Skip to content

Instantly share code, notes, and snippets.

Jon Bryan jkbryan

Block or report user

Report or block jkbryan

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@jkbryan
jkbryan / Get-AzureRoleAssignments.ps1
Created Apr 12, 2019
Script to report on all role assignments to a subscription or optionally to look for a named users role assignments.
View Get-AzureRoleAssignments.ps1
Connect-AzureRmAccount
$Logfile = "C:\Temp\RoleAssignmentsLog.csv"
If (Test-Path $Logfile) {
Clear-Content -Path $Logfile
}
$Subscription1 = "<SubscriptionGUID>"
$Subscription2 = "<SubscriptionGUID>"
Add-Content $Logfile "RG/Subscription,RoleDefinitionName,DisplayName,SignInName,ObjectType"
#Do first subscription top level
Set-AzureRmContext -Subscription $Subscription1
@jkbryan
jkbryan / BACKUP_AND_CLEAR_EVENTLOGS.ps1
Last active Mar 11, 2019
Script to first backup to file, copy to archive(s) and then clear Windows security event logs.
View BACKUP_AND_CLEAR_EVENTLOGS.ps1
Param(
$computer,
[switch]$clear
)
Function DeleteOldEventLogs {
# Clear old local log files - 7 days kept
$LogdateFormat = "dd-MM-yyyy"
$Logdate = Get-Date -Format $LogdateFormat
$CleanupExec = "C:\BackupScript\DELETEOLD.PS1 -folderpath C:\Event_Logs -fileage 7 -logfile C:\Event_Logs\leanupLog_$Logdate.txt -verboselog"
Invoke-Expression $CleanupExec
@jkbryan
jkbryan / LogParser-Files-User.sql
Created Mar 9, 2019
Find strings like 'jon' or 'dave' in the exported security event log(s) held in C;\TEMP\logs
View LogParser-Files-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM C:\TEMP\Logs\*
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
( Strings LIKE '%jon%' OR strings LIKE '%dave%')
@jkbryan
jkbryan / LogParser-Servers-User.sql
Created Mar 8, 2019
Find strings like 'jon' or 'dave' in the security event log of the servers named DC01.OHOLICS.NET, DC03.OHOLICS.NET and DC03.OHOLICS.NET
View LogParser-Servers-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM \\DC01.OHOLICS.NET\security;\\DC02.OHOLICS.NET\security;\\DC03.OHOLICS.NET\security
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
( Strings LIKE '%jon%' OR strings LIKE '%dave%')
@jkbryan
jkbryan / LogParser-Server-User.sql
Created Mar 8, 2019
Find strings like 'jon' or 'dave' in the security event log of a server named DC01.OHOLICS.NET
View LogParser-Server-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM \\DC01.OHOLICS.NET\security
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
( Strings LIKE '%jon%' OR strings LIKE '%dave%')
@jkbryan
jkbryan / LogParserRedaction.sql
Last active Mar 7, 2019
LogParserRedactionSQL
View LogParserRedaction.sql
SELECT
EventLog,
RecordNumber,
TimeGenerated,
TimeWritten,
EventID,
EventType,
EventTypeName,
EventCategory,
EventCategoryName,
@jkbryan
jkbryan / Get-AzureNSGs.ps1
Last active Feb 8, 2019
A script to present Azure NSG's into a csv file
View Get-AzureNSGs.ps1
Connect-AzureRmAccount
$Subscription = "<Subscription-GUID>"
$LogFile = "C:\<PATH>\NSGs.csv"
If (Test-Path $Logfile) {
Clear-Content -Path $Logfile
}
Add-Content $LogFile "nsg,rule,protocol,SourcePortRange,DestinationPortRange,SourceAddressPrefix,DestinationAddressPrefix,SourceApplicationSecurityGroups,DestinationApplicationSecurityGroups,Access,Priority,Direction"
Set-AzureRmContext -Subscription $Subscription
$NSGs = Get-AzureRmNetworkSecurityGroup
foreach ($nsg in $NSGs) {
@jkbryan
jkbryan / Get-AzureRoutes.ps1
Created Feb 8, 2019
A script to present Azure Route Tables into a csv file
View Get-AzureRoutes.ps1
Connect-AzureRmAccount
$Subscription = "<Subscription-GUID>"
$LogFile = "C:\<PATH>\RouteTables.csv"
If (Test-Path $Logfile) {
Clear-Content -Path $Logfile
}
Add-Content $Logfile "Name,ResourceGroupName,Location,RouteName,Id,Etag,ProvisioningState,AddressPrefix,NextHopType,NextHopIpAddress"
Set-AzureRmContext -Subscription $Subscription
$RTs = Get-AzureRmRouteTable
ForEach ($RT in $RTs) {
@jkbryan
jkbryan / ConnectToAzureADOrAzureRM.ps1
Created Jan 30, 2019
Use the Service Principle created previosly to connect to services - Azure AD and AzureRM as examples
View ConnectToAzureADOrAzureRM.ps1
$TenantId = "<AzureADTenantID>"
$ApplicationId = "<AppID>"
$Cert=Get-ChildItem cert:\CurrentUser\My\"<CertificateThumbprint>"
# Connect to Azure AD:
Connect-AzureAD -TenantId $TenantId -ApplicationId $ApplicationId -CertificateThumbprint $Cert.Thumbprint
# e.g. Get-AzureADUsers
# Connect to AzureRM:
Connect-AzureRmAccount -CertificateThumbprint $Cert.Thumbprint -ApplicationId $ApplicationId -Tenant $TenantId -ServicePrincipal
# e.g. Get-AzureRMResourceGroup
@jkbryan
jkbryan / GrantServicePrincipleAzureSubscriptionReadAccess.ps1
Created Jan 30, 2019
Grants an Azure Service Principle READ access to the Subscription
View GrantServicePrincipleAzureSubscriptionReadAccess.ps1
$Subscription = "<Subscription-GUID>"
$ApplicationName = "<AppName>"
$ServicePrincipal = Get-AzureRMADServicePrincipal -DisplayName $ApplicationName
Set-AzureRmContext -Subscription $Subscription
$NewRole = $null
$Retries = 0;
While ($NewRole -eq $null -and $Retries -le 6) {
Sleep 15
New-AzureRMRoleAssignment -ResourceGroupName -RoleDefinitionName Reader -ServicePrincipalName $ServicePrincipal.ApplicationId | Write-Verbose -ErrorAction SilentlyContinue
$NewRole = Get-AzureRMRoleAssignment -ObjectId $ServicePrincipal.Id -ErrorAction SilentlyContinue
You can’t perform that action at this time.