| function Connect-EntraIga { | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter(ParameterSetName="All",Mandatory)] | |
| [switch]$All, | |
| [Parameter(ParameterSetName="Graph",Mandatory)] | |
| [switch]$Graph, | |
| [Parameter(ParameterSetName="All")] | |
| [Parameter(ParameterSetName="Graph")] |
The SSH server configuration requires GSSAPIAuthentication yes.
Ref: https://snozzberries.github.io/2023/08/29/powershell-ssh.html
$r=[System.Net.WebRequest]::Create("https://github.com/PowerShell/PowerShell/releases/latest")
$r.AllowAutoRedirect=$false
$r.Method="Head"
| $remoteDomain=@( | |
| "10.0.0.10", | |
| "10.0.0.20", | |
| "domain.local" | |
| ) | |
| function New-Task([int]$index,[string]$target,[int]$port,[scriptblock]$ScriptBlock) | |
| { | |
| $ps = [Management.Automation.PowerShell]::Create() | |
| $res = New-Object PSObject -Property @{ |
| $s='wind\x6f\x77["\x64oc\x75\x6den\x74"\x5d\x2ec\x72\x65a\x74\x65E\x6cemen\x74' | |
| ($s|Select-String -Pattern "([.\\][.x].{2})" -AllMatches).Matches.Value|select -Unique|%{$s=$s.Replace([string]$_,[char]([convert]::ToInt16($_.Substring(2,2),16)))} | |
| #window["document"].createElement |
| #Clean up stopped containers | |
| sudo docker ps -a | grep Exit | cut -d ' ' -f 1 | xargs sudo docker rm |
| #https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-powershell#share-level-permissions-for-all-authenticated-identities | |
| Get-AzStorageAccount|%{ | |
| $x=$_; | |
| $_.AzureFilesIdentityBasedAuth|?{$_.DefaultSharePermission -eq $null}|%{ | |
| Set-AzStorageAccount -DefaultSharePermission "StorageFileDataSmbShareContributor" -ResourceGroupName $x.ResourceGroupName -AccountName $x.StorageAccountName | |
| } | |
| } |
| # Add *.local.ad and 10.*.*.* to Intranet Zones | |
| # Zones Enum https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/security-privacy/ie-security-zones-registry-entries#zones | |
| New-Item -Force -Path 'HKLM:\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains' | |
| New-Item -Force -Path 'HKLM:\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\local.ad' | |
| Set-ItemProperty -Force -Type DWord -Path 'HKLM:\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\local.ad' -Name * -Value 00000001 | |
| New-Item -Force -Path 'HKLM:\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges' | |
| New-Item -Force -Path 'HKLM:\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1' | |
| Set-ItemProperty -Force -Type DWord -Path 'HKLM:\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1' -Name * -Value 00000001 | |
| Set-ItemProperty -Force -Path 'HKLM:\D |
| Import-Module ActiveDirectory | |
| Import-Module DnsServer | |
| Import-Module PKI | |
| Import-Module Microsoft.WSMan.Management | |
| ####################### | |
| ### Once Per Domain ### | |
| ####################### | |
| #Generate a new self-signed wildcard certificate for the domain | |
| $cert = New-SelfSignedCertificate -DnsName "*.$($env:USERDNSDOMAIN)","localhost" -CertStoreLocation Cert:\LocalMachine\My\ -NotAfter (Get-Date).AddYears(5) |
| $remoteDomain=@( | |
| "10.0.0.10", | |
| "10.0.0.20", | |
| "domain.local" | |
| ) | |
| function New-Task([int]$index,[string]$target,[int]$port,[scriptblock]$ScriptBlock) | |
| { | |
| $ps = [Management.Automation.PowerShell]::Create() | |
| $res = New-Object PSObject -Property @{ |
| gci Cert:\LocalMachine\My\ | Select Thumbprint, Subject, @{N="Template";E={($_.Extensions|?{$_.Oid.FriendlyName -eq "Certificate Template Information"}).Format(0)}}|?{$_.Template -like "*RDP NLA*"}|%{& certutil -delstore my $_.Thumbprint} |