btstevens

# List of built-in apps to remove
$UninstallPackages = @(
#"Microsoft.WindowsAlarms"
#"Microsoft.WindowsCalculator"
#"Microsoft.WindowsCamera"
#"AppUp.ThunderboltControlCenter"
"Microsoft.Getstarted"
#"Microsoft.Microsoft3DViewer"
"Clipchamp.Clipchamp"
"Microsoft.WindowsFeedbackHub"

btstevens

# Get the current state of the Yubikey
$yubikey = Get-WMIObject -Class Win32_USBControllerDevice | Where-Object {$_.Dependent -match 'Yubikey'}

# Check if the Yubikey is connected
if ($yubikey -eq $null) {
    # Lock the computer if the Yubikey is not connected
    Start-Process -FilePath "rundll32.exe" -ArgumentList "user32.dll,LockWorkStation"
}

btstevens

$user = $env:USERNAME
$class = Get-Cimclass MSFT_TaskEventTrigger root/Microsoft/Windows/TaskScheduler
$trigger = $class | New-CimInstance -ClientOnly
$trigger.Subscription = '<QueryList><Query><Select Path="Microsoft-Windows-Kernel-PnP/Configuration">*[System[Provider[@Name="Microsoft-Windows-Kernel-PnP"] and EventID=420]]</Select></Query></QueryList>'
 
$ActionParameters = @{
    Execute  = 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
    Argument = 'C:\windows\temp\lock.ps1'
}

btstevens

# List of built-in apps to remove
$UninstallPackages = @(
    # "Microsoft.Getstarted"
    # "Microsoft.GetHelp"
    # "Microsoft.Getstarted"
    # "Microsoft.Microsoft3DViewer"
    # "Microsoft.MicrosoftOfficeHub"
    # "Microsoft.MicrosoftSolitaireCollection"
    # "Microsoft.MixedReality.Portal"
    # "Microsoft.Office.OneNote"

btstevens

# List of built-in apps to remove
$UninstallPackages = @(
    # "Microsoft.Getstarted"
    # "Microsoft.GetHelp"
    # "Microsoft.Getstarted"
    # "Microsoft.Microsoft3DViewer"
    # "Microsoft.MicrosoftOfficeHub"
    # "Microsoft.MicrosoftSolitaireCollection"
    # "Microsoft.MixedReality.Portal"
    # "Microsoft.Office.OneNote"

btstevens

# List of built-in apps to remove
$UninstallPackages = @(
    # "Microsoft.Getstarted"
    # "Microsoft.GetHelp"
    # "Microsoft.Getstarted"
    # "Microsoft.Microsoft3DViewer"
    # "Microsoft.MicrosoftOfficeHub"
    # "Microsoft.MicrosoftSolitaireCollection"
    # "Microsoft.MixedReality.Portal"

btstevens

#add extension attribute in adds
$currUser = Get-ADUser 'brad.stevens' -Properties * -server "demo365lab.net"
$currUser | Set-ADUser -clear msDS-cloudExtensionAttribute1
$currUser | Set-ADUser -Add  @{"msDS-cloudExtensionAttribute1"='google_mailbox'}
#$currUser | Set-ADUser -Add  @{"msDScloudExtensionAttribute1"='microsoft_mailbox'}

$domainpath = “CN=Users,DC=demo365lab,DC=net”
#create groups in adds
new-ADGroup –name "GoogleUsrMBX_M365E3_NoMBX” –groupscope Global –path $domainpath
new-ADGroup –name "M365UserMBX_M365E3_MB” –groupscope Global –path $domainpath

btstevens

$env:JCApiKey = ""
$env:JCOrgId = ""
$policyId = ""

$today = (get-date).tostring("yyyyMMddHHmm")
$outcsvpath = "./"
$outcsv = "JCPolicyResult_" + $policyId + "_"+  $today + '.csv'
$timezone = 'Singapore Standard Time'
$tempdir = "C:\windows\Temp\"

btstevens

$env:JCApiKey = "APIKEYHERE"
$env:JCOrgId = "ORGIDHERE"
$policyId =  "POLICYIDHERE"
$batchSize= 100
$today = (get-date).tostring("yyyyMMddHHmm")
$outcsvpath = "./"
$outcsv = "JCPolicyResult_" + $policyId + "_"+  $today + '.csv'
$timezone = 'Singapore Standard Time'
$tempdir = "C:\windows\Temp\"

btstevens

function Invoke-Shellcode
{
<#
.SYNOPSIS

Inject shellcode into the process ID of your choosing or within the context of the running PowerShell process.

PowerSploit Function: Invoke-Shellcode  
Author: Matthew Graeber (@mattifestation)  
License: BSD 3-Clause