Skip to content

Instantly share code, notes, and snippets.

View mdowst's full-sized avatar

Matthew Dowst mdowst

View GitHub Profile
<# This script contains all of the command shown in my blog post: Create Zero-Touch Windows 10 ISO
http://blogs.catapultsystems.com/mdowst/archive/2017/12/11/create-zero-touch-windows-10-iso/
#>
$ISO = "E:\Windows.iso"
$FolderPath = "E:\Win10_ISO\"
###################################
#
# Prep the ISO Files
@mdowst
mdowst / CVE-2024-20666_Checker.ps1
Last active January 10, 2024 16:38
CVE-2024-20666 Checker
<#
.SYNOPSIS
Checks the WinRE environment on the local machine to see if it has been patched against CVE-2024-20666
.DESCRIPTION
Runs the reagentc command to get the WinRE path. Then runs DISM to get the version and build.
The version and build are checked against the values listed in the CVE to ensure that the
WinRE environment has been patched.
@mdowst
mdowst / Find-AutomationRunAsAccounts.ps1
Last active August 30, 2023 14:56
This script contains functions to help you identify potential runbooks still using Run As accounts.
<#
This script contains functions to help you identify potential runbooks still using Run As accounts.
If requires that you have the Az modules installed and that you are authenticated to Azure.
Azure Automation Run As Account will retire on September 30, 2023 and will be replaced with Managed Identities.
Before that date, you'll need to migrate your runbooks to use managed identities.
However, just the presence of a Run As account doesn’t mean a it is being used. Often these were just created
during the automation account provisioning. This script help to determine if you are using the Run As account
by search through the runbooks to find references to the Run As Account actually being called. Then finds the
<?xml version="1.0" encoding="utf-8"?>
<!-- Sample Autounattend.xml for Windows 10 media. This has been tested on 1511, 1607, and 1709 - x64 architecture only
For more details visit my blog http://blogs.catapultsystems.com/mdowst/archive/2017/12/11/create-zero-touch-windows-10-iso/ -->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<DiskConfiguration>
<Disk wcm:action="add">
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
@mdowst
mdowst / Test-AzureAutomationRegions.ps1
Created August 10, 2023 18:45
Test-AzureAutomationRegions
<#
This script was created to test the output and runtimes for Azure Automation runbooks running in different regions.
It is scope to only us regions. Update line 23 to use different areas.
#>
$SubscriptionId = ''
$ResourceGroupName = ''
$Runbook = 'Test-Sandbox'
if ($(Get-AzContext).Subscription.SubscriptionId -ne $SubscriptionId) {
Set-AzContext -SubscriptionId $SubscriptionId -ErrorAction SilentlyContinue
@mdowst
mdowst / FindTwitterFriendsOnMastodon.ps1
Last active December 16, 2022 14:13
Find Twitter Friends on Mastodon
<#
Uses BluebirdPS to get all of the people you follow on Twitter.
Then searches their profile for potential Mastodon usernames.
To setup BluebirdPS: https://github.com/thedavecarroll/BluebirdPS
#>
$TwitterFriends = Get-TwitterFriends
# The property fields to search
$properties = 'Name','Description'
@mdowst
mdowst / RemoveWsusDeadline.ps1
Last active March 14, 2022 14:19
This script can be used to remove all deadlines from approved updates in WSUS
<#
.SYNOPSIS
Use to remove all or past deadlines from WSUS
.PARAMETER WsusServer
Name of the remote machine running WSUS server. Defaults to localhost.
.PARAMETER UseSecureConnection
If set to true, uses SSL instead of HTTP.
<#
This script will query all Azure Subscriptions for Windows Virtual Machines and check them for the presence of potential Log4j vulnerabilities.
It checks for Java installations and search all files for Log4j JAR files. This is not a conclusive scan, but is a good way to quickly
identify potentially at risk machines.
To function correctly, the VM requires connectivity (port 443) to Azure public IP addresses.
Updated 12/22/2021 - Now includes ability to scan Arc servers
The account running this script must have read access to the VMs along with
Function Out-GridViewCode{
<#
.SYNOPSIS
Sends output to an interactive table in a separate window. With extended support to display Out-GridView as main window when using VS Code
.DESCRIPTION
The Out-GridView cmdlet sends the output from a command to a grid view window where the output is displayed in an interactive table. However, when you use VS Code the window appears in the background. Running this wrapper will bring the window to the front.
Parameters remain the same as the orginal Out-GridView
Function Encode-LogAnalyticsQuery{
<#
.SYNOPSIS
This function is used by the Write-LogAnalyticsURL Function to encode the query string for the URL.
.DESCRIPTION
This function outputs a compressed Base64 string based in the QueryString value passed to it.
.PARAMETER QueryString
The query you want to create a URL for.