Posts Tagged ‘powershell’

List the permissions on all the folders

$OutFile = "C:\temp\Permissions.csv"
Remove-Item $OutFile -ErrorAction SilentlyContinue
$Header = "Folder Path,Exception,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Add-Content -Value $Header -Path $OutFile 

$RootPath = "D:\Shares\Users$"

try
{
#to add subfolders add - Recurse after $RootPath
    $Folders = dir $RootPath 2>&1 | where {$_.psiscontainer -eq $true} 
}
catch [System.Exception]
{
    $_.Exception.Message
}

foreach ($Folder in $Folders){
    
    try
    { 
        $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
        $Exception = $false 
      }
    catch [System.Exception]
    {
        $Exception = $true
        $SystemMessage = $_.Exception.Message 
    }
    Finally
    {
        Foreach ($ACL in $ACLs)
        {
             if ($Exception -eq $false) {
            $OutInfo = $Folder.Fullname + "," + $Exception  + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
             }
           else {
            $OutInfo = $Folder.Fullname + "," + $Exception  + "," + $SystemMessage
           }
           Add-Content -Value $OutInfo -Path $OutFile
       }
    }
}

Change the permissions

#######################################################
# 
# I put this script together to fix the permissions on users' home folders
# that had gotten messed up when they were moved to a new fileserver
# cluster.  After many attempts that 'almost' worked, I incorporated scripts
# from fellow SpiceHeads, most notably Martin Pugh (Martin9700).  An 
# edit or two from others, (Simon Matthews helped with the Set-ACL syntax 
# and Martin Boyle contributed the Set-Strictmode line for debugging), and
# I fixed up the logging output.
# 
# There's a couple of comments in the script that I left in but really only apply
# to the limited type of environment I was dealing with (2003 functional domain 
# with no access to the ActiveDirectory module).  (I figure I can't be the only 
# with overlords stuck in the past.)
# 
# Mike Schulman (s31064) 11/19/2015
# 
#######################################################

#Set-Strictmode -Version Latest -Verbose	##### Uncomment for configuring to your situation, then comment out again when you've got it right.

$Path = "D:\Shares\Users$"

##### Permissions adds the users/groups and the permissions they should have.  The actual User should not be added here.  
##### What's on the line below is an example only.  The format is domain\user-group:Permission.  
##### Separate additional users/groups with a comma and enclose the list in "".

$Permissions = "%yourdomainname%\Domain Admins:FullControl"

# Setup Access Rules
# $Domain = (Get-ADDomain).NetBIOSName	##### Need to set statically on next line because of 2003 limitations.
$Domain = 'ENCOM'
$AccessRules = @()
ForEach ($Perm in $Permissions.Split(","))
{	$Group = $Perm.Split(":")[0]
	$Level = $Perm.Split(":")[1]
	$AccessRules += New-Object System.Security.AccessControl.FileSystemAccessRule($Group,$Level, "ContainerInherit, ObjectInherit", 

"None", "Allow")
}

##### Setup Logging
##### Pasting this script as text into a PS command line causes the line below to throw an error and place the log file in the C:\ folder.  The script still works.

$Log = "$(Split-Path $MyInvocation.MyCommand.Path)\Set-UserACL-$(Get-Date -format 'MMddyy-hhmm').log"
Add-Content -Value "$(Get-Date): Script begins" -Path $Log
Add-Content -Value "$(Get-Date): Processing folder: $Path" -Path $Log

##### This is where it all starts to happen.
##### You can also modify the -Path in the Get-ChildItem line to limit the number of folders affected during testing.

$Dirs = Get-ChildItem -Path "$Path\*" | Where { $_.PSisContainer }
$UserError = @()
ForEach ($Dir in $Dirs)
{	$User = Split-Path $Dir.Fullname -Leaf
	Try
	{	Add-Content -Value "-----------------------------------------------" -Path $Log
	 	Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log

##### The next line should be        $Test = Get-ADUser $User -ErrorAction Stop
##### It will test for the existence of the user before looping through the script.  I had to take it out because of the limitations of my environment.

	 	$ACL = Get-Acl $Dir -ErrorAction Stop
        
        ##### Set inheritance to no
		#$ACL.SetAccessRuleProtection($true, $false)
        #Add-Content -Value "$(Get-Date): Inheritance for $User set successfully" -Path $Log
        
        ##### Set owner to user
		#$ACL.SetOwner([System.Security.Principal.NTAccount]$User)
        #Add-Content -Value "$(Get-Date): Owner $User set successfully" -Path $Log
        
        ##### Remove old permissions
		$ACL.Access | ForEach { [Void]$ACL.RemoveAccessRule($_) }
        Add-Content -Value "$(Get-Date): Old permissions for $User removed successfully" -Path $Log
        
        ##### Set new permissions
		ForEach ($Rule in $AccessRules)
		{	$ACL.AddAccessRule($Rule)
		}
		$UserRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$Domain\$User","Modify", "ContainerInherit, 

ObjectInherit", "None", "Allow")
		$ACL.AddAccessRule($UserRule)
		Set-Acl -Path $Dir -AclObject $ACL -ErrorAction Stop
        Add-Content -Value "$(Get-Date): New permissions for $User set successfully" -Path $Log
	}
	Catch

##### This is where the errors get logged.  The first line logs them to the console, and the next two lines add them to the log file.

	{	Write-Host "Unable to process $($Dir.Fullname) because $($Error[0])" -ForegroundColor Red
		Add-Content -Value "-----------------------------------------------" -Path $Log
        		Add-Content -Value "$(Get-Date): Unable to process $($Dir.Fullname) because $($Error[0])" -Path $Log
	}
}

##### This just closes the log file.

Add-Content -Value "-----------------------------------------------" -Path $Log
Add-Content -Value "$(Get-Date): Script completed" -Path $Log
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Previously, we used a development instance of Azure AD Connect with a development Azure AD tenant to investigate the rules. However, Microsoft has created new functionality in the adfshelp.microsoft.com ADFSHelp Portal:

The ADFSHelp Portal in Microsoft Edge (click for larger screenshot)

ADFSHelp ToolsIn the Tools section, there is now a Claims Generator wizard labeled Azure AD RPT Claim Rules, that will help you get optimized claims rules for the ‘Office 365 Identity Platform’ RPT.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Install-Module AzureADPreview

Install-Module MSOnline

Install-Module : The term ‘Install-Module’ is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:1
+ Install-Module AzureADPreview
+ ~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Install-Module:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

Or you get “You must have the MSOnline Windows PowerShell modules”

Solution without Reboot

Download and install : https://www.microsoft.com/en-us/download/details.aspx?id=51451

Then run Powershell as Administrator

Run again

Proper Solution that requires reboot

Install Windows Management Framework 5.1   https://www.microsoft.com/en-us/download/details.aspx?id=54616

VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

The Exchange Online Remote PowerShell Module needs to be installed on your computer:

  1. Open the Exchange admin center (EAC) for your Exchange Online organization. For instructions, see Exchange admin center in Exchange Online.

  2. In the EAC, go to Hybrid > Setup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.

    Download the Exchange Online PowerShell Module from the Hybrid tab in the EAC
  3. In the Application Install window that opens, click Install.

    Click Install in the Exchange Online PowerShell Module window

Open

C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation\Microsoft Exchange Online Powershell Module.appref-ms

Run

Connect-EXOPSSession -UserPrincipalName chris@contoso.com

Powershell

https://gallery.technet.microsoft.com/Office-365-Connection-47e03052

Video to Send User

https://channel9.msdn.com/posts/Multi-Factor-Account-Setup
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Powershell script to list machines running  the out of date e1000 Adapter in Windows so you can update them to VMXnet3 !

Get-VM |
 
Where{(Get-NetworkAdapter -VM $_ | where{$_.Type -eq 'e1000'}) -and (Get-VMguest -VM $_ | Where-Object {$_.OSFullName -like "*Windows Server*"})} |
 
Select Name,@{N='vCenter';E={$_.Uid.Split('@')[1].Split(':')[0]}}

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 

Run Vmware Powercli

Run 

Connect-ViServer %name of server%

Run the output of below to a text file

E.g. .\Get-PendingUpdate.ps1 | Output-File file.txt

 

Function Get-PendingUpdate { 
<# 
.SYNOPSIS 
Retrieves the updates waiting to be installed from WSUS 
.DESCRIPTION 
Retrieves the updates waiting to be installed from WSUS 
.PARAMETER Computer 
Computer or computers to find updates for. 
.EXAMPLE 
Get-PendingUpdates 
 
Description 
----------- 
Retrieves the updates that are available to install on the local system 
.NOTES 
Author: Boe Prox 
Date Created: 05Mar2011 
#> 
 
#Requires -version 2.0 
[CmdletBinding( 
DefaultParameterSetName = 'computer' 
)] 
param( 
[Parameter( 
Mandatory = $False, 
ParameterSetName = '', 
ValueFromPipeline = $True)] 
[string[]]$Computer 
) 
Begin { 
$scriptdir = { Split-Path $MyInvocation.ScriptName –Parent } 
Write-Verbose "Location of function is: $(&$scriptdir)" 
#Create container for Report 
Write-Verbose "Creating report collection" 
$report = @() 
} 
Process { 
ForEach ($c in $Computer) { 
Write-Verbose "Computer: $($c)" 
If (Test-Connection -ComputerName $c -Count 1 -Quiet) { 
Try { 
#Create Session COM object 
Write-Verbose "Creating COM object for WSUS Session" 
$updatesession = [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$c)) 
} 
Catch { 
Write-Warning "$($Error[0])" 
Break 
} 
 
#Configure Session COM Object 
Write-Verbose "Creating COM object for WSUS update Search" 
$updatesearcher = $updatesession.CreateUpdateSearcher() 
 
#Configure Searcher object to look for Updates awaiting installation 
Write-Verbose "Searching for WSUS updates on client" 
$searchresult = $updatesearcher.Search("IsInstalled=0") 
 
#Verify if Updates need installed 
Write-Verbose "Verifing that updates are available to install" 
If ($searchresult.Updates.Count -gt 0) { 
#Updates are waiting to be installed 
Write-Verbose "Found $($searchresult.Updates.Count) update\s!" 
#Cache the count to make the For loop run faster 
$count = $searchresult.Updates.Count 
 
#Begin iterating through Updates available for installation 
Write-Verbose "Iterating through list of updates" 
For ($i=0; $i -lt $Count; $i++) { 
#Create object holding update 
$update = $searchresult.Updates.Item($i) 
 
#Verify that update has been downloaded 
If ($update.IsDownLoaded -eq "True") { 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = ($update.Title -split('\('))[0] 
$temp.KB = (($update.title -split('\('))[1] -split('\)'))[0] 
$temp.IsDownloaded = "True" 
$report += $temp 
} 
Else { 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = ($update.Title -split('\('))[0] 
$temp.KB = (($update.title -split('\('))[1] -split('\)'))[0] 
$temp.IsDownloaded = "False" 
$report += $temp 
} 
} 
 
} 
Else { 
#Nothing to install at this time 
Write-Verbose "No updates to install." 
 
#Create Temp collection for report 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = "NA" 
$temp.KB = "NA" 
$temp.IsDownloaded = "NA" 
$report += $temp 
} 
} 
Else { 
#Nothing to install at this time 
Write-Warning "$($c): Offline" 
 
#Create Temp collection for report 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = "NA" 
$temp.KB = "NA" 
$temp.IsDownloaded = "NA" 
$report += $temp 
} 
} 
} 
End { 
Write-Output $report 
} 
}
 
 
$GetVM = Get-VM | 
Where {$_.Guest -match 'windows'} | 
Where {$_.PowerState -eq 'PoweredOn'}
 
Foreach ($vm in $GetVM)
{
$vm.Name
Get-PendingUpdate -Computer $vm.Guest.IPAddress[0]
}

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

vmware_view_pilot-5132020[1]This will only work once a host has been added to Vcenter.

Use Vmware CLI to run this with the variables in Square Brackets edited out

This will change from Multipath to Round Robin

Connect-VIServer [VCENTER-SERVER-ADDRESS]
 
$hostview = Get-View -Viewtype HostSystem  –filter @{“Name”=[Fully qualified name of server]}
$storageSystem = Get-View $hostview.ConfigManager.StorageSystem 
$policy = new-object VMware.Vim.HostMultipathInfoLogicalUnitPolicy
#$policy.policy = "VMW_PSP_MRU" 
$policy.policy = "VMW_PSP_RR"
$storageSystem.StorageDeviceInfo.MultipathInfo.lun | foreach { $storageSystem.SetMultipathLunPolicy($_.ID, $policy) }
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Veeam[1]Trying to get the Solarwinds Veeam Backup and Recovery Template working, After installing the powershell plugin via BPS_x64.msi, when trying to run Powershell commands , I could not include to the Veeam VeeamPSSnapIn. 

 

Turns out it hadn’t installed and referenced the .dll properly , below can be saved as .reg files and run , depending where your Veeam.Backup.PowerShell.dll is located

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns\VeeamPSSnapIn]
"PowerShellVersion"="2.0"
"Vendor"="Veeam"
"Description"="This is a PowerShell snap-in that includes the Veeam's cmdlet."
"VendorIndirect"="VeeamPSSnapIn, Veeam"
"DescriptionIndirect"="VeeamPSSnapIn,This is a PowerShell snap-in that includes the Veeam's cmdlet."
"Version"="8.0.0.0"
"ApplicationBase"="C:\\Program Files\\Veeam\\Backup and Replication\\Backup"
"AssemblyName"="Veeam.Backup.PowerShell, Version=8.0.0.0, Culture=neutral, PublicKeyToken=bfd684de2276783a"
"ModuleName"="C:\\Program Files\\Veeam\\Backup and Replication\\Backup\\Veeam.Backup.PowerShell.dll"

 

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns\VeeamPSSnapIn]
"PowerShellVersion"="2.0"
"Vendor"="Veeam"
"Description"="This is a PowerShell snap-in that includes the Veeam's cmdlet."
"VendorIndirect"="VeeamPSSnapIn, Veeam"
"DescriptionIndirect"="VeeamPSSnapIn,This is a PowerShell snap-in that includes the Veeam's cmdlet."
"Version"="8.0.0.0"
"ApplicationBase"="C:\\Program Files\\Veeam\\Backup and Replication\"
"AssemblyName"="Veeam.Backup.PowerShell, Version=8.0.0.0, Culture=neutral, PublicKeyToken=bfd684de2276783a"
"ModuleName"="C:\\Program Files\\Veeam\\Backup and Replication\\Veeam.Backup.PowerShell.dll"
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
New-VIProperty -Name ToolsVersion -ObjectType VirtualMachine -ValueFromExtensionProperty 'Config.tools.ToolsVersion' -Force
 
New-VIProperty -Name ToolsVersionStatus -ObjectType VirtualMachine -ValueFromExtensionProperty 'Guest.ToolsVersionStatus' -Force
 
Get-VM | Select Name, Version, ToolsVersion, ToolsVersionStatus | Export-Csv -NoTypeInformation -UseCulture -Path C:\VMHWandToolsInfo.csv
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Office-365-New[1]Add Permissions
 

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection

Import-PSSession $Session

//Add to Outlook
UserA to B
Add-MailboxPermission -identity UserB@domain.com -user UserA@domain.com -AccessRights FullAccess
 
//Don't add to Outlook
Add-MailboxPermission -Identity <Mailbox ID1> -User <Mailbox ID2>-AccessRights FullAccess -AutoMapping:$false
 
//Remove-MailboxPermission
Remove-MailboxPermission -identity ian@jeppesenheaton.co.uk -user geraldine@jeppesenheaton.co.uk -AccessRights FullAccess
 
//Viewmailbox Permission for Single Users 
Get-MailboxPermission –Identity “simon” | fl user, accessrights
 
//Export of All Permissions
Get-mailbox | Get-MailboxPermission | select-object FolderName,User,AccessRights,Identity, IsInherited,IsValid | export-csv -Path c:\teste.csv
 
//Add Distribution Group
Add-DistributionGroupMember -Identity Support -Member James -BypassSecurityGroupManagerCheck
 
 
//Password Never Expire
Connect-MSOLService
Get-MSOLUser | Set-MSOLUser -PasswordNeverExpires $true
 
//Remove Strong Password One User
Set-MsolUser -UserPrincipalName user1@abc.com -StrongPasswordRequired $False
 
//Remove for all Users
Get-MSOLUser | Set-MSOLUser -StrongPasswordRequired $False
 
 
// Forward to contact without Mailbox
New-MailContact John –ExternalEmailAddress Johnwang@forwardto.com
$obj = Get-MailContact John
$obj.EmailAddresses.Add(“smtp:Johnwang@contoso.com“)
Get-MailContact John | Set-MailContact -EmailAddresses $obj.EmailAddresses
 
Send as distribution List
Create Discribution List and add user to it
Set Account to Receive from outside 
Add-RecipientPermission newsletter@cogmotive.com -AccessRights SendAs -Trustee alan@cogmotive.com
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)