jschlackman

# Name: Remove-dbutil.ps1
# Author: James Schlackman
# Last modified: May 4, 2021

# Remediation of CVE-2021-21551 / DSA-2021-088

# Implements remediation Step 1, Option 2 from
# https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

$CheckPaths = (Get-ChildItem -Attributes d -Path $env:SystemDrive\Users | Select -Property @{Label="FullName";Expression={$($_.Fullname) + "\AppData\Local\Temp"}}) + (Get-Item -Path $env:SystemRoot\Temp | Select FullName)

jschlackman

# Name: Update-SelfServicePurchase.ps1
# Author: James Schlackman
# Last Modified: Jul 26 2021

# Disables Microsoft 365 self-service purchase for any product that has it enabled

# Adapted from sample script at
# https://docs.microsoft.com/en-us/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide

# Install module once using elevated credentials

jschlackman

# Name: Remove-DisabledUnifiedGroupOwners.ps1
# Author: James Schlackman
# Last Modified: Oct 18 2023
#
# Checks all Office 365 Unified Groups for owners that have their accounts disabled, and removes them as owner.
# If the group would be left with no owners, find the first non-disabled member and promote them.

#Requires -Modules ExchangeOnlineManagement

Import-Module ExchangeOnlineManagement

jschlackman

# Name: Enable-DailyShadowCopy.ps1
# Author: James Schlackman
# Last Modified: Nov 2 2023

# Sets up a daily shadow copy on the system drive. Enables 'Previous Versions' functionality on non-server editions of Windows.
# Optionally also enables System Restore functionality.

Param(
    # Drive to enable (default: system drive)
    [Parameter()] [String] $Drive = $env:SystemDrive,

jschlackman

0.0.0.0/5
8.0.0.0/7

11.0.0.0/8
12.0.0.0/6
16.0.0.0/4
32.0.0.0/3
64.0.0.0/2
128.0.0.0/3
160.0.0.0/5

jschlackman

# Get-RemoteSSLCert.ps1
# Author: James Schlackman
# Last Modified: Sep 3 2020
# 
# Connects to a specified server and port and initiates a TLS handshake to retrieve the remote public certificate
#
# Adapted from script by Rob VandenBrink at https://isc.sans.edu/forums/diary/Assessing+Remote+Certificates+with+Powershell/20645/
#
# Params:
# -Server (Hostname or IP)

jschlackman

Dim objNetwork, strRemoteShare
Set objNetwork = CreateObject("WScript.Network")
Dim oFileSys
Set oFileSys = CreateObject("Scripting.FileSystemObject")

' Read home drive info directly from AD in case environment variables are blank
Dim objSysInfo, objUser
Set objSysInfo = CreateObject("ADSystemInfo")

' Get currently logged in user

jschlackman

# Name: Disable-ExpiredAccounts.ps1
# Author: James Schlackman
# Last Modified: June 5 2020

# Queries AD for any expired account that is not already disabled, and disables it.

Get-ADUser -LDAPFilter "(&(accountExpires<=$((Get-Date).ToFileTime()))(!accountExpires=0)(!userAccountControl:1.2.840.113556.1.4.803:=2))" | Disable-ADAccount

jschlackman

# Name: Cleanup-UngroupedDriverPackages.ps1
# Author: James Schlackman
# Last Modified: Sep 10 2021

# Gets details of all driver packages in WDS that are not assigned to a driver group, and optionally removes them.
# Must be run on the target WDS server with administrative privileges.

$AllPackageIDs = (wdsutil /get-alldriverpackages | Select-String "^Id: ({.*})" | ForEach-Object {$_.Matches.Groups[1].Value})
Write-Output "Total driver packages on server: $($AllPackageIDs.Count)"

jschlackman

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2020-02-10T12:00:00</Date>
    <Author>james@schlackman.org</Author>
    <Description>Sends an email alert if any AD account has a change to its User Account Control status.</Description>
  </RegistrationInfo>
  <Triggers>
    <EventTrigger>
      <Enabled>true</Enabled>