Skip to content

Instantly share code, notes, and snippets.

Daniel Streefkerk dstreefkerk

View GitHub Profile
@dstreefkerk
dstreefkerk / Disable NIC(s) upon Workstation Lock.xml
Created Oct 20, 2017
Scheduled Task export that disables all NICs when the workstation lock event is registered
View Disable NIC(s) upon Workstation Lock.xml
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2017-10-20T11:25:53.3600985</Date>
<Author>danielstreefkerk</Author>
<Description>This event disables all NICs when the workstation lock event (4800) is detected in the security log.
It won't work without Success auditing of Other Logon/Logoff events being enabled.</Description>
<URI>\Disable NIC(s) upon Workstation Lock</URI>
</RegistrationInfo>
@dstreefkerk
dstreefkerk / ADScript.asp
Last active Sep 28, 2017
Freshservice Simple SSO Script
View ADScript.asp
<!--#include file="Constants.asp"-->
<%
' VERSION 1.0.0
' Simple SSO based on Classic ASP hosted on IIS.
'----------------------------------------------------------------
' VERSION 1.0.1
' Debugging information added.
'----------------------------------------------------------------
' VERSION 1.0.2
' Pass through functionality added.
@dstreefkerk
dstreefkerk / Get-ForwardedAppLockerLogs.ps1
Created Jun 22, 2017
Pull AppLocker logs out of the Forwarded Logs folder on a Windows Event Collector, and present them in a GridView
View Get-ForwardedAppLockerLogs.ps1
Function Get-AppLockerLogs {
$filter = '
<QueryList>
<Query Id="0" Path="ForwardedEvents">
<Select Path="ForwardedEvents">*[System[Provider[@Name="Microsoft-Windows-AppLocker"] and (Level=2 or Level=3)]]</Select>
</Query>
</QueryList>
'
$data = Get-WinEvent -FilterXml $filter -Oldest
@dstreefkerk
dstreefkerk / Remove-OldPrintJobs.ps1
Created Jun 16, 2017
A quick PowerShell script to remove stale print jobs
View Remove-OldPrintJobs.ps1
# Jobs older than the below time will be deleted
$thresholdTime = (Get-Date).AddDays(-1)
# Get all current print jobs
$printJobs = Get-WmiObject Win32_PrintJob
ForEach ($printJob in $printJobs) {
# Convert the weird WMI time to a proper .NET DateTime object
$jobTime = [System.Management.ManagementDateTimeConverter]::ToDateTime($printJob.TimeSubmitted)
@dstreefkerk
dstreefkerk / unattend.xml
Created Jun 7, 2017
Australia/Sydney regional settings Unattend.xml file for Windows 10 1703
View unattend.xml
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-AU</UILanguage>
</SetupUILanguage>
<InputLocale>0c09:00000409</InputLocale>
<UserLocale>en-AU</UserLocale>
<SystemLocale>en-AU</SystemLocale>
@dstreefkerk
dstreefkerk / Parse-HibpJson.ps1
Last active Oct 10, 2018
Convert a Have I Been Pwned JSON file into CSV after cross-referencing with Active Directory
View Parse-HibpJson.ps1
#requires -version 3
<#
.SYNOPSIS
Parse-HibpJson - Checks Active Directory for matching users, outputs info as objects
.DESCRIPTION
Cross-checks Active Directory for matching aliases from a HIBP breach JSON file, and then
lists the matching users and which breaches they were involved in.
Designed to be output to CSV for easy consumption in Excel with one breach per column
@dstreefkerk
dstreefkerk / Get-RandomPassword.ps1
Last active Dec 20, 2018
A quick function to replicate some of the functionality of http://correcthorsebatterystaple.net/
View Get-RandomPassword.ps1
function Get-RandomPassword {
[OutputType([string])]
Param
(
[int]
$Count = 1,
[string]
$Separator = '-'
@dstreefkerk
dstreefkerk / Create-LocalAdminUser.ps1
Last active Mar 22, 2017
Creates a backup local admin user with a random password. Designed for use with Microsoft LAPS. Should be run as a computer logon script.
View Create-LocalAdminUser.ps1
# The name of the account
$accountName = 'LocalAdmin'
$accountFullName = 'Local Administrator'
$accountComment = 'Backup Local Administrator Account'
# Any users listed here will be disabled by this script
$usersToDisable = 'Administrator','Guest'
# Set up some Event Log stuff
$sourceName = "$($MyInvocation.MyCommand.Name).ps1"
@dstreefkerk
dstreefkerk / Schedule-ChocoUpgradeAll.ps1
Last active Apr 2, 2019
PowerShell script to create a scheduled task that runs a choco upgrade all at machine startup
View Schedule-ChocoUpgradeAll.ps1
# See if choco.exe is available. If not, stop execution
$chocoCmd = Get-Command -Name 'choco' -ErrorAction SilentlyContinue -WarningAction SilentlyContinue | Select-Object -ExpandProperty Source
if ($chocoCmd -eq $null) { break }
# Settings for the scheduled task
$taskAction = New-ScheduledTaskAction –Execute $chocoCmd -Argument 'upgrade all -y'
$taskTrigger = New-ScheduledTaskTrigger -AtStartup
$taskUserPrincipal = New-ScheduledTaskPrincipal -UserId 'SYSTEM'
$taskSettings = New-ScheduledTaskSettingsSet -Compatibility Win8
@dstreefkerk
dstreefkerk / Get-PerformanceCounter.ps1
Created Feb 18, 2016
A quick PowerShell function to extract Windows' list of performance counters and their corresponding IDs
View Get-PerformanceCounter.ps1
function Get-PerformanceCounter
{
# Get the Performance Counters from the Registry
$counters = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009' -Name 'counter' | Select-Object -ExpandProperty Counter
# Remove the last line
$counters = $counters | Select-Object -SkipLast 1
# Split the string into an array
$counters = $counters.Split([Environment]::NewLine)
You can’t perform that action at this time.