In my lab, I often have the need to quickly set up various servers from scratch. One type of server is an Active Directory Domain Controller. So I slapped together a simple script to completely automate (light touch) the process of setting up a complete AD DC in a new forest. I also did the…
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# Get Network card driver version remotely and only for a specific vendor $cred = Get-Credential domain\user Invoke-Command -Credential $cred -ScriptBlock {Get-WmiObject Win32_PnPSignedDriver -Filter "DeviceClass = 'NET'" | Where-Object devicename -Match qlogic | ft DeviceName,DriverVersion} -ComputerName computernamehere #sample output: #DeviceName DriverVersion #---------- ------------- #QLogic FastLinQ QL45412H 40GbE Adapter (VBD Client) 8.37.6.0 #QLogic FastLinQ QL45412H 40GbE Adapter (VBD Client) 8.37.6.0 #QLogic FastLinQ QL45412H 40GbE Adapter (VBD Client) 8.37.6.0 #QLogic FastLinQ QL45412H 40GbE Adapter (VBD Client) 8.37.6.0 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
<# .SYNOPSIS Create a folder, share it and set permissions for several users or groups .DESCRIPTION Create a folder, share it and set permissions for several users or groups .NOTES File Name : Create-Share.ps1 Author : Jan Ryen (jan@janryen.com) Copyright 2019 - Jan Ryen #> # Which directory do you want the shared folder to be created in $pathname = "D:\Shares" # What is the name of the folder to be created and shared $foldername = "TestFolder" # Set path to be used in Set-Acl $fullpath = "$pathname\$foldername" # Create folder New-Item $fullpath –type directory #Create share and share permissions New-SmbShare -Name "$foldername" -Path $fullpath -CachingMode None -FullAccess "Everyone" #remove NTFS ACL inheretance and leave inherited permissions in place #icacls.exe $fullpath /inheritance:d $acl = Get-Acl $fullpath $acl.SetAccessRuleProtection($true,$true) $acl | Set-Acl $fullpath #Purge unwanted User Permissions # usually a good idea to get rid of CREATOR OWNER and BUILTIN\Users $acl = Get-Acl $fullpath $usersid = New-Object System.Security.Principal.Ntaccount ("CREATOR OWNER") $acl.PurgeAccessRules($usersid) $acl | Set-Acl $fullpath $acl = Get-Acl $fullpath $usersid = New-Object System.Security.Principal.Ntaccount ("BUILTIN\Users") $acl.PurgeAccessRules($usersid) $acl | Set-Acl $fullpath #Define inheretance $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None $acType = [System.Security.AccessControl.AccessControlType]::Allow #foreach $fullControllUsers = "TEST\user1", "TEST\group1" $modifyUsers = "TEST\group2", "TEST\group3", "TEST\group4" foreach ($item in $fullControllUsers) { # add FullControl users $acl = Get-Acl $fullpath $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item,"FullControl", $InheritanceFlag, $PropagationFlag, $acType) $acl.SetAccessRule($AccessRule) $acl | Set-Acl $fullpath } foreach ($item in $modifyUsers) { # add Modify users $acl = Get-Acl $fullpath $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($item, "Modify", $InheritanceFlag, $PropagationFlag, $acType) $acl.SetAccessRule($AccessRule) $acl | Set-Acl $fullpath } #check what we have now Get-Acl $fullpath | Format-Table -Wrap |
Some times the WSUS server on SCCM can stop. If the WSUSPool in IIS Application pools is stopped, WSUS will not function and SCCM will not update any clients. In anticipation of further troubleshooting, here is a workaround script to check the Application Pool and start it if it is not running. This script can…
|
1 2 |
# Ambient temperature for Dell servers with Server Administrator installed $a = get-wmiobject cim_temperaturesensor -namespace root\cimv2\dell; $a.Name + ': ' + ("{0:##}" -f $a.CurrentReading).Substring(0, 2) + ',' + ("{0:##}" -f $a.CurrentReading).Substring(2,1) |
|
1 2 3 4 5 6 7 8 9 10 11 |
<# Fun tip about powershell. You can pipe to the clipboard: #> Get-Help Get-Command | clip #or Get-Help about_Functions_Advanced_Parameters | clip # |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# Get last logged on user on local computer $UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}} $TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}} $TimeProperty = @{n="Time";e={$_.TimeGenerated}} Get-EventLog System -Source Microsoft-Windows-Winlogon | select $UserProperty,$TypeProperty,$TimeProperty | select -First 1 # Get last 100 logged on user entries on local computer $UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}} $TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}} $TimeProperty = @{n="Time";e={$_.TimeGenerated}} Get-EventLog System -Source Microsoft-Windows-Winlogon | select $UserProperty,$TypeProperty,$TimeProperty | select -First 100 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# On a DC, in Powershell: #See all smtp addresses for specific AD User Get-ADObject -Properties proxyAddresses -Filter {samaccountname -eq "ADUserSamAccountName"} | select -ExpandProperty proxyaddresses #See all smtp addresses by searching for parts of an smtp address Get-ADObject -Properties mail, proxyAddresses -Filter {mail -like "*portionOfMailAddress*"} | select -ExpandProperty proxyaddresses # If you have RSAT ( which you should ) on your own PC: #get the credetial of an administrative user $cred = Get-Credential DOMAIN\User # Import the Active Directory Module Import-Module ActiveDirectory #See all smtp addresses for specific AD User Get-ADObject -Credential $cred -Properties proxyAddresses -Filter {samaccountname -eq "ADUserSamAccountName"} | select -ExpandProperty proxyaddresses #See all smtp addresses by searching for parts of an smtp address Get-ADObject -Credential $cred -Properties mail, proxyAddresses -Filter {mail -like "*portionOfMailAddress*"} | select -ExpandProperty proxyaddresses |
::server core always start with powershell ::in cmd type:
|
1 |
powershell |
#After entering powershell, type (or if lazy = ‘copy’ + ‘paste’)
|
1 |
Set-ItemProperty -Path ‘HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon’ -Name Shell -Value PowerShell.exe |
Now you will automatically have powershell open as the shell at logon.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# #Enable remote desktop (Get-WmiObject -Class "Win32_TerminalServiceSetting" -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1) (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1) #Enable PSRemoting Enable-PSRemoting -Force Winrm quickconfig #Set firewall rules Set-NetFirewallRule -DisplayName "Remote Desktop*" -enabled true # |