Jon Bryan jkbryan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define credentials | |
| $AdminCredentials = Get-Credential "myadmin@oholics.net" | |
| # Create the session | |
| $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection | |
| # Import the session | |
| Import-PSSession $Session -DisableNameChecking | |
| # Define the tenant | |
| $MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com" | |
| # Create the label | |
| New-Label -DisplayName "My Label" -Name "My Label" -Comment "This is My Label" -Tooltip "My Label Tooltip" -AdvancedSettings @{color="#32CD32"} |
jkbryan
/ Get-AzureRoleAssignments.ps1
Created
April 12, 2019 20:40
Script to report on all role assignments to a subscription or optionally to look for a named users role assignments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Connect-AzureRmAccount | |
| $Logfile = "C:\Temp\RoleAssignmentsLog.csv" | |
| If (Test-Path $Logfile) { | |
| Clear-Content -Path $Logfile | |
| } | |
| $Subscription1 = "<SubscriptionGUID>" | |
| $Subscription2 = "<SubscriptionGUID>" | |
| Add-Content $Logfile "RG/Subscription,RoleDefinitionName,DisplayName,SignInName,ObjectType" | |
| #Do first subscription top level | |
| Set-AzureRmContext -Subscription $Subscription1 |
jkbryan
/ BACKUP_AND_CLEAR_EVENTLOGS.ps1
Last active
March 11, 2019 09:41
Script to first backup to file, copy to archive(s) and then clear Windows security event logs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( | |
| $computer, | |
| [switch]$clear | |
| ) | |
| Function DeleteOldEventLogs { | |
| # Clear old local log files - 7 days kept | |
| $LogdateFormat = "dd-MM-yyyy" | |
| $Logdate = Get-Date -Format $LogdateFormat | |
| $CleanupExec = "C:\BackupScript\DELETEOLD.PS1 -folderpath C:\Event_Logs -fileage 7 -logfile C:\Event_Logs\leanupLog_$Logdate.txt -verboselog" | |
| Invoke-Expression $CleanupExec |
jkbryan
/ LogParser-Files-User.sql
Created
March 9, 2019 22:00
Find strings like 'jon' or 'dave' in the exported security event log(s) held in C;\TEMP\logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT * INTO C:\TEMP\Output\output.csv | |
| FROM C:\TEMP\Logs\* | |
| WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND | |
| ( Strings LIKE '%jon%' OR strings LIKE '%dave%') |
jkbryan
/ LogParser-Servers-User.sql
Created
March 8, 2019 21:09
Find strings like 'jon' or 'dave' in the security event log of the servers named DC01.OHOLICS.NET, DC03.OHOLICS.NET and DC03.OHOLICS.NET
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT * INTO C:\TEMP\Output\output.csv | |
| FROM \\DC01.OHOLICS.NET\security;\\DC02.OHOLICS.NET\security;\\DC03.OHOLICS.NET\security | |
| WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND | |
| ( Strings LIKE '%jon%' OR strings LIKE '%dave%') |
jkbryan
/ LogParser-Server-User.sql
Created
March 8, 2019 11:25
Find strings like 'jon' or 'dave' in the security event log of a server named DC01.OHOLICS.NET
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT * INTO C:\TEMP\Output\output.csv | |
| FROM \\DC01.OHOLICS.NET\security | |
| WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND | |
| ( Strings LIKE '%jon%' OR strings LIKE '%dave%') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT | |
| EventLog, | |
| RecordNumber, | |
| TimeGenerated, | |
| TimeWritten, | |
| EventID, | |
| EventType, | |
| EventTypeName, | |
| EventCategory, | |
| EventCategoryName, |
jkbryan
/ Get-AzureNSGs.ps1
Last active
February 8, 2019 21:21
A script to present Azure NSG's into a csv file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Connect-AzureRmAccount | |
| $Subscription = "<Subscription-GUID>" | |
| $LogFile = "C:\<PATH>\NSGs.csv" | |
| If (Test-Path $Logfile) { | |
| Clear-Content -Path $Logfile | |
| } | |
| Add-Content $LogFile "nsg,rule,protocol,SourcePortRange,DestinationPortRange,SourceAddressPrefix,DestinationAddressPrefix,SourceApplicationSecurityGroups,DestinationApplicationSecurityGroups,Access,Priority,Direction" | |
| Set-AzureRmContext -Subscription $Subscription | |
| $NSGs = Get-AzureRmNetworkSecurityGroup | |
| foreach ($nsg in $NSGs) { |
jkbryan
/ ConnectToAzureADOrAzureRM.ps1
Created
January 30, 2019 23:19
Use the Service Principle created previosly to connect to services - Azure AD and AzureRM as examples
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TenantId = "<AzureADTenantID>" | |
| $ApplicationId = "<AppID>" | |
| $Cert=Get-ChildItem cert:\CurrentUser\My\"<CertificateThumbprint>" | |
| # Connect to Azure AD: | |
| Connect-AzureAD -TenantId $TenantId -ApplicationId $ApplicationId -CertificateThumbprint $Cert.Thumbprint | |
| # e.g. Get-AzureADUsers | |
| # Connect to AzureRM: | |
| Connect-AzureRmAccount -CertificateThumbprint $Cert.Thumbprint -ApplicationId $ApplicationId -Tenant $TenantId -ServicePrincipal | |
| # e.g. Get-AzureRMResourceGroup |
jkbryan
/ CreateAzureServicePrinciple.ps1
Last active
January 30, 2019 23:14
Creates an Azure Service Principle named <AppName> in the Subscription
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Subscription = "<Subscription-GUID>" | |
| $PathToPFXCertificate = "C:\<PATH>\<CertName>.pfx" | |
| $PFXPassword = "<Password>" | |
| $CertPassword = ConvertTo-SecureString $PFXPassword -AsPlainText -Force | |
| $ApplicationName = "<AppName>" | |
| Import-Module AzureRM.Resources | |
| Connect-AzureRmAccount | |
| Set-AzureRmContext -Subscription $Subscription | |
| $PFXCert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @($PathToPFXCertificate, $CertPassword) | |
| $KeyValue = [System.Convert]::ToBase64String($PFXCert.GetRawCertData()) |