Skip to content

Instantly share code, notes, and snippets.

Avatar

Jon Bryan jkbryan

View GitHub Profile
View CreateServicePrinciple.ps1
# Login first
Login-AzAccount
# Note that you can optionally assign an Azure role on creation,
# define the context prior to SP creation, using Set-AzContext
#
# Create Service Principle
$sp = New-AzADServicePrincipal -Role Reader -DisplayName "MyServicePrinciple"
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
$UnsecureSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
# Write out the password for the SP. Make sure you keep a secure copy of this output!
@jkbryan
jkbryan / Correct-UL-Label-Priority.ps1
Last active Mar 6, 2020
O365 Unified Labelling - Label Priority Fixing
View Correct-UL-Label-Priority.ps1
# Define credentials
$AdminCredentials = Get-Credential "myadmin@oholics.net"
# Create the session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection
# Import the session
Import-PSSession $Session -DisableNameChecking
# Define the tenant
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com"
# Get the priorities of all labels
$a=Get-Label
@jkbryan
jkbryan / Create-UL-Policy.ps1
Last active Mar 6, 2020
O365 Unified Labelling - Policy Creation
View Create-UL-Policy.ps1
# Define credentials
$AdminCredentials = Get-Credential "myadmin@oholics.net"
# Create the session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection
# Import the session
Import-PSSession $Session -DisableNameChecking
# Define the tenant
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com"
# Get the labels to add to the policy
$Label1=Get-Label -Identity "CN=My Label,$MyTenant"
@jkbryan
jkbryan / Create-UL-Label.ps1
Created Mar 6, 2020
O365 Unified Labelling - Label creation
View Create-UL-Label.ps1
# Define credentials
$AdminCredentials = Get-Credential "myadmin@oholics.net"
# Create the session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection
# Import the session
Import-PSSession $Session -DisableNameChecking
# Define the tenant
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com"
# Create the label
New-Label -DisplayName "My Label" -Name "My Label" -Comment "This is My Label" -Tooltip "My Label Tooltip" -AdvancedSettings @{color="#32CD32"}
@jkbryan
jkbryan / Get-AzureRoleAssignments.ps1
Created Apr 12, 2019
Script to report on all role assignments to a subscription or optionally to look for a named users role assignments.
View Get-AzureRoleAssignments.ps1
Connect-AzureRmAccount
$Logfile = "C:\Temp\RoleAssignmentsLog.csv"
If (Test-Path $Logfile) {
Clear-Content -Path $Logfile
}
$Subscription1 = "<SubscriptionGUID>"
$Subscription2 = "<SubscriptionGUID>"
Add-Content $Logfile "RG/Subscription,RoleDefinitionName,DisplayName,SignInName,ObjectType"
#Do first subscription top level
Set-AzureRmContext -Subscription $Subscription1
@jkbryan
jkbryan / BACKUP_AND_CLEAR_EVENTLOGS.ps1
Last active Mar 11, 2019
Script to first backup to file, copy to archive(s) and then clear Windows security event logs.
View BACKUP_AND_CLEAR_EVENTLOGS.ps1
Param(
$computer,
[switch]$clear
)
Function DeleteOldEventLogs {
# Clear old local log files - 7 days kept
$LogdateFormat = "dd-MM-yyyy"
$Logdate = Get-Date -Format $LogdateFormat
$CleanupExec = "C:\BackupScript\DELETEOLD.PS1 -folderpath C:\Event_Logs -fileage 7 -logfile C:\Event_Logs\leanupLog_$Logdate.txt -verboselog"
Invoke-Expression $CleanupExec
@jkbryan
jkbryan / LogParser-Files-User.sql
Created Mar 9, 2019
Find strings like 'jon' or 'dave' in the exported security event log(s) held in C;\TEMP\logs
View LogParser-Files-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM C:\TEMP\Logs\*
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
( Strings LIKE '%jon%' OR strings LIKE '%dave%')
@jkbryan
jkbryan / LogParser-Servers-User.sql
Created Mar 8, 2019
Find strings like 'jon' or 'dave' in the security event log of the servers named DC01.OHOLICS.NET, DC03.OHOLICS.NET and DC03.OHOLICS.NET
View LogParser-Servers-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM \\DC01.OHOLICS.NET\security;\\DC02.OHOLICS.NET\security;\\DC03.OHOLICS.NET\security
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
( Strings LIKE '%jon%' OR strings LIKE '%dave%')
@jkbryan
jkbryan / LogParser-Server-User.sql
Created Mar 8, 2019
Find strings like 'jon' or 'dave' in the security event log of a server named DC01.OHOLICS.NET
View LogParser-Server-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM \\DC01.OHOLICS.NET\security
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
( Strings LIKE '%jon%' OR strings LIKE '%dave%')
@jkbryan
jkbryan / LogParserRedaction.sql
Last active Mar 7, 2019
LogParserRedactionSQL
View LogParserRedaction.sql
SELECT
EventLog,
RecordNumber,
TimeGenerated,
TimeWritten,
EventID,
EventType,
EventTypeName,
EventCategory,
EventCategoryName,
You can’t perform that action at this time.