Sascha Stumpler SasStu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $AdminAccountName = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Policies\LAPS' -Name 'AdministratorAccountName' -ErrorAction SilentlyContinue).AdministratorAccountName | |
| $item = Get-LocalUser -Name $AdminAccountName -ErrorAction SilentlyContinue | |
| if ($null -eq $item -and $null -ne $AdminAccountName -and ((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\LAPS' -Name 'BackupDirectory' -ErrorAction SilentlyContinue).BackupDirectory) -ne '0' -and (Get-Item -Path ($env:windir + '\system32\laps.dll') -ErrorAction SilentlyContinue)) { | |
| exit 1 | |
| }else{ | |
| Write-Output "User exists" | |
| exit 0 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-LocalPrincipal { | |
| [CmdletBinding()] | |
| param( | |
| # SID of the local object to determine the localized name of | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $SID | |
| ) | |
| begin { | |
| Write-Verbose -Message "Start function: $($MyInvocation.MyCommand.Name)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-LocalUserAccount { | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter( | |
| ValueFromPipeline = $true, | |
| ValueFromPipelineByPropertyName = $true | |
| )] | |
| [string[]] $Computer = $env:COMPUTERNAME, | |
SasStu
/ AAD-Group-Query-Lenovo-Windows10
Last active
July 8, 2019 15:26
Master-Client-LenovoVantage-Intune
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (device.deviceOSVersion -startsWith "10.0") -and (device.DeviceOSType -startsWith "Windows") -and (device.managementType -eq "MDM") -and (device.deviceManufacturer -contains "Lenovo") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <QueryList> | |
| <Query Id="0" Path="Microsoft-Windows-Windows Defender/Operational"> | |
| <Select Path="Microsoft-Windows-Windows Defender/Operational">*[System[(EventID=1121 or EventID=1122)]]</Select> | |
| <Select Path="Microsoft-Windows-Windows Defender/WHC">*[System[(EventID=1121 or EventID=1122)]]</Select> | |
| </Query> | |
| </QueryList> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-OrphanedADML -Path 'C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803)' | Remove-Item -Force -Verbose |
SasStu
/ Import-GPOBaselines.ps1
Last active
October 18, 2020 23:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Modules GPWMIFilter | |
| #Source: https://gallery.technet.microsoft.com/scriptcenter/Group-Policy-WMI-filter-38a188f3 | |
| function Import-GPOBaselines { | |
| param( | |
| # Specifies a path to one or more locations. | |
| [Parameter(Mandatory = $true, | |
| Position = 0, | |
| ValueFromPipeline = $true, | |
| ValueFromPipelineByPropertyName = $true, | |
| HelpMessage = "Path to the folder containing the exported GPO baseline folder.")] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Export-VM -VM ((Get-VMTopology).Environment | where-object -property name -eq 'LAB').VM |
SasStu
/ Remediation.ps1
Created
April 19, 2018 12:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-LocalUserAccount { | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter( | |
| ValueFromPipeline = $true, | |
| ValueFromPipelineByPropertyName = $true | |
| )] | |
| [string] $Computer = $env:COMPUTERNAME, |
SasStu
/ Detection.ps1
Last active
April 19, 2018 12:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-LocalUserAccount { | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter( | |
| ValueFromPipeline = $true, | |
| ValueFromPipelineByPropertyName = $true | |
| )] | |
| [string[]] $Computer = $env:COMPUTERNAME, |