My last two articles showed you how you can set a computers desktop wallpaper and lock screen wallpaper without having Enterprise or Education by using a PowerShell script and Intune. Now I wanted to figure out how to configure the Windows accent color to also match my corporate branding.
Get Color Values
The first thing we need to do is to get the proper registry values for the color we want to use. For this I just set my local computer’s accent color to the color I wanted to apply to my target machines. You only need to do this one time, once you set the color you want and copy the keys you will not have to do it again.
Once you set the proper color, you will want to navigate to the following registry path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent
- The fist key we want to look at is the AccentColorMenu key.
In my previous article I showed you how you can leverage PowerShell and Intune to set a computers wallpaper even if the OS was not Enterprise or Education. Currently, If you want to set the wallpaper or lock screen wallpaper via Intune Policies, you must be on either Enterprise or Education. In this article I will show you how you can leverage PowerShell and Intune, and set your own lock screen wallpaper no matter the version.
In my example I will use Intune to set the lock screen image of my end user machines to the following image:
First, we need to create a PowerShell script that will do the following:
- Download the wallpaper
- Store the wallpaper locally on the target machine
- Set the lock screen wallpaper
In my example, I want to set my wallpaper as the following image: https://www.thelazyadministrator.com/wp-content/uploads/2019/07/nicewall.jpg, which will be named wallpaper_LazyAdmin.jpg and stored at … Continue...
Graph is Microsoft’s RESTful API that allows you to interface directly with Azure AD, Office 365, Intune, SharePoint, Teams, OneNote, and a whole lot more. By using the Invoke-RestMethod PowerShell cmdlet we can connect and interact directly with the Graph API. The
Using the Office 365 CLI, you can manage your Microsoft Office 365 tenant and SharePoint Framework projects on any platform. No matter if you are on Windows, macOS or Linux, using Bash, Cmder or PowerShell, using the Office 365 CLI you can configure Office 365, manage SharePoint Framework projects and build automation scripts. Office 365 CLI is an open-source project driven by the SharePoint Patterns and Practices initiative. The project is built and managed publicly on GitHub at https://github.com/pnp/office365-cli and accepts community contributions.
Installing Office 365 CLI
Once we have NodeJS … Continue...
Currently I am doing a Skype for Business migration for a large enterprise. The current phone system is Cisco Call Manager and I am migrating everything to Skype for Business / Microsoft Teams in Office 365. I am at a point where I have migrated a majority of my local users but I want to make sure I grab all available phone numbers I can. These phone numbers could be left from old users, systems, etc.
ImportExcel PowerShell Module
To make this work easier, I am going to be using the ImportExcel PowerShell module. I could use Export-CSV but then I will end up with several CSV data files to work with, and it can get confusing quick. Installing the module is easy as it is available on the PSGallery.
Gathering the Phone Data
Export Phone Numbers in Skype for Business Portal
By logging into Skype for Business Online via … Continue...
There are many different ways to deploy an RMM agent to monitor end-user machines and servers. A popular option is Group Policy, also some RMM tools have the ability to do a subnet scan, but I wanted to try and do it with PowerShell while also ensuring I do not have any false positives. I wanted PowerShell to do the following tasks:
- Check if a machine is online
- Check if WinRM is available and configured correctly
- Check if LabTech was already installed
- Copy install file locally
- Install program
- Check if program installed
- Keep note of the installed machine
Below is a basic tree overview of the runtime flow.
The script would also log the data so I can let it run without monitoring it. It would also run in a loop, therefore if a machine was not on at a specific time, the script would end up coming back and … Continue...
I usually do not post articles on updates to software that I write but there are so many great updates in Master User Creator V2 that I had to make another write up. Master User Creator (MUC) is a piece of software that makes creating Active Directory and/or Office 365 users easier and more efficient. One of the drawbacks of creating a user in Active Directory Users and Computers (ADUC) is that you have to first create the user, and then find the user and edit their attributes, modify group membership, and so on. Master User Creator give you one single interface that allows you to modify membership, permissions, licenses, attributes, and so on. You can create an AD and Office 365 user at a single time as well, even copying your AD User attributes with a single click of a button.
Since publicizing the software, I have gotten many … Continue...
I usually have to connect to Office 365 via PowerShell at least once per day. I had the following function stored in my PowerShell Profile:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $UserCredential -Authentication Basic -AllowRedirection
Connect-MsolService -Credential $UserCredential
This allowed me to just open PowerShell and type Connect-O365 to connect to Office 365 instead of looking up the Session information and all of the cmdlets needed. One of the issues I faced was the lack of multi-factor authentication support. To connect to Exchange Online or Security and Compliance Center using multi-factor authentication you must use another module that is found in your tenant. Also, when you install this module it gets buried in your local app data folder.
So I decided to just re-do the entire function, allowing it to connect to the following Office 365 services:
I have been recently using Teams as a central location for my organizations technical notifications instead of email as it provides a way for an entire Help Desk team to openly collaborate on the message and its contents. I recently got a request to get a Teams notification when a user gets locked out of their Active Directory account. By setting up a Webhook connector we can make it happen. The script will be triggered from Task Scheduler on Event ID 4740 which is created when a user gets locked out. By using “Search-ADAccount -LockedOut” we can return an array of locked out accounts, but by ordering it by lockout time we can ensure that we grab the most recent locked out user that corresponds to the security event.
I set the script and scheduled task up on my PDC because as far as I know, the actual lockout event … Continue...
In my previous post
I went through setting up a Team’s webhook to send a daily message / notification of all your Active Directory users that have their password expiring in a week or less. This is valuable for an IT team as they can review users and work together on the within the same work space (team).
In this post I will be setting up another scheduled task to send a daily message on Active Directory accounts that have not logged on in 90 days or more. I am also returning attributes like LockedOut, LastLogon, Enabled and more.
The array of users is sorted, showing the users that have not logged on in the longest to the shortest. You can change the sort order to fit the needs of your environment. By using the cmdlet, “New-Timespan” I can get the amount of days since the user last logged on.… Continue...