMSession $sessn |select ClientUserName,Locks,Path,SessionID,FileID | Out-GridView -PassThru –title “Select Open Files”|Close-SmbOpenFile -CIMSession $sessn -Confirm:$true -Verbose Get-SMBOpenFile -CIMSession $sessn |Where-Object {$_.Path -Like “*.msg*”} |select ClientUserName,Locks,Path,SessionID,FileID | Out-GridView -PassThru –title “Select Open Files”|Close-SmbOpenFile -CIMSession $sessn -Confirm:$true -Verbose Where-Object {$_.Path -Like “*.msg*”} useradd -m -G sudo ansible su -c "mkdir -p ~/.ssh/" ansible echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBX2aDGxUt1lLO4IQf2O0RaAUv+FjX6Dlt68KJTd22pk ansible@ansible" >> /home/ansible/.ssh/authorized_keys chown ansible:ansible /home/ansible/.ssh/authorized_keys chmod 664 /home/ansible/.ssh/authorized_keys echo -e "Include /etc/ssh/sshd_config.d/*.conf\nPort 22\nLoginGraceTime 2m\nPermitRootLogin no\nStrictModes yes\nMaxAuthTries 6\nMaxSessions 10\nPasswordAuthentication no\nPubkeyAuthentication yes\nAllowUsers djorgensen ansible\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nX11Forwarding yes\nPrintMotd no\nAcceptEnv LANG LC_*\nSubsystem sftp /usr/lib/openssh/sftp-server\n" | tee /etc/ssh/sshd_config systemctl restart sshd systemctl status sshd $pcname="sys-155" $list=@() $InstalledSoftwareKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" $InstalledSoftware=[microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$pcname) $RegistryKey=$InstalledSoftware.OpenSubKey($InstalledSoftwareKey) $SubKeys=$RegistryKey.GetSubKeyNames() Foreach ($key in $SubKeys){ $thisKey=$InstalledSoftwareKey+"\\"+$key $thisSubKey=$InstalledSoftware.OpenSubKey($thisKey) $obj = New-Object PSObject $obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $pcname $obj | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $($thisSubKey.GetValue("DisplayName")) $obj | Add-Member -MemberType NoteProperty -Name "DisplayVersion" -Value $($thisSubKey.GetValue("DisplayVersion")) $obj | Add-Member -MemberType NoteProperty -Name "InstallDate" -Value $($thisSubKey.GetValue("InstallDate")) $list += $obj } $list | where { $_.DisplayName } | select ComputerName, DisplayName, DisplayVersion, InstallDate | FT Invoke-Command -cn $pcname -ScriptBlock {Get-Itemproperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate } $program = Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | Get-ItemProperty | Where-Object {$_.DisplayName -match "Autodesk" } | Select-Object -Property DisplayName, Uninstallstring, QuietUninstallString start-process cmd.exe -argumentlist "/c ""$($prog.quietUninstallString) /norestart""" -Wait zabbix token id: zabbix@pam!zabbix secret: ea502580-3891-43ca-bc28-cc613decb475 useradd -m -G sudo ansible su -c "mkdir -p ~/.ssh/" ansible echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBX2aDGxUt1lLO4IQf2O0RaAUv+FjX6Dlt68KJTd22pk ansible@ansible" >> /home/ansible/.ssh/authorized_keys chown ansible:ansible /home/ansible/.ssh/authorized_keys chmod 664 /home/ansible/.ssh/authorized_keys echo -e "Include /etc/ssh/sshd_config.d/*.conf\nPort 22\nLoginGraceTime 2m\nPermitRootLogin no\nStrictModes yes\nMaxAuthTries 6\nMaxSessions 10\nPasswordAuthentication no\nPubkeyAuthentication yes\nAllowUsers djorgensen ansible\nAuthorizedKeysFile .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nX11Forwarding yes\nPrintMotd no\nAcceptEnv LANG LC_*\nSubsystem sftp /usr/lib/openssh/sftp-server\n" | tee /etc/ssh/sshd_config systemctl restart sshd systemctl status sshd apt install sudo -y passwd ansible $computer="MG-ENGINEERING2" $cimSession = New-CimSession -ComputerName $computer -SessionOption (New-CimSessionOption -Protocol Dcom) Invoke-CimMethod -CimSession $cimSession -ClassName Win32_Process -MethodName Create -Arguments @{ commandline = 'C:\Windows\system32\winrm.cmd quickconfig -quiet' } Invoke-CimMethod -CimSession $cimSession -query 'select * from win32_service where name = "winrm"' -MethodName startservice Get-CimInstance -ComputerName $computer -class win32_bios | Select SerialNumber Get-CimInstance Win32_OperatingSystem -ComputerName $computer | Select-Object Caption Get-CimInstance Win32_Processor -ComputerName $computer | Select-Object DeviceID, Name (Get-CimInstance Win32_PhysicalMemory -ComputerName $computer | Measure-Object -Property capacity -Sum).sum /1gb get-ciminstance win32_diskdrive -ComputerName $computer |Select-Object -ExpandProperty Status Invoke-CimMethod -CimSession $cimSession -query 'select * from win32_service where name = "winrm"' -MethodName stopservice Get-CimInstance -Name root\cimv2\power -Class win32_PowerPlan Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName [-ExchangeEnvironmentName ] [-ShowBanner:$false] [-DelegatedOrganization ] [-SkipLoadingFormatData] Set-CASMailbox -Identity -OneWinNativeOutlookEnabled <$true | $false> $date = get-date -format "dd-MM-yy" C:\scripts\disk2vhd\disk2vhd64.exe -h C: \\denby\D$\$env:computername"_"$date".vhdx" -accepteula useradd -m -G sudo infotech su -c "mkdir -p ~/.ssh/" infotech echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPphyoiEH5LFLEHgmtjrT4HmYKsYt/eY19LMvYdYLneI root@SYS-179" >> /home/infotech/.ssh/authorized_keys chown infotech:infotech /home/infotech/.ssh/authorized_keys chmod 664 /home/infotech/.ssh/authorized_keys passwd infotech