View CreateServicePrinciple.ps1
# Login first | |
Login-AzAccount | |
# Note that you can optionally assign an Azure role on creation, | |
# define the context prior to SP creation, using Set-AzContext | |
# | |
# Create Service Principle | |
$sp = New-AzADServicePrincipal -Role Reader -DisplayName "MyServicePrinciple" | |
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret) | |
$UnsecureSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) | |
# Write out the password for the SP. Make sure you keep a secure copy of this output! |
View Correct-UL-Label-Priority.ps1
# Define credentials | |
$AdminCredentials = Get-Credential "myadmin@oholics.net" | |
# Create the session | |
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection | |
# Import the session | |
Import-PSSession $Session -DisableNameChecking | |
# Define the tenant | |
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com" | |
# Get the priorities of all labels | |
$a=Get-Label |
View Create-UL-Policy.ps1
# Define credentials | |
$AdminCredentials = Get-Credential "myadmin@oholics.net" | |
# Create the session | |
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection | |
# Import the session | |
Import-PSSession $Session -DisableNameChecking | |
# Define the tenant | |
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com" | |
# Get the labels to add to the policy | |
$Label1=Get-Label -Identity "CN=My Label,$MyTenant" |
View Create-UL-Label.ps1
# Define credentials | |
$AdminCredentials = Get-Credential "myadmin@oholics.net" | |
# Create the session | |
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection | |
# Import the session | |
Import-PSSession $Session -DisableNameChecking | |
# Define the tenant | |
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com" | |
# Create the label | |
New-Label -DisplayName "My Label" -Name "My Label" -Comment "This is My Label" -Tooltip "My Label Tooltip" -AdvancedSettings @{color="#32CD32"} |
View Get-AzureRoleAssignments.ps1
Connect-AzureRmAccount | |
$Logfile = "C:\Temp\RoleAssignmentsLog.csv" | |
If (Test-Path $Logfile) { | |
Clear-Content -Path $Logfile | |
} | |
$Subscription1 = "<SubscriptionGUID>" | |
$Subscription2 = "<SubscriptionGUID>" | |
Add-Content $Logfile "RG/Subscription,RoleDefinitionName,DisplayName,SignInName,ObjectType" | |
#Do first subscription top level | |
Set-AzureRmContext -Subscription $Subscription1 |
View BACKUP_AND_CLEAR_EVENTLOGS.ps1
Param( | |
$computer, | |
[switch]$clear | |
) | |
Function DeleteOldEventLogs { | |
# Clear old local log files - 7 days kept | |
$LogdateFormat = "dd-MM-yyyy" | |
$Logdate = Get-Date -Format $LogdateFormat | |
$CleanupExec = "C:\BackupScript\DELETEOLD.PS1 -folderpath C:\Event_Logs -fileage 7 -logfile C:\Event_Logs\leanupLog_$Logdate.txt -verboselog" | |
Invoke-Expression $CleanupExec |
View LogParser-Files-User.sql
SELECT * INTO C:\TEMP\Output\output.csv | |
FROM C:\TEMP\Logs\* | |
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND | |
( Strings LIKE '%jon%' OR strings LIKE '%dave%') |
View LogParser-Servers-User.sql
SELECT * INTO C:\TEMP\Output\output.csv | |
FROM \\DC01.OHOLICS.NET\security;\\DC02.OHOLICS.NET\security;\\DC03.OHOLICS.NET\security | |
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND | |
( Strings LIKE '%jon%' OR strings LIKE '%dave%') |
View LogParser-Server-User.sql
SELECT * INTO C:\TEMP\Output\output.csv | |
FROM \\DC01.OHOLICS.NET\security | |
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND | |
( Strings LIKE '%jon%' OR strings LIKE '%dave%') |
View LogParserRedaction.sql
SELECT | |
EventLog, | |
RecordNumber, | |
TimeGenerated, | |
TimeWritten, | |
EventID, | |
EventType, | |
EventTypeName, | |
EventCategory, | |
EventCategoryName, |
NewerOlder