User Tools

Site Tools


scripts:powershell

PowerShell Scripts

Add Users To Default AD Groups

#$Users = Get-Content C:\Users\admin\Desktop\users.txt
 
$Users = "1","2"
 
foreach ($User in $Users) {
    Write-Host $User
    Write-Host "`tAdding to Group 1"
    Add-ADGroupMember Ad-Group-1 $User
 
	Write-Host "`tSetting login script"
	Set-Aduser -Identity $User -Scriptpath "SITE\SITE.bat"
 
}

Bulk AD Password Reset

$users = Get-Content "users.txt"
 
foreach ($user in $users) {
 
		Set-ADAccountPassword $user -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "P@ssword1" -Force)
		Set-ADUser -Identity $user -ChangePasswordAtLogon $true
 
 
}

Bulk Change AD Login Script

$adusers = Get-ADUser -Filter * -SearchBase "OU=Users,OU=SITE,OU=US,DC=americas,DC=ad,DC=company,DC=com" -SearchScope OneLevel -Properties Name,SamAccountName,ScriptPath | Select-Object Name,SamAccountName,ScriptPath
foreach ($user in $adusers) {
    $username = $user.SamAccountName
    $loginscript = $user.ScriptPath
    $name = $user.Name
    if ($loginscript -ne "SITE\SITE.bat") {
        Write-Host "Update $username from $loginscript"
        Set-ADUser -Identity $username -ScriptPath "SITE\SITE.bat"
    }
}

Update Registry Values

$Computers = Get-Content "computers.txt"
 
foreach ($Computer in $Computers) {
    if (Test-Connection -comp $Computer -count 1 -quiet) {
        Write-Host "Connecting to $Computer"
        C:\Tools\PSEXEC.exe $Computer "reg add 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' /v ADSKFLEX_LICENSE_FILE /d '2080@autocad.COMPANY.com' /f"
    } else {
        Write-Host "$Computer is offline"
    }
}

Disk Utilization

$Computer_Name = (Get-Item env:\Computername).Value # Run Against Local Machine.
$Computer_Name = $Computer_Name.ToLower()
$OutputDirectory = "D:\mush\utilization" # Where to save the output file.
$OutputDate = Get-Date -Format yyyyMMdd
$OutputFile = ($OutputDirectory + "\" + $Computer_Name + "_du_" + $OutputDate + ".csv") # ServerName_20130528-145330.csv
 
 
$PhysicalDisks = (Get-Counter -List PhysicalDisk).PathsWithInstances | Where {$_ -like "*Idle Time*" -and $_ -notlike "*_Total*"}
 
$Output = ''
 
Foreach ($Disk in $PhysicalDisks) {
    $Perfmon = Get-Counter -Counter $Disk -SampleInterval 1 -MaxSamples 1 | Select -expand CounterSamples | Select InstanceName,CookedValue
    $Rounded = [Math]::Round($Perfmon.CookedValue,0)
    $Rounded = [decimal]$Rounded
    $Percentage = (100-$Rounded)
    if ($Percentage -lt 0) { $Percentage = 0 }
    if ($Percentage -gt 100) { $Percentage = 100 }
 
    $TimeStamp = Get-Date -Format "yyy-MM-dd HH:mm:ss"
 
    $InstanceName = $Perfmon.InstanceName
    $InstanceName = $InstanceName.Substring(0,1)
 
 
    $TempOutput = '"' + $Computer_Name + '","' + $InstanceName + '","' + $Percentage + '","' + $TimeStamp + '"' + "`n"
    $Output = $Output + $TempOutput
}
 
#$Output = '"' + $Computer_Name + '","' + $Utilization + '","' + $TimeStamp + '"' + "`n"
 
$FileExists = Test-Path $OutputFile
if ($FileExists -eq 'True') {
	$DaFile = [system.io.file]::ReadAllText($Outputfile)
    $Ouput = $DaFile + $Output + "`n"
    [system.io.file]::AppendAllText("$OutputFile", $Output)
} else {
    [system.io.file]::WriteAllText("$OutputFile", $Output)
}
 
#Base FTP Options
$TargetServer = ""
$TargetUserName = "" # The remote username.
$TargetPassword = "" # The remote user's password.
 
Add-Content -Path "D:\mush\Disk_Utilization.scr" -Value "open FTPSERVER"
Add-Content -Path "D:\mush\Disk_Utilization.scr" -Value "FTPUSER"
Add-Content -Path "D:\mush\Disk_Utilization.scr" -Value "FTPPASSWORD"
 
$OutputDirectory = "D:\mush\utilization"
$Date = (Get-Date).ToString("yyyyMMdd")
$SearchString = "*_nu_" + $Date + ".csv"
Set-Location $OutputDirectory
$UploadFile = Get-ChildItem * -include $SearchString | select -expand PSPath
$File = $UploadFile.Substring(38)
 
$TargetLocation = ("/data/mush/server/utilization") # Drill down to the folder on the remote server, append with /
$TargetLocation = ("cd " + $TargetLocation)
Add-Content -Path "D:\mush\Disk_Utilization.scr" -Value $TargetLocation
$File = ("put " + $File)
Add-Content -Path "D:\mush\Disk_Utilization.scr" -Value $File
 
Add-Content -Path "D:\mush\Disk_Utilization.scr" -Value "Bye"
ftp -s:D:\mush\Disk_Utilization.scr
Remove-Item D:\mush\Disk_Utilization.scr

Get Bitlocker Status

function Get-BitlockerStatus {
    Param($ComputerName = $null)
 
    $Computer_Array = @()
    if ($ComputerName -eq $null) {
        $Computers = Get-ADComputer -Filter 'OperatingSystem -eq "Windows 10 Pro"' -SearchBase "OU=Mobiles,OU=SITE,OU=US,DC=americas,DC=ad,DC=COMPANY,DC=com" -Properties Name | sort Name | select -expand Name
    } else {
        $Computers = $ComputerName
    }
 
	$TotalComputers = $Computers.Count
	$Position = 1
 
    Foreach ($Computer in $Computers) {
		Write-Progress -Activity "Checking Bitlocker Status" -Status "Processing $Computer ($Position of $TotalComputers)" -PercentComplete (($Position/$TotalComputers) * 100) -ErrorAction SilentlyContinue
 
        $OU = (((Get-AdComputer $Computer -properties DistinguishedName).DistinguishedName).Substring(15)).Split(",")[0]
 
        $CO = @()
        $CO = New-Object PSObject  
        $CO | Add-Member -Name 'ComputerName' -MemberType NoteProperty -Value $Computer
 
        if (Test-Connection -ComputerName $Computer -Count 1 -Quiet) {
			$ComputerIP = [System.Net.Dns]::GetHostAddresses($Computer).IpAddressToString
			$ComputerHost = [System.Net.Dns]::GetHostbyAddress($ComputerIP).hostname
			if (($ComputerIP -match "10.118.") -or ($ComputerHost -contains $Computer)) {
 
				$Bitlocker_String = manage-bde.exe -status -cn $Computer c:
				$Status = ($Bitlocker_String | Select-String -Pattern 'Conversion Status').ToString()
				$CO | Add-Member -Name 'Status' -MemberType NoteProperty -Value (($Status.Trim()).Substring(18)).Trim()
				$Percentage = ($Bitlocker_String | Select-String -Pattern 'Percentage Encrypted').ToString()
				$CO | Add-Member -Name 'Percentage' -MemberType NoteProperty -Value (($Percentage.Trim()).SubString(22)).Trim()
				if (Get-WmiObject -ComputerName $Computer -Class Win32_Product -Filter "Name='McAfee Management of Native Encryption'") {
					$CO | Add-Member -Name 'McAfeeEncryption' -MemberType NoteProperty -Value "Installed"
				} else {
					$CO | Add-Member -Name 'McAfeeEncryption' -MemberType NoteProperty -Value "Not Installed"
				}
                $TPM_Status = Get-WMIObject -computer $Computer –class Win32_Tpm –Namespace root\cimv2\Security\MicrosoftTpm | Select IsActivated_InitialValue,IsEnabled_InitialValue,IsOwned_InitialValue,PhysicalPresenceVersionInfo,SpecVersion
                $CO | Add-Member -Name 'TPM_Activation' -MemberType NoteProperty -Value $TPM_Status.IsActivated_InitialValue
                $CO | Add-Member -Name 'TPM_Enabled' -MemberType NoteProperty -Value $TPM_Status.IsEnabled_InitialValue
                $CO | Add-Member -Name 'TPM_Owned' -MemberType NoteProperty -Value $TPM_Status.IsOwned_InitialValue
                $CO | Add-Member -Name 'TPM_Spec' -MemberType NoteProperty -Value $TPM_Status.SpecVersion
                $CO | Add-Member -Name 'TPM_Version' -MemberType NoteProperty -Value $TPM_Status.PhysicalPresenceVersionInfo
				$DriveLetter = "C:"
				$BitLocker = Get-WmiObject -Computer $Computer -Namespace "Root\cimv2\Security\MicrosoftVolumeEncryption" -Class "Win32_EncryptableVolume" -Filter "DriveLetter = '$DriveLetter'"
				$ProtectorIds = $BitLocker.GetKeyProtectors("0").volumekeyprotectorID       
				$return = @()
 
				foreach ($ProtectorID in $ProtectorIds){
 
				$KeyProtectorType = $BitLocker.GetKeyProtectorType($ProtectorID).KeyProtectorType
 
				$keyType = ""
 
					switch($KeyProtectorType){
 
						"0"{$Keytype = "Unknown or other protector type";break}
 
						"1"{$Keytype = "Trusted Platform Module (TPM)";break}
 
						"2"{$Keytype = "External key";break}
 
						"3"{$Keytype = "Numerical password";break}
 
						"4"{$Keytype = "TPM And PIN";break}
 
						"5"{$Keytype = "TPM And Startup Key";break}
 
						"6"{$Keytype = "TPM And PIN And Startup Key";break}
 
						"7"{$Keytype = "Public Key";break}
 
						"8"{$Keytype = "Passphrase";break}
 
						"9"{$Keytype = "TPM Certificate";break}
 
						"10"{$Keytype = "CryptoAPI Next Generation (CNG) Protector";break}
 
					}#endSwitch
 
					$Key_Protectors += ($Keytype + " - ")
 
				}#EndForeach
                $Key_Protectors = $Key_Protectors.TrimEnd(" - ")
				$CO | Add-Member -Name 'Key_Protectors' -MemberType NoteProperty -Value $Key_Protectors
			}
 
        } else {
            $CO | Add-Member -Name 'Status' -MemberType NoteProperty -Value "Offline"
            $CO | Add-Member -Name 'Percentage' -MemberType NoteProperty -Value "Offline"
			$CO | Add-Member -Name 'McAfeeEncryption' -MemberType NoteProperty -Value "Offline"
            $CO | Add-Member -Name 'TPM_Activation' -MemberType NoteProperty -Value "Offline"
            $CO | Add-Member -Name 'TPM_Enabled' -MemberType NoteProperty -Value "Offline"
            $CO | Add-Member -Name 'TPM_Owned' -MemberType NoteProperty -Value "Offline"
            $CO | Add-Member -Name 'TPM_Spec' -MemberType NoteProperty -Value "Offline"
            $CO | Add-Member -Name 'TPM_Version' -MemberType NoteProperty -Value "Offline"
			$CO | Add-Member -Name 'Key_Protectors' -MemberType NoteProperty -Value "Offline"
        }
 
        $CO | Add-Member -Name 'OU' -MemberType NoteProperty -Value $OU
 
        $Computer_Array += $CO
 
        $Bitlocker_String = $null
        $Status = $null
        $Percentage = $null
        $CO = $null
        $OU = $null
        $TPM_Status = $null
		$Key_Protectors = $null
		$Position++
    }
    $Computer_Array | Sort OU,Status,ComputerName | ft -AutoSize
}
scripts/powershell.txt · Last modified: 2018/09/09 21:26 by joew