useful one-liners and simple scripts I made
# countdown
"Pasting in 5 seconds..."
Start-Sleep -Seconds 1
5; Start-Sleep -Seconds 1
4; Start-Sleep -Seconds 1
3; Start-Sleep -Seconds 1
2; Start-Sleep -Seconds 1
1;
0; 'Pasting now...'
$clip = (Get-Clipboard)
$clip = $clip -replace '{', '__{__' -replace '}', '__}__'
$clip = $clip -replace '__{__', '{{}' -replace '__}__', '{}}'
$clip = $clip -join '{ENTER}' # replace newlines with ENTER keypress
Windows.Forms.SendKeys]::SendWait($clip)
[System.
<#
NOTES:
SendKeys uses curly braces as a special character,
and you have to escape them withmore curly braces,
so I pad them first before escaping so you dont escape the escapes
{ --> {{}
} --> {}}
#>
Get-PSReadLineOption).HistorySavePath
(
# OR
echo "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt"
This will list the Teams that a user is the only owner of.
Connect-MicrosoftTeams$user = Read-Host "User"
# get all teams that user is a member of
$teams = Get-Team -User $user
# get the owners of all teams that user is a member of
$ownerReport = ForEach ($team in $teams) {
$team.GroupID -Role Owner | Add-Member -NotePropertyName "Team" -NotePropertyValue $team.DisplayName -PassThru | select Team,user,role
Get-TeamUser -GroupId
}
# get teams where that user is the ONLY owner
$ownerReport | Group-Object -Property team | ? Count -EQ 1 | % {$_.group | ? User -EQ $user}
This isnt working yet…
function Fix-Csv {
param (
string[]]$Path
[
)
# try to import csv. dump error to $e
Import-Csv $Path -ErrorVariable e
# grab text in quotes
$e.message -match '"([^"]+)"'
$dupe = $matches[1]
# get csv header. (first line of text)
$header = gc $Path -First 1
# replace the first occurence with "junk"
$pattern = $dupe
[regex]$header = $pattern.replace($header, "junk", 1)
$header = $header -split ',' # turn comma separated list into multi-line string
$header | % {$_-replace '"'} # Strip Quotes
# import again with new header
$x = Import-Csv $Path -Header $header
$x
}
This takes the ASN from the sign-in log and gets the associated name. I’m not sure if you can do anything with it, but its interesting data. Legit sign-ins are probably only from a few ASNs, but to my knowledge, you cant block access by ASN.
# NOTE: ($x is o365 sign-in logs csv)
$asn = $x | ? status -Like "Success" | select -ExpandProperty 'Autonomous system number'
$dump = $asn | Group-Object |sort -Property count | select Count,Name
# this might take a long time. There is probably a more efficient way to do the lookups
$AsnTable = foreach ($item in $dump ) {
@($detail = $item | %{ gc .\Downloads\asn.txt | sls "^$($_.name) "} # <--- sls is probably the slow part
$item.Count;ASN=$item.Name;Detail=$detail}
@{Count=New-Object object | Add-Member -NotePropertyMembers $_ -PassThru } | select Count,ASN,Detail
) | % { }
$process = "notepad.exe"
Get-CimInstance Win32_Process -Filter "name = '$process'" | select CommandLine
get-process notepad.exe | select-object ProcessName, CommandLine
Get-WmiObject -Class Win32_Product | ? Name -like "*SQL Server 2012*"
param
($search
[Parameter(Mandatory)]
)
# Get user input if not specified in param
if (!$search){
$search = Read-Host "Computer Name or Recovery Key ID"
}
# Get all the recovery objects from AD
$AllRecoveryInformation = Get-AdObject -Filter 'objectClass -eq "msFVE-RecoveryInformation"'
# Search for matching key
$FoundKeys = $AllRecoveryInformation |Where-Object DistinguishedName -like "*$search*" | Get-ADObject -Properties *
# Display results
$FoundKeys | select "msFVE-*","whenChanged","whenCreated","DistinguishedName"