Recent Discussions
M365 Exchange & Shared Mailbox Calendar Notifications
M365 Business Premium tenant here. We have a shared mailbox (not resource mailbox) called meetings@ The aim is to have an anonymous email address staff can send out meeting requests to our clients and have a dedicated calandar for those meetings. I've set up the staff members with Receive and SendAs permissions so everyone can set up meetings using that account so that the meeting invite appears to come from meetings@ instead of the staff members email address. Staff can create meetings and the invite is anonymous so that part is working as planned. The problem is, all the staff gets flooded with Accept/Decline messages going to their personal mailboxes. Is there a way to set it so that only the shared mailbox gets the notifications or even supress those messages entirely. I've resorted to email rules for each staff member to either block or divert the messages but I'd really prefer it if there was a one stop shop rahter than having to configure individual's mailboxes to block them. I tried Set-CalendarProcessing -Identity "email address removed for privacy reasons" -RemoveForwardedMeetingNotifications $true -AutomateProcessing AutoUpdate but it didn't seem to do much. Any other ideas?PowerShell script to reinstall Windows license key
Greetings, I am new to PowerShell. I was talking with my boss recently about an issue we had following the Windows 11 24H2 update. The Windows license is being deactivated following the update. My boss has written a PowerShell script to resolve this issue but he asked me to see if I can write a script as well to fix the issue. He thought it would be good practice for me to learn PowerShell. So he has tossed me into the deep end and I need to quickly learn to swim; ) I need a script that would reinstall the Windows license key, activate the key, and change the DEP policy to opt out mode. This task is above my skill level and I could use some help. Thanks in advance
Windows Restricted User Experience Set-CimInstance Error
So I'm trying to set up a restricted user experience that allows the usage of only one application. However, I keep running into this weird error message that provides no useful information: I've been successful in getting the boilerplate example fromthe official Windows guide to work, so I'm fairly certain the error lies in how I've set up the Allowed Apps and PinnedList. Perhaps in the path to the app? But I'm not sure how I'd go about changing that since I got the pathway from the task manager. Any help is appreciated! Full code below: psexec.exe -i -s powershell.exe $assignedAccessConfiguration = @" <?xml version="1.0" encoding="utf-8"?> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config" xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> <Profiles> <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C24}"> <AllAppsList> <AllowedApps> <App AppUserModelId="Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe" /> </AllowedApps> </AllAppsList> <v5:StartPins><![CDATA[{ "pinnedList":[ {"packagedAppId":"Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe"}, ] }]]></v5:StartPins> <Taskbar ShowTaskbar="true" /> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount rs5:DisplayName="RDUSER" /> <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C24}" /> </Config> </Configs> </AssignedAccessConfiguration> "@ $namespaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className $obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration) Set-CimInstance -CimInstance $obj
UserProfile Management with PowerShell
We have an issue where quarterly Nessus scans enumerate vulnerability findings for every user profile on an endpoint. This started me on a path to remove obsolete user profiles to reduce the noise from Nessus. I need to accomplish three things in my final script: 1. set the execution policy to bypass; 2. reset the NTUser.dat to the last write time (if this is not done, the third criteria will not return any hits); 3. find all user profiles older than 60 days and delete them. I did try the GPO to delete profiles older than a certain number of days, but it never removes all of them. I pieced together a script from a couple diff sources and came up with the below. My PowerShell-fu is not that advanced so I am looking for suggestions to make it more efficient. The script works, but I noticed that empty user profile folders at C:\Users\ were left behind. Please advise. Is this a candidate to be made into a function? $ErrorActionPreference = "SilentlyContinue" $Report = $Null $Path = "C:\Users" $UserFolders = $Path | GCI -Directory $currentDate = Get-Date $ageLimit = 60 $userProfiles = Get-ChildItem -Path $Path Set-ExecutionPolicy Bypass -Force ForEach ($UserFolder in $UserFolders) { $UserName = $UserFolder.Name If (Test-Path "$Path\$UserName\NTUSer.dat") { $Dat = Get-Item "$Path\$UserName\NTUSer.dat" -force $DatTime = $Dat.LastWriteTime If ($UserFolder.Name -ne "default") { $Dat.LastWriteTime = $UserFolder.LastWriteTime } } } ForEach ($profile in $userProfiles) { $lastWriteTime = $profile.LastWriteTime $profileAge = ($currentDate - $lastWriteTime).Days If ($profileAge -ge $ageLimit) { Remove-Item -Path $profile.FullName -Recurse -Force } }
How do I disable attachments in Outlook draft messages for my organization via Powershell?
My company wants to create a policy that prevents people from starting an Outlook message, adding an attachment to that message, going to another computer or device, opening Outlook on that device, and downloading the file from their draft message. we have O365 and Exchange Online. All the information I've found on setting Outlook options or draft options or any of that has been for individual users rather than organizations. I've been told that it can be done via powershell and office group policies, but TBH, I don't have much Powershell familiarity. Any suggestions?
Powershell GPO
Need a gpo script to find the value of multiple policy settings For example Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment Need to get the value of both policy in a single PS scriptHow do I get HP Bloatware script to run during enrollment?
Hi all I am wanting to put a script within Intune so during the deployment phase of autopilot it would remove the HP Bloatware however if I attach this script https://gist.github.com/mark05e/a79221b4245962a477a49eb281d97388into the deployment policy it would fail everytime. I can only remove it by going to the start menu , run powershell as admin and then run the script manually from there. What do I need to add so the script can run automatically? It wouldn't matter if it can't be run during the enrollment stage but I do want to somehow automatic this . ThanksI'm unable to execute powershell command in SharePoint
When I execute the PowerShell command, I get a sign-in error. I have tested this in a couple of SharePoint tenants, but I'm unable to run the script. Also, previously, these scripts were working fine. Unable to execute the "Connect-PnPOnline" command. Please someone help with this.
Entering in commands on a remote workstation using a PS script
I am trying to create a PS script that opens a session on a remote workstation and executes these commands: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes profile=domain Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes Set-NetFirewallRule -DisplayGroup "Network Discovery" -Enabled True This is the part of the script giving me trouble: $session = New-PSSession -ComputerName $workstationName # Prompt for credentials $cred = Get-Credential # Use Invoke-Command to run the script block with elevated credentials Invoke-Command -Session $session -Credential $cred -ScriptBlock { # Check if the session is available if ($session -ne $null) { Write-Host "Session established. Waiting for the session to be ready..." # PowerShell commands here netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes profile=domain Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes Set-NetFirewallRule -DisplayGroup "Network Discovery" -Enabled True Get-Process } # Exit the remote session Exit-PSSession } else { Write-Host "Failed to establish a session." } Here is the error. Any help is appreciated Invoke-Command : Parameter set cannot be resolved using the specified named parameters. At C:\XXXX\VMPrepBeta6.ps1:67 char:5 + Invoke-Command -Session $session -Credential $cred -ScriptBlock { + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Invoke-Command], ParameterBindingException + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.InvokeCommandCommand
How do I display a "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection" using PowerShell
PS C:\Users\serveradmin.QA> Get-ADDomainController -Filter * | Select-Object Name, OperationMasterRoles |Where-Object {$_.OperationMasterRoles} Name OperationMasterRoles ---- -------------------- ADAICTQA {SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster...} in the above command I outputOperationMasterRoles Id like those to be displayed in the same row comma seperated ...how do I disect that ADPropertyValueCollection ?Multiple @name substitution in one line import
I'm trying to export all the "conditional" attributes from the Get-DynamicDistributionGroup into a csv file ConditionalCompany : {} ConditionalStateOrProvince : {} ConditionalCustomAttribute1 : {} ConditionalCustomAttribute2 : {} these attributes are aMicrosoft.Exchange.Data.MultiValuedProperty`1[System.String] so to correctly export them to csv we should use the following for each of them @{Name="ConditionalCustomAttribute1";Expression={($_.ConditionalCustomAttribute1)}} @{Name="ConditionalCustomAttribute2";Expression={($_.ConditionalCustomAttribute2)}} ... I was wondering if there's a way to "expand" the * inside the@{} instead something like @{Name="ConditionalAttribute*";Expression={($_.ConditionalAttribute*)}}powershell get-winevent script assistance
first time poster here, hoping i am doing this correctly! I am using the script below to send email alerts when there are more than 200 of event 6273 is logged under the security log within a 10 minute period. This script emails the most recent 100 events and works perfectly but includes much more information than we care to see as shown in the output below the code. We are basically just trying to get an email that allows us to quickly skim through the users from the latest 100 events to ensure they are not legitimate ad accounts and if they are, easily determine the offenders ip address and add it to the blocklist. How can i extract and email only thetimestamp,accountname, and thecalling station identifierformatted with some kind of line break between the entries from this thing? $count = (Get-WinEvent -FilterHashtable @{logname='Security'; Id =6273; StartTime=(Get-Date).AddMinutes(-10)}).count if ($count -gt 200) { $EventId = 6273 $A = Get-WinEvent -MaxEvents 100 -FilterHashTable @{Logname = "Security" ; ID = $EventId; StartTime=(Get-Date).AddMinutes(-10)} -ErrorAction SilentlyContinue $Message = $A.message $EventID = $A.Id $MachineName = $A.MachineName $Source = $A.ProviderName $EmailFrom = "email address removed for privacy reasons" $EmailTo = "email address removed for privacy reasons" $Subject ="Password guessing alert" $Body = "`nMessage: $Message" $SMTPServer = "webmail.mail.com" $SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 587) $SMTPClient.EnableSsl = $true $SMTPClient.Credentials = New-Object System.Net.NetworkCredential("email address removed for privacy reasons", "password"); $SMTPClient.Send($EmailFrom, $EmailTo, $Subject, $Body) }else { Write-Host "Under 200 events" Exit } Here is the output we currently have scheduled to email us each hour: Message: Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID:S-1-0-0 Account Name:CASTRO Account Domain:DOMAIN Fully Qualified Account Name:DOMAIN\CASTRO Client Machine: Security ID:S-1-0-0 Account Name:- Fully Qualified Account Name:- Called Station Identifier:10.44.17.98 Calling Station Identifier:62.122.184.12 NAS: NAS IPv4 Address:10.25.254.1 NAS IPv6 Address:- NAS Identifier:- NAS Port-Type:Virtual NAS Port:2678272000 RADIUS Client: Client Friendly Name:FTD Client IP Address:10.25.254.1 Authentication Details: Connection Request Policy Name:FTD-Authentication Network Policy Name:- Authentication Provider:Windows Authentication Server:DC302.domain.com Authentication Type:PAP EAP Type:- Account Session Identifier:- Logging Results:Accounting information was written to the local log file. Reason Code:16 Reason:Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID:S-1-0-0 Account Name:rlinda Account Domain:DOMAIN Fully Qualified Account Name:DOMAIN\rlinda Client Machine: Security ID:S-1-0-0 Account Name:- Fully Qualified Account Name:- Called Station Identifier:10.44.17.98 Calling Station Identifier:83.97.73.104 NAS: NAS IPv4 Address:10.25.254.1 NAS IPv6 Address:- NAS Identifier:- NAS Port-Type:Virtual NAS Port:2678267904 RADIUS Client: Client Friendly Name:FTD Client IP Address:10.25.254.1 Authentication Details: Connection Request Policy Name:FTD-Authentication Network Policy Name:- Authentication Provider:Windows Authentication Server:DC302.domain.com Authentication Type:PAP EAP Type:- Account Session Identifier:- Logging Results:Accounting information was written to the local log file. Reason Code:16 Reason:Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. Upvote1Downvote0Go to commentsSharePowerShell data explanation and advice
Hi everyone. Not even sure how to ask and maybe it seems dramatic but I am reaching out for a little help here. Can someone help me understand this data I copied from PowerShell? I typed the same commands for user "smell" and user "Public". I have a node in network probably and I really hope for the worse to be honest. Reading about it got me pumped. Of course I have no idea if this could be the small window sun shines through or just another big nothing. Anyway, thanks to anyone who sets me straight about it. Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows PS C:\Users\smell> whoami / user ERROR: Invalid argument/option - '/'. Type "WHOAMI /?" for usage. PS C:\Users\smell> whoami /user USER INFORMATION ---------------- User Name SID =================== ============================================ thinkpadt16g2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\smell> wmic useraccount where name='%username%' get domain,name,sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\smell> wmic useraccount where name='%username%' get domain,name,sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\smell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User') Name User ---- ---- THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\smell> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\smell> wmic useraccount where name='smell' get sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\smell> wmic useraccount where sid='<sid>' get domain,name Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\smell> wmic useraccount where sid='S-1-5-21-2399413288-642862217-314349489-1001' get domain,name Unexpected switch at this level. PS C:\Users\smell> wmic useraccount get domain,name,sid Domain Name SID ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500 ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501 ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001 ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\smell> Get-WmiObject win32_useraccount | Select domain,name,sid domain name sid ------ ---- --- ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500 ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501 ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001 ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\smell> PS C:\Users\smell> Get-LocalUser | Select-Object -Property @('Name', 'SID') Name SID ---- --- Administrator S-1-5-21-2399413288-642862217-314349489-500 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 Guest S-1-5-21-2399413288-642862217-314349489-501 smell S-1-5-21-2399413288-642862217-314349489-1001 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\smell> Get-CimInstance -query 'Select * from win32_useraccount' | ft name, SID name SID ---- --- Administrator S-1-5-21-2399413288-642862217-314349489-500 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 Guest S-1-5-21-2399413288-642862217-314349489-501 smell S-1-5-21-2399413288-642862217-314349489-1001 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\smell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User') Name User ---- ---- THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\smell> C:\Users\Public C:\Users\Public : The term 'C:\Users\Public' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + C:\Users\Public + ~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Users\Public:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\smell> C:\Users\Public> C:\Users\Public> : The term 'C:\Users\Public>' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:2 + C:\Users\Public> + ~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Users\Public>:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\smell> C:\Users\ C:\Users\ : The term 'C:\Users\' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:2 + C:\Users\ + ~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Users\:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\smell> C:\Users C:\Users : The term 'C:\Users' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:2 + C:\Users + ~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Users:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\smell> PS C:\> Set-Location -PathC:\Users\Public Get-Process : A positional parameter cannot be found that accepts argument 'Set-Location'. At line:1 char:1 + PS C:\> Set-Location -PathC:\Users\Public + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Get-Process], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetProcessCommand PS C:\Users\smell> Set-Location -Path C:\Users\Public PS C:\Users\Public> whoami /user USER INFORMATION ---------------- User Name SID =================== ============================================ thinkpadt16g2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\Public> wmic useraccount where name='%username%' get domain,name,sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\Public> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User') Name User ---- ---- THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\Public> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\Public> wmic useraccount where name='username' get sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\Public> wmic useraccount where name='smell' get sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\Public> wmic useraccount where sid='<sid>' get domain,name Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\Public> wmic useraccount where sid='S-1-5-21-2399413288-642862217-314349489-1001' get domain,name Unexpected switch at this level. PS C:\Users\Public> wmic useraccount get domain,name,sid Domain Name SID ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500 ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501 ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001 ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\Public> Get-WmiObject win32_useraccount | Select domain,name,sid domain name sid ------ ---- --- ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500 ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501 ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001 ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\Public> Get-LocalUser | Select-Object -Property @('Name', 'SID') Name SID ---- --- Administrator S-1-5-21-2399413288-642862217-314349489-500 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 Guest S-1-5-21-2399413288-642862217-314349489-501 smell S-1-5-21-2399413288-642862217-314349489-1001 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\Public> Get-CimInstance -query 'Select * from win32_useraccount' | ft name, SID name SID ---- --- Administrator S-1-5-21-2399413288-642862217-314349489-500 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 Guest S-1-5-21-2399413288-642862217-314349489-501 smell S-1-5-21-2399413288-642862217-314349489-1001 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\Public>
Recent Blogs
- One new resource, logging improvements and bugfixes. This is what SharePointDsc v5.2 is bringing to the table!May 12, 2022
- 2 MIN READThis article describes a solution of an issue I have been troubleshooting today, where switching to an AllSigned execution policy resulted in the "This publisher is explicitly not trusted on your sys...Mar 19, 2022
