Robert Toups roberttoups

## install-pi-powershell.sh
#!/bin/sh
# Update the Pi and ensure dependencies
sudo apt-get update && sudo apt-get install '^libssl1.0.[0-9]$' libunwind8 jq -y
# Variables
# Ask Microsoft for the version
VERSION=$(curl -s https://pscoretestdata.blob.core.windows.net/buildinfo/stable.json | jq .ReleaseTag | cut -c3-7)
# Payload nomenclature
TARBALL="powershell-$VERSION-linux-arm32.tar.gz"
# Where its coming from
BASEURI="https://github.com/PowerShell/PowerShell/releases/download/v$VERSION"

## Microsoft.PowerShell_profile.ps1
function prompt {
  if(([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    if($env:USERDNSDOMAIN) {
      Write-Host "$($env:USERNAME)@$($env:USERDNSDOMAIN)" -NoNewline -ForegroundColor 'Red'
      Write-Host "(ELEVATED)" -NoNewline -ForegroundColor 'White'
      Write-Host ":" -NoNewline -ForegroundColor 'DarkGray'
      Write-Host "[$($env:COMPUTERNAME)]" -NoNewline -ForegroundColor 'Yellow'
    } else {
      Write-Host "$($env:USERNAME)@$($env:COMPUTERNAME)" -NoNewline -ForegroundColor 'Red'
      Write-Host "(ELEVATED)" -NoNewline -ForegroundColor 'White'

## GPO WMI Queries for Windows Operating Systems.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                roberttoups
                / GPO WMI Queries for Windows Operating Systems.md
            
            
              Created
              November 6, 2020 20:30
            
              
                GPO WMI Queries for Windows Operating Systems
              
          
    GPO WMI Queries for Windows Operating Systems

Product Type


Product Type
Operating System


1
Desktop OS


2
Server OS -- Domain Controller


3
Server OS -- Member Server


## Install-gMSAAccount.ps1
$SamAccountName = 'gmsa-Account'
klist -lh 0 -li 0x3e7 purge # resets Kerberos tickets
$TestResult = Test-ADServiceAccount -Identity $SamAccountName
if($TestResult) {
	Install-ADServiceAccount -Identity $SamAccountName
} else {
	Write-Output "Cannot install gMSA`:$SamAccountName"
}

## Export-RootKeys.ps1
$DomainDistinguishedName = Get-ADDomain |
  Select-Object -ExpandProperty 'DistinguishedName'
$SearchBase = "CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services,CN=Configuration,$DomainDistinguishedName"
Get-ADObject -Filter '*' -SearchBase $SearchBase

## Export-ReversibleEncryption.ps1
# Export-ReversibleEncryption.ps1
$TimeStamp = Get-Date -Format 'yyyyMMddHHmmss'
$PropertyList = @('Enabled', 'PasswordLastSet', 'Name', 'GivenName', 'SurName', 'SamAccountName', 'UserPrincipalName', 'DistinguishedName', 'manager')
[System.Array]$ExportData = Get-ADUser -Filter { userAccountControl -band 128 } -Properties $PropertyList
if($ExportData.Count -gt 0) {
  $ExportData |
    Select-Object -Property $PropertyList |
    Export-Csv -Path (Join-Path -Path '.' -ChildPath "$TimeStamp-ReversibleEncryptionAccounts.csv") -NoTypeInformation
}
Write-Host "$($ExportData.Count.ToString('#,##0')) accounts have reversible encryption enabled." -ForegroundColor 'Red'

## Export-PasswordNeverExpires.ps1
# Export-PasswordNeverExpires.ps1
$TimeStamp = Get-Date -Format 'yyyyMMddHHmmss'
$PropertyList = @('Enabled', 'PasswordLastSet', 'Name', 'GivenName', 'SurName', 'SamAccountName', 'UserPrincipalName','DistinguishedName', 'manager')
[System.Array]$ExportData = Get-ADUser -Filter { PasswordNeverExpires -eq $true } -Properties $PropertyList
$ExportData |
  Select-Object -Property $PropertyList |
  Export-Csv -Path (Join-Path -Path '.' -ChildPath "$TimeStamp-PasswordNeverExpiresAccounts.csv") -NoTypeInformation
Write-Host "$($ExportData.Count.ToString('#,##0')) accounts are set to password never expires." -ForegroundColor 'Red'

## Export-ExceedsDomainPasswordAge.ps1
# Export-ExceedsDomainPasswordAge.ps1
$TimeStamp = Get-Date -Format 'yyyyMMddHHmmss'
$MaxPasswordAgeInDays = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days
$MaxAgeDate = (Get-Date).AddDays(- $MaxPasswordAgeInDays)
$PropertyList = @('Enabled','PasswordLastSet','Name','GivenName','SurName','SamAccountName','UserPrincipalName','DistinguishedName','manager')
[System.Array]$ExportData = Get-ADUser -Filter { PasswordLastSet -lt $MaxAgeDate -or PasswordLastSet -notlike '*' } -Properties $PropertyList
$ExportData |
  Select-Object -Property $PropertyList |
  Export-Csv -Path (Join-Path -Path '.' -ChildPath "$TimeStamp-PasswordAgeOutsidePolicyAccounts.csv") -NoTypeInformation
Write-Host "$($ExportData.Count.ToString('#,##0')) accounts are outside of the Domain Password Policy Age of $MaxPasswordAgeInDays days." -ForegroundColor 'Red'

## create_test_files.bat
@echo off
fsutil file createnew 10gb.test 10737418240
fsutil file createnew 1gb.test 1073741824
fsutil file createnew 1mb.test 1048576
fsutil file createnew 1kb.test 1024

## myip.sh
#!/bin/sh
nslookup myip.opendns.com resolver1.opendns.com
	#!/bin/sh
	# Update the Pi and ensure dependencies
	sudo apt-get update && sudo apt-get install '^libssl1.0.[0-9]$' libunwind8 jq -y
	# Variables
	# Ask Microsoft for the version
	VERSION=$(curl -s https://pscoretestdata.blob.core.windows.net/buildinfo/stable.json \| jq .ReleaseTag \| cut -c3-7)
	# Payload nomenclature
	TARBALL="powershell-$VERSION-linux-arm32.tar.gz"
	# Where its coming from
	BASEURI="https://github.com/PowerShell/PowerShell/releases/download/v$VERSION"
	function prompt {
	if(([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
	if($env:USERDNSDOMAIN) {
	Write-Host "$($env:USERNAME)@$($env:USERDNSDOMAIN)" -NoNewline -ForegroundColor 'Red'
	Write-Host "(ELEVATED)" -NoNewline -ForegroundColor 'White'
	Write-Host ":" -NoNewline -ForegroundColor 'DarkGray'
	Write-Host "[$($env:COMPUTERNAME)]" -NoNewline -ForegroundColor 'Yellow'
	} else {
	Write-Host "$($env:USERNAME)@$($env:COMPUTERNAME)" -NoNewline -ForegroundColor 'Red'
	Write-Host "(ELEVATED)" -NoNewline -ForegroundColor 'White'
Product Type	Operating System
1	Desktop OS
2	Server OS -- Domain Controller
3	Server OS -- Member Server
	$SamAccountName = 'gmsa-Account'
	klist -lh 0 -li 0x3e7 purge # resets Kerberos tickets
	$TestResult = Test-ADServiceAccount -Identity $SamAccountName
	if($TestResult) {
	Install-ADServiceAccount -Identity $SamAccountName
	} else {
	Write-Output "Cannot install gMSA`:$SamAccountName"
	}
	$DomainDistinguishedName = Get-ADDomain \|
	Select-Object -ExpandProperty 'DistinguishedName'
	$SearchBase = "CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services,CN=Configuration,$DomainDistinguishedName"
	Get-ADObject -Filter '*' -SearchBase $SearchBase
	# Export-ReversibleEncryption.ps1
	$TimeStamp = Get-Date -Format 'yyyyMMddHHmmss'
	$PropertyList = @('Enabled', 'PasswordLastSet', 'Name', 'GivenName', 'SurName', 'SamAccountName', 'UserPrincipalName', 'DistinguishedName', 'manager')
	[System.Array]$ExportData = Get-ADUser -Filter { userAccountControl -band 128 } -Properties $PropertyList
	if($ExportData.Count -gt 0) {
	$ExportData \|
	Select-Object -Property $PropertyList \|
	Export-Csv -Path (Join-Path -Path '.' -ChildPath "$TimeStamp-ReversibleEncryptionAccounts.csv") -NoTypeInformation
	}
	Write-Host "$($ExportData.Count.ToString('#,##0')) accounts have reversible encryption enabled." -ForegroundColor 'Red'
	# Export-PasswordNeverExpires.ps1
	$TimeStamp = Get-Date -Format 'yyyyMMddHHmmss'
	$PropertyList = @('Enabled', 'PasswordLastSet', 'Name', 'GivenName', 'SurName', 'SamAccountName', 'UserPrincipalName','DistinguishedName', 'manager')
	[System.Array]$ExportData = Get-ADUser -Filter { PasswordNeverExpires -eq $true } -Properties $PropertyList
	$ExportData \|
	Select-Object -Property $PropertyList \|
	Export-Csv -Path (Join-Path -Path '.' -ChildPath "$TimeStamp-PasswordNeverExpiresAccounts.csv") -NoTypeInformation
	Write-Host "$($ExportData.Count.ToString('#,##0')) accounts are set to password never expires." -ForegroundColor 'Red'
	# Export-ExceedsDomainPasswordAge.ps1
	$TimeStamp = Get-Date -Format 'yyyyMMddHHmmss'
	$MaxPasswordAgeInDays = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days
	$MaxAgeDate = (Get-Date).AddDays(- $MaxPasswordAgeInDays)
	$PropertyList = @('Enabled','PasswordLastSet','Name','GivenName','SurName','SamAccountName','UserPrincipalName','DistinguishedName','manager')
	[System.Array]$ExportData = Get-ADUser -Filter { PasswordLastSet -lt $MaxAgeDate -or PasswordLastSet -notlike '*' } -Properties $PropertyList
	$ExportData \|
	Select-Object -Property $PropertyList \|
	Export-Csv -Path (Join-Path -Path '.' -ChildPath "$TimeStamp-PasswordAgeOutsidePolicyAccounts.csv") -NoTypeInformation
	Write-Host "$($ExportData.Count.ToString('#,##0')) accounts are outside of the Domain Password Policy Age of $MaxPasswordAgeInDays days." -ForegroundColor 'Red'
	@echo off
	fsutil file createnew 10gb.test 10737418240
	fsutil file createnew 1gb.test 1073741824
	fsutil file createnew 1mb.test 1048576
	fsutil file createnew 1kb.test 1024