pastejunk/pastejunk.txt

Import-Module ActiveDirectory

Get-Aduser -Identity xxxxxx

Unlock-ADAccount -Identity xxxxxx

Set-ADAccountPassword -Identity xxxxxx -NewPassword (ConvertTo-SecureString -AsPlainText "Winter22" -Force) -PassThru
Set-Aduser -Identity xxxxxx -ChangePasswordAtLogon $true


$userlist = Import-Csv c:\temp\adusers_list-updated.csv 
foreach ($Account in $userlist) {
    $Account.samaccountname
Set-Aduser -Identity $Account.samaccountname -PasswordNeverExpires $false -ChangePasswordAtLogon $true
}


//get groups from ad user
(Get-ADUser xxxxxxxx –Properties MemberOf).memberof | Get-ADGroup | Select-Object name

------------------------------------------------
## access exchange
 Set-ExecutionPolicy RemoteSigned

 $UserCredential = Get-Credential

 $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mg-data4.milltech-group.com/PowerShell/ -Authentication Kerberos -Credential $UserCredential

 Import-PSSession $Session -DisableNameChecking

-------------------------------------------------

Fortigate ssh -- like cisco, sort of
https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/969597/firewall-address-address6
https://docs.fortinet.com/document/fortigate/7.0.0/cli-reference/254620/config-firewall-address

config firewall address
edit [NAME]
set subnet x.x.x.x x.x.x.x

#run install for zabbix agent through powershell
c:\zabbix\zabbix_agentd.exe -c c:\zabbix\zabbix_agentd.conf -i


# Load Exchange Management Shell PowerShell Snap-In
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | Set-User -RemotePowerShellEnabled $false
Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | ft Name,UserPrincipalName
Set-User -Identity "userprincipalname" -RemotePowerShellEnabled $true



# Allow Remote PowerShell Group
$AllowRPSGroup = "MG-AllowRemotePS"

# Get all users with enabled Remote PowerShell
$AllUsers = Get-User -ResultSize Unlimited -Filter 'RemotePowerShellEnabled -eq $true' | select SamAccountName, RemotePowerShellEnabled

# Get all users from AllowRPSGroup
$AllowUsers = Get-ADGroupMember $AllowRPSGroup -Recursive | ForEach-Object { Get-User -Identity $_.SamAccountName | select SamAccountName, RemotePowerShellEnabled }

# Enable Remote PowerShell for allowed users
foreach ($AllowUser in $AllowUsers) {
    if ($AllowUser.RemotePowerShellEnabled -eq $false) {
        Set-User $AllowUser.SamAccountName -RemotePowerShellEnabled $true
    }
}

# Disable Remote PowerShell for all users
foreach ($User in $AllUsers) {
    if ($AllowUsers.SamAccountName -notcontains $User.SamAccountName) {
        Set-User $User.SamAccountName -RemotePowerShellEnabled $false
    }
}



#graylog search
NOT srcip:fe80\: AND NOT dstip:128.50.255.255 AND NOT SourceName:IIS AND NOT dstip:255.255.255.255 AND NOT full_message:"The following fatal alert was received: 46."

#remote computer management ps
compmgmt.msc /computer:SYS-151

e6815f0d6cd00557f1369ba88c43d771f75137a22d49ba02c341d0a136c8c66f
dSlesAHo2duNsvel7fUr05tsQz96DO2iLUV7xzeHBvyfNPq7FLODEyVPhHA8hlXWYL50p7WTEf40tyJHuYKuV9H8V3KdMNGb


Get-WmiObject Win32_logicaldisk -ComputerName SYS-138 `
| Format-Table DeviceID, `
@{Name="Drive Size(GB)";Expression={[decimal]("{0:N0}" -f($_.size/1gb))}}, `
@{Name="Drive Free Space(GB)";Expression={[decimal]("{0:N0}" -f($_.freespace/1gb))}}, `
@{Name="Drive Free pct";Expression={"{0,6:P0}" -f(($_.freespace/1gb) / ($_.size/1gb))}} `
-AutoSize


$output = Get-WmiObject -Query "select * from Win32_Product Where NOT Name Like 'Adobe Acrobat%' AND NOT Name Like 'Office%' AND NOT Name Like 'Auto%' AND NOT Name Like 'Microsoft%' AND NOT Name Like 'Windows%' AND NOT Name Like 'Dell%'" -ComputerName $computer | select InstallDate, Name, Version, PSComputerName | Out-String;


$registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', 'SYS-169')
$registryKey= $registry.OpenSubKey("Software")
Invoke-Command -cn $pcname -ScriptBlock {Get-Itemproperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate }


Get-CimInstance -Filter 'NAME LIKE "%1C%"' -ClassName 'Win32_Product' | 
    Select -ExpandProperty 'Version'

--------------------------------------------

#kill open files in powershell
$sessn = New-CIMSession -Computername mg-hal1
Get-SMBOpenFile -CIMSession $sessn |select ClientUserName,Locks,Path,SessionID,FileID | Out-GridView -PassThru –title “Select Open Files”|Close-SmbOpenFile -CIMSession $sessn -Confirm:$true -Verbose


Get-SMBOpenFile -CIMSession $sessn |Where-Object {$_.Path -Like “*.msg*”} |select ClientUserName,Locks,Path,SessionID,FileID | Out-GridView -PassThru –title “Select Open Files”|Close-SmbOpenFile -CIMSession $sessn -Confirm:$true -Verbose

Where-Object {$_.Path -Like “*.msg*”}


useradd -m -G sudo ansible
su -c "mkdir -p ~/.ssh/" ansible
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBX2aDGxUt1lLO4IQf2O0RaAUv+FjX6Dlt68KJTd22pk ansible@ansible" >> /home/ansible/.ssh/authorized_keys
chown ansible:ansible /home/ansible/.ssh/authorized_keys
chmod 664 /home/ansible/.ssh/authorized_keys 
echo -e "Include /etc/ssh/sshd_config.d/*.conf\nPort 22\nLoginGraceTime 2m\nPermitRootLogin no\nStrictModes yes\nMaxAuthTries 6\nMaxSessions 10\nPasswordAuthentication no\nPubkeyAuthentication yes\nAllowUsers djorgensen ansible\nAuthorizedKeysFile      .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nX11Forwarding yes\nPrintMotd no\nAcceptEnv LANG LC_*\nSubsystem       sftp    /usr/lib/openssh/sftp-server\n" | tee /etc/ssh/sshd_config
systemctl restart sshd
systemctl status sshd



$pcname="sys-155"
$list=@()
$InstalledSoftwareKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"
$InstalledSoftware=[microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$pcname)
$RegistryKey=$InstalledSoftware.OpenSubKey($InstalledSoftwareKey) 
$SubKeys=$RegistryKey.GetSubKeyNames()
Foreach ($key in $SubKeys){
$thisKey=$InstalledSoftwareKey+"\\"+$key
$thisSubKey=$InstalledSoftware.OpenSubKey($thisKey)
$obj = New-Object PSObject
$obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $pcname
$obj | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $($thisSubKey.GetValue("DisplayName"))
$obj | Add-Member -MemberType NoteProperty -Name "DisplayVersion" -Value $($thisSubKey.GetValue("DisplayVersion"))
$obj | Add-Member -MemberType NoteProperty -Name "InstallDate" -Value $($thisSubKey.GetValue("InstallDate"))
$list += $obj
}
$list | where { $_.DisplayName } | select ComputerName, DisplayName, DisplayVersion, InstallDate | FT


Invoke-Command -cn $pcname -ScriptBlock {Get-Itemproperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate }


$program = Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | Get-ItemProperty | Where-Object {$_.DisplayName -match "Autodesk" } | Select-Object -Property DisplayName, Uninstallstring, QuietUninstallString 

start-process cmd.exe -argumentlist "/c ""$($prog.quietUninstallString) /norestart""" -Wait



zabbix 
token id: zabbix@pam!zabbix
secret: ea502580-3891-43ca-bc28-cc613decb475


useradd -m -G sudo ansible
su -c "mkdir -p ~/.ssh/" ansible
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBX2aDGxUt1lLO4IQf2O0RaAUv+FjX6Dlt68KJTd22pk ansible@ansible" >> /home/ansible/.ssh/authorized_keys
chown ansible:ansible /home/ansible/.ssh/authorized_keys
chmod 664 /home/ansible/.ssh/authorized_keys 
echo -e "Include /etc/ssh/sshd_config.d/*.conf\nPort 22\nLoginGraceTime 2m\nPermitRootLogin no\nStrictModes yes\nMaxAuthTries 6\nMaxSessions 10\nPasswordAuthentication no\nPubkeyAuthentication yes\nAllowUsers djorgensen ansible\nAuthorizedKeysFile      .ssh/authorized_keys\nChallengeResponseAuthentication no\nUsePAM yes\nX11Forwarding yes\nPrintMotd no\nAcceptEnv LANG LC_*\nSubsystem       sftp    /usr/lib/openssh/sftp-server\n" | tee /etc/ssh/sshd_config
systemctl restart sshd
systemctl status sshd
apt install sudo -y
passwd ansible





$computer="MG-ENGINEERING2"
$cimSession = New-CimSession -ComputerName $computer -SessionOption (New-CimSessionOption -Protocol Dcom)
Invoke-CimMethod -CimSession $cimSession -ClassName Win32_Process -MethodName Create -Arguments @{ commandline = 'C:\Windows\system32\winrm.cmd quickconfig -quiet' }
Invoke-CimMethod -CimSession $cimSession -query 'select * from win32_service where name = "winrm"' -MethodName startservice
Get-CimInstance -ComputerName $computer -class win32_bios | Select SerialNumber
Get-CimInstance Win32_OperatingSystem -ComputerName $computer | Select-Object Caption
Get-CimInstance Win32_Processor -ComputerName $computer | Select-Object DeviceID, Name
(Get-CimInstance Win32_PhysicalMemory -ComputerName $computer | Measure-Object -Property capacity -Sum).sum /1gb
get-ciminstance win32_diskdrive -ComputerName $computer |Select-Object -ExpandProperty Status
Invoke-CimMethod -CimSession $cimSession -query 'select * from win32_service where name = "winrm"' -MethodName stopservice


 Get-CimInstance -Name root\cimv2\power -Class win32_PowerPlan 

Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName <UPN> [-ExchangeEnvironmentName <Value>] [-ShowBanner:$false] [-DelegatedOrganization <String>] [-SkipLoadingFormatData]

Set-CASMailbox -Identity <MailboxIdentity> -OneWinNativeOutlookEnabled <$true | $false>


$date = get-date -format "dd-MM-yy"
C:\scripts\disk2vhd\disk2vhd64.exe -h C: \\denby\D$\$env:computername"_"$date".vhdx" -accepteula

useradd -m -G sudo infotech
su -c "mkdir -p ~/.ssh/" infotech
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPphyoiEH5LFLEHgmtjrT4HmYKsYt/eY19LMvYdYLneI root@SYS-179" >> /home/infotech/.ssh/authorized_keys
chown infotech:infotech /home/infotech/.ssh/authorized_keys
chmod 664 /home/infotech/.ssh/authorized_keys 
passwd infotech