├── Helpers ├── CloudRadial │ └── CloudRadialDataAgent.exe └── sqlite │ ├── net471 │ └── System.Data.SQLite.dll │ ├── netstandard2.0 │ └── System.Data.SQLite.dll │ └── netstandard2.1 │ └── System.Data.SQLite.dll ├── Curl-able ├── Windows_Debloat │ ├── FirstLogon.bat │ ├── ClaudeEdits │ │ ├── FirstLogon.txt │ │ ├── 1Click-1Line-Launcher.txt │ │ ├── InstallNewApps.txt │ │ ├── README.md │ │ ├── Main-Stager.txt │ │ ├── PSandWindowsUpdates.txt │ │ ├── UninstallBloat.txt │ │ └── Cmd-HKLM.txt │ ├── 1Click-1Line-Launcher.cmd │ ├── Main-Stager.ps1 │ ├── Other-Dev │ │ ├── UninstallAppx2.ps1 │ │ └── UninstallAppxScriptSimple.ps1 │ └── README.md ├── Windows_Update_Reset │ └── Run-WUReset.cmd ├── Windows_Device_Decommission │ └── Decom-Launcher.cmd └── Windows_Events_Audit │ ├── README.md │ ├── Collect-Logs-Launcher.cmd │ ├── EventLogLauncher.ps1 │ ├── ClearWindowsEventLog.ps1 │ ├── Parse-LogsToTimeLine.ps1 │ └── Gather-LogsToTimeLine.ps1 ├── NotWindows ├── dotFiles │ ├── .rustscan.toml │ ├── .tmux.conf │ └── .zshrc ├── old │ └── InstallpbCP.sh ├── InstallDocker.sh └── InstallNordVPN.sh ├── General ├── M365PhishPurge │ ├── PurgeOp_20251002_10-06.log │ └── Readme.md ├── OneDrive │ ├── readme.md │ └── OneDriveAllUsers.ps1 ├── OfficeDeploymentTool │ └── Readme.md ├── IntuneCompliance │ ├── BlackPoint │ │ ├── BlackpointComplianceCheck.ps1 │ │ └── BlackpointValidation.JSON │ ├── NinjaRMM │ │ ├── NinjaComplianceCheck.ps1 │ │ └── NinjaValidation.JSON │ └── Nodeware │ │ ├── NodewareComplianceCheck.ps1 │ │ └── NodewareValidation.JSON ├── PSModuleTerminator │ └── Readme.md ├── PSModuleUpdater │ └── README.md ├── SOFTWARE │ ├── Quickbooks │ │ ├── readme.md │ │ └── Quickbooks-Detect.ps1 │ ├── SolarWinds-N-Able │ │ └── UninstallNable.ps1 │ ├── DattoRMM │ │ └── a.DRMM-ScriptingTemplates │ │ │ ├── Readme.md │ │ │ ├── DRMM_RemediationTemplate.ps1 │ │ │ └── DRMM_MonitoringTemplate.ps1 │ ├── BlackPoint │ │ └── BlackPointSNAPEnableTRACE.ps1 │ ├── NinjaRMM │ │ ├── UmbrellaNinjaRMMInstaller.sh │ │ └── UmbrellaNinjaRMMInstaller.ps1 │ ├── Nodeware │ │ ├── NodewareLinuxInstall.sh │ │ └── Nodeware-Installer.ps1 │ └── CloudRadial │ │ └── CloudRadial-Uninstall.ps1 ├── Utilities │ ├── GetWinEventsKeywords.ps1 │ ├── Copy-ShortcutToDesktop.ps1 │ ├── DisableLowPowerUSB.ps1 │ └── Kill-VMProcess.ps1 ├── WingetAutoUpdate │ ├── Get-WauUpdateData.ps1 │ └── Analyze-WauUpdates.ps1 └── CleaningUtils │ └── WinInstallerPatchCleaner.ps1 ├── ReadMe.md ├── LICENSE ├── DattoRMM ├── DesktopUpdateUtils │ └── readme.md ├── Windows10to11UpgradeUtil │ └── readme.md ├── RebootScript │ └── Readme.md ├── DiskCheck-SFC-DISM │ └── Readme.md ├── WindowsAutoRepair │ └── SFC-CorruptionCheck.ps1 └── DeviceOnline │ └── DeviceOnlineAlert.ps1 └── NinjaRMM └── z.NinjaScriptingTemplatePrompt ├── Readme.md ├── Template.ps1 └── ListAllNinjaEnv.ps1 /Helpers/CloudRadial/CloudRadialDataAgent.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/HEAD/Helpers/CloudRadial/CloudRadialDataAgent.exe -------------------------------------------------------------------------------- /Helpers/sqlite/net471/System.Data.SQLite.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/HEAD/Helpers/sqlite/net471/System.Data.SQLite.dll -------------------------------------------------------------------------------- /Helpers/sqlite/netstandard2.0/System.Data.SQLite.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/HEAD/Helpers/sqlite/netstandard2.0/System.Data.SQLite.dll -------------------------------------------------------------------------------- /Helpers/sqlite/netstandard2.1/System.Data.SQLite.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/HEAD/Helpers/sqlite/netstandard2.1/System.Data.SQLite.dll -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/FirstLogon.bat: -------------------------------------------------------------------------------- 1 | SET ThisScriptsDirectory=%~dp0 2 | SET PowerShellScriptPath=%ThisScriptsDirectory%DebloatScript-HKCU.ps1 3 | PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%PowerShellScriptPath%'"; -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/ClaudeEdits/FirstLogon.txt: -------------------------------------------------------------------------------- 1 | SET ThisScriptsDirectory=%~dp0 2 | SET PowerShellScriptPath=%ThisScriptsDirectory%DebloatScript-HKCU.ps1 3 | PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%PowerShellScriptPath%'"; -------------------------------------------------------------------------------- /NotWindows/dotFiles/.rustscan.toml: -------------------------------------------------------------------------------- 1 | # Scan settings 2 | addresses = [] 3 | ports = [1,65535] 4 | scan_order = "random" 5 | scan_type = "SYN" 6 | 7 | # Performance settings 8 | batch_size = 10000 9 | timeout = 1500 10 | tries = 1 11 | 12 | # Output settings 13 | accessible = false 14 | greppable = false 15 | json = false 16 | no-config = false 17 | 18 | # Nmap settings 19 | command = "-sV -sC -O" 20 | script = [] 21 | 22 | # Rate limiting 23 | rate = 10000 24 | 25 | # DNS settings 26 | dns-servers = [] 27 | 28 | # Debugging 29 | debug = false 30 | 31 | # Custom scripts 32 | scripts = [] -------------------------------------------------------------------------------- /General/M365PhishPurge/PurgeOp_20251002_10-06.log: -------------------------------------------------------------------------------- 1 | [2025-10-02 10:08:40] Creating and starting compliance search... 2 | [2025-10-02 10:10:13] Total Items Found: 4 3 | [2025-10-02 10:10:13] Search Query: subject:"Task-Report: System Message Ticket notification" 4 | [2025-10-02 10:11:27] Purge Type: HardDelete 5 | [2025-10-02 10:11:27] Items Purged: Purge Type: HardDelete; Item count: 0; Total size 0; Details: {} 6 | [2025-10-02 10:11:27] Items have been permanently deleted and are not recoverable. 7 | [2025-10-02 10:11:57] Adding Email muse-eek.com to Global Blocklist 8 | [2025-10-02 10:11:58] Sender muse-eek.com has been added to the blocklist. 9 | -------------------------------------------------------------------------------- /General/OneDrive/readme.md: -------------------------------------------------------------------------------- 1 | # Install OneDrive for All Users 2 | 3 | This script downloads and silently installs the latest version of the Microsoft OneDrive client for all users on a computer. 4 | 5 | ## How to Use 6 | 7 | 1. Save the script as a `.ps1` file (e.g., `Install-OneDrive.ps1`). 8 | 2. Right-click the script file and select **Run with PowerShell**. 9 | 3. The script requires administrator privileges to run. Accept the User Account Control (UAC) prompt if it appears. 10 | 11 | ## Configuration Examples 12 | 13 | There are no variables that need to be configured in this script. It will automatically download the installer to `C:\Temp` and run it. -------------------------------------------------------------------------------- /NotWindows/dotFiles/.tmux.conf: -------------------------------------------------------------------------------- 1 | # Set True Color 2 | set-option -sa terminal-overrides ",xtern*:Tc" 3 | 4 | # Set prefix 5 | unbind C-b 6 | set -g prefix C-Space 7 | bind C-Space send-prefix 8 | 9 | # Start Windows at 1 10 | set -g base-index 1 11 | set -g pane-base-index 1 12 | set-option -g renumber-windows on 13 | 14 | # Use ZSH 15 | set-option -g default-shell /usr/bin/zsh 16 | 17 | # Mouse on 18 | set -g mouse on 19 | 20 | # Vim keys 21 | setw -g mode-keys vi 22 | 23 | # Tmux Plugins 24 | set -g @plugin 'tmux-plugins/tpm' 25 | set -g @plugin 'tmux-plugins/tmux-sensible' 26 | set -g @plugin 'dreamsofcode-io/catppuccin-tmux' 27 | 28 | # Open panes in current directory 29 | bind '"' split-window -v -c "#{pane_current_path}" 30 | bind % split-window -v -c "#{pane_current_path}" 31 | 32 | run '~/.tmux/plugins/tpm/tpm' -------------------------------------------------------------------------------- /ReadMe.md: -------------------------------------------------------------------------------- 1 | # Tools, Scripts and more for Windows 10, 11, and Server 2016+ 2 | 3 | Popular Links: 4 | 5 | # System Debloat One-Liner 6 | 7 | curl -L cleanup.umbrellaitgroup.com -o cleanup.cmd && cleanup.cmd 8 | 9 | # Windows Update Reset 10 | 11 | curl -L wureset.umbrellaitgroup.com -o WUReset-Unattented.cmd && WUReset-Unattented.cmd 12 | 13 | # Search and Destroy anything to do with Solarwinds (N-Able) 14 | 15 | curl -L swnuke.umbrellaitgroup.com -o swnuke.cmd && swnuke.cmd 16 | 17 | # Gather Windoes Logs and Generate a CSV Timeline 18 | 19 | curl -L gatherlogs.umbrellaitgroup.com -o Gather-Logs.cmd && Gather-Logs.cmd 20 | 21 | # Setup my Linux Shell 22 | 23 | sudo kali-tweaks (set up a few things first) then 24 | curl -s https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/main/NotWindows/ShellSetup.sh | sudo bash 25 | -------------------------------------------------------------------------------- /General/OfficeDeploymentTool/Readme.md: -------------------------------------------------------------------------------- 1 | # Dynamic Microsoft 365 Installer 2 | 3 | This PowerShell script automates the installation of Microsoft 365 Apps by dynamically building a configuration file based on simple variables you set. 4 | 5 | --- 6 | 7 | ## How to Use 8 | 9 | 1. **Configure Script**: Open the `.ps1` file in an editor. Modify the variables in the `--- User Configuration ---` section to define your installation. 10 | 2. **Run as Administrator**: Right-click the script and select **Run with PowerShell**. 11 | 12 | The script will automatically download the necessary tools to `C:\Temp\Office` and begin the installation based on your choices. 13 | 14 | --- 15 | 16 | ## Configuration Examples 17 | 18 | All settings are controlled at the top of the script. 19 | 20 | ### Selecting Apps 21 | 22 | Set apps to `$true` to install them or `$false` to exclude them. 23 | 24 | ```powershell 25 | $InstallWord = $true 26 | $InstallExcel = $true 27 | $InstallOutlook = $false 28 | $InstallTeams = $true 29 | $InstallProject = false -------------------------------------------------------------------------------- /General/IntuneCompliance/BlackPoint/BlackpointComplianceCheck.ps1: -------------------------------------------------------------------------------- 1 | $appName = "SnapAgent" 2 | $serviceName = "Snap" 3 | 4 | $installed = $false 5 | $running = $false 6 | 7 | # Check if the application is installed 8 | $uninstallKeys = @( 9 | "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*", 10 | "HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*" 11 | ) 12 | 13 | foreach ($key in $uninstallKeys) { 14 | $installedApps = Get-ItemProperty -Path $key -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName -like "*$appName*" } 15 | if ($installedApps) { 16 | $installed = $true 17 | break 18 | } 19 | } 20 | 21 | # Check if the service is running 22 | $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue 23 | if ($service.Status -eq 'Running') { 24 | $running = $true 25 | } 26 | 27 | $result = @{ 28 | BlackpointInstalled = $installed 29 | BlackpointRunning = $running 30 | } 31 | 32 | return $result | ConvertTo-Json -Compress -------------------------------------------------------------------------------- /General/IntuneCompliance/NinjaRMM/NinjaComplianceCheck.ps1: -------------------------------------------------------------------------------- 1 | $appName = "NinjaRMMAgent" 2 | $serviceName = "NinjaRMMAgent" 3 | 4 | $installed = $false 5 | $running = $false 6 | 7 | # Check if the application is installed 8 | $uninstallKeys = @( 9 | "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*", 10 | "HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*" 11 | ) 12 | 13 | foreach ($key in $uninstallKeys) { 14 | $installedApps = Get-ItemProperty -Path $key -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName -like "*$appName*" } 15 | if ($installedApps) { 16 | $installed = $true 17 | break 18 | } 19 | } 20 | 21 | # Check if the service is running 22 | $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue 23 | if ($service.Status -eq 'Running') { 24 | $running = $true 25 | } 26 | 27 | $result = @{ 28 | NinjaRMMInstalled = $installed 29 | NinjaRMMRunning = $running 30 | } 31 | 32 | return $result | ConvertTo-Json -Compress -------------------------------------------------------------------------------- /General/IntuneCompliance/Nodeware/NodewareComplianceCheck.ps1: -------------------------------------------------------------------------------- 1 | $appName = "Nodeware Agent for Windows" 2 | $serviceName = "NodewareAgent" 3 | 4 | $installed = $false 5 | $running = $false 6 | 7 | # Check if the application is installed 8 | $uninstallKeys = @( 9 | "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*", 10 | "HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*" 11 | ) 12 | 13 | foreach ($key in $uninstallKeys) { 14 | $installedApps = Get-ItemProperty -Path $key -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName -like "*$appName*" } 15 | if ($installedApps) { 16 | $installed = $true 17 | break 18 | } 19 | } 20 | 21 | # Check if the service is running 22 | $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue 23 | if ($service.Status -eq 'Running') { 24 | $running = $true 25 | } 26 | 27 | $result = @{ 28 | NodewareInstalled = $installed 29 | NodewareRunning = $running 30 | } 31 | 32 | return $result | ConvertTo-Json -Compress -------------------------------------------------------------------------------- /Curl-able/Windows_Update_Reset/Run-WUReset.cmd: -------------------------------------------------------------------------------- 1 | :: Download and run the system debloat scripts directly from GitHub 2 | :: Created by: Alex Ivantsov 3 | 4 | @echo off 5 | 6 | :: Checking for Administrator elevation. 7 | 8 | openfiles>nul 2>&1 9 | 10 | if %errorlevel% EQU 0 goto :Download 11 | 12 | echo. 13 | echo. 14 | echo. You are not running as Administrator. 15 | echo. This script cannot do it's job without elevation. 16 | echo. 17 | echo. You need run this tool as Administrator. 18 | echo. 19 | 20 | exit 21 | 22 | 23 | :: Download Required Files from https://github.com/Exploitacious/Windows_Toolz/tree/main/Curl-able/Windows_Update_Reset 24 | :Download 25 | 26 | PowerShell -executionpolicy bypass -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/Curl-able/Windows_Update_Reset/WUReset-Unattended.cmd', 'WU-Reset-Unattended-Version.cmd')" 27 | 28 | 29 | :: Start Running the SYSTEM DEBLOAT scripts 30 | :RunScript 31 | 32 | SET ThisScriptsDirectory=%~dp0 33 | 34 | WU-Reset-Unattended-Version.cmd -------------------------------------------------------------------------------- /General/PSModuleTerminator/Readme.md: -------------------------------------------------------------------------------- 1 | # PowerShell Module Removal Script 2 | 3 | This PowerShell script is designed to forcibly remove a specified module, including handling dependencies, permissions, and stopping relevant processes. Additionally, it can restart PowerShell and Windows Terminal processes to ensure the removal is complete. 4 | 5 | ## Features 6 | 7 | - Checks for and stops processes using the specified module. 8 | - Ensures the user has necessary permissions to delete module files. 9 | - Automatically elevates to run with administrative privileges if not already. 10 | - Restarts PowerShell and Windows Terminal processes after module removal. 11 | 12 | ## Prerequisites 13 | 14 | - PowerShell 5.1 or later. 15 | - Administrative privileges. 16 | 17 | ## Usage 18 | 19 | 1. **Download the Script** 20 | 21 | Save the script to a file, for example, `Remove-Module.ps1`. 22 | 23 | 2. **Run the Script** 24 | 25 | Open PowerShell with administrative privileges and run the script: 26 | 27 | ```powershell 28 | .\Remove-Module.ps1 29 | ``` 30 | 31 | 3. **Follow On-Screen Prompts** 32 | 33 | The script will prompt you to enter the name of the module and optionally the version number. 34 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /NotWindows/old/InstallpbCP.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Function to install xclip 4 | install_xclip() { 5 | if ! command -v xclip &> /dev/null; then 6 | echo "xclip not found, installing..." 7 | if [ -f /etc/debian_version ]; then 8 | sudo apt update && sudo apt install -y xclip 9 | elif [ -f /etc/redhat-release ]; then 10 | sudo yum install -y xclip 11 | else 12 | echo "Unsupported OS. Please install xclip manually." 13 | exit 1 14 | fi 15 | else 16 | echo "xclip is already installed." 17 | fi 18 | } 19 | 20 | # Function to create pbcopy and pbpaste commands 21 | create_pbcopy_pbpaste() { 22 | local pbcopy_script="/usr/local/bin/pbcopy" 23 | local pbpaste_script="/usr/local/bin/pbpaste" 24 | 25 | echo "Creating pbcopy script..." 26 | sudo bash -c "cat > $pbcopy_script" << 'EOF' 27 | #!/bin/bash 28 | xclip -selection clipboard 29 | EOF 30 | sudo chmod +x $pbcopy_script 31 | 32 | echo "Creating pbpaste script..." 33 | sudo bash -c "cat > $pbpaste_script" << 'EOF' 34 | #!/bin/bash 35 | xclip -selection clipboard -o 36 | EOF 37 | sudo chmod +x $pbpaste_script 38 | } 39 | 40 | # Install xclip 41 | install_xclip 42 | 43 | # Create pbcopy and pbpaste commands 44 | create_pbcopy_pbpaste 45 | 46 | echo "pbcopy and pbpaste installation complete!" 47 | -------------------------------------------------------------------------------- /DattoRMM/DesktopUpdateUtils/readme.md: -------------------------------------------------------------------------------- 1 | # Datto RMM - Manufacturer Update Utility Monitor & Installer 2 | 3 | This component includes a monitoring script to check for manufacturer-specific update utilities (Dell, HP, Lenovo, Microsoft) and a remediation script to automatically install them if they are missing. 4 | 5 | ## How to Use 6 | 7 | 1. **Deploy the Monitor:** In your Datto RMM policy, add the `Manufacturer Update Utility Monitor` script as a monitoring component. It will automatically check if the correct utility is installed. 8 | 2. **Set Up Remediation:** Configure the monitor so that if it fails (i.e., the utility is missing), it automatically runs the `Install Manufacturer Update Utility` remediation script. 9 | 3. **No Configuration Needed:** The scripts are pre-configured to work for Dell, HP, Lenovo, and Microsoft devices. No editing of the scripts is required for them to function. 10 | 11 | ## Configuration Examples 12 | 13 | While not required, you can change the script name and the "Healthy" status message that appears in Datto RMM by editing the variables at the top of the **monitoring script**. 14 | 15 | ```powershell 16 | # Script Name and Type 17 | $ScriptName = "Manufacturer Update Utility Monitor" 18 | 19 | # What to Write if Alert is Healthy 20 | $Global:AlertHealthy = "Healthy: Update Utility Installed" -------------------------------------------------------------------------------- /General/IntuneCompliance/Nodeware/NodewareValidation.JSON: -------------------------------------------------------------------------------- 1 | { 2 | "Rules": [ 3 | { 4 | "SettingName": "NodewareInstalled", 5 | "Operator": "IsEquals", 6 | "DataType": "Boolean", 7 | "Operand": true, 8 | "MoreInfoUrl": "https://portal.umbrellaitgroup.com/", 9 | "RemediationStrings": [ 10 | { 11 | "Language": "en_US", 12 | "Title": "Nodeware Agent is not installed.", 13 | "Description": "Please install the Nodeware agent to ensure your device is compliant. You can find the installer inside Company Portal." 14 | } 15 | ] 16 | }, 17 | { 18 | "SettingName": "NodewareRunning", 19 | "Operator": "IsEquals", 20 | "DataType": "Boolean", 21 | "Operand": true, 22 | "MoreInfoUrl": "https://portal.umbrellaitgroup.com/", 23 | "RemediationStrings": [ 24 | { 25 | "Language": "en_US", 26 | "Title": "Nodeware Agent Service is not running.", 27 | "Description": "Please restart the Nodeware Agent service to ensure your device is compliant." 28 | } 29 | ] 30 | } 31 | ] 32 | } -------------------------------------------------------------------------------- /General/IntuneCompliance/BlackPoint/BlackpointValidation.JSON: -------------------------------------------------------------------------------- 1 | { 2 | "Rules": [ 3 | { 4 | "SettingName": "BlackpointInstalled", 5 | "Operator": "IsEquals", 6 | "DataType": "Boolean", 7 | "Operand": true, 8 | "MoreInfoUrl": "https://portal.umbrellaitgroup.com/", 9 | "RemediationStrings": [ 10 | { 11 | "Language": "en_US", 12 | "Title": "Blackpoint Agent is not installed.", 13 | "Description": "Please install the Blackpoint agent to ensure your device is compliant. You can find the installer inside Company Portal." 14 | } 15 | ] 16 | }, 17 | { 18 | "SettingName": "BlackpointRunning", 19 | "Operator": "IsEquals", 20 | "DataType": "Boolean", 21 | "Operand": true, 22 | "MoreInfoUrl": "https://portal.umbrellaitgroup.com/", 23 | "RemediationStrings": [ 24 | { 25 | "Language": "en_US", 26 | "Title": "Blackpoint Agent Service is not running.", 27 | "Description": "Please restart the Blackpoint Agent service to ensure your device is compliant." 28 | } 29 | ] 30 | } 31 | ] 32 | } -------------------------------------------------------------------------------- /DattoRMM/Windows10to11UpgradeUtil/readme.md: -------------------------------------------------------------------------------- 1 | # Windows 10 to 11 In-Place Upgrade 2 | 3 | This script automates the in-place upgrade from Windows 10 to Windows 11. It performs system prerequisite checks, removes common upgrade blockers, and then silently runs the official Microsoft Installation Assistant. 4 | 5 | ## How to Use 6 | 7 | 1. (Optional) Edit the script to adjust the hardware requirements in the `User-Modifiable Variables` section. 8 | 2. Run the PowerShell script as an Administrator. 9 | 3. The script will perform all checks and launch the upgrade in the background before exiting. The Windows 11 installer will continue running until the upgrade is complete. 10 | 11 | ## Configuration Examples 12 | 13 | You can modify the following variables to change the script's behavior, such as the minimum hardware requirements it checks for. 14 | 15 | ```powershell 16 | # The URL for the official Microsoft Windows 11 Installation Assistant. 17 | $Win11DownloadUrl = "[https://go.microsoft.com/fwlink/?linkid=2171764](https://go.microsoft.com/fwlink/?linkid=2171764)" 18 | 19 | # A robust temporary location for the installer. The script will create C:\Temp if it doesn't exist. 20 | $InstallerTempDir = "C:\Temp\Windows11Upgrade" 21 | 22 | # Minimum system requirements for the prerequisite checks. 23 | $MinimumRamGB = 4 24 | $MinimumStorageGB = 64 25 | $MinimumCpuCores = 2 26 | $MinimumCpuSpeedGHz = 1.0 -------------------------------------------------------------------------------- /General/IntuneCompliance/NinjaRMM/NinjaValidation.JSON: -------------------------------------------------------------------------------- 1 | { 2 | "Rules": [ 3 | { 4 | "SettingName": "NinjaRMMInstalled", 5 | "Operator": "IsEquals", 6 | "DataType": "Boolean", 7 | "Operand": true, 8 | "MoreInfoUrl": "https://portal.umbrellaitgroup.com/", 9 | "RemediationStrings": [ 10 | { 11 | "Language": "en_US", 12 | "Title": "NinjaRMM Agent is not installed.", 13 | "Description": "Please install the NinjaRMM agent to ensure your device is compliant. You can find the installer inside the Company Portal App. For help, click the link to submit a ticket to Umbrella." 14 | } 15 | ] 16 | }, 17 | { 18 | "SettingName": "NinjaRMMRunning", 19 | "Operator": "IsEquals", 20 | "DataType": "Boolean", 21 | "Operand": true, 22 | "MoreInfoUrl": "https://portal.umbrellaitgroup.com/", 23 | "RemediationStrings": [ 24 | { 25 | "Language": "en_US", 26 | "Title": "NinjaRMM Agent Service is not running.", 27 | "Description": "Please restart your computer to ensure your device is compliant. For help, click the link to submit a ticket to Umbrella." 28 | } 29 | ] 30 | } 31 | ] 32 | } -------------------------------------------------------------------------------- /Curl-able/Windows_Device_Decommission/Decom-Launcher.cmd: -------------------------------------------------------------------------------- 1 | :: Windows Device Decommission Launcher 2 | :: Download and run the scripts directly from GitHub 3 | :: Created by Alex Ivantsov 4 | 5 | @echo off 6 | 7 | :: Checking for Administrator elevation. 8 | 9 | openfiles>nul 2>&1 10 | 11 | if %errorlevel% EQU 0 goto :Download 12 | 13 | echo. 14 | echo. 15 | echo. 16 | echo. 17 | echo. 18 | echo. You are not running as Administrator. 19 | echo. This script cannot do it's job without elevation. 20 | echo. 21 | echo. You need run this tool as Administrator. 22 | echo. 23 | 24 | exit 25 | 26 | 27 | :: Download Required Files from https://github.com/Exploitacious/WindowsEventsToCSVTimeline 28 | :Download 29 | 30 | PowerShell -Command "mkdir C:\Temp\GatherLogs -erroraction silentlycontinue" 31 | 32 | cd "C:\Temp\GatherLogs" 33 | 34 | PowerShell -executionpolicy bypass -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/Curl-able/Windows_Device_Decommission/Windows_Device_Decommission.ps1', 'Windows_Device_Decommission.ps1')" 35 | 36 | 37 | :: Start Running the Gather Logs scripts 38 | :RunScript 39 | 40 | SET ScriptDirectory=C:\Temp\GatherLogs\ 41 | SET PowerShellScriptPath=%ScriptDirectory%EventLogLauncher.ps1 42 | PowerShell -NoProfile -ExecutionPolicy Bypass -Command "%PowerShellScriptPath%"; -------------------------------------------------------------------------------- /DattoRMM/RebootScript/Readme.md: -------------------------------------------------------------------------------- 1 | # System Reboot Notification Script 2 | 3 | This PowerShell script displays a notification to all logged-on users, asking them to close all their programs and reboot their machine. The notification includes the username of the logged-in user, the system's uptime, and a button to immediately reboot the system. If the user does not click the button, the system will automatically reboot after 15 minutes. 4 | 5 | ## Features 6 | 7 | - Displays a modern notification window using WPF. 8 | - Shows the logged-in user's name. 9 | - Displays the system's current uptime. 10 | - Provides a "Reboot Now" button for immediate reboot. 11 | - Automatically reboots the system after a 15-minute countdown if no action is taken. 12 | 13 | ## Requirements 14 | 15 | - Windows PowerShell 5.1 16 | - Windows Presentation Foundation (WPF) support (available by default on most modern Windows systems) 17 | 18 | ## How It Works 19 | 20 | 1. **Notification Display:** 21 | 22 | - The script creates a WPF window with a message that includes the username and system uptime. 23 | - The message informs the user that the system will reboot in 15 minutes and prompts them to save their work. 24 | 25 | 2. **Immediate Reboot Option:** 26 | 27 | - The window includes a "Reboot Now" button that allows the user to immediately initiate the reboot. 28 | 29 | 3. **Automatic Reboot:** 30 | - If the user does not click the "Reboot Now" button, the script waits for 15 minutes and then automatically reboots the system. 31 | -------------------------------------------------------------------------------- /DattoRMM/DiskCheck-SFC-DISM/Readme.md: -------------------------------------------------------------------------------- 1 | # Disk Health Remediation Script 2 | 3 | ## Overview 4 | 5 | This PowerShell script is designed to perform comprehensive disk health checks and remediation on Windows systems. It's particularly useful for IT administrators and support technicians who need to diagnose and address disk-related issues. 6 | 7 | ## Features 8 | 9 | - Checks System Event Logs for disk-related events 10 | - Performs disk space analysis 11 | - Checks file system integrity 12 | - Analyzes S.M.A.R.T. data for physical disks 13 | - Schedules CheckDisk (chkdsk) if necessary 14 | - Runs System File Checker (SFC) and Deployment Image Servicing and Management (DISM) tools 15 | - Provides detailed logging of all operations 16 | 17 | ## Requirements 18 | 19 | - Windows operating system (Windows 10 or later recommended) 20 | - PowerShell 5.1 or later 21 | - Administrative privileges 22 | 23 | ## Usage 24 | 25 | 1. Open PowerShell as an administrator. 26 | 2. Navigate to the directory containing the script. 27 | 3. Run the script: 28 | 29 | ```powershell 30 | .\DiskHealthRemediation.ps1 31 | ``` 32 | 33 | ## Use In Datto RMM 34 | 35 | 1. Create New Script in Datto RMM 36 | 2. Paste in the script contents 37 | 3. Set permission level and script type 38 | 4. Save and run on a device, or add to a policy 39 | 40 | ## Output 41 | 42 | The script provides real-time output to the console and also generates a detailed log. Key information includes: 43 | 44 | - Disk-related system events 45 | - Disk space usage 46 | - File system status 47 | - S.M.A.R.T. data analysis 48 | - Results of SFC and DISM operations 49 | -------------------------------------------------------------------------------- /General/PSModuleUpdater/README.md: -------------------------------------------------------------------------------- 1 | # Module Standalone Updater 2 | 3 | This PowerShell script updates all existing modules and installs the latest versions of the Microsoft 365 Management PowerShell modules. 4 | 5 | ## Features 6 | 7 | - **Update Existing Modules**: Ensures all currently installed PowerShell modules are up to date. 8 | - **Install New Modules**: Installs the latest versions of essential Microsoft 365 management modules. 9 | 10 | ## Requirements 11 | 12 | - **PowerShell Version**: PowerShell 5.1 or later. 13 | - **Administrative Privileges**: Required to install or update modules. 14 | 15 | ## Usage Instructions 16 | 17 | 1. **Open PowerShell**: Run PowerShell as an administrator. 18 | 2. **Execute the Script**: Run the script by typing `.\PSModuleUpdater.ps1` in the PowerShell window. 19 | 3. **Follow the Prompts**: The script will prompt you to confirm if you want to install, update, and clean up all PowerShell modules. Type `Y` or `yes` to proceed. 20 | 4. **Review the Output**: The script will display the status of each module installation or update. Check for any errors or issues. 21 | 5. **Re-run if Necessary**: If there are any issues, re-run the script as needed until all modules are correctly installed and up to date. 22 | 23 | ## Notes 24 | 25 | - **Module List**: The script handles a predefined list of Microsoft 365 management modules, but will also detect and update all installed modules. 26 | - **Error Handling**: If any module fails to install or update, the script provides error messages to help troubleshoot the issue. 27 | 28 | ## Contact 29 | 30 | Created by Alex Ivantsov (@Exploitacious) 31 | -------------------------------------------------------------------------------- /NotWindows/InstallDocker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Update your existing list of packages 4 | echo "Updating package list..." 5 | sudo apt update 6 | 7 | # Install prerequisites 8 | echo "Installing prerequisites..." 9 | sudo apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg2 10 | 11 | # Add Docker’s official GPG key 12 | echo "Adding Docker's official GPG key..." 13 | curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg 14 | 15 | # Set up the Docker stable repository for Debian 16 | echo "Setting up the Docker stable repository..." 17 | echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian buster stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 18 | 19 | # Update the package database with Docker packages from the newly added repo 20 | echo "Updating package database with Docker packages..." 21 | sudo apt update 22 | 23 | # Install Docker 24 | echo "Installing Docker..." 25 | sudo apt install -y docker-ce docker-ce-cli containerd.io 26 | 27 | # Add your user to the Docker group 28 | echo "Adding user to Docker group..." 29 | sudo groupadd docker 30 | sudo usermod -aG docker $USER 31 | 32 | # Start Docker service 33 | echo "Starting Docker service..." 34 | sudo service docker start 35 | 36 | # Verify Docker installation 37 | echo "Verifying Docker installation..." 38 | docker --version 39 | 40 | echo "Docker installation completed successfully!" 41 | echo "You may need to restart your terminal or log out and log back in to apply the group changes." 42 | 43 | -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/ClaudeEdits/1Click-1Line-Launcher.txt: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :CheckAdmin 5 | openfiles >nul 2>&1 6 | if %errorlevel% NEQ 0 ( 7 | echo Requesting administrative privileges... 8 | goto UACPrompt 9 | ) else ( 10 | goto GotAdmin 11 | ) 12 | 13 | :UACPrompt 14 | echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" 15 | echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs" 16 | "%temp%\getadmin.vbs" 17 | exit /B 18 | 19 | :GotAdmin 20 | if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" ) 21 | pushd "%CD%" 22 | CD /D "%~dp0" 23 | 24 | :Download 25 | set "baseURL=https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/main/Production/Curl-able/Windows_Debloat/" 26 | set "tempDir=C:\Temp\Cleanup" 27 | mkdir "%tempDir%" 2>nul 28 | 29 | for %%f in (Main-Stager.ps1 UninstallBloat.ps1 PSandWindowsUpdates.ps1 InstallNewApps.ps1 PS-HKLM.ps1 Cmd-HKLM.cmd combined-hkcu-script.ps1) do ( 30 | call :DownloadFile "%%f" 31 | ) 32 | 33 | goto RunPowerShell 34 | 35 | :DownloadFile 36 | set "retries=3" 37 | :DownloadRetry 38 | PowerShell -Command "(New-Object Net.WebClient).DownloadFile('%baseURL%%~1', '%tempDir%\%~1')" 39 | if %errorlevel% NEQ 0 ( 40 | set /a retries-=1 41 | if !retries! GTR 0 ( 42 | echo Download failed. Retrying... 43 | goto DownloadRetry 44 | ) else ( 45 | echo Failed to download %~1 after multiple attempts. 46 | exit /b 1 47 | ) 48 | ) 49 | exit /b 0 50 | 51 | :RunPowerShell 52 | PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%tempDir%\Main-Stager.ps1'" 53 | 54 | exit /b -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/1Click-1Line-Launcher.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | :: Script to download and run system debloat scripts from GitHub 3 | :: Created by: Alex Ivantsov @Exploitacious 4 | 5 | :: Function to check for Administrator elevation 6 | :CheckAdmin 7 | openfiles >nul 2>&1 8 | if %errorlevel% EQU 0 ( 9 | goto :Download 10 | ) else ( 11 | echo. 12 | echo. You are not running as Administrator. 13 | echo. This script cannot do its job without elevation. 14 | echo. Please run this tool as Administrator. 15 | exit /b 16 | ) 17 | 18 | :: Function to download required files from GitHub 19 | :Download 20 | :: Create a temporary directory for cleanup scripts 21 | echo Creating temporary directories in C:\Temp\Cleanup 22 | PowerShell -Command "mkdir C:\Temp\Cleanup -ErrorAction SilentlyContinue" 23 | cd "C:\Temp\Cleanup" 24 | 25 | :: List of files to download 26 | echo Downloading Files... 27 | 28 | :: Base URL for downloading files 29 | set "baseURL=https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/main/Curl-able/Windows_Debloat" 30 | 31 | :: Loop through each file and download it using PowerShell 32 | for %%f in ( 33 | "Cmd-HKCU.cmd" 34 | "Cmd-HKLM.cmd" 35 | "FirstLogon.bat" 36 | "InstallNewApps.ps1" 37 | "PS-HKCU.ps1" 38 | "PS-HKLM.ps1" 39 | "PSandWindowsUpdates.ps1" 40 | "UninstallBloat.ps1" 41 | "Main-Stager.ps1" 42 | ) do ( 43 | echo Downloading %%~f... 44 | curl -L "%baseURL%/%%~f" -o "%%~f" 45 | ) 46 | 47 | :: Function to run the main debloat script 48 | :RunPowerShell 49 | SET ThisScriptsDirectory=C:\Temp\Cleanup\ 50 | SET PowerShellScriptPath=%ThisScriptsDirectory%Main-Stager.ps1 51 | 52 | :: Execute the main PowerShell script 53 | PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%PowerShellScriptPath%'" 54 | 55 | :: Start the script by checking for admin privileges 56 | goto :CheckAdmin 57 | -------------------------------------------------------------------------------- /General/M365PhishPurge/Readme.md: -------------------------------------------------------------------------------- 1 | # M365 Phish Purge 2 | 3 | ## Overview 4 | 5 | The M365 Phish Purge script is an automated solution designed to search and remove malicious emails from Microsoft 365 mailboxes using the Compliance Center. This script provides a graphical user interface (GUI) for specifying search criteria and includes functionalities for purging emails and adding senders to a blocklist. 6 | 7 | ## Features 8 | 9 | - **GUI for Search Criteria**: A user-friendly GUI allows users to input search criteria, including email subject, sender, recipient, sent date, and purge type. 10 | - **Search and Purge**: Automates the process of searching for emails that match the specified criteria and purging them. 11 | - **Add to Blocklist**: Option to add the sender to the blocklist to prevent future malicious emails. 12 | - **Logging**: Detailed logging of actions taken by the script, with the log file displayed at the end of the script execution. 13 | - **Compliance**: Integrates with Microsoft 365 Compliance Center and Exchange Online for secure and effective email management. 14 | 15 | ## Requirements 16 | 17 | - PowerShell 5.1 or later 18 | - Microsoft 365 Global Admin credentials 19 | - Modules: `ExchangeOnlineManagement`, `AIPService` 20 | - An account with Conditional Access (CA) bypassed if the device is not registered in Azure/Intune 21 | 22 | ## Installation 23 | 24 | 1. Download the script and place it in a desired directory. 25 | 2. Ensure that the required PowerShell modules are installed: 26 | ```powershell 27 | Install-Module -Name ExchangeOnlineManagement 28 | Install-Module -Name AIPService 29 | ``` 30 | 31 | ## Usage 32 | 33 | 1. Run the script from a PowerShell console with administrative privileges: 34 | 35 | ```powershell 36 | .\M365PhishPurge.ps1 37 | ``` 38 | 39 | 2. Enter the Global Admin credentials for the M365 Tenant when prompted. 40 | 3. Follow the GUI to input search criteria for malicious emails. 41 | 4. Confirm the search and purge operations as prompted. 42 | 5. Optionally, add senders to the blocklist. 43 | 6. View the log file at the end of the script execution for a detailed summary of actions taken. 44 | -------------------------------------------------------------------------------- /General/SOFTWARE/Quickbooks/readme.md: -------------------------------------------------------------------------------- 1 | # QuickBooks Management Scripts 2 | 3 | This document provides instructions for a collection of PowerShell scripts designed to gather information, install, and manage QuickBooks Desktop installations. 4 | 5 | --- 6 | 7 | ## Get QuickBooks System Data 8 | 9 | This script scans the system to find a QuickBooks Desktop installation and collects detailed information about it, such as version, edition, year, and file paths. It also checks if the QuickBooks Tool Hub is installed and outputs all data into a single PowerShell object. 10 | 11 | ### How to Use 12 | 13 | 1. Save the script as a `.ps1` file (e.g., `Get-QuickBooksData.ps1`). 14 | 2. Open PowerShell and navigate to the directory where you saved the script. 15 | 3. Run the script by typing `.\Get-QuickBooksData.ps1` and pressing Enter. 16 | 4. The script will run without any input and display the collected data in the console. 17 | 18 | --- 19 | 20 | ## Interactive QuickBooks Desktop Installer 21 | 22 | This script provides a menu-driven interface to download and silently install specific versions of QuickBooks Desktop and the QuickBooks Tool Hub. It can be used for workstation or server setups and allows for the input of a license key or the use of an evaluation key. 23 | 24 | ### How to Use 25 | 26 | 1. (Optional) Edit the script to add or remove QuickBooks versions from the configuration list. 27 | 2. Save the script as a `.ps1` file (e.g., `Install-QuickBooks.ps1`). 28 | 3. Right-click the script and select **Run with PowerShell**. The script requires administrator privileges. 29 | 4. Follow the on-screen menu prompts to select the desired installation type and QuickBooks version. 30 | 31 | --- 32 | 33 | ## Disable QuickBooks Automatic Updates 34 | 35 | This script systematically disables the automatic update feature in QuickBooks Desktop. It works by terminating the update process, modifying configuration files, removing startup links, and deleting previously downloaded update packages. 36 | 37 | ### How to Use 38 | 39 | 1. Save the script as a `.ps1` file (e.g., `Disable-QBUpdates.ps1`). 40 | 2. Right-click the script and select **Run with PowerShell**. The script requires administrator privileges to modify system files. 41 | 3. The script will run automatically and display its progress in the console. No user input is needed. 42 | -------------------------------------------------------------------------------- /General/SOFTWARE/SolarWinds-N-Able/UninstallNable.ps1: -------------------------------------------------------------------------------- 1 | # Uninstall N-Able and N-Central stuffs 2 | # Developed by: Alex Ivantsov 3 | 4 | write-host "SolarWinds Windows Agent Uninstaller" 5 | write-host "=================================================" 6 | 7 | # Silently Remove and Uninstall N-Able Agents 8 | 9 | ./"C:\Program Files (x86)\SolarWinds MSP\Ecosystem Agent\unins000.exe" /silent 10 | 11 | ./"C:\Program Files (x86)\MspPlatform\FileCacheServiceAgent\unins000.exe" /silent 12 | 13 | ./"C:\Program Files (x86)\MspPlatform\PME\unins000.exe" /silent 14 | 15 | ./"C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\unins000.exe" /silent 16 | 17 | 18 | function getGUID ($product, $vendor) { 19 | set-content "msi.vbs" -value 'Set installer = CreateObject("WindowsInstaller.Installer") 20 | On Error Resume Next' 21 | add-content "msi.vbs" -value "strProductSearch = `"$product`"" 22 | add-content "msi.vbs" -value "strVendorSearch = `"$vendor`"" 23 | add-content "msi.vbs" -value 'For Each product In installer.ProductsEx("", "", 7) 24 | name = product.InstallProperty("ProductName") 25 | vendor = product.InstallProperty("Publisher") 26 | productcode = product.ProductCode 27 | If InStr(1, name, strProductSearch) > 0 then 28 | If InStr(1, vendor, strVendorSearch) > 0 then 29 | wscript.echo (productcode) 30 | End if 31 | End if 32 | Next' 33 | 34 | cscript /nologo msi.vbs 35 | remove-item msi.vbs -force 36 | } 37 | 38 | if ([intptr]::Size -eq 4) { 39 | $varProgramFiles=$env:ProgramFiles 40 | } else { 41 | $varProgramFiles=${env:ProgramFiles(x86)} 42 | } 43 | 44 | foreach ($guid in getGuid "Windows Agent" "N-able Technologies") { 45 | write-host "- Uninstalling $guid..." 46 | msiexec /X$guid /qn /norestart 47 | } 48 | 49 | foreach ($iteration in ('SolarWinds MSP\Ecosystem Agent','MspPlatform\FileCacheServiceAgent','MspPlatform\PME','MspPlatform\RequestHandlerAgent')) { 50 | start-sleep -seconds 30 51 | write-host " $iteration..." 52 | start-process "$varProgramFiles\$iteration\unins000.exe" -argumentList "/SILENT" 53 | } 54 | 55 | # Perma-Remove Directories 56 | 57 | rmdir /Q /S "C:\Program Files (x86)\SolarWinds MSP\" 58 | 59 | rmdir /Q /S "C:\Program Files (x86)\N-able Technologies\" 60 | 61 | rmdir /Q /S "C:\Program Files (x86)\MspPlatform\" 62 | 63 | -------------------------------------------------------------------------------- /Curl-able/Windows_Events_Audit/README.md: -------------------------------------------------------------------------------- 1 | # WindowsEventsToCSVTimeline 2 | 3 | A powershell script to collect Windows Event Logs from a host and parse them into one CSV Timeline. 4 | It will also parse together PowerShell transcription logs if they are found in C:\Logs\PowerShell 5 | You can also use this script to configure good logging and possibly clear logs if necessary 6 | 7 | ### Getting Started 8 | 9 | OneClick (CMD) Launch: 10 | 11 | ``` 12 | curl -L gatherlogs.umbrellaitgroup.com -o launcher.cmd && launcher.cmd 13 | 14 | ``` 15 | 16 | - Everything will be placed into C:\Temp\GatherLogs 17 | - If the Manager/launcher script quits, you can re-launch it with PS> C:\Temp\GatherLogs\EventLogLauncher.ps1 18 | - or just .\EventLogLauncher.ps1 as your session should already be in the right directory 19 | 20 | ### Logs excluded from collection and parsing 21 | 22 | System - Kernel-Processor-Power — 4 23 | “CPU microcode updated” spam. Zero forensic value. 24 | 25 | System - Kernel-General — 6, 13 26 | 6 = “Time zone changed”, 13 = “OS is shutting down.” You already track proper shutdowns elsewhere. 27 | 28 | System - Kernel-Power — 42 29 | “Entering sleep.” Useful for laptop battery nerds, irrelevant for security timelines. 30 | 31 | System - Ntfs — 98, 142 32 | Volume Shadow Copy housekeeping; can flood busy servers. 33 | 34 | System - Service Control Manager — 7036 35 | “Service X entered the Running state.” New-service creation is 7045 (keep that); 7036 is just chatter. 36 | 37 | System - DistributedCOM — 10010, 10016 38 | The infamous DCOM permission warnings Microsoft says to ignore—so ignore them. 39 | 40 | System - DNS Client — 1014 41 | “Name resolution for whatever timed out.” Every Wi-Fi hiccup generates one. 42 | 43 | Application - WinMgmt (WMI) — 10 44 | “Event filter couldn’t be reactivated.” Harmless unless you’re debugging WMI. 45 | 46 | Application - MsiInstaller — 1033 47 | Generic “product installed successfully.” Failures are 11707/11708 (keep those). 48 | 49 | Application - ESENT — 102, 103 50 | Jet database housekeeping (Search, Windows Update). Thousands per hour on busy boxes. 51 | 52 | Security - Logon — 4624 (Type 3 only) 53 | Successful network logons. Domain controllers drown in these; filter Type 3 unless you’re auditing every SMB touch. 54 | 55 | Powershell - Information - 400, 403 56 | Indicates that the PowerShell engine state has changed from "None" to "Available" and Engine state is changed from Available to Stopped. 57 | 58 | Security - Information - 4703 59 | A user right / token was adjusted (success) 60 | -------------------------------------------------------------------------------- /Curl-able/Windows_Events_Audit/Collect-Logs-Launcher.cmd: -------------------------------------------------------------------------------- 1 | :: Quickly and quietly run both scripts to gather and parse logs 2 | :: Download and run the scripts directly from GitHub 3 | :: Created by Alex Ivantsov 4 | 5 | @echo off 6 | 7 | :: Checking for Administrator elevation. 8 | 9 | openfiles>nul 2>&1 10 | 11 | if %errorlevel% EQU 0 goto :Download 12 | 13 | echo. 14 | echo. 15 | echo. 16 | echo. 17 | echo. 18 | echo. You are not running as Administrator. 19 | echo. This script cannot do it's job without elevation. 20 | echo. 21 | echo. You need run this tool as Administrator. 22 | echo. 23 | 24 | exit 25 | 26 | 27 | :: Download Required Files from https://github.com/Exploitacious/WindowsEventsToCSVTimeline 28 | :Download 29 | 30 | PowerShell -Command "mkdir C:\Temp\GatherLogs -erroraction silentlycontinue" 31 | 32 | cd "C:\Temp\GatherLogs" 33 | 34 | PowerShell -executionpolicy bypass -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/Curl-able/Windows_Events_Audit/EventLogLauncher.ps1', 'EventLogLauncher.ps1')" 35 | 36 | PowerShell -executionpolicy bypass -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/Curl-able/Windows_Events_Audit/Gather-LogsToTimeLine.ps1', 'Gather-LogsToTimeLine.ps1')" 37 | 38 | PowerShell -executionpolicy bypass -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/Curl-able/Windows_Events_Audit/Parse-LogsToTimeLine.ps1', 'Parse-LogsToTimeLine.ps1')" 39 | 40 | PowerShell -executionpolicy bypass -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/Curl-able/Windows_Events_Audit/BaselineSettings.ps1', 'BaselineSettings.ps1')" 41 | 42 | PowerShell -executionpolicy bypass -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/Curl-able/Windows_Events_Audit/ClearWindowsEventLog.ps1', 'ClearWindowsEventLog.ps1')" 43 | 44 | PowerShell -executionpolicy bypass -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/Curl-able/Windows_Events_Audit/BSODREPORT.ps1', 'BSODREPORT.ps1')" 45 | 46 | 47 | :: Start Running the Gather Logs scripts 48 | :RunScript 49 | 50 | SET ScriptDirectory=C:\Temp\GatherLogs\ 51 | SET PowerShellScriptPath=%ScriptDirectory%EventLogLauncher.ps1 52 | PowerShell -NoProfile -ExecutionPolicy Bypass -Command "%PowerShellScriptPath%"; -------------------------------------------------------------------------------- /General/SOFTWARE/DattoRMM/a.DRMM-ScriptingTemplates/Readme.md: -------------------------------------------------------------------------------- 1 | # Datto RMM Script Templates 2 | 3 | This repository contains PowerShell script templates for use with Datto RMM. 4 | These templates provide a foundation for creating Monitoring and Remediation scripts that integrate seamlessly with Datto RMM. 5 | 6 | ## Templates 7 | 8 | ### 1. DRMM_MonitoringTemplate.ps1 9 | 10 | This template is designed for creating monitoring scripts in Datto RMM. 11 | 12 | Key features: 13 | 14 | - Configurable script name and type 15 | - Functions for natively writing diagnostics and alerts to Datto RMM 16 | - Unique script identifier generation (Script UID) 17 | - Customizable main script logic section 18 | - Ability to write to a UDF in Datto RMM (define variable in Datto RMM GUI) 19 | - Proper exit handling for Datto RMM 20 | 21 | ### 2. DRMM_RemediationTemplate.ps1 22 | 23 | This template is designed for creating remediation scripts in Datto RMM. 24 | 25 | Key features: 26 | 27 | - Configurable script name and type 28 | - Functions for writing diagnostics to Datto RMM 29 | - Unique script identifier generation (Script UID) 30 | - Customizable main script logic section 31 | - Ability to write to a UDF in Datto RMM (define variable in Datto RMM GUI) 32 | - Optional API result submission (Defined in DattoRMM - Used for Umbrella API to Autotask Ticket Billing Integration) 33 | - Proper exit handling for Datto RMM 34 | 35 | ## Usage 36 | 37 | 1. Choose the appropriate template based on your needs (monitoring or remediation). 38 | 2. Copy the template and rename it according to your script's purpose. 39 | 3. Modify the `$scriptName` and `$scriptType` variables at the top of the script. 40 | 4. Implement your script logic in the designated section (between the "Start of Script" and "End of Script" comments). 41 | 5. Test your script thoroughly before deploying in Datto RMM. 42 | 6. Add Script to Datto RMM by using the "Add Component" feature and selecting the right script type. 43 | 7. Add UDF writing and API submission variables as needed 44 | 45 | ## Important Notes 46 | 47 | - These scripts rely on environment variables set by Datto RMM. Do not modify the `$env:` variable references unless you're certain about the changes. 48 | - The monitoring script uses Exit 0 for "No Alert" and Exit 1 for "Alert" status in Datto RMM. 49 | 50 | ## Customization 51 | 52 | Feel free to modify these templates to better suit your specific needs. However, be cautious when changing core functionality that interfaces with Datto RMM, such as the diagnostic writing functions or exit handling. 53 | 54 | ## Support 55 | 56 | For issues related to Datto RMM integration or platform-specific questions, please refer to Datto RMM documentation or contact their support. 57 | 58 | For template-specific questions or improvements, please open an issue in this repository. 59 | 60 | - Datto RMM Scripting Documentation: 61 | https://rmm.datto.com/help/en/Content/4WEBPORTAL/Components/Scripting.htm 62 | -------------------------------------------------------------------------------- /Curl-able/Windows_Events_Audit/EventLogLauncher.ps1: -------------------------------------------------------------------------------- 1 | # Splash ASCII Banner 2 | $splash = @' 3 | __ ___ _____ _ _ 4 | \ \ / (_)_ __ | ____|_ _____ _ __ | |_ | | ___ __ _ 5 | \ \ /\ / /| | '_ \ | _| \ \ / / _ \ '_ \| __| | | / _ \ / _` | 6 | \ V V / | | | | | | |___ \ V / __/ | | | |_ | |__| (_) | (_| | 7 | __\_/\_/ |_|_| |_| |_____| \_/ \___|_| |_|\__| |_____\___/ \__, | 8 | | \/ | __ _ _ __ __ _ __ _ ___ _ __ |___/ 9 | | |\/| |/ _` | '_ \ / _` |/ _` |/ _ \ '__| 10 | | | | | (_| | | | | (_| | (_| | __/ | 11 | |_| |_|\__,_|_| |_|\__,_|\__, |\___|_| 12 | |___/ 13 | '@ 14 | 15 | # Map choices to filenames 16 | $scriptMap = @{ 17 | "1" = "BSODREPORT.ps1" 18 | "2" = "Gather-LogsToTimeLine.ps1" 19 | "3" = "Parse-LogsToTimeLine.ps1" 20 | "4" = "BaselineSettings.ps1" 21 | "5" = "ClearWindowsEventLog.ps1" 22 | } 23 | 24 | # Main Loop 25 | do { 26 | Clear-Host 27 | Write-Host $splash -ForegroundColor Cyan 28 | 29 | # Script Selector Menu 30 | $menu = @" 31 | [ 1 ] Run a quick diagnostic for any BSOD, "Critical" or "High" Events 32 | [ 2 ] Gather all available Windows Event Logs and Parse them 33 | [ 3 ] Parse, Merge and De-dupe gathered logs 34 | [ 4 ] Audit Event Log Baseline Settings and Remediate 35 | [ 5 ] DANGER: Clear all Windows Event Logs and re-apply Baseline Settings 36 | [ X ] Exit 37 | 38 | Once you exit the manager script, you can simply type 'ls' to see the scripts available, or 39 | type '.\EventLogLauncher.ps1' to re-launch the Event Log Manager. 40 | 41 | Select an option (1-4 or X to quit): 42 | "@ 43 | Write-Host $menu -NoNewline 44 | $choice = Read-Host 45 | 46 | if ($scriptMap.ContainsKey($choice)) { 47 | $scriptToRun = Join-Path -Path $PSScriptRoot -ChildPath $scriptMap[$choice] 48 | 49 | if (Test-Path $scriptToRun) { 50 | Write-Host "`n Running $($scriptMap[$choice])..." -ForegroundColor Green 51 | powershell.exe -ExecutionPolicy Bypass -NoExit -Command "& {`"$scriptToRun`"}" 52 | Write-Host "`n Script completed. Press Enter to return to menu..." -ForegroundColor Yellow 53 | Read-Host 54 | } 55 | else { 56 | Write-Host "`n Script not found: $($scriptMap[$choice])" -ForegroundColor Red 57 | Read-Host "`nPress Enter to return to menu..." 58 | } 59 | } 60 | elseif ($choice -eq 'X' -or $choice -eq 'x') { 61 | Write-Host "`n Exiting Event Log Manager..." -ForegroundColor Cyan 62 | break 63 | } 64 | else { 65 | Write-Host "`n Invalid selection. Please choose 1-4 or X to quit." -ForegroundColor Red 66 | Read-Host "`nPress Enter to return to menu..." 67 | } 68 | 69 | } while ($true) 70 | -------------------------------------------------------------------------------- /General/OneDrive/OneDriveAllUsers.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Downloads and installs the latest version of OneDrive as ALL USERS. 4 | 5 | .DESCRIPTION 6 | This script creates a C:\Temp directory if it doesn't exist, downloads the 7 | latest production release of the OneDrive installer to it, and then runs the 8 | installer in silent mode with the /allusers switch to ensure it is installed 9 | for all users on the machine. Administrator privileges are required. 10 | 11 | #> 12 | 13 | # Requires -RunAsAdministrator 14 | 15 | # --- Variables --- 16 | # Define the directory path and the full file path for the installer. 17 | $downloadDir = "C:\Temp" 18 | $installerPath = Join-Path -Path $downloadDir -ChildPath "OneDriveSetup.exe" 19 | $oneDriveUrl = "https://go.microsoft.com/fwlink/?linkid=844652" 20 | 21 | 22 | # --- Script Body --- 23 | 24 | # Check if the destination directory exists. If not, create it. 25 | if (-not (Test-Path -Path $downloadDir -PathType Container)) { 26 | Write-Host "Directory $downloadDir does not exist. Creating it now..." -ForegroundColor Yellow 27 | try { 28 | New-Item -ItemType Directory -Path $downloadDir -Force | Out-Null 29 | Write-Host "Directory $downloadDir created successfully." -ForegroundColor Green 30 | } 31 | catch { 32 | Write-Error "Failed to create directory '$downloadDir'. Please check permissions." 33 | # Stop the script if the directory cannot be created 34 | return 35 | } 36 | } 37 | else { 38 | Write-Host "Directory $downloadDir already exists." -ForegroundColor Cyan 39 | } 40 | 41 | 42 | Write-Host "Starting the download of the latest OneDrive installer to $installerPath..." -ForegroundColor Green 43 | 44 | try { 45 | # Download the latest OneDrive installer 46 | Invoke-WebRequest -Uri $oneDriveUrl -OutFile $installerPath 47 | Write-Host "Download complete." -ForegroundColor Green 48 | } 49 | catch { 50 | Write-Error "Failed to download the OneDrive installer. Please check your internet connection and the URL: $oneDriveUrl" 51 | return 52 | } 53 | 54 | 55 | Write-Host "Installing OneDrive for all users. This will be a silent installation." -ForegroundColor Green 56 | 57 | try { 58 | # Start the installer in silent mode and for all users 59 | # The /allusers switch installs OneDrive to the Program Files directory 60 | # The /silent switch prevents any UI from showing during installation 61 | Start-Process -FilePath $installerPath -ArgumentList "/allusers /silent" -Wait -PassThru 62 | 63 | Write-Host "OneDrive installation is complete." -ForegroundColor Green 64 | } 65 | catch { 66 | Write-Error "The OneDrive installation failed. Please check the installer logs if available." 67 | } 68 | finally { 69 | # Clean up the downloaded installer file 70 | if (Test-Path -Path $installerPath) { 71 | Remove-Item -Path $installerPath -Force 72 | Write-Host "Cleaned up the installer file from $installerPath." -ForegroundColor Yellow 73 | } 74 | } -------------------------------------------------------------------------------- /General/SOFTWARE/BlackPoint/BlackPointSNAPEnableTRACE.ps1: -------------------------------------------------------------------------------- 1 | # Requires -RunAsAdministrator 2 | 3 | # This script enables TRACE logging for the SNAP agent and DEBUG logging for the ZTAC agent. 4 | # It will automatically request administrator privileges if not already running as an admin. 5 | 6 | # --- Script Start --- 7 | 8 | Write-Host "--- Enabling Verbose Logging for SNAP and ZTAC ---" -ForegroundColor Green 9 | 10 | # --- Section 1: SNAP Agent Configuration --- 11 | 12 | $snapLogFile = "C:\Program Files (x86)\Blackpoint\SnapAgent\log.xml" 13 | $snapService = "Snap" 14 | $snapInfoString = '' 15 | $snapTraceString = '' 16 | 17 | Write-Host "`n[SNAP] Attempting to enable TRACE logging..." 18 | try { 19 | # Check if the log file exists before trying to modify it 20 | if (Test-Path $snapLogFile) { 21 | # Read the file, replace the logging level, and write it back 22 | (Get-Content -Path $snapLogFile -Raw) -replace $snapInfoString, $snapTraceString | Set-Content -Path $snapLogFile 23 | Write-Host "[SNAP] Successfully set logging level to TRACE in '$snapLogFile'." -ForegroundColor Cyan 24 | 25 | # Restart the service to apply changes 26 | Write-Host "[SNAP] Restarting the '$snapService' service..." 27 | Restart-Service -Name $snapService -ErrorAction Stop 28 | Write-Host "[SNAP] Service '$snapService' restarted successfully." -ForegroundColor Cyan 29 | } 30 | else { 31 | Write-Warning "[SNAP] Log file not found at '$snapLogFile'. Skipping." 32 | } 33 | } 34 | catch { 35 | Write-Error "[SNAP] An error occurred: $_" 36 | } 37 | 38 | 39 | # --- Section 2: ZTAC Agent Configuration --- 40 | 41 | $ztacConfigFile = "C:\Program Files (x86)\Blackpoint\ZTAC\config.yml" 42 | $ztacService = "ZTAC" 43 | $ztacInfoString = "logLevel: info" 44 | $ztacDebugString = "logLevel: debug" 45 | 46 | Write-Host "`n[ZTAC] Attempting to enable DEBUG logging..." 47 | try { 48 | # Check if the config file exists 49 | if (Test-Path $ztacConfigFile) { 50 | # Read the file, replace the logging level, and write it back 51 | (Get-Content -Path $ztacConfigFile -Raw) -replace $ztacInfoString, $ztacDebugString | Set-Content -Path $ztacConfigFile 52 | Write-Host "[ZTAC] Successfully set logging level to DEBUG in '$ztacConfigFile'." -ForegroundColor Cyan 53 | 54 | # Restart the service to apply changes 55 | Write-Host "[ZTAC] Restarting the '$ztacService' service..." 56 | Restart-Service -Name $ztacService -ErrorAction Stop 57 | Write-Host "[ZTAC] Service '$ztacService' restarted successfully." -ForegroundColor Cyan 58 | } 59 | else { 60 | Write-Warning "[ZTAC] Config file not found at '$ztacConfigFile'. Skipping." 61 | } 62 | } 63 | catch { 64 | Write-Error "[ZTAC] An error occurred: $_" 65 | } 66 | 67 | Write-Host "`n--- Script finished ---" -ForegroundColor Green 68 | Write-Host "Please allow the services to run for 10-15 minutes to gather logs before collecting them." -------------------------------------------------------------------------------- /General/Utilities/GetWinEventsKeywords.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Scans Windows Event Logs for audio-related errors and events. 4 | 5 | .DESCRIPTION 6 | This script queries the System, Application, and Microsoft Windows Audio operational logs 7 | for the past 24 hours to find entries containing specific audio-related keywords. 8 | This can help diagnose issues like device disconnections or driver failures. 9 | 10 | .NOTES 11 | Run this script with administrative privileges for full access to event logs. 12 | #> 13 | 14 | try { 15 | # Define the time frame for the log search (last 24 hours) 16 | $startTime = (Get-Date).AddDays(-1) 17 | 18 | # List of keywords to search for in the log messages 19 | $keywords = @( 20 | 'audio', 21 | 'sound', 22 | 'speaker', 23 | 'headphone', 24 | 'jack', 25 | 'disconnect', 26 | 'endpoint', 27 | 'Realtek', # Common audio driver manufacturer 28 | 'Intel SST', # Intel Smart Sound Technology 29 | 'HD Audio' # High Definition Audio 30 | ) 31 | 32 | # Create a regex pattern from the keywords for efficient searching (e.g., 'audio|sound|speaker...') 33 | $pattern = $keywords -join '|' 34 | 35 | # Log names to search through. Includes standard logs and specific audio logs. 36 | $logNames = @( 37 | 'System', 38 | 'Application', 39 | 'Microsoft-Windows-Audio/Operational' 40 | ) 41 | 42 | Write-Host "Searching for audio-related events in the last 24 hours..." -ForegroundColor Green 43 | 44 | # Loop through each specified log name 45 | foreach ($log in $logNames) { 46 | # Define a filter for Get-WinEvent to improve performance 47 | $filter = @{ 48 | LogName = $log 49 | StartTime = $startTime 50 | } 51 | 52 | Write-Host "--- Checking Log: $log ---" -ForegroundColor Cyan 53 | 54 | # Get events from the specified log using the filter 55 | $events = Get-WinEvent -FilterHashtable $filter -ErrorAction SilentlyContinue 56 | 57 | if ($null -ne $events) { 58 | # Filter the events where the message matches any of our keywords 59 | $filteredEvents = $events | Where-Object { $_.Message -match $pattern } 60 | 61 | if ($null -ne $filteredEvents) { 62 | # Format and display the results found in this log 63 | $filteredEvents | Format-Table TimeCreated, LogName, LevelDisplayName, Message -Wrap 64 | } 65 | else { 66 | Write-Host "No audio-related events found in this log." 67 | } 68 | } 69 | else { 70 | Write-Host "Could not retrieve events from log '$log'. It may be empty or you may lack permissions." -ForegroundColor Yellow 71 | } 72 | } 73 | } 74 | catch { 75 | Write-Host "An unexpected error occurred:" -ForegroundColor Red 76 | Write-Host $_.Exception.Message -ForegroundColor Red 77 | } 78 | 79 | Write-Host "Script finished." -ForegroundColor Green -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/Main-Stager.ps1: -------------------------------------------------------------------------------- 1 | # Verify/Elevate Admin Session. 2 | if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit } 3 | 4 | Write-Host " " 5 | Write-Host " " 6 | Write-Host " ## ## #### ### ### ## ### ## ## ### ### ## " 7 | Write-Host " ## ## ## ## ## ## ## ## ## ## ## ## " 8 | Write-Host " ## ## ## ## ## # ## # ## ## ## ## " 9 | Write-Host " ## ## ## ## ## ## ## ## ## ## ## ## " 10 | Write-Host " ## ## ## ## ### ## ## ## ## ## ## " 11 | Write-Host " ## ## ## ## ## ## ## ## ## ## ## ## ## " 12 | Write-Host " ## ## ### ### ### ### ### ## ### ## ## ## #### " 13 | Write-Host " " 14 | Write-Host " Created by Alex Ivantsov " 15 | Write-Host " @Exploitacious " 16 | 17 | Write-Host 18 | Write-Host 19 | Write-Host 20 | Write-Host 21 | 22 | # Check for Files Here 23 | # Required Files (xyz...) 24 | 25 | 26 | Write-Host "Launching De-Bloat Processes..." 27 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"C:\Temp\Cleanup\UninstallBloat.ps1`"" -Verb RunAs 28 | 29 | $i = 5 #Seconds 30 | do { 31 | Write-Host $i 32 | Sleep 1 33 | $i-- 34 | } while ($i -gt 0) 35 | 36 | Write-Host "Launching PS Modules & Windows Updates" 37 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"C:\Temp\Cleanup\PSandWindowsUpdates.ps1`"" -Verb RunAs 38 | 39 | $i = 180 #Seconds 40 | do { 41 | Write-Host $i 42 | Sleep 1 43 | $i-- 44 | } while ($i -gt 0) 45 | 46 | Write-Host "Launching Winget Auto Update and New App Installations" 47 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"C:\Temp\Cleanup\InstallNewApps.ps1`"" -Verb RunAs 48 | 49 | $i = 60 #Seconds 50 | do { 51 | Write-Host $i 52 | Sleep 1 53 | $i-- 54 | } while ($i -gt 0) 55 | 56 | Write-Host "Launching Windows tweaks and settings..." 57 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"C:\Temp\Cleanup\PS-HKLM.ps1`"" -Verb RunAs 58 | 59 | 60 | Read-Host -Prompt "Finished! Press Enter to exit" 61 | 62 | <# 63 | 64 | # Implement User Logon Script 65 | 66 | Write-Host "Creating Directories 'C:\Windows\FirstUserLogon' and Copying files" 67 | mkdir "C:\Windows\FirstUserLogon" -ErrorAction SilentlyContinue 68 | Copy-Item "DebloatScript-HKCU.ps1" "C:\Windows\FirstUserLogon\DebloatScript-HKCU.ps1" 69 | Copy-Item "FirstLogon.bat" "C:\Windows\FirstUserLogon\FirstLogon.bat" 70 | Write-Host 71 | 72 | Write-Host "Enabling Registry Keys to run Logon Script" 73 | REG LOAD HKEY_Users\DefaultUser "C:\Users\Default\NTUSER.DAT" 74 | Set-ItemProperty -Path "REGISTRY::HKEY_USERS\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Run" -Name "FirstUserLogon" -Value "C:\Windows\FirstUserLogon\FirstLogon.bat" -Type "String" 75 | REG UNLOAD HKEY_Users\DefaultUser 76 | 77 | Write-Host "New User Logon Script Successfully Enabled" 78 | 79 | 80 | #> -------------------------------------------------------------------------------- /NinjaRMM/z.NinjaScriptingTemplatePrompt/Readme.md: -------------------------------------------------------------------------------- 1 | # Ninja RMM Script Generator 2 | 3 | ## 1. Welcome! 4 | 5 | This toolkit is designed to generate high-quality, standardized scripts for Ninja RMM using a an AI assistant. 6 | 7 | By giving an AI (like Gemini, ChatGPT, or Claude) a specialized "persona," we turn it into a script developer that understands all the specific rules and formats required for Ninja RMM scripting. Simply use the prompt and request a script with human-language instructions. 8 | 9 | ## 2. What's Included 10 | 11 | * **`AIPrompt.md`**: This is the master prompt file. Think of it as the "brain" or "instruction manual" for the AI. It contains the persona, all the technical rules for Ninja RMM scripting, and the complete PowerShell template. 12 | * **`Template.ps1`**: This is the standard PowerShell boilerplate script. **You do not need to use this file directly.** It is included for your reference, but it is already embedded inside the `AIPrompt.md` file for the AI to use automatically. 13 | 14 | ## 3. How to Use 15 | 16 | ### Step 1: Start a New AI Chat Session 17 | 18 | For the best results, **always start a new, fresh chat session** or create a **"Custom GPT / "Gemini GEM"** with your chosen AI platform. This ensures the AI has a clean slate and isn't influenced by previous conversations. 19 | 20 | ### Step 2: Load the "NinjaScript Architect" Persona 21 | 22 | Open the `AIPrompt.md` file in RAW format (https://raw.githubusercontent.com/Exploitacious/Windows_Toolz/refs/heads/main/NinjaRMM/ScriptingTemplatePrompt/AIPrompt.md) Select and copy the **entire contents** of the file. Paste this entire block of text as your **very first message** into the new chat window and send it. 23 | 24 | The AI will now have its instructions and is ready to act as your Ninja RMM scripting expert. 25 | 26 | ### Step 3: Make Your Request 27 | 28 | You can now ask for scripts in plain English! The AI will take your request and generate a complete, ready-to-use script based on the rules and template it just learned. 29 | 30 | ## 4. Example Requests 31 | 32 | Here are a few examples of how you can ask for scripts: 33 | 34 | #### **To Create a New Script:** 35 | 36 | > "Create a script to check if the Windows Firewall is enabled for the Domain, Private, and Public profiles. If any are disabled, create an alert." 37 | 38 | #### **To Convert an Existing Script:** 39 | 40 | > "Please convert the following PowerShell script into a proper Ninja RMM component. Make sure to replace the hard-coded path with a configurable RMM variable." 41 | > 42 | > ```powershell 43 | > $logFile = "C:\temp\applog.txt" 44 | > if (Test-Path $logFile) { 45 | > Write-Host "Log file exists." 46 | > } else { 47 | > Write-Error "Log file NOT found!" 48 | > } 49 | > ``` 50 | 51 | #### **To Modify a Script the AI Just Made:** 52 | 53 | > "That's great. Now, can you modify the firewall script to also write the status of each profile (e.g., "Domain: On, Private: Off") to the custom field?" 54 | 55 | ## 5. Tips for Best Results 56 | 57 | * **One Persona Per Chat:** Use your "NinjaScript Architect" chat session *only* for generating Ninja RMM scripts. If you need to ask the AI about something else, start a different chat. 58 | * **Review the Variables:** The AI will always list the RMM Script Variables you need to create at the top of the script. Double-check that you create these in the Ninja RMM policy. -------------------------------------------------------------------------------- /General/WingetAutoUpdate/Get-WauUpdateData.ps1: -------------------------------------------------------------------------------- 1 | # FILE: Get-WauUpdateData.ps1 2 | 3 | function Get-WauUpdateData { 4 | [CmdletBinding()] 5 | param( 6 | [Parameter(Mandatory = $false)] 7 | [string]$Path = 'C:\Program Files\Winget-AutoUpdate\logs\updates.log' 8 | ) 9 | 10 | if (-not (Test-Path -Path $Path -PathType Leaf)) { 11 | Write-Error "Log file not found at '$Path'." 12 | return 13 | } 14 | 15 | $updateRecords = @() 16 | $currentDate = $null 17 | # A hashtable to temporarily store version info for an app being updated 18 | $pendingUpdates = @{} 19 | 20 | $logContent = Get-Content -Path $Path 21 | foreach ($line in $logContent) { 22 | # 1. Find the date for the current session and clear old pending data 23 | if ($line -match '#\s+(\d{1,2}/\d{1,2}/\d{4})\s+-') { 24 | $currentDate = $matches[1] 25 | $pendingUpdates.Clear() 26 | } 27 | 28 | # 2. Find the announcement of an available update to get version info 29 | if ($line -match '-> Available update : (.+?)\. Current version : (.+?)\. Available version : (.*?)\.?$') { 30 | $appNameAndVersion = $matches[1].Trim() 31 | $currentVersion = $matches[2].Trim() 32 | $availableVersion = $matches[3].Trim() 33 | # Store the version info, keyed by the full app name string 34 | $pendingUpdates[$appNameAndVersion] = @{ Current = $currentVersion; Target = $availableVersion } 35 | } 36 | 37 | # 3. Look for a success message 38 | if ($line -match '^(\d{2}:\d{2}:\d{2})\s+-\s+(.+?)\s+updated to\s+(.+?)\s+!') { 39 | $timestamp = $matches[1] 40 | $appName = $matches[2].Trim() 41 | $newVersion = $matches[3].Trim() 42 | 43 | $pendingKey = $pendingUpdates.Keys | Where-Object { $_ -like "$appName*" } | Select-Object -First 1 44 | if ($pendingKey) { 45 | $versions = $pendingUpdates[$pendingKey] 46 | $updateRecords += [PSCustomObject]@{ 47 | DateTime = [datetime]::Parse("$currentDate $timestamp") 48 | Application = $appName 49 | Status = 'Success' 50 | FromVersion = $versions.Current 51 | ToVersion = $newVersion 52 | } 53 | $pendingUpdates.Remove($pendingKey) 54 | } 55 | } 56 | 57 | # 4. Look for a failure message 58 | if ($line -match '^(\d{2}:\d{2}:\d{2})\s+-\s+(.+?)\s+update failed\.') { 59 | $timestamp = $matches[1] 60 | $failedAppName = $matches[2].Trim() 61 | 62 | if ($pendingUpdates.ContainsKey($failedAppName)) { 63 | $versions = $pendingUpdates[$failedAppName] 64 | $updateRecords += [PSCustomObject]@{ 65 | DateTime = [datetime]::Parse("$currentDate $timestamp") 66 | Application = $failedAppName 67 | Status = 'Failed' 68 | FromVersion = $versions.Current 69 | ToVersion = $versions.Target 70 | } 71 | $pendingUpdates.Remove($failedAppName) 72 | } 73 | } 74 | } 75 | 76 | # Output all collected records 77 | return $updateRecords 78 | } 79 | 80 | Get-WauUpdateData @PSBoundParameters -------------------------------------------------------------------------------- /General/Utilities/Copy-ShortcutToDesktop.ps1: -------------------------------------------------------------------------------- 1 | # Quick Script to duplicate a file from a location to every possible desktop environment, and remove everything else that matches an extension. 2 | 3 | # --- Configuration --- 4 | $sourceFile = "\\Server\Production\some.file" 5 | $fileName = "some.file" #Copy 6 | 7 | # --- Get Potential Desktop Paths --- 8 | $standardDesktop = [System.Environment]::GetFolderPath('Desktop') 9 | $oneDriveDesktop = "$env:USERPROFILE\OneDrive\Desktop" 10 | 11 | # Create an array of desktop paths to check, ensuring no duplicates 12 | $desktopPaths = @($standardDesktop, $oneDriveDesktop) | Get-Unique 13 | 14 | Write-Host "Checking the following desktop locations:" 15 | $desktopPaths | ForEach-Object { Write-Host "- $_" } 16 | 17 | # --- Cleanup and Update --- 18 | foreach ($desktopPath in $desktopPaths) { 19 | # Check if the directory exists before proceeding 20 | if (Test-Path $desktopPath -PathType Container) { 21 | 22 | $destinationFile = Join-Path -Path $desktopPath -ChildPath $fileName 23 | 24 | # --- Remove any other .accde files from this desktop location --- 25 | Get-ChildItem -Path $desktopPath -Filter "*.accde" -ErrorAction SilentlyContinue | ForEach-Object { 26 | if ($_.FullName -ne $destinationFile) { 27 | Write-Host "Removing stray file: $($_.FullName)" 28 | Remove-Item -Path $_.FullName -Force 29 | } 30 | } 31 | 32 | # --- Check for and update the primary .accde file --- 33 | # Scenarios to handle: 34 | # 1. The destination file doesn't exist. 35 | # 2. The destination file exists, but the source is newer. 36 | 37 | $needsCopy = $false 38 | if (-not (Test-Path $destinationFile)) { 39 | Write-Host "Destination file does not exist at $destinationFile. Queuing for copy." 40 | $needsCopy = $true 41 | } 42 | else { 43 | # Compare LastWriteTime only if the destination exists 44 | try { 45 | $sourceInfo = Get-Item -Path $sourceFile -ErrorAction Stop 46 | $destInfo = Get-Item -Path $destinationFile -ErrorAction Stop 47 | 48 | if ($sourceInfo.LastWriteTime -gt $destInfo.LastWriteTime) { 49 | Write-Host "Source file is newer than $destinationFile. Queuing for update." 50 | $needsCopy = $true 51 | } 52 | else { 53 | Write-Host "File $destinationFile is already up to date." 54 | } 55 | } 56 | catch { 57 | Write-Warning "Could not compare file times for $destinationFile. Error: $_" 58 | # You might decide to force a copy here if comparison fails 59 | # $needsCopy = $true 60 | } 61 | } 62 | 63 | if ($needsCopy) { 64 | try { 65 | Write-Host "Copying latest version to $destinationFile..." 66 | Copy-Item -Path $sourceFile -Destination $destinationFile -Force -ErrorAction Stop 67 | Write-Host "Copy successful." 68 | } 69 | catch { 70 | Write-Error "Failed to copy $sourceFile to $destinationFile. Error: $_" 71 | } 72 | } 73 | } 74 | else { 75 | Write-Host "Directory not found, skipping: $desktopPath" 76 | } 77 | } 78 | 79 | Write-Host "Script execution complete." -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/ClaudeEdits/InstallNewApps.txt: -------------------------------------------------------------------------------- 1 | # Winget Application Installation Script 2 | # ====================================== 3 | # This script performs the following tasks: 4 | # 1. Elevates to admin privileges if necessary 5 | # 2. Installs Winget Auto-Update (WAU) 6 | # 3. Installs a predefined list of applications using Winget 7 | # 8 | # Note: This script requires administrative privileges to run. 9 | # ====================================== 10 | 11 | # Verify/Elevate Admin Session 12 | if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { 13 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs 14 | exit 15 | } 16 | 17 | # Define list of applications to install 18 | $InstallPrograms = @( 19 | "Company Portal" 20 | "9N0DX20HK701" # Windows Terminal 21 | "9NRX63209R7B" # Outlook (NEW) for Windows 22 | "Adobe.Acrobat.Reader.64-bit" 23 | "7zip.7zip" 24 | "Zoom.Zoom" 25 | "Microsoft.Teams" # Microsoft Teams (New) 26 | ) 27 | 28 | # Function to install Winget Auto-Update (WAU) 29 | function Install-WingetAutoUpdate { 30 | $WAUPath = "C:\Temp\WAU_Latest" 31 | $WAUUrl = "https://github.com/Romanitho/Winget-AutoUpdate/zipball/master/" 32 | $WAUFile = "$WAUPath\WAU_latest.zip" 33 | 34 | Write-Host "Installing Winget Auto-Update..." 35 | 36 | # Refresh or create WAU directory 37 | if (Test-Path -Path $WAUPath) { 38 | Remove-Item $WAUPath -Recurse -Force -ErrorAction SilentlyContinue 39 | } 40 | New-Item -ItemType Directory -Path $WAUPath -Force | Out-Null 41 | 42 | # Download and extract WAU 43 | Invoke-WebRequest -Uri $WAUUrl -OutFile $WAUFile 44 | Expand-Archive $WAUFile -DestinationPath $WAUPath -Force 45 | Remove-Item $WAUFile -Force 46 | 47 | # Move files and clean up 48 | Move-Item "$WAUPath\Romanitho*\*" $WAUPath 49 | Remove-Item "$WAUPath\Romanitho*\" -Recurse -Force 50 | 51 | # Install WAU 52 | & "$WAUPath\Sources\WAU\Winget-AutoUpdate-Install.ps1" -Silent -InstallUserContext -NotificationLevel None -UpdatesAtLogon -UpdatesInterval Daily -DoNotUpdate 53 | } 54 | 55 | # Function to install applications using Winget 56 | function Install-WingetApps { 57 | param ( 58 | [array]$AppList 59 | ) 60 | 61 | Write-Host "Installing Applications..." 62 | foreach ($app in $AppList) { 63 | $listApp = winget list --exact -q $app --accept-source-agreements --accept-package-agreements 64 | if (![String]::Join("", $listApp).Contains($app)) { 65 | Write-Host "Installing: $app" -ForegroundColor Green 66 | winget install -e -h --accept-source-agreements --accept-package-agreements --id $app 67 | } 68 | else { 69 | Write-Host "$app already installed." 70 | } 71 | } 72 | } 73 | 74 | # Main execution 75 | try { 76 | Write-Host "Starting Winget and application installation process..." -ForegroundColor Green 77 | 78 | # Install Winget Auto-Update 79 | Install-WingetAutoUpdate 80 | 81 | # Install specified applications 82 | Install-WingetApps -AppList $InstallPrograms 83 | 84 | Write-Host "Installation process completed successfully." -ForegroundColor Green 85 | } 86 | catch { 87 | Write-Host "An error occurred during the installation process: $_" -ForegroundColor Red 88 | } 89 | finally { 90 | Read-Host -Prompt "Press Enter to exit" 91 | } -------------------------------------------------------------------------------- /Curl-able/Windows_Events_Audit/ClearWindowsEventLog.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Wipes every Windows event log (yes, Security too) 4 | 5 | .DESCRIPTION 6 | • Enables SeSecurityPrivilege for the Security log. 7 | • Disables every channel (/e:false) + sets retention overwrite (/rt:false) 8 | **quietly** (/q:true) so no “[y/n]” appears. 9 | • Clears each log. 10 | • Re-enables channels that were originally enabled. 11 | #> 12 | 13 | # ─── 1. Self-elevate ─────────────────────────────────────────────────────── 14 | if (-not ([Security.Principal.WindowsPrincipal] ` 15 | [Security.Principal.WindowsIdentity]::GetCurrent() 16 | ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { 17 | Start-Process -FilePath (Get-Process -Id $PID).Path ` 18 | -ArgumentList '-NoProfile', '-ExecutionPolicy', 'Bypass', '-File', "`"$PSCommandPath`"" ` 19 | -Verb runas 20 | exit 21 | } 22 | 23 | # ─── 2. Enable SeSecurityPrivilege ──────────────────────────────────────── 24 | if (-not ('Priv' -as [type])) { 25 | 26 | Add-Type @" 27 | using System; 28 | using System.Runtime.InteropServices; 29 | public class Priv { 30 | [DllImport("advapi32.dll", SetLastError=true)] 31 | static extern bool OpenProcessToken(IntPtr p, uint acc, out IntPtr tok); 32 | [DllImport("advapi32.dll", SetLastError=true)] 33 | static extern bool LookupPrivilegeValue(string s, string n, out LUID id); 34 | [DllImport("advapi32.dll", SetLastError=true)] 35 | static extern bool AdjustTokenPrivileges(IntPtr tok,bool d,ref TOKEN_PRIVILEGES nP,uint l, 36 | IntPtr p,IntPtr l2); 37 | 38 | struct LUID { public uint LowPart; public int HighPart; } 39 | struct TOKEN_PRIVILEGES { public uint Count; public LUID Luid; public uint Attr; } 40 | 41 | public static void Enable(string priv){ 42 | const uint ADJ=0x20, QRY=0x8, ENABLE=0x2; 43 | IntPtr tok; LUID id; TOKEN_PRIVILEGES tp; 44 | if(!OpenProcessToken(System.Diagnostics.Process.GetCurrentProcess().Handle,ADJ|QRY,out tok)) 45 | throw new System.ComponentModel.Win32Exception(); 46 | if(!LookupPrivilegeValue(null,priv,out id)) 47 | throw new System.ComponentModel.Win32Exception(); 48 | tp.Count=1; tp.Luid=id; tp.Attr=ENABLE; 49 | if(!AdjustTokenPrivileges(tok,false,ref tp,0,IntPtr.Zero,IntPtr.Zero)) 50 | throw new System.ComponentModel.Win32Exception(); 51 | } 52 | } 53 | "@ 54 | } 55 | 56 | [Priv]::Enable('SeSecurityPrivilege') 57 | 58 | # ─── 3. Obliterate & re-enable ──────────────────────────────────────────── 59 | Write-Host 'Enumerating and CLEARING ALL LOGS...' -Foreground Cyan 60 | $logs = wevtutil el 61 | 62 | foreach ($log in $logs) { 63 | try { 64 | # Ensure retention won't block deletion & disable channel quietly 65 | wevtutil sl "$log" /rt:false /e:false /q:true 2>$null 66 | Write-Host " Clearing [$log]" -Foreground DarkGray 67 | wevtutil cl "$log" 2>$null 68 | 69 | # Immediately re-enable collection 70 | wevtutil sl "$log" /e:true /q:true 2>$null 71 | } 72 | catch { 73 | Write-Warning " ! $log - $($_.Exception.Message)" 74 | } 75 | } 76 | 77 | Write-Host "`nAll logs wiped and re-enabled." -Foreground Green 78 | 79 | # ─── 4. Sanity-check the Big Three ──────────────────────────────────────── 80 | Get-WinEvent -ListLog Security, System, Application | 81 | Select-Object LogName, RecordCount | Format-Table -AutoSize 82 | 83 | Write-Host 84 | write-host "Launching the Baseline Configurator" 85 | .\BaselineSettings.ps1 -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/ClaudeEdits/README.md: -------------------------------------------------------------------------------- 1 | # Windows Optimization Scripts 2 | 3 | This collection of PowerShell scripts is designed to optimize and customize Windows 10 and 11 for business environments. Each script focuses on specific aspects of system configuration and maintenance. 4 | 5 | ## Scripts Overview 6 | 7 | ### 1. Windows System-wide Customization Script 8 | 9 | **Purpose**: Optimizes Windows 10/11 for business environments by modifying system-wide settings. 10 | 11 | **Key Functions**: 12 | 13 | - Enhances privacy and security settings 14 | - Disables telemetry and data collection 15 | - Customizes UI and UX settings 16 | - Optimizes system performance 17 | - Configures Windows features 18 | - Applies specific Windows 11 optimizations (if applicable) 19 | 20 | ### 2. Windows User-Specific Customization Script 21 | 22 | **Purpose**: Optimizes Windows 10/11 user settings without requiring administrative privileges. 23 | 24 | **Key Functions**: 25 | 26 | - Disables Cortana and Bing Search 27 | - Removes application suggestions and Start Menu tiles 28 | - Customizes taskbar and system tray 29 | - Adjusts privacy settings 30 | - Modifies various UI elements 31 | - Applies specific Windows 11 tweaks (if applicable) 32 | 33 | ### 3. Winget Application Installation Script 34 | 35 | **Purpose**: Automates the installation of applications using Winget package manager. 36 | 37 | **Key Functions**: 38 | 39 | - Installs Winget Auto-Update (WAU) 40 | - Installs a predefined list of applications using Winget 41 | - Handles both Microsoft Store apps and traditional Windows applications 42 | 43 | ### 4. PowerShell Module and Windows Update Script 44 | 45 | **Purpose**: Updates PowerShell modules and runs Windows Updates. 46 | 47 | **Key Functions**: 48 | 49 | - Configures PowerShell Gallery and NuGet 50 | - Updates existing PowerShell modules 51 | - Installs new specified PowerShell modules 52 | - Runs Windows Updates 53 | - Ensures Microsoft Update service is registered and active 54 | 55 | ### 5. Windows Bloatware Removal Script 56 | 57 | **Purpose**: Removes pre-installed bloatware from Windows systems. 58 | 59 | **Key Functions**: 60 | 61 | - Removes specified AppX packages for all users and from provisioned packages 62 | - Uninstalls specified MSI-based applications 63 | - Handles both Windows 10 and Windows 11 bloatware 64 | 65 | ### Usage 66 | 67 | ## One-Liner to Launch in Powershell or CMD (Run as Admin) 68 | 69 | curl -L cleanup.umbrellaitgroup.com -o cleanup.cmd && cleanup.cmd 70 | 71 | ## Caution 72 | 73 | These scripts make significant changes to your Windows installation. It's recommended to: 74 | 75 | - Review each script before running to ensure it aligns with your organization's policies. 76 | - Test in a controlled environment before deploying to production systems. 77 | - Create a system restore point or backup before running these scripts. 78 | 79 | ## Customization 80 | 81 | Each script contains lists or sections that can be easily modified to suit your specific needs: 82 | 83 | - Application lists in the Winget installation script 84 | - Bloatware lists in the removal script 85 | - Registry modifications in the customization scripts 86 | 87 | Modify these sections as needed for your environment. 88 | 89 | # Windows Appx Bloatware Perma-Uninstall List 90 | 91 | - See "Bloatware" Variable for full list. 92 | - To add or remove bloatware apps from this list, simply add then in quotes with wildcard \* symbols. 93 | - To make sure they'll be picked up and removed, test them on a machine by running: get-appxpackage -name _appName_ 94 | 95 | # Per-User first-time logon script to clean up user interface 96 | 97 | - Make sure you download BOTH the FirstLogon.bat file and DebloatScript-HKCU.ps1 into the same directory as the main System Debloat Script. 98 | - A copy of the Bat and HKCU will be placed in C:\Windows\FirstUserLogon and ran every time a user logs in for the FIRST TIME ONLY. 99 | - This 'mini' script cleans up the user interface and removes some of the clutter that Windows 10 likes to throw at you. 100 | -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/ClaudeEdits/Main-Stager.txt: -------------------------------------------------------------------------------- 1 | # Main-Stager Script with Rollback Mechanism 2 | # ========================================== 3 | 4 | $ErrorActionPreference = "Stop" 5 | $logFile = "C:\Temp\Cleanup\optimization_log.txt" 6 | $restorePointName = "Pre-Optimization-$(Get-Date -Format 'yyyyMMdd-HHmmss')" 7 | $rollbackScriptPath = "C:\Temp\Cleanup\rollback_script.ps1" 8 | 9 | function Log-Message { 10 | param([string]$message) 11 | $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" 12 | "$timestamp - $message" | Out-File -Append -FilePath $logFile 13 | Write-Host $message 14 | } 15 | 16 | function Create-RestorePoint { 17 | Log-Message "Creating system restore point: $restorePointName" 18 | Checkpoint-Computer -Description $restorePointName -RestorePointType "MODIFY_SETTINGS" 19 | } 20 | 21 | function Run-Script { 22 | param([string]$scriptName) 23 | try { 24 | Log-Message "Starting $scriptName" 25 | & "C:\Temp\Cleanup\$scriptName" 26 | Log-Message "$scriptName completed successfully" 27 | } 28 | catch { 29 | Log-Message "Error in $scriptName: $_" 30 | throw 31 | } 32 | } 33 | 34 | function Create-RollbackScript { 35 | $rollbackContent = @" 36 | # Rollback Script 37 | # =============== 38 | Write-Host "Rolling back system changes..." 39 | 40 | # Restore to the pre-optimization restore point 41 | $restorePoints = Get-ComputerRestorePoint 42 | $targetRestorePoint = $restorePoints | Where-Object { `$_.Description -eq "$restorePointName" } | Select-Object -First 1 43 | 44 | if (`$targetRestorePoint) { 45 | Write-Host "Restoring to point: $restorePointName" 46 | Restore-Computer -RestorePoint `$targetRestorePoint.SequenceNumber -Confirm:`$false 47 | Write-Host "System restored to pre-optimization state." 48 | Write-Host "Please restart your computer for changes to take effect." 49 | } else { 50 | Write-Host "Restore point not found. Manual intervention may be required." 51 | } 52 | 53 | # Remove the HKCU optimization flag for all users 54 | Get-ChildItem "C:\Users" -Directory | ForEach-Object { 55 | Remove-Item "`$(`$_.FullName)\.hkcu_optimization_complete" -Force -ErrorAction SilentlyContinue 56 | } 57 | 58 | Write-Host "HKCU optimization flags removed. User-specific changes will be reapplied on next login." 59 | 60 | # Additional rollback steps can be added here if needed 61 | 62 | Read-Host -Prompt "Press Enter to exit" 63 | "@ 64 | 65 | $rollbackContent | Out-File -FilePath $rollbackScriptPath -Encoding utf8 66 | Log-Message "Rollback script created at $rollbackScriptPath" 67 | } 68 | 69 | try { 70 | Log-Message "Starting Windows optimization process" 71 | 72 | # Create system restore point 73 | Create-RestorePoint 74 | 75 | # Create rollback script 76 | Create-RollbackScript 77 | 78 | # Run optimization scripts 79 | Run-Script "UninstallBloat.ps1" 80 | Start-Sleep -Seconds 30 81 | 82 | Run-Script "PSandWindowsUpdates.ps1" 83 | Start-Sleep -Seconds 180 84 | 85 | Run-Script "InstallNewApps.ps1" 86 | Start-Sleep -Seconds 60 87 | 88 | Run-Script "PS-HKLM.ps1" 89 | Run-Script "Cmd-HKLM.cmd" 90 | 91 | # Set up first logon script for new user profiles 92 | $logonScriptPath = "C:\Windows\System32\GroupPolicy\User\Scripts\Logon" 93 | New-Item -Path $logonScriptPath -ItemType Directory -Force | Out-Null 94 | Copy-Item "C:\Temp\Cleanup\combined-hkcu-script.ps1" $logonScriptPath 95 | 96 | # Create a registry entry to run the script on user logon 97 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logon" -Name "1" -Value "combined-hkcu-script.ps1" -PropertyType String -Force 98 | 99 | Log-Message "Windows optimization process completed successfully" 100 | Log-Message "A rollback script has been created at $rollbackScriptPath if needed" 101 | } 102 | catch { 103 | Log-Message "Critical error in optimization process: $_" 104 | Log-Message "Consider running the rollback script at $rollbackScriptPath" 105 | exit 1 106 | } -------------------------------------------------------------------------------- /DattoRMM/WindowsAutoRepair/SFC-CorruptionCheck.ps1: -------------------------------------------------------------------------------- 1 | # Run SFC, DISM and Checkdisk on next bootup for affected drives and partitions 2 | 3 | $Global:DiagMsg = @() # Running Diagnostic log (diaglog). Use " $Global:DiagMsg += " to append messages to this log for verboseness in the script. 4 | 5 | $Global:AlertMsg = @() # Combined Alert message. If left blank, will not trigger Alert status. Use " $Global:AlertMsg += " to append messages to be alerted on in Datto. 6 | 7 | $Global:AlertHealthy = "Healthy" # Define what should be displayed in Datto when monitor is healthy and $Global:AlertMsg is blank. 8 | 9 | $Global:varUDFString = @() # String which will be written to UDF, if UDF Number is defined by $usrUDF in Datto. Use " $Global:varUDFString += " to fill this string. 10 | 11 | 12 | # DattoRMM Alert Functions. Don't touch these unless you know what you're doing. 13 | function write-DRMMDiag ($messages) { 14 | Write-Host '<-Start Diagnostic->' 15 | foreach ($Message in $Messages) { $Message } 16 | Write-Host '<-End Diagnostic->' 17 | } 18 | function write-DRMMAlert ($message) { 19 | Write-Host '<-Start Result->' 20 | Write-Host "STATUS=$message" 21 | Write-Host '<-End Result->' 22 | } 23 | 24 | 25 | 26 | # Pull up all particians and number them 27 | $partitionlist = Get-Partition 28 | $partitionGroup = $partitionlist | Group-Object DiskNumber 29 | 30 | ####################################################################### 31 | 32 | # Schedule a CheckDisk on Next Computer Start if needed 33 | forEach ( $partition in $partitionlist ) { 34 | $driveLetter = ($partition.DriveLetter + ":") 35 | $dirtyFlag = fsutil dirty query $driveLetter 36 | Write-Host 37 | 38 | If ($dirtyFlag -notmatch "NOT Dirty") { 39 | Write-Host "$driveLetter dirty bit set -> running chkdsk" 40 | Start-Job -Name ChkDsk -ScriptBlock { Write-Output 'y' | chkdsk.exe /R $driveLetter } 41 | # Launch ChkDsk with /R to includes automated recovery plus hardware checking. Opens a seperate job and takes care of the (Y/N) schedule prompt 42 | } 43 | else { 44 | Write-Host "$driveLetter dirty bit not set -> skipping chkdsk" 45 | } 46 | } 47 | 48 | 49 | # Run DISM and SFC on Windows Volumes 50 | 51 | forEach ( $partitionGroup in $partitionlist | Group-Object DiskNumber ) { 52 | Write-Host 53 | Write-Host "Running DISM / SFC" 54 | Write-Host 55 | #reset paths for each part group (disk) 56 | $isOsPath = $false 57 | $osPath = '' 58 | $osDrive = '' 59 | 60 | # Scan all partitions of a disk for bcd store and os file location 61 | ForEach ($drive in $partitionGroup.Group | Select-Object -ExpandProperty DriveLetter ) { 62 | 63 | # Check if OS loader was found on the previous partition 64 | if (-not $isOsPath) { 65 | $osPath = $drive + ':\windows\system32\winload.exe' 66 | $isOsPath = Test-Path $osPath 67 | if ($isOsPath) { 68 | $osDrive = $drive + ':' 69 | } 70 | } 71 | } 72 | 73 | Write-Host "OsDrive $OsDrive" 74 | Write-Host "OsPath $OsPath" 75 | Write-Host "isOsPath $isOsPath" 76 | Write-Host 77 | 78 | # Run DISM and SFC 79 | if ( $isOsPath -eq $true ) { 80 | 81 | Write-Host "Revert pending actions to Windows Image to let SFC succeed in most cases" 82 | dism.exe /online /cleanup-image /revertpendingactions 83 | Write-Host 84 | 85 | Write-Host "Running SFC on $osDrive\windows" 86 | sfc /scannow # Offline File Options: /offbootdir=$osDrive /offwindir=$osDrive\windows 87 | Write-Host 88 | 89 | Write-Host "Running DISM to restore health on $osDrive" 90 | Dism.exe /Online /Cleanup-Image /RestoreHealth 91 | Write-Host 92 | 93 | Write-Host "Enumerating potentially corrupt system files in $osDrive\windows\system32\" 94 | Get-ChildItem -Path $osDrive\windows\system32\* -Include *.dll, *.exe ` 95 | | ForEach-Object { $_.VersionInfo | Where-Object FileVersion -EQ $null | Select-Object FileName, ProductVersion, FileVersion } 96 | 97 | } 98 | } -------------------------------------------------------------------------------- /General/SOFTWARE/NinjaRMM/UmbrellaNinjaRMMInstaller.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #================================================================================ 4 | # 5 | # Site: Umbrella IT Solutions 6 | # FILE: install_ninjaone_agent.sh 7 | # 8 | # USAGE: sudo ./install_ninjaone_agent.sh 9 | # 10 | # DESCRIPTION: Installs the NinjaOne agent on Debian-based Linux systems. 11 | # - Ensures script is run with root privileges. 12 | # - Verifies the OS is Debian-based (e.g., Debian, Ubuntu). 13 | # - Downloads the specified agent version into a temporary directory. 14 | # - Installs the agent and its dependencies using apt. 15 | # - Enables and starts the agent's systemd service. 16 | # - Cleans up all temporary files after installation. 17 | # 18 | #================================================================================ 19 | 20 | # Exit immediately if a command exits with a non-zero status. 21 | set -e 22 | 23 | # --- Configuration --- 24 | # URL for the NinjaOne agent .deb package 25 | AGENT_URL="" 26 | 27 | # Local filename for the downloaded package 28 | AGENT_FILE="ninjaone_agent.deb" 29 | 30 | # The name of the systemd service for the agent 31 | # NOTE: This is a common name; verify if installation issues occur. 32 | SERVICE_NAME="ninjaagent" 33 | # --------------------- 34 | 35 | 36 | ## 1. Pre-flight Checks 37 | echo "--- Performing pre-flight checks..." 38 | 39 | # Check for Root Privileges 40 | if [ "$(id -u)" -ne 0 ]; then 41 | echo "ERROR: This script must be run as root. Please use sudo." >&2 42 | exit 1 43 | fi 44 | 45 | # Check for a Debian-based system by verifying the existence of /etc/debian_version 46 | if ! [ -f /etc/debian_version ]; then 47 | echo "ERROR: This script is intended for Debian-based systems (like Ubuntu, Mint) only." 48 | exit 1 49 | fi 50 | echo "Checks passed: Running as root on a Debian-based system." 51 | 52 | 53 | ## 2. Download and Install Agent 54 | echo "--- Downloading and installing the NinjaOne agent..." 55 | 56 | # Create a secure, temporary directory for the download 57 | TEMP_DIR=$(mktemp -d -t ninjaone-install-XXXXXXXXXX) 58 | cd "$TEMP_DIR" 59 | echo "Created temporary directory: $TEMP_DIR" 60 | 61 | echo "Downloading the NinjaOne agent package..." 62 | # Use wget with -q (quiet) and -O (output file) flags 63 | wget -q -O "$AGENT_FILE" "$AGENT_URL" 64 | if [ $? -ne 0 ]; then 65 | echo "ERROR: Download failed. Please check the AGENT_URL and your network connection." 66 | rm -rf "$TEMP_DIR" # Clean up on failure 67 | exit 1 68 | fi 69 | echo "Download complete." 70 | 71 | echo "Installing the package and its dependencies..." 72 | # Update package lists to ensure dependencies are available 73 | apt-get update -y > /dev/null 74 | # Use 'apt-get install' on a local .deb file to automatically handle dependencies 75 | apt-get install -y "./$AGENT_FILE" 76 | echo "Installation complete." 77 | 78 | 79 | ## 3. Start and Enable Service 80 | echo "--- Configuring the NinjaOne agent service..." 81 | 82 | # Check if the service exists before attempting to manage it 83 | if systemctl list-units --full --all | grep -q "$SERVICE_NAME.service"; then 84 | echo "Enabling and starting the '$SERVICE_NAME' service..." 85 | # Use 'enable --now' to both enable the service on boot and start it immediately 86 | systemctl enable --now "$SERVICE_NAME" 87 | echo "Service started and enabled successfully." 88 | else 89 | echo "WARNING: Service '$SERVICE_NAME.service' was not found. The agent may not have installed correctly, or it may use a different service name." 90 | # This is a warning, not a fatal error, as the user may need to find the correct service name manually. 91 | fi 92 | 93 | 94 | ## 4. Cleanup 95 | echo "--- Cleaning up installation files..." 96 | rm -rf "$TEMP_DIR" 97 | echo "Temporary directory removed." 98 | 99 | echo "=================================================" 100 | echo " NinjaOne Agent installation script has finished." 101 | echo "=================================================" 102 | 103 | exit 0 -------------------------------------------------------------------------------- /NinjaRMM/z.NinjaScriptingTemplatePrompt/Template.ps1: -------------------------------------------------------------------------------- 1 | # Script Title: [A brief, descriptive title for the script] 2 | # Description: [A one or two-sentence explanation of what the script does and its purpose. This will be used in the NinjaRMM description field.] 3 | 4 | # Script Name and Type 5 | $ScriptName = "[Title from above]" 6 | $ScriptType = "Monitoring" # Or "Remediation", "General", etc. 7 | $Date = Get-Date -Format "MM/dd/yyyy hh:mm tt" 8 | 9 | ## HARD-CODED VARIABLES ## 10 | # This section is for variables that are not meant to be configured via NinjaRMM script parameters. 11 | 12 | ## ORG-LEVEL EXPECTED VARIABLES ## 13 | # This section is where we will list anything that will require 'Ninja-Property-Get' 14 | 15 | ## CONFIG RMM VARIABLES ## 16 | # Create the following variables in your NinjaRMM script configuration: 17 | # customFieldName (Text): The name of the Text Custom Field to write the status to. 18 | 19 | # [Add other script-specific variables here, with type, description, and default if applicable] 20 | 21 | 22 | # What to Write if Alert is Healthy 23 | $Global:AlertHealthy = "System state is nominal. | Last Checked $Date" 24 | 25 | # Log/Diagnostic Messaging 26 | function write-RMMDiag ($messages) { 27 | Write-Host "`n<-Start Diagnostic->" 28 | foreach ($Message in $Messages) { $Message + ' `' } 29 | Write-Host '<-End Diagnostic->' 30 | Write-Host 31 | } 32 | $Global:DiagMsg = @() 33 | 34 | # Alert Messaging 35 | function write-RMMAlert ($message) { 36 | Write-Host "`n<-Start Result->" 37 | Write-Host "STATUS=$message" 38 | Write-Host '<-End Result->' 39 | } 40 | $Global:AlertMsg = @() 41 | 42 | # RMM Custom Field. 43 | $Global:customFieldMessage = @() 44 | 45 | # Script UID and intro messaging 46 | function genRandString ([int]$length, [string]$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { 47 | return -join ((1..$length) | ForEach-Object { Get-Random -InputObject $chars.ToCharArray() }) 48 | } 49 | $ScriptUID = GenRANDString 20 50 | $Global:DiagMsg += "Script Type: $ScriptType" 51 | $Global:DiagMsg += "Script Name: $ScriptName" 52 | $Global:DiagMsg += "Script UID: $ScriptUID" 53 | $Global:DiagMsg += "Executed On: $Date" 54 | 55 | ################################## 56 | ################################## 57 | ######## Start of Script ######### 58 | 59 | try { 60 | # Main script logic goes here. 61 | # Populate $Global:AlertMsg if an issue is found. 62 | # Populate $Global:customFieldMessage with the status text. 63 | 64 | # Example: 65 | # $Global:customFieldMessage = "All checks passed successfully. ($Date)" 66 | 67 | } 68 | catch { 69 | $Global:DiagMsg += "An unexpected error occurred: $($_.Exception.Message)" 70 | $Global:AlertMsg = "Script failed with an unexpected error. See diagnostics for details. | Last Checked $Date" 71 | $Global:customFieldMessage = "Script failed with an error. ($Date)" 72 | } 73 | 74 | 75 | ######## End of Script ########### 76 | ################################## 77 | ################################## 78 | 79 | # Write the collected information to the specified Custom Field before exiting. 80 | if ($env:customFieldName) { 81 | $Global:DiagMsg += "Attempting to write '$($Global:customFieldMessage)' to Custom Field '$($env:customFieldName)'." 82 | try { 83 | Ninja-Property-Set -Name $env:customFieldName -Value $Global:customFieldMessage 84 | $Global:DiagMsg += "Successfully updated Custom Field." 85 | } 86 | catch { 87 | $Global:DiagMsg += "Error writing to Custom Field '$($env:customFieldName)': $($_.Exception.Message)" 88 | } 89 | } 90 | else { 91 | $Global:DiagMsg += "Custom Field name not provided in RMM variable 'customFieldName'. Skipping update." 92 | } 93 | 94 | if ($Global:AlertMsg) { 95 | $Global:DiagMsg += "Exiting Script with Exit Code 1 (Trigger Alert)" 96 | write-RMMAlert $Global:AlertMsg 97 | write-RMMDiag $Global:DiagMsg 98 | Exit 1 99 | } 100 | else { 101 | $Global:DiagMsg += "Leaving Script with Exit Code 0 (No Alert)" 102 | write-RMMAlert $Global:AlertHealthy 103 | write-RMMDiag $Global:DiagMsg 104 | Exit 0 105 | } -------------------------------------------------------------------------------- /General/SOFTWARE/Nodeware/NodewareLinuxInstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #================================================================================ 4 | # 5 | # FILE: install_nodeware_linux_universal.sh 6 | # 7 | # USAGE: This script is intended for use in an RMM system like Datto. 8 | # 9 | # DESCRIPTION: Installs the Nodeware agent on all supported Linux systems. 10 | # - Automatically detects Debian/Ubuntu vs. RHEL/CentOS. 11 | # - Uses the latest package URLs as of September 2025. 12 | # - Registers the agent with the provided Customer ID. 13 | # 14 | #================================================================================ 15 | 16 | # Exit immediately if a command exits with a non-zero status. 17 | set -e 18 | 19 | # --- CONFIGURE CUSTOMER ID --- 20 | # This variable is passed directly from the Datto RMM environment. 21 | # Ensure you have a site variable named 'nodeWareCustomerID'. 22 | customerID="$nodeWareCustomerID" 23 | # ----------------------------- 24 | 25 | 26 | ## **1. Pre-flight Checks** 27 | echo "Performing pre-flight checks..." 28 | 29 | # Check for Customer ID 30 | if [ -z "$customerID" ]; then 31 | echo "ERROR: nodeWareCustomerID is not set. Please check the variable name and case at the Site or Component level." 32 | exit 1 33 | fi 34 | 35 | # Check for Root Privileges 36 | if [ "$(id -u)" -ne 0 ]; then 37 | echo "This script must be run as root. Please use sudo." >&2 38 | exit 1 39 | fi 40 | 41 | 42 | ## **2. Detect Linux Distribution** 43 | echo "Detecting Linux distribution..." 44 | 45 | # Source the os-release file to get distribution info 46 | if [ -f /etc/os-release ]; then 47 | . /etc/os-release 48 | else 49 | echo "Cannot detect OS: /etc/os-release not found." 50 | exit 1 51 | fi 52 | 53 | # Determine package type and set URLs based on the OS family 54 | if [[ "$ID" == "debian" || "$ID" == "ubuntu" || "$ID_LIKE" == "debian" ]]; then 55 | PKG_MANAGER="apt-get" 56 | TYPE="debian" 57 | BASE_URL="https://downloads.nodeware.com/agent/linux/debian/nodeware-agent-base_5.1.0.deb" 58 | CORE_URL="https://downloads.nodeware.com/agent/linux/debian/nodeware-agent-core_5.1.0.deb" 59 | BASE_FILE="nodeware-agent-base.deb" 60 | CORE_FILE="nodeware-agent-core.deb" 61 | 62 | elif [[ "$ID" == "rhel" || "$ID" == "centos" || "$ID" == "fedora" || "$ID_LIKE" == "rhel" ]]; then 63 | PKG_MANAGER="yum" 64 | TYPE="rhel" 65 | BASE_URL="https://downloads.nodeware.com/agent/linux/rhel/nodeware-agent-base-5.0.0.x86_64.rpm" 66 | CORE_URL="https://downloads.nodeware.com/agent/linux/rhel/nodeware-agent-core-5.0.4.x86_64.rpm" 67 | BASE_FILE="nodeware-agent-base.rpm" 68 | CORE_FILE="nodeware-agent-core.rpm" 69 | 70 | else 71 | echo "Unsupported Linux distribution: $PRETTY_NAME" 72 | exit 1 73 | fi 74 | 75 | echo "Distribution detected as: $TYPE. Using package manager: $PKG_MANAGER." 76 | 77 | 78 | ## **3. Download and Install Agent** 79 | # Create a temporary directory for the download 80 | TEMP_DIR=$(mktemp -d -t nodeware-install-XXXXXXXXXX) 81 | cd "$TEMP_DIR" 82 | echo "Working in temporary directory: $TEMP_DIR" 83 | 84 | echo "Downloading Nodeware agent packages..." 85 | wget -q -O "$BASE_FILE" "$BASE_URL" 86 | wget -q -O "$CORE_FILE" "$CORE_URL" 87 | 88 | echo "Installing packages and dependencies..." 89 | if [ "$PKG_MANAGER" == "apt-get" ]; then 90 | apt-get update -y 91 | apt-get install -y "./$BASE_FILE" 92 | apt-get install -y "./$CORE_FILE" 93 | elif [ "$PKG_MANAGER" == "yum" ]; then 94 | yum install -y "./$BASE_FILE" 95 | yum install -y "./$CORE_FILE" 96 | fi 97 | 98 | 99 | ## **4. Register and Start Service** 100 | echo "Registering Nodeware agent with Customer ID..." 101 | /usr/local/bin/nodeware/NodewareAgent register customerid="$customerID" 102 | 103 | echo "Creating and starting Nodeware service..." 104 | /usr/local/bin/nodeware/NodewareAgent service create 105 | 106 | 107 | ## **5. Cleanup** 108 | echo "Cleaning up installation files..." 109 | rm -rf "$TEMP_DIR" 110 | 111 | echo "Nodeware Agent installation and registration complete!" 112 | 113 | exit 0 -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/Other-Dev/UninstallAppx2.ps1: -------------------------------------------------------------------------------- 1 | # Bloatware Variable - Unnecessary Windows 10 AppX apps that will be removed by the blacklist. 2 | 3 | $ErrorActionPreference = 'SilentlyContinue' 4 | 5 | $Button = [System.Windows.MessageBoxButton]::YesNoCancel 6 | $ErrorIco = [System.Windows.MessageBoxImage]::Error 7 | $Ask = 'Do you want to run this as an Administrator? 8 | Select "Yes" to Run as an Administrator 9 | Select "No" to not run this as an Administrator 10 | 11 | Select "Cancel" to stop the script.' 12 | 13 | If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]'Administrator')) { 14 | $Prompt = [System.Windows.MessageBox]::Show($Ask, "Run as an Administrator or not?", $Button, $ErrorIco) 15 | Switch ($Prompt) { 16 | #This will debloat Windows 10 17 | Yes { 18 | Write-Host "You didn't run this script as an Administrator. This script will self elevate to run as an Administrator and continue." 19 | Start-Process PowerShell.exe -ArgumentList ("-NoProfile -ExecutionPolicy Bypass -File `"{0}`"" -f $PSCommandPath) -Verb RunAs 20 | Exit 21 | } 22 | No { 23 | Break 24 | } 25 | } 26 | } 27 | 28 | # Bloatware Variable - Unnecessary Windows 10 AppX apps that will be removed by the blacklist. 29 | 30 | # Registry Keys to delete. 31 | $Keys = @( 32 | #Remove Background Tasks 33 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\46928bounde.EclipseManager_2.2.4.51_neutral__a5h4egax66k6y" 34 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 35 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe" 36 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" 37 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" 38 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy" 39 | 40 | #Windows File 41 | "HKCR:\Extensions\ContractId\Windows.File\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 42 | 43 | #Registry keys to delete if they aren't uninstalled by RemoveAppXPackage/RemoveAppXProvisionedPackage 44 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\46928bounde.EclipseManager_2.2.4.51_neutral__a5h4egax66k6y" 45 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 46 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" 47 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" 48 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy" 49 | 50 | #Scheduled Tasks to delete 51 | "HKCR:\Extensions\ContractId\Windows.PreInstalledConfigTask\PackageId\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe" 52 | 53 | #Windows Protocol Keys 54 | "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 55 | "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" 56 | "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" 57 | "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy" 58 | 59 | #Windows Share Target 60 | "HKCR:\Extensions\ContractId\Windows.ShareTarget\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 61 | ) 62 | 63 | # This writes the output of each key it is removing. 64 | ForEach ($Key in $Keys) { 65 | Write-Host -Message "Removing $Key from registry" 66 | Remove-Item $Key -Recurse 67 | } 68 | -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/ClaudeEdits/PSandWindowsUpdates.txt: -------------------------------------------------------------------------------- 1 | # PowerShell Module and Windows Update Script 2 | # =========================================== 3 | # This script performs the following tasks: 4 | # 1. Elevates to admin privileges if necessary 5 | # 2. Configures PowerShell Gallery and NuGet 6 | # 3. Updates existing PowerShell modules 7 | # 4. Installs new specified PowerShell modules 8 | # 5. Runs Windows Updates 9 | # 10 | # Note: This script requires administrative privileges to run. 11 | # =========================================== 12 | 13 | # Verify/Elevate Admin Session 14 | if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { 15 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs 16 | exit 17 | } 18 | 19 | # Configure TLS and PowerShell Gallery 20 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 21 | Register-PSRepository -Default -ErrorAction SilentlyContinue 22 | Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted -ErrorAction SilentlyContinue 23 | Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Scope AllUsers -Force -ErrorAction SilentlyContinue 24 | Install-Module PowerShellGet -MinimumVersion 2.2.4 -Scope AllUsers -Force -ErrorAction SilentlyContinue 25 | 26 | # Get all installed modules and add new modules to install 27 | $Modules = @(Get-InstalledModule | Select-Object -ExpandProperty "Name") + @("PSWindowsUpdate") 28 | 29 | function Update-PSModule { 30 | param ( 31 | [string]$ModuleName 32 | ) 33 | 34 | $CurrentModule = Find-Module -Name $ModuleName 35 | $InstalledVersions = Get-InstalledModule -Name $ModuleName -AllVersions -ErrorAction SilentlyContinue 36 | 37 | if ($null -eq $InstalledVersions) { 38 | Write-Host "Installing $ModuleName from PowerShellGallery. Version: $($CurrentModule.Version). Release date: $($CurrentModule.PublishedDate)" 39 | Install-Module -Name $ModuleName -Force 40 | } 41 | elseif ($InstalledVersions.Count -eq 1 -and $InstalledVersions.Version -eq $CurrentModule.Version) { 42 | Write-Host -ForegroundColor Green "$ModuleName is up to date. Version: $($InstalledVersions.Version). Release date: $($CurrentModule.PublishedDate)" 43 | } 44 | elseif ($InstalledVersions.Count -gt 1) { 45 | Write-Host "$ModuleName has multiple versions installed. Removing old versions and updating to latest." 46 | $InstalledVersions | Where-Object { $_.Version -ne $CurrentModule.Version } | Uninstall-Module -Force 47 | Install-Module -Name $ModuleName -Force 48 | } 49 | else { 50 | Write-Host "Updating $ModuleName from version $($InstalledVersions.Version) to $($CurrentModule.Version). Release date: $($CurrentModule.PublishedDate)" 51 | Update-Module -Name $ModuleName -Force 52 | } 53 | } 54 | 55 | function Install-WindowsUpdates { 56 | Import-Module PSWindowsUpdate -Force 57 | 58 | $MicrosoftUpdateServiceId = "7971f918-a847-4430-9279-4a52d1efe18d" 59 | 60 | Write-Host "Checking Microsoft Update Service Registration..." 61 | if ((Get-WUServiceManager -ServiceID $MicrosoftUpdateServiceId).ServiceID -ne $MicrosoftUpdateServiceId) { 62 | Add-WUServiceManager -ServiceID $MicrosoftUpdateServiceId -Confirm:$false 63 | } 64 | 65 | if ((Get-WUServiceManager -ServiceID $MicrosoftUpdateServiceId).ServiceID -eq $MicrosoftUpdateServiceId) { 66 | Write-Host "Microsoft Update Service is registered. Installing updates..." 67 | Install-WindowsUpdate -AcceptAll -ForceInstall -IgnoreReboot -Verbose 68 | Write-Host "Windows Updates completed." 69 | } 70 | else { 71 | Write-Error "ERROR: Failed to register Microsoft Update Service. Try running Windows Update repair tool." 72 | } 73 | } 74 | 75 | # Main execution 76 | try { 77 | Write-Host "Starting PowerShell module updates and Windows Update process..." -ForegroundColor Green 78 | 79 | foreach ($Module in $Modules) { 80 | Update-PSModule -ModuleName $Module 81 | } 82 | 83 | Install-WindowsUpdates 84 | 85 | Write-Host "PowerShell module updates and Windows Update process completed successfully." -ForegroundColor Green 86 | } 87 | catch { 88 | Write-Host "An error occurred during the update process: $_" -ForegroundColor Red 89 | } 90 | finally { 91 | Read-Host -Prompt "Press Enter to exit" 92 | } -------------------------------------------------------------------------------- /General/Utilities/DisableLowPowerUSB.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Disables power saving ("Allow the computer to turn off this device...") for 4 | key device classes to prevent connectivity issues. 5 | 6 | .DESCRIPTION 7 | This script iterates through all Network Adapters and USB Controllers found by the system. 8 | For each device, it modifies a specific registry property (PnPCapabilities) that 9 | governs whether the operating system is allowed to power down the device to save energy. 10 | This can resolve issues where devices fail to wake up properly, causing disconnects. 11 | 12 | .NOTES 13 | Version: 1.0 14 | Author: Gemini 15 | Requires: PowerShell 5.1 running as an Administrator. A restart is required after execution. 16 | #> 17 | 18 | #============================================================================== 19 | # SCRIPT BODY 20 | #============================================================================== 21 | 22 | # Step 1: Verify the script is running with Administrator privileges 23 | if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { 24 | Write-Warning "This script requires Administrator privileges. Please re-launch PowerShell as an Administrator." 25 | # Pause to allow the user to read the message before the window closes. 26 | if ($Host.Name -eq "ConsoleHost") { 27 | Write-Host "Press any key to continue..." 28 | $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyUp") | Out-Null 29 | } 30 | return 31 | } 32 | 33 | Write-Host "Running with Administrator privileges. Starting process..." -ForegroundColor Green 34 | 35 | # Define a reusable function to disable power saving for a given device class 36 | function Disable-DevicePowerSaving { 37 | param( 38 | [string]$DeviceClass 39 | ) 40 | 41 | Write-Host "`nProcessing devices in class: '$($DeviceClass)'" -ForegroundColor Cyan 42 | 43 | # Get all Plug and Play devices belonging to the specified class 44 | $devices = Get-PnpDevice -Class $DeviceClass -ErrorAction SilentlyContinue | Where-Object { $_.Status -eq 'OK' } 45 | 46 | if (-not $devices) { 47 | Write-Warning "No devices found for class '$DeviceClass'." 48 | return 49 | } 50 | 51 | $devices | ForEach-Object { 52 | $deviceName = $_.FriendlyName 53 | Write-Host " - Checking device: $deviceName" 54 | 55 | # Get the path to the device's specific driver key in the registry 56 | $regKeyPath = (Get-PnpDeviceProperty -InstanceId $_.InstanceId -KeyName 'DEVPKEY_Device_DriverRegKey' -ErrorAction SilentlyContinue).Data 57 | 58 | if ($regKeyPath) { 59 | $fullRegPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Class\$regKeyPath" 60 | 61 | # The 'PnPCapabilities' value controls power management features. 62 | # Setting it to 24 (Hex 0x18) disables "Allow the computer to turn off..." 63 | # We use -ErrorAction SilentlyContinue because not all devices have this value. 64 | Set-ItemProperty -Path $fullRegPath -Name "PnPCapabilities" -Value 24 -ErrorAction SilentlyContinue 65 | 66 | # Check if the value was set successfully to provide feedback 67 | $currentValue = Get-ItemProperty -Path $fullRegPath -Name "PnPCapabilities" -ErrorAction SilentlyContinue 68 | if ($currentValue -and $currentValue.PnPCapabilities -eq 24) { 69 | Write-Host " -> Power saving has been disabled." -ForegroundColor Green 70 | } 71 | else { 72 | Write-Host " -> This device does not support this power setting, or it could not be changed." -ForegroundColor Yellow 73 | } 74 | } 75 | } 76 | } 77 | 78 | # Step 2: Call the function for Network Adapters and USB Controllers 79 | try { 80 | Disable-DevicePowerSaving -DeviceClass 'Net' 81 | Disable-DevicePowerSaving -DeviceClass 'USB' 82 | # 'USBDevice' can sometimes contain other relevant devices like hubs on complex docks 83 | Disable-DevicePowerSaving -DeviceClass 'USBDevice' 84 | 85 | Write-Host "`n============================================================" -ForegroundColor Green 86 | Write-Host "Script finished. A restart is required to apply all changes." -ForegroundColor Green 87 | Write-Host "============================================================" -ForegroundColor Green 88 | } 89 | catch { 90 | Write-Error "An unexpected error occurred: $_" 91 | } -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/README.md: -------------------------------------------------------------------------------- 1 | # Windows Optimization Scripts 2 | 3 | This collection of PowerShell scripts is designed to optimize and customize Windows 10 and 11 for business environments. Each script focuses on specific aspects of system configuration and maintenance. 4 | 5 | ## Scripts Overview 6 | 7 | ### 1. Windows System-wide Customization 8 | 9 | **Purpose**: Optimizes Windows 10/11 for business environments by modifying system-wide settings. 10 | 11 | **Key Functions**: 12 | 13 | - Enhances privacy and security settings 14 | - Disables telemetry and data collection 15 | - Customizes UI and UX settings to be more like Windows 10 with classic elements 16 | - Optimizes system performance 17 | - Configures Windows features 18 | - Applies specific Windows optimizations 19 | 20 | ### 2. Windows User-Specific Customization 21 | 22 | **Purpose**: Optimizes Windows 10/11 user settings without requiring administrative privileges. 23 | 24 | **Key Functions**: 25 | 26 | - Enhances privacy and security settings 27 | - Disables telemetry and data collection 28 | - Customizes UI and UX settings 29 | - Optimizes system performance 30 | - Removes pre-installed bloatware 31 | - Installs specified applications using Winget 32 | - Updates PowerShell modules and Windows 33 | - Creates a first-time logon script for all new user profiles 34 | 35 | ### 3. Winget Application Installation 36 | 37 | **Purpose**: Automates the installation of applications using Winget package manager. 38 | 39 | **Key Functions**: 40 | 41 | - Installs Winget Auto-Update (WAU) 42 | - Installs a predefined list of applications using Winget 43 | - Handles both Microsoft Store apps and traditional Windows applications 44 | 45 | ### 4. PowerShell Module and Windows Update 46 | 47 | **Purpose**: Updates PowerShell modules and runs Windows Updates. 48 | 49 | **Key Functions**: 50 | 51 | - Configures PowerShell Gallery and NuGet 52 | - Updates existing PowerShell modules 53 | - Installs new specified PowerShell modules 54 | - Runs Windows Updates 55 | - Ensures Microsoft Update service is registered and active 56 | 57 | ### 5. Windows Bloatware Removal 58 | 59 | **Purpose**: Removes pre-installed bloatware from Windows systems. 60 | 61 | **Key Functions**: 62 | 63 | - Removes specified AppX packages for all users and from provisioned packages 64 | - Uninstalls specified MSI-based applications 65 | - Handles both Windows 10 and Windows 11 bloatware 66 | 67 | ### Usage 68 | 69 | ## One-Liner to Launch in Powershell or CMD (Run as Admin) 70 | 71 | curl -L cleanup.umbrellaitgroup.com -o cleanup.cmd && cleanup.cmd 72 | 73 | ## Caution 74 | 75 | These scripts make significant changes to your Windows installation. It's recommended to: 76 | 77 | - Review each script before running to ensure it aligns with your organization's policies. 78 | - Test in a controlled environment before deploying to production systems. 79 | - Create a system restore point or backup before running these scripts. 80 | 81 | ## Customization 82 | 83 | Each script contains lists or sections that can be easily modified to suit your specific needs: 84 | 85 | - Application lists in the Winget installation script 86 | - Bloatware lists in the removal script 87 | - Registry modifications in the customization scripts 88 | 89 | Modify these sections as needed for your environment. 90 | 91 | # Windows Appx Bloatware Perma-Uninstall List 92 | 93 | - See "Bloatware" Variable for full list. 94 | - To add or remove bloatware apps from this list, simply add then in quotes with wildcard \* symbols. 95 | - To make sure they'll be picked up and removed, test them on a machine by running: get-appxpackage -name _appName_ 96 | 97 | # Per-User first-time logon script to clean up user interface 98 | 99 | - Make sure you download BOTH the FirstLogon.bat file and DebloatScript-HKCU.ps1 into the same directory as the main System Debloat Script. 100 | - A copy of the Bat and HKCU will be placed in C:\Windows\FirstUserLogon and ran every time a user logs in for the FIRST TIME ONLY. 101 | - This 'mini' script cleans up the user interface and removes some of the clutter that Windows 10 likes to throw at you. 102 | 103 | ### More Information 104 | 105 | 1Click-1Line-Launcher: The entry point that downloads and sets up the other scripts. 106 | Main-Stager: Orchestrates the execution of other scripts in the correct order. 107 | Various optimization scripts: Handle system-wide and user-specific customizations, bloatware removal, application installation, and Windows updates. 108 | -------------------------------------------------------------------------------- /NinjaRMM/z.NinjaScriptingTemplatePrompt/ListAllNinjaEnv.ps1: -------------------------------------------------------------------------------- 1 | # Script Title: List All NinjaRMM Environment Variables 2 | # Description: This script retrieves and displays all available environment variables and their values at runtime. This is useful for debugging and understanding the context in which NinjaRMM scripts execute. 3 | 4 | # Script Name and Type 5 | $ScriptName = "List All NinjaRMM Environment Variables" 6 | $ScriptType = "General" # Or "Remediation", "General", etc. 7 | $Date = Get-Date -Format "MM/dd/yyyy hh:mm tt" 8 | 9 | ## HARD-CODED VARIABLES ## 10 | # This section is for variables that are not meant to be configured via NinjaRMM script parameters. 11 | 12 | ## ORG-LEVEL EXPECTED VARIABLES ## 13 | # This section is where we will list anything that will require 'Ninja-Property-Get' 14 | 15 | ## CONFIG RMM VARIABLES ## 16 | # Create the following variables in your NinjaRMM script configuration: 17 | # customFieldName (Text): The name of the Text Custom Field to write the status to. 18 | # exampleParameter (Text): An optional parameter you can set to see how it appears in the list. 19 | 20 | # What to Write if Alert is Healthy 21 | $Global:AlertHealthy = "Successfully retrieved environment variables. | Last Checked $Date" 22 | 23 | # Log/Diagnostic Messaging 24 | function write-RMMDiag ($messages) { 25 | Write-Host "`n<-Start Diagnostic->" 26 | foreach ($Message in $Messages) { $Message + ' `' } 27 | Write-Host '<-End Diagnostic->' 28 | Write-Host 29 | } 30 | $Global:DiagMsg = @() 31 | 32 | # Alert Messaging 33 | function write-RMMAlert ($message) { 34 | Write-Host "`n<-Start Result->" 35 | Write-Host "STATUS=$message" 36 | Write-Host '<-End Result->' 37 | } 38 | $Global:AlertMsg = @() 39 | 40 | # RMM Custom Field. 41 | $Global:customFieldMessage = @() 42 | 43 | # Script UID and intro messaging 44 | function genRandString ([int]$length, [string]$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { 45 | return -join ((1..$length) | ForEach-Object { Get-Random -InputObject $chars.ToCharArray() }) 46 | } 47 | $ScriptUID = GenRANDString 20 48 | $Global:DiagMsg += "Script Type: $ScriptType" 49 | $Global:DiagMsg += "Script Name: $ScriptName" 50 | $Global:DiagMsg += "Script UID: $ScriptUID" 51 | $Global:DiagMsg += "Executed On: $Date" 52 | 53 | ################################## 54 | ################################## 55 | ######## Start of Script ######### 56 | 57 | try { 58 | # Retrieve all environment variables, sort them by name, format them as a table, and convert the output to a string. 59 | $Global:DiagMsg += "Retrieving all environment variables..." 60 | $envVarsList = Get-ChildItem Env: | Sort-Object Name | Format-Table -AutoSize | Out-String 61 | 62 | # Split the string into an array of lines to be compatible with the write-RMMDiag function. 63 | $envVarsArray = $envVarsList.Split([System.Environment]::NewLine) 64 | 65 | # Add the formatted list to our diagnostic messages. 66 | $Global:DiagMsg += $envVarsArray 67 | 68 | # Set the success message for the custom field. 69 | $Global:customFieldMessage = "Successfully retrieved environment variables. See diagnostic log for full list. ($Date)" 70 | 71 | } 72 | catch { 73 | $Global:DiagMsg += "An unexpected error occurred: $($_.Exception.Message)" 74 | $Global:AlertMsg = "Script failed with an unexpected error. See diagnostics for details. | Last Checked $Date" 75 | $Global:customFieldMessage = "Script failed with an error. ($Date)" 76 | } 77 | 78 | 79 | ######## End of Script ########### 80 | ################################## 81 | ################################## 82 | 83 | # Write the collected information to the specified Custom Field before exiting. 84 | if ($env:customFieldName) { 85 | $Global:DiagMsg += "Attempting to write '$($Global:customFieldMessage)' to Custom Field '$($env:customFieldName)'." 86 | try { 87 | Ninja-Property-Set -Name $env:customFieldName -Value $Global:customFieldMessage 88 | $Global:DiagMsg += "Successfully updated Custom Field." 89 | } 90 | catch { 91 | $Global:DiagMsg += "Error writing to Custom Field '$($env:customFieldName)': $($_.Exception.Message)" 92 | } 93 | } 94 | else { 95 | $Global:DiagMsg += "Custom Field name not provided in RMM variable 'customFieldName'. Skipping update." 96 | } 97 | 98 | if ($Global:AlertMsg) { 99 | $Global:DiagMsg += "Exiting Script with Exit Code 1 (Trigger Alert)" 100 | write-RMMAlert $Global:AlertMsg 101 | write-RMMDiag $Global:DiagMsg 102 | Exit 1 103 | } 104 | else { 105 | $Global:DiagMsg += "Leaving Script with Exit Code 0 (No Alert)" 106 | write-RMMAlert $Global:AlertHealthy 107 | write-RMMDiag $Global:DiagMsg 108 | Exit 0 109 | } -------------------------------------------------------------------------------- /General/Utilities/Kill-VMProcess.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Forcefully stops the process for a given Hyper-V virtual machine. 4 | 5 | .DESCRIPTION 6 | This script prompts the user for the name of a Hyper-V virtual machine. It then identifies the virtual machine's Globally Unique Identifier (GUID) and uses it to find the corresponding Virtual Machine Worker Process (VMWP.exe). Finally, it forcibly terminates this process, which is equivalent to "pulling the plug" on the virtual machine. This should only be used as a last resort when a VM is unresponsive. 7 | 8 | .NOTES 9 | Author: Alex Ivantsov 10 | Date: 2025-06-11 11 | #> 12 | 13 | #---------------------------------------------------------------------------------------------------------------------# 14 | # USER-DEFINABLE VARIABLES # 15 | #---------------------------------------------------------------------------------------------------------------------# 16 | 17 | # Prompt the user to enter the name of the virtual machine they wish to terminate. 18 | $VMName = Read-Host "Enter the name of the virtual machine you wish to forcibly stop" 19 | 20 | #---------------------------------------------------------------------------------------------------------------------# 21 | # FUNCTIONS # 22 | #---------------------------------------------------------------------------------------------------------------------# 23 | 24 | Function Get-VMPowerKill { 25 | [CmdletBinding()] 26 | param ( 27 | [Parameter(Mandatory = $true)] 28 | [string]$VirtualMachineName 29 | ) 30 | 31 | # Begin the process of stopping the VM. 32 | Write-Host "Attempting to forcibly stop the virtual machine: $($VirtualMachineName)..." 33 | 34 | try { 35 | # Retrieve the Virtual Machine object using the provided name. 36 | # An error will be thrown if the VM is not found. 37 | $VM = Get-VM -Name $VirtualMachineName -ErrorAction Stop 38 | 39 | # Get the unique identifier (GUID) of the virtual machine. 40 | $VmGUID = $VM.Id 41 | 42 | # Announce the found GUID to the user. 43 | Write-Host "Found Virtual Machine GUID: $($VmGUID)" 44 | 45 | # Find the Virtual Machine Worker Process (vmwp.exe) associated with the VM's GUID. 46 | # This is done by searching through all running processes for one that is named 'vmwp.exe' 47 | # and has a command line that includes the VM's GUID. 48 | $VMProcess = Get-WmiObject -Class Win32_Process | Where-Object { $_.Name -like 'vmwp.exe' -and $_.CommandLine -like "*$($VmGUID)*" } 49 | 50 | # Check if a process was found. 51 | if ($null -ne $VMProcess) { 52 | # Display the Process ID that is about to be terminated. 53 | Write-Host "Found VM Worker Process ID: $($VMProcess.ProcessId). Terminating..." 54 | 55 | # Forcibly stop the identified process. 56 | Stop-Process -Id $VMProcess.ProcessId -Force 57 | 58 | # Confirm that the process has been terminated. 59 | Write-Host "The process for $($VirtualMachineName) has been successfully terminated." -ForegroundColor Green 60 | } 61 | else { 62 | # Inform the user if no running process could be found for the specified VM. 63 | Write-Host "Could not find a running worker process for virtual machine '$($VirtualMachineName)'." -ForegroundColor Yellow 64 | } 65 | } 66 | catch [Microsoft.HyperV.PowerShell.VirtualMachineNotFoundException] { 67 | # Handle the case where the virtual machine name does not exist. 68 | Write-Error "Error: A virtual machine with the name '$($VirtualMachineName)' was not found." 69 | } 70 | catch { 71 | # Catch any other unexpected errors that may have occurred. 72 | Write-Error "An unexpected error occurred: $($_.Exception.Message)" 73 | } 74 | } 75 | 76 | #---------------------------------------------------------------------------------------------------------------------# 77 | # SCRIPT EXECUTION # 78 | #---------------------------------------------------------------------------------------------------------------------# 79 | 80 | # Ensure a VM name was actually entered. 81 | if (-not [string]::IsNullOrWhiteSpace($VMName)) { 82 | # Call the main function to execute the process termination. 83 | Get-VMPowerKill -VirtualMachineName $VMName 84 | } 85 | else { 86 | # Inform the user that they did not enter a valid name. 87 | Write-Host "No virtual machine name entered. The script will now exit." -ForegroundColor Red 88 | } -------------------------------------------------------------------------------- /Curl-able/Windows_Events_Audit/Parse-LogsToTimeLine.ps1: -------------------------------------------------------------------------------- 1 | <# ======================================================================= 2 | Merge-and-parse Windows Event CSVs + PowerShell transcripts 3 | PowerShell 5.1 - zero parameters - run from anywhere 4 | ======================================================================= #> 5 | 6 | Set-StrictMode -Version Latest 7 | $ErrorActionPreference = 'Stop' 8 | 9 | # ── ROOT autodetect ──────────────────────────────────────────────────── 10 | $RootPath = 'C:\Logs' 11 | if (-not (Test-Path $RootPath)) { 12 | $RootPath = Split-Path -Parent $MyInvocation.MyCommand.Definition 13 | } 14 | Write-Host "Using root: $RootPath" -ForegroundColor Cyan 15 | 16 | # ── helper ───────────────────────────────────────────────────────────── 17 | function Import-CsvSafe { 18 | param([string]$Path) 19 | try { Import-Csv -Path $Path -ErrorAction Stop } 20 | catch { Write-Warning " Skipped $Path — $($_.Exception.Message)"; @() } 21 | } 22 | 23 | # ─────────────────────────────────────────────────────────────────────── 24 | # 1 │ EVENT-LOG CSVs → AllEventLogs.csv 25 | # ─────────────────────────────────────────────────────────────────────── 26 | Write-Host '==> Merging event-log CSVs...' -ForegroundColor Green 27 | 28 | $eventDir = Get-ChildItem -Path $RootPath -Recurse -Directory -ErrorAction SilentlyContinue | 29 | Where-Object { $_.Name -match 'LogExport' } | 30 | Sort-Object LastWriteTime -Descending | 31 | Select-Object -First 1 32 | 33 | if ($eventDir) { 34 | Write-Host " Found: $($eventDir.FullName)" 35 | $rows = 36 | Get-ChildItem -Path $eventDir.FullName -Recurse -Filter '*.csv' -File | 37 | ForEach-Object { Import-CsvSafe $_.FullName } # <-- full path! 38 | 39 | if ($rows.Count) { 40 | $dest = Join-Path $RootPath 'AllEventLogs.csv' 41 | $rows | Export-Csv $dest -NoTypeInformation -Encoding UTF8 42 | Write-Host " Wrote $($rows.Count) rows → $dest" 43 | } 44 | else { 45 | Write-Warning ' No rows collected from event CSVs.' 46 | } 47 | } 48 | else { 49 | Write-Warning ' No folder containing "LogExport" found.' 50 | } 51 | 52 | # ─────────────────────────────────────────────────────────────────────── 53 | # 2 │ POWERSHELL TRANSCRIPTS → AllPowerShellTranscript.csv 54 | # ─────────────────────────────────────────────────────────────────────── 55 | Write-Host '==> Parsing PowerShell transcripts...' -ForegroundColor Green 56 | 57 | $candidates = Get-ChildItem -Path $RootPath -Recurse -Include '*.txt', '*.log' -File -ErrorAction SilentlyContinue 58 | 59 | $transcriptFiles = foreach ($f in $candidates) { 60 | if ($f.Name -like 'PowerShell_transcript*') { $f; continue } 61 | try { 62 | if ((Get-Content $f -TotalCount 1) -match 'Windows PowerShell transcript start') { $f } 63 | } 64 | catch { Write-Warning " Skipped $($f.FullName): $($_.Exception.Message)" } 65 | } 66 | 67 | if (-not $transcriptFiles) { 68 | Write-Warning ' No transcript files found.' ; return 69 | } 70 | 71 | $rx = @{ 72 | StartTime = '(?m)^[* ]*Start time:\s*(\d{14})' 73 | EndTime = '(?m)^[* ]*End time:\s*(\d{14})' 74 | Username = '(?m)^[* ]*Username:\s*(.+)' 75 | RunAsUser = '(?m)^[* ]*RunAs User:\s*(.+)' 76 | Machine = '(?m)^[* ]*Machine:\s*([^\(]+)' 77 | HostApplication = '(?m)^[* ]*Host Application:\s*(.+)' 78 | ProcessId = '(?m)^[* ]*Process ID:\s*(\d+)' 79 | } 80 | 81 | $rows = foreach ($file in $transcriptFiles) { 82 | try { $raw = Get-Content $file -Raw } catch { Write-Warning " Can't read $($file.FullName) — $_"; continue } 83 | 84 | $o = [ordered]@{ 85 | TranscriptFile = $file.FullName 86 | StartTime = '' 87 | EndTime = '' 88 | Username = '' 89 | RunAsUser = '' 90 | Machine = '' 91 | HostApplication = '' 92 | ProcessId = '' 93 | Commands = '' 94 | } 95 | 96 | foreach ($k in $rx.Keys) { 97 | if ($raw -match $rx[$k]) { $o[$k] = $Matches[1].Trim() } 98 | } 99 | 100 | foreach ($d in 'StartTime', 'EndTime') { 101 | if ($o[$d]) { $o[$d] = [datetime]::ParseExact($o[$d], 'yyyyMMddHHmmss', $null) } 102 | } 103 | 104 | $cmds = ($raw -split "`r?`n") | 105 | Where-Object { $_ -match '^\s*PS>' } | 106 | ForEach-Object { ($_ -replace '^\s*PS>\s*', '').Trim() } 107 | 108 | $o.Commands = $cmds -join ' ; ' 109 | [pscustomobject]$o 110 | } 111 | 112 | $dest = Join-Path $RootPath 'AllPowerShellTranscript.csv' 113 | $rows | Export-Csv $dest -NoTypeInformation -Encoding UTF8 114 | Write-Host " Wrote $($rows.Count) transcript rows → $dest" 115 | Write-Host 116 | Write-Host 'Done. All Information Parsed, Merged, and De-duped' -ForegroundColor Green -------------------------------------------------------------------------------- /General/SOFTWARE/DattoRMM/a.DRMM-ScriptingTemplates/DRMM_RemediationTemplate.ps1: -------------------------------------------------------------------------------- 1 | # 2 | ## Template for Remediation Components for Datto RMM with PowerShell 3 | # Created by Alex Ivantsov @Exploitacious 4 | 5 | # Script Name and Type 6 | $ScriptName = "Install System Update" # Quick and easy name of Script to help identify 7 | $ScriptType = "Remediation" # Monitoring // Remediation 8 | 9 | ## Verify/Elevate to Admin Session. Comment out if not needed the single line below. 10 | # if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit } 11 | 12 | ## Datto RMM Variables ## Uncomment only for testing. Otherwise, use Datto Variables. See Explanation Below. 13 | #$env:APIEndpoint = "https://prod-36.westus.logic.azure.com:443/workflows/6c032a1ca84045b9a7a1436864ecf696/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=c-dVa333HMzhWli_Fp_4IIAqaJOMwFjP2y5Zfv4j_zA" 14 | #$env:usrUDF = 14 # Which UDF to write to. Leave blank to Skip UDF writing. 15 | #$env:usrString = Example # Datto User Input variable "usrString" 16 | 17 | <# 18 | This Script is a Remediation compoenent, meaning it performs only one task with a log of granular detail. These task results can be added back ito tickets as time entries using the API. 19 | 20 | To create Variables in Datto RMM Script component, you must use $env variables in the powershell script, simply by matching the name and adding "env:" before them. 21 | For example, in Datto we can use a variable for user input called "usrUDF" and here we use "$env:usrUDF=" to use that variable. 22 | 23 | You can use as many of these as you like. 24 | 25 | Below you will find all the standard variables to use with Datto RMM to interract with all the the visual, alert and diagnostics cues available from the dashboards. 26 | #># DattoRMM Alert Functions. Don't touch these unless you know what you're doing. 27 | function write-DRMMDiag ($messages) { 28 | Write-Host '<-Start Diagnostic->' 29 | foreach ($Message in $Messages) { $Message + ' `' } 30 | Write-Host '<-End Diagnostic->' 31 | } 32 | function genRandString ([int]$length, [string]$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { 33 | return -join ((1..$length) | ForEach-Object { Get-Random -InputObject $chars.ToCharArray() }) 34 | } 35 | # Extra Info and Variables (Leave at default) 36 | $Global:DiagMsg = @() # Running Diagnostic log (diaglog). Use " $Global:DiagMsg += " to append messages to this log for verboseness in the script. 37 | $Global:varUDFString = @() # String which will be written to UDF, if UDF Number is defined by $usrUDF in Datto. Use " $Global:varUDFString += " to fill this string. 38 | $ScriptUID = GenRANDString 20 # Generate random UID for script 39 | $Date = get-date -Format "MM/dd/yyy hh:mm tt" 40 | $Global:DiagMsg += "Script Type: " + $ScriptType 41 | $Global:DiagMsg += "Script Name: " + $ScriptName 42 | $Global:DiagMsg += "Script UID: " + $ScriptUID 43 | $Global:DiagMsg += "Executed On: " + $Date 44 | ################################## 45 | ################################## 46 | ######## Start of Script ######### 47 | 48 | 49 | 50 | ### Script Goes Here ### 51 | 52 | 53 | 54 | ######## End of Script ########### 55 | ################################## 56 | ################################## 57 | ### Write to UDF if usrUDF (Write To) Number is defined. (Optional) 58 | if ($env:usrUDF -ge 1) { 59 | if ($Global:varUDFString.length -gt 255) { 60 | # Write UDF to diaglog 61 | $Global:DiagMsg += " - Writing to UDF: " + $Global:varUDFString 62 | # Limit UDF Entry to 255 Characters 63 | Set-ItemProperty -Path "HKLM:\Software\CentraStage" -Name custom$env:usrUDF -Value $($varUDFString.substring(0, 255)) -Force 64 | } 65 | else { 66 | # Write to diagLog and UDF 67 | $Global:DiagMsg += " - Writing to UDF: " + $Global:varUDFString 68 | Set-ItemProperty -Path "HKLM:\Software\CentraStage" -Name custom$env:usrUDF -Value $($varUDFString) -Force 69 | } 70 | } 71 | ### Info to be sent to into JSON POST to API Endpoint (Optional) 72 | $APIinfoHashTable = @{ 73 | 'CS_PROFILE_UID' = $env:CS_PROFILE_UID 74 | 'Script_Diag' = $Global:DiagMsg 75 | 'Script_UID' = $ScriptUID 76 | } 77 | ####################################################################### 78 | ### Exit script with proper Datto diagnostic and API Results. 79 | # Add Script Result and POST to API if an Endpoint is Provided 80 | if ($null -ne $env:APIEndpoint) { 81 | $Global:DiagMsg += " - Sending Results to API" 82 | Invoke-WebRequest -Uri $env:APIEndpoint -Method POST -Body ($APIinfoHashTable | ConvertTo-Json) -ContentType "application/json" 83 | } 84 | # Exit with writing diagnostic back to the ticket / remediation component log 85 | write-DRMMDiag $Global:DiagMsg 86 | Exit 0 -------------------------------------------------------------------------------- /Curl-able/Windows_Events_Audit/Gather-LogsToTimeLine.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Gathers All Event Logs from Windows 7/2008R2 and newer operating systems. Export **all** Windows Event Logs to per-log CSV files 4 | 5 | .DESCRIPTION 6 | • Works on PowerShell 5.1 7 | • Caches SID-to-account translations (biggest time-saver). 8 | • Shows Write-Progress so you can watch it crawl. 9 | • Still supports -excludeEvtxFiles and -IncludeAllEvtxFiles switches. 10 | • Writes one UTF-8 CSV per log: -.csv 11 | #> 12 | 13 | [CmdletBinding()] 14 | param( 15 | [string] $output = "C:\Logs\" + "LogExport_" + (Get-Date -Format "yyyy-MM-dd_HH-mm-ss"), # default to current time 16 | [string[]]$excludeEvtxFiles = @(), # nothing excluded unless you pass names 17 | [string] $logTag = $env:COMPUTERNAME, 18 | [switch] $IncludeAllEvtxFiles 19 | ) 20 | 21 | # --------------------------------------------------------------------------- 22 | # CONFIG – put the Event IDs you never want in the CSV right here. 23 | # Example: CPU microcode spam (4), useless Kerb stuff (16), etc. Check the description for details 24 | [int[]]$SkipEventIds = @(4, 6, 13, 42, 98, 142, 7036, 10010, 10016, 1014, 10, 1033, 102, 103, 400, 403, 4703) # add/remove IDs 25 | # --------------------------------------------------------------------------- 26 | 27 | #--- admin check (skip if you know you’re SYSTEM) ----------------------------- 28 | function Test-Admin { 29 | $p = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent()) 30 | $p.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) 31 | } 32 | if (-not (Test-Admin)) { Write-Error "Run as admin needed."; exit 1 } 33 | 34 | #--- prep -------------------------------------------------------------------- 35 | $null = New-Item -Path $output -ItemType Directory -Force 36 | $UtcFmt = 'yyyy-MM-dd HH:mm:ss' 37 | $SidCache = @{} 38 | 39 | function Resolve-SidCached { 40 | param([string]$Sid) 41 | if (-not $Sid) { return $null } 42 | if ($SidCache.ContainsKey($Sid)) { return $SidCache[$Sid] } 43 | 44 | try { 45 | $name = ([System.Security.Principal.SecurityIdentifier]$Sid 46 | ).Translate([System.Security.Principal.NTAccount]).Value 47 | } 48 | catch { $name = $Sid } # unresolved ⇒ keep SID 49 | 50 | $SidCache[$Sid] = $name 51 | return $name 52 | } 53 | 54 | #--- decide which logs to touch ---------------------------------------------- 55 | $logs = Get-WinEvent -ListLog * -ErrorAction SilentlyContinue | Where-Object { $_.RecordCount -gt 0 } 56 | if (-not $IncludeAllEvtxFiles) { 57 | $logs = $logs | Where-Object { $excludeEvtxFiles -notcontains $_.LogName } 58 | } 59 | 60 | $total = $logs.Count 61 | if ($total -eq 0) { Write-Warning "No logs selected. Exiting."; return } 62 | 63 | # Build the XPath once (or $null if nothing to skip) 64 | $SkipXPath = $null 65 | if ($SkipEventIds.Count) { 66 | $clauses = ( $SkipEventIds | ForEach-Object { "(EventID!=$_)" } ) -join ' and ' 67 | $SkipXPath = "*[System[$clauses]]" 68 | } 69 | 70 | Write-Host "`nExporting $total logs to CSV → $output`n" 71 | 72 | # --- main loop (sequential, with progress bar) ------------------------------ 73 | $index = 0 74 | foreach ($log in $logs) { 75 | 76 | $index++ 77 | Write-Progress -Activity "Exporting logs" ` 78 | -Status ("{0}/{1} {2}" -f $index, $total, $log.LogName) ` 79 | -PercentComplete ([int](100 * $index / $total)) 80 | 81 | $nameSafe = $log.LogName -replace '/', '%4' 82 | $csvPath = Join-Path $output "$logTag-$nameSafe.csv" 83 | 84 | try { 85 | # apply XPath filter only if we have one 86 | if ($SkipXPath) { 87 | $events = Get-WinEvent -LogName $log.LogName -FilterXPath $SkipXPath -ErrorAction Stop 88 | } 89 | else { 90 | $events = Get-WinEvent -LogName $log.LogName -ErrorAction Stop 91 | } 92 | 93 | $objects = $events | ForEach-Object { 94 | [pscustomobject]@{ 95 | containerLog = "$logTag-$nameSafe" 96 | id = $_.Id 97 | levelDisplayName = $_.LevelDisplayName 98 | MachineName = $_.MachineName 99 | LogName = $log.LogName 100 | ProcessId = $_.ProcessId 101 | UserId = Resolve-SidCached $_.UserId 102 | ProviderName = $_.ProviderName 103 | TimeCreated = ($_.TimeCreated.ToUniversalTime()).ToString($UtcFmt) 104 | Message = ($_.Message -replace "\r?\n", ' | ') 105 | } 106 | } 107 | 108 | $objects | Export-Csv -Path $csvPath -NoTypeInformation -Encoding UTF8 -Force 109 | } 110 | catch { 111 | Write-Warning " ! $($log.LogName) blew up: $($_.Exception.Message)" 112 | } 113 | } 114 | 115 | Write-Progress -Activity "Exporting logs" -Completed -Status "Done" 116 | Write-Host "`nFinished. SID cache size: $($SidCache.Count)`n" 117 | 118 | Write-Host 119 | Write-Host 120 | write-host "Completed the log gathering. Launching the Parser" 121 | .\Parse-LogsToTimeLine.ps1 -------------------------------------------------------------------------------- /NotWindows/InstallNordVPN.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Define variables 4 | NORDVPN_CONFIG_DIR="$HOME/nordvpn-configs" 5 | NORDVPN_OVPN_URL="https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip" 6 | CREDENTIALS_FILE="$NORDVPN_CONFIG_DIR/vpn-credentials.txt" 7 | CONNECTION_SCRIPT="/usr/local/bin/launch_nordvpn" 8 | ALIAS_COMMAND="alias connectnord='sudo /usr/local/bin/launch_nordvpn'" 9 | 10 | # Function to check for errors 11 | check_error() { 12 | if [ $? -ne 0 ]; then 13 | echo "Error: $1" 14 | exit 1 15 | fi 16 | } 17 | 18 | # Update and install required packages 19 | sudo apt update 20 | check_error "Failed to update package list" 21 | 22 | sudo apt install -y openvpn unzip wget 23 | check_error "Failed to install required packages" 24 | 25 | # Create directory for NordVPN configs if it doesn't exist 26 | mkdir -p "$NORDVPN_CONFIG_DIR" 27 | check_error "Failed to create configuration directory" 28 | 29 | # Download and unzip NordVPN OpenVPN configuration files 30 | cd "$NORDVPN_CONFIG_DIR" 31 | wget -q "$NORDVPN_OVPN_URL" -O ovpn.zip 32 | check_error "Failed to download NordVPN OpenVPN configuration files" 33 | 34 | unzip -o ovpn.zip 35 | check_error "Failed to unzip NordVPN OpenVPN configuration files" 36 | 37 | # Clean up 38 | rm ovpn.zip 39 | 40 | # Create the connection script 41 | cat << 'EOF' > launch_nordvpn.sh 42 | #!/bin/bash 43 | 44 | # Define variables 45 | NORDVPN_CONFIG_DIR="$HOME/nordvpn-configs/ovpn_udp/" 46 | CREDENTIALS_FILE="$HOME/nordvpn-configs/vpn-credentials.txt" 47 | 48 | # Function to check for errors 49 | check_error() { 50 | if [ $? -ne 0 ]; then 51 | echo "Error: $1" 52 | exit 1 53 | fi 54 | } 55 | 56 | # Resolve the correct home directory 57 | USER_HOME=$(getent passwd "$SUDO_USER" | cut -d: -f6) 58 | 59 | # Check if configuration directory exists 60 | if [ ! -d "$USER_HOME/nordvpn-configs/ovpn_udp/" ]; then 61 | echo "Error: Configuration directory $USER_HOME/nordvpn-configs/ovpn_udp/ does not exist." 62 | exit 1 63 | fi 64 | 65 | # Create credentials file if it doesn't exist 66 | if [ ! -f "$CREDENTIALS_FILE" ]; then 67 | echo "Please enter your NordVPN credentials:" 68 | read -p "Username: " NORDVPN_USERNAME 69 | read -sp "Password: " NORDVPN_PASSWORD 70 | echo 71 | 72 | echo -e "$NORDVPN_USERNAME\n$NORDVPN_PASSWORD" > "$CREDENTIALS_FILE" 73 | check_error "Failed to create credentials file" 74 | 75 | # Restrict permissions on the credentials file 76 | chmod 600 "$CREDENTIALS_FILE" 77 | check_error "Failed to set permissions on credentials file" 78 | 79 | # Modify all configuration files to use the credentials file and update cipher settings 80 | for CONFIG_FILE in "$NORDVPN_CONFIG_DIR"/*.ovpn; do 81 | if ! grep -q "auth-user-pass $CREDENTIALS_FILE" "$CONFIG_FILE"; then 82 | echo "auth-user-pass $CREDENTIALS_FILE" >> "$CONFIG_FILE" 83 | fi 84 | # Ensure the deprecated --cipher warning is addressed 85 | if grep -q "cipher AES-256-CBC" "$CONFIG_FILE"; then 86 | sed -i '/cipher AES-256-CBC/d' "$CONFIG_FILE" 87 | if ! grep -q "data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305" "$CONFIG_FILE"; then 88 | echo "data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305" >> "$CONFIG_FILE" 89 | fi 90 | fi 91 | done 92 | fi 93 | 94 | # List available configuration files 95 | echo "Available configuration files:" 96 | ls -1 "$USER_HOME/nordvpn-configs/ovpn_udp/" 97 | echo 98 | 99 | # Prompt for configuration file or random choice 100 | read -p "Enter the name of the configuration file you want to use (e.g., us1234.nordvpn.com.udp.ovpn) or type 'random' to connect to a random one: " OVPN_FILE 101 | 102 | # Select a random configuration file if user chose 'random' 103 | if [ "$OVPN_FILE" == "random" ] || [ -z "$OVPN_FILE" ]; then 104 | OVPN_FILE=$(ls -1 "$USER_HOME/nordvpn-configs/ovpn_udp/" | shuf -n 1) 105 | echo "Selected random configuration file: $OVPN_FILE" 106 | else 107 | # Check if the specified file exists 108 | if [ ! -f "$USER_HOME/nordvpn-configs/ovpn_udp/$OVPN_FILE" ]; then 109 | echo "Error: Configuration file $USER_HOME/nordvpn-configs/ovpn_udp/$OVPN_FILE does not exist." 110 | exit 1 111 | fi 112 | fi 113 | 114 | # Start OpenVPN with the specified or random configuration file 115 | sudo openvpn --config "$USER_HOME/nordvpn-configs/ovpn_udp/$OVPN_FILE" --auth-user-pass "$CREDENTIALS_FILE" 116 | check_error "Failed to start OpenVPN" 117 | 118 | echo "NordVPN connected successfully using OpenVPN" 119 | EOF 120 | 121 | # Move the connection script to /usr/local/bin and make it executable 122 | sudo mv launch_nordvpn.sh "$CONNECTION_SCRIPT" 123 | sudo chmod +x "$CONNECTION_SCRIPT" 124 | check_error "Failed to move and set permissions on connection script" 125 | 126 | # Add alias to .zshrc if not already present 127 | if ! grep -Fxq "$ALIAS_COMMAND" ~/.zshrc; then 128 | echo "$ALIAS_COMMAND" >> ~/.zshrc 129 | echo "Alias 'connectnord' added to ~/.zshrc" 130 | else 131 | echo "Alias 'connectnord' already exists in ~/.zshrc" 132 | fi 133 | 134 | echo "Installation complete. Use 'connectnord' to connect to NordVPN after switching to Zsh." 135 | -------------------------------------------------------------------------------- /General/CleaningUtils/WinInstallerPatchCleaner.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Finds and quarantines orphaned Windows Installer files (.msi, .msp) from the C:\Windows\Installer folder. 4 | 5 | .DESCRIPTION 6 | This script identifies installer files that are no longer associated with any installed application in the Windows Registry. 7 | Instead of deleting them, it moves them to a quarantine folder (C:\_OrphanedInstallers by default) for safety. 8 | This allows for easy restoration if an application unexpectedly needs a file. 9 | 10 | .PARAMETER DryRun 11 | If specified, the script will only report which files it would move without actually moving them. 12 | 13 | .PARAMETER QuarantinePath 14 | Specifies a custom path to move the orphaned files to. Defaults to "C:\_OrphanedInstallers". 15 | 16 | .EXAMPLE 17 | .\Find-OrphanedInstallers.ps1 -Verbose 18 | Scans for orphans and moves them, showing detailed progress. 19 | 20 | .EXAMPLE 21 | .\Find-OrphanedInstallers.ps1 -DryRun -Verbose 22 | Performs a test run, showing which files are considered orphans without moving anything. 23 | #> 24 | [CmdletBinding()] 25 | param( 26 | [switch]$DryRun, 27 | [string]$QuarantinePath = "C:\_OrphanedInstallers" 28 | ) 29 | 30 | # This script must be run with administrative privileges. 31 | if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { 32 | Write-Warning "This script must be run with administrative privileges. Please re-run it in an elevated PowerShell session." 33 | Start-Sleep -Seconds 5 34 | Exit 35 | } 36 | 37 | # --- SCRIPT START --- 38 | 39 | # 1. Get all installer files physically present on the disk 40 | Write-Host "Step 1: Scanning for all .msi and .msp files in C:\Windows\Installer..." -ForegroundColor Yellow 41 | $installerPath = Join-Path -Path $env:SystemRoot -ChildPath "Installer" 42 | $diskFiles = Get-ChildItem -Path $installerPath -Recurse -Include "*.msi", "*.msp" -ErrorAction SilentlyContinue 43 | 44 | if ($null -eq $diskFiles) { 45 | Write-Host "No .msi or .msp files found in the installer directory. Exiting." -ForegroundColor Green 46 | Exit 47 | } 48 | 49 | # 2. Get all installer files registered by Windows 50 | Write-Host "Step 2: Querying the registry for all *active* installer products and patches..." -ForegroundColor Yellow 51 | $registeredFiles = [System.Collections.Generic.List[string]]::new() 52 | 53 | # Query both Products and Patches registry hives 54 | $registryPaths = @( 55 | "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\*\InstallProperties", 56 | "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\*\InstallProperties" 57 | ) 58 | 59 | foreach ($path in $registryPaths) { 60 | Write-Verbose "Querying registry path: $path" 61 | $items = Get-ItemProperty -Path $path -Name "LocalPackage" -ErrorAction SilentlyContinue 62 | if ($null -ne $items) { 63 | $items.LocalPackage | ForEach-Object { $registeredFiles.Add($_) } 64 | } 65 | } 66 | 67 | # 3. Compare the lists to find orphans 68 | Write-Host "Step 3: Comparing disk files against the registry to find orphans..." -ForegroundColor Yellow 69 | $orphanedFiles = Compare-Object -ReferenceObject $registeredFiles -DifferenceObject $diskFiles.FullName -PassThru | Where-Object { $_ } 70 | 71 | # --- SCRIPT END --- 72 | 73 | # 4. Process the orphans 74 | if ($orphanedFiles.Count -eq 0) { 75 | Write-Host "`nNo orphaned installer files were found. Your system is clean! ✨" -ForegroundColor Green 76 | Exit 77 | } 78 | 79 | Write-Host "`nFound $($orphanedFiles.Count) orphaned files." -ForegroundColor Cyan 80 | 81 | # Create the quarantine directory if it doesn't exist 82 | if (-NOT (Test-Path -Path $QuarantinePath) -AND -NOT $DryRun) { 83 | Write-Verbose "Creating quarantine directory at $QuarantinePath" 84 | New-Item -Path $QuarantinePath -ItemType Directory | Out-Null 85 | } 86 | 87 | $totalSize = 0 88 | foreach ($orphan in $orphanedFiles) { 89 | $fileInfo = Get-Item -Path $orphan 90 | $fileSizeMB = [math]::Round($fileInfo.Length / 1MB, 2) 91 | $totalSize += $fileInfo.Length 92 | 93 | if ($DryRun) { 94 | Write-Host "[DRY RUN] Would move $($fileInfo.Name) ($($fileSizeMB) MB)" -ForegroundColor Gray 95 | } 96 | else { 97 | Write-Host "Moving $($fileInfo.Name) ($($fileSizeMB) MB) to $QuarantinePath" 98 | Move-Item -Path $fileInfo.FullName -Destination $QuarantinePath -Force 99 | } 100 | } 101 | 102 | # 5. Final Report 103 | $totalSizeMB = [math]::Round($totalSize / 1MB, 2) 104 | Write-Host "---" 105 | if ($DryRun) { 106 | Write-Host "[DRY RUN] Process complete." -ForegroundColor Green 107 | Write-Host "A real run would have moved $($orphanedFiles.Count) files, freeing up $($totalSizeMB) MB." -ForegroundColor Green 108 | } 109 | else { 110 | Write-Host "Process Complete! ✅" -ForegroundColor Green 111 | Write-Host "Moved $($orphanedFiles.Count) files to $QuarantinePath, reclaiming $($totalSizeMB) MB of space." -ForegroundColor Green 112 | Write-Host "It is recommended to keep this folder for a few weeks to ensure no applications have issues." -ForegroundColor Yellow 113 | } -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/ClaudeEdits/UninstallBloat.txt: -------------------------------------------------------------------------------- 1 | # Windows Bloatware Removal Script 2 | # ================================ 3 | # This script performs the following tasks: 4 | # 1. Elevates to admin privileges if necessary 5 | # 2. Removes specified AppX packages for all users and from provisioned packages 6 | # 3. Uninstalls specified MSI-based applications 7 | # 8 | # Note: This script requires administrative privileges to run. 9 | # ================================ 10 | 11 | # Verify/Elevate Admin Session 12 | if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { 13 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs 14 | exit 15 | } 16 | 17 | # Determine OS architecture 18 | $SoftwareList = @("SOFTWARE") 19 | if ((Get-CimInstance Win32_OperatingSystem).OSArchitecture -eq "64-bit") { 20 | $SoftwareList += "SOFTWARE\Wow6432Node" 21 | } 22 | 23 | # Define bloatware lists 24 | $AppxBloatList = @( 25 | "*562882FEEB491*", "*549981C3F5F10*", "*ActiproSoftware*", "*Alexa*", "*AIMeetingManager*", 26 | "*AdobePhotoshopExpress*", "*Advertising*", "*ArmouryCrate*", "*Asphalt*", "*ASUSPCAssistant*", 27 | "*AutodeskSketchBook*", "*BingNews*", "*BingSports*", "*BingTranslator*", "*BingWeather*", 28 | "*BubbleWitch3Saga*", "*CandyCrush*", "*Casino*", "*COOKINGFEVER*", "*CyberLink*", 29 | "*Disney*", "*Dolby*", "*DrawboardPDF*", "*Duolingo*", "*ElevocTechnology*", 30 | "*EclipseManager*", "*Facebook*", "*FarmVille*", "*Fitbit*", "*flaregames*", 31 | "*Flipboard*", "*GamingApp*", "*GamingServices*", "*GetHelp*", "*Getstarted*", 32 | "*HPPrinter*", "*iHeartRadio*", "*Instagram*", "*Keeper*", "*king.com*", 33 | "*Lenovo*", "*Lens*", "*LinkedInforWindows*", "*MarchofEmpires*", "*McAfee*", 34 | "*Messaging*", "*MirametrixInc*", "*Microsoft3DViewer*", "*MicrosoftOfficeHub*", 35 | "*MicrosoftSolitaireCollection*", "*Minecraft*", "*MixedReality*", "*MSPaint*", 36 | "*Netflix*", "*NetworkSpeedTest*", "*News*", "*OneConnect*", "*PandoraMediaInc*", 37 | "*People*", "*PhototasticCollage*", "*PicsArt-PhotoStudio*", "*Plex*", "*PolarrPhotoEditor*", 38 | "*PPIProjection*", "*Print3D*", "*Royal Revolt*", "*ScreenSketch*", "*Shazam*", 39 | "*SkypeApp*", "*SlingTV*", "*Spotify*", "*StickyNotes*", "*Sway*", "*MicrosoftTeams*", 40 | "*TheNewYorkTimes*", "*TuneIn*", "*Twitter*", "*Wallet*", "*WebExperience*", 41 | "*Whiteboard*", "*WindowsAlarms*", "*windowscommunicationsapps*", "*WindowsFeedbackHub*", 42 | "*WindowsMaps*", "*WindowsSoundRecorder*", "*WinZip*", "*Wunderlist*", "*Xbox.TCUI*", 43 | "*XboxApp*", "*XboxGameOverlay*", "*XboxGamingOverlay*", "*XboxIdentityProvider*", 44 | "*XboxSpeechToTextOverlay*", "*XING*", "*YourPhone*", "*ZuneMusic*", "*ZuneVideo*", 45 | "*TikTok*", "*ESPN*", "*Messenger*", "*Clipchamp*", "*whatsApp*", "*Prime*", 46 | "*Family*", "*copilot*", "*Mahjong*", "*viber*", "*Sidia*" 47 | ) 48 | 49 | $MsiBloatList = @( 50 | "*mcafee*", "*livesafe*", "*Passportal*" 51 | ) 52 | 53 | function Remove-AppxBloat { 54 | param ( 55 | [string]$AppName 56 | ) 57 | Write-Host "Removing AppX package: $AppName" 58 | Get-AppxPackage -Name $AppName -AllUsers | Remove-AppxPackage -AllUsers -ErrorAction SilentlyContinue -Verbose 59 | Get-AppxPackage -Name $AppName | Remove-AppxPackage -ErrorAction SilentlyContinue -Verbose 60 | Get-AppxProvisionedPackage -Online | Where-Object DisplayName -Like $AppName | Remove-AppxProvisionedPackage -Online -ErrorAction SilentlyContinue -Verbose 61 | } 62 | 63 | function Remove-MsiBloat { 64 | param ( 65 | [string]$AppName 66 | ) 67 | $EntryFound = $false 68 | foreach ($Software in $SoftwareList) { 69 | $RegistryPath = "HKLM:\$Software\Microsoft\Windows\CurrentVersion\Uninstall\*" 70 | $UninstallRegistryObjects = Get-ItemProperty $RegistryPath | Where-Object DisplayName -Like $AppName 71 | 72 | foreach ($UninstallRegistryObject in $UninstallRegistryObjects) { 73 | $EntryFound = $true 74 | $GUID = $UninstallRegistryObject.PSChildName 75 | Write-Host "Uninstalling $($UninstallRegistryObject.DisplayName) version $($UninstallRegistryObject.DisplayVersion)" 76 | Start-Process -Wait -FilePath "MsiExec.exe" -ArgumentList "/X $GUID /qn /norestart" 77 | Write-Host "Waiting for uninstallation to complete..." 78 | Start-Sleep -Seconds 20 79 | } 80 | } 81 | if (-not $EntryFound) { 82 | Write-Host "No match found for MSI application: $AppName" 83 | } 84 | } 85 | 86 | # Main execution 87 | try { 88 | Write-Host "Starting bloatware removal process..." -ForegroundColor Green 89 | 90 | # Remove AppX Bloatware 91 | foreach ($App in $AppxBloatList) { 92 | Remove-AppxBloat -AppName $App 93 | } 94 | 95 | # Remove MSI-based Bloatware 96 | foreach ($App in $MsiBloatList) { 97 | Remove-MsiBloat -AppName $App 98 | } 99 | 100 | Write-Host "Bloatware removal process completed successfully." -ForegroundColor Green 101 | } 102 | catch { 103 | Write-Host "An error occurred during the bloatware removal process: $_" -ForegroundColor Red 104 | } 105 | finally { 106 | Read-Host -Prompt "Press Enter to exit" 107 | } -------------------------------------------------------------------------------- /General/SOFTWARE/DattoRMM/a.DRMM-ScriptingTemplates/DRMM_MonitoringTemplate.ps1: -------------------------------------------------------------------------------- 1 | # 2 | ## Template for Scripting Component Monitors for Datto RMM with PowerShell 3 | # Created by Alex Ivantsov @Exploitacious 4 | 5 | # Script Name and Type 6 | $ScriptName = "Check if Manufacturer is Lenovo" # Quick and easy name of Script to help identify 7 | $ScriptType = "Monitoring" # Monitoring // Remediation 8 | $Date = get-date -Format "MM/dd/yyy hh:mm tt" 9 | 10 | # What to Write if Alert is Healthy 11 | $Global:AlertHealthy = " Healthy XXXXX | Last Checked $Date" # Define what should be displayed in Datto when monitor is healthy and $Global:AlertMsg is blank. 12 | # There is another palce to put NO ALERT Healthy messages down below, to try and capture more script info. 13 | 14 | ## Verify/Elevate to Admin Session. Comment out if not needed the single line below. 15 | # if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit } 16 | 17 | ## Datto RMM Variables ## Uncomment only for testing. Otherwise, use Datto Variables. See Explanation Below. 18 | #$env:usrUDF = 14 # Which UDF to write to. Leave blank to Skip UDF writing. 19 | #$env:usrString = Example # Datto User Input variable "usrString" 20 | 21 | <# 22 | This is a Datto RMM Monitoring Script, used to deliver a result such as "Healthy" or "Not Healthy", in order to trigger the creation of tickets, etc. 23 | 24 | To create Variables in Datto RMM Script component, you must use $env variables in the powershell script, simply by matching the name and adding "env:" before them. 25 | For example, in Datto we can use a variable for user input called "usrUDF" and here we use "$env:usrUDF=" to use that variable. 26 | 27 | You can use as many of these as you like. 28 | 29 | Below you will find all the standard variables to use with Datto RMM to interract with all the the visual, alert and diagnostics cues available from the dashboards. 30 | #># DattoRMM Alert Functions. Don't touch these unless you know what you're doing. 31 | function write-DRMMDiag ($messages) { 32 | Write-Host "`n<-Start Diagnostic->" 33 | foreach ($Message in $Messages) { $Message + ' `' } 34 | Write-Host '<-End Diagnostic->' 35 | Write-Host 36 | } 37 | function write-DRMMAlert ($message) { 38 | Write-Host "`n<-Start Result->" 39 | Write-Host "STATUS=$message" 40 | Write-Host '<-End Result->' 41 | } 42 | function genRandString ([int]$length, [string]$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { 43 | return -join ((1..$length) | ForEach-Object { Get-Random -InputObject $chars.ToCharArray() }) 44 | } 45 | # Extra Info and Variables (Leave at default) 46 | $Global:DiagMsg = @() # Running Diagnostic log (diaglog). Use " $Global:DiagMsg += " to append messages to this log for verboseness in the script. 47 | $Global:AlertMsg = @() # Combined Alert message. If left blank, will not trigger Alert status. Use " $Global:AlertMsg += " to append messages to be alerted on in Datto. 48 | $Global:varUDFString = @() # String which will be written to UDF, if UDF Number is defined by $usrUDF in Datto. Use " $Global:varUDFString += " to fill this string. 49 | $ScriptUID = GenRANDString 20 # Generate random UID for script 50 | $Global:DiagMsg += "Script Type: " + $ScriptType 51 | $Global:DiagMsg += "Script Name: " + $ScriptName 52 | $Global:DiagMsg += "Script UID: " + $ScriptUID 53 | $Global:DiagMsg += "Executed On: " + $Date 54 | ################################## 55 | ################################## 56 | ######## Start of Script ######### 57 | 58 | 59 | 60 | ### Script Goes Here ### 61 | 62 | 63 | 64 | ######## End of Script ########### 65 | ################################## 66 | ################################## 67 | ### Write to UDF if usrUDF (Write To) Number is defined. (Optional) 68 | if ($env:usrUDF -ge 1) { 69 | if ($Global:varUDFString.length -gt 255) { 70 | # Write UDF to diaglog 71 | $Global:DiagMsg += " - Writing to UDF $env:usrUDF : " + $Global:varUDFString 72 | # Limit UDF Entry to 255 Characters 73 | Set-ItemProperty -Path "HKLM:\Software\CentraStage" -Name custom$env:usrUDF -Value $($varUDFString.substring(0, 255)) -Force 74 | } 75 | else { 76 | # Write to diagLog and UDF 77 | $Global:DiagMsg += " - Writing to UDF $env:usrUDF : " + $Global:varUDFString 78 | Set-ItemProperty -Path "HKLM:\Software\CentraStage" -Name custom$env:usrUDF -Value $($varUDFString) -Force 79 | } 80 | } 81 | ### Exit script with proper Datto alerting, diagnostic and API Results. 82 | ####################################################################### 83 | if ($Global:AlertMsg) { 84 | # If your AlertMsg has value, this is how it will get reported. 85 | $Global:DiagMsg += "Exiting Script with Exit Code 1 (Trigger Alert)" 86 | write-DRMMAlert $Global:AlertMsg 87 | write-DRMMDiag $Global:DiagMsg 88 | 89 | # Exit 1 means DISPLAY ALERT 90 | Exit 1 91 | } 92 | else { 93 | # If the AlertMsg variable is blank (nothing was added), the script will report healthy status with whatever was defined above. 94 | $Global:DiagMsg += "Leaving Script with Exit Code 0 (No Alert)" 95 | 96 | ##### You may alter the NO ALERT Exit Message ##### 97 | write-DRMMAlert "No Alert Message Here $Global:AlertHealthy" 98 | write-DRMMDiag $Global:DiagMsg 99 | 100 | # Exit 0 means all is well. No Alert. 101 | Exit 0 102 | } -------------------------------------------------------------------------------- /General/SOFTWARE/CloudRadial/CloudRadial-Uninstall.ps1: -------------------------------------------------------------------------------- 1 | # Script Title: CloudRadial Agent Uninstallation 2 | # Description: Silently uninstalls the CloudRadial agent from the target device. 3 | 4 | # Script Name and Type 5 | $ScriptName = "CloudRadial Agent Uninstallation" 6 | $ScriptType = "Remediation" # Or "Monitoring", "General", etc. 7 | $Date = Get-Date -Format "MM/dd/yyyy hh:mm tt" 8 | 9 | ## HARD-CODED VARIABLES ## 10 | # This section is for variables that are not meant to be configured via NinjaRMM script parameters. 11 | $uninstallerPath = "C:\Program Files (x86)\CloudRadial Agent\unins000.exe" 12 | 13 | ## CONFIG RMM VARIABLES ### Create the following variables in your NinjaRMM script configuration: 14 | # customFieldName (Text): The name of the Text Custom Field to write the status to. 15 | 16 | # What to Write if Alert is Healthy 17 | $Global:AlertHealthy = "System state is nominal. | Last Checked $Date" 18 | 19 | # Log/Diagnostic Messaging 20 | function write-RMMDiag ($messages) { 21 | Write-Host "`n<-Start Diagnostic->" 22 | foreach ($Message in $Messages) { $Message + ' `' } 23 | Write-Host '<-End Diagnostic->' 24 | Write-Host 25 | } 26 | $Global:DiagMsg = @() 27 | 28 | # Alert Messaging 29 | function write-RMMAlert ($message) { 30 | Write-Host "`n<-Start Result->" 31 | Write-Host "STATUS=$message" 32 | Write-Host '<-End Result->' 33 | } 34 | $Global:AlertMsg = @() 35 | 36 | # RMM Custom Field. 37 | $Global:customFieldMessage = @() 38 | 39 | # Script UID and intro messaging 40 | function genRandString ([int]$length, [string]$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { 41 | return -join ((1..$length) | ForEach-Object { Get-Random -InputObject $chars.ToCharArray() }) 42 | } 43 | $ScriptUID = GenRANDString 20 44 | $Global:DiagMsg += "Script Type: $ScriptType" 45 | $Global:DiagMsg += "Script Name: $ScriptName" 46 | $Global:DiagMsg += "Script UID: $ScriptUID" 47 | $Global:DiagMsg += "Executed On: $Date" 48 | 49 | ################################## 50 | ################################## 51 | ######## Start of Script ######### 52 | 53 | try { 54 | $Global:DiagMsg += "Checking for uninstaller at: $uninstallerPath" 55 | 56 | if (Test-Path -Path $uninstallerPath -PathType Leaf) { 57 | $Global:DiagMsg += "Uninstaller found. Starting silent uninstallation..." 58 | $installArgs = "/SILENT" 59 | 60 | try { 61 | $process = Start-Process -FilePath $uninstallerPath -ArgumentList $installArgs -PassThru -ErrorAction Stop 62 | $Global:DiagMsg += "Waiting for uninstallation process (PID: $($process.Id)) to complete..." 63 | 64 | $process | Wait-Process -ErrorAction Stop 65 | 66 | $exitCode = $process.ExitCode 67 | $Global:DiagMsg += "Uninstallation process finished with exit code: $exitCode" 68 | 69 | if ($exitCode -ne 0) { 70 | # Note: Some uninstallers exit non-zero even on success. We'll report it but not fail the script. 71 | $Global:DiagMsg += "Warning: Uninstaller finished with a non-zero exit code: $exitCode." 72 | } 73 | 74 | $Global:customFieldMessage = "CloudRadial Agent uninstallation command executed successfully. ($Date)" 75 | $Global:AlertHealthy = "CloudRadial Agent uninstalled successfully. | Last Checked $Date" 76 | 77 | } 78 | catch { 79 | throw "Failed to start or monitor the uninstallation process. Error: $($_.Exception.Message)" 80 | } 81 | 82 | } 83 | else { 84 | $Global:DiagMsg += "Uninstaller not found at path. Agent is likely already uninstalled." 85 | $Global:customFieldMessage = "CloudRadial Agent not found (or already uninstalled). ($Date)" 86 | $Global:AlertHealthy = "CloudRadial Agent not found. | Last Checked $Date" 87 | } 88 | } 89 | catch { 90 | # Format the error message for the Custom Field 91 | $errorMessage = $_.Exception.Message.Split([Environment]::NewLine)[0] # Get first line of error 92 | $Global:DiagMsg += "An unexpected error occurred: $($_.Exception.Message)" 93 | $Global:AlertMsg = "CloudRadial Agent uninstallation FAILED. See diagnostics. | Last Checked $Date" 94 | $Global:customFieldMessage = "CloudRadial Agent uninstallation FAILED. Error: $errorMessage ($Date)" 95 | } 96 | 97 | 98 | ######## End of Script ########### 99 | ################################## 100 | ################################## 101 | 102 | # Write the collected information to the specified Custom Field before exiting. 103 | if ($env:customFieldName) { 104 | $Global:DiagMsg += "Attempting to write '$($Global:customFieldMessage)' to Custom Field '$($env:customFieldName)'." 105 | try { 106 | Ninja-Property-Set -Name $env:customFieldName -Value $Global:customFieldMessage 107 | $Global:DiagMsg += "Successfully updated Custom Field." 108 | } 109 | catch { 110 | $Global:DiagMsg += "Error writing to Custom Field '$($env:customFieldName)': $($_.Exception.Message)" 111 | } 112 | } 113 | else { 114 | $Global:DiagMsg += "Custom Field name not provided in RMM variable 'customFieldName'. Skipping update." 115 | } 116 | 117 | if ($Global:AlertMsg) { 118 | $Global:DiagMsg += "Exiting Script with Exit Code 1 (Trigger Alert)" 119 | write-RMMAlert $Global:AlertMsg 120 | write-RMMDiag $Global:DiagMsg 121 | Exit 1 122 | } 123 | else { 124 | $Global:DiagMsg += "Leaving Script with Exit Code 0 (No Alert)" 125 | write-RMMAlert $Global:AlertHealthy 126 | write-RMMDiag $Global:DiagMsg 127 | Exit 0 128 | } -------------------------------------------------------------------------------- /NotWindows/dotFiles/.zshrc: -------------------------------------------------------------------------------- 1 | # If you come from bash you might have to change your $PATH. 2 | # export PATH=$HOME/bin:$HOME/.local/bin:/usr/local/bin:$PATH 3 | 4 | # Path to your oh-my-zsh installation. 5 | export ZSH="$HOME/.oh-my-zsh" 6 | 7 | # Set name of the theme to load --- if set to "random", it will 8 | # load a random theme each time oh-my-zsh is loaded, in which case, 9 | # to know which specific one was loaded, run: echo $RANDOM_THEME 10 | # See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes 11 | ZSH_THEME="jispwoso" 12 | 13 | # Set list of themes to pick from when loading at random 14 | # Setting this variable when ZSH_THEME=random will cause zsh to load 15 | # a theme from this variable instead of looking in $ZSH/themes/ 16 | # If set to an empty array, this variable will have no effect. 17 | # ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" ) 18 | 19 | # Uncomment the following line to use case-sensitive completion. 20 | # CASE_SENSITIVE="true" 21 | 22 | # Uncomment the following line to use hyphen-insensitive completion. 23 | # Case-sensitive completion must be off. _ and - will be interchangeable. 24 | HYPHEN_INSENSITIVE="true" 25 | 26 | # Uncomment one of the following lines to change the auto-update behavior 27 | # zstyle ':omz:update' mode disabled # disable automatic updates 28 | zstyle ':omz:update' mode auto # update automatically without asking 29 | # zstyle ':omz:update' mode reminder # just remind me to update when it's time 30 | 31 | # Uncomment the following line to change how often to auto-update (in days). 32 | # zstyle ':omz:update' frequency 13 33 | 34 | # Uncomment the following line if pasting URLs and other text is messed up. 35 | # DISABLE_MAGIC_FUNCTIONS="true" 36 | 37 | # Uncomment the following line to disable colors in ls. 38 | # DISABLE_LS_COLORS="true" 39 | 40 | # Uncomment the following line to disable auto-setting terminal title. 41 | # DISABLE_AUTO_TITLE="true" 42 | 43 | # Uncomment the following line to enable command auto-correction. 44 | ENABLE_CORRECTION="true" 45 | 46 | # Uncomment the following line to display red dots whilst waiting for completion. 47 | # You can also set it to another string to have that shown instead of the default red dots. 48 | # e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f" 49 | # Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765) 50 | COMPLETION_WAITING_DOTS="true" 51 | 52 | # Uncomment the following line if you want to disable marking untracked files 53 | # under VCS as dirty. This makes repository status check for large repositories 54 | # much, much faster. 55 | # DISABLE_UNTRACKED_FILES_DIRTY="true" 56 | 57 | # Uncomment the following line if you want to change the command execution time 58 | # stamp shown in the history command output. 59 | # You can set one of the optional three formats: 60 | # "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd" 61 | # or set a custom format using the strftime function format specifications, 62 | # see 'man strftime' for details. 63 | # HIST_STAMPS="mm/dd/yyyy" 64 | 65 | # Would you like to use another custom folder than $ZSH/custom? 66 | # ZSH_CUSTOM=/path/to/new-custom-folder 67 | 68 | # Which plugins would you like to load? 69 | # Standard plugins can be found in $ZSH/plugins/ 70 | # Custom plugins may be added to $ZSH_CUSTOM/plugins/ 71 | # Example format: plugins=(rails git textmate ruby lighthouse) 72 | # Add wisely, as too many plugins slow down shell startup. 73 | plugins=(git) 74 | 75 | source $ZSH/oh-my-zsh.sh 76 | 77 | # User configuration 78 | 79 | # export MANPATH="/usr/local/man:$MANPATH" 80 | 81 | # You may need to manually set your language environment 82 | # export LANG=en_US.UTF-8 83 | 84 | # Preferred editor for local and remote sessions 85 | # if [[ -n $SSH_CONNECTION ]]; then 86 | # export EDITOR='vim' 87 | # else 88 | # export EDITOR='mvim' 89 | # fi 90 | 91 | # Compilation flags 92 | # export ARCHFLAGS="-arch x86_64" 93 | 94 | # Set personal aliases, overriding those provided by oh-my-zsh libs, 95 | # plugins, and themes. Aliases can be placed here, though oh-my-zsh 96 | # users are encouraged to define aliases within the ZSH_CUSTOM folder. 97 | # For a full list of active aliases, run `alias`. 98 | # 99 | ### Aliases 100 | # Example aliases 101 | # alias zshconfig="mate ~/.zshrc" 102 | # alias ohmyzsh="mate ~/.oh-my-zsh" 103 | #Shell 104 | alias c="clear" 105 | alias x="exit" 106 | alias e="code -n ~/ ~/.zshrc ~/.config/neofetch/config.conf" #ExtrasIfNeeded: ~/.aliases ~/.colors ~/.hooks 107 | alias r="source ~/.zshrc" 108 | alias vsc="cd /mnt/c/users/Alex/VSCODE" 109 | alias h="history -10" # last 10 history commands 110 | alias hc="history -c" # clear history 111 | alias hg="history | grep " # +command 112 | alias ag="alias | grep " # +command 113 | alias sapu='sudo apt-get update' 114 | alias ls='ls -alFh --color=auto --time-style=long-iso' 115 | alias ll='ls -alFh --color=auto --time-style=long-iso' 116 | alias cd..='cd ..' 117 | alias cd...='cd .. && cd ..' 118 | #Utilities 119 | alias connectnord='sudo /usr/local/bin/launch_nordvpn' 120 | alias desktop='kex --win -s' 121 | alias gcu="git config user.name \"Alex Ivantsov\" && git config user.email \"alex@ivantsov.tech\"" 122 | alias myip='curl http://ipecho.net/plain; echo' 123 | alias distro='cat /etc/*-release' 124 | alias rustscan='sudo docker run --rm --name rustscan --privileged -v /dev:/dev -v /home/master/.rustscan:/home/rustscan:ro rustscan/rustscan:2.1.1' 125 | # Created by `pipx` on 2024-06-01 17:58:38 126 | export PATH="$PATH:/home/master/.local/bin" 127 | 128 | #Neofetch 129 | neofetch 130 | 131 | if [ -f "/home/master/.config/fabric/fabric-bootstrap.inc" ]; then . "/home/master/.config/fabric/fabric-bootstrap.inc"; fi -------------------------------------------------------------------------------- /DattoRMM/DeviceOnline/DeviceOnlineAlert.ps1: -------------------------------------------------------------------------------- 1 | # 2 | ## Template for Scripting Component Monitors for Datto RMM with PowerShell 3 | # Created by Alex Ivantsov @Exploitacious 4 | 5 | # Script Name and Type 6 | $ScriptName = "Device Online Alert" # Quick and easy name of Script to help identify 7 | $ScriptType = "Monitoring" # Monitoring // Remediation 8 | $Date = get-date -Format "MM/dd/yyy hh:mm tt" 9 | 10 | # What to Write if Alert is Healthy 11 | $Global:AlertHealthy = "This monitor should always be in an alert state." # Define what should be displayed in Datto when monitor is healthy and $Global:AlertMsg is blank. 12 | # There is another palce to put NO ALERT Healthy messages down below, to try and capture more script info. 13 | 14 | ## Verify/Elevate to Admin Session. Comment out if not needed the single line below. 15 | # if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit } 16 | 17 | ## Datto RMM Variables ## Uncomment only for testing. Otherwise, use Datto Variables. See Explanation Below. 18 | #$env:usrUDF = 14 # Which UDF to write to. Leave blank to Skip UDF writing. 19 | #$env:usrString = Example # Datto User Input variable "usrString" 20 | 21 | <# 22 | This is a Datto RMM Monitoring Script, used to deliver a result such as "Healthy" or "Not Healthy", in order to trigger the creation of tickets, etc. 23 | 24 | To create Variables in Datto RMM Script component, you must use $env variables in the powershell script, simply by matching the name and adding "env:" before them. 25 | For example, in Datto we can use a variable for user input called "usrUDF" and here we use "$env:usrUDF=" to use that variable. 26 | 27 | You can use as many of these as you like. 28 | 29 | Below you will find all the standard variables to use with Datto RMM to interract with all the the visual, alert and diagnostics cues available from the dashboards. 30 | #># DattoRMM Alert Functions. Don't touch these unless you know what you're doing. 31 | function write-DRMMDiag ($messages) { 32 | Write-Host "`n<-Start Diagnostic->" 33 | foreach ($Message in $Messages) { $Message + ' `' } 34 | Write-Host '<-End Diagnostic->' 35 | Write-Host 36 | } 37 | function write-DRMMAlert ($message) { 38 | Write-Host "`n<-Start Result->" 39 | Write-Host "STATUS=$message" 40 | Write-Host '<-End Result->' 41 | } 42 | function genRandString ([int]$length, [string]$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { 43 | return -join ((1..$length) | ForEach-Object { Get-Random -InputObject $chars.ToCharArray() }) 44 | } 45 | # Extra Info and Variables (Leave at default) 46 | $Global:DiagMsg = @() # Running Diagnostic log (diaglog). Use " $Global:DiagMsg += " to append messages to this log for verboseness in the script. 47 | $Global:AlertMsg = @() # Combined Alert message. If left blank, will not trigger Alert status. Use " $Global:AlertMsg += " to append messages to be alerted on in Datto. 48 | $Global:varUDFString = @() # String which will be written to UDF, if UDF Number is defined by $usrUDF in Datto. Use " $Global:varUDFString += " to fill this string. 49 | $ScriptUID = GenRANDString 20 # Generate random UID for script 50 | $Global:DiagMsg += "Script Type: " + $ScriptType 51 | $Global:DiagMsg += "Script Name: " + $ScriptName 52 | $Global:DiagMsg += "Script UID: " + $ScriptUID 53 | $Global:DiagMsg += "Executed On: " + $Date 54 | ################################## 55 | ################################## 56 | ######## Start of Script ######### 57 | 58 | 59 | 60 | ### Script Goes Here ### 61 | $hostname = $env:COMPUTERNAME 62 | $Global:AlertMsg += "DEVICE IS ONLINE: $hostname reported online at $Date." 63 | $Global:DiagMsg += "Intentionally triggering alert to confirm device connectivity." 64 | 65 | 66 | 67 | ######## End of Script ########### 68 | ################################## 69 | ################################## 70 | ### Write to UDF if usrUDF (Write To) Number is defined. (Optional) 71 | if ($env:usrUDF -ge 1) { 72 | if ($Global:varUDFString.length -gt 255) { 73 | # Write UDF to diaglog 74 | $Global:DiagMsg += " - Writing to UDF $env:usrUDF : " + $Global:varUDFString 75 | # Limit UDF Entry to 255 Characters 76 | Set-ItemProperty -Path "HKLM:\Software\CentraStage" -Name custom$env:usrUDF -Value $($varUDFString.substring(0, 255)) -Force 77 | } 78 | else { 79 | # Write to diagLog and UDF 80 | $Global:DiagMsg += " - Writing to UDF $env:usrUDF : " + $Global:varUDFString 81 | Set-ItemProperty -Path "HKLM:\Software\CentraStage" -Name custom$env:usrUDF -Value $($varUDFString) -Force 82 | } 83 | } 84 | ### Exit script with proper Datto alerting, diagnostic and API Results. 85 | ####################################################################### 86 | if ($Global:AlertMsg) { 87 | # If your AlertMsg has value, this is how it will get reported. 88 | $Global:DiagMsg += "Exiting Script with Exit Code 1 (Trigger Alert)" 89 | write-DRMMAlert $Global:AlertMsg 90 | write-DRMMDiag $Global:DiagMsg 91 | 92 | # Exit 1 means DISPLAY ALERT 93 | Exit 1 94 | } 95 | else { 96 | # If the AlertMsg variable is blank (nothing was added), the script will report healthy status with whatever was defined above. 97 | $Global:DiagMsg += "Leaving Script with Exit Code 0 (No Alert)" 98 | 99 | ##### You may alter the NO ALERT Exit Message ##### 100 | write-DRMMAlert "No Alert Message Here $Global:AlertHealthy" 101 | write-DRMMDiag $Global:DiagMsg 102 | 103 | # Exit 0 means all is well. No Alert. 104 | Exit 0 105 | } -------------------------------------------------------------------------------- /General/SOFTWARE/NinjaRMM/UmbrellaNinjaRMMInstaller.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Downloads and installs an MSI package from a given URL. 4 | 5 | .DESCRIPTION 6 | This script downloads an MSI installer from a specified URL to a temporary directory, 7 | then runs the installer silently with verbose logging. The script is designed for 8 | PowerShell 5.1 and does not require any external modules. All user-configurable 9 | variables are located at the beginning of the script. 10 | 11 | .AUTHOR 12 | Alex Ivantsov 13 | 14 | .DATE 15 | 2025-10-09 16 | #> 17 | 18 | #-------------------------------------------------------------------------------- 19 | # --- User-Configurable Variables --- 20 | #-------------------------------------------------------------------------------- 21 | 22 | # The direct download URL for the MSI installer. 23 | $msiUrl = "" 24 | 25 | # The directory where the MSI and log files will be saved. 26 | # Using the user's temporary folder by default. 27 | $tempDirectory = $env:TEMP 28 | 29 | # The name for the downloaded MSI file. 30 | $msiFileName = "Installer.msi" 31 | 32 | # The name for the installation log file. 33 | $logFileName = "Msi-Install-Log.log" 34 | 35 | 36 | #-------------------------------------------------------------------------------- 37 | # --- Functions --- 38 | #-------------------------------------------------------------------------------- 39 | 40 | Function Download-MsiFile { 41 | <# 42 | .SYNOPSIS 43 | Downloads the MSI file from the specified URL. 44 | #> 45 | param ( 46 | [Parameter(Mandatory = $true)] 47 | [string]$Url, 48 | 49 | [Parameter(Mandatory = $true)] 50 | [string]$DestinationPath 51 | ) 52 | 53 | # --- CHANGE --- 54 | # Define a User Agent string that mimics a standard web browser. 55 | $userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 56 | 57 | Write-Verbose "Starting download of MSI from '$Url'..." 58 | try { 59 | # Using Invoke-WebRequest to download the file. 60 | # Added the -UserAgent parameter to mimic a browser request. 61 | Invoke-WebRequest -Uri $Url -OutFile $DestinationPath -UserAgent $userAgent -UseBasicParsing -Verbose 62 | Write-Host "Successfully downloaded MSI to '$DestinationPath'." 63 | return $true 64 | } 65 | catch { 66 | # Provide a more detailed error message for 403 errors. 67 | if ($_.Exception.Response.StatusCode.Value__ -eq 403) { 68 | Write-Error "Failed to download MSI. The server returned a '403 Forbidden' error. This link may be expired or require authentication." 69 | } 70 | else { 71 | Write-Error "Failed to download MSI. Error: $_" 72 | } 73 | return $false 74 | } 75 | } 76 | Function Install-MsiPackage { 77 | <# 78 | .SYNOPSIS 79 | Installs the MSI package silently. 80 | #> 81 | param ( 82 | [Parameter(Mandatory = $true)] 83 | [string]$MsiPath, 84 | 85 | [Parameter(Mandatory = $true)] 86 | [string]$LogPath 87 | ) 88 | 89 | Write-Verbose "Starting installation of MSI package from '$MsiPath'..." 90 | Write-Verbose "A detailed log will be created at '$LogPath'." 91 | 92 | # Arguments for msiexec.exe: 93 | # /i - Specifies the installation of a package. 94 | # /qn - Specifies a quiet, no-UI installation. 95 | # /L*v - Creates a verbose log file at the specified path. 96 | $msiArgs = "/i `"$MsiPath`" /qn /L*v `"$LogPath`"" 97 | 98 | try { 99 | # Start the msiexec process and wait for it to complete. 100 | $process = Start-Process -FilePath "msiexec.exe" -ArgumentList $msiArgs -Wait -PassThru -Verbose 101 | 102 | # Check the exit code of the process. 0 usually means success. 103 | if ($process.ExitCode -eq 0) { 104 | Write-Host "MSI installation completed successfully." 105 | return $true 106 | } 107 | else { 108 | Write-Warning "MSI installation completed with a non-zero exit code: $($process.ExitCode)." 109 | Write-Warning "This may indicate an error. Check the log file for details: $LogPath" 110 | return $false 111 | } 112 | } 113 | catch { 114 | Write-Error "An error occurred while trying to run the MSI installer. Error: $_" 115 | return $false 116 | } 117 | } 118 | 119 | 120 | #-------------------------------------------------------------------------------- 121 | # --- Main Execution --- 122 | #-------------------------------------------------------------------------------- 123 | 124 | # Set the VerbosePreference to 'Continue' to ensure verbose messages are displayed. 125 | $VerbosePreference = 'Continue' 126 | 127 | # Construct the full paths for the MSI and log files. 128 | $msiFullPath = Join-Path -Path $tempDirectory -ChildPath $msiFileName 129 | $logFullPath = Join-Path -Path $tempDirectory -ChildPath $logFileName 130 | 131 | Write-Host "--- Starting MSI Installer Script ---" 132 | 133 | # Step 1: Download the MSI file. 134 | if (Download-MsiFile -Url $msiUrl -DestinationPath $msiFullPath) { 135 | 136 | # Step 2: If the download was successful, proceed with the installation. 137 | Install-MsiPackage -MsiPath $msiFullPath -LogPath $logFullPath 138 | } 139 | else { 140 | Write-Error "Skipping installation due to download failure." 141 | } 142 | 143 | # Clean up the downloaded MSI file. 144 | if (Test-Path -Path $msiFullPath) { 145 | Write-Verbose "Removing temporary MSI file: '$msiFullPath'" 146 | Remove-Item -Path $msiFullPath -Force -ErrorAction SilentlyContinue 147 | } 148 | 149 | Write-Host "--- Script Execution Finished ---" -------------------------------------------------------------------------------- /General/SOFTWARE/Nodeware/Nodeware-Installer.ps1: -------------------------------------------------------------------------------- 1 | # Script Title: Nodeware Agent Deployment 2 | # Description: Downloads and installs the Nodeware Windows agent using a customer ID stored in an Organization-Level Custom Field. 3 | 4 | # Script Name and Type 5 | $ScriptName = "Nodeware Agent Deployment" 6 | $ScriptType = "Remediation" # This script installs software. 7 | $Date = Get-Date -Format "MM/dd/yyyy hh:mm tt" 8 | 9 | ## HARD-CODED VARIABLES ## 10 | # This section is for variables that are not meant to be configured via NinjaRMM script parameters. 11 | $downloadUrl = "https://downloads.nodeware.com/agent/windows/NodewareAgentSetup.msi" 12 | $msiName = "NodewareAgentSetup.msi" 13 | $workDir = "C:\Temp\" 14 | $msiPath = Join-Path -Path $workDir -ChildPath $msiName 15 | 16 | ## ORG-LEVEL EXPECTED VARIABLES ## 17 | # This script expects an Organization-Level Custom Field with the exact name 'nodewareCustomerID'. 18 | $orgCustomFieldName = 'nodewareCustomerID' 19 | 20 | ## CONFIG RMM VARIABLES ## 21 | # Create the following variables in your NinjaRMM script configuration: 22 | # customFieldName (Text): The name of the Text Custom Field to write the final status to. (e.g., 'Nodeware Agent Status') 23 | 24 | 25 | # What to Write if Alert is Healthy 26 | $Global:AlertHealthy = "Nodeware agent installation script completed successfully. | Last Checked $Date" 27 | 28 | # Log/Diagnostic Messaging 29 | function write-RMMDiag ($messages) { 30 | Write-Host "`n<-Start Diagnostic->" 31 | foreach ($Message in $Messages) { $Message + ' `' } 32 | Write-Host '<-End Diagnostic->' 33 | Write-Host 34 | } 35 | $Global:DiagMsg = @() 36 | 37 | # Alert Messaging 38 | function write-RMMAlert ($message) { 39 | Write-Host "`n<-Start Result->" 40 | Write-Host "STATUS=$message" 41 | Write-Host '<-End Result->' 42 | } 43 | $Global:AlertMsg = @() 44 | 45 | # RMM Custom Field. 46 | $Global:customFieldMessage = @() 47 | 48 | # Script UID and intro messaging 49 | function genRandString ([int]$length, [string]$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ01234156789') { 50 | return -join ((1..$length) | ForEach-Object { Get-Random -InputObject $chars.ToCharArray() }) 51 | } 52 | $ScriptUID = GenRANDString 20 53 | $Global:DiagMsg += "Script Type: $ScriptType" 54 | $Global:DiagMsg += "Script Name: $ScriptName" 55 | $Global:DiagMsg += "Script UID: $ScriptUID" 56 | $Global:DiagMsg += "Executed On: $Date" 57 | 58 | ################################## 59 | ################################## 60 | ######## Start of Script ######### 61 | 62 | try { 63 | # 1. Retrieve the Nodeware Customer ID from the Organization Custom Field 64 | $Global:DiagMsg += "Attempting to retrieve Nodeware Customer ID from Org Custom Field: '$orgCustomFieldName'" 65 | $nodewareCustomerID = (Ninja-Property-Get -Name $orgCustomFieldName).Value 66 | 67 | if (-not $nodewareCustomerID) { 68 | $Global:AlertMsg = "Error: Nodeware Customer ID is missing or empty in the Organization Custom Field '$orgCustomFieldName'. Cannot proceed with installation. | Last Checked $Date" 69 | $Global:customFieldMessage = "Failed: Org Custom Field '$orgCustomFieldName' is not set. ($Date)" 70 | } 71 | else { 72 | $Global:DiagMsg += "Successfully retrieved Customer ID: $nodewareCustomerID" 73 | 74 | # 2. Download the MSI installer 75 | $Global:DiagMsg += "Downloading Nodeware agent from $downloadUrl to $msiPath" 76 | Invoke-WebRequest -Uri $downloadUrl -OutFile $msiPath 77 | $Global:DiagMsg += "Download command issued." 78 | 79 | # 3. Verify download and install 80 | if (Test-Path -Path $msiPath -PathType Leaf) { 81 | $Global:DiagMsg += "Installer downloaded successfully. Starting silent installation..." 82 | $ArgumentList = "/i `"$msiPath`" /q CUSTOMERID=$nodewareCustomerID" 83 | $Global:DiagMsg += "Executing: msiexec.exe $ArgumentList" 84 | 85 | Start-Process -FilePath "msiexec.exe" -ArgumentList $ArgumentList -Wait -PassThru 86 | 87 | $Global:DiagMsg += "Installation process finished." 88 | $Global:customFieldMessage = "Nodeware agent installed successfully. ($Date)" 89 | } 90 | else { 91 | $Global:AlertMsg = "Error: Failed to download the Nodeware agent MSI from the specified URL. | Last Checked $Date" 92 | $Global:customFieldMessage = "Failed: Could not download installer. ($Date)" 93 | } 94 | } 95 | } 96 | catch { 97 | $Global:DiagMsg += "An unexpected error occurred: $($_.Exception.Message)" 98 | $Global:AlertMsg = "Script failed with an unexpected error. See diagnostics for details. | Last Checked $Date" 99 | $Global:customFieldMessage = "Script failed with an unexpected error. ($Date)" 100 | } 101 | 102 | 103 | ######## End of Script ########### 104 | ################################## 105 | ################################## 106 | 107 | # Write the collected information to the specified Custom Field before exiting. 108 | if ($env:customFieldName) { 109 | $Global:DiagMsg += "Attempting to write '$($Global:customFieldMessage)' to Custom Field '$($env:customFieldName)'." 110 | try { 111 | Ninja-Property-Set -Name $env:customFieldName -Value $Global:customFieldMessage 112 | $Global:DiagMsg += "Successfully updated Custom Field." 113 | } 114 | catch { 115 | $Global:DiagMsg += "Error writing to Custom Field '$($env:customFieldName)': $($_.Exception.Message)" 116 | } 117 | } 118 | else { 119 | $Global:DiagMsg += "Custom Field name not provided in RMM variable 'customFieldName'. Skipping update." 120 | } 121 | 122 | if ($Global:AlertMsg) { 123 | $Global:DiagMsg += "Exiting Script with Exit Code 1 (Trigger Alert)" 124 | write-RMMAlert $Global:AlertMsg 125 | write-RMMDiag $Global:DiagMsg 126 | Exit 1 127 | } 128 | else { 129 | $Global:DiagMsg += "Leaving Script with Exit Code 0 (No Alert)" 130 | write-RMMAlert $Global:AlertHealthy 131 | write-RMMDiag $Global:DiagMsg 132 | Exit 0 133 | } -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/ClaudeEdits/Cmd-HKLM.txt: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | REM ===================================================== 5 | REM Windows 10/11 System-wide Customization Script 6 | REM ===================================================== 7 | REM This script modifies various Windows system-wide settings to: 8 | REM 1. Customize desktop and taskbar 9 | REM 2. Adjust privacy settings 10 | REM 3. Modify Explorer and context menu behavior 11 | REM 4. Customize Windows 11 specific features (if applicable) 12 | REM 13 | REM Note: This script modifies system-wide registry settings. Use with caution. 14 | REM ===================================================== 15 | 16 | REM Check Windows version 17 | for /f "tokens=4-5 delims=. " %%i in ('ver') do set VERSION=%%i.%%j 18 | if "%VERSION%" == "10.0" ( 19 | for /f "tokens=2 delims==" %%a in ('wmic os get BuildNumber /value ^| find "="') do set BUILD=%%a 20 | ) 21 | 22 | REM Function to add or modify registry keys 23 | :AddOrUpdateReg 24 | reg add %1 /v %2 /t %3 /d %4 /f >nul 2>&1 25 | goto :eof 26 | 27 | REM ===================================================== 28 | REM 1. Customize desktop and taskbar (Windows 10 and 11) 29 | REM ===================================================== 30 | 31 | REM Disable Microsoft Edge shortcut creation on desktop for new user profiles 32 | call :AddOrUpdateReg "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" "DisableEdgeDesktopShortcutCreation" REG_DWORD 1 33 | del "%userprofile%\Desktop\Microsoft Edge.lnk" 2>nul 34 | 35 | REM Hide Meet Now icon in the taskbar 36 | call :AddOrUpdateReg "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" "HideSCAMeetNow" REG_DWORD 1 37 | 38 | REM ===================================================== 39 | REM 2. Adjust privacy settings (Windows 10 and 11) 40 | REM ===================================================== 41 | 42 | REM Disable automatic restart sign-on 43 | call :AddOrUpdateReg "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" "DisableAutomaticRestartSignOn" REG_DWORD 1 44 | 45 | REM Disable advertising ID 46 | call :AddOrUpdateReg "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" "DisabledByGroupPolicy" REG_DWORD 1 47 | 48 | REM Set diagnostic data to Basic 49 | call :AddOrUpdateReg "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "AllowTelemetry" REG_DWORD 1 50 | 51 | REM Disable diagnostic data viewer 52 | call :AddOrUpdateReg "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "DisableDiagnosticDataViewer" REG_DWORD 1 53 | 54 | REM Disable feedback notifications 55 | call :AddOrUpdateReg "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" "DoNotShowFeedbackNotifications" REG_DWORD 1 56 | 57 | REM Set troubleshooting behavior 58 | call :AddOrUpdateReg "HKLM\SOFTWARE\Microsoft\WindowsMitigation" "UserPreference" REG_DWORD 2 59 | 60 | REM Disable activity history collection 61 | call :AddOrUpdateReg "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" "PublishUserActivities" REG_DWORD 0 62 | 63 | REM ===================================================== 64 | REM 3. Modify Explorer and context menu behavior (Windows 10 and 11) 65 | REM ===================================================== 66 | 67 | REM Remove 3D Objects folder from This PC 68 | reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f >nul 2>&1 69 | reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f >nul 2>&1 70 | 71 | REM Add "Open elevated PowerShell window here" to context menu 72 | call :AddOrUpdateReg "HKCR\Directory\Background\shell\PowerShellAsAdmin" "" REG_SZ "Open PowerShell window here as administrator" 73 | call :AddOrUpdateReg "HKCR\Directory\Background\shell\PowerShellAsAdmin" "HasLUAShield" REG_SZ "" 74 | call :AddOrUpdateReg "HKCR\Directory\Background\shell\PowerShellAsAdmin" "Icon" REG_SZ "powershell.exe" 75 | call :AddOrUpdateReg "HKCR\Directory\Background\shell\PowerShellAsAdmin\command" "" REG_SZ "PowerShell -windowstyle hidden -Command \"Start-Process cmd -ArgumentList '/s,/k,pushd,%%%V ^&^& start PowerShell ^&^& exit' -Verb RunAs\"" 76 | 77 | REM Add "Open elevated command window here" to context menu 78 | call :AddOrUpdateReg "HKCR\Directory\shell\OpenCmdHereAsAdmin" "" REG_SZ "Open command window here as administrator" 79 | call :AddOrUpdateReg "HKCR\Directory\shell\OpenCmdHereAsAdmin" "Icon" REG_SZ "imageres.dll,-5324" 80 | call :AddOrUpdateReg "HKCR\Directory\shell\OpenCmdHereAsAdmin\command" "" REG_SZ "PowerShell -windowstyle hidden -Command \"Start-Process cmd -ArgumentList '/s,/k,pushd,%%%V' -Verb RunAs\"" 81 | 82 | REM ===================================================== 83 | REM 4. Customize Windows 11 specific features 84 | REM ===================================================== 85 | 86 | REM Check if the system is Windows 11 (Build 22000 or higher) 87 | if %BUILD% GEQ 22000 ( 88 | echo Applying Windows 11 specific customizations... 89 | 90 | REM Reset pinned items on taskbar 91 | del /f /s /q /a "%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*" >nul 2>&1 92 | reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband /f >nul 2>&1 93 | 94 | REM Disable Widgets feature 95 | call :AddOrUpdateReg "HKLM\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests" "value" REG_DWORD 0 96 | call :AddOrUpdateReg "HKLM\SOFTWARE\Policies\Microsoft\Dsh" "AllowNewsAndInterests" REG_DWORD 0 97 | 98 | REM Disable "Show more options" context menu 99 | call :AddOrUpdateReg "HKLM\SOFTWARE\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}" "" REG_SZ "File Explorer Context Menu" 100 | reg delete "HKLM\SOFTWARE\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InProcServer32" /f >nul 2>&1 101 | call :AddOrUpdateReg "HKLM\SOFTWARE\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InProcServer32" "" REG_SZ "" 102 | 103 | echo Windows 11 specific customizations complete. 104 | ) else ( 105 | echo This system is not running Windows 11. Skipping Windows 11 specific customizations. 106 | ) 107 | 108 | echo Windows system-wide customization complete. Please restart your computer for all changes to take effect. -------------------------------------------------------------------------------- /General/SOFTWARE/Quickbooks/Quickbooks-Detect.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | A definitive script that collects comprehensive data about a QuickBooks Desktop 4 | installation for use in automation and other scripts. 5 | 6 | .DESCRIPTION 7 | This script confidently identifies a QuickBooks installation by searching for 8 | edition-specific executables (QBWPro.exe, QBWPrem.exe, QBWEnt.exe). It gathers 9 | numerous data points including the year, edition, version, file paths, and 10 | company details. It also checks for the QuickBooks Tool Hub. All collected 11 | data is compiled into a single, structured PowerShell object for easy use. 12 | 13 | .AUTHOR 14 | Alex Ivantsov 15 | 16 | .DATE 17 | August 29, 2025 18 | #> 19 | 20 | # --- Functions --- 21 | 22 | function Find-QuickBooksExecutable { 23 | Write-Host "Phase 1: Searching for QuickBooks executable..." -ForegroundColor Yellow 24 | $executableNames = @("QBWPro.exe", "QBWPrem.exe", "QBWEnt.exe") 25 | $searchPaths = @("$env:ProgramFiles(x86)", "$env:ProgramFiles") | Get-Unique 26 | 27 | foreach ($exeName in $executableNames) { 28 | Write-Host " - Checking for '$exeName'..." -ForegroundColor Gray 29 | foreach ($path in $searchPaths) { 30 | if (Test-Path $path) { 31 | $qbwFile = Get-ChildItem -Path $path -Filter $exeName -Recurse -ErrorAction SilentlyContinue -Force | Select-Object -First 1 32 | if ($qbwFile) { 33 | Write-Host " [SUCCESS] Found executable at: $($qbwFile.FullName)" -ForegroundColor Green 34 | return $qbwFile 35 | } 36 | } 37 | } 38 | } 39 | Write-Host " [FAIL] Could not find a known QuickBooks edition executable." -ForegroundColor Red 40 | return $null 41 | } 42 | 43 | function Get-QuickBooksEditionFromRegistry { 44 | param([string]$VersionNumber) 45 | Write-Host "Phase 2: Verifying edition details in registry..." -ForegroundColor Yellow 46 | if (-not $VersionNumber) { return $null } 47 | 48 | $searchPaths = @("HKLM:\SOFTWARE\Intuit", "HKLM:\SOFTWARE\Wow6432Node\Intuit", "HKCU:\SOFTWARE\Intuit") 49 | foreach ($path in $searchPaths) { 50 | if (Test-Path $path) { 51 | $versionKey = Get-ChildItem -Path $path -Recurse -ErrorAction SilentlyContinue | Where-Object { $_.PSChildName -eq $VersionNumber } | Select-Object -First 1 52 | if ($versionKey) { 53 | $flavor = (Get-ItemProperty -Path $versionKey.PSPath -Name "Flavor" -ErrorAction SilentlyContinue).Flavor 54 | if ($flavor) { 55 | Write-Host " [SUCCESS] Found definitive edition in registry." -ForegroundColor Green 56 | return $flavor 57 | } 58 | } 59 | } 60 | } 61 | Write-Host " [INFO] No specific edition details found in registry." -ForegroundColor Yellow 62 | return $null 63 | } 64 | 65 | function Test-QuickBooksToolHubInstallation { 66 | Write-Host "Phase 3: Checking for QuickBooks Tool Hub..." -ForegroundColor Yellow 67 | $uninstallPaths = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*', 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' 68 | $toolHub = Get-ItemProperty -Path $uninstallPaths -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName -eq "QuickBooks Tool Hub" } 69 | 70 | if ($toolHub) { 71 | Write-Host " [SUCCESS] QuickBooks Tool Hub is installed." -ForegroundColor Green 72 | return $true 73 | } 74 | Write-Host " [INFO] QuickBooks Tool Hub is not installed." -ForegroundColor Yellow 75 | return $false 76 | } 77 | 78 | # --- Main Script Execution --- 79 | Clear-Host 80 | Write-Host "==============================================" -ForegroundColor Cyan 81 | Write-Host " QuickBooks System Data Collector" 82 | Write-Host "==============================================" -ForegroundColor Cyan 83 | Write-Host "" 84 | 85 | $qbwFileObject = Find-QuickBooksExecutable 86 | 87 | # Initialize the data object with default values 88 | $quickbooksData = [PSCustomObject]@{ 89 | IsInstalled = $false 90 | FullName = $null 91 | Year = $null 92 | Edition = $null 93 | VersionRevision = $null 94 | FileVersion = $null 95 | ExecutablePath = $null 96 | InstallDirectory = $null 97 | CompanyName = $null 98 | ToolHubInstalled = Test-QuickBooksToolHubInstallation 99 | } 100 | 101 | if ($qbwFileObject) { 102 | # --- Populate the data object if QuickBooks was found --- 103 | $quickbooksData.IsInstalled = $true 104 | $quickbooksData.ExecutablePath = $qbwFileObject.FullName 105 | $quickbooksData.InstallDirectory = $qbwFileObject.DirectoryName 106 | 107 | # Get version info from the file 108 | $versionInfo = $qbwFileObject.VersionInfo 109 | $quickbooksData.VersionRevision = $versionInfo.ProductVersion 110 | $quickbooksData.FileVersion = $versionInfo.FileVersion 111 | $quickbooksData.CompanyName = $versionInfo.CompanyName 112 | 113 | # Determine Year 114 | $quickbooksData.Year = if ($qbwFileObject.DirectoryName -match '(\d{4})') { $matches[1] } else { 'Unknown' } 115 | 116 | # Determine Edition 117 | $versionNumber = $versionInfo.ProductVersion.Split('.')[0] 118 | $registryEdition = Get-QuickBooksEditionFromRegistry -VersionNumber $versionNumber 119 | 120 | if ($registryEdition) { 121 | # Prioritize the full name from the registry 122 | $quickbooksData.Edition = $registryEdition 123 | } 124 | else { 125 | # Confidently build the name from the executable filename 126 | $quickbooksData.Edition = switch -Wildcard ($qbwFileObject.Name) { 127 | '*Pro*' { 'Pro Plus' } 128 | '*Prem*' { 'Premier Plus' } 129 | '*Ent*' { 'Enterprise Solutions' } 130 | default { 'Unknown' } 131 | } 132 | } 133 | 134 | # Construct the full name 135 | $quickbooksData.FullName = "QuickBooks Desktop $($quickbooksData.Edition) $($quickbooksData.Year)" 136 | } 137 | 138 | # --- Final Output --- 139 | Write-Host "" 140 | Write-Host "-------------------- Collected Data --------------------" -ForegroundColor Green 141 | Write-Host "" 142 | 143 | # Display the final data object 144 | $quickbooksData -------------------------------------------------------------------------------- /General/WingetAutoUpdate/Analyze-WauUpdates.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Compares Winget-AutoUpdate history with currently installed apps to analyze update statuses. 4 | 5 | .DESCRIPTION 6 | This script provides a comprehensive analysis of application update health. It uses the 7 | 'Get-WauUpdateData.ps1' script to get a history of all WAU update attempts, and then 8 | compares that data against a live list of installed applications from 'winget list'. 9 | 10 | The report shows the last attempt made by WAU for each application, provides an 11 | overall status, and concludes with a summary and a warning for apps that require 12 | manual intervention. 13 | 14 | .NOTES 15 | Requires the 'Get-WauUpdateData.ps1' script to be in the same directory. 16 | 17 | .EXAMPLE 18 | PS C:\> .\Analyze-WauUpdates.ps1 19 | 20 | Runs the full analysis and displays a detailed report, a final summary count, 21 | and a warning list for any applications that are still out of date. 22 | #> 23 | function Analyze-WauUpdates { 24 | [CmdletBinding()] 25 | param() 26 | 27 | # --- Configuration --- 28 | $wauDataScriptPath = Join-Path -Path $PSScriptRoot -ChildPath "Get-WauUpdateData.ps1" 29 | 30 | if (-not (Test-Path $wauDataScriptPath)) { 31 | Write-Error "Prerequisite script not found at '$wauDataScriptPath'. Please ensure both scripts are in the same directory." 32 | return 33 | } 34 | 35 | # --- Step 1: Gather WAU Update History --- 36 | Write-Host "Gathering update history from WAU logs..." -ForegroundColor Cyan 37 | try { 38 | $wauHistory = & $wauDataScriptPath -ErrorAction Stop 39 | } 40 | catch { 41 | Write-Error "Failed to execute '$wauDataScriptPath'. Error: $($_.Exception.Message)" 42 | return 43 | } 44 | 45 | if (-not $wauHistory) { 46 | Write-Host "No update history found in the WAU log file." -ForegroundColor Green 47 | return 48 | } 49 | 50 | # --- Step 2: Get Currently Installed Apps from Winget --- 51 | Write-Host "Getting currently installed applications from Winget (this may take a moment)..." -ForegroundColor Cyan 52 | $installedApps = @{} 53 | try { 54 | $wingetOutput = winget list --accept-source-agreements 55 | foreach ($line in $wingetOutput) { 56 | if ($line -match '^(.+?)\s{2,}([\w\.\-]+)\s+([^\s]+)') { 57 | $name = $matches[1].Trim() 58 | $id = $matches[2].Trim() 59 | $version = $matches[3].Trim() 60 | if (-not $installedApps.ContainsKey($id)) { 61 | $installedApps[$id] = @{ Name = $name; Version = $version } 62 | } 63 | } 64 | } 65 | } 66 | catch { 67 | Write-Error "Failed to execute 'winget list'. Ensure Winget is installed and working correctly." 68 | return 69 | } 70 | 71 | # --- Step 3: Analyze and Compare --- 72 | Write-Host "Analyzing update history against installed applications..." -ForegroundColor Cyan 73 | $analysisResults = @() 74 | 75 | $groupedHistory = $wauHistory | Group-Object { ($_.Application -split '\d', 2)[0].Trim() } 76 | 77 | foreach ($appGroup in $groupedHistory) { 78 | $latestAttempt = $appGroup.Group | Sort-Object DateTime -Descending | Select-Object -First 1 79 | $baseAppName = $appGroup.Name 80 | 81 | $matchedAppId = $null 82 | foreach ($id in $installedApps.Keys) { 83 | $installedBaseName = ($installedApps[$id].Name -split '\d', 2)[0].Trim() 84 | if ($baseAppName -eq $installedBaseName) { 85 | $matchedAppId = $id 86 | break 87 | } 88 | } 89 | 90 | $currentVersion = if ($matchedAppId) { $installedApps[$matchedAppId].Version } else { 'N/A' } 91 | $overallStatus = '' 92 | 93 | if (-not $matchedAppId) { 94 | $overallStatus = 'Uninstalled or Renamed' 95 | } 96 | else { 97 | try { 98 | if ($latestAttempt.Status -eq 'Success' -and [version]$currentVersion -eq [version]$latestAttempt.ToVersion) { 99 | $overallStatus = 'Up-to-date (via WAU)' 100 | } 101 | elseif ($latestAttempt.Status -eq 'Success' -and [version]$currentVersion -gt [version]$latestAttempt.ToVersion) { 102 | $overallStatus = 'Up-to-date (Superseded)' 103 | } 104 | elseif ($latestAttempt.Status -eq 'Failed' -and [version]$currentVersion -ge [version]$latestAttempt.ToVersion) { 105 | $overallStatus = 'Up-to-date (External Update)' 106 | } 107 | else { 108 | $overallStatus = 'Update Pending/Failed' 109 | } 110 | } 111 | catch { 112 | $overallStatus = 'Unknown (Version Incompatible)' 113 | } 114 | } 115 | 116 | $analysisResults += [PSCustomObject]@{ 117 | ApplicationName = $baseAppName 118 | LastAttempt = $latestAttempt.DateTime 119 | LastResult = $latestAttempt.Status 120 | AttemptedUpdate = "$($latestAttempt.FromVersion) -> $($latestAttempt.ToVersion)" 121 | InstalledVersion = $currentVersion 122 | OverallStatus = $overallStatus 123 | } 124 | } 125 | 126 | # --- Step 4: Display Report --- 127 | Write-Host "`n--- WAU Application Status Report ---" -ForegroundColor Green 128 | $analysisResults | Sort-Object ApplicationName | Format-Table -AutoSize 129 | 130 | # --- Step 5: Generate Summary and Warnings --- 131 | $summary = $analysisResults | Group-Object -Property OverallStatus 132 | 133 | Write-Host "`n--- Summary ---" -ForegroundColor Green 134 | foreach ($group in $summary) { 135 | Write-Host ("{0,-30} : {1}" -f $group.Name, $group.Count) -ForegroundColor Yellow 136 | } 137 | 138 | $failingApps = $analysisResults | Where-Object { $_.OverallStatus -eq 'Update Pending/Failed' } 139 | if ($failingApps) { 140 | Write-Host "`n--- ⚠️ WARNING: ACTION REQUIRED ⚠️ ---" -ForegroundColor Red 141 | Write-Host "The following applications have failed to update and are still on an old version:" -ForegroundColor Yellow 142 | $failingApps | Select-Object ApplicationName, InstalledVersion, AttemptedUpdate | Format-Table -AutoSize 143 | } 144 | } 145 | 146 | # Execute the function 147 | Analyze-WauUpdates -------------------------------------------------------------------------------- /Curl-able/Windows_Debloat/Other-Dev/UninstallAppxScriptSimple.ps1: -------------------------------------------------------------------------------- 1 | # Bloatware Variable - Unnecessary Windows 10 AppX apps that will be removed by the blacklist. 2 | 3 | $ErrorActionPreference = 'SilentlyContinue' 4 | 5 | $Button = [System.Windows.MessageBoxButton]::YesNoCancel 6 | $ErrorIco = [System.Windows.MessageBoxImage]::Error 7 | $Ask = 'Do you want to run this as an Administrator? 8 | Select "Yes" to Run as an Administrator 9 | Select "No" to not run this as an Administrator 10 | 11 | Select "Cancel" to stop the script.' 12 | 13 | If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]'Administrator')) { 14 | $Prompt = [System.Windows.MessageBox]::Show($Ask, "Run as an Administrator or not?", $Button, $ErrorIco) 15 | Switch ($Prompt) { 16 | #This will debloat Windows 10 17 | Yes { 18 | Write-Host "You didn't run this script as an Administrator. This script will self elevate to run as an Administrator and continue." 19 | Start-Process PowerShell.exe -ArgumentList ("-NoProfile -ExecutionPolicy Bypass -File `"{0}`"" -f $PSCommandPath) -Verb RunAs 20 | Exit 21 | } 22 | No { 23 | Break 24 | } 25 | } 26 | } 27 | 28 | # Bloatware Variable - Unnecessary Windows 10 AppX apps that will be removed by the blacklist. 29 | $Bloatware = @( 30 | "*PPIProjection*" 31 | "*BingNews*" 32 | "*GetHelp*" 33 | "*Getstarted*" 34 | "*Messaging*" 35 | "*Microsoft3DViewer*" 36 | "*MicrosoftOfficeHub*" 37 | "*MicrosoftSolitaireCollection*" 38 | "*NetworkSpeedTest*" 39 | "*News*" 40 | "*Lens*" 41 | "*OneConnect*" 42 | "*Sway*" 43 | "*People*" 44 | "*Print3D*" 45 | "*RemoteDesktop*" 46 | "*SkypeApp*" 47 | "*Whiteboard*" 48 | "*WindowsAlarms*" 49 | "*windowscommunicationsapps*" 50 | "*WindowsFeedbackHub*" 51 | "*WindowsMaps*" 52 | "*WindowsSoundRecorder*" 53 | "*XboxApp*" 54 | "*XboxGameOverlay*" 55 | "*XboxGamingOverlay*" 56 | "*XboxIdentityProvider*" 57 | "*XboxSpeechToTextOverlay*" 58 | "*ZuneMusic*" 59 | "*ZuneVideo*" 60 | "*YourPhone*" 61 | "*MixedReality*" 62 | "*StickyNotes*" 63 | "*Wallet*" 64 | # Sponsored Windows 10 AppX Apps 65 | "*EclipseManager*" 66 | "*ActiproSoftwareLLC*" 67 | "*AdobeSystemsIncorporated.AdobePhotoshopExpress*" 68 | "*Duolingo-LearnLanguagesforFree*" 69 | "*PandoraMediaInc*" 70 | "*CandyCrush*" 71 | "*BubbleWitch3Saga*" 72 | "*Wunderlist*" 73 | "*Flipboard*" 74 | "*Facebook*" 75 | "*Twitter*" 76 | "*Spotify*" 77 | "*Minecraft*" 78 | "*Royal Revolt*" 79 | "*Sway*" 80 | "*Dolby*" 81 | "*HPPrinter*" 82 | 83 | # Optional: Typically not removed but you can if you need to for some reason 84 | "Microsoft.Advertising.Xaml_10.1712.5.0_x64__8wekyb3d8bbwe" 85 | "Microsoft.Advertising.Xaml_10.1712.5.0_x86__8wekyb3d8bbwe" 86 | "Microsoft.BingWeather" 87 | ) 88 | 89 | # Registry Keys to delete. 90 | $Keys = @( 91 | #Remove Background Tasks 92 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\46928bounde.EclipseManager_2.2.4.51_neutral__a5h4egax66k6y" 93 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 94 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe" 95 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" 96 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" 97 | "HKCR:\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy" 98 | 99 | #Windows File 100 | "HKCR:\Extensions\ContractId\Windows.File\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 101 | 102 | #Registry keys to delete if they aren't uninstalled by RemoveAppXPackage/RemoveAppXProvisionedPackage 103 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\46928bounde.EclipseManager_2.2.4.51_neutral__a5h4egax66k6y" 104 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 105 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" 106 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" 107 | "HKCR:\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy" 108 | 109 | #Scheduled Tasks to delete 110 | "HKCR:\Extensions\ContractId\Windows.PreInstalledConfigTask\PackageId\Microsoft.MicrosoftOfficeHub_17.7909.7600.0_x64__8wekyb3d8bbwe" 111 | 112 | #Windows Protocol Keys 113 | "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 114 | "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" 115 | "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" 116 | "HKCR:\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy" 117 | 118 | #Windows Share Target 119 | "HKCR:\Extensions\ContractId\Windows.ShareTarget\PackageId\ActiproSoftwareLLC.562882FEEB491_2.6.18.18_neutral__24pqs290vpjk0" 120 | ) 121 | 122 | # This writes the output of each Appx as it's removing. 123 | foreach ($App in $Bloatware) { 124 | Write-Verbose -Message ('Removing Package {0}' -f $App) 125 | 126 | Get-AppxPackage -Name $App | Remove-AppxPackage -ErrorAction SilentlyContinue 127 | Get-AppxPackage -Name $App -AllUsers | Remove-AppxPackage -AllUsers -ErrorAction SilentlyContinue 128 | Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $App | Remove-AppxProvisionedPackage -Online -ErrorAction SilentlyContinue 129 | } 130 | 131 | 132 | # This writes the output of each key it is removing. 133 | ForEach ($Key in $Keys) { 134 | Write-Verbose -Message "Removing $Key from registry" 135 | Remove-Item $Key -Recurse 136 | } 137 | 138 | 139 | --------------------------------------------------------------------------------