├── .images ├── 1.webp ├── 2.webp ├── 3.webp ├── 4.webp └── submitIdea.png ├── 0 - Template ├── Detect-Silverlight ├── Get-TemplateDetection.ps1 ├── Get-TemplateRemediaton.ps1 └── Remediate_Silverlight ├── Activate-Numlock ├── detection_Activate-Numlock.ps1 └── remediation_Activate-Numlock.ps1 ├── Add-Winget-App ├── detect-app.ps1 └── remediate-app.ps1 ├── AutomaticTimezone ├── detect-automatictimezone.ps1 ├── image.png ├── readme.md └── remediate-automatictimezone.ps1 ├── BlockAADWorkplaceJoin ├── Detection-BlockAADWorkplaceJoin.ps1 └── Remediation-BlockAADWorkplaceJoin.ps1 ├── Change-MultipleRegistryKeys ├── Change-MultipleRegistryKeysDetection.ps1 ├── Change-MultipleRegistryKeysRemediaton.ps1 └── README.md ├── Change-Registry-Key-Generic ├── detect-regkey.ps1 └── remediate-regkey.ps1 ├── Check-DiskHealth └── Get-TemplateDetection.ps1 ├── Check-PNPDevices ├── Check-PNPDevicesDetection.ps1 ├── Check-PNPDevicesRemediation.ps1 └── README.md ├── Clear-DnsCache ├── Clear-DnsCacheDetection.ps1 └── Clear-DnsCacheRemediation.ps1 ├── Clear-DownloadFolder-SingleUser ├── Clear-DownloadFolderDetection.ps1 └── Clear-DownloadFolderRemediaton.ps1 ├── Clear-DownloadFolder ├── Clear-DownloadFolderDetection.ps1 └── Clear-DownloadFolderRemediaton.ps1 ├── Clear-OutlookCache ├── Clear-OutlookCacheDetection.ps1 └── Clear-OutlookCacheRemedaiton.ps1 ├── Clear-TeamsCache ├── Clear-TeamsCacheDetection.ps1 └── Clear-TeamsCacheRemedaiton.ps1 ├── Create-LocalAdmin ├── Create-LocalAdminDetection.ps1 ├── Create-LocalAdminLAPSDetection.ps1 ├── Create-LocalAdminLAPSRemediation.ps1 ├── Create-LocalAdminRemediation.ps1 ├── Delete-LocalAdminDetection.ps1 └── Delete-LocalAdminRemediation.ps1 ├── Detect-SCCM ├── Detect.ps1 └── RemoveSCCM.ps1 ├── Device Auto-Syncer ├── AutoSyncDetect.ps1 └── AutoSyncRemediate.ps1 ├── Disable-Coinstaller ├── detect-coinstaller.ps1 └── remediate-coinstaller.ps1 ├── Disable-Fastboot ├── detect-fastboot.ps1 └── remediate-fastboot.ps1 ├── Disable-SMBv1 ├── detect-smbv1.ps1 └── remediate-smbv1.ps1 ├── Disable-StartMenuWebSearch ├── detect-WebSearch.ps1 └── remediate-WebSearch.ps1 ├── Disk-Repair ├── README.MD └── detect-diskrepair.ps1 ├── Enable-DeliveryOptimizationVerboseLogging ├── Disable-VerboseLoggingDetection.ps1 ├── Disable-VerboseLoggingRemedaiton.ps1 ├── Enable-VerboseLoggingDetection.ps1 └── Enable-VerboseLoggingRemedaiton.ps1 ├── Enable-DotNet-35 ├── DetectDotNet35.ps1 └── RemediateDotNet35.ps1 ├── Enable-RDP ├── Enable-RDPDetection.ps1 └── Enable-RDPRemedaiton.ps1 ├── Enable-SignatureValidation ├── Detect_Signature_Validation.ps1 └── Remediate_Signature_Validation.ps1 ├── Enforce-SMB-Signing ├── Detect_SMBSigning.ps1 └── Remediate-SMB-Signing.ps1 ├── Fortinet-VPN-Profile ├── FortinetVPNProfile-Detect.ps1 └── FortinetVPNProfile-Remediation.ps1 ├── Get-AdobeDC_Java ├── Detect_AdobeDC_Java.ps1 └── Remediate_AdobeDC_Java.ps1 ├── Get-AdobeReader-Java ├── Detect_AdobeReader_Java.ps1 └── Remediate_AdobeReader_Java.ps1 ├── Get-AdobeReader_Flash ├── Detect_AdobeReader_Flash.ps1 └── Remediate_AdobeReader_Flash.ps1 ├── Get-Always_Elevated ├── Detect_Always_Elevated.ps1 └── Remediate_Always_Elevated.ps1 ├── Get-BitlockerRecoveryKey ├── detection_BitlockerRecoveryKey.ps1 └── remediation_BitlockerRecoveryKey.ps1 ├── Get-CleanUpDisk ├── Get-CleanUpDiskDetection.ps1 └── Get-CleanUpDiskRemedaiton.ps1 ├── Get-CloudDeliveredProtection ├── Detect_CloudDeliveredProtection.ps1 └── Remediate_CloudDeliveredProtection.ps1 ├── Get-ConnectedDevices └── Get-ConnectedDevicesDetection.ps1 ├── Get-DeviceUptime_and_Reboot ├── Detect_DeviceUptime7.ps1 └── Remediate_DeviceUptime7.ps1 ├── Get-LSA-Protection ├── Detect_LSA_Protection.ps1 └── Remediate_LSA_Protection.ps1 ├── Get-NetworkProtection ├── Detect_NetworkProtection.ps1 └── Remediate_NetworkProtection.ps1 ├── Get-OfficeTelemetry ├── Detect_Office_Telemetry.ps1 └── Remediate_Office_Telemetry.ps1 ├── Get-PUA-Protection ├── Detect_PUA-Protection.ps1 └── Remediate_PUA-Protection.ps1 ├── Get-RealTimeBehaviour ├── Detect_RealTimeBehavior.ps1 └── Remediate_RealTimeBehavior.ps1 ├── Get-RealTimeProtection ├── Detect_RealTimeProtection.ps1 └── Remediate_RealTimeProtection.ps1 ├── Get-TimeZone_W_Europe ├── Get-TimeZone_W_Europe.ps1 └── Remediate_TimeZone_W_Europe.ps1 ├── Get-WH4BEnrolledMethods ├── Get-WH4BEnrolledMethodsDetection.ps1 └── README.md ├── Get-WH4BLastUsedMethod ├── Get-WH4BLastUsedMethodDetection.ps1 └── README.md ├── Install-CMTrace ├── detect-cmtrace.ps1 └── install-cmtrace-remediate.ps1 ├── Invoke-ClearRecycleBin ├── Invoke-ClearRecycleBinDetection.ps1 └── Invoke-ClearRecycleBinRemedaiton.ps1 ├── Invoke-CurrentUserLoggedOff ├── Get-CurrentUserLoggedOffDetection.ps1 └── Get-CurrentUserLoggedOffRemedaiton.ps1 ├── Invoke-DiskRepair ├── Get-TemplateDetection.ps1 └── Get-TemplateRemedaiton.ps1 ├── Invoke-DnsClearCache ├── Invoke-DnsClearCacheDetection.ps1 └── Invoke-DnsClearCacheRemedaiton.ps1 ├── Invoke-Shutdown ├── Invoke-ShutdownDetection.ps1 └── Invoke-ShutdownRemedaiton.ps1 ├── Invoke-TeamsInstallation ├── Invoke-TeamsInstallationDetection.ps1 └── Invoke-TeamsInstallationRemedaiton.ps1 ├── Invoke-TeamsReinstallation ├── Invoke-TeamsReinstallationDetection.ps1 └── Invoke-TeamsReinstallationRemedaiton.ps1 ├── LICENSE ├── Make-Speedtest ├── Run-SpeedttestDetection.ps1 └── Run-SpeedttestRemediation.ps1 ├── OneDrive Folder - Always Offline ├── detection-ODFolderOffline.ps1 └── remediation-ODFolderOffline.ps1 ├── Profile-Backup ├── detect-backup.ps1 └── remediate-backup.ps1 ├── Profile-cleanup ├── detect-old-profiles.ps1 └── remediate-old-profiles.ps1 ├── README.md ├── Remove Teams Chat ├── detect-teams-chat.ps1 └── remediate-teams-chat.ps1 ├── Remove-ConsumerApps ├── README.md ├── Remove-ConsumerAppsDetection.ps1 └── Remove-ConsumerAppsRemediation.ps1 ├── Remove-ProxySettings ├── Remove-ProxySettingsDetection.ps1 └── Remove-ProxySettingsRemedaiton.ps1 ├── Remove-WindowsBackup ├── detect-backup.ps1 └── remediate-backup.ps1 ├── Reset Windows Update ├── ResetWindowsUpdateDetection.ps1 └── ResetWindowsUpdateRemediation.ps1 ├── Reset-SoftwareDistributionFolder ├── Detect-Reset-SoftwareDistributionFolder.ps1 └── Remediate-Reset-SoftwareDistributionFolder.ps1 ├── Restart-Service-Generic ├── detect-service.ps1 └── restart-service.ps1 ├── Restart-Windows-Search-Service ├── detect-search-service.ps1 └── restart-search-service.ps1 ├── Restart-Windows-Update-Service ├── detect-wu-service.ps1 └── restart-wu-service.ps1 ├── Run-Browser ├── Get-TemplateDetection.ps1 └── Get-TemplateRemedaiton.ps1 ├── Run-ConnectionTest └── Run-ConnectionTestDetection.ps1 ├── Set-Cached-Logon-Count-0 ├── Detect_Cached_Logon_Count.ps1 └── Remediate_Cached_Logon_Count.ps1 ├── Set-CanaryToken-RegistryKey ├── DetectCanaryToken.ps1 └── RemediateCanaryToken.ps1 ├── Set-Service-Generic ├── detect-service.ps1 └── set-service.ps1 ├── Test-LAPSUser ├── detect-LAPSUser.ps1 └── new-LAPSUser.ps1 ├── Toast-RebootMessage ├── detect-reboot.ps1 └── remediate-reboot.ps1 ├── Uninstall-Application ├── detect.ps1 └── remediate.ps1 ├── Uninstall-C++2010 ├── Detect_C++2010.ps1 └── Remediate_C++2010.ps1 ├── Uninstall-DellSupportAssist ├── Detect_DellSupportassist.ps1 └── Remediate_DellSupportassist.ps1 ├── Uninstall-PrivateTeams ├── Uninstall-PrivateTeamsDetection.ps1 └── Uninstall-PrivateTeamsRemedaiton.ps1 ├── Uninstall-UserChrome ├── detect.ps1 ├── readme.md └── remediate.ps1 ├── Unpin Store ├── detect-store.ps1 └── remediate-store.ps1 ├── Update-ChocolateyApps ├── detection-choco-upgrade.ps1 └── remediation-choco-upgrade.ps1 ├── Winget Management ├── detect-install-url-changes.ps1 ├── detect-uninstall-url-changes.ps1 ├── remediate-install-apps-from-url.ps1 └── remediate-uninstall-apps-from-url.ps1 └── Winget-Update-All ├── winget-update-detect.ps1 └── winget-upgrade-remediate.ps1 /.images/1.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JayRHa/EndpointAnalyticsRemediationScripts/3ec978839708aee826ac7b448a87c5023daf4ee7/.images/1.webp -------------------------------------------------------------------------------- /.images/2.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JayRHa/EndpointAnalyticsRemediationScripts/3ec978839708aee826ac7b448a87c5023daf4ee7/.images/2.webp -------------------------------------------------------------------------------- /.images/3.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JayRHa/EndpointAnalyticsRemediationScripts/3ec978839708aee826ac7b448a87c5023daf4ee7/.images/3.webp -------------------------------------------------------------------------------- /.images/4.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JayRHa/EndpointAnalyticsRemediationScripts/3ec978839708aee826ac7b448a87c5023daf4ee7/.images/4.webp -------------------------------------------------------------------------------- /.images/submitIdea.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JayRHa/EndpointAnalyticsRemediationScripts/3ec978839708aee826ac7b448a87c5023daf4ee7/.images/submitIdea.png -------------------------------------------------------------------------------- /0 - Template/Detect-Silverlight: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Gerardo Hernandez 5 | Script: Detect-Silverlight 6 | Description: Script detects the Microsoft Silverlight 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run this script using the logged-on credentials: No 10 | Enforce script signature check: No 11 | Run script in 64-bit PowerShell: Yes 12 | #> 13 | 14 | $Uninstall = (Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | Get-ItemProperty | Where-Object { $_.DisplayName -eq "Microsoft Silverlight" } | Select-Object -Property UninstallString).UninstallString 15 | if ($Uninstall) { 16 | Write-Output "Microsoft Silverlight was found" 17 | Exit 1 18 | }else { 19 | Write-Output "Microsoft Silverlight not found" 20 | Exit 0 21 | } 22 | -------------------------------------------------------------------------------- /0 - Template/Get-TemplateDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Jeroen Burgerhout (burgerhout.org) 5 | Script: Detect-OutlookNew 6 | Description: Script detects the new Microsoft Outlook app on Windows 11 23H2. 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run this script using the logged-on credentials: Yes 10 | Enforce script signature check: No 11 | Run script in 64-bit PowerShell: Yes 12 | #> 13 | 14 | if (Get-AppxPackage -Name *OutlookForWindows*) { 15 | write-host "Microsoft Outlook (New) found." 16 | 17 | exit 1 18 | } 19 | 20 | else { 21 | write-host "Microsoft Outlook (New) not found." 22 | 23 | exit 0 24 | } 25 | -------------------------------------------------------------------------------- /0 - Template/Get-TemplateRemediaton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Jeroen Burgerhout (burgerhout.org) 5 | Script: Remove-OutlookNew 6 | Description: Script removes the new Microsoft Outlook app on Windows 11 23H2. 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run this script using the logged-on credentials: Yes 10 | Enforce script signature check: No 11 | Run script in 64-bit PowerShell: Yes 12 | #> 13 | 14 | try{ 15 | Get-AppxPackage -Name *OutlookForWindows* | Remove-AppxPackage -ErrorAction stop 16 | Write-Host "Microsoft Outlook (New) successfully removed." 17 | 18 | } 19 | catch{ 20 | Write-Error "Error removing Microsoft Outlook (New)." 21 | } 22 | -------------------------------------------------------------------------------- /0 - Template/Remediate_Silverlight: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Gerardo Hernandez 5 | Script: Remove-Silverlight 6 | Description: Script removes the Microsoft Silverlight 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run this script using the logged-on credentials: No 10 | Enforce script signature check: No 11 | Run script in 64-bit PowerShell: Yes 12 | #> 13 | 14 | $Uninstall = (Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | Get-ItemProperty | Where-Object { $_.DisplayName -eq "Microsoft Silverlight" } | Select-Object -Property UninstallString).UninstallString 15 | $Uninstall=$Uninstall.split(" ")[1] 16 | Start-Process msiexec.exe -ArgumentList "$Uninstall /quiet" -Wait 17 | Exit 0 18 | -------------------------------------------------------------------------------- /Activate-Numlock/detection_Activate-Numlock.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detection_Activate-Numlock 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | if ("0" -eq (Get-ItemProperty -Path 'Registry::HKU\.DEFAULT\Control Panel\Keyboard' -Name "InitialKeyboardIndicators").InitialKeyboardIndicators) { 17 | Write-Host "Numlock at Startup not found" 18 | exit 0 19 | }else{ 20 | Write-Host "Numlock at Startup found" 21 | Exit 1 22 | } -------------------------------------------------------------------------------- /Activate-Numlock/remediation_Activate-Numlock.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediation_Activate-Numlock 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | try{ 17 | Set-ItemProperty -Path 'Registry::HKU\.DEFAULT\Control Panel\Keyboard' -Name "InitialKeyboardIndicators" -Value "2" 18 | Write-Host "Numlock at Startup successfully removed" 19 | 20 | }catch{ 21 | Write-Error "Error removing Numlock at Startup" 22 | } -------------------------------------------------------------------------------- /Add-Winget-App/detect-app.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-app.ps1 9 | Description: Detects if app exists 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $appid = "" 17 | 18 | $ResolveWingetPath = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe" 19 | if ($ResolveWingetPath){ 20 | $WingetPath = $ResolveWingetPath[-1].Path 21 | }else{ 22 | exit 0 23 | } 24 | start-sleep -seconds 10 25 | 26 | $Winget = $WingetPath + "\winget.exe" 27 | $wingettest = &$winget list --id $appid 28 | if ($wingettest -like "*$appid*"){ 29 | Write-Host "Found it!" 30 | exit 0 31 | } 32 | else { 33 | write-host "Not Found" 34 | exit 1 35 | } 36 | -------------------------------------------------------------------------------- /Add-Winget-App/remediate-app.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-app.ps1 9 | Description: Installs app via Winget 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $appid = "" 17 | 18 | $ResolveWingetPath = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe" 19 | if ($ResolveWingetPath){ 20 | $WingetPath = $ResolveWingetPath[-1].Path 21 | $Winget = $WingetPath + "\winget.exe" 22 | &$winget install --id $appid --silent --force --accept-package-agreements --accept-source-agreements --scope machine --exact | out-null 23 | } 24 | 25 | 26 | -------------------------------------------------------------------------------- /AutomaticTimezone/detect-automatictimezone.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Adam Gell 5 | Script: detect-automatictimezone.ps1 6 | Description: Sets up Automatic Timezone and Time Sync 7 | Release notes: 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | ##Enter the path to the registry key for example HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 14 | $regpath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" 15 | $regpath2 = "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate" 16 | ##Enter the name of the registry key for example EnableLUA 17 | $regname = "Value" 18 | $regname2 = "start" 19 | ##Enter the value of the registry key we are checking for, for example 0 20 | $regvalue = "Allow" 21 | $regvalue2 = "3" 22 | 23 | 24 | Try { 25 | $Registry = Get-ItemProperty -Path $regpath -Name $regname -ErrorAction Stop | Select-Object -ExpandProperty $regname 26 | $Registry2 = Get-ItemProperty -Path $regpath2 -Name $regname2 -ErrorAction Stop | Select-Object -ExpandProperty $regname2 27 | If (($Registry -eq $regvalue) -and ($Registry2 -eq $regvalue2)) { 28 | Write-Output "Compliant" 29 | Exit 0 30 | } 31 | else { 32 | Write-Warning "Not Compliant" 33 | Exit 1 34 | 35 | } 36 | 37 | 38 | } 39 | Catch { 40 | Write-Warning "Not Compliant" 41 | Exit 1 42 | } -------------------------------------------------------------------------------- /AutomaticTimezone/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JayRHa/EndpointAnalyticsRemediationScripts/3ec978839708aee826ac7b448a87c5023daf4ee7/AutomaticTimezone/image.png -------------------------------------------------------------------------------- /AutomaticTimezone/readme.md: -------------------------------------------------------------------------------- 1 | Needs settings catalog for Privacy -> Location 2 | 3 | ![alt text](image.png) -------------------------------------------------------------------------------- /AutomaticTimezone/remediate-automatictimezone.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Adam Gell 5 | Script: remediate-automatictimezone.ps1 6 | Description: Sets up Automatic Timezone and Time Sync 7 | Release notes: 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | ##Enter the path to the registry key for example HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 14 | $regpath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" 15 | $regpath2 = "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate" 16 | ##Enter the name of the registry key for example EnableLUA 17 | $regname = "Value" 18 | $regname2 = "start" 19 | ##Enter the value of the registry key we are checking for, for example 0 20 | $regvalue = "Allow" 21 | $regvalue2 = "3" 22 | 23 | ##Enter the type of the registry key for example DWord 24 | $regtype = "STRING" 25 | $regtype2 = "DWORD" 26 | 27 | 28 | New-ItemProperty -LiteralPath $regpath -Name $regname -Value $regvalue -PropertyType $regtype -Force -ea SilentlyContinue; 29 | New-ItemProperty -LiteralPath $regpath2 -Name $regname2 -Value $regvalue2 -PropertyType $regtype -Force -ea SilentlyContinue; 30 | -------------------------------------------------------------------------------- /BlockAADWorkplaceJoin/Detection-BlockAADWorkplaceJoin.ps1: -------------------------------------------------------------------------------- 1 | if ( Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin" ) { 2 | if ((Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin" -Name "BlockAADWorkplaceJoin" -ea 0).BlockAADWorkplaceJoin -eq 1) 3 | { exit 0 } 4 | else 5 | { exit 1 } 6 | } 7 | else 8 | { exit 1 } 9 | -------------------------------------------------------------------------------- /BlockAADWorkplaceJoin/Remediation-BlockAADWorkplaceJoin.ps1: -------------------------------------------------------------------------------- 1 | #Function Region 2 | Function New-Reg ($registryPath, $name, $Value, $type) { 3 | if (!(Test-Path $registryPath)) { 4 | New-Item -Path $registryPath -Force | Out-Null 5 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $type -Force | Out-Null 6 | } 7 | else { New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $type -Force | Out-Null } 8 | } 9 | #EndRegion 10 | 11 | #Variables Region 12 | $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin" 13 | $name = "BlockAADWorkplaceJoin" 14 | $value = "1" 15 | $type = "DWord" 16 | #EndRegion 17 | 18 | #Code Region 19 | New-Reg -registryPath $registryPath -name $name -value $value -type $type 20 | #EndRegion 21 | -------------------------------------------------------------------------------- /Change-MultipleRegistryKeys/Change-MultipleRegistryKeysDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Marius Wyss (marius.wyss@microsoft.com) 9 | Script: Change-MultipleRegistryKeysDetection.ps1 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: User/Admin 14 | Context: 64 Bit 15 | #> 16 | 17 | # Description: This script checks if the registry keys defined are set correctly. 18 | # Output: (single line) 19 | # For each key: {Name of the key} + {Error Values} (max 37 characters) 20 | # e.g: YourFirstKeyName ErrorCode = Path, Name, Type, Value | YourSecondKeyName ErrorCode = Path, Name 21 | 22 | #region Define registry keys to validate here 23 | $RegistrySettingsToValidate = @( 24 | [pscustomobject]@{ 25 | Hive = 'HKLM:\' 26 | Key = 'SOFTWARE\Contoso\Product' 27 | Name = 'ImportantKey' 28 | Type = 'REG_DWORD' 29 | Value = 1 30 | }, 31 | [pscustomobject]@{ 32 | Hive = 'HKLM:\' 33 | Key = 'SOFTWARE\Contoso\Product' 34 | Name = 'AnotherKey' 35 | Type = 'REG_SZ' 36 | Value = "SomeValue" 37 | } 38 | ) 39 | #endregion 40 | 41 | #region helper functions, enums and maps 42 | $RegTypeMap = @{ 43 | REG_DWORD = [Microsoft.Win32.RegistryValueKind]::DWord 44 | REG_SZ = [Microsoft.Win32.RegistryValueKind]::String 45 | REG_QWORD = [Microsoft.Win32.RegistryValueKind]::QWord 46 | REG_BINARY = [Microsoft.Win32.RegistryValueKind]::Binary 47 | REG_MULTI_SZ = [Microsoft.Win32.RegistryValueKind]::MultiString 48 | REG_EXPAND_SZ = [Microsoft.Win32.RegistryValueKind]::ExpandString 49 | } 50 | [Flags()] enum RegKeyError { 51 | None = 0 52 | Path = 1 53 | Name = 2 54 | Type = 4 55 | Value = 8 56 | } 57 | #endregion 58 | 59 | #region Check if registry keys are set correctly 60 | $KeyErrors = @() 61 | $Output = "" 62 | Foreach ($reg in $RegistrySettingsToValidate) { 63 | [RegKeyError]$CurrentKeyError = 15 64 | 65 | $DesiredPath = "$($reg.Hive)$($reg.Key)" 66 | $DesiredName = $reg.Name 67 | $DesiredType = $RegTypeMap[$reg.Type] 68 | $DesiredValue = $reg.Value 69 | 70 | # Check if the registry key path exists 71 | If (Test-Path -Path $DesiredPath) { 72 | $CurrentKeyError -= [RegKeyError]::Path 73 | 74 | # Check if the registry value exists 75 | If (Get-ItemProperty -Path $DesiredPath -Name $DesiredName -ErrorAction SilentlyContinue) { 76 | $CurrentKeyError -= [RegKeyError]::Name 77 | 78 | # Check if the registry value type is correct 79 | If ($(Get-Item -Path $DesiredPath).GetValueKind($DesiredName) -eq $DesiredType) { 80 | $CurrentKeyError -= [RegKeyError]::Type 81 | 82 | # Check if the registry value is correct 83 | If ($((Get-ItemProperty -Path $DesiredPath -Name $DesiredName).$DesiredName) -eq $DesiredValue) { 84 | $CurrentKeyError -= [RegKeyError]::Value 85 | # Write-Host "[$DesiredPath | $DesiredName | $RetTypeRegistry | $DesiredValue] exists and is correct" 86 | } 87 | } 88 | } 89 | } 90 | $KeyErrors += $CurrentKeyError 91 | $Output += " | $DesiredName ErrorCode = $CurrentKeyError" 92 | } 93 | #endregion 94 | 95 | #region Check if all registry keys are correct 96 | if (($KeyErrors.value__ | Measure-Object -Sum).Sum -eq 0) { 97 | $ExitCode = 0 98 | } 99 | else { 100 | $ExitCode = 1 101 | } 102 | #endregion 103 | 104 | Write-Output $Output.TrimStart(" |") 105 | Exit $ExitCode -------------------------------------------------------------------------------- /Change-MultipleRegistryKeys/Change-MultipleRegistryKeysRemediaton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Marius Wyss (marius.wyss@microsoft.com) 9 | Script: Change-MultipleRegistryKeysRemediaton.ps1 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: User/Admin 14 | Context: 64 Bit 15 | #> 16 | 17 | # Description: This script creates the registry keys defined below. 18 | # Output: (single line) 19 | # If ok, a prefix string (33) + each the key name 20 | # e.g: All OK | Registry values created: YourFirstKeyName, YourSecondKeyName 21 | # If not ok, a prefix string (52) + each created key (without the not created keys) 22 | # e.g: Something went wrong :-( | Registry values created: YourFirstKeyName, YourSecondKeyName 23 | 24 | #region Define registry keys to create here 25 | $RegistrySettingsToValidate = @( 26 | [pscustomobject]@{ 27 | Hive = 'HKLM:\' 28 | Key = 'SOFTWARE\Contoso\Product' 29 | Name = 'ImportantKey' 30 | Type = 'REG_DWORD' 31 | Value = 1 32 | }, 33 | [pscustomobject]@{ 34 | Hive = 'HKLM:\' 35 | Key = 'SOFTWARE\Contoso\Product' 36 | Name = 'AnotherKey' 37 | Type = 'REG_SZ' 38 | Value = "SomeValue" 39 | } 40 | ) 41 | #endregion 42 | 43 | #region helper functions, enums and maps 44 | $RegTypeMap = @{ 45 | REG_DWORD = [Microsoft.Win32.RegistryValueKind]::DWord 46 | REG_SZ = [Microsoft.Win32.RegistryValueKind]::String 47 | REG_QWORD = [Microsoft.Win32.RegistryValueKind]::QWord 48 | REG_BINARY = [Microsoft.Win32.RegistryValueKind]::Binary 49 | REG_MULTI_SZ = [Microsoft.Win32.RegistryValueKind]::MultiString 50 | REG_EXPAND_SZ = [Microsoft.Win32.RegistryValueKind]::ExpandString 51 | } 52 | #endregion 53 | 54 | #region Create registry keys 55 | $Output = "Something went wrong :-(" 56 | $Names = @() 57 | $ExitCode = 1 58 | Foreach ($reg in $RegistrySettingsToValidate) { 59 | 60 | $DesiredPath = "$($reg.Hive)$($reg.Key)" 61 | $DesiredName = $reg.Name 62 | $DesiredType = $RegTypeMap[$reg.Type] 63 | $DesiredValue = $reg.Value 64 | 65 | #Write-Host "Creating registry value: $DesiredPath | $DesiredName | $($reg.Type) | $DesiredValue" 66 | 67 | If (-not (Test-Path -Path $DesiredPath)) { 68 | New-Item -Path $DesiredPath -Force | Out-Null 69 | } 70 | New-ItemProperty -Path $DesiredPath -Name $DesiredName -PropertyType $DesiredType -Value $DesiredValue -Force -ErrorAction SilentlyContinue | Out-Null 71 | $Names += $DesiredName 72 | } 73 | #endregion 74 | 75 | #region Check if registry keys are set correctly 76 | If ($Names.count -eq $RegistrySettingsToValidate.count) { 77 | $Output = "All OK | Registry values created: $($Names -join ', ')" 78 | $ExitCode = 0 79 | } else { 80 | $Output = "Something went wrong :-( | Registry values created: $($Names -join ', ')" 81 | $ExitCode = 1 82 | } 83 | #endregion 84 | 85 | Write-Output $Output 86 | Exit $ExitCode -------------------------------------------------------------------------------- /Change-MultipleRegistryKeys/README.md: -------------------------------------------------------------------------------- 1 | # Registry 2 | 3 | Validate and set Registry settings according to your needs. 4 | 5 | ## Usage/Examples 6 | 7 | In the **Change-MultipleRegistryKeysDetection.ps1** and **Change-MultipleRegistryKeysRemediaton.ps1** add to or change the ```$RegistrySettingsToValidate``` array with registry settings, represented as a ```pscustomobject```, you want to validate respectively set/remediate. 8 | 9 | e.g: 10 | 11 | ```powershell 12 | $RegistrySettingsToValidate = @( 13 | [pscustomobject]@{ 14 | Hive = 'HKLM:\' 15 | Key = 'SOFTWARE\Contoso\Product' 16 | Name = 'ImportantKey' 17 | Type = 'REG_DWORD' 18 | Value = 1 19 | }, 20 | [pscustomobject]@{ 21 | Hive = 'HKLM:\' 22 | Key = 'SOFTWARE\Contoso\Product' 23 | Name = 'AnotherKey' 24 | Type = 'REG_SZ' 25 | Value = "SomeValue" 26 | } 27 | ) 28 | ``` 29 | 30 | Allowed Values for the ```Type``` property are: 31 | 32 | - ```REG_SZ``` 33 | - ```REG_DWORD``` 34 | - ```REG_BINARY``` 35 | - ```REG_QWORD``` 36 | - ```REG_MULTI_SZ``` 37 | - ```REG_EXPAND_SZ``` 38 | -------------------------------------------------------------------------------- /Change-Registry-Key-Generic/detect-regkey.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (https://www.joeyverlinden.com/) 5 | - Andrew Taylor (https://andrewstaylor.com/) 6 | - Jannik Reinhard (jannikreinhard.com) 7 | Script: detect-fastboot.ps1 8 | Description: Detects if Fastboot is enabled 9 | Release notes: 10 | Version 1.0: Init 11 | Run as: Admin/User 12 | Context: 64 Bit 13 | #> 14 | 15 | ##Enter the path to the registry key for example HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 16 | $regpath = "" 17 | 18 | ##Enter the name of the registry key for example EnableLUA 19 | $regname = "" 20 | 21 | ##Enter the value of the registry key we are checking for, for example 0 22 | $regvalue = "" 23 | 24 | 25 | Try { 26 | $Registry = Get-ItemProperty -Path $regpath -Name $regname -ErrorAction Stop | Select-Object -ExpandProperty $regname 27 | If ($Registry -eq $regvalue){ 28 | Write-Output "Compliant" 29 | Exit 0 30 | } 31 | Write-Warning "Not Compliant" 32 | Exit 1 33 | } 34 | Catch { 35 | Write-Warning "Not Compliant" 36 | Exit 1 37 | } -------------------------------------------------------------------------------- /Change-Registry-Key-Generic/remediate-regkey.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (https://www.joeyverlinden.com/) 5 | - Andrew Taylor (https://andrewstaylor.com/) 6 | - Jannik Reinhard (jannikreinhard.com) 7 | Script: remediate-fastboot.ps1 8 | Description: Disables Fastboot via registry key 9 | Release notes: 10 | Version 1.0: Init 11 | Run as: Admin/User 12 | Context: 64 Bit 13 | #> 14 | 15 | ##Enter the path to the registry key for example HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 16 | $regpath = "" 17 | 18 | ##Enter the name of the registry key for example EnableLUA 19 | $regname = "" 20 | 21 | ##Enter the value of the registry key for example 0 22 | $regvalue = "" 23 | 24 | ##Enter the type of the registry key for example DWord 25 | $regtype = "" 26 | 27 | 28 | New-ItemProperty -LiteralPath $regpath -Name $regname -Value $regvalue -PropertyType $regtype -Force -ea SilentlyContinue; -------------------------------------------------------------------------------- /Check-DiskHealth/Get-TemplateDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Check-DiskHealth 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | if($true){ 17 | return 1 18 | }else{ 19 | return 0 20 | } 21 | 22 | $events=Get-WinEvent -FilterHashtable @{LogName="System"; id="11"} -MaxEvents 2 -EA SilentlyContinue| ?{$_.providername -match "Disk" -and $_.Message -match "Harddisk0"} 23 | 24 | 25 | If ($events) { 26 | Write-Host "Disk error events found" 27 | Exit 1 28 | }else { 29 | Write-Host "No disk error events found" 30 | Exit 0 31 | } -------------------------------------------------------------------------------- /Check-PNPDevices/Check-PNPDevicesDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Marius Wyss (marius.wyss@microsoft.com) 9 | Script: Check-PNPDevicesDetection.ps1 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: Admin 14 | Context: 64 Bit 15 | #> 16 | 17 | # Check if there are Devices that do not work properly, 18 | # see README.md for more information on the filters 19 | 20 | $ClassFilterExclude = "" 21 | $ClassFilterInclude = "*" 22 | $DeviceIDFilterExclude = "" 23 | $DeviceIDFilterInclude = "*" 24 | 25 | [array]$DevicesWithIssue = Get-PnpDevice -PresentOnly -Status ERROR -ErrorAction SilentlyContinue | 26 | Where-Object PNPClass -notin $ClassFilterExclude | 27 | Where-Object {if ("*" -in $ClassFilterInclude) { $_} elseif ($_.PNPClass -in $ClassFilterInclude) {$_}} | 28 | Where-Object PNPDeviceID -notin $DeviceIDFilterExclude | 29 | Where-Object {if ("*" -in $DeviceIDFilterInclude) { $_} elseif ($_.PNPDeviceID -in $DeviceIDFilterInclude) {$_}} 30 | 31 | $Output = "" 32 | if ($DevicesWithIssue.count -gt 0) { 33 | Foreach ($Device in $DevicesWithIssue) { 34 | $FriendlyName = if ([string]::IsNullOrWhiteSpace($Device.FriendlyName)) {"N/A"} else {$Device.FriendlyName} 35 | $PNPClass = if ([string]::IsNullOrWhiteSpace($Device.PNPClass)) {"N/A"} else {$Device.PNPClass} 36 | 37 | Write-Verbose "Device: $FriendlyName Class: $PNPClass PNPDeviceID: $($Device.PNPDeviceID) ConfigManagerErrorCode: $($Device.ConfigManagerErrorCode)" 38 | $Output += " | Device: $FriendlyName Class: $PNPClass PNPDeviceID: $($Device.PNPDeviceID) Err: $($Device.ConfigManagerErrorCode)" 39 | } 40 | Write-Host $Output.TrimStart(" |") 41 | exit 1 42 | } 43 | else { 44 | Write-Host "No Devices with issues found" 45 | exit 0 46 | } 47 | -------------------------------------------------------------------------------- /Check-PNPDevices/Check-PNPDevicesRemediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Marius Wyss (marius.wyss@microsoft.com) 9 | Script: Check-PNPDevicesRemediaton.ps1 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: Admin 14 | Context: 64 Bit 15 | #> 16 | 17 | # Removes device (pnputil.exe /remove-device) and re-detects (pnputil.exe /scan-devices) devices 18 | 19 | $ClassFilterExclude = "" 20 | $ClassFilterInclude = "*" 21 | $DeviceIDFilterExclude = "" 22 | $DeviceIDFilterInclude = "*" 23 | 24 | [array]$DevicesWithIssue = Get-PnpDevice -PresentOnly -Status ERROR -ErrorAction SilentlyContinue | 25 | Where-Object PNPClass -notin $ClassFilterExclude | 26 | Where-Object {if ("*" -in $ClassFilterInclude) { $_} elseif ($_.PNPClass -in $ClassFilterInclude) {$_}} | 27 | Where-Object PNPDeviceID -notin $DeviceIDFilterExclude | 28 | Where-Object {if ("*" -in $DeviceIDFilterInclude) { $_} elseif ($_.PNPDeviceID -in $DeviceIDFilterInclude) {$_}} 29 | 30 | $Output = "" 31 | if ($DevicesWithIssue.count -gt 0) { 32 | Foreach ($Device in $DevicesWithIssue) { 33 | $FriendlyName = if ([string]::IsNullOrWhiteSpace($Device.FriendlyName)) {"N/A"} else {$Device.FriendlyName} 34 | $PNPClass = if ([string]::IsNullOrWhiteSpace($Device.PNPClass)) {"N/A"} else {$Device.PNPClass} 35 | 36 | Write-Verbose "Removing PNPDeviceID: $($Device.PNPDeviceID) Device: $FriendlyName Class: $PNPClass" 37 | $PnpUtilOut += (pnputil.exe /remove-device "$($Device.PNPDeviceID)") | Out-String 38 | Write-Verbose "Redetect Devices" 39 | $PnpUtilOut += (pnputil.exe /scan-devices) | Out-String 40 | $Output += " | Redetect PNPDeviceID: $($Device.PNPDeviceID) Device: $FriendlyName Class: $PNPClass" 41 | } 42 | Write-Host $Output.TrimStart(" |") 43 | } 44 | else { 45 | Write-Host "No Devices with issues found" 46 | } 47 | 48 | 49 | -------------------------------------------------------------------------------- /Check-PNPDevices/README.md: -------------------------------------------------------------------------------- 1 | # Devices 2 | 3 | **Check-PNPDevicesDetectionDetection.ps1** checks devices, if they are working as expected, if not it will return the devices and exit non-zero. 4 | **Check-PNPDevicesRemediation.ps1** will remove the devices and trigger a re-detect. 5 | 6 | ## Usage/Examples 7 | 8 | ### Filter 9 | 10 | If you want to run the script only against a subset of devices, you can use the following variables to filter the devices. 11 | 12 | - ```$ClassFilterInclude``` 13 | - ```$ClassFilterExclude``` 14 | - ```$DeviceIDFilterInclude``` 15 | - ```$DeviceIDFilterExclude``` 16 | 17 | #### Order of precedence 18 | 19 | > [Devices with Error] -> ClassFilterExclude -> ClassFilterInclude -> DeviceIDFilterExclude -> DeviceIDFilterInclude -> [Devices to detect / remediate] 20 | 21 | - You can use the wildcard character `*` to match any device in the ```$ClassFilterInclude``` variable and ```$DeviceIDFilterInclude``` variable. 22 | - Exclude has precedence over include. 23 | - Class filter is applied first, then DeviceID filter. 24 | 25 | #### Examples 26 | 27 | ```powershell 28 | # Filter out Net and USB devices, in this subset only include Display, Ports and Sound devices. Then exclude the PCI\VEN_8086&DEV_46A8&SUBSYS_00741414&REV_0C\3&11583659&0&10 and ACPI\PNP0C02\5 devices. 29 | 30 | $ClassFilterExclude = "Net", "USB" 31 | $ClassFilterInclude = "Display", "Ports", "Sound" 32 | $DeviceIDFilterExclude = "PCI\VEN_8086&DEV_46A8&SUBSYS_00741414&REV_0C\3&11583659&0&10", "ACPI\PNP0C02\5" 33 | $DeviceIDFilterInclude = "*" 34 | ``` 35 | 36 | ```powershell 37 | # A more reasonable example. 38 | # Don't care about USB and Mouse devices. Include all other devices. Exclude the Cisco AnyConnect VPN device and PS/2 Keyboard. 39 | 40 | $ClassFilterExclude = "USB", "Mouse" 41 | $ClassFilterInclude = "*" 42 | $DeviceIDFilterExclude = "ROOT\NET\0000", "ACPI\HPQ8002\4&1003D552&0" 43 | $DeviceIDFilterInclude = "*" 44 | ``` 45 | -------------------------------------------------------------------------------- /Clear-DnsCache/Clear-DnsCacheDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Clear-DnsCache 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Clear-DnsCache/Clear-DnsCacheRemediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Clear-DnsCache 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | ipconfig /flushdns -------------------------------------------------------------------------------- /Clear-DownloadFolder-SingleUser/Clear-DownloadFolderDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Clear-DownloadFolder 9 | Description: Checks if there is anything in the download folder 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | ##Check if there is anything in there 17 | $path = "$env:USERPROFILE\Downloads" 18 | $content = Get-ChildItem $path 19 | if ($content.count -gt 0) { 20 | write-host "things to remove" 21 | exit 1 22 | } 23 | else { 24 | write-host "nothing to remove" 25 | exit 0 26 | } 27 | -------------------------------------------------------------------------------- /Clear-DownloadFolder-SingleUser/Clear-DownloadFolderRemediaton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-TemplateRemediation 9 | Description: Clears the download folder 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | Get-ChildItem "$env:USERPROFILE\Downloads" | Remove-Item -recurse -force 17 | -------------------------------------------------------------------------------- /Clear-DownloadFolder/Clear-DownloadFolderDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Clear-DownloadFolder 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Clear-DownloadFolder/Clear-DownloadFolderRemediaton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-TemplateRemediation 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | Get-ChildItem C:\Users\*\Downloads\* | Remove-Item -recurse -force 17 | -------------------------------------------------------------------------------- /Clear-OutlookCache/Clear-OutlookCacheDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Clear-OutlookCache 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | if(Test-Path -Path 'C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE'){ 17 | return 1 18 | }else{ 19 | return 0 20 | } 21 | -------------------------------------------------------------------------------- /Clear-OutlookCache/Clear-OutlookCacheRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Clear-DownloadFolder 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | Start-Process -FilePath 'C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE' -ArgumentList '/cleanautocompletecache','/recycle' -------------------------------------------------------------------------------- /Clear-TeamsCache/Clear-TeamsCacheDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Clear-TeamsCache 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | 15 | Version: 2.0 16 | Author: 17 | -Michael Oliveri 18 | Add "-Confirm:$false" for Remove-Item 19 | Replace "Return" by "Exit" 20 | #> 21 | 22 | if(Test-Path -Path $env:APPDATA\"Microsoft\teams"){ 23 | Exit 1 24 | }else{ 25 | Exit 0 26 | } 27 | -------------------------------------------------------------------------------- /Clear-TeamsCache/Clear-TeamsCacheRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Clear-TeamsCache 9 | Description: Source https://www.solutions2share.com/clear-microsoft-teams-cache 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | 15 | Version: 2.0 16 | Author: 17 | -Michael Oliveri 18 | Replace -ProcessName teams with -ProcessName ms-teams 19 | #Microsoft documentation for cache files : https://learn.microsoft.com/en-us/microsoftteams/troubleshoot/teams-administration/clear-teams-cache#method-2-delete-the-files 20 | Change files to delete following the documentation and add "-Confirm:$false -recurse -force" to Remove-Item 21 | #> 22 | 23 | Write-Host "Microsoft Teams will be quit now in order to clear the cache." 24 | try{ 25 | Get-Process -ProcessName ms-teams | Stop-Process -Force 26 | Start-Sleep -Seconds 5 27 | Write-Host "Microsoft Teams has been successfully quit." 28 | } 29 | catch{ 30 | echo $_ 31 | } 32 | # The cache is now being cleared. 33 | try{ 34 | Get-ChildItem -Path $env:userprofile\appdata\local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams | Remove-Item -Confirm:$false -recurse -force 35 | } 36 | catch{ 37 | echo $_ 38 | } 39 | 40 | write-host "The Microsoft Teams cache has been successfully cleared." -------------------------------------------------------------------------------- /Create-LocalAdmin/Create-LocalAdminDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Simon Skotheimsvik (skotheimsvik.no) 9 | Script: Create-LocalAdmin 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: Admin 14 | Context: 64 Bit 15 | #> 16 | 17 | $localAdminName = "" 18 | 19 | if(Get-LocalUser | where-Object Name -eq $localAdminName){ 20 | Write-Host "User does already exist" 21 | Exit 0 22 | }else{ 23 | Write-Host "User does not exist" 24 | Exit 1 25 | } 26 | -------------------------------------------------------------------------------- /Create-LocalAdmin/Create-LocalAdminLAPSDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Simon Skotheimsvik (skotheimsvik.no) 9 | Script: Create-LocalAdmin 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: Admin 14 | Context: 64 Bit 15 | #> 16 | 17 | $localAdminName = "" 18 | 19 | if(Get-LocalUser | where-Object Name -eq $localAdminName){ 20 | Write-Host "User does already exist" 21 | Exit 0 22 | }else{ 23 | Write-Host "User does not exist" 24 | Exit 1 25 | } 26 | -------------------------------------------------------------------------------- /Create-LocalAdmin/Create-LocalAdminLAPSRemediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Simon Skotheimsvik (skotheimsvik.no) 9 | Script: Create-LocalAdmin 10 | Description: Add a local admin with a randomized password, ensuring that we do not have an account with a static password across all devices before Windows LAPS takes effect. 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.1: Init 13 | Run as: Admin 14 | Context: 64 Bit 15 | #> 16 | 17 | $localAdminName = "" 18 | $password = -join ((65..90) + (97..122) + (48..57) + (35..38) + (40..47) | Get-Random -Count 35 | ForEach-Object {[char]$_}) | ConvertTo-SecureString -AsPlainText -Force 19 | $Localadmingroupname = $((Get-LocalGroup -SID "S-1-5-32-544").Name) 20 | 21 | New-LocalUser "$localAdminName" -Password $password -FullName "$localAdminName" -Description "LAPS account" 22 | Add-LocalGroupMember -Group $Localadmingroupname -Member "$localAdminName" 23 | -------------------------------------------------------------------------------- /Create-LocalAdmin/Create-LocalAdminRemediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Create-LocalAdmin 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | $localAdminName = "" 17 | $password = "" 18 | 19 | New-LocalUser "$localAdminName" -Password $password -FullName "$localAdminName" -Description "Temp local admin" 20 | Add-LocalGroupMember -Group "Administrators" -Member "$localAdminName" 21 | -------------------------------------------------------------------------------- /Create-LocalAdmin/Delete-LocalAdminDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Create-LocalAdmin 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | $localAdminName = "" 17 | 18 | $la = 19 | if(Get-LocalUser | where-Object Name -eq $localAdminName){ 20 | Write-Host "User does not exist" 21 | return 0 22 | }else{ 23 | Write-Host "User does exist" 24 | return 1 25 | } -------------------------------------------------------------------------------- /Create-LocalAdmin/Delete-LocalAdminRemediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Create-LocalAdmin 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | $localAdminName = "" 17 | 18 | Remove-LocalUser -Name $localAdminName 19 | -------------------------------------------------------------------------------- /Detect-SCCM/Detect.ps1: -------------------------------------------------------------------------------- 1 | # dectection script for SCCM 2 | 3 | # Define the path to ccmsetup.exe 4 | $ccmSetupPath = "$env:windir\ccmsetup\ccmsetup.exe" 5 | 6 | # Check if ccmsetup.exe exists 7 | if (Test-Path $ccmSetupPath) { 8 | Write-Output " SCCM client is installed." 9 | Exit 1 10 | } 11 | else { 12 | Write-Output " SCCM client is NOT installed." 13 | Exit 0 14 | } -------------------------------------------------------------------------------- /Detect-SCCM/RemoveSCCM.ps1: -------------------------------------------------------------------------------- 1 | # dectection script for SCCM 2 | 3 | # Define the path to ccmsetup.exe 4 | $ccmSetupPath = "$env:windir\ccmsetup\ccmsetup.exe" 5 | 6 | # Check if ccmsetup.exe exists 7 | if (Test-Path $ccmSetupPath) { 8 | Write-Output " SCCM client is installed. Removing...." 9 | Start-Process -FilePath $ccmSetupPath -ArgumentList "/uninstall" -Wait -NoNewWindow 10 | Write-Output "Congratulations!! The SCCM client uninstalled successfully." 11 | Exit 1 12 | } 13 | else { 14 | Write-Output " SCCM client is not installed or the path to ccmsetup.exe is incorrect. Please specify a valid path." 15 | Exit 0 16 | } 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /Device Auto-Syncer/AutoSyncDetect.ps1: -------------------------------------------------------------------------------- 1 | # Create variable for the time of the last Intune sync. 2 | $PushInfo = Get-ScheduledTask -TaskName PushLaunch | Get-ScheduledTaskInfo 3 | $LastPush = $PushInfo.LastRunTime 4 | $CurrentTime=(GET-DATE) 5 | 6 | # Calculate the time difference between the current date/time and the date stored in the variable. 7 | $TimeDiff = New-TimeSpan -Start $LastPush -End $CurrentTime 8 | 9 | # If/Else statement checking whether the Time Difference between the Last Sync and the current time is less or greater than 2 days 10 | if ($TimeDiff.Days -gt 2) { 11 | # The time difference is more than 2 days 12 | Write-Host "Last Sync was more than 2 days ago" 13 | Exit 1 14 | } else { 15 | # The time difference is less than 2 days 16 | Write-Host "Sync Complete" 17 | Exit 0 18 | } 19 | -------------------------------------------------------------------------------- /Device Auto-Syncer/AutoSyncRemediate.ps1: -------------------------------------------------------------------------------- 1 | try { 2 | Get-ScheduledTask | ? {$_.TaskName -eq 'PushLaunch'} | Start-ScheduledTask 3 | Exit 0 4 | } 5 | catch { 6 | Write-Error $_ 7 | Exit 1 8 | } 9 | -------------------------------------------------------------------------------- /Disable-Coinstaller/detect-coinstaller.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Adam Gell 5 | Script: detect-coinstaller.ps1 6 | Description: Detects if coinstallers is disabled via registry key 7 | Release notes: 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | ##Enter the path to the registry key 14 | $regpath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer" 15 | 16 | ##Enter the name of the registry key 17 | $regname = "DisableCoInstallers" 18 | 19 | ##Enter the value of the registry key 20 | $regvalue = "00000001" 21 | 22 | 23 | Try { 24 | $Registry = Get-ItemProperty -Path $regpath -Name $regname -ErrorAction Stop | Select-Object -ExpandProperty $regname 25 | If ($Registry -eq $regvalue){ 26 | Write-Output "Compliant" 27 | Exit 0 28 | } 29 | Write-Warning "Not Compliant" 30 | Exit 1 31 | } 32 | Catch { 33 | Write-Warning "Not Compliant" 34 | Exit 1 35 | } -------------------------------------------------------------------------------- /Disable-Coinstaller/remediate-coinstaller.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Adam Gell 5 | Script: remediate-coinstaller.ps1 6 | Description: Detects if coinstallers is disabled via registry key 7 | Release notes: 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | ##Enter the path to the registry key 14 | $regpath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer" 15 | 16 | ##Enter the name of the registry key 17 | $regname = "DisableCoInstallers" 18 | 19 | ##Enter the value of the registry key 20 | $regvalue = "00000001" 21 | 22 | ##Enter the type of the registry key for example DWord 23 | $regtype = "DWord" 24 | 25 | 26 | New-ItemProperty -LiteralPath $regpath -Name $regname -Value $regvalue -PropertyType $regtype -Force -ea SilentlyContinue; -------------------------------------------------------------------------------- /Disable-Fastboot/detect-fastboot.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-fastboot.ps1 9 | Description: Detects if Fastboot is enabled 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $Path = "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" 17 | $Name = "HiberbootEnabled" 18 | $Value = 0 19 | 20 | Try { 21 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 22 | If ($Registry -eq $Value){ 23 | Write-Output "Compliant" 24 | Exit 0 25 | } 26 | Write-Warning "Not Compliant" 27 | Exit 1 28 | } 29 | Catch { 30 | Write-Warning "Not Compliant" 31 | Exit 1 32 | } -------------------------------------------------------------------------------- /Disable-Fastboot/remediate-fastboot.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-fastboot.ps1 9 | Description: Disables Fastboot via registry key 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | New-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power' -Name 'HiberbootEnabled' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue; -------------------------------------------------------------------------------- /Disable-SMBv1/detect-smbv1.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-fastboot.ps1 9 | Description: Detects if SMBv1 is enabled 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $smbv1 = get-smbserverconfiguration | Select-Object -ExpandProperty EnableSMB1Protocol 17 | if ($smbv1 -eq $false) { 18 | write-host "SMBv1 is disabled" 19 | exit 0 20 | } 21 | else { 22 | write-host "SMBv1 is enabled" 23 | exit 1 24 | } -------------------------------------------------------------------------------- /Disable-SMBv1/remediate-smbv1.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-fastboot.ps1 9 | Description: Disables SMBv1 via registry key 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | Set-SmbServerConfiguration -EnableSMB1Protocol 0 -------------------------------------------------------------------------------- /Disable-StartMenuWebSearch/detect-WebSearch.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | Tom Coleman 5 | Script: Detect Web Search 6 | Description: Disabling web search on the start menu makes it so much faster and effective. No lag at all anymore! 7 | Version 1.0: Init 8 | Run as: Admin 9 | Context: 64 Bit 10 | #> 11 | 12 | $Path = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" 13 | $Name = "BingSearchEnabled" 14 | $Value = 0 15 | 16 | Try { 17 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 18 | If ($Registry -eq $Value){ 19 | Write-Output "Compliant" 20 | Exit 0 21 | } 22 | Write-Warning "Not Compliant" 23 | Exit 1 24 | } 25 | Catch { 26 | Write-Warning "Not Compliant" 27 | Exit 1 28 | } -------------------------------------------------------------------------------- /Disable-StartMenuWebSearch/remediate-WebSearch.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | Tom Coleman 5 | Script: Stop Web Search 6 | Description: Disabling web search on the start menu makes it so much faster and effective. No lag at all anymore! 7 | Version 1.0: Init 8 | Run as: Admin 9 | Context: 64 Bit 10 | #> 11 | 12 | $Path = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" 13 | $Name = "BingSearchEnabled" 14 | $Type = "DWORD" 15 | $Value = 0 16 | 17 | New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $Type -Force -ea SilentlyContinue; -------------------------------------------------------------------------------- /Disk-Repair/README.MD: -------------------------------------------------------------------------------- 1 | Note: This does not require a remediation script. 2 | Any errors will be displayed in the Proactive Remediation console -------------------------------------------------------------------------------- /Disk-Repair/detect-diskrepair.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-old-profiles.ps1 9 | Description: Checks for disk errors 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | $disk = ($env:SystemDrive).Substring(0,1) 16 | 17 | $repair = repair-volume -DriveLetter $disk -scan -Verbose 18 | 19 | write-output $repair 20 | 21 | if ($repair -eq "NoErrorsfound") { 22 | write-host "No issues" 23 | Exit 0 24 | } 25 | else { 26 | write-host "Needs checking" 27 | exit 1 28 | } -------------------------------------------------------------------------------- /Enable-DeliveryOptimizationVerboseLogging/Disable-VerboseLoggingDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Enable-DeliveryOptimizationVerboseLogging 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Enable-DeliveryOptimizationVerboseLogging/Disable-VerboseLoggingRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Enable-DeliveryOptimizationVerboseLogging 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | Disable-DeliveryOptimizationVerboseLogs -------------------------------------------------------------------------------- /Enable-DeliveryOptimizationVerboseLogging/Enable-VerboseLoggingDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Enable-DeliveryOptimizationVerboseLogging 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Enable-DeliveryOptimizationVerboseLogging/Enable-VerboseLoggingRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Enable-DeliveryOptimizationVerboseLogging 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | Enable-DeliveryOptimizationVerboseLogs -------------------------------------------------------------------------------- /Enable-DotNet-35/DetectDotNet35.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Nico Wyss (https://cloudfil.ch) 9 | Script: DetectDotNet35.ps1 10 | Description: Detects if .NET 3.5 is installed 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: Admin 14 | Context: 64 Bit 15 | #> 16 | Start-Transcript -Path $(Join-Path $env:temp "NetFx3.log") 17 | 18 | if ((Get-WindowsOptionalFeature -Online -FeatureName NetFx3).State -eq "Enabled") { 19 | Write-Output 'NetFx3 Enabled' 20 | exit 0 21 | } 22 | else { 23 | Write-Output 'NetFx3 Disabled' 24 | exit 1 25 | } -------------------------------------------------------------------------------- /Enable-DotNet-35/RemediateDotNet35.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Nico Wyss (https://cloudfil.ch) 9 | Script: RemediateDotNet35.ps1 10 | Description: Installs .NET 3.5 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: Admin 14 | Context: 64 Bit 15 | #> 16 | 17 | try { 18 | 19 | Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 20 | Write-Output 'NetFx3 will be Enabled' 21 | exit 0 22 | } 23 | catch { 24 | 25 | $errMsg = $_.Exception.Message 26 | Write-host $errMsg 27 | exit 1 28 | } -------------------------------------------------------------------------------- /Enable-RDP/Enable-RDPDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Enable-RDP 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | function IsMember 18 | { 19 | param( 20 | [String]$GroupSID = "", 21 | [String]$UserSID = "" 22 | ) 23 | $memebers = Get-LocalGroupMember -SID $GroupSID 24 | $isMember = $false 25 | foreach ($memeber in $memebers) 26 | { 27 | if($memeber.sid -eq $UserSID) {$isMember = $true} 28 | } 29 | return $isMember 30 | } 31 | 32 | 33 | if((Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\' -Name 'fDenyTSConnections').fDenyTSConnections){ 34 | Write-Host "RDP is disabled" 35 | return 1 36 | }else{ 37 | Write-Host "RDP is enabled" 38 | } 39 | 40 | if(IsMember -GroupSID S-1-5-32-555 -UserSID S-1-1-0){ 41 | Write-Host "User is member of the RDP group" 42 | exit 0 43 | } 44 | Write-Host "User is not member of the RDP group" 45 | exit 1 -------------------------------------------------------------------------------- /Enable-RDP/Enable-RDPRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Enable-RDP 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | function IsMember 17 | { 18 | param( 19 | [String]$GroupSID = "", 20 | [String]$UserSID = "" 21 | ) 22 | $memebers = Get-LocalGroupMember -SID $GroupSID 23 | $isMember = $false 24 | foreach ($memeber in $memebers) 25 | { 26 | if($memeber.sid -eq $UserSID) {$isMember = $true} 27 | } 28 | return $isMember 29 | } 30 | 31 | # Enable RDP 32 | Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\' -Name 'fDenyTSConnections' -Value 0 33 | # Enable Networklevel authentication 34 | (Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) 35 | 36 | 37 | if(IsMember -GroupSID S-1-5-32-555 -UserSID S-1-1-0){ 38 | }else{ 39 | Add-LocalGroupMember -SID S-1-5-32-555 -Member "S-1-1-0" 40 | } 41 | 42 | -------------------------------------------------------------------------------- /Enable-SignatureValidation/Detect_Signature_Validation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Tom Coleman 5 | Script: Enable-SignatureValidation 6 | Description: Written to resolve this https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | $Path = 'Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config', 'Registry::HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config' 14 | 15 | foreach ($i in $Path){ 16 | if ((Test-Path $i)) { 17 | Write-Output "Compliant" 18 | Exit 0 19 | } 20 | Write-Warning "Not Compliant" 21 | Exit 1 22 | } 23 | 24 | -------------------------------------------------------------------------------- /Enable-SignatureValidation/Remediate_Signature_Validation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Tom Coleman 5 | Script: Enable-SignatureValidation 6 | Description: Written to resolve this https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | $Path = 'Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config', 'Registry::HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config' 14 | $Name = 'EnableCertPaddingCheck' 15 | $value = '1' 16 | 17 | Foreach ($i In $Path) 18 | { 19 | if (!(Test-Path $i)) { 20 | 21 | New-Item -Path $i -Name 'Config' -force | Out-null 22 | new-itemproperty -Path $i -name $name -value $value -force | out-null 23 | 24 | } 25 | } 26 | 27 | shutdown.exe /r /t 2700 /c "I am afraid there is a critical sytem patch requiring a reboot in 45 minutes" -------------------------------------------------------------------------------- /Enforce-SMB-Signing/Detect_SMBSigning.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | Tom Coleman 5 | Script: Detect SMB Signing 6 | Description: Background https://learn.microsoft.com/en-GB/troubleshoot/windows-server/networking/overview-server-message-block-signing 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | $Path = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters' 14 | $Name = 'RequireSecuritySignature' 15 | $Value = 1 16 | 17 | Try { 18 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 19 | If ($Registry -eq $Value){ 20 | Write-Output "Compliant" 21 | Exit 0 22 | } 23 | Write-Warning "Not Compliant" 24 | Exit 1 25 | } 26 | Catch { 27 | Write-Warning "Not Compliant" 28 | Exit 1 29 | } -------------------------------------------------------------------------------- /Enforce-SMB-Signing/Remediate-SMB-Signing.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | Tom Coleman 5 | Script: Detect SMB Signing 6 | Description: Background https://learn.microsoft.com/en-GB/troubleshoot/windows-server/networking/overview-server-message-block-signing 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | $Path = 'HKLM\System\CurrentControlSet\Services\LanManWorkstation\Parameters' 14 | $Name = 'RequireSecuritySignature' 15 | $Type = "DWORD" 16 | $Value = 1 17 | 18 | New-ItemProperty -LiteralPath $Path -Name $Name -Value $Value -PropertyType $Type -------------------------------------------------------------------------------- /Fortinet-VPN-Profile/FortinetVPNProfile-Detect.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .NOTES 3 | =========================================================================== 4 | Created on: 27.06.2022 5 | Created by: Simon Skotheimsvik 6 | Filename: FortinetVPNProfile-Detect.ps1 7 | Instructions: https://skotheimsvik.no/fortinet-vpn-profile-distribution-with-mdm 8 | =========================================================================== 9 | 10 | .DESCRIPTION 11 | This script will detect if VPN profile is present 12 | 13 | #> 14 | 15 | # Defining variables for the VPN connection 16 | $VPNName = "Simons VPN" 17 | 18 | if ((Test-Path -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$VPNName") -ne $true) { 19 | Write-Host "Not existing" 20 | Exit 1 21 | } 22 | Else { 23 | Write-Host "OK" 24 | Exit 0 25 | } -------------------------------------------------------------------------------- /Fortinet-VPN-Profile/FortinetVPNProfile-Remediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .NOTES 3 | =========================================================================== 4 | Created on: 27.06.2022 5 | Created by: Simon Skotheimsvik 6 | Filename: FortinetVPNProfile-Remediation.ps1 7 | Instructions: https://skotheimsvik.no/fortinet-vpn-profile-distribution-with-mdm 8 | =========================================================================== 9 | 10 | .DESCRIPTION 11 | This script will create a VPN profile 12 | 13 | #> 14 | 15 | # Defining variables for the VPN connection 16 | $VPNName = "Simons VPN" 17 | $Server = "vpn.skotheimsvik.no:443" 18 | 19 | # Install VPN Profiles 20 | New-Item "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$VPNName" -force -ea SilentlyContinue; 21 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$VPNName" -Name 'Description' -Value $VPNName -PropertyType String -Force -ea SilentlyContinue; 22 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$VPNName" -Name 'Server' -Value $Server -PropertyType String -Force -ea SilentlyContinue; 23 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$VPNName" -Name 'promptusername' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue; 24 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$VPNName" -Name 'promptcertificate' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue; 25 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$VPNName" -Name 'ServerCert' -Value '1' -PropertyType String -Force -ea SilentlyContinue; 26 | 27 | if ((Test-Path -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$VPNName") -ne $true) { 28 | $exitCode = -1 29 | } 30 | else { 31 | $exitCode = 0 32 | } 33 | 34 | exit $exitCode -------------------------------------------------------------------------------- /Get-AdobeDC_Java/Detect_AdobeDC_Java.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-AdobeDC_Java 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown" 17 | $Name = "bDisableJavaScript" 18 | $Type = "DWORD" 19 | $Value = 1 20 | 21 | Try { 22 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 23 | If ($Registry -eq $Value){ 24 | Write-Output "Compliant" 25 | Exit 0 26 | } 27 | Write-Warning "Not Compliant" 28 | Exit 1 29 | } 30 | Catch { 31 | Write-Warning "Not Compliant" 32 | Exit 1 33 | } -------------------------------------------------------------------------------- /Get-AdobeDC_Java/Remediate_AdobeDC_Java.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate-AdobeDC_Java 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown" -Name "bDisableJavaScript" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue; 17 | -------------------------------------------------------------------------------- /Get-AdobeReader-Java/Detect_AdobeReader_Java.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-AdobeReader_Java 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" 17 | $Name = "bDisableJavaScript" 18 | $Type = "DWORD" 19 | $Value = 1 20 | 21 | Try { 22 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 23 | If ($Registry -eq $Value){ 24 | Write-Output "Compliant" 25 | Exit 0 26 | } 27 | else 28 | { 29 | Write-Warning "Not Compliant" 30 | Exit 1 31 | } 32 | } 33 | Catch { 34 | Write-Warning "Not Compliant" 35 | Exit 1 36 | } -------------------------------------------------------------------------------- /Get-AdobeReader-Java/Remediate_AdobeReader_Java.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate-AdobeReader_Java 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name "bDisableJavaScript" -Value 1 -PropertyType DWord -Force -ea SilentlyContinue; 17 | -------------------------------------------------------------------------------- /Get-AdobeReader_Flash/Detect_AdobeReader_Flash.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-AdobeReader_Flash 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User/Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | 17 | $Path = "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" 18 | $Name = "bEnableFlash" 19 | $Type = "DWORD" 20 | $Value = 0 21 | 22 | Try { 23 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 24 | If ($Registry -eq $Value){ 25 | Write-Output "Compliant" 26 | Exit 0 27 | } 28 | Write-Warning "Not Compliant" 29 | Exit 1 30 | } 31 | Catch { 32 | Write-Warning "Not Compliant" 33 | Exit 1 34 | } -------------------------------------------------------------------------------- /Get-AdobeReader_Flash/Remediate_AdobeReader_Flash.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate-AdobeReader_Flash 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User/Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" -Name "bEnableFlash" -Value 0 -PropertyType DWord -Force -ea SilentlyContinue; 17 | -------------------------------------------------------------------------------- /Get-Always_Elevated/Detect_Always_Elevated.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-Always_Elevated 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer" 17 | $Name = "AlwaysInstallElevated" 18 | $Type = "DWORD" 19 | $Value = "0" 20 | 21 | Try { 22 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 23 | If ($Registry -eq $Value){ 24 | Write-Output "Compliant" 25 | Exit 0 26 | } 27 | Write-Warning "Not Compliant" 28 | Exit 1 29 | } 30 | Catch { 31 | Write-Warning "Not Compliant" 32 | Exit 1 33 | } -------------------------------------------------------------------------------- /Get-Always_Elevated/Remediate_Always_Elevated.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate-Always_Elevated 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\" 17 | $Key = "Installer" 18 | $FullPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer" 19 | $Name = "AlwaysInstallElevated" 20 | $Type = "DWORD" 21 | $Value = "0" 22 | 23 | 24 | New-Item -Path $Path -Name $Key 25 | New-ItemProperty -Path $FullPath -Name $Name -Value $Value -PropertyType $Type 26 | -------------------------------------------------------------------------------- /Get-BitlockerRecoveryKey/detection_BitlockerRecoveryKey.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detection_BitlockerRecoveryKey 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | Try { 17 | $Result = (Get-BitLockerVolume -MountPoint C).KeyProtector 18 | $Recoverykey = $result.recoverypassword 19 | 20 | If ($recoverykey -ne $null) 21 | { 22 | Write-Output "Bitlocker recovery key available $Recoverykey " 23 | exit 0 24 | } 25 | Else 26 | { 27 | Write-Output "No bitlocker recovery key available starting remediation" 28 | exit 1 29 | } 30 | } 31 | catch 32 | { 33 | Write-Warning "Value Missing" 34 | exit 1 35 | } 36 | -------------------------------------------------------------------------------- /Get-BitlockerRecoveryKey/remediation_BitlockerRecoveryKey.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediation_BitlockerRecoveryKey 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | Try 17 | { 18 | $BLinfo = Get-Bitlockervolume 19 | if($BLinfo.EncryptionPercentage -eq '100') 20 | { 21 | $Result = (Get-BitLockerVolume -MountPoint C).KeyProtector 22 | $Recoverykey = $result.recoverypassword 23 | Write-Output "Bitlocker recovery key $recoverykey" 24 | Exit 0 25 | }else{ 26 | Write-Output "This is only for reporting, no key aviable" 27 | Exit 1 28 | } 29 | } 30 | catch 31 | { 32 | Write-Warning "Value Missing" 33 | Exit 1 34 | } 35 | 36 | -------------------------------------------------------------------------------- /Get-CleanUpDisk/Get-CleanUpDiskDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-CleanUpDisk 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | $storageThreshold = 15 17 | 18 | $utilization = (Get-PSDrive | Where {$_.name -eq "C"}).free 19 | 20 | if(($storageThreshold *1GB) -lt $utilization){exit 0} 21 | else{exit 1} -------------------------------------------------------------------------------- /Get-CleanUpDisk/Get-CleanUpDiskRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-CleanUpDisk 9 | Description: 10 | Possible Values: 11 | 'Active Setup Temp Folders', 'BranchCache', 'Content Indexer Cleaner', 'Device Driver Packages', 'Downloaded Program Files', 'GameNewsFiles', 'GameStatisticsFiles', 'GameUpdateFiles', 12 | 'Internet Cache Files', 'Memory Dump Files', 'Offline Pages Files', 'Old ChkDsk Files', 'Previous Installations', 'Recycle Bin', 'Service Pack Cleanup', 'Setup Log Files', 'System error memory dump files', 13 | 'System error minidump files', 'Temporary Files', 'Temporary Setup Files', 'Temporary Sync Files', 'Thumbnail Cache', 'Update Cleanup', 'Upgrade Discarded Files', 'User file versions', 'Windows Defender', 14 | 'Windows Error Reporting Archive Files', 'Windows Error Reporting Queue Files', 'Windows Error Reporting System Archive Files', 'Windows Error Reporting System Queue Files', 'Windows ESD installation files', 15 | 'Windows Upgrade Log Files' 16 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 17 | Version 1.0: Init 18 | Run as: Admin 19 | Context: 64 Bit 20 | #> 21 | 22 | $cleanupTypeSelection = 'Temporary Sync Files', 'Downloaded Program Files', 'Memory Dump Files', 'Recycle Bin' 23 | 24 | foreach ($keyName in $cleanupTypeSelection) { 25 | $newItemParams = @{ 26 | Path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\$keyName" 27 | Name = 'StateFlags0001' 28 | Value = 2 29 | PropertyType = 'DWord' 30 | ErrorAction = 'SilentlyContinue' 31 | } 32 | New-ItemProperty @newItemParams | Out-Null 33 | } 34 | 35 | Start-Process -FilePath CleanMgr.exe -ArgumentList '/sagerun:1' -NoNewWindow -Wait 36 | -------------------------------------------------------------------------------- /Get-CloudDeliveredProtection/Detect_CloudDeliveredProtection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-CloudDeliveredProtection 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'C1' 17 | if(((Get-MpPreference).MAPSReporting -eq 2) -and ((Get-MpPreference).SubmitSamplesConsent) -eq 3) { 18 | Write-Output "$version COMPLIANT" 19 | exit 0 20 | } else { 21 | Write-Output "$version NON-COMPLIANT" 22 | exit 1 23 | } -------------------------------------------------------------------------------- /Get-CloudDeliveredProtection/Remediate_CloudDeliveredProtection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate-CloudDeliveredProtection 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'R1' 17 | try { 18 | Set-MpPreference -MAPSReporting Advanced 19 | Set-MpPreference -SubmitSamplesConsent SendAllSamples 20 | Write-Output "$version Remediated" 21 | exit 0 22 | } 23 | catch { 24 | Write-Output "$version Failed" 25 | exit 1 26 | } -------------------------------------------------------------------------------- /Get-ConnectedDevices/Get-ConnectedDevicesDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-ConnectedDevices 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin/User 13 | Context: 64 Bit 14 | #> 15 | 16 | $deviceIds = @('') 17 | 18 | foreach($device in Get-PnpDevice){ 19 | if(($deviceIds | %{$device.DeviceID -like "$_*"}) -contains $true){ 20 | Write-Host "Device found" 21 | Exit 1 22 | } 23 | } 24 | 25 | Write-Host "Device not found" 26 | Exit 0 -------------------------------------------------------------------------------- /Get-DeviceUptime_and_Reboot/Detect_DeviceUptime7.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get_DeviceUptime7 9 | Description: Checks the device uptime days. If its 7 days or more it shows a windows notification to the user that he should reboot. 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | $Uptime= get-computerinfo | Select-Object OSUptime 17 | if ($Uptime.OsUptime.Days -ge 7){ 18 | Write-Output "Device has not rebootet on $($Uptime.OsUptime.Days) days, notify user to reboot" 19 | Exit 1 20 | }else { 21 | Write-Output "Device has rebootet $($Uptime.OsUptime.Days) days ago, all good" 22 | Exit 0 23 | } -------------------------------------------------------------------------------- /Get-DeviceUptime_and_Reboot/Remediate_DeviceUptime7.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate_DeviceUptime7 9 | Description: Checks the device uptime days. If its 7 days or more it shows a windows notification to the user that he should reboot. 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | 17 | function Display-ToastNotification() { 18 | $Load = [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] 19 | $Load = [Windows.Data.Xml.Dom.XmlDocument, Windows.Data.Xml.Dom.XmlDocument, ContentType = WindowsRuntime] 20 | # Load the notification into the required format 21 | $ToastXML = New-Object -TypeName Windows.Data.Xml.Dom.XmlDocument 22 | $ToastXML.LoadXml($Toast.OuterXml) 23 | 24 | # Display the toast notification 25 | try { 26 | [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($App).Show($ToastXml) 27 | } 28 | catch { 29 | Write-Output -Message 'Something went wrong when displaying the toast notification' -Level Warn 30 | Write-Output -Message 'Make sure the script is running as the logged on user' -Level Warn 31 | } 32 | } 33 | # Setting image variables 34 | $LogoImageUri = "https://raw.githubusercontent.com/insignit/endpointmanagerbranding/master/insignit_512.jpg" 35 | $HeroImageUri = "https://raw.githubusercontent.com/insignit/endpointmanagerbranding/master/InsignIT_hero.png" 36 | $LogoImage = "$env:TEMP\ToastLogoImage.png" 37 | $HeroImage = "$env:TEMP\ToastHeroImage.png" 38 | $Uptime= get-computerinfo | Select-Object OSUptime 39 | 40 | #Fetching images from uri 41 | Invoke-WebRequest -Uri $LogoImageUri -OutFile $LogoImage 42 | Invoke-WebRequest -Uri $HeroImageUri -OutFile $HeroImage 43 | 44 | #Defining the Toast notification settings 45 | #ToastNotification Settings 46 | $Scenario = 'reminder' # 47 | 48 | # Load Toast Notification text 49 | $AttributionText = "Insign.it" 50 | $HeaderText = "Computer Restart is needed!" 51 | $TitleText = "Your device has not performed a reboot the last $($Uptime.OsUptime.Days) days" 52 | $BodyText1 = "For performance and stability reasons we suggest a reboot at least once a week." 53 | $BodyText2 = "Please save your work and restart your device today. Thank you in advance." 54 | 55 | 56 | # Check for required entries in registry for when using Powershell as application for the toast 57 | # Register the AppID in the registry for use with the Action Center, if required 58 | $RegPath = 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings' 59 | $App = '{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\WindowsPowerShell\v1.0\powershell.exe' 60 | 61 | # Creating registry entries if they don't exists 62 | if (-NOT(Test-Path -Path "$RegPath\$App")) { 63 | New-Item -Path "$RegPath\$App" -Force 64 | New-ItemProperty -Path "$RegPath\$App" -Name 'ShowInActionCenter' -Value 1 -PropertyType 'DWORD' 65 | } 66 | 67 | # Make sure the app used with the action center is enabled 68 | if ((Get-ItemProperty -Path "$RegPath\$App" -Name 'ShowInActionCenter' -ErrorAction SilentlyContinue).ShowInActionCenter -ne '1') { 69 | New-ItemProperty -Path "$RegPath\$App" -Name 'ShowInActionCenter' -Value 1 -PropertyType 'DWORD' -Force 70 | } 71 | 72 | 73 | # Formatting the toast notification XML 74 | [xml]$Toast = @" 75 | 76 | 77 | 78 | 79 | 80 | $AttributionText 81 | $HeaderText 82 | 83 | 84 | $TitleText 85 | 86 | 87 | 88 | 89 | $BodyText1 90 | 91 | 92 | 93 | 94 | $BodyText2 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | "@ 104 | 105 | #Send the notification 106 | Display-ToastNotification 107 | Exit 0 -------------------------------------------------------------------------------- /Get-LSA-Protection/Detect_LSA_Protection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get_LSA_Protection 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" 17 | $Name = "RunAsPPL" 18 | $Type = "DWORD" 19 | $Value = 1 20 | 21 | Try { 22 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 23 | If ($Registry -eq $Value){ 24 | Write-Output "Compliant" 25 | Exit 0 26 | } 27 | Write-Warning "Not Compliant" 28 | Exit 1 29 | } 30 | Catch { 31 | Write-Warning "Not Compliant" 32 | Exit 1 33 | } -------------------------------------------------------------------------------- /Get-LSA-Protection/Remediate_LSA_Protection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate_LSA_Protection 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" 17 | $Name = "RunAsPPL" 18 | $Type = "DWORD" 19 | $Value = 1 20 | 21 | Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value -------------------------------------------------------------------------------- /Get-NetworkProtection/Detect_NetworkProtection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Detect_NetworkProtection 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'C1' 17 | if((Get-MpPreference).EnableNetworkProtection -eq 1) { 18 | Write-Output "$version COMPLIANT" 19 | exit 0 20 | } else { 21 | Write-Output "$version NON-COMPLIANT" 22 | exit 1 23 | } -------------------------------------------------------------------------------- /Get-NetworkProtection/Remediate_NetworkProtection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate_NetworkProtection 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'R1' 17 | try { 18 | Set-MpPreference -EnableNetworkProtection Enabled 19 | Write-Output "$version Remediated" 20 | exit 0 21 | } 22 | catch { 23 | Write-Output "$version Failed" 24 | exit 1 25 | } -------------------------------------------------------------------------------- /Get-OfficeTelemetry/Detect_Office_Telemetry.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-Office_Telemetry 9 | Description: Disable O365 from sharing telemetry 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKCU:\Software\Policies\Microsoft\office\common\clienttelemetry" 17 | $Name = "DisableTelemetry" 18 | $Type = "DWORD" 19 | $Value = 1 20 | 21 | Try { 22 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 23 | If ($Registry -eq $Value){ 24 | Write-Output "Compliant" 25 | Exit 0 26 | } 27 | Write-Warning "Not Compliant" 28 | Exit 1 29 | } 30 | Catch { 31 | Write-Warning "Not Compliant" 32 | Exit 1 33 | } -------------------------------------------------------------------------------- /Get-OfficeTelemetry/Remediate_Office_Telemetry.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate-Office_Telemetry 9 | Description: Disable O365 from sharing telemetry 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKCU:\Software\Policies\Microsoft\office\common\" 17 | $Key = "clienttelemetry" 18 | $FullPath = "HKCU:\Software\Policies\Microsoft\office\common\clienttelemetry" 19 | $Name = "DisableTelemetry" 20 | $Type = "DWORD" 21 | $Value = "1" 22 | 23 | New-Item -Path $Path -Name $Key 24 | New-ItemProperty -Path $FullPath -Name $Name -Value $Value -PropertyType $Type 25 | -------------------------------------------------------------------------------- /Get-PUA-Protection/Detect_PUA-Protection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get_PUA-Protection 9 | Description: Check if PUA is enabled. 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User/Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'C1' 17 | if((Get-MpPreference).PUAProtection -eq 1) { 18 | Write-Output "$version COMPLIANT" 19 | exit 0 20 | } else { 21 | Write-Output "$version NON-COMPLIANT" 22 | exit 1 23 | } -------------------------------------------------------------------------------- /Get-PUA-Protection/Remediate_PUA-Protection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate_PUA-Protection 9 | Description: Check if PUA is enabled. 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User/Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'R1' 17 | try { 18 | Set-MpPreference -PUAProtection Enabled 19 | Write-Output "$version Remediated" 20 | exit 0 21 | } 22 | catch { 23 | Write-Output "$version Failed" 24 | exit 1 25 | } -------------------------------------------------------------------------------- /Get-RealTimeBehaviour/Detect_RealTimeBehavior.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-RealTimeBehaviour 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'C1' 17 | if((Get-MpComputerStatus).BehaviorMonitorEnabled -eq "True") { 18 | Write-Output "$version COMPLIANT" 19 | exit 0 20 | } else { 21 | Write-Output "$version NON-COMPLIANT" 22 | exit 1 23 | } -------------------------------------------------------------------------------- /Get-RealTimeBehaviour/Remediate_RealTimeBehavior.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Detect-RealTimeBehaviour 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'R1' 17 | try { 18 | Set-MpPreference -DisableBehaviorMonitoring $false 19 | Write-Output "$version Remediated" 20 | exit 0 21 | } 22 | catch { 23 | Write-Output "$version Failed" 24 | exit 1 25 | } -------------------------------------------------------------------------------- /Get-RealTimeProtection/Detect_RealTimeProtection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-RealTimeProtection 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'C1' 17 | if((Get-MpComputerStatus).RealTimeProtectionEnabled -eq "True") { 18 | Write-Output "$version COMPLIANT" 19 | exit 0 20 | } else { 21 | Write-Output "$version NON-COMPLIANT" 22 | exit 1 23 | } -------------------------------------------------------------------------------- /Get-RealTimeProtection/Remediate_RealTimeProtection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate-RealTimeProtection 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $version = 'R1' 17 | try { 18 | Set-MpPreference -DisableRealtimeMonitoring $false 19 | Write-Output "$version Remediated" 20 | exit 0 21 | } 22 | catch { 23 | Write-Output "$version Failed" 24 | exit 1 25 | } -------------------------------------------------------------------------------- /Get-TimeZone_W_Europe/Get-TimeZone_W_Europe.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Detect_TimeZone_W_Europe 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | $Path = "HKLM:\SYSTEM\CurrentControlSet\Control\TimeZoneInformation" 17 | $Name = "TimeZoneKeyName" 18 | $Type = "STRING" 19 | $Value = "W. Europe Standard Time" 20 | 21 | Try { 22 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 23 | If ($Registry -eq $Value){ 24 | Write-Output "Compliant" 25 | Exit 0 26 | } 27 | else 28 | { 29 | Write-Warning "Not Compliant" 30 | Exit 1 31 | } 32 | } 33 | Catch { 34 | Write-Warning "Not Compliant" 35 | Exit 1 36 | } -------------------------------------------------------------------------------- /Get-TimeZone_W_Europe/Remediate_TimeZone_W_Europe.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remediate_TimeZone_W_Europe 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 32 & 64 Bit 14 | #> 15 | 16 | 17 | $Path = "HKLM:\SYSTEM\CurrentControlSet\Control\TimeZoneInformation" 18 | $Name = "TimeZoneKeyName" 19 | $Type = "STRING" 20 | $Value = "W. Europe Standard Time" 21 | 22 | Try { 23 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 24 | If ($Registry -eq $Value){ 25 | Write-Output "Compliant" 26 | Exit 0 27 | } 28 | else 29 | { 30 | Write-Warning "Not Compliant" 31 | Exit 1 32 | } 33 | } 34 | Catch { 35 | Write-Warning "Not Compliant" 36 | Exit 1 37 | } -------------------------------------------------------------------------------- /Get-WH4BEnrolledMethods/Get-WH4BEnrolledMethodsDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Marius Wyss (marius.wyss@microsoft.com) 9 | Script: Get-TemplateDetection 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: User 14 | Context: 64 Bit 15 | #> 16 | 17 | # Detect which WHfB method has been configured 18 | 19 | #region SetupLog 20 | $LogDir = $env:temp + "\Logs" 21 | $LogDirSubFolderName = "YOURFOLDERNAME" 22 | $LogFilePath = $env:temp + "\Logs\$LogDirSubFolderName" 23 | $LogFileName = $env:computername + "_WHfB_enrolled_method.log" 24 | $LogFileFullPath = $LogFilePath + "\" + $LogFileName 25 | 26 | # check if folder exists or create 27 | If (-Not (Test-Path -Path $LogDir -PathType Container)) { 28 | New-Item -Path $env:temp -Name "Logs" -ItemType "directory" > $null 29 | } 30 | If (-Not (Test-Path -Path $LogFilePath -PathType Container)) { 31 | New-Item -Path $LogDir -Name $LogDirSubFolderName -ItemType "directory" > $null 32 | } 33 | #endregion SetupLog 34 | 35 | Start-Transcript $LogFileFullPath -Append 36 | 37 | # Check WHfB reg key 38 | $LoggedOnUserSID = [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value 39 | $PinKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\$LoggedOnUserSID" 40 | $BioKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WinBio\AccountInfo\$LoggedOnUserSID" 41 | $BioValueName = "EnrolledFactors" 42 | $PinValueName = "LogonCredsAvailable" 43 | 44 | $exitcode = 1 45 | $exitmessage = "Uncaught error" 46 | 47 | Try { 48 | # Check if WH4B is configured 49 | $PinSetup = Get-ItemProperty -Path $PinKeyPath -Name $PinValueName -ErrorAction Continue 50 | # Check if Pin is configured 51 | if ([int]$PinSetup.LogonCredsAvailable -eq 1) { 52 | # Check if any Biometrics is configured 53 | if (Test-Path -Path $BioKeyPath) { 54 | $BioMetrics = Get-ItemProperty -Path $BioKeyPath -Name $BioValueName -ErrorAction Continue 55 | if ($BioMetrics) { 56 | $exitcode = 0 57 | switch ($BioMetrics.EnrolledFactors) { 58 | 0xa { $exitmessage = "Face and Fingerprint configured" } 59 | 0x2 { $exitmessage = "Face configured" } 60 | 0x8 { $exitmessage = "Fingerprint configured" } 61 | default { $exitmessage = "Unknown Biometric configured" } 62 | } 63 | } 64 | else { 65 | $exitmessage = "LogonCredsAvailable Value is not there" 66 | Write-Warning $exitmessage 67 | $exitcode = 1 68 | } 69 | } 70 | # Only PIN is configured 71 | else { 72 | $exitmessage = "PIN configured" 73 | #Write-Host $exitmessage 74 | $exitcode = 0 75 | } 76 | } 77 | else { 78 | $exitmessage = "Windows Hello not configured" 79 | Write-Warning $exitmessage 80 | $exitcode = 1 81 | } 82 | 83 | } 84 | catch { 85 | if ($_ -contains "Cannot find path") { 86 | $exitmessage = "Windows Hello not configured" 87 | Write-Warning $exitmessage 88 | $exitcode = 1 89 | } 90 | else { 91 | $exitmessage = "Something went wrong:" + $_ 92 | Write-Error $exitmessage 93 | $exitcode = 1 94 | } 95 | } 96 | Stop-Transcript 97 | Write-Host $exitmessage 98 | Exit $exitcode -------------------------------------------------------------------------------- /Get-WH4BEnrolledMethods/README.md: -------------------------------------------------------------------------------- 1 | # WH4B - Enrolled Methods 2 | 3 | This script detects the Windows Hello for Business enrolled/configured methods and outputs them as Pre-remediation detection output. 4 | The output can be any of these states: 5 | 6 | Normal states (exit 0) 7 | 8 | - `PIN configured` 9 | - `Face and Fingerprint configured` 10 | - `Face configured` 11 | - `Fingerprint configured` 12 | - `Windows Hello not configured` 13 | 14 | >If a biometric is configured a PIN is also configured. If a PIN is configured a biometric is not necessarily configured. 15 | 16 | Error states: (exit 1) 17 | 18 | - `LogonCredsAvailable Value is not there` 19 | - `Unknown Biometric configured` 20 | - `Something went wrong` 21 | - `Uncaught error` 22 | 23 | ## Usage/Examples 24 | 25 | In **detect.ps1** change the ```$LogDirSubFolderName = "YOURFOLDERNAME"```. Import it a dectection script, make sure: 26 | 27 | - Run this script using the logged-on credentials = Yes 28 | - Run script in 64-bit PowerShell = Yes 29 | 30 | Schedule it to run repeatedly, e.g. daily. 31 | 32 | ## Troubleshooting/Logs 33 | 34 | The log file is created in the users temp folder, e.g. `C:\Users\username\AppData\Local\Temp\YOURFOLDERNAME\_WHfB_enrolled_method.log` 35 | -------------------------------------------------------------------------------- /Get-WH4BLastUsedMethod/Get-WH4BLastUsedMethodDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Marius Wyss (marius.wyss@microsoft.com) 9 | Script: Get-WH4BLastUsedMethodDetection 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: User 14 | Context: 64 Bit 15 | #> 16 | 17 | # Detect which Windows Hello for Business authentication method has been last used 18 | 19 | #region SetupLog 20 | $LogDir = $env:temp + "\Logs" 21 | $LogDirSubFolderName = "YOURFOLDERNAME" 22 | $LogFilePath = $env:temp + "\Logs\$LogDirSubFolderName" 23 | $LogFileName = $env:computername + "_WHfB_lastused_method.log" 24 | $LogFileFullPath = $LogFilePath + "\" + $LogFileName 25 | 26 | # check if folder exists or create 27 | If (-Not (Test-Path -Path $LogDir -PathType Container)) { 28 | New-Item -Path $env:temp -Name "Logs" -ItemType "directory" > $null 29 | } 30 | If (-Not (Test-Path -Path $LogFilePath -PathType Container)) { 31 | New-Item -Path $LogDir -Name $LogDirSubFolderName -ItemType "directory" > $null 32 | } 33 | #endregion SetupLog 34 | 35 | Start-Transcript $LogFileFullPath -Append 36 | 37 | # Check Last Login Path reg key 38 | $LastLogin = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" 39 | $LastLoginvalue = "LastLoggedOnProvider" 40 | 41 | 42 | $exitcode = 1 43 | $exitmessage = "" 44 | 45 | Try { 46 | # Check Last Login 47 | if (Test-Path -Path $LastLogin) { 48 | $LoginMetrics = Get-ItemProperty -Path $Lastlogin -Name $LastLoginvalue -ErrorAction Continue 49 | if ($LoginMetrics) { 50 | $exitcode = 0 51 | switch ($LoginMetrics.LastLoggedOnProvider) { 52 | '{D6886603-9D2F-4EB2-B667-1971041FA96B}' { $exitmessage = "Pin authentication" } 53 | '{BEC09223-B018-416D-A0AC-523971B639F5}' { $exitmessage = "Fingerprint authentication" } 54 | '{8AF662BF-65A0-4D0A-A540-A338A999D36F}' { $exitmessage = "Facial authentication" } 55 | '{60B78E88-EAD8-445C-9CFD-0B87F74EA6CD}' { $exitmessage = "Password authentication" } 56 | '{F8A1793B-7873-4046-B2A7-1F318747F427}' { $exitmessage = "FIDO authentication" } 57 | default { $exitmessage = "Unknown device authentication" } 58 | } 59 | } else { 60 | $exitmessage = "LastLoggedOnProvider Value is not there" 61 | Write-Warning $exitmessage 62 | $exitcode = 1 63 | } 64 | } 65 | 66 | } catch { 67 | if ($_ -contains "Cannot find path") { 68 | $exitmessage = "Authentication method cannot be checked" 69 | Write-Warning $exitmessage 70 | $exitcode = 1 71 | } else { 72 | $exitmessage = "Something went wrong:" + $_ 73 | Write-Error $exitmessage 74 | $exitcode = 1 75 | } 76 | } 77 | 78 | Stop-Transcript 79 | Write-Host $exitmessage 80 | Exit $exitcode -------------------------------------------------------------------------------- /Get-WH4BLastUsedMethod/README.md: -------------------------------------------------------------------------------- 1 | # WH4B - Last Used Method 2 | 3 | This script is used to detect the last used method for Windows Hello for Business. It is a detect-only script. 4 | 5 | Normal states (exit 0) 6 | 7 | - `Pin authentication` 8 | - `Fingerprint authentication` 9 | - `Facial authentication` 10 | - `Password authentication` 11 | - `FIDO authentication` 12 | 13 | Error states: (exit 1) 14 | 15 | - `LastLoggedOnProvider Value is not there` 16 | - `Authentication method cannot be checked` 17 | - `Something went wrong:` 18 | 19 | ## Usage/Examples 20 | 21 | In **detect.ps1** change the ```$LogDirSubFolderName = "YOURFOLDERNAME"```. Import it a dectection script, make sure: 22 | 23 | - Run this script using the logged-on credentials = Yes 24 | - Run script in 64-bit PowerShell = Yes 25 | 26 | Schedule it to run repeatedly, e.g. daily. 27 | 28 | ## Troubleshooting/Logs 29 | 30 | The log file is created in the users temp folder, e.g. `C:\Users\username\AppData\Local\Temp\YOURFOLDERNAME\_WHfB_lastused_method.log` 31 | -------------------------------------------------------------------------------- /Install-CMTrace/detect-cmtrace.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-cmtrace.ps1 9 | Description: Detects if CMTrace is installed 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | $Path = "c:\windows\system32\cmtrace.exe" 16 | 17 | Try { 18 | $check = Test-Path -Path $path -ErrorAction Stop 19 | If ($check -eq $true){ 20 | Write-Output "Compliant" 21 | Exit 0 22 | } 23 | Write-Warning "Not Compliant" 24 | Exit 1 25 | } 26 | Catch { 27 | Write-Warning "Not Compliant" 28 | Exit 1 29 | } -------------------------------------------------------------------------------- /Install-CMTrace/install-cmtrace-remediate.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: install-cmtrace-remediate.ps1 9 | Description: Installs CMTrace to c:\windows\system32 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | ## Downlaod CMTracered from the following repository andd copy it in your own repo "https://github.com/andrew-s-taylor/public/raw/main/Troubleshooting/CMTrace.exe" 17 | $ownRepoUri = "https://github.com/......." 18 | 19 | invoke-webrequest -uri $ownRepoUri -outfile "C:\Windows\System32\cmtrace.exe" 20 | -------------------------------------------------------------------------------- /Invoke-ClearRecycleBin/Invoke-ClearRecycleBinDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-ClearRecycleBin 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | Write-Host "Script will always be triggered" 17 | exit 1 18 | -------------------------------------------------------------------------------- /Invoke-ClearRecycleBin/Invoke-ClearRecycleBinRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-ClearRecycleBin 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | Clear-RecycleBin -Force -------------------------------------------------------------------------------- /Invoke-CurrentUserLoggedOff/Get-CurrentUserLoggedOffDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-CurrentUserLoggedOff 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Invoke-CurrentUserLoggedOff/Get-CurrentUserLoggedOffRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Get-TemplateRemediation 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | $timeout = 60 17 | Add-Type -AssemblyName PresentationCore,PresentationFramework 18 | $msgBody = "You will be logged out in $timeout seconds" 19 | [System.Windows.MessageBox]::Show($msgBody) 20 | 21 | 22 | shutdown /L /f $timeout -------------------------------------------------------------------------------- /Invoke-DiskRepair/Get-TemplateDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-DiskRepair 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Invoke-DiskRepair/Get-TemplateRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-DiskRepair 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | Repair-Volume -DriveLetter C -OfflineScanAndFix -------------------------------------------------------------------------------- /Invoke-DnsClearCache/Invoke-DnsClearCacheDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-DnsClearCache 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Invoke-DnsClearCache/Invoke-DnsClearCacheRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-DnsClearCache 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | Clear-DnsClientCache -------------------------------------------------------------------------------- /Invoke-Shutdown/Invoke-ShutdownDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-Shutdown 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin/User 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Invoke-Shutdown/Invoke-ShutdownRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-Shutdown 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin/User 13 | Context: 64 Bit 14 | #> 15 | 16 | $timeout = 60 17 | Add-Type -AssemblyName PresentationCore,PresentationFramework 18 | $msgBody = "Shutdown triggered in $timeout seconds" 19 | [System.Windows.MessageBox]::Show($msgBody) 20 | 21 | 22 | shutdown /r /t $timeout /d p:0:0 -------------------------------------------------------------------------------- /Invoke-TeamsInstallation/Invoke-TeamsInstallationDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-TeamsInstallation 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Invoke-TeamsInstallation/Invoke-TeamsInstallationRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-TeamsInstallation 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | $url = 'https://aka.ms/teams64bitmsi' 17 | $client = new-object System.Net.WebClient 18 | $client.DownloadFile($url,$TeamsPath) 19 | 20 | $return = Start-Process msiexec.exe -Wait -ArgumentList "/I $TeamsPath /qn /norestart" -PassThru 21 | 22 | if(@(0,3010) -contains $return.ExitCode){ 23 | return 'Installed' 24 | } 25 | else{ 26 | return 'Error Installing' 27 | } 28 | -------------------------------------------------------------------------------- /Invoke-TeamsReinstallation/Invoke-TeamsReinstallationDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-TeamsReinstallation 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | if(Get-WmiObject -Class Win32_Product | Where-Object{$_.Name -eq "Teams Machine-Wide Installer"}){ 17 | return 1 18 | }else{ 19 | return 0 20 | } 21 | -------------------------------------------------------------------------------- /Invoke-TeamsReinstallation/Invoke-TeamsReinstallationRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Invoke-TeamsReinstallation 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | $MachineWide = Get-WmiObject -Class Win32_Product | Where-Object{$_.Name -eq "Teams Machine-Wide Installer"} 17 | $MachineWide.Uninstall() 18 | 19 | $url = 'https://aka.ms/teams64bitmsi' 20 | $client = new-object System.Net.WebClient 21 | $client.DownloadFile($url,$TeamsPath) 22 | 23 | $return = Start-Process msiexec.exe -Wait -ArgumentList "/I $TeamsPath /qn /norestart" -PassThru 24 | 25 | if(@(0,3010) -contains $return.ExitCode){ 26 | return 'Installed' 27 | } 28 | else{ 29 | return 'Error Installing' 30 | } 31 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Jannik Reinhard 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Make-Speedtest/Run-SpeedttestDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Make-Speedtest 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin/User 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Make-Speedtest/Run-SpeedttestRemediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Make-Speedtest 9 | Description: https://jannikreinhard.com/2022/06/11/use-endpoint-analytics-to-find-slow-internet-breakouts/ 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin/USer 13 | Context: 64 Bit 14 | #> 15 | 16 | ################################################################################################################ 17 | ############################################# Variables ######################################################## 18 | ################################################################################################################ 19 | # Speedtest 20 | $testCount = 3 21 | # Upload a large file to your github repository or download the exaample file from my repo: 'https://github.com/JayRHa/Intune-Scripts/raw/main/Make-Speedtest/testfile.txt' 22 | #Uri from your repo or blob 23 | $testFile = "https://github.com/........" 24 | $fileSize = 5 #File size in Mbit 25 | 26 | # Log Analytics Workspcae 27 | $customerId = "" # Add Workspace ID 28 | $sharedKey = "" # Add Primary key 29 | $logType = "Speedtest" 30 | ################################################################################################################ 31 | 32 | Function Measure-NetworkSpeed($f_testFile, $f_fileSize){ 33 | $tempFile = Join-Path -Path $env:TEMP -ChildPath 'testfile.tmp' 34 | $webClient = New-Object Net.WebClient 35 | $time = Measure-Command { $webClient.DownloadFile($f_testFile,$tempFile) } | Select-Object -ExpandProperty TotalSeconds 36 | $speedMbps = ($f_fileSize / $time) * 8 37 | return $speedMbps 38 | } 39 | 40 | Function Get-PublicIp{ 41 | return (Invoke-WebRequest -uri "http://ifconfig.me/ip").Content 42 | } 43 | 44 | Function Build-Signature ($customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource) 45 | { 46 | $xHeaders = "x-ms-date:" + $date 47 | $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource 48 | 49 | $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash) 50 | $keyBytes = [Convert]::FromBase64String($sharedKey) 51 | 52 | $sha256 = New-Object System.Security.Cryptography.HMACSHA256 53 | $sha256.Key = $keyBytes 54 | $calculatedHash = $sha256.ComputeHash($bytesToHash) 55 | $encodedHash = [Convert]::ToBase64String($calculatedHash) 56 | $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash 57 | return $authorization 58 | } 59 | 60 | Function Post-LogAnalyticsData($f_customerId, $f_sharedKey, $f_body, $f_logType) 61 | { 62 | $method = "POST" 63 | $contentType = "application/json" 64 | $resource = "/api/logs" 65 | $rfc1123date = [DateTime]::UtcNow.ToString("r") 66 | $contentLength = $f_body.Length 67 | $signature = Build-Signature ` 68 | -customerId $f_customerId ` 69 | -sharedKey $f_sharedKey ` 70 | -date $rfc1123date ` 71 | -contentLength $contentLength ` 72 | -method $method ` 73 | -contentType $contentType ` 74 | -resource $resource 75 | $uri = "https://" + $f_customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01" 76 | 77 | $headers = @{ 78 | "Authorization" = $signature; 79 | "Log-Type" = $f_logType; 80 | "x-ms-date" = $rfc1123date; 81 | "time-generated-field" = ""; 82 | } 83 | 84 | $response = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $f_body -UseBasicParsing 85 | return $response.StatusCode 86 | } 87 | 88 | # Get network speed 89 | $time = 0 90 | 91 | for ($i=0; $i -lt $testCount; $i++){ 92 | $time = $time + (Measure-NetworkSpeed -f_testFile $testFile -f_fileSize $fileSize) 93 | } 94 | Write-Host ("{0:N2} Mbit/sec" -f ($time/$testCount)) 95 | $ipv4 = (Get-NetIPAddress | Where-Object {$_.AddressState -eq "Preferred" -and $_.ValidLifetime -lt "24:00:00"}).IPAddress 96 | 97 | # Send to log analytics 98 | $Properties = [Ordered] @{ 99 | "PublicIp" = Get-PublicIp 100 | "LocalIps" = $ipv4 101 | "Speed" = ($time/$testCount) 102 | "ComputerName" = $env:computername 103 | } 104 | $speedTest = (New-Object -TypeName "PSObject" -Property $Properties) | ConvertTo-Json 105 | 106 | $params = @{ 107 | f_customerId = $customerId 108 | f_sharedKey = $sharedKey 109 | f_body = ([System.Text.Encoding]::UTF8.GetBytes($speedTest)) 110 | f_logType = $logType 111 | } 112 | $logResponse = Post-LogAnalyticsData @params 113 | exit 0 114 | -------------------------------------------------------------------------------- /OneDrive Folder - Always Offline/detection-ODFolderOffline.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detection-ODFolderOffline 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | $CompanyName = "scloud" # company name you habe in your OneDrive sync 17 | $ODFolder = "Desktop" 18 | 19 | try{ 20 | 21 | # OneDrive Path 22 | $OneDrive_path = "C:\Users\$env:username\OneDrive - $CompanyName\$ODFolder" 23 | 24 | $Status_current = $(attrib.exe $OneDrive_path) -replace(" ","") 25 | $Status_target = "RP"+$($OneDrive_path) -replace(" ","") 26 | if($Status_current -ne $Status_target){ 27 | Write-Warning "Not offline available: $OneDrive_path" 28 | Exit 1 29 | }else{ 30 | Write-Output "Folder already offline available" 31 | Exit 0 32 | } 33 | } 34 | catch { 35 | Write-Error $_ 36 | Exit 1 37 | } 38 | -------------------------------------------------------------------------------- /OneDrive Folder - Always Offline/remediation-ODFolderOffline.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediation-ODFolderOffline 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | $CompanyName = "scloud" # company name you habe in your OneDrive sync 17 | $ODFolder = "Desktop" 18 | 19 | try{ 20 | 21 | # OneDrive Path 22 | $OneDrive_path = "C:\Users\$env:username\OneDrive - $CompanyName\$ODFolder" 23 | 24 | # Process main folder 25 | attrib.exe $OneDrive_path -U +P /s /d 26 | 27 | # Process child items 28 | Get-ChildItem $OneDrive_path -Recurse | Select-Object Fullname | ForEach-Object { attrib.exe $_.FullName -U +P } 29 | 30 | }catch{ 31 | Write-Error $_ 32 | } 33 | -------------------------------------------------------------------------------- /Profile-Backup/detect-backup.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-backup.ps1 9 | Description: Detects if backup has been run in the last hour 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | $todaysdate = Get-Date -Format "dd-MM-yyyy-HH" 16 | $dir = $env:APPDATA + "\backup-restore" 17 | 18 | ##Open File to check contents 19 | $backupfile = $dir + "\backup.txt" 20 | $backupdate = Get-Content -Path $backupfile 21 | $checkdate = (get-date $backupdate -Format "dd-MM-yyyy-HH") 22 | ##Check if date is more than 1 hour ago 23 | if ($checkdate -lt $todaysdate) { 24 | write-host "Run again" 25 | exit 1 26 | } 27 | else { 28 | "Already run this hour" 29 | exit 0 30 | } -------------------------------------------------------------------------------- /Profile-Backup/remediate-backup.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-backup.ps1 9 | Description: Downloads custom backup script and deploys to backup user profile to OneDrive 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | $DirectoryToCreate = $env:APPDATA + "\backup-restore" 16 | if (-not (Test-Path -LiteralPath $DirectoryToCreate)) { 17 | 18 | try { 19 | New-Item -Path $DirectoryToCreate -ItemType Directory -ErrorAction Stop | Out-Null #-Force 20 | } 21 | catch { 22 | Write-Error -Message "Unable to create directory '$DirectoryToCreate'. Error was: $_" -ErrorAction Stop 23 | } 24 | "Successfully created directory '$DirectoryToCreate'." 25 | 26 | } 27 | else { 28 | "Directory already existed" 29 | } 30 | 31 | ##Download Backup Script 32 | $backupurl="https://raw.githubusercontent.com/andrew-s-taylor/public/main/Batch%20Scripts/backup.bat" 33 | $backupscript = $DirectoryToCreate + "\backup.bat" 34 | if (-not (Test-Path -LiteralPath $backupscript)) { 35 | Invoke-WebRequest -Uri $backupurl -OutFile $backupscript -UseBasicParsing 36 | } 37 | ##Download Restore Script 38 | $restoreurl="https://raw.githubusercontent.com/andrew-s-taylor/public/main/Batch%20Scripts/NEWrestore.bat" 39 | $restorescript = $DirectoryToCreate + "\restore.bat" 40 | if (-not (Test-Path -LiteralPath $restorescript)) { 41 | Invoke-WebRequest -Uri $restoreurl -OutFile $restorescript -UseBasicParsing 42 | } 43 | 44 | ##Download Silent Launch Script 45 | $launchurl="https://raw.githubusercontent.com/andrew-s-taylor/public/main/Batch%20Scripts/run-invisible.vbs" 46 | $launchscript = $DirectoryToCreate + "\run-invisible.vbs" 47 | if (-not (Test-Path -LiteralPath $launchscript)) { 48 | Invoke-WebRequest -Uri $launchurl -OutFile $launchscript -UseBasicParsing 49 | } 50 | 51 | ##Run it 52 | $acommand = "C:\Windows\System32\Cscript.exe $DirectoryToCreate\run-invisible.vbs" 53 | 54 | Invoke-Expression $acommand 55 | 56 | ##Create/Update txt for detection 57 | $todaysdate = Get-Date -Format "dd-MM-yyyy-HH" 58 | $detection = $DirectoryToCreate + "\backup.txt" 59 | if (-not (Test-Path -LiteralPath $detection)) { 60 | New-Item -Path $detection -ItemType File -Force 61 | Add-Content -Path $detection -Value $todaysdate 62 | } 63 | else { 64 | set-Content -Path $detection -Value $todaysdate 65 | } 66 | 67 | -------------------------------------------------------------------------------- /Profile-cleanup/detect-old-profiles.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-old-profiles.ps1 9 | Description: Detects if there are profiles older than 30 days 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | $days = 30 16 | $profiles = (get-CimInstance win32_userprofile | Where-Object {$_.LastUseTime -lt $(Get-Date).Date.AddDays(-$days)}) 17 | $profilecount = $profiles.Count 18 | if ($profilecount -gt 0) { 19 | write-host "There are profiles to remove" -ForegroundColor Red 20 | Exit 1 21 | } 22 | else { 23 | write-host "No old profiles to remove" -ForegroundColor Green 24 | Exit 0 25 | } -------------------------------------------------------------------------------- /Profile-cleanup/remediate-old-profiles.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-old-profiles.ps1 9 | Description: Removes old user profiles over 30 days old via DelProf1 or DelProf2 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | $days = 30 16 | $profiles = (get-CimInstance win32_userprofile | Where-Object {$_.LastUseTime -lt $(Get-Date).Date.AddDays(-$days)}) 17 | $profilecount = $profiles.Count 18 | if ($profilecount -gt 0) { 19 | write-host "There are profiles to remove" -ForegroundColor Red 20 | ##Temp location to use 21 | $tempdir = $env:TEMP 22 | ##Comment out whichever version you don't want to use 23 | 24 | ##Download DelProf1 25 | Invoke-WebRequest -URI "https://github.com/andrew-s-taylor/public/raw/main/delprof/delprof.exe" -OutFile "$tempdir\delprof.exe" 26 | ##Run DelProf1 27 | Start-Process -FilePath "$tempdir\delprof.exe" -ArgumentList /Q /D:$days 28 | Remove-Item "$tempdir\delprof.exe" 29 | 30 | ##Download DelProf2 31 | Invoke-WebRequest -URI "https://github.com/andrew-s-taylor/public/raw/main/delprof/DelProf2.exe" -OutFile "$tempdir\delprof2.exe" 32 | ##Run DelProf2 33 | Start-Process -FilePath "$tempdir\delprof2.exe" -ArgumentList /q /d:$days 34 | remove-item "$tempdir\delprof2.exe" 35 | 36 | } 37 | else { 38 | write-host "No old profiles to remove" -ForegroundColor Green 39 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Endpoint Analytics Remediation Scripts 2 | 3 | ## Intro 4 | This repository is a community project where we try to implement many ready to use endpoint analytics remediation scripts and provide this to the Intune community. If you have further ideas we would be happy if you send them to us, open an issue on this repository or create a pull request. 5 | 6 | ## Contribution 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 |
Andrew Taylor
Andrew Taylor
💬 💬		Florian Salzmann
Florian Salzmann
💬 💬		Joey Verlinden
Joey Verlinden
💬 💬		Jannik Reinhard
Jannik Reinhard
💬 💬		Simon Skotheimsvik
Simon Skotheimsvik
💬		Marius Wyss
Marius Wyss
💬		albanytech
albanytech
💬		jjhfarmer
jjhfarmer
💬
22 | 23 | ## How to contribute? 24 | If you have a idea for a script which is missing, contact us via our blog social media or open an issue on the repository with an description of your idea: 25 | ![issue](https://github.com/JayRHa/EndpointAnalyticsRemediationScripts/blob/main/.images/submitIdea.png) 26 | 27 | If you have an script which you want to upload to this repository use our template in the *0 - Template* folder and create an pull request. 28 | 29 | ## How to add a remediation script 30 | - Open the [Intune Portal](https://endpoint.microsoft.com/) 31 | - Navigate to **Reports** -> **Endpoint Analytics** 32 | - Click **+ Create script package** 33 | ![1](https://github.com/JayRHa/EndpointAnalyticsRemediationScripts/blob/main/.images/1.webp) 34 | - Enter a **Name** and click **Next** 35 | ![2](https://github.com/JayRHa/EndpointAnalyticsRemediationScripts/blob/main/.images/2.webp) 36 | - Upload the **Detection script**. 37 | - Click **Next** > **Next** 38 | ![2](https://github.com/JayRHa/EndpointAnalyticsRemediationScripts/blob/main/.images/3.webp) 39 | - Assign the script to a **group** 40 | - Create a **schedule**. 41 | - Click **Next** > **Create** 42 | ![2](https://github.com/JayRHa/EndpointAnalyticsRemediationScripts/blob/main/.images/4.webp) 43 | 44 | ## Disclosure 45 | This is a community repository. There is no guarantee for this. Please check thoroughly before running the scripts. 46 | -------------------------------------------------------------------------------- /Remove Teams Chat/detect-teams-chat.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-teams-chat.ps1 9 | Description: Detects if Teams Chat is installed 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | ##Detect Teams Chat 16 | 17 | $MSTeams = "MicrosoftTeams" 18 | ##Look for Package 19 | $WinPackage = Get-AppxPackage -allusers | Where-Object {$_.Name -eq $MSTeams} 20 | $ProvisionedPackage = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $WinPackage } 21 | ##Set a detection counter 22 | $detection = 0 23 | ##If the package is found, increment the counter 24 | if ($null -ne $WinPackage) 25 | { 26 | $detection++ 27 | } 28 | if ($null -ne $ProvisionedPackage) 29 | { 30 | $detection++ 31 | } 32 | 33 | if ($detection -eq 0) { 34 | write-host "Teams Chat not found, compliance met" 35 | exit 0 36 | } 37 | else { 38 | write-host "Teams Chat found, compliance not met" 39 | exit 1 40 | } 41 | 42 | -------------------------------------------------------------------------------- /Remove Teams Chat/remediate-teams-chat.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-teams-chat.ps1 9 | Description: Removes Teams Chat (fully) 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | #Remove Teams Chat 17 | $MSTeams = "MicrosoftTeams" 18 | 19 | $WinPackage = Get-AppxPackage -allusers | Where-Object {$_.Name -eq $MSTeams} 20 | $ProvisionedPackage = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $WinPackage.Name } 21 | If ($null -ne $WinPackage) 22 | { 23 | Remove-AppxPackage -Package $WinPackage.PackageFullName 24 | } 25 | 26 | If ($null -ne $ProvisionedPackage) 27 | { 28 | Remove-AppxProvisionedPackage -online -Packagename $ProvisionedPackage.Packagename 29 | } 30 | 31 | ##Tweak reg permissions 32 | invoke-webrequest -uri "https://github.com/andrew-s-taylor/public/raw/main/De-Bloat/SetACL.exe" -outfile "C:\Windows\Temp\SetACL.exe" 33 | C:\Windows\Temp\SetACL.exe -on "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" -ot reg -actn setowner -ownr "n:administrators" 34 | C:\Windows\Temp\SetACL.exe -on "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" -ot reg -actn ace -ace "n:administrators;p:full" 35 | Remove-Item C:\Windows\Temp\SetACL.exe -recurse 36 | 37 | 38 | ##Stop it coming back 39 | $registryPath = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" 40 | If (!(Test-Path $registryPath)) { 41 | New-Item $registryPath 42 | } 43 | Set-ItemProperty $registryPath ConfigureChatAutoInstall -Value 0 44 | 45 | 46 | ##Unpin it 47 | $registryPath = "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Chat" 48 | If (!(Test-Path $registryPath)) { 49 | New-Item $registryPath 50 | } 51 | Set-ItemProperty $registryPath "ChatIcon" -Value 2 52 | write-host "Removed Teams Chat" 53 | -------------------------------------------------------------------------------- /Remove-ConsumerApps/README.md: -------------------------------------------------------------------------------- 1 | # Remove Consumer Apps 2 | 3 | This script removes apps for all users by a given list of app names and app package names. It also removes the provisioned packages for new users. 4 | 5 | ## Usage/Examples 6 | 7 | In **Remove-ConsumerAppsDetection.ps1** and **Remove-ConsumerAppsRemediation.ps1** change the list of apps to remove: 8 | 9 | ```powershell 10 | $ConsumerApps = @{ 11 | "Microsoft.XboxApp" = "Xbox App" 12 | "Microsoft.XboxGameOverlay" = "Xbox Game Overlay" 13 | "Microsoft.Xbox.TCUI" = "Xbox TCUI" 14 | "Microsoft.MicrosoftSolitaireCollection" = "Solitaire Collection" 15 | "Microsoft.549981C3F5F10" = "Cortana" 16 | "Vendor.Appname" = "My Custom App Name" 17 | } 18 | ``` 19 | 20 | Import it a dectection script, make sure: 21 | 22 | - Run this script using the logged-on credentials = No 23 | - Run script in 64-bit PowerShell = Yes 24 | 25 | Schedule it to run repeatedly, e.g. once 26 | -------------------------------------------------------------------------------- /Remove-ConsumerApps/Remove-ConsumerAppsDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Marius Wyss (marius.wyss@microsoft.com) 5 | Script: Remove-ConsumerAppsDetection.ps1 6 | Description: 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: System 10 | Context: 64 Bit 11 | #> 12 | 13 | $ConsumerApps = @{ 14 | "Microsoft.XboxApp" = "Xbox App" 15 | "Microsoft.XboxGameOverlay" = "Xbox Game Overlay" 16 | "Microsoft.Xbox.TCUI" = "Xbox TCUI" 17 | "Microsoft.MicrosoftSolitaireCollection" = "Solitaire Collection" 18 | "Microsoft.549981C3F5F10" = "Cortana" 19 | } 20 | 21 | # Check if any of the Consumer Apps are installed 22 | $UninstallPackages = $ConsumerApps.Keys 23 | 24 | $InstalledPackages = Get-AppxPackage -AllUsers | Where { ($UninstallPackages -contains $_.Name) } 25 | 26 | If ($InstalledPackages -eq $null) { 27 | Write-Output "No Consumer Apps installed" 28 | Exit 0 29 | } 30 | 31 | If ($InstalledPackages -ne $null) { 32 | $out = "Consumer Apps installed: ({0})" -f $($($ConsumerApps[$InstalledPackages.Name]) -join ', ') 33 | Write-Output $out 34 | Exit 1 35 | } 36 | -------------------------------------------------------------------------------- /Remove-ConsumerApps/Remove-ConsumerAppsRemediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Marius Wyss (marius.wyss@microsoft.com) 5 | Script: Remove-ConsumerAppsRemediation.ps1 6 | Description: 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: System 10 | Context: 64 Bit 11 | #> 12 | 13 | $ConsumerApps = @{ 14 | "Microsoft.XboxApp" = "Xbox App" 15 | "Microsoft.XboxGameOverlay" = "Xbox Game Overlay" 16 | "Microsoft.Xbox.TCUI" = "Xbox TCUI" 17 | "Microsoft.MicrosoftSolitaireCollection" = "Solitaire Collection" 18 | "Microsoft.549981C3F5F10" = "Cortana" 19 | } 20 | 21 | 22 | # Uninstall all Consumer Apps 23 | # Check if any of the Consumer Apps are installed 24 | $UninstallPackages = $ConsumerApps.Keys 25 | 26 | $InstalledPackages = Get-AppxPackage -AllUsers | Where { ($UninstallPackages -contains $_.Name) } 27 | 28 | 29 | $out = @() 30 | foreach ($App in $InstalledPackages) { 31 | try { 32 | Get-AppxPackage -Name $($App.Name) -AllUsers | Remove-AppxPackage -AllUsers | Out-Null 33 | $AllAppXProvisionedPackage | Where { $_.DisplayName -eq $($App.Name) } | Remove-AppxProvisionedPackage -Online | Out-Null 34 | $out += $App.Name 35 | } 36 | catch { 37 | $errMsg = $_.Exception.Message 38 | return $errMsg 39 | Exit 1 40 | } 41 | } 42 | 43 | if ($out.Count -eq 0) { 44 | Write-Output "No Consumer Apps found" 45 | Exit 0 46 | } 47 | 48 | if ($out.Count -gt 0) { 49 | Write-Output "Consumer Apps removed: ($($out -join ', '))" 50 | Exit 0 51 | } 52 | 53 | -------------------------------------------------------------------------------- /Remove-ProxySettings/Remove-ProxySettingsDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remove-ProxySettings 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | if(Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' | findstr ProxyServerv){ 17 | Write-Host "Proxy server found" 18 | return 1 19 | }else{ 20 | Write-Host "No proxy server set" 21 | return 0 22 | } 23 | -------------------------------------------------------------------------------- /Remove-ProxySettings/Remove-ProxySettingsRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Remove-ProxySettings 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name ProxyEnable -Type DWord -Value 0 17 | Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name ProxyServer -Type String -Value "" -------------------------------------------------------------------------------- /Remove-WindowsBackup/detect-backup.ps1: -------------------------------------------------------------------------------- 1 | $filepath = "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackup\Assets" 2 | if (Test-Path $filepath) { 3 | write-host "It's there, kill it" 4 | exit 1 5 | } 6 | else { 7 | write-host "All good, relax" 8 | exit 0 9 | } -------------------------------------------------------------------------------- /Remove-WindowsBackup/remediate-backup.ps1: -------------------------------------------------------------------------------- 1 | Remove-WindowsPackage -Online -PackageName "Microsoft-Windows-UserExperience-Desktop-Package~31bf3856ad364e35~amd64~~10.0.19041.3393" -------------------------------------------------------------------------------- /Reset Windows Update/ResetWindowsUpdateDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - JOrgen Nilsson (ccmexec.com) 5 | Script: ResetWindowsUpdateDetection.ps1 6 | Description: 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | # Always trigger 14 | Write-Host "Script will always be triggered" 15 | exit 1 -------------------------------------------------------------------------------- /Reset Windows Update/ResetWindowsUpdateRemediation.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - JOrgen Nilsson (ccmexec.com) 5 | Script: ResetWindowsUpdateRemediation.ps1 6 | Description: 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | $DependentService = Get-Service -name cryptsvc -DependentServices |Where-Object status -eq Started 13 | if ($DependentService) {Stop-Service $DependentService -Force} 14 | Stop-Service -Name wuauserv 15 | Stop-Service -Name cryptsvc -Force 16 | Stop-Service -Name bits -Force 17 | 18 | if (Test-Path $Env:Windir\SoftwareDistribution.bak) { 19 | Remove-Item $Env:Windir\SoftwareDistribution.bak -Recurse -Force 20 | Rename-Item -Path $Env:Windir\SoftwareDistribution -NewName SoftwareDistribution.bak 21 | } else { 22 | Rename-Item -Path $Env:Windir\SoftwareDistribution -NewName SoftwareDistribution.bak 23 | } 24 | 25 | if (Test-Path $Env:Windir\System32\catroot2.bak) { 26 | Remove-Item $Env:Windir\System32\catroot2.bak -Recurse -Force 27 | Rename-Item -Path $Env:Windir\System32\catroot2 -NewName catroot2.bak 28 | } else { 29 | Rename-Item -Path $Env:Windir\System32\catroot2 -NewName catroot2.bak 30 | } 31 | 32 | Start-Service -Name cryptsvc 33 | Start-Service -Name bits 34 | Start-Service -Name wuauserv 35 | if ($DependentService) {Start-Service $DependentService} 36 | 37 | wuauclt /updatenow 38 | Exit 0 -------------------------------------------------------------------------------- /Reset-SoftwareDistributionFolder/Detect-Reset-SoftwareDistributionFolder.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Jose Schenardie (intune.tech) 5 | Script: Detect-Reset-SoftwareDistributionFolder 6 | Description: Script to reset the SoftwareDistribution folder by stopping Windows Updates services, renaming the folder to SoftwareDistribution.old and starting the services again. 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | if (Test-Path C:\Windows\SoftwareDistribution.old) 13 | {exit 0} 14 | else 15 | {exit 1} -------------------------------------------------------------------------------- /Reset-SoftwareDistributionFolder/Remediate-Reset-SoftwareDistributionFolder.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Jose Schenardie (intune.tech) 5 | Script: Remediate-Reset-SoftwareDistributionFolder 6 | Description: Script to reset the SoftwareDistribution folder by stopping Windows Updates services, renaming the folder to SoftwareDistribution.old and starting the services again. 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | Get-Service -Name wuauserv | Stop-Service 13 | Rename-Item -Path C:\Windows\SoftwareDistribution -NewName SoftwareDistribution.old 14 | Get-Service -Name wuauserv | Start-Service -------------------------------------------------------------------------------- /Restart-Service-Generic/detect-service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-service.ps1 9 | Description: Detects if service exists and is running 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $servicename = "ServiceName" 17 | 18 | $checkarray = 0 19 | 20 | $serviceexist = Get-Service -Name $servicename -ErrorAction SilentlyContinue 21 | if ($null -ne $serviceexist) { 22 | $checkarray++ 23 | } 24 | 25 | $servicerunning = Get-Service -Name $servicename | Where-Object {$_.Status -eq "Running"} 26 | if ($null -ne $servicerunning) { 27 | $checkarray++ 28 | } 29 | 30 | if ($checkarray -ne 0) { 31 | Write-Host "Service is available and running" 32 | exit 0 33 | } else { 34 | Write-Host "Service is not there/running" 35 | exit 1 36 | } -------------------------------------------------------------------------------- /Restart-Service-Generic/restart-service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: restart-service.ps1 9 | Description: Restarts any service 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $servicename = "ServiceName" 17 | 18 | Restart-Service -Name $servicename -Force -------------------------------------------------------------------------------- /Restart-Windows-Search-Service/detect-search-service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-search-service.ps1 9 | Description: Detects if Windows Search service exists and is running 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $servicename = "WSearch" 17 | 18 | $checkarray = 0 19 | 20 | $serviceexist = Get-Service -Name $servicename -ErrorAction SilentlyContinue 21 | if ($null -ne $serviceexist) { 22 | $checkarray++ 23 | } 24 | 25 | $servicerunning = Get-Service -Name $servicename | Where-Object {$_.Status -eq "Running"} 26 | if ($null -ne $servicerunning) { 27 | $checkarray++ 28 | } 29 | 30 | if ($checkarray -ne 0) { 31 | Write-Host "Service is available and running" 32 | exit 0 33 | } else { 34 | Write-Host "Service is not there/running" 35 | exit 1 36 | } -------------------------------------------------------------------------------- /Restart-Windows-Search-Service/restart-search-service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: restart-search-service.ps1 9 | Description: Restarts Windows Search service 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $servicename = "WSearch" 17 | 18 | Restart-Service -Name $servicename -Force -------------------------------------------------------------------------------- /Restart-Windows-Update-Service/detect-wu-service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-wu-service.ps1 9 | Description: Detects if Windows Update exists and is running 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $servicename = "wuauserv" 17 | 18 | $checkarray = 0 19 | 20 | $serviceexist = Get-Service -Name $servicename -ErrorAction SilentlyContinue 21 | if ($null -ne $serviceexist) { 22 | $checkarray++ 23 | } 24 | 25 | $servicerunning = Get-Service -Name $servicename | Where-Object {$_.Status -eq "Running"} 26 | if ($null -ne $servicerunning) { 27 | $checkarray++ 28 | } 29 | 30 | if ($checkarray -ne 0) { 31 | Write-Host "Service is available and running" 32 | exit 0 33 | } else { 34 | Write-Host "Service is not there/running" 35 | exit 1 36 | } -------------------------------------------------------------------------------- /Restart-Windows-Update-Service/restart-wu-service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: restart-wu-service.ps1 9 | Description: Restarts Windows Update service 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $servicename = "wuauserv" 17 | 18 | Restart-Service -Name $servicename -Force -------------------------------------------------------------------------------- /Run-Browser/Get-TemplateDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Run-Browser 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | # Always trigger 17 | Write-Host "Script will always be triggered" 18 | exit 1 -------------------------------------------------------------------------------- /Run-Browser/Get-TemplateRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Run-Browser 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | 17 | Start "https://www.bing.com" -------------------------------------------------------------------------------- /Run-ConnectionTest/Run-ConnectionTestDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Run-ConnectionTest 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin/User 13 | Context: 64 Bit 14 | #> 15 | 16 | function Get-ConnectionTest { 17 | param( 18 | [Parameter(Mandatory)] 19 | $connections, 20 | 21 | [Parameter(Mandatory)] 22 | [int]$port 23 | ) 24 | 25 | $success = $true 26 | $connections | ForEach-Object { 27 | $result = (Test-NetConnection -Port $port -ComputerName $_.uri) 28 | if(-not($result.TcpTestSucceeded)) { 29 | $success = $false 30 | } 31 | } 32 | return $success 33 | } 34 | 35 | 36 | ########################################################################### 37 | ################################# START ################################### 38 | ########################################################################### 39 | $connections443 = @( 40 | [pscustomobject]@{uri='www.msftconnecttest.com';Area='Connection test'}, 41 | 42 | [pscustomobject]@{uri='login.microsoftonline.com';Area='Microsoft authentication'}, 43 | [pscustomobject]@{uri='aadcdn.msauth.net';Area='Microsoft authentication'}, 44 | 45 | [pscustomobject]@{uri='enterpriseregistration.windows.net';Area='Intune'}, 46 | [pscustomobject]@{uri='enterpriseenrollment-s.manage.microsoft.com';Area='Intune'}, 47 | [pscustomobject]@{uri='enterpriseEnrollment.manage.microsoft.com';Area='Intune'}, 48 | [pscustomobject]@{uri='enrollment.manage.microsoft.com';Area='Intune'}, 49 | [pscustomobject]@{uri='portal.manage.microsoft.com';Area='Intune'}, 50 | [pscustomobject]@{uri='config.office.com';Area='Intune'}, 51 | [pscustomobject]@{uri='graph.windows.net';Area='Intune'}, 52 | [pscustomobject]@{uri='m.manage.microsoft.com';Area='Intune'}, 53 | [pscustomobject]@{uri='fef.msuc03.manage.microsoft.com';Area='Intune'}, 54 | [pscustomobject]@{uri='mam.manage.microsoft.com';Area='Intune'}, 55 | [pscustomobject]@{uri='manage.microsoft.com';Area='Intune'}, 56 | 57 | [pscustomobject]@{uri='ztd.dds.microsoft.com';Area='Autopilot Service'}, 58 | [pscustomobject]@{uri='cs.dds.microsoft.com';Area='Autopilot Service'}, 59 | [pscustomobject]@{uri='login.live.com';Area='Autopilot Service'}, 60 | 61 | [pscustomobject]@{uri='activation.sls.microsoft.com';Area='License activation'}, 62 | [pscustomobject]@{uri='licensing.mp.microsoft.com';Area='License activation'}, 63 | [pscustomobject]@{uri='validation-v2.sls.microsoft.com';Area='License activation'}, 64 | [pscustomobject]@{uri='validation.sls.microsoft.com';Area='License activation'}, 65 | [pscustomobject]@{uri='purchase.mp.microsoft.com';Area='License activation'}, 66 | [pscustomobject]@{uri='purchase.md.mp.microsoft.com';Area='License activation'}, 67 | [pscustomobject]@{uri='licensing.md.mp.microsoft.com';Area='License activation'}, 68 | [pscustomobject]@{uri='go.microsoft.com';Area='License activation'}, 69 | [pscustomobject]@{uri='displaycatalog.md.mp.microsoft.com';Area='License activation'}, 70 | [pscustomobject]@{uri='displaycatalog.mp.microsoft.com';Area='License activation'}, 71 | [pscustomobject]@{uri='activation-v2.sls.microsoft.com';Area='License activation'}, 72 | [pscustomobject]@{uri='activation.sls.microsoft.com';Area='License activation'}, 73 | 74 | [pscustomobject]@{uri='emdl.ws.microsoft.com';Area='Windows Update'}, 75 | [pscustomobject]@{uri='dl.delivery.mp.microsoft.com';Area='Windows Update'}, 76 | [pscustomobject]@{uri='update.microsoft.com';Area='Windows Update'}, 77 | [pscustomobject]@{uri='fe2cr.update.microsoft.com';Area='Windows Update'}, 78 | 79 | [pscustomobject]@{uri='autologon.microsoftazuread-sso.com';Area='Single sign-on'}, 80 | 81 | [pscustomobject]@{uri='powershellgallery.com';Area='Powershell gallery'}, 82 | 83 | [pscustomobject]@{uri='ekop.intel.com';Area='TPM check'}, 84 | [pscustomobject]@{uri='ekcert.spserv.microsoft.com';Area='TPM check'}, 85 | [pscustomobject]@{uri='ftpm.amd.com';Area='TPM check'}, 86 | 87 | [pscustomobject]@{uri='naprodimedatapri.azureedge.net';Area='Powershell and Win32'}, 88 | [pscustomobject]@{uri='naprodimedatasec.azureedge.net';Area='Powershell and Win32'}, 89 | [pscustomobject]@{uri='naprodimedatahotfix.azureedge.net';Area='Powershell and Win32'}, 90 | [pscustomobject]@{uri='euprodimedatapri.azureedge.net';Area='Powershell and Win32'}, 91 | [pscustomobject]@{uri='euprodimedatasec.azureedge.net';Area='Powershell and Win32'}, 92 | [pscustomobject]@{uri='euprodimedatahotfix.azureedge.net';Area='Powershell and Win32'}, 93 | [pscustomobject]@{uri='approdimedatapri.azureedge.net';Area='Powershell and Win32'}, 94 | [pscustomobject]@{uri='approdimedatasec.azureedge.net';Area='Powershell and Win32'}, 95 | [pscustomobject]@{uri='approdimedatahotfix.azureedge.net';Area='Powershell and Win32'}, 96 | 97 | [pscustomobject]@{uri='v10c.events.data.microsoft.com';Area='Update Compliance'}, 98 | [pscustomobject]@{uri='v10.vortex-win.data.microsoft.com';Area='Update Compliance'}, 99 | [pscustomobject]@{uri='settings-win.data.microsoft.com';Area='Update Compliance'}, 100 | [pscustomobject]@{uri='adl.windows.com';Area='Update Compliance'}, 101 | [pscustomobject]@{uri='watson.telemetry.microsoft.com';Area='Update Compliance'}, 102 | [pscustomobject]@{uri='oca.telemetry.microsoft.com';Area='Update Compliance'} 103 | ) 104 | 105 | $connections80 = @( 106 | [pscustomobject]@{uri='emdl.ws.microsoft.com';Area='Windows Update'}, 107 | [pscustomobject]@{uri='dl.delivery.mp.microsoft.com';Area='Windows Update'} 108 | ) 109 | 110 | $success = $false 111 | if(-not (Get-ConnectionTest -connections $connections443 -port 443)){$success = $false} 112 | if(-not (Get-ConnectionTest -connections $connections80 -port 80)){$success = $false} 113 | 114 | if($success){ 115 | Write-Host "Connection Test successfull" 116 | return 0 117 | }else{ 118 | Write-Host "Connection Test not successfull" 119 | return 1 120 | } -------------------------------------------------------------------------------- /Set-Cached-Logon-Count-0/Detect_Cached_Logon_Count.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | Tom Coleman 5 | Script: Detect Cached Logon Count 6 | Description: Windows NT may use a cache to store the last interactive logon (i.e. console logon), to provide a safe logon for the host in the event that the Domain Controller goes down. This feature is currently activated on this host. 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | $Path = "HKLM:\Software\Microsoft\Windows Nt\CurrentVersion\Winlogon" 14 | $Name = "CachedLogonsCount" 15 | $Value = 0 16 | 17 | Try { 18 | $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name 19 | If ($Registry -eq $Value){ 20 | Write-Output "Compliant" 21 | Exit 0 22 | } 23 | Write-Warning "Not Compliant" 24 | Exit 1 25 | } 26 | Catch { 27 | Write-Warning "Not Compliant" 28 | Exit 1 29 | } -------------------------------------------------------------------------------- /Set-Cached-Logon-Count-0/Remediate_Cached_Logon_Count.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.1 3 | Author: 4 | Tom Coleman 5 | Script: Detect Cached Logon Count 6 | Description: Windows NT may use a cache to store the last interactive logon (i.e. console logon), to provide a safe logon for the host in the event that the Domain Controller goes down. This feature is currently activated on this host. 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | $Path = "HKLM:\Software\Microsoft\Windows Nt\CurrentVersion\Winlogon" 14 | $Name = "CachedLogonsCount" 15 | $Value = 0 16 | $Type = "REG_SZ" 17 | 18 | New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $Type -Force -ea SilentlyContinue; 19 | -------------------------------------------------------------------------------- /Set-CanaryToken-RegistryKey/DetectCanaryToken.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Tom Coleman @albanytech 5 | Script: DetectWhoAmiICanaryToken 6 | Description: Detects if canary Token is in Registry 7 | Release notes: 8 | Version 1.0: Init 9 | Run as: Admin/User 10 | Context: 64 Bit 11 | #> 12 | 13 | ##Enter the path to the registry key for example HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 14 | $regpath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exe" 15 | 16 | ##Enter the name of the registry key for example EnableLUA 17 | $regname = "GlobalFlag" 18 | 19 | ##Enter the value of the registry key we are checking for, for example 0 20 | $regvalue = "00000200" 21 | 22 | 23 | Try { 24 | $Registry = Get-ItemProperty -Path $regpath -Name $regname -ErrorAction Stop | Select-Object -ExpandProperty $regname 25 | If ($Registry -eq $regvalue){ 26 | Write-Output "Compliant" 27 | Exit 0 28 | } 29 | Write-Warning "Not Compliant" 30 | Exit 1 31 | } 32 | Catch { 33 | Write-Warning "Not Compliant" 34 | Exit 1 35 | } -------------------------------------------------------------------------------- /Set-CanaryToken-RegistryKey/RemediateCanaryToken.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Tom Coleman @albanytech 5 | Script: RemediateWhoAmiICanaryToken 6 | Description: Adds a canary Token to Registry https://blog.thinkst.com/2022/09/sensitive-command-token-so-much-offense.html Go To https://www.canarytokens.org to generate your token. This will trigger alerts in defender which you will have to tune out. 7 | Release notes: 8 | Version 1.0: Init 9 | Run as: Admin/User 10 | Context: 64 Bit 11 | #> 12 | 13 | ## Sensitive command token generated by Thinkst Canary 14 | 15 | $Path1 = 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exe', 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exe' 16 | $Path2 = 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\wmic.exe', 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\wmic.exe' 17 | 18 | $Name1 = 'GlobalFlag' 19 | $Name2 = 'ReportingMode' 20 | $Name3 = 'MonitorProcess' 21 | 22 | $Value1 = '00000512' 23 | $Value2 = '00000001' 24 | ##Ensure you change ****INSERTYOURUNIQUECANARYTOKENHERE**** to the token you generate at https://www.canarytokens.org 25 | $Value3 = 'cmd.exe /c start /min powershell.exe -windowstyle hidden -command "$($u=$(\"u$env:username\" -replace(''[^\x00-\x7f]|\s'', ''''))[0..63] -join '''';$c=$(\"c$env:computername\" -replace(''[^\x00-\x7f]|\s'', ''''));Resolve-DnsName -Name \"$c.UN.$u.CMD.****INSERTYOURUNIQUECANARYTOKENHERE****.canarytokens.com\")"' 26 | 27 | $type = 'DWORD' 28 | 29 | 30 | Foreach ($i In $Path1) 31 | { 32 | If (!(Test-Path $i)) { 33 | 34 | New-Item -Path $i -Force | Out-Null 35 | ## command that will be watched for 36 | New-ItemProperty -Path $i -Name $Name1 -Value $Value1 -PropertyType $Type -Force -ea SilentlyContinue; 37 | } 38 | } 39 | 40 | ## magic unique canarytoken that will be fired when this command is executed 41 | 42 | Foreach ($i In $Path2) 43 | { 44 | If (!(Test-Path $i)) { 45 | New-Item -Path $i -Force | Out-Null 46 | New-ItemProperty -Path $i -Name $Name2 -Value $Value2 -PropertyType $Type -Force -ea SilentlyContinue; 47 | 48 | New-ItemProperty -Path $i -Name $Name3 -Value $Value3 -Force -ea SilentlyContinue; 49 | } 50 | 51 | 52 | } -------------------------------------------------------------------------------- /Set-Service-Generic/detect-service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Sascha Stumpler (sastu@master-client.com) 9 | Script: detect-service.ps1 10 | Description: Detects if service exists and is configured as expected 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: System 14 | Context: 64 Bit 15 | #> 16 | 17 | $servicename = "ServiceName" 18 | $serviceOption = 'serviceOption' 19 | $serviceOptionValue = 'serviceOptionValue' 20 | $ServiceObject = Get-Service -Name $servicename -ErrorAction SilentlyContinue 21 | 22 | $checkarray = 0 23 | if (($null -ne $ServiceObject) -and ($ServiceObject.$serviceOption -eq $serviceOptionValue)) { 24 | $checkarray++ 25 | } 26 | 27 | if ($checkarray -ne 0) { 28 | Write-Host "Service is available and correctly configured" 29 | exit 0 30 | } else { 31 | Write-Host "Service is not available or correctly configured" 32 | exit 1 33 | } -------------------------------------------------------------------------------- /Set-Service-Generic/set-service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Sascha Stumpler (sastu@master-client.com) 9 | Script: set-service.ps1 10 | Description: Restarts any service 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: System 14 | Context: 64 Bit 15 | #> 16 | 17 | $servicename = "ServiceName" 18 | $serviceOption = 'serviceOption' 19 | $serviceOptionValue = 'serviceOptionValue' 20 | $SetServiceSplat = @{ 21 | Name = $ServiceName 22 | $serviceOption = $serviceOptionValue 23 | } 24 | 25 | Set-Service @SetServiceSplat -------------------------------------------------------------------------------- /Test-LAPSUser/detect-LAPSUser.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Sascha Stumpler (sastu@master-client.com) 9 | Script: detect-LAPSUser 10 | Description: Checks if a user exists if LAPS is configured to use a custom username, laps is installed and a Backup Directory configured 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: User/Admin 14 | Context: 32 & 64 Bit 15 | #> 16 | 17 | $AdminAccountName = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Policies\LAPS' -Name 'AdministratorAccountName' -ErrorAction SilentlyContinue).AdministratorAccountName 18 | $item = Get-LocalUser -Name $AdminAccountName -ErrorAction SilentlyContinue 19 | 20 | if ($null -eq $item -and $null -ne $AdminAccountName -and ((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\LAPS' -Name 'BackupDirectory' -ErrorAction SilentlyContinue).BackupDirectory) -ne '0' -and (Get-Item -Path ($env:windir + '\system32\laps.dll') -ErrorAction SilentlyContinue)) { 21 | exit 1 22 | }else{ 23 | exit 0 24 | } 25 | -------------------------------------------------------------------------------- /Test-LAPSUser/new-LAPSUser.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Sascha Stumpler (sastu@master-client.com) 9 | Script: Get-TemplateRemediation 10 | Description: 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: User/Admin 14 | Context: 32 & 64 Bit 15 | #> 16 | 17 | function New-LocalUserAccount { 18 | 19 | [CmdletBinding()] 20 | param ( 21 | [Parameter( 22 | ValueFromPipeline = $true, 23 | ValueFromPipelineByPropertyName = $true 24 | )] 25 | [string] $Computer = $env:COMPUTERNAME, 26 | 27 | 28 | [Parameter(Mandatory = $true)] 29 | [string] $Name, 30 | 31 | [Parameter(Mandatory = $true)] 32 | [string] $DisplayName, 33 | 34 | [Parameter(Mandatory = $true)] 35 | [string] $Password 36 | ) 37 | 38 | [ADSI] $host = [string]::Format("WinNT://{0}", $Computer) 39 | 40 | if (![string]::IsNullOrEmpty($Name)) { 41 | $user = $host.Create("User", $Name) 42 | if ($user -ne $null) { 43 | $user.SetPassword($password); 44 | $user.SetInfo() 45 | } 46 | } 47 | } 48 | 49 | function New-RandomPassword { 50 | [CmdletBinding()] 51 | param ( 52 | [Parameter(Mandatory = $false)] 53 | [int] $Length = 12, 54 | 55 | [Parameter(Mandatory = $false)] 56 | [string] $RegEx = '[\w\$\%\&\/\(\)\=\?\!\\,\.\-_\:;\]\+\*\~<>\|]' 57 | ) 58 | 59 | [string] $password = -join ( [char[]](0..127) -match $RegEx | Get-Random -Count $length ) 60 | return $password 61 | } 62 | 63 | $AdminAccountName = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Policies\LAPS' -Name 'AdministratorAccountName' -ErrorAction SilentlyContinue).AdministratorAccountName 64 | If (($AdminAccountName) -and ((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Policies\LAPS' -Name 'BackupDirectory' -ErrorAction SilentlyContinue).BackupDirectory) -ne '0' -and (Get-Item -Path ($env:windir + '\system32\laps.dll') -ErrorAction SilentlyContinue)) { 65 | New-LocalUserAccount -Name $AdminAccountName -DisplayName $AdminAccountName -Password (New-RandomPassword -Length 24) 66 | } -------------------------------------------------------------------------------- /Toast-RebootMessage/detect-reboot.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-reboot.ps1 9 | Description: Detects if machine has been on for more than 7 days 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | ##Check how long machine has been on for 17 | $now = Get-Date -UFormat "%s" -Date (Get-Date) 18 | $poweron = (Get-Date -UFormat "%s" -Date (Get-Process -Id $pid).StartTime) 19 | 20 | ##Check the difference between the two 21 | $diff = $now - $poweron 22 | 23 | ##Convert that to hours 24 | $hours = $diff / 3600 25 | 26 | ##How long shall we compare against in days?? 27 | $thresholddays = 7 28 | 29 | ##Convert that to hours 30 | $thresholdhours = $thresholddays * 24 31 | 32 | if ($hours -gt $thresholdhours) { 33 | write-host "Machine has been on for more than $thresholddays days" 34 | exit 0 35 | } 36 | else { 37 | write-host "Machine has been on for less than $thresholddays days" 38 | exit 1 39 | } 40 | -------------------------------------------------------------------------------- /Toast-RebootMessage/remediate-reboot.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-fastboot.ps1 9 | Description: Provides a notification to the user to reboot their machine 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | function Show-Notification { 17 | [cmdletbinding()] 18 | Param ( 19 | [string] 20 | $ToastTitle, 21 | [string] 22 | [parameter(ValueFromPipeline)] 23 | $ToastText 24 | ) 25 | 26 | [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] > $null 27 | $Template = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent([Windows.UI.Notifications.ToastTemplateType]::ToastText02) 28 | 29 | $RawXml = [xml] $Template.GetXml() 30 | ($RawXml.toast.visual.binding.text|where {$_.id -eq "1"}).AppendChild($RawXml.CreateTextNode($ToastTitle)) > $null 31 | ($RawXml.toast.visual.binding.text|where {$_.id -eq "2"}).AppendChild($RawXml.CreateTextNode($ToastText)) > $null 32 | 33 | $SerializedXml = New-Object Windows.Data.Xml.Dom.XmlDocument 34 | $SerializedXml.LoadXml($RawXml.OuterXml) 35 | 36 | $Toast = [Windows.UI.Notifications.ToastNotification]::new($SerializedXml) 37 | $Toast.Tag = "PowerShell" 38 | $Toast.Group = "PowerShell" 39 | $Toast.ExpirationTime = [DateTimeOffset]::Now.AddMinutes(1) 40 | 41 | $Notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier("PowerShell") 42 | $Notifier.Show($Toast); 43 | } 44 | Show-Notification -ToastTitle "Please Restart your Machine" -ToastText "Your computer has been on for more than 7 days, please reboot when possible" -------------------------------------------------------------------------------- /Uninstall-Application/detect.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-app.ps1 9 | Description: Detects if app exists 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $blacklistapps = @( 17 | "APP 1" 18 | "APP 2" 19 | ) 20 | 21 | $counter = 0 22 | $InstalledSoftware = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall" | Get-ItemProperty | Select-Object -Property DisplayName, UninstallString, DisplayName_Localized 23 | foreach($obj in $InstalledSoftware){ 24 | $name = $obj.DisplayName 25 | if ($null -eq $name) { 26 | $name = $obj.DisplayName_Localized 27 | } 28 | if (($blacklistapps -contains $name)) { 29 | $counter++ 30 | } 31 | 32 | } 33 | 34 | 35 | $InstalledSoftware32 = Get-ChildItem "HKLM:\Software\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall" | Get-ItemProperty | Select-Object -Property DisplayName, UninstallString, DisplayName_Localized 36 | foreach($obj32 in $InstalledSoftware32){ 37 | $name32 = $obj32.DisplayName 38 | if ($null -eq $name32) { 39 | $name32 = $obj.DisplayName_Localized 40 | } 41 | if (($blacklistapps -contains $name32)) { 42 | $counter++ 43 | } 44 | } 45 | 46 | if ($counter -eq 0) { 47 | write-output "Not detected" 48 | exit 0 49 | } 50 | else { 51 | write-output "Detected" 52 | exit 1 53 | } 54 | -------------------------------------------------------------------------------- /Uninstall-Application/remediate.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-app.ps1 9 | Description: Detects if app exists 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $blacklistapps = @( 17 | "APP 1" 18 | "APP 2" 19 | ) 20 | 21 | $InstalledSoftware = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall" | Get-ItemProperty | Select-Object -Property DisplayName, UninstallString, DisplayName_Localized 22 | foreach($obj in $InstalledSoftware){ 23 | $name = $obj.DisplayName 24 | if ($null -eq $name) { 25 | $name = $obj.DisplayName_Localized 26 | } 27 | if (($blacklistapps -contains $name) -and ($null -ne $obj.UninstallString)) { 28 | $uninstallcommand = $obj.UninstallString 29 | write-host "Uninstalling $name" 30 | if ($uninstallcommand -like "*msiexec*") { 31 | $splitcommand = $uninstallcommand.Split("{") 32 | $msicode = $splitcommand[1] 33 | $uninstallapp = "msiexec.exe /X {$msicode /qn" 34 | start-process "cmd.exe" -ArgumentList "/c $uninstallapp" 35 | } 36 | else { 37 | $splitcommand = $uninstallcommand.Split("{") 38 | 39 | $uninstallapp = "$uninstallcommand /S" 40 | start-process "cmd.exe" -ArgumentList "/c $uninstallapp" 41 | } 42 | } 43 | 44 | } 45 | 46 | 47 | $InstalledSoftware32 = Get-ChildItem "HKLM:\Software\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall" | Get-ItemProperty | Select-Object -Property DisplayName, UninstallString, DisplayName_Localized 48 | foreach($obj32 in $InstalledSoftware32){ 49 | $name32 = $obj32.DisplayName 50 | if ($null -eq $name32) { 51 | $name32 = $obj.DisplayName_Localized 52 | } 53 | if (($blacklistapps -contains $name32) -and ($null -ne $obj32.UninstallString)) { 54 | $uninstallcommand32 = $obj.UninstallString 55 | write-host "Uninstalling $name32" 56 | if ($uninstallcommand32 -like "*msiexec*") { 57 | $splitcommand = $uninstallcommand32.Split("{") 58 | $msicode = $splitcommand[1] 59 | $uninstallapp = "msiexec.exe /X {$msicode /qn" 60 | start-process "cmd.exe" -ArgumentList "/c $uninstallapp" 61 | } 62 | else { 63 | $splitcommand = $uninstallcommand32.Split("{") 64 | 65 | $uninstallapp = "$uninstallcommand /S" 66 | start-process "cmd.exe" -ArgumentList "/c $uninstallapp" 67 | } 68 | } 69 | } -------------------------------------------------------------------------------- /Uninstall-C++2010/Detect_C++2010.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | Tom Coleman 5 | Script: Detect C++ 2010 Redistributable 6 | Description: https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | $Name = 'Microsoft.VCRedist.2010' 14 | 15 | if ($null -eq (Get-AppxPackage -Name $Name)) { 16 | Write-Host "Microsoft Visual C++ 2010 is not installed" 17 | exit 0 18 | } Else { 19 | Write-Host "Microsoft Visual C++ 2010 is installed" 20 | Exit 1 21 | } -------------------------------------------------------------------------------- /Uninstall-C++2010/Remediate_C++2010.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | Tom Coleman 5 | Script: Uninstall C++ 2010 Redistributable 6 | Description: https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170 7 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 8 | Version 1.0: Init 9 | Run as: Admin 10 | Context: 64 Bit 11 | #> 12 | 13 | $Name = 'Microsoft.VCRedist.2010' 14 | 15 | try{ 16 | Get-AppxPackage -Name $Name | Remove-AppxPackage -ErrorAction stop 17 | Write-Host "Microsoft Visual C++ 2010 successfully removed" 18 | }catch{ 19 | Write-Error "Error removing Microsoft Visual C++ 2010" 20 | } -------------------------------------------------------------------------------- /Uninstall-DellSupportAssist/Detect_DellSupportassist.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Jasper van der Straten 5 | Script: Detect_DellSupportassist.ps1 6 | Description: Detects DellSupportAssist installation 7 | Version 1.0: Init 8 | Run as: System 9 | Context: 64 Bit 10 | #> 11 | 12 | Try { 13 | $DellSA = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*', 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | 14 | Where-Object {$_.DisplayName -eq 'Dell SupportAssist'} | 15 | Select-Object -Property DisplayName, UninstallString 16 | 17 | if ($DellSA) { 18 | $installed = $true 19 | $uninstallString = $DellSA.UninstallString 20 | } else { 21 | $installed = $false 22 | } 23 | 24 | if ($installed) { 25 | Write-Output "Not Compliant" 26 | Write-Output "Uninstall String: $uninstallString" 27 | Exit 1 28 | } else { 29 | Write-Output "Compliant" 30 | Exit 0 31 | } 32 | } 33 | Catch { 34 | Write-Warning "Not Compliant" 35 | Exit 1 36 | } 37 | -------------------------------------------------------------------------------- /Uninstall-DellSupportAssist/Remediate_DellSupportassist.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.1 3 | Author: 4 | - Jasper van der Straten 5 | Script: Remediate_DellSupportassist.ps1 6 | Description: Uninstalls DellSupportAssist installation 7 | Version 1.0: Init 8 | Run as: System 9 | Context: 64 Bit 10 | #> 11 | 12 | $DellSA = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*', 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' | 13 | Where-Object {$_.DisplayName -eq 'Dell SupportAssist'} | 14 | Select-Object -Property DisplayName, UninstallString 15 | 16 | Write-Host $DellSA.UninstallString 17 | 18 | try { 19 | if ($DellSA.UninstallString -match 'msiexec.exe') { 20 | # Extract the GUID from the UninstallString 21 | $null = $DellSA.UninstallString -match '{[A-F0-9-]+}' 22 | $guid = $matches[0] 23 | 24 | Write-Host "Removing Dell SupportAssist using msiexec..." 25 | Start-Process msiexec.exe -ArgumentList "/x $($guid) /qn" -Wait 26 | } elseif ($DellSA.UninstallString -match 'SupportAssistUninstaller.exe') { 27 | Write-Host "Removing Dell SupportAssist using SupportAssistUninstaller.exe..." 28 | Start-Process "$($DellSA.UninstallString)" -ArgumentList "/arp /S" -Wait 29 | } else { 30 | Write-Host "Unsupported uninstall method found." 31 | Exit 1 32 | } 33 | 34 | Write-Host "Dell SupportAssist successfully removed" 35 | Exit 0 36 | } catch { 37 | Write-Error "Error removing Dell SupportAssist" 38 | Exit 1 39 | } 40 | -------------------------------------------------------------------------------- /Uninstall-PrivateTeams/Uninstall-PrivateTeamsDetection.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Uninstall-PrivateTeams 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | if ($null -eq (Get-AppxPackage -Name MicrosoftTeams -allusers)) { 17 | Write-Host "Private MS Teams client is not installed" 18 | exit 0 19 | } Else { 20 | Write-Host "Private MS Teams client is installed" 21 | Exit 1 22 | } 23 | -------------------------------------------------------------------------------- /Uninstall-PrivateTeams/Uninstall-PrivateTeamsRemedaiton.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: Uninstall-PrivateTeams 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | try{ 17 | Get-AppxPackage -Name MicrosoftTeams -allusers | Remove-AppxPackage -ErrorAction stop 18 | Write-Host "Private MS Teams app successfully removed" 19 | }catch{ 20 | Write-Error "Error removing Microsoft Teams app" 21 | } 22 | -------------------------------------------------------------------------------- /Uninstall-UserChrome/detect.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Adam Gell 9 | Script: detect.ps1 10 | Description: uninstalls if app exists, only checks/uninstalls per-user Chrome in HKCU 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: User 14 | Context: 64 Bit 15 | #> 16 | 17 | $blacklistapps = @( 18 | "Google Chrome" 19 | ) 20 | 21 | $counter = 0 22 | $InstalledSoftware = Get-ChildItem "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall" | Get-ItemProperty | Select-Object -Property DisplayName, UninstallString, DisplayName_Localized 23 | foreach ($obj in $InstalledSoftware) { 24 | $name = $obj.DisplayName 25 | if ($null -eq $name) { 26 | $name = $obj.DisplayName_Localized 27 | } 28 | if (($blacklistapps -contains $name)) { 29 | $counter++ 30 | } 31 | 32 | } 33 | 34 | if ($counter -eq 0) { 35 | write-output "Per-User Chrome Not detected" 36 | exit 0 37 | } 38 | else { 39 | write-output "Per-User Chrome Detected. Switching the device over to the Enterprise version." 40 | exit 1 41 | } 42 | -------------------------------------------------------------------------------- /Uninstall-UserChrome/readme.md: -------------------------------------------------------------------------------- 1 | Make sure you run as current logged in user. 2 | 3 | This script looks and removes per-user Chrome installs. Prepare a GoogleChromeEnterprise win32 app and deploy this to the computers. -------------------------------------------------------------------------------- /Uninstall-UserChrome/remediate.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | - Adam Gell 9 | Script: remediate.ps1\ 10 | Description: uninstalls if app exists, only checks/uninstalls per-user Chrome in HKCU 11 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 12 | Version 1.0: Init 13 | Run as: User 14 | Context: 64 Bit 15 | #> 16 | 17 | $blacklistapps = @( 18 | "Google Chrome" 19 | ) 20 | 21 | $InstalledSoftware = Get-ChildItem "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall" | Get-ItemProperty | Select-Object -Property DisplayName, UninstallString, DisplayName_Localized 22 | foreach ($obj in $InstalledSoftware) { 23 | $name = $obj.DisplayName 24 | if ($null -eq $name) { 25 | $name = $obj.DisplayName_Localized 26 | } 27 | if (($blacklistapps -contains $name) -and ($null -ne $obj.UninstallString)) { 28 | $uninstallcommand = $obj.UninstallString 29 | write-host "Removing $name, and adding a force-uninstall flag to make it silent" 30 | if ($uninstallcommand -like "*msiexec*") { 31 | $splitcommand = $uninstallcommand.Split("{") 32 | $msicode = $splitcommand[1] 33 | $uninstallapp = "msiexec.exe /X {$msicode /qn" 34 | start-process "cmd.exe" -ArgumentList "/c $uninstallapp" 35 | } 36 | else { 37 | $splitcommand = $uninstallcommand.Split("{") 38 | 39 | $uninstallapp = "$uninstallcommand /S" 40 | start-process "cmd.exe" -ArgumentList "/c $uninstallapp --force-uninstall" 41 | } 42 | } 43 | 44 | } 45 | 46 | 47 | -------------------------------------------------------------------------------- /Unpin Store/detect-store.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-store.ps1 9 | Description: Detects if the store has been pinned to the taskbar 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | 16 | ##We're looping through the verbs so it's going to be easier to count 17 | $pinned = 0 18 | ##Loop through verbs for the store app 19 | $apps = ((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | Where-Object { $_.Name -eq "Microsoft Store" }).verbs() 20 | foreach ($app in $apps) { 21 | ##Is Unpin an option? 22 | if ($app.Name -eq "Unpin from tas&kbar") { 23 | ##Yep, increment the counter 24 | $pinned++ 25 | } 26 | } 27 | 28 | #Has it been found? 29 | if ($pinned -gt 0) { 30 | Write-Warning "Store has been pinned" 31 | exit 1 32 | } 33 | else { 34 | write-host "Not pinned" 35 | exit 0 36 | } -------------------------------------------------------------------------------- /Unpin Store/remediate-store.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-store.ps1 9 | Description: Unpins the Windows Store from the taskbar 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: User 13 | Context: 64 Bit 14 | #> 15 | $apps = ((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items()) 16 | foreach ($app in $apps) { 17 | $appname = $app.Name 18 | if ($appname -like "*store*") { 19 | $finalname = $app.Name 20 | } 21 | } 22 | 23 | ((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | Where-Object{$_.Name -eq $finalname}).Verbs() | Where-Object{$_.Name.replace('&','') -match 'Unpin from taskbar'} | ForEach-Object{$_.DoIt(); $exec = $true} 24 | -------------------------------------------------------------------------------- /Update-ChocolateyApps/detection-choco-upgrade.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detection-choco-upgrade 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | try{ 17 | $upgrade_excludes = "snagit", "example2" 18 | 19 | # Chocolatey Path 20 | $script:choco = "C:\ProgramData\chocolatey\choco.exe" 21 | 22 | # Get all choco programs 2 upgrade 23 | $choco2upgrade_all = &$choco outdated -r | Where-Object {$_ -notin $upgrade_excludes} 24 | 25 | # select ids and remove excludes 26 | $choco2upgrade_selected = @() 27 | foreach($id in $choco2upgrade_all){ 28 | $pos = $id.IndexOf("|") 29 | $idonly = $id.Substring(0, $pos) 30 | if($idonly -notin $upgrade_excludes){ 31 | $choco2upgrade_selected += $idonly 32 | } 33 | } 34 | 35 | 36 | if ($choco2upgrade_selected) { 37 | Write-Output "Upgrades aviable for: $choco2upgrade_selected" 38 | exit 1 # upgrade aviable, remediation needed 39 | } 40 | else { 41 | Write-Output "No upgrades aviable." 42 | exit 0 # no upgared, no action needed 43 | } 44 | 45 | }catch{ 46 | Write-Error "Error reading apps: $_" 47 | } 48 | -------------------------------------------------------------------------------- /Update-ChocolateyApps/remediation-choco-upgrade.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediation-choco-upgrade 9 | Description: 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: Admin 13 | Context: 64 Bit 14 | #> 15 | 16 | try{ 17 | $upgrade_excludes = "snagit", "example2" 18 | 19 | # Chocolatey Path 20 | $script:choco = "C:\ProgramData\chocolatey\choco.exe" 21 | 22 | # Get all choco programs 2 upgrade 23 | $choco2upgrade_all = &$choco outdated -r | Where-Object {$_ -notin $upgrade_excludes} 24 | 25 | # select ids and remove excludes 26 | $choco2upgrade_selected = @() 27 | foreach($id in $choco2upgrade_all){ 28 | $pos = $id.IndexOf("|") 29 | $idonly = $id.Substring(0, $pos) 30 | if($idonly -notin $upgrade_excludes){ 31 | $choco2upgrade_selected += $idonly 32 | } 33 | } 34 | 35 | 36 | if ($choco2upgrade_selected) { 37 | Write-Output "Upgrading now: $choco2upgrade_selected" 38 | &$choco upgrade $choco2upgrade_selected 39 | } 40 | else { 41 | Write-Output "No upgrades aviable." 42 | } 43 | 44 | }catch{ 45 | Write-Error "Error reading apps: $_" 46 | } 47 | -------------------------------------------------------------------------------- /Winget Management/detect-install-url-changes.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-install-url-changes.ps1 9 | Description: Detects changes to URL to trigger app install 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | 17 | 18 | ##################################################################################################################################### 19 | # LIST URL # 20 | # # 21 | ##################################################################################################################################### 22 | 23 | $installuri = "https://github.com/andrew-s-taylor/winget/raw/main/install-apps.txt" 24 | 25 | 26 | ##Create a folder to store the lists 27 | $AppList = "C:\ProgramData\AppList" 28 | If (Test-Path $AppList) { 29 | Write-Output "$AppList exists. Skipping." 30 | } 31 | Else { 32 | Write-Output "The folder '$AppList' doesn't exist. This folder will be used for storing logs created after the script runs. Creating now." 33 | Start-Sleep 1 34 | New-Item -Path "$AppList" -ItemType Directory 35 | Write-Output "The folder $AppList was successfully created." 36 | } 37 | 38 | $templateFilePath = "C:\ProgramData\AppList\install-apps.txt" 39 | 40 | 41 | ##Download the list 42 | Invoke-WebRequest ` 43 | -Uri $installuri ` 44 | -OutFile $templateFilePath ` 45 | -UseBasicParsing ` 46 | -Headers @{"Cache-Control"="no-cache"} 47 | 48 | 49 | 50 | $oldpath = "C:\ProgramData\AppList\install-apps-old.txt" 51 | If (Test-Path $oldpath) { 52 | $newcontent = get-content $templateFilePath | select-object -first 1 53 | $oldcontent = get-content $oldpath | select-object -first 1 54 | If ($newcontent -eq $oldcontent) { 55 | remove-item -path $templateFilePath -force 56 | Write-Output "Compliant" 57 | exit 0 58 | } 59 | else { 60 | remove-item -path $templateFilePath -force 61 | Write-Warning "Not Compliant" 62 | Exit 1 63 | 64 | } 65 | 66 | 67 | } 68 | else { 69 | remove-item -path $templateFilePath -force 70 | Write-Warning "Not Compliant" 71 | Exit 1 72 | } 73 | -------------------------------------------------------------------------------- /Winget Management/detect-uninstall-url-changes.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: detect-uninstall-url-changes.ps1 9 | Description: Detects changes to URL to uninstall apps via Winget 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | ##################################################################################################################################### 16 | # LIST URL # 17 | # # 18 | ##################################################################################################################################### 19 | 20 | $installuri = "https://github.com/andrew-s-taylor/winget/raw/main/uninstall-apps.txt" 21 | 22 | 23 | ##Create a folder to store the lists 24 | $AppList = "C:\ProgramData\AppList" 25 | If (Test-Path $AppList) { 26 | Write-Output "$AppList exists. Skipping." 27 | } 28 | Else { 29 | Write-Output "The folder '$AppList' doesn't exist. This folder will be used for storing logs created after the script runs. Creating now." 30 | Start-Sleep 1 31 | New-Item -Path "$AppList" -ItemType Directory 32 | Write-Output "The folder $AppList was successfully created." 33 | } 34 | 35 | $templateFilePath = "C:\ProgramData\AppList\uninstall-apps.txt" 36 | 37 | 38 | ##Download the list 39 | Invoke-WebRequest ` 40 | -Uri $installuri ` 41 | -OutFile $templateFilePath ` 42 | -UseBasicParsing ` 43 | -Headers @{"Cache-Control"="no-cache"} 44 | 45 | 46 | 47 | $oldpath = "C:\ProgramData\AppList\uninstall-apps-old.txt" 48 | If (Test-Path $oldpath) { 49 | $newcontent = get-content $templateFilePath | select-object -first 1 50 | $oldcontent = get-content $oldpath | select-object -first 1 51 | If ($newcontent -eq $oldcontent) { 52 | remove-item -path $templateFilePath -force 53 | Write-Output "Compliant" 54 | exit 0 55 | } 56 | else { 57 | remove-item -path $templateFilePath -force 58 | Write-Warning "Not Compliant" 59 | Exit 1 60 | 61 | } 62 | 63 | 64 | } 65 | else { 66 | remove-item -path $templateFilePath -force 67 | Write-Warning "Not Compliant" 68 | Exit 1 69 | } 70 | -------------------------------------------------------------------------------- /Winget Management/remediate-install-apps-from-url.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-install-apps-from-url.ps1 9 | Description: Installs apps from a URL via winget 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | ##################################################################################################################################### 16 | # LIST URL # 17 | # # 18 | ##################################################################################################################################### 19 | 20 | $installuri = "https://github.com/andrew-s-taylor/winget/raw/main/install-apps.txt" 21 | 22 | 23 | ##Create a folder to store the lists 24 | $AppList = "C:\ProgramData\AppList" 25 | If (Test-Path $AppList) { 26 | Write-Output "$AppList exists. Skipping." 27 | } 28 | Else { 29 | Write-Output "The folder '$AppList' doesn't exist. This folder will be used for storing logs created after the script runs. Creating now." 30 | Start-Sleep 1 31 | New-Item -Path "$AppList" -ItemType Directory 32 | Write-Output "The folder $AppList was successfully created." 33 | } 34 | 35 | $templateFilePath = "C:\ProgramData\AppList\install-apps.txt" 36 | 37 | 38 | ##Download the list 39 | Invoke-WebRequest ` 40 | -Uri $installuri ` 41 | -OutFile $templateFilePath ` 42 | -UseBasicParsing ` 43 | -Headers @{"Cache-Control"="no-cache"} 44 | 45 | 46 | ##Find Winget Path 47 | 48 | $ResolveWingetPath = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe" 49 | if ($ResolveWingetPath){ 50 | $WingetPath = $ResolveWingetPath[-1].Path 51 | } 52 | 53 | $config 54 | 55 | ##Navigate to the Winget Path 56 | Set-Location $wingetpath 57 | 58 | ##Loop through app list 59 | $apps = get-content $templateFilePath | select-object -skip 1 60 | 61 | ##Install each app 62 | foreach ($app in $apps) { 63 | 64 | write-host "Installing $app" 65 | .\winget.exe install --exact --id $app --silent --accept-package-agreements --accept-source-agreements 66 | } 67 | 68 | ##Delete the .old file to replace it with the new one 69 | $oldpath = "C:\ProgramData\AppList\install-apps-old.txt" 70 | If (Test-Path $oldpath) { 71 | remove-item $oldpath -Force 72 | } 73 | 74 | ##Rename new to old 75 | rename-item $templateFilePath $oldpath -------------------------------------------------------------------------------- /Winget Management/remediate-uninstall-apps-from-url.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: remediate-uninstall-apps-from-url.ps1 9 | Description: Uninstalls apps from a list via winget 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | 17 | ##################################################################################################################################### 18 | # LIST URL # 19 | # # 20 | ##################################################################################################################################### 21 | 22 | $uninstalluri = "https://github.com/andrew-s-taylor/winget/raw/main/uninstall-apps.txt" 23 | 24 | 25 | ##Create a folder to store the lists 26 | $AppList = "C:\ProgramData\AppList" 27 | If (Test-Path $AppList) { 28 | Write-Output "$AppList exists. Skipping." 29 | } 30 | Else { 31 | Write-Output "The folder '$AppList' doesn't exist. This folder will be used for storing logs created after the script runs. Creating now." 32 | Start-Sleep 1 33 | New-Item -Path "$AppList" -ItemType Directory 34 | Write-Output "The folder $AppList was successfully created." 35 | } 36 | 37 | $templateFilePath = "C:\ProgramData\AppList\uninstall-apps.txt" 38 | 39 | 40 | ##Download the list 41 | Invoke-WebRequest ` 42 | -Uri $uninstalluri ` 43 | -OutFile $templateFilePath ` 44 | -UseBasicParsing ` 45 | -Headers @{"Cache-Control"="no-cache"} 46 | 47 | 48 | ##Find Winget Path 49 | 50 | $ResolveWingetPath = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe" 51 | if ($ResolveWingetPath){ 52 | $WingetPath = $ResolveWingetPath[-1].Path 53 | } 54 | 55 | $config 56 | 57 | ##Navigate to the Winget Path 58 | Set-Location $wingetpath 59 | 60 | ##Loop through app list 61 | $apps = get-content $templateFilePath | select-object -skip 1 62 | 63 | ##Uninstall each app 64 | foreach ($app in $apps) { 65 | 66 | write-host "Uninstalling $app" 67 | .\winget.exe uninstall --exact --id $app --silent --accept-source-agreements 68 | } 69 | 70 | ##Delete the .old file to replace it with the new one 71 | $oldpath = "C:\ProgramData\AppList\uninstall-apps-old.txt" 72 | If (Test-Path $oldpath) { 73 | remove-item $oldpath -Force 74 | } 75 | 76 | ##Rename new to old 77 | rename-item $templateFilePath $oldpath -------------------------------------------------------------------------------- /Winget-Update-All/winget-update-detect.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: winget-update-detect.ps1 9 | Description: Detects for any updates via Winget 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | Try { 17 | $Winget = Get-ChildItem -Path (Join-Path -Path (Join-Path -Path $env:ProgramFiles -ChildPath "WindowsApps") -ChildPath "Microsoft.DesktopAppInstaller*_x64*\AppInstallerCLI.exe") 18 | 19 | $updatecheck = &$winget upgrade 20 | If ($updatecheck.count -lt 3){ 21 | Write-Output "Compliant" 22 | Exit 0 23 | } 24 | Write-Warning "Not Compliant" 25 | Exit 1 26 | } 27 | Catch { 28 | Write-Warning "Not Compliant" 29 | Exit 1 30 | } 31 | -------------------------------------------------------------------------------- /Winget-Update-All/winget-upgrade-remediate.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Version: 1.0 3 | Author: 4 | - Joey Verlinden (joeyverlinden.com) 5 | - Andrew Taylor (andrewstaylor.com) 6 | - Florian Slazmann (scloud.work) 7 | - Jannik Reinhard (jannikreinhard.com) 8 | Script: winget-upgrade-remediate.ps1 9 | Description: Updates all apps via Winget 10 | Hint: This is a community script. There is no guarantee for this. Please check thoroughly before running. 11 | Version 1.0: Init 12 | Run as: System 13 | Context: 64 Bit 14 | #> 15 | 16 | $Winget = Get-ChildItem -Path (Join-Path -Path (Join-Path -Path $env:ProgramFiles -ChildPath "WindowsApps") -ChildPath "Microsoft.DesktopAppInstaller*_x64*\AppInstallerCLI.exe") 17 | 18 | &$winget upgrade --all --force --silent --------------------------------------------------------------------------------