Browsed by
Category: PowerShell

From Standard User to Elevated Administrator: Run Elevated PowerShell Commands with PowerShell Studio and Impersonation

From Standard User to Elevated Administrator: Run Elevated PowerShell Commands with PowerShell Studio and Impersonation

I recently had a request to create a small applet/windows form that would allow regular end users to perform an administrative task. For example, restart the Print Spooler service. We did not want to grant the user any elevated rights, only to give them a program that would allow them to perform the single task and nothing more. PowerShell to the rescue –

Beginning with Windows Vista, the administrator security token split with the standard user token. This means that to perform administrative tasks you must elevate (UAC). Each app that requires the administrator access token must prompt for consent. Using PowerShell Studio I can create my Winform and use an administrator manifest to prompt for elevation, and input either a RunAs account or specify an account to Impersonate as.

The Issue

The problem however, is Windows evaluates manifests prior to RunAs or Impersonation. It will load the manifest before … Continue...

Easily Enable End Users to Manage Active Directory Users with PowerShell GUI

Easily Enable End Users to Manage Active Directory Users with PowerShell GUI

Recently I got a request to find a way to let managers or Human Resources the ability to modify basic user attributes in Active Directory. Like anyone else, I presented the idea of using RSAT to let them modify users in ADUC or ADAC. This was not an ideal solution because ADUC can become overwhelming to someone that isn’t technical. They wanted something that was extremely basic, easy to follow and work in without any guidance or instructions, and did not show the user anything else that they could not modify or needed to see.

The decision was made to create a custom program with the pre-requisite of having RSAT installed so we could use the AD modules underneath the hood. We could then control permissions on the Active Directory side.

Improvements from ADUC

Because I built this with a specific audience in mind, I was able to make some … Continue...

Get Early Voting Locations, Drop Off Ballot Sites, and Election Polling Places with PowerShell

Get Early Voting Locations, Drop Off Ballot Sites, and Election Polling Places with PowerShell

The 2020 Election is happening on November 3rd, and many people have been lining up to vote early due to COVID-19. Now using PowerShell, you can get your registered polling places based on your address, all early voting locations around you, and drop off ballot locations. All of the information is retrieved using Google’s Civic Information API.

Features

Early Voting Locations

To get early voting locations you can use Get-EarlyVotingPlaces or Get-EarlyPollingPlaces. It will return as many results as the API gets and show you the starting date of the location, Name, Polling hours for each day, address, city, state, and zip code.

Ballot Drop Off Locations

If you got a Mail-in ballot, you can look up drop off locations by using, Get-BallotDropOffLocations or Get-DropOffBallotLocations. Note: Not all states publish this data. You will get a max of 10 results back and it will show you the start … Continue...

Text your Azure Infrastructure with Serverless Computing and PowerShell

Text your Azure Infrastructure with Serverless Computing and PowerShell

Due to COVID-19 and social distancing, I have found myself camping a lot more than in previous years. One problem that has brought with it is the high probability of being somewhere with no cell phone data service or poor cell phone data. Couple with my incredibly poor memory, I have often forgotten to turn off servers to save on cost in my dev or test environment until I’m out in the woods. Also, I wanted the ability to use Google Voice as well as Siri in my car or even at home, to turn off, turn on, or check the status of my servers in my Azure tenants. This has even come in handy when I didn’t have my phone on me and had to use the wife’s phone to turn on or off some servers in my tenant. (I set it to only accept messages from my phone … Continue...

Office 365 Anti-Impersonation Email Banner with PowerShell & Azure for Large Enterprises – No More Mailbox Limit

Office 365 Anti-Impersonation Email Banner with PowerShell & Azure for Large Enterprises – No More Mailbox Limit

The Problem

E-mail spoofing/impersonation is a huge threat to many companies today. A very common approach by scammers is to send your users an email using the display name of a real person within your company.  Many users will glance at the email and see the display name and be none the wiser. A popular defense against this is to tag all external emails with a banner, letting the user know that the email came from an external source. The biggest problem with this method is that it tags all emails, which over the course of a few months, could be thousands of emails for a single user, causing them to begin to ignore the banner altogether.

So I like to create mail flow rules in Exchange to only append a banner if the email originates from an external source, and the display name of the sender matches a display … Continue...

Deploy Intune Applications with PowerShell and Azure Blob Storage

Deploy Intune Applications with PowerShell and Azure Blob Storage

Intune is a great way to deploy applications to your managed devices, couple that with Auto Pilot and its a quick and easy way to deploy new end-user machines as well. With Intune you can deploy applications like MSI, Win32, Microsoft Store, etc. The application files are cached on your local machine via Intune, and then installed. But with applications that require multiple files, or even install directories, or large install files this may not be the best method. With multiple files you could put all your files and directories in one folder, create a PowerShell script to move the files and call the installer, and wrap it all up in a intunewin format (and then in the Intune install command, call powershell.exe to run your custom PowerShell script). OR you can stick it up in Azure Blob Storage, and create a PowerShell configuration script to download and install it. … Continue...

Homeland Security’s Trusted Travelers API and PowerShell – Getting a Better Global Entry Interview Using PowerShell

Homeland Security’s Trusted Travelers API and PowerShell – Getting a Better Global Entry Interview Using PowerShell

I am flying out of the country in February and I recently decided to enroll in TSA Pre-Check as well as Global Entry. With Global Entry you automatically get TSA Pre-Check, but Global Entry works for international flights as well and is only a few extra dollars more than TSA Pre-Check.

Once you get your application approved, the next step is to schedule an interview, which is essentially a 15-minute appointment where a customs officer ask you a few questions (like where you are going, when and why) and then take bio-metrics (fingerprint scans). The interview must be done in person at one of relatively few U.S. Customs and Border Protection locations, like an international airport, and you must schedule your interview within 30 days of getting your application approved (otherwise you have to resubmit your entire application). You are allowed to drop and pick up appointments if you find … Continue...

Deploy Web Link Shortcuts to the Desktop and Start Menu Using Intune

Deploy Web Link Shortcuts to the Desktop and Start Menu Using Intune

I am currently doing a Auto Pilot / Intune deployment and was asked how we could deploy web link shortcuts to the users desktop as well as the start menu. Currently when you do a web link app deployment in Intune it will only ‘install’ it in the users Start menu and not the users desktop. By leveraging PowerShell and Intune Configuration policies we can have it deploy to the start menu and the desktop.

During my initial search I came across this blog which was exactly what I was looking for but since I have OneDrive folder redirection it seemed to be having issues finding the desktop path, and I wanted to use any icons instead of the default chrome or edge icons.

Azure Blob and Custom Icons

For the shortcut you need to specify a url to a ICO file. To do this I set up cold Azure … Continue...

Post Notifications About Unused Office 365 Licenses to Teams using Azure Runbooks

Post Notifications About Unused Office 365 Licenses to Teams using Azure Runbooks

I have written several articles on using PowerShell to send alerts and notifications to Microsoft Teams, but up until now they were set up using only the task scheduler. As more and more companies move to the cloud I wanted to see how I could do cloud infrastructure alerting as well. In this article I am using an Azure RunBook to connect to my Office 365 tenant, parse my licenses, and return any that need reconciliation. If you get your Office 365 licenses from a CSP or any other kind of reseller, you may get charged for all of your licenses, applied or not. So it’s a good thing to make sure you don’t have any extra ones lying around.

Set Up the Azure Environment

Resource Group, Runbook and Automation Account Creation

I created a script that you can just change the variables for and it will create the following … Continue...

ChatOps: Setting up PoshBot for Microsoft Teams

ChatOps: Setting up PoshBot for Microsoft Teams

PoshBot is a chat bot written in PowerShell and created by DevBlackOps. ‘It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands.’1 PoshBot can do pretty much anything you configure it to do. You can have it create Azure servers, reset Active Directory passwords, create and modify help desk tickets, license Office 365 users, etc. ‘If you can write it in PowerShell, PoshBot can execute it.’

Important: PoshBot has some great documentation, make sure you bookmark and review it.

In this guide I will walk you through setting up PoshBot for Microsoft Teams. It’s a little more tedious than Slack (which is a few commands) but once you get it going it works flawless. Keep an eye out as I will be publishing more articles on different PoshBot plugins that I create which … Continue...