├── scripts ├── .gitkeep ├── Win_ADDC_Sync_Start.bat ├── Win_Network_TCP_Reset_Stack.bat ├── Win_Network_IP_DHCP_Renew.bat ├── Win_Power_Disable_Hibernation.bat ├── Win_Feature_NET35_Enable.ps1 ├── Win_Disable_Fast_Startup.bat ├── Win_Time_Sync.bat ├── Win_Hardware_SN.ps1 ├── Win_RecycleBin_Empty.ps1 ├── Win_USB_Disable_Access.bat ├── Win_USB_Enable_Access.bat ├── Win_Cortana_Disable.bat ├── Win_AutoRun_Disable.bat ├── Win_TRMM_Start_Menu_Delete_Shortcut.ps1 ├── Win_FileSystem_Enable_Long_Paths.bat ├── Win_Power_Profile_Set_High_Performance.ps1 ├── Win_Win11_Remove_Chat.bat ├── Win_Chocolatey_List_Installed.bat ├── Win_Defender_Clear_Logs.ps1 ├── Win_Install_Adobe_Reader.ps1 ├── Win_Defender_QuickScan_Background.ps1 ├── Win_Defender_FullScan_Background.ps1 ├── Win_Network_Set_To_Private.ps1 ├── Win_Printer_ClearandRestart.bat ├── Win_Users_List.ps1 ├── Win_Printers_List_Installed.ps1 ├── Win_Splashtop_Get_ID.ps1 ├── Win_Windows_Update_RevertToDefault.ps1 ├── Win_Storage_CheckPools.ps1 ├── Win_TRMM_AV_Update_Exclusion.ps1 ├── Win_TRMM_Agent_DebugmodeUndo.bat ├── Win_Firewall_Check_Status.ps1 ├── Win_Network_IPv6_Disable.ps1 ├── Win_Power_RestartorShutdown.ps1 ├── Win_AzureAD_Check_Connection_Status.ps1 ├── Win_Open_SSH_Server_Install.ps1 ├── Win_Network_DHCP_Set.bat ├── Win_Securepoint_Get_DeviceId.ps1 ├── Win_TaskScheduler_Add_Task.ps1 ├── Win_User_Logged_in_with_Temp_Profile.ps1 ├── Win_RunAsUser_Example2.ps1 ├── Win_TRMM_Agent_Debugmode.bat ├── zzDEPRECATED_Win_RustDesk_GetID.ps1 ├── Win_UAC_Check_Status.ps1 ├── Win_Reboot.ps1 ├── Win_RDP_enable.bat ├── Win_TRMM_Rename_Installed_App.ps1 ├── Win_Services_AutomaticStartup_Running.ps1 ├── Win_Supremo_GetID.ps1 ├── Linux_CPU_check.sh ├── Win_User_EnableDisable.ps1 ├── Win_Google_Chrome_Clear_Cache.ps1 ├── Win_Activation_Check.ps1 ├── Win_Bitlocker_Get_Recovery_Keys.ps1 ├── Win_Disk_Volume_Status.ps1 ├── Win_Powershell_TestPATH.bat ├── Win_TRMM_GetLogs.ps1 ├── Win_Teamviewer_Get_ID.ps1 ├── Win_TRMM_Mesh_Debug.ps1 ├── Win_MSI_Install.ps1 ├── Win_Printer_Restart_Jobs.ps1 ├── Win_Lenovo_Driver_Updates.ps1 ├── Win_AnyDesk_Get_Anynet_ID.ps1 ├── Linux_memory_check.sh ├── Win_Bitlocker_Drive_Check_Status.ps1 ├── Win_User_Local_Created_Monitor.ps1 ├── Win_Power_Profile_Reset_High_Performance_to_Defaults.ps1 ├── Win_Bios_Check.ps1 ├── Win_Firefox_Clear_Cache.ps1 ├── Win_Software_Install_Report.ps1 ├── Win_Hardware_RAM_Status.ps1 ├── Win_Task_Scheduler_New_Items_Monitor.ps1 ├── Win_Wifi_SSID_and_Password_Retrieval.ps1 ├── Win_Azure_Mars_Cloud_Backup_Status.ps1 ├── Win_Network_DNS_Set_to_1.1.1.2.ps1 ├── Win_Create_All_User_Logon_Script.ps1 ├── Win_Win10_Change_Key_and_Activate.ps1 ├── Win_Screenconnect_GetGUID.ps1 ├── Win_User_Admins_Local_Disable.ps1 └── Win_Bluescreen_Report.ps1 ├── requirements.txt ├── .gitignore ├── scripts_wip ├── Mac_Install_All_Updates.sh ├── Win_Event_Logs_Clear_System.bat ├── Win_Network_TCP_FlushDNS.bat ├── Mac_SMC_and_NVRAM_Reset.sh ├── Win_Event_Logs_Clear_Application.bat ├── Win_Firewall_Disable_All.bat ├── Win_3rdparty_Urbackup_Uninstall.bat ├── programblacklist_remoteaccess.txt ├── Win_Password_Last_Change_Date.bat ├── Win_VSS_Delete_ShadowCopies.ps1 ├── Win_VSS_List_Shadow_Copies.ps1 ├── Win_Dell_Command_RunUpdate.bat ├── Win_Teamviewer_Uninstall.bat ├── Win_VSS_List_Providers.ps1 ├── programwhitelist.txt ├── Win_VSS_List_ShadowCopy_Writers.ps1 ├── Win_RDS_Logoff_Disconnected_Users.ps1 ├── Win_Retrieve_Startup_Apps_List.ps1 ├── Win_Power_Fastboot_Disable_Win10.ps1 ├── Win_VPN_L2TP_Win10_Fix.bat ├── Win_Check_domain.ps1 ├── Win_User_Admin_Account_Rename.ps1 ├── Win_System_Restore_Enable.bat ├── Win_Power_Mgmt_Disable_Lid_Sleep.bat ├── Win_Veeam_BackupRun.ps1 ├── Win_Network_PublicPrivate_Switch.ps1 ├── Win_Misc_Speech.ps1 ├── Win_Windows_InstallUpdatesOnTrigger.ps1 ├── Mac_Users_List.sh ├── Mac_Network_DNS_Set_to_1.1.1.1.ps1 ├── Win_Veeam_CollectorLastBackupDate.ps1 ├── Win_Repair_DomainTrust.ps1 ├── Win_Hello_Disable.bat ├── Win_Defender_ListExclusions.ps1 ├── Win_Info_Last_Reboot_Info.ps1 ├── Win_Printers_Map_Network (needs fixing).bat ├── Win_Folder_Downloads_Clear.ps1 ├── Win_Network_AutoDiscovery_Disable.ps1 ├── Win_OS_Determine.ps1 ├── Win11_Update_StartMenu.bat ├── Win_Users_AD_List_Enabled.ps1 ├── Win_System_Restore_Point_Create.ps1 ├── Win_WinRM_Enable_Remote.ps1 ├── nix_bash_HP_RAID_Cache_Status.sh ├── Win_DNS_Get_Domain_MX_Records(fixme).bat ├── Win_Processes_Retrieve_Top.ps1 ├── nix_bash_HP_RAID_Battery_Status.sh ├── nix_bash_HP_RAID_Controller_Status.sh ├── Win_SMB_version.ps1 ├── Win_User_Password_Reset.ps1 ├── Win_Huntress_Detect.ps1 ├── Win_WSUS_Clear_And_Restart.bat ├── Win_Outlook_Get_Addins.ps1 ├── linux_sshserver_check.sh ├── Win_Upgrade_Win7_to_Win10.ps1 ├── Mac_System_Integrity.sh ├── Win_Shortcut_Creator2.ps1 ├── Win_Misc_Shortcut_Create.ps1 ├── Win_Software_Installed_List.ps1 ├── Win_WeatherNews_Taskbar.bat ├── Win_Network_VPN_SSTP.ps1 ├── nix_bash_Install_HP_Server_Health_Tools.sh ├── Win_SMB_CheckForNonDefault.ps1 ├── Win_Windows_Activation_check.ps1 ├── linux_user_monitor.sh ├── Win_Event_Logs_Clear_All.bat ├── Win_Choco_ConvertToChocoManaged.ps1 ├── Win_Powershell_Version_Check.ps1 ├── Mac-Install_diskspace ├── ping_check.py ├── Win_Snipit_Killit.ps1 ├── Win_Suggested_Apps_Disable.ps1 ├── Win_Rustdesk_Install.ps1 ├── Win_File_Detect_and_Alert.ps1 ├── nix_bash_HP_CPU_Status.sh ├── 3rdparty_slack_alerts.py ├── nix_bash_HP_Memory_Status.sh ├── nix_bash_HP_Power_Supply_Status.sh ├── win_bad_logins.ps1 ├── Win_Power_And_Sleep_Changer.bat ├── Win_AD_Transfer_FSMO_Roles.ps1 ├── DUPE_Windows_Fast Start_Disable.ps1 ├── Win_Power_Mgmt_Disable_Access.ps1 ├── Win_Windows_Feeds_Disable.ps1 ├── Win_FirefoxAddinInstallDisable.ps1 ├── Win_Password_Policy_Modify.ps1 ├── linux_check_processes ├── Win_WinRM_Disallow_Client_Digest_authentication.ps1 ├── Win_WinRM_Disallow_Storing_RunAs_credentials.ps1 ├── Win_PreviewBuildsBlock.ps1 ├── Win_User_Logon_Details.ps1 ├── Win_InActivity_Timout_Set.ps1 ├── Win_Windows_Update_Settings.ps1 ├── Win_Event Log_Settings_Adjust.ps1 ├── Win_Misc_Autoplay_Disable.ps1 ├── Win_Certificate address mismatch warning_Enable.ps1 ├── Win_Oracle-Defense_EnableEncryption.ps1 ├── linux_docker_run_commands.sh ├── Win_ ATMFD_ Disable_Security Bulletin MS15-077.ps1 ├── Win_Intune_Hello_removal.bat ├── Win_Location_Get.ps1 ├── Win_Remote_host_allows_delegation_of_non-exportable_credentials.ps1 ├── Win_Shortcut_Creator.ps1 ├── Win_Software_McAfee_check.ps1 ├── Win_User_Admin_LAPS_CheckForPolicy.ps1 ├── Win_Location_Task_Trigger_On_WLAN_event.ps1 ├── Win_Hardware_Disk_SMART_PassFail.ps1 ├── Win_Print_Spooler_Reset.bat ├── Win_Celldata.ps1 ├── linux_zfspool_check.sh ├── Win_OneDrive_Reset_Cache.ps1 ├── Win_Boot_UEFI_or_LegacyBIOS.ps1 ├── Win_Outlook_New_Profile.ps1 ├── Win_Boot_UEFIvsLegacy.ps1 ├── Win_Folder_Delete_Securely.ps1 ├── Mac_Battery_CycleCount.sh ├── Win_File_TakeOwnership.ps1 ├── Win_TRMM_Agent_Install.bat ├── linux_website_keywordmonitor.sh ├── Win_Disk_Space_Usage_Reports_WiztreeAlt2.ps1 ├── Win_3rdparty_Urbackup_Install.ps1 ├── Win_SMB1_CheckIfEnabled.ps1 ├── Win_Software_Foxitreader_Updater_Kill.ps1 ├── Win_Disk_Space_Usage_Check.py ├── Win_Print_Spooler_Restart_Service.ps1 ├── linux_check_services.sh ├── Win_Discord_Send_Messagev1.ps1 ├── Win_OEM_Information_Set.ps1 ├── Win_TRMM_Remove_and_unjoin_from_AzureAD.ps1 ├── Win_Network_access_Do not allow anonymous enumeration of SAM accounts and shares.ps1 ├── Win_10_Productkey_get.ps1 ├── Win_SecCheck_Print_kb5005010.ps1 ├── Win_Dell_Command_Install.ps1 ├── Win_Retrieve_Backup_Windows_Logs.bat ├── Win_CPU_Uptime_Check.ps1 ├── Win_Clear_Office_Cache.ps1 ├── DUPE_Win_Chocolatey_Update_Bulk.bat ├── Win_Windows_Update_Settings2.reg ├── Win_Printers_Security_Check_KB5005010.ps1 ├── Win_3rdparty_Urbackup_restorepermfixer.bat ├── Win_LLDPInfo.ps1 ├── Win_Teams_Uninstall.ps1 ├── Win_Manufacturer_Specific_Snippet.ps1 ├── Win_Speedtest_Ookla.ps1 ├── DUPE_Win_Blue_Screen_View.ps1 ├── Win_File_Delete.ps1 ├── Win_PatchPercentage.ps1 ├── Win_Security_Install_Heimdal_Silent.ps1 ├── Win_Disk_Space_Usage_Folder.ps1 ├── Win_File_Detect_and_Alert2.ps1 ├── 3rdparty_spike_alerts.py ├── Win_Windows_Tools_Optimize.bat ├── Win_API_Get-SoftwareFromTRMM.ps1 ├── Win_Rustdesk_Installv2.ps1 ├── Mac_Battery_Health.sh ├── Win_3rdparty_bginfo.ps1 ├── Win_RAM_Available_Check.ps1 ├── Win_Store_Uninstall_Builtin_Apps.ps1 ├── Win_ASUS_debloater.ps1 └── Win_Powershell_Upgrade.ps1 ├── .editorconfig ├── scripts_staging ├── Lab │ ├── RustDesk Get ID.ps1 │ ├── Fake CheckRandom Alert 2.py │ └── RustDesk password set.ps1 ├── Win_Driver_Restrict_PrinterInstallToAdmin.bat ├── linux_cron_monitor.sh ├── linux_disk_check.sh ├── Win_Chrome_Check_Version.ps1 ├── Collectors │ ├── Collect Licensing 5 Office.ps1 │ ├── OS Install Date.ps1 │ ├── get Domains or Workgroup name.ps1 │ ├── Collect Licensing 4 RDS.ps1 │ └── Collect Licensing 3 Exchange.ps1 ├── linux_service_check_for_failed.sh ├── Win_Disk_Cleanup.ps1 ├── WIN_reliablity_score.p1 ├── Win_Drive_Files_List_Biggest_Files_On_Drive.ps1 ├── Win_TRMM_ScheduledTasks_List.ps1 ├── Checks │ ├── Boot mode.ps1 │ └── Activation status.ps1 ├── Win_Drive_Info_Get.ps1 ├── Win_Battery_Create_Detailed_Report.ps1 ├── Win_ResetviaMDM.ps1 ├── Win_Chrome_Clear_All.ps1 ├── Win_Bitlocker_Enable.ps1 ├── Tools │ ├── Cleanup temp files.ps1 │ ├── Force Azureo365 AD sync.ps1 │ ├── Deploy diagnostic toolkit.ps1 │ └── Get logon events.ps1 ├── linux_3cx_backupchecker.sh ├── snippets │ └── CallPowerShell7Lite.ps1 ├── Win_WindowsOptionalFeature_EnableDisable.ps1 ├── Win_Blue_Screen_View.ps1 ├── Fixes │ └── Resync time NTP.ps1 ├── Win_Defender_Enable_ApplicationGuard.ps1 ├── linux_os_update.sh └── Win_Network_DisableEnable.ps1 ├── docker-compose-powershell.yml ├── docker-compose-python.yml ├── runtestsonwindows.ps1 ├── .github └── workflows │ └── tests.yml ├── Dockerfile-python └── LICENSE /scripts/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pytest 2 | black -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__/ 2 | env/ 3 | -------------------------------------------------------------------------------- /scripts/Win_ADDC_Sync_Start.bat: -------------------------------------------------------------------------------- 1 | net start ADSync 2 | exit -------------------------------------------------------------------------------- /scripts/Win_Network_TCP_Reset_Stack.bat: -------------------------------------------------------------------------------- 1 | netsh int ip reset -------------------------------------------------------------------------------- /scripts_wip/Mac_Install_All_Updates.sh: -------------------------------------------------------------------------------- 1 | sudo softwareupdate -ia -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | [*.json] 2 | indent_style = space 3 | indent_size = 2 -------------------------------------------------------------------------------- /scripts_wip/Win_Event_Logs_Clear_System.bat: -------------------------------------------------------------------------------- 1 | Wevtutil.exe cl System -------------------------------------------------------------------------------- /scripts_wip/Win_Network_TCP_FlushDNS.bat: -------------------------------------------------------------------------------- 1 | IPCONFIG /FLUSHDNS 2 | -------------------------------------------------------------------------------- /scripts/Win_Network_IP_DHCP_Renew.bat: -------------------------------------------------------------------------------- 1 | ipconfig /release && ipconfig /renew -------------------------------------------------------------------------------- /scripts_wip/Mac_SMC_and_NVRAM_Reset.sh: -------------------------------------------------------------------------------- 1 | pmset -a restoredefaults 2 | nvram -c -------------------------------------------------------------------------------- /scripts_wip/Win_Event_Logs_Clear_Application.bat: -------------------------------------------------------------------------------- 1 | Wevtutil.exe cl Application -------------------------------------------------------------------------------- /scripts/Win_Power_Disable_Hibernation.bat: -------------------------------------------------------------------------------- 1 | %SYSTEMROOT%\System32\powercfg.exe -H OFF -------------------------------------------------------------------------------- /scripts_wip/Win_Firewall_Disable_All.bat: -------------------------------------------------------------------------------- 1 | netsh advfirewall set allprofiles state off -------------------------------------------------------------------------------- /scripts_wip/Win_3rdparty_Urbackup_Uninstall.bat: -------------------------------------------------------------------------------- 1 | "C:\Program Files\UrBackup\Uninstall.exe" /S -------------------------------------------------------------------------------- /scripts_wip/programblacklist_remoteaccess.txt: -------------------------------------------------------------------------------- 1 | TeamViewer | AnyDesk | ScreenConnect* | Ammyy -------------------------------------------------------------------------------- /scripts/Win_Feature_NET35_Enable.ps1: -------------------------------------------------------------------------------- 1 | Enable-WindowsOptionalFeature -Online -FeatureName "NetFx3" -------------------------------------------------------------------------------- /scripts/Win_Disable_Fast_Startup.bat: -------------------------------------------------------------------------------- 1 | REM Disable Faststartup on Windows 10 2 | powercfg /h off 3 | -------------------------------------------------------------------------------- /scripts/Win_Time_Sync.bat: -------------------------------------------------------------------------------- 1 | REM Syncs time with domain controller 2 | net time %logonserver% /set /y 3 | -------------------------------------------------------------------------------- /scripts_wip/Win_Password_Last_Change_Date.bat: -------------------------------------------------------------------------------- 1 | NET USER %username% /DOMAIN | FIND /I "Password last set" -------------------------------------------------------------------------------- /scripts_wip/Win_VSS_Delete_ShadowCopies.ps1: -------------------------------------------------------------------------------- 1 | Vssadmin delete shadows 2 | #Deletes volume shadow copies -------------------------------------------------------------------------------- /scripts_wip/Win_VSS_List_Shadow_Copies.ps1: -------------------------------------------------------------------------------- 1 | Vssadmin list shadows 2 | #List existing volume shadow copies -------------------------------------------------------------------------------- /scripts_wip/Win_Dell_Command_RunUpdate.bat: -------------------------------------------------------------------------------- 1 | "c:\Program Files (x86)\Dell\CommandUpdate\dcu-cli.exe" /applyUpdates -------------------------------------------------------------------------------- /scripts_wip/Win_Teamviewer_Uninstall.bat: -------------------------------------------------------------------------------- 1 | net stop TeamViewer 2 | "%programfiles(x86)%\TeamViewer\uninstall.exe" /S -------------------------------------------------------------------------------- /scripts_wip/Win_VSS_List_Providers.ps1: -------------------------------------------------------------------------------- 1 | Vssadmin list providers 2 | #List registered volume shadow copy providers -------------------------------------------------------------------------------- /scripts_wip/programwhitelist.txt: -------------------------------------------------------------------------------- 1 | PowerToys (Preview) | Microsoft Windows Desktop Runtime - * | Microsoft .NET* -------------------------------------------------------------------------------- /scripts/Win_Hardware_SN.ps1: -------------------------------------------------------------------------------- 1 | # Get BIOS Serial Number for Collectors 2 | Get-WmiObject Win32_BIOS | Select SerialNumber -------------------------------------------------------------------------------- /scripts_wip/Win_VSS_List_ShadowCopy_Writers.ps1: -------------------------------------------------------------------------------- 1 | Vssadmin list writers 2 | #List subscribed volume shadow copy writers -------------------------------------------------------------------------------- /scripts/Win_RecycleBin_Empty.ps1: -------------------------------------------------------------------------------- 1 | # Must be "Run As User" 2 | Clear-RecycleBin -Confirm:$false -ErrorAction SilentlyContinue -------------------------------------------------------------------------------- /scripts/Win_USB_Disable_Access.bat: -------------------------------------------------------------------------------- 1 | reg add HKLM\SYSTEM\CurrentControlSet\Services\UsbStor /v "Start" /t REG_DWORD /d "4" /f -------------------------------------------------------------------------------- /scripts/Win_USB_Enable_Access.bat: -------------------------------------------------------------------------------- 1 | reg add HKLM\SYSTEM\CurrentControlSet\Services\UsbStor /v "Start" /t REG_DWORD /d "3" /f -------------------------------------------------------------------------------- /scripts_wip/Win_RDS_Logoff_Disconnected_Users.ps1: -------------------------------------------------------------------------------- 1 | quser | Select-String "Disc" | ForEach {logoff ($_.tostring() -split ' +')[2]} -------------------------------------------------------------------------------- /scripts/Win_Cortana_Disable.bat: -------------------------------------------------------------------------------- 1 | reg add "hklm\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /d "AllowCortana"=dword:00000000 -------------------------------------------------------------------------------- /scripts_wip/Win_Retrieve_Startup_Apps_List.ps1: -------------------------------------------------------------------------------- 1 | Get-CimInstance Win32_StartupCommand | Select-Object Name, command, Location, User | Format-List -------------------------------------------------------------------------------- /scripts/Win_AutoRun_Disable.bat: -------------------------------------------------------------------------------- 1 | reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f -------------------------------------------------------------------------------- /scripts/Win_TRMM_Start_Menu_Delete_Shortcut.ps1: -------------------------------------------------------------------------------- 1 | Remove-Item -Path "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tactical RMM Agent.lnk" -Force -------------------------------------------------------------------------------- /scripts/Win_FileSystem_Enable_Long_Paths.bat: -------------------------------------------------------------------------------- 1 | REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem" /V LongPathsEnabled /T REG_DWORD /D 1 /F -------------------------------------------------------------------------------- /scripts/Win_Power_Profile_Set_High_Performance.ps1: -------------------------------------------------------------------------------- 1 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '/setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c' 2 | -------------------------------------------------------------------------------- /scripts/Win_Win11_Remove_Chat.bat: -------------------------------------------------------------------------------- 1 | REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /f /v TaskbarMn /t REG_DWORD /d 0 -------------------------------------------------------------------------------- /scripts_wip/Win_Power_Fastboot_Disable_Win10.ps1: -------------------------------------------------------------------------------- 1 | REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 1 /F -------------------------------------------------------------------------------- /scripts_wip/Win_VPN_L2TP_Win10_Fix.bat: -------------------------------------------------------------------------------- 1 | REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f -------------------------------------------------------------------------------- /scripts_wip/Win_Check_domain.ps1: -------------------------------------------------------------------------------- 1 | #Check what domain a devices is joined to. 2 | $ErrorActionPreference= 'silentlycontinue' 3 | 4 | Write-Output "$Env:UserDomain" 5 | -------------------------------------------------------------------------------- /scripts/Win_Chocolatey_List_Installed.bat: -------------------------------------------------------------------------------- 1 | rem List apps installed by Chocolatey 2 | 3 | set "chocoExePath=%PROGRAMDATA%\chocolatey\choco.exe" 4 | 5 | "%chocoExePath%" list -------------------------------------------------------------------------------- /scripts/Win_Defender_Clear_Logs.ps1: -------------------------------------------------------------------------------- 1 | wevtutil cl "Microsoft-Windows-Windows Defender/Operational" 2 | Write-Output "Logs are cleared and RMM status should be reset" 3 | -------------------------------------------------------------------------------- /scripts_wip/Win_User_Admin_Account_Rename.ps1: -------------------------------------------------------------------------------- 1 | #Needs random name 2 | #Needs parameter support 3 | 4 | 5 | Rename-LocalUser -Name "Administrator" -NewName "LocalAdmin" 6 | -------------------------------------------------------------------------------- /scripts/Win_Install_Adobe_Reader.ps1: -------------------------------------------------------------------------------- 1 | #Install Adobe Reader DC 2 | choco install adobereader -params '"/EnableUpdateService /UpdateMode:3 /DesktopIcon"' --yes --no-progress --force -------------------------------------------------------------------------------- /scripts/Win_Defender_QuickScan_Background.ps1: -------------------------------------------------------------------------------- 1 | Write-Host "Running Windows Defender Quick Scan in Background" -ForegroundColor Green 2 | Start-MpScan -ScanType QuickScan -AsJob 3 | -------------------------------------------------------------------------------- /scripts/Win_Defender_FullScan_Background.ps1: -------------------------------------------------------------------------------- 1 | Write-Host "Running Windows Defender Full Scan in Background" -ForegroundColor Green 2 | Start-MpScan -ScanPath C:\ -ScanType FullScan -AsJob -------------------------------------------------------------------------------- /scripts_wip/Win_System_Restore_Enable.bat: -------------------------------------------------------------------------------- 1 | reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v SystemRestorePointCreationFrequency /t REG_DWORD /d 0 -------------------------------------------------------------------------------- /scripts/Win_Network_Set_To_Private.ps1: -------------------------------------------------------------------------------- 1 | #This script sets current network profile to Private 2 | 3 | $net = get-netconnectionprofile;Set-NetConnectionProfile -Name $net.Name -NetworkCategory Private -------------------------------------------------------------------------------- /scripts_wip/Win_Power_Mgmt_Disable_Lid_Sleep.bat: -------------------------------------------------------------------------------- 1 | powercfg -setacvalueindex SCHEME_CURRENT 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0 2 | powercfg -SetActive SCHEME_CURRENT -------------------------------------------------------------------------------- /scripts/Win_Printer_ClearandRestart.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | sc stop spooler 4 | 5 | ping 127.0.0.1 -n 6 > nul 6 | 7 | del C:\Windows\System32\spool\printers\* /Q /F /S 8 | 9 | sc start spooler 10 | -------------------------------------------------------------------------------- /scripts_wip/Win_Veeam_BackupRun.ps1: -------------------------------------------------------------------------------- 1 | rem https://helpcenter.veeam.com/docs/agentforwindows/userguide/backup_cmd.html?ver=60 2 | 3 | "C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Manager.exe" /backup -------------------------------------------------------------------------------- /scripts_wip/Win_Network_PublicPrivate_Switch.ps1: -------------------------------------------------------------------------------- 1 | # GET NETWORK STATUS PRIVATE/PUBLIC/HOME/WORK 2 | Get-NetConnectionProfile 3 | Set-NetConnectionProfile -InterfaceIndex -NetworkCategory Private 4 | -------------------------------------------------------------------------------- /scripts_wip/Win_Misc_Speech.ps1: -------------------------------------------------------------------------------- 1 | Add-Type -AssemblyName System.speech 2 | $speak = New-Object System.Speech.Synthesis.SpeechSynthesizer 3 | $speak.Speak("You were bad. Why didn't you update when you were told to?") 4 | -------------------------------------------------------------------------------- /scripts_wip/Win_Windows_InstallUpdatesOnTrigger.ps1: -------------------------------------------------------------------------------- 1 | $u = Start-WUScan -SearchCriteria "IsInstalled=0" 2 | Install-WUUpdates -Updates $u -DownloadOnly $true 3 | Install-WUUpdates -Updates $u 4 | Get-WUIsPendingReboot -------------------------------------------------------------------------------- /scripts_wip/Mac_Users_List.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Old code 4 | # /usr/bin/dscl . -list /Users 5 | 6 | # New code to list Mac users and filters out the system users 7 | /usr/bin/dscl . -list /Users | grep -v '^_' 8 | -------------------------------------------------------------------------------- /scripts_wip/Mac_Network_DNS_Set_to_1.1.1.1.ps1: -------------------------------------------------------------------------------- 1 | networksetup -setdnsservers Wi-Fi 1.1.1.1 2 | networksetup -setdnsservers Wi-Fi 1.0.0.1 3 | networksetup -setdnsservers Ethernet 1.1.1.1 4 | networksetup -setdnsservers Ethernet 1.0.0.1 -------------------------------------------------------------------------------- /scripts_wip/Win_Veeam_CollectorLastBackupDate.ps1: -------------------------------------------------------------------------------- 1 | $logName = "Veeam Agent" 2 | 3 | $last_successful_backup = Get-EventLog $logName -EntryType Information, Warning -InstanceId 190 -newest 1 4 | $last_successful_backup.TimeGenerated -------------------------------------------------------------------------------- /scripts/Win_Users_List.ps1: -------------------------------------------------------------------------------- 1 | # This script return the list of all users and checks 2 | # if they are enabled or disabled 3 | 4 | get-localuser | Select name,Enabled > $env:TEMP\users.txt 5 | Get-Content $env:TEMP\users.txt | foreach {Write-Output $_} -------------------------------------------------------------------------------- /scripts_wip/Win_Repair_DomainTrust.ps1: -------------------------------------------------------------------------------- 1 | ### 2 | # Author: Dave Long 3 | # Tests and attempts to repair the domain trust relationship between a domain 4 | # joined computer and the domain. 5 | ### 6 | 7 | Test-ComputerSecureChannel -Repair -------------------------------------------------------------------------------- /scripts/Win_Printers_List_Installed.ps1: -------------------------------------------------------------------------------- 1 | ######## 2 | ### You can run this as a one of Script and save to Notes, setup a custom field and use a colelctor task or use tasks and check output 3 | 4 | get-WmiObject -class Win32_printer | fl Name, PortName, Shared 5 | -------------------------------------------------------------------------------- /scripts_wip/Win_Hello_Disable.bat: -------------------------------------------------------------------------------- 1 | reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 0 /f 2 | reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /t REG_DWORD /d 1 /f -------------------------------------------------------------------------------- /scripts_wip/Win_Defender_ListExclusions.ps1: -------------------------------------------------------------------------------- 1 | # List all exclusions 2 | # Use Remove-MpPreference -ExclusionPath C:\Windows\Temp\trmm\* 3 | # and Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalRMM\*' 4 | 5 | Get-MpPreference | Select-Object -Property ExclusionPath -------------------------------------------------------------------------------- /scripts_wip/Win_Info_Last_Reboot_Info.ps1: -------------------------------------------------------------------------------- 1 | 2 | #Find last reboot information 3 | 4 | gwmi win32_ntlogevent -filter "LogFile='System' and EventCode='1074' and Message like '%restart%'" | 5 | select User,@{n="Time";e={$_.ConvertToDateTime($_.TimeGenerated)}} 6 | 7 | -------------------------------------------------------------------------------- /scripts_staging/Lab/RustDesk Get ID.ps1: -------------------------------------------------------------------------------- 1 | #public 2 | #grab public id of restdesk to set a custom field 3 | 4 | #V1 5 | $ErrorActionPreference= 'silentlycontinue' 6 | 7 | cd $env:ProgramFiles\RustDesk\ 8 | .\RustDesk.exe --get-id | out-host 9 | 10 | exit 11 | -------------------------------------------------------------------------------- /scripts_wip/Win_Printers_Map_Network (needs fixing).bat: -------------------------------------------------------------------------------- 1 | rundll32 printui.dll,PrintUIEntry /ga /n \\CAC-FILE-02\CAC-LAF-TXROOM 2 | rundll32 printui.dll,PrintUIEntry /ga /n \\CAC-FILE-02\CAC-WLF-PTR-01 3 | TIMEOUT 10 4 | net stop spooler 5 | TIMEOUT 10 6 | net start spooler 7 | exit /B -------------------------------------------------------------------------------- /scripts_wip/Win_Folder_Downloads_Clear.ps1: -------------------------------------------------------------------------------- 1 | $root="c:\users" 2 | $users=get-childitem -path $root -exclude administrator, public 3 | foreach ($user in $users) 4 | { 5 | $folder= join-path -path $user -childpath "downloads\*" 6 | Get-childitem $folder -recurse | remove-item -force 7 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Network_AutoDiscovery_Disable.ps1: -------------------------------------------------------------------------------- 1 | # SET NETWORK DISCOVERY TO FALSE ON ALL CONNECTIONS 2 | 3 | Get-NetFirewallRule -DisplayGroup 'Network Discovery'|Set-NetFirewallRule -Profile 'Private, Domain' -Enabled false -PassThru|select Name,DisplayName,Enabled,Profile|ft -a 4 | -------------------------------------------------------------------------------- /scripts_wip/Win_OS_Determine.ps1: -------------------------------------------------------------------------------- 1 | # Get OS version for using later 2 | 3 | $caption = (Get-WmiObject -class Win32_OperatingSystem).Caption 4 | 5 | if ($caption.ToLower().Contains("server")) { 6 | Write-Output "server" 7 | } 8 | else { 9 | Write-Output "workstation" 10 | } -------------------------------------------------------------------------------- /scripts_wip/Win11_Update_StartMenu.bat: -------------------------------------------------------------------------------- 1 | rem Block Win11 upgrade 2 | 3 | reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v TargetReleaseVersion /t REG_DWORD /d 1 4 | reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f /v TargetReleaseVersionInfo /t REG_SZ /d 21H2 5 | -------------------------------------------------------------------------------- /scripts_wip/Win_Users_AD_List_Enabled.ps1: -------------------------------------------------------------------------------- 1 | # ACTIVE DIRECTORY AD LIST ENABLED USERS DOMAIN 2 | Get-ADUser -Filter {Enabled -eq $true} | select Name,Enabled | Export-Csv c:\temp\aduserlist.csv 3 | Get-ADUser -Filter {Enabled -eq $true} | select SamAccountName,Name | Export-Csv c:\temp\aduserlist.csv 4 | -------------------------------------------------------------------------------- /scripts_wip/Win_System_Restore_Point_Create.ps1: -------------------------------------------------------------------------------- 1 | #Needs updating to include date 2 | #Needs System Restore Size adjusting (50GB or 20% disk space) 3 | 4 | 5 | Checkpoint-Computer -Description "Weekly Maintanence" -RestorePointType "MODIFY_SETTINGS" 6 | Write-Host "System Restore Point created successfully" -------------------------------------------------------------------------------- /scripts/Win_Splashtop_Get_ID.ps1: -------------------------------------------------------------------------------- 1 | # Retrieve Splashtop SUUID from device registry. 2 | 3 | if (!$ErrorCount -eq 0) { 4 | exit 1 5 | } 6 | 7 | 8 | $key = 'HKLM:\SOFTWARE\WOW6432Node\Splashtop Inc.\Splashtop Remote Server' 9 | (Get-ItemProperty -Path $key -Name SUUID).SUUID 10 | Write-Output $key.SUUID -------------------------------------------------------------------------------- /scripts/Win_Windows_Update_RevertToDefault.ps1: -------------------------------------------------------------------------------- 1 | # Tactical RMM Patch management disables Windows Automatic Update settings by setting the registry key below to 1. 2 | # Run this to revert back to default 3 | 4 | Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -------------------------------------------------------------------------------- /scripts/Win_Storage_CheckPools.ps1: -------------------------------------------------------------------------------- 1 | $pools = Get-VirtualDisk | select -ExpandProperty HealthStatus 2 | 3 | $err = $False 4 | 5 | ForEach ($pool in $pools) { 6 | if ($pool -ne "Healthy") { 7 | $err = $True 8 | } 9 | } 10 | 11 | if ($err) { 12 | exit 1 13 | } 14 | else { 15 | exit 0 16 | } -------------------------------------------------------------------------------- /scripts_wip/Win_WinRM_Enable_Remote.ps1: -------------------------------------------------------------------------------- 1 | # enabling WINrm ( usually needed for windows admin centre) 2 | # recent update disable or stops Winrm in services 3 | #Add's firewall event for Winrm 4 | 5 | Enable-PSRemoting -Force 6 | 7 | Set-NetFirewallRule -Name WINRM-HTTP-In-TCP -RemoteAddress Any 8 | 9 | 10 | -------------------------------------------------------------------------------- /scripts_staging/Win_Driver_Restrict_PrinterInstallToAdmin.bat: -------------------------------------------------------------------------------- 1 | REM This Script will restrict adding printers to Admins only 2 | REM TODO need an undo loop 3 | 4 | reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint" /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 1 /f 5 | -------------------------------------------------------------------------------- /scripts_wip/nix_bash_HP_RAID_Cache_Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONTROLLER=$(hpssacli ctrl all show status | grep -i cache) 3 | echo $CONTROLLER 4 | if [[ $CONTROLLER == *"Cache Status: OK"* ]]; then 5 | echo "RAID Cache is Healthy" 6 | exit 0 7 | else 8 | echo "RAID Cache has Error" 9 | exit 2 10 | fi -------------------------------------------------------------------------------- /scripts_wip/Win_DNS_Get_Domain_MX_Records(fixme).bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | rem Get's the MX records for a domain 3 | rem To use a variable instaed of having to put the domain into the script 4 | rem change line 6 to `set domain="\{[DOMAIN]\}" (remove backslashes) 5 | 6 | set domain="PUT DOMAIN TO CHECK HERE" 7 | 8 | nslookup -type=mx %doamin% -------------------------------------------------------------------------------- /scripts_wip/Win_Processes_Retrieve_Top.ps1: -------------------------------------------------------------------------------- 1 | #Needs Command parameter updates 2 | 3 | 4 | Get-WmiObject Win32_PerfFormattedData_PerfProc_Process | ` where-object{ $_.Name -ne "_Total" -and $_.Name -ne "Idle"} | ` Sort-Object PercentProcessorTime -Descending | ` select -First 5 | ` Format-Table Name,IDProcess,PercentProcessorTime -AutoSize -------------------------------------------------------------------------------- /scripts_wip/nix_bash_HP_RAID_Battery_Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONTROLLER=$(hpssacli ctrl all show status | grep -i battery) 3 | echo $CONTROLLER 4 | if [[ $CONTROLLER == *"Battery/Capacitor Status: OK"* ]]; then 5 | echo "RAID Battery is Healthy" 6 | exit 0 7 | else 8 | echo "RAID Battery has Error" 9 | exit 2 10 | fi -------------------------------------------------------------------------------- /scripts_wip/nix_bash_HP_RAID_Controller_Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONTROLLER=$(hpssacli ctrl all show status | grep -i controller) 3 | echo $CONTROLLER 4 | if [[ $CONTROLLER == *"Controller Status: OK"* ]]; then 5 | echo "RAID Controller is Healthy" 6 | exit 0 7 | else 8 | echo "RAID Controller has Error" 9 | exit 2 10 | fi -------------------------------------------------------------------------------- /scripts_wip/Win_SMB_version.ps1: -------------------------------------------------------------------------------- 1 | # GET SMBv2 SERVER STATUS 2 | Get-SmbServerConfiguration | Select EnableSMB2Protocol 3 | 4 | # GET SMB Session versions 5 | Get-SmbSession | Select-Object -Property ClientComputerName,ClientUserName,Dialect,NumOpens 6 | 7 | 8 | #Install SMB1 9 | Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol 10 | -------------------------------------------------------------------------------- /scripts_wip/Win_User_Password_Reset.ps1: -------------------------------------------------------------------------------- 1 | # Set the Password-String -- defaults to THIS.IS.NOT.SECURE 2 | $newpwd = ConvertTo-SecureString -String "THIS.IS.NOT.SECURE" -AsPlainText ?Force 3 | 4 | # Set the correct local user you want to reset 5 | $UserAccount = Get-LocalUser -Name "ADMINUSER" 6 | 7 | # Set it 8 | $UserAccount | Set-LocalUser -Password $newpwd -------------------------------------------------------------------------------- /scripts_wip/Win_Huntress_Detect.ps1: -------------------------------------------------------------------------------- 1 | $serviceName = "HuntressAgent" 2 | $tls = "Tls12"; 3 | [System.Net.ServicePointManager]::SecurityProtocol = $tls; 4 | If (Get-Service $serviceName -ErrorAction SilentlyContinue) { 5 | $service = Get-Service -Name $serviceName 6 | $stat = $service.Status 7 | exit 0 8 | } 9 | Else { 10 | exit 1 11 | } 12 | -------------------------------------------------------------------------------- /scripts_wip/Win_WSUS_Clear_And_Restart.bat: -------------------------------------------------------------------------------- 1 | net stop wuauserv 2 | net stop cryptSvc 3 | net stop bits 4 | net stop msiserver 5 | timeout 1 6 | Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old 7 | Ren C:\Windows\System32\catroot2 Catroot2.old 8 | timeout 1 9 | net start wuauserv 10 | net start cryptSvc 11 | net start bits 12 | net start msiserver -------------------------------------------------------------------------------- /scripts/Win_TRMM_AV_Update_Exclusion.ps1: -------------------------------------------------------------------------------- 1 | #Windows Defender Exclusions for Tactical 2 | Add-MpPreference -ExclusionPath "C:\Program Files\Mesh Agent\*" 3 | Add-MpPreference -ExclusionPath "C:\Program Files\TacticalAgent\*" 4 | Add-MpPreference -ExclusionPath "C:\ProgramData\TacticalRMM\*" 5 | Add-MpPreference -ExclusionProcess "C:\Windows\Temp\is-*.tmp\tacticalagent*" 6 | -------------------------------------------------------------------------------- /scripts_wip/Win_Outlook_Get_Addins.ps1: -------------------------------------------------------------------------------- 1 | $searchScopes = "HKCU:\SOFTWARE\Microsoft\Office\Outlook\Addins","HKLM:\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins" 2 | $searchScopes | % {Get-ChildItem -Path $_ | % {Get-ItemProperty -Path $_.PSPath} | Select-Object @{n="Name";e={Split-Path $_.PSPath -leaf}},FriendlyName,Description} | Sort-Object -Unique -Property name -------------------------------------------------------------------------------- /scripts_wip/linux_sshserver_check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # With love from Stefan Lousberg 10/29/2023 4 | # 5 | 6 | SSH_STATUS=$(systemctl is-active sshd) 7 | 8 | if [ "$SSH_STATUS" == "active" ]; then 9 | echo "SSH server (sshd) is running" 10 | exit 0 11 | else 12 | echo "SSH server (sshd) is not running" 13 | exit 1 14 | fi 15 | -------------------------------------------------------------------------------- /scripts_wip/Win_Upgrade_Win7_to_Win10.ps1: -------------------------------------------------------------------------------- 1 | $dir = "c:\temp" 2 | mkdir $dir 3 | $webClient = New-Object System.Net.WebClient 4 | $url = "https://go.microsoft.com/fwlink/?LinkID=799445" 5 | $file = "$($dir)\Win10Upgrade.exe" 6 | $webClient.DownloadFile($url,$file) 7 | Start-Process -FilePath $file -ArgumentList "/quietinstall /skipeula /auto upgrade /copylogs $dir" -verb runas -------------------------------------------------------------------------------- /scripts_wip/Mac_System_Integrity.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | SIPStatus=$(csrutil status | awk '{print toupper($5)}' | sed 's/\.//g') 3 | if [ "$SIPStatus" == "ENABLED" ]; then 4 | echo "System Integrity: Enabled" 5 | systemIntegrityProtectionEnabled=1 6 | elif [ "$SIPStatus" == "DISABLED" ]; then 7 | echo "System Integrity: Disabled" 8 | systemIntegrityProtectionEnabled=0 9 | fi -------------------------------------------------------------------------------- /scripts_wip/Win_Shortcut_Creator2.ps1: -------------------------------------------------------------------------------- 1 | param ( 2 | [string] $name, 3 | [string] $url 4 | ) 5 | 6 | $url = $url 7 | $name = $name 8 | $Shell = New-Object -ComObject ("WScript.Shell") 9 | $ShortCut = $Shell.CreateShortcut("$env:Public\Desktop\$name.url") 10 | $ShortCut.TargetPath="$url" 11 | $ShortCut.Save() 12 | 13 | 14 | # arguements: -name {{shortcut name}} -url {{url}} 15 | -------------------------------------------------------------------------------- /scripts_wip/Win_Misc_Shortcut_Create.ps1: -------------------------------------------------------------------------------- 1 | # Needs parameterization 2 | 3 | 4 | $url = "https://www.example.com" 5 | $icon = "C:\path\to\icon.ico" 6 | $desktop = [Environment]::GetFolderPath("Desktop") 7 | $shortcut = New-Object -comObject WScript.Shell 8 | $link = $shortcut.CreateShortcut("$desktop\Example.lnk") 9 | $link.TargetPath = $url 10 | $link.IconLocation = $icon 11 | $link.Save() -------------------------------------------------------------------------------- /scripts_wip/Win_Software_Installed_List.ps1: -------------------------------------------------------------------------------- 1 | Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Format-Table PSChildName, DisplayName, Publisher, DisplayVersion, Version, UninstallString 2 | 3 | Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Format-Table PSChildName, DisplayName, Publisher, DisplayVersion, Version, UninstallString -------------------------------------------------------------------------------- /scripts/Win_TRMM_Agent_DebugmodeUndo.bat: -------------------------------------------------------------------------------- 1 | rem TRMM Agent temporarily running in debug mode. 2 | 3 | del "C:\Program Files\TacticalAgent\undodebug.bat" 4 | ( 5 | echo REM Stop TRMM in debugging mode and start service 6 | taskkill /IM "tacticalrmm.exe" /F 7 | net start "tacticalrmm" 8 | )>"C:\Program Files\TacticalAgent\undodebug.bat" 9 | 10 | start "" "C:\Program Files\TacticalAgent\undodebug.bat" -------------------------------------------------------------------------------- /scripts/Win_Firewall_Check_Status.ps1: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference = 'silentlycontinue' 2 | $fwenabled = (get-netfirewallprofile -policystore activestore).Enabled 3 | 4 | if ($fwenabled.Contains('False')) { 5 | Write-Output "Firewall is Disabled" 6 | exit 1 7 | } 8 | 9 | 10 | else { 11 | Write-Host "Firewall is Enabled" 12 | netsh advfirewall show currentprofile 13 | exit 0 14 | } 15 | -------------------------------------------------------------------------------- /scripts_wip/Win_WeatherNews_Taskbar.bat: -------------------------------------------------------------------------------- 1 | REM turns off the task icon for news and weather icon for windows 10 build 21H1 2 | REM key switches 0 - on 1 - hides 2 - off 3 | REM reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Feeds /f removes it completely 4 | 5 | reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Feeds /v ShellFeedsTaskbarViewMode /t REG_Dword /d 2 /f 6 | -------------------------------------------------------------------------------- /scripts/Win_Network_IPv6_Disable.ps1: -------------------------------------------------------------------------------- 1 | #CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability 2 | #https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898 3 | 4 | #Disable IPv6 on All Adapers 5 | Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6 6 | 7 | #Confirm That all NIC's no longer have IPv6 Enabled 8 | (Get-NetAdapterBinding -Name '*' -ComponentID ms_tcpip6).Enabled -------------------------------------------------------------------------------- /scripts/Win_Power_RestartorShutdown.ps1: -------------------------------------------------------------------------------- 1 | # This script will force restart computer. Add command paramter: shutdown to shutdown instead 2 | # Normal restart doesn't install updates before issuing 3 | 4 | $param1 = $args[0] 5 | 6 | if ($param1 -eq 'shutdown') { 7 | Stop-Computer -ComputerName $env:COMPUTERNAME -Force 8 | } 9 | else { 10 | Restart-Computer -ComputerName $env:COMPUTERNAME -Force 11 | } -------------------------------------------------------------------------------- /scripts/Win_AzureAD_Check_Connection_Status.ps1: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference = 'silentlycontinue' 2 | $aadchk = dsregcmd /status | Where-Object { $_ -match 'AzureAdJoined : ' } | ForEach-Object { $_.Trim() } 3 | 4 | if ($aadchk -Eq 'AzureAdJoined : Yes') { 5 | Write-Output "Machine is Azure Ad Joined" 6 | exit 0 7 | } 8 | 9 | else { 10 | Write-Output "Machine is not Azure Ad Joined" 11 | exit 1 12 | } 13 | -------------------------------------------------------------------------------- /scripts_wip/Win_Network_VPN_SSTP.ps1: -------------------------------------------------------------------------------- 1 | 2 | $CUSTOMER = "CustomerName" 3 | $VPNHOST = "fqdn.customer.name" 4 | 5 | Add-VpnConnection -Name "VPN $CUSTOMER" -ServerAddress "$VPNHOST" -TunnelType "SSTP" -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -SplitTunneling -AllUserConnection -force 6 | # New-ItemProperty -Type DWord -Path HKLM:\System\CurrentControlSet\Services\Sstpsvc\Parameter -Name NoCertRevocationCheck -value "1" -------------------------------------------------------------------------------- /scripts_wip/nix_bash_Install_HP_Server_Health_Tools.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cd /tmp 3 | wget https://downloads.linux.hpe.com/SDR/repo/mcp/centos/6/x86_64/10.40/hpssacli-2.40-13.0.x86_64.rpm 4 | yum install -y --nogpgcheck hpssacli-2.40-13.0.x86_64.rpm 5 | wget https://downloads.linux.hpe.com/SDR/repo/mcp/centos/6/x86_64/10.40/hp-health-10.40-1777.17.rhel6.x86_64.rpm 6 | yum install -y --nogpgcheck hp-health-10.40-1777.17.rhel6.x86_64.rpm -------------------------------------------------------------------------------- /scripts/Win_Open_SSH_Server_Install.ps1: -------------------------------------------------------------------------------- 1 | if((Get-WindowsCapability -Online | ? Name -like OpenSSH.Server*).State -eq "Installed") { 2 | Write-Output "OpenSSH Server is already installed." 3 | } else { 4 | Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 5 | Set-Service -Name sshd -StartupType 'Automatic' 6 | Start-Service sshd 7 | } 8 | Get-WindowsCapability -Online | Where-Object -Property Name -Like "OpenSSH*" 9 | -------------------------------------------------------------------------------- /scripts_wip/Win_SMB_CheckForNonDefault.ps1: -------------------------------------------------------------------------------- 1 | # Get all SMB shares 2 | $shares = Get-SmbShare 3 | 4 | # Filter out default shares 5 | $nonDefaultShares = $shares | Where-Object { $_.Special -eq $false } 6 | 7 | if ($nonDefaultShares.Count -eq 0) { 8 | Write-Output "All good. There are no non-default shares." 9 | } else { 10 | Write-Output "Error: There are non-default shares present." 11 | $nonDefaultShares 12 | exit 1 13 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Windows_Activation_check.ps1: -------------------------------------------------------------------------------- 1 | $WinVerAct = (cscript /Nologo "C:\Windows\System32\slmgr.vbs" /xpr) -join '' 2 | 3 | if ($WinVerAct -like '*Activated*' -or $WinVerAct -like '*Aktiviert*' -or $WinVerAct -like '*Volumen-Aktivierung*' -or $WinVerAct -like '*Volume Activation*') { 4 | Write-Output "All looks fine $WinVerAct" 5 | exit 0 6 | } 7 | 8 | else { 9 | Write-Output "Theres an issue $WinVerAct" 10 | exit 1 11 | } 12 | -------------------------------------------------------------------------------- /scripts/Win_Network_DHCP_Set.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | for /f "tokens=4-5 delims=. " %%i in ('ver') do set VERSION=%%i.%%j 3 | 4 | if "%version%" == "6.1" ( 5 | rem Windows 7 6 | netsh interface ip set address "Local Area Connection" dhcp 7 | netsh interface ip set dns "Local Area Connection" dhcp 8 | ) 9 | if "%version%" == "10.0" ( 10 | rem Windows 10 11 | netsh interface ip set address Ethernet dhcp 12 | netsh interface ip set dns Ethernet dhcp 13 | ) -------------------------------------------------------------------------------- /scripts/Win_Securepoint_Get_DeviceId.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Give back the Securepoint Device id 4 | 5 | .REQUIREMENTS 6 | Securepoint Antivirus Pro must be installed on the client 7 | 8 | .INSTRUCTIONS 9 | - 10 | 11 | .NOTES 12 | V1.0 Initial Release by https://github.com/maltekiefer 13 | 14 | #> 15 | 16 | $SecurepointDeviceId = (Get-Item -Path 'HKLM:\SOFTWARE\Ikarus\guardx\cloud').GetValue('DeviceId') 17 | 18 | Write-Output $SecurepointDeviceId 19 | -------------------------------------------------------------------------------- /scripts_wip/linux_user_monitor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Monitor for users on Linux: 4 | 5 | new="/opt/rmmscripts/users_new" 6 | old="/opt/rmmscripts/users_old" 7 | 8 | if [[ ! -e $old ]]; then 9 | mkdir /opt/rmmscripts 10 | cat /etc/passwd > $new 11 | fi 12 | 13 | mv $new $old 14 | cat /etc/passwd > $new 15 | diff <(cat $old) <(cat $new) 16 | if [[ $? == 0 ]] ; then 17 | echo "no users added or deleted" 18 | else 19 | echo "user(s) added or deleted" 20 | exit 1 21 | fi -------------------------------------------------------------------------------- /scripts_wip/Win_Event_Logs_Clear_All.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | for /F %%a IN (?wevtutil el?) DO (wevtutil.exe cl %%a >nul 2>&1) 3 | IF (%adminTest%)==(Access) goto noAdmin 4 | for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G") 5 | echo. 6 | echo Event Logs have been cleared! 7 | goto theEnd 8 | :do_clear 9 | echo clearing %1 10 | wevtutil.exe cl %1 11 | goto :eof 12 | :noAdmin 13 | echo You must run this script as an Administrator! 14 | echo. 15 | :theEnd 16 | -------------------------------------------------------------------------------- /docker-compose-powershell.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3.7' 3 | 4 | services: 5 | 6 | powershell: 7 | image: "mcr.microsoft.com/powershell${MACOS_ARM64}" 8 | environment: 9 | - POWERSHELL_TELEMETRY_OPTOUT=1 10 | stdin_open: true # docker run -i 11 | tty: true # docker run -t 12 | working_dir: /community-scripts 13 | volumes: 14 | # Mount the repo in Docker 15 | # Note: ${PWD} is not available on Windows 16 | - .:/community-scripts 17 | -------------------------------------------------------------------------------- /docker-compose-python.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3.7' 3 | 4 | services: 5 | 6 | python: 7 | image: python/3.8 8 | stdin_open: true # docker run -i 9 | tty: true # docker run -t 10 | # Dockerfile CMD runs bash. This is here for future reference. 11 | # entrypoint: /bin/bash 12 | working_dir: /community-scripts 13 | volumes: 14 | # Mount the repo in Docker 15 | # Note: ${PWD} is not available on Windows 16 | - .:/community-scripts 17 | -------------------------------------------------------------------------------- /scripts_wip/Win_Choco_ConvertToChocoManaged.ps1: -------------------------------------------------------------------------------- 1 | # Untested script from cleveradmin, please test and fix 2 | 3 | $Applist = @('Adobe Acrobat Reader DC', 'Google Chrome') 4 | $InstalledSoftware = Get-ChildItem "HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" 5 | foreach ($obj in $InstalledSoftware) { 6 | if ($obj.GetValue('DisplayName') -in $Applist) { 7 | $Appname = $obj.GetValue('DisplayName') 8 | Write-Host "Match $Appname" 9 | } 10 | 11 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Powershell_Version_Check.ps1: -------------------------------------------------------------------------------- 1 | # Use as check script for old Powershell version 2.0 (aka Win7) and upgrade using https://github.com/wh1te909/tacticalrmm/blob/develop/scripts_wip/Win_Powershell_Upgrade.ps1 2 | 3 | if ($PSVersionTable.PSVersion.Major -gt 2) { 4 | $PSVersionTable.PSVersion.Major 5 | Write-Output "PSVersion Greater than 2.0" 6 | exit 0 7 | } 8 | else { 9 | $PSVersionTable.PSVersion.Major 10 | Write-Output "PSVersion less than 2.0" 11 | exit 1 12 | } -------------------------------------------------------------------------------- /scripts_wip/Mac-Install_diskspace: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Get accurate disk usage measurements on a Mac 3 | # https://github.com/scriptingosx/diskspace 4 | # https://scriptingosx.com/2021/11/monterey-python-and-free-disk-space/ 5 | 6 | # Download package and install 7 | curl -k -L -o /tmp/diskspace-1.pkg "https://github.com/scriptingosx/diskspace/releases/download/v1/diskspace-1.pkg" 8 | sudo installer -pkg /tmp/diskspace-1.pkg -target / 9 | 10 | # Run to test 11 | /usr/local/bin/diskspace -H 12 | -------------------------------------------------------------------------------- /scripts_wip/ping_check.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # ping checker 3 | 4 | import subprocess 5 | import sys 6 | 7 | if len(sys.argv) != 2: 8 | print("ERROR: Missing hostname or ip argument") 9 | sys.exit(1) 10 | 11 | cmd = ["ping.exe", sys.argv[1], "-n", "5"] 12 | 13 | r = subprocess.run(cmd, capture_output=True) 14 | 15 | success = ["Reply", "bytes", "time", "TTL"] 16 | 17 | print(r.stdout.decode()) 18 | 19 | if all (i in r.stdout.decode() for i in success): 20 | sys.exit(0) 21 | 22 | sys.exit(1) -------------------------------------------------------------------------------- /scripts_wip/Win_Snipit_Killit.ps1: -------------------------------------------------------------------------------- 1 | param ( 2 | [switch]$Disable 3 | ) 4 | 5 | 6 | # Disable Snipit 7 | $registryPath = "HKCU:\Control Panel\Keyboard" 8 | $Name = "PrintScreenKeyForSnippingEnabled" 9 | $value = "0" 10 | $currentvalue = Get-ItemPropertyValue -Path $registryPath -Name $Name 11 | Write-Output "Current Value: $currentvalue" 12 | 13 | if ($Disable) { 14 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null 15 | Write-Output "Changed reg key" 16 | } -------------------------------------------------------------------------------- /scripts/Win_TaskScheduler_Add_Task.ps1: -------------------------------------------------------------------------------- 1 | # Add a task to Task Scheduler 2 | 3 | $Trigger = New-ScheduledTaskTrigger -At 10:00am -Daily # Specify the trigger settings 4 | $User = "NT AUTHORITY\SYSTEM" # Specify the account to run the script 5 | $Action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "YOUR COMMAND HERE" # Specify what program to run and with its parameters 6 | Register-ScheduledTask -TaskName "SomeTaskName" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest -Force # Specify the name of the task -------------------------------------------------------------------------------- /scripts/Win_User_Logged_in_with_Temp_Profile.ps1: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference = 'silentlycontinue' 2 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) 3 | if (Get-WinEvent -FilterHashtable @{LogName = 'Application'; ID = '1511'; StartTime = $TimeSpan }) { 4 | Write-Output "An account has been logged in with a Temporary profile" 5 | Get-WinEvent -FilterHashtable @{LogName = 'Application'; ID = '1511'; StartTime = $TimeSpan } 6 | exit 1 7 | } 8 | 9 | else { 10 | Write-Output "All looks fine" 11 | exit 0 12 | } 13 | -------------------------------------------------------------------------------- /scripts_staging/linux_cron_monitor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Monitors Cron for any changes 4 | 5 | new="/opt/cronmonitor/current_status_new" 6 | old="/opt/cronmonitor/current_status_old" 7 | 8 | if [[ ! -e $old ]]; then 9 | mkdir /opt/cronmonitor/ 10 | cat /var/spool/cron/crontabs/* > $new 11 | fi 12 | 13 | mv $new $old 14 | cat /var/spool/cron/crontabs/* > $new 15 | diff <(cat $old) <(cat $new) 16 | if [[ $? == 0 ]] ; then 17 | echo "no change in cron" 18 | else 19 | echo "cron changed" 20 | exit 1 21 | fi 22 | -------------------------------------------------------------------------------- /scripts_wip/Win_Suggested_Apps_Disable.ps1: -------------------------------------------------------------------------------- 1 | $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" 2 | $Name = "DisableWindowsConsumerFeatures " 3 | $value = "1" 4 | 5 | IF(!(Test-Path $registryPath)) 6 | { 7 | New-Item -Path $registryPath -Force | Out-Null 8 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null 9 | } 10 | ELSE { 11 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null 12 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Rustdesk_Install.ps1: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference= 'silentlycontinue' 2 | 3 | If (!(test-path "c:\temp")) { 4 | New-Item -ItemType Directory -Force -Path "c:\temp" 5 | } 6 | cd c:\temp 7 | 8 | If (!(test-path "C:\Program Files\Rustdesk\RustDesk.exe")) { 9 | cd c:\temp 10 | 11 | Invoke-WebRequest https://github.com/rustdesk/rustdesk/releases/download/1.1.9/rustdesk-1.1.9-windows_x64.zip -Outfile rustdesk.zip 12 | 13 | expand-archive rustdesk.zip 14 | cd rustdesk 15 | start .\rustdesk-1.1.9-putes.exe --silent-install 16 | } 17 | -------------------------------------------------------------------------------- /scripts_wip/Win_File_Detect_and_Alert.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Detect if object exists and gives error 4 | .DESCRIPTION 5 | Long description 6 | .EXAMPLE 7 | Example of how to use this cmdlet 8 | .EXAMPLE 9 | Another example of how to use this cmdlet 10 | #> 11 | 12 | If ((Test-Path -Path "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tactical RMM Agent.lnk" -PathType Leaf) -eq $false ) { 13 | 14 | Write-Output "No Shortcut" 15 | exit 0 16 | 17 | } 18 | Else { 19 | 20 | Write-Output 'Shortcut Exists' 21 | exit 1 22 | } 23 | -------------------------------------------------------------------------------- /scripts_wip/nix_bash_HP_CPU_Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Get Server/CPU status 3 | RESULT=$(hpasmcli -s "show server" | grep -i status) 4 | RETURN=0 5 | #Loop through each CPU and fail if any is not OK 6 | while IFS= read -r line; do 7 | echo "$line" 8 | if [[ $line == *"Status : Ok"* ]]; 9 | then echo "Good"; 10 | else echo "Bad"; RETURN=1; 11 | fi 12 | done <<< "$RESULT" 13 | echo $RETURN 14 | #Return result to TRMM 15 | if [ $RETURN == 0 ]; then 16 | echo "CPUs are Healthy" 17 | #exit 0 18 | else 19 | echo "CPU Fault" 20 | #exit 2 21 | fi -------------------------------------------------------------------------------- /scripts_wip/3rdparty_slack_alerts.py: -------------------------------------------------------------------------------- 1 | # from superdry 2 | 3 | import requests 4 | import json 5 | import sys 6 | 7 | agent_hostname = sys.argv[1] 8 | agent_description = sys.argv[2] 9 | agent_local_ips = sys.argv[3] 10 | client_name = sys.argv[4] 11 | site_name = sys.argv[5] 12 | alert_message = sys.argv[6] 13 | 14 | url = 'https://hooks.slack.com/services/XXXXXX/XXXXXX/XXXXXX' 15 | payload = {"text": f"Name: {agent_hostname} \nAlert Message: {alert_message}\nIP: {{agent_local_ips}}"} 16 | 17 | r = requests.post(url, data=json.dumps(payload), headers={'Content-Type': 'application/json'}) -------------------------------------------------------------------------------- /scripts_staging/linux_disk_check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Checks Disk space usage on Linux 4 | 5 | output=$(df -h | grep -vE '^Filesystem|tmpfs|cdrom|udev' | awk '{ print $5 " " $1 }') 6 | 7 | IFS=$'\n' 8 | for disk in $output; do 9 | usep=$(echo "${disk}" | awk '{ print $1 }' | cut -d'%' -f1) 10 | partition=$(echo "${disk}" | awk '{ print $2 }') 11 | if [ ${usep} -ge 90 ]; then 12 | echo "Running out of space $partition ${usep}%" 13 | Exit 1 14 | else 15 | echo "${partition} Disk space is fine at ${usep}%" 16 | exit 0 17 | fi 18 | done 19 | -------------------------------------------------------------------------------- /scripts_wip/nix_bash_HP_Memory_Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Get DIMM status 3 | RESULT=$(hpasmcli -s "show dimm" | grep -i status) 4 | RETURN=0 5 | #Loop through each DIMM and fail if any is not OK 6 | while IFS= read -r line; do 7 | echo "$line" 8 | if [[ $line == *"Status: Ok"* ]]; 9 | then echo "Good"; 10 | else echo "Bad"; RETURN=1; 11 | fi 12 | done <<< "$RESULT" 13 | echo $RETURN 14 | #Return result to TRMM 15 | if [ $RETURN == 0 ]; then 16 | echo "Memory Modules are Healthy" 17 | exit 0 18 | else 19 | echo "Memory Fault" 20 | exit 2 21 | fi -------------------------------------------------------------------------------- /scripts/Win_RunAsUser_Example2.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | This is an example script for getting logged in username for RunAsUser scripts. To be run from SYSTEM (not TRMM RunAsUser) 4 | 5 | .DESCRIPTION 6 | Fully functional example for RunAsUser, including getting return data and exit 1 from Userland 7 | 8 | .NOTES 9 | V1.0 10 | #> 11 | 12 | $currentuser = ((Get-WMIObject -ClassName Win32_ComputerSystem).Username).Split('\')[1] 13 | 14 | If (!$currentuser) { 15 | Write-Output "Noone currently logged in" 16 | } else { 17 | Write-Output "Currently logged in user is: $currentuser"} -------------------------------------------------------------------------------- /scripts_wip/nix_bash_HP_Power_Supply_Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Get DIMM status 3 | RESULT=$(hpasmcli -s "show powersupply" | grep -i condition) 4 | RETURN=0 5 | #Loop through each DIMM and fail if any is not OK 6 | while IFS= read -r line; do 7 | echo "$line" 8 | if [[ $line == *"Condition: Ok"* ]]; 9 | then echo "Good"; 10 | else echo "Bad"; RETURN=1; 11 | fi 12 | done <<< "$RESULT" 13 | echo $RETURN 14 | #Return result to TRMM 15 | if [ $RETURN == 0 ]; then 16 | echo "Power Supplies are Healthy" 17 | exit 0 18 | else 19 | echo "Power Supply Fault" 20 | exit 2 21 | fi -------------------------------------------------------------------------------- /scripts/Win_TRMM_Agent_Debugmode.bat: -------------------------------------------------------------------------------- 1 | rem This will stop the TRMM services and manually launch TRMM in debug mode. 2 | rem You can then use Win_TRMM_GetLogs.ps1 to collect as needed 3 | rem Restart the computer to stop debug and return agent to regular mode 4 | 5 | del "C:\Program Files\TacticalAgent\runasdebug.bat" 6 | ( 7 | echo REM Stop TRMM services and start with debugging 8 | echo net stop "tacticalrmm" 9 | echo start "" "C:\Program Files\TacticalAgent\tacticalrmm.exe" -m rpc -log debug 10 | )>"C:\Program Files\TacticalAgent\runasdebug.bat" 11 | 12 | start "" "C:\Program Files\TacticalAgent\runasdebug.bat" -------------------------------------------------------------------------------- /runtestsonwindows.ps1: -------------------------------------------------------------------------------- 1 | # This is for running pytest locally on windows only. 2 | # Using VSCode select the line(s) you wish to execute and use "Run Selection (F8)" 3 | # Read more here: https://docs.tacticalrmm.com/devnotes/running_tests_locally/ 4 | 5 | #Activate python 6 | python -m venv env 7 | .\env\Scripts\activate 8 | 9 | #Install requirements first time only 10 | python -m pip install --upgrade pip #1st time and when you want to update python modules 11 | pip install -r requirements.txt #only 1st time 12 | 13 | #Run mkdocs and look at changes as you make them 14 | pytest 15 | 16 | #Stop python 17 | deactivate -------------------------------------------------------------------------------- /scripts/zzDEPRECATED_Win_RustDesk_GetID.ps1: -------------------------------------------------------------------------------- 1 | # No Longer working please use from https://docs.tacticalrmm.com/3rdparty_rustdesk/ 2 | $ErrorActionPreference = 'silentlycontinue' 3 | 4 | Write-output ".............................................................................................................................." 5 | Write-output "Script doesn't work and won't be updated please obtain up to date scripts from https://docs.tacticalrmm.com/3rdparty_rustdesk/" 6 | Write-output ".............................................................................................................................." 7 | exit 20 8 | -------------------------------------------------------------------------------- /.github/workflows/tests.yml: -------------------------------------------------------------------------------- 1 | name: test community script json 2 | on: 3 | push: 4 | branches: 5 | - main 6 | pull_request: 7 | branches: 8 | - main 9 | 10 | jobs: 11 | build: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: actions/checkout@v3 15 | - name: Set up Python 16 | uses: actions/setup-python@v4 17 | with: 18 | python-version: "3.10.5" 19 | - name: Install dependencies 20 | run: | 21 | python -m pip install --upgrade pip 22 | pip install pytest 23 | - name: Test with pytest 24 | run: pytest -vv 25 | -------------------------------------------------------------------------------- /scripts_staging/Win_Chrome_Check_Version.ps1: -------------------------------------------------------------------------------- 1 | ## Gets Chrome version installed on Client (would work for any software) 2 | 3 | $ResultWow6432 = (Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_ -match "Chrome" } | Select-Object -ExpandProperty DisplayVersion) 4 | $Result = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_ -match "Chrome" } | Select-Object -ExpandProperty DisplayVersion) 5 | 6 | if ($ResultWow6432) { 7 | 8 | } 9 | Write-Output "Version Wow6432: $($ResultWow6432)`r" 10 | Write-Output "Version: $($Result)`r" 11 | -------------------------------------------------------------------------------- /scripts/Win_UAC_Check_Status.ps1: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference = 'silentlycontinue' 2 | $PSDenabled = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System).PromptOnSecureDesktop 3 | $CPAenabled = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System).ConsentPromptBehaviorAdmin 4 | 5 | 6 | if ($PSDenabled -Eq 1 -And $CPAenabled -Eq 5) { 7 | Write-Output "UAC is Enabled" 8 | exit 0 9 | } 10 | 11 | elseif ($PSDenabled -Eq 1 -And $CPAenabled -Eq 2) { 12 | Write-Output "UAC is Enabled" 13 | exit 0 14 | } 15 | 16 | else { 17 | Write-Output "UAC is Disabled" 18 | exit 1 19 | } 20 | -------------------------------------------------------------------------------- /scripts_wip/win_bad_logins.ps1: -------------------------------------------------------------------------------- 1 | # This will show how many bad login attempts you have per day on a windows machine. 2 | 3 | $ErrorActionPreference= 'silentlycontinue' 4 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) 5 | 6 | if (Get-WinEvent -FilterHashtable @{LogName='security';ID='4625';StartTime=$TimeSpan}) 7 | 8 | { 9 | Write-Output "There has been Bad Login events detected on your system" 10 | Get-WinEvent -FilterHashtable @{LogName='security';ID='4625';StartTime=$TimeSpan} | Format-List TimeCreated, Id, LevelDisplayName, Message 11 | exit 1 12 | } 13 | 14 | { 15 | else 16 | Write-Output "No bad login events detected" 17 | exit 0 18 | } 19 | -------------------------------------------------------------------------------- /scripts_wip/Win_Power_And_Sleep_Changer.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | REM Power and Sleep Settings Script 4 | 5 | REM ac = Plugged in 6 | REM dc = Running on battery 7 | REM Number at the end of each command is in minutes, 0 means never 8 | 9 | REM Standby = Sleep 10 | powercfg /change standby-timeout-ac 0 11 | powercfg /change standby-timeout-dc 0 12 | 13 | REM Monitor = Monitor 14 | powercfg /change monitor-timeout-ac 0 15 | powercfg /change monitor-timeout-dc 0 16 | 17 | REM Hibernate = Hibernate, only used on machines that have hibernate enabled, most use sleep now 18 | powercfg /change hibernate-timeout-ac 0 19 | powercfg /change hibernate-timeout-dc 0 -------------------------------------------------------------------------------- /scripts_wip/Win_AD_Transfer_FSMO_Roles.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | I do this 4 | 5 | .DESCRIPTION 6 | I really do a lot of this 7 | 8 | .OUTPUTS 9 | Results are printed to the console. Future releases will support outputting to a log file. 10 | 11 | .NOTES 12 | Change Log 13 | V1.0 Initial release 14 | 15 | Reference Links: www.google.com 16 | #> 17 | 18 | # Transfer FSMO Roles to server 19 | # Make this machine the FSMO Master role. 20 | 21 | Move-ADDirectoryServerOperationMasterRole -Identity $env:computername -OperationMasterRole pdcemulator, ridmaster, infrastructuremaster, schemamaster, domainnamingmaster -Force -------------------------------------------------------------------------------- /scripts/Win_Reboot.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Reboots/Restarts the computer with an optional wait time before restarting. Max wait 24hrs 4 | 5 | .DESCRIPTION 6 | This script restarts the computer forcefully. 7 | 8 | .PARAMETER Wait 9 | Specifies the number of seconds to wait before restarting the computer. 10 | 11 | .EXAMPLE 12 | -Wait 60 13 | Waits for 60 seconds and then restarts the computer. 14 | 15 | .NOTES 16 | v1.0 5/17/2024 Created by silversword411 and dinger1986 17 | #> 18 | 19 | param( 20 | [int]$Wait 21 | ) 22 | 23 | if ($Wait) { 24 | shutdown -r -t $Wait 25 | } 26 | else { 27 | Restart-Computer -Force 28 | } 29 | -------------------------------------------------------------------------------- /scripts_wip/DUPE_Windows_Fast Start_Disable.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Disabling Faststart ..." 2 | 3 | $registryPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" 4 | 5 | $Name = "HiberbootEnabled" 6 | 7 | $value = "00000000" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_wip/Win_Power_Mgmt_Disable_Access.ps1: -------------------------------------------------------------------------------- 1 | # Hides changing power settings from user. Thx KMH-Admin 2 | 3 | $registryPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" 4 | $keyName = "FlyoutMenuSettings" 5 | $valueName = "ShowSleepOption" 6 | $value = 0 7 | 8 | $keyExists = Test-Path "$registryPath\$keyName" 9 | 10 | if ($keyExists -eq $false) { 11 | New-Item -Path $registryPath -Name $keyName | Out-Null 12 | New-ItemProperty -Path "$registryPath\$keyName" -Name $valueName -Value $value -PropertyType DWORD | Out-Null 13 | } 14 | else { 15 | Set-ItemProperty -Path "$registryPath\$keyName" -Name $valueName -Value $value 16 | } 17 | -------------------------------------------------------------------------------- /scripts_wip/Win_Windows_Feeds_Disable.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Disabling Windows Feeds and News ..." 2 | 3 | $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" 4 | 5 | $Name = "EnableFeeds" 6 | 7 | $value = "00000000" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_wip/Win_FirefoxAddinInstallDisable.ps1: -------------------------------------------------------------------------------- 1 | IF(!(Test-Path $registryPath)) 2 | { 3 | New-Item -Path $registryPath -Force | Out-Null 4 | New-ItemProperty -Path $registryPath -Name $name -Value $value ` 5 | -PropertyType DWORD -Force | Out-Null} 6 | ELSE { 7 | New-ItemProperty -Path $registryPath -Name $name -Value $value ` 8 | -PropertyType DWORD -Force | Out-Null} 9 | 10 | # Disable Firefox Add-in installation 11 | $registryPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\InstallAddonsPermission" 12 | $Name = "Default" 13 | $value = "0" 14 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null -------------------------------------------------------------------------------- /scripts_wip/Win_Password_Policy_Modify.ps1: -------------------------------------------------------------------------------- 1 | secedit /export /cfg c:\secpol.cfg 2 | (gc C:\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1") | Out-File C:\secpol.cfg 3 | (gc C:\secpol.cfg).replace("MaximumPasswordAge = 42", "MaximumPasswordAge = 180") | Out-File C:\secpol.cfg 4 | (gc C:\secpol.cfg).replace("PasswordHistorySize = 0", "PasswordHistorySize = 4") | Out-File C:\secpol.cfg 5 | (gc C:\secpol.cfg).replace("MinimumPasswordLength = 0", "MinimumPasswordLength = 8") | Out-File C:\secpol.cfg 6 | secedit /configure /db C:\windows\security\database\mycustomsecdb.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY 7 | gpupdate 8 | rm -force c:\secpol.cfg -confirm:$false -------------------------------------------------------------------------------- /scripts_wip/linux_check_processes: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Checks if one or more processes are running. 4 | # The env variable PROCESSES must be passed in the script using format PROCESSES=process1 process2 process3 5 | 6 | 7 | if [ -z "$PROCESSES" ]; then 8 | echo "Please specify processes in the environment variable PROCESSES using the format PROCESSES=process1 process2 process3" 9 | exit 1 10 | fi 11 | 12 | # Loop over the list of processes and check if they are running 13 | for proc in $PROCESSES; do 14 | if pgrep -x "$proc" >/dev/null; then 15 | echo "$proc is running" 16 | else 17 | echo "$proc is not running" 18 | exit 1 19 | fi 20 | done 21 | -------------------------------------------------------------------------------- /scripts_wip/Win_WinRM_Disallow_Client_Digest_authentication.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Disallow WinRM Client Digest authentication ..." 2 | 3 | $registryPath = "HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client" 4 | 5 | $Name = "AllowDigest" 6 | 7 | $value = "0" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_wip/Win_WinRM_Disallow_Storing_RunAs_credentials.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Disallow WinRM from storing RunAs credentials ..." 2 | 3 | $registryPath = "HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service" 4 | 5 | $Name = "DisableRunAs" 6 | 7 | $value = "1" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_staging/Collectors/Collect Licensing 5 Office.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Retrieves licensing information for installed Microsoft Office products. 4 | 5 | .DESCRIPTION 6 | This script uses the `Get-CimInstance` cmdlet to query the `SoftwareLicensingProduct` class for 7 | details about installed Microsoft Office products with active licenses. 8 | 9 | .NOTES 10 | Author: SAN 11 | Date: 01.01.24 12 | #public 13 | 14 | .CHANGELOG 15 | 16 | 17 | #> 18 | 19 | Get-CimInstance -ClassName SoftwareLicensingProduct | where {$_.name -like "*office*" -and $_.LicenseStatus -gt 0 }| select Name,description,LicenseStatus,ProductKeyChannel,PartialProductKey -------------------------------------------------------------------------------- /scripts_wip/Win_PreviewBuildsBlock.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Disabling PreviewBuilds Experimental Ackknowledge ..." 2 | 3 | $registryPath = "HKLM:\Software\Policies\Microsoft\Windows\PreviewBuilds\EnableConfigFlighting" 4 | 5 | $Name = "AllowTelemetry" 6 | 7 | $value = "00000000" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_wip/Win_User_Logon_Details.ps1: -------------------------------------------------------------------------------- 1 | # Takes a long time to run. Probably needs at 5mins. 2 | # Want to add logon events too 3 | 4 | $events = Get-WinEvent -Path C:\Windows\System32\winevt\Logs\Security.evtx | where { ($_.Id -eq 4624 -and $_.properties[8].value -eq 10) -or ($_.Id -eq 4634 -and $_.properties[4].value -eq 2) } 5 | 6 | foreach ($event in $events) { 7 | 8 | # userid will vary depending on event type: 9 | if ($event.Id -eq 4624) { $userid = $event.properties[5].value } 10 | if ($event.Id -eq 4634) { $userid = $event.properties[1].value } 11 | 12 | $event | Select TimeCReated, TaskDisplayName, Machinename, @{"Name" = "UserID"; "Expression" = { $userid } } 13 | } -------------------------------------------------------------------------------- /scripts_staging/Collectors/OS Install Date.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Retrieves and formats the installation date of the operating system. 4 | 5 | .DESCRIPTION 6 | This script fetches the installation date of the current Windows operating system and 7 | formats it into a "dd/MM/yyyy" format, then outputs the formatted date to the console. 8 | 9 | .NOTES 10 | Author: SAN 11 | Date: 01.01.24 12 | #public 13 | 14 | .CHANGELOG 15 | 16 | 17 | #> 18 | 19 | 20 | $osInfo = Get-WmiObject Win32_OperatingSystem 21 | $installDate = $osInfo.ConvertToDateTime($osInfo.InstallDate) 22 | $formattedDate = $installDate.ToString("dd/MM/yyyy") 23 | Write-Host "$formattedDate" -------------------------------------------------------------------------------- /scripts_wip/Win_InActivity_Timout_Set.ps1: -------------------------------------------------------------------------------- 1 | Write-host "Trusting PS Gallery" 2 | Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted 3 | 4 | Write-Host "Installing PolicyFileEditor" 5 | Install-Module -Name PolicyFileEditor 6 | 7 | $UserDir = "$env:windir\system32\GroupPolicy\User\registry.pol" 8 | 9 | Write-Host "Setting inactivity timeout to 10 mins" 10 | $RegPath = 'Software\Policies\Microsoft\Windows\CurrentVersion\Policies\System' 11 | $RegName = 'InactivityTimeoutSecs ' 12 | $RegData = '600' 13 | $RegType = 'DWord' 14 | Set-PolicyFileEntry -Path $UserDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType 15 | 16 | # apply the new policy immediately 17 | gpupdate.exe /force -------------------------------------------------------------------------------- /scripts_wip/Win_Windows_Update_Settings.ps1: -------------------------------------------------------------------------------- 1 | #From AzulSkyKnight on discord 2 | 3 | Set-ItemProperty -path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\" -Name "AUOptions" -Value 4 4 | Set-ItemProperty -path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\" -Name "AlwaysAutoRebootAtScheduledTime" -Value 1 5 | Set-ItemProperty -path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\" -Name "NoAutoRebootWithLoggedOnUsers" -Value 0 6 | Set-ItemProperty -path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\" -Name "ScheduledInstallDay" -Value 0 7 | Set-ItemProperty -path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\" -Name "ScheduledInstallTime" -Value 1 -------------------------------------------------------------------------------- /scripts/Win_RDP_enable.bat: -------------------------------------------------------------------------------- 1 | REM WARNING : This script is a bit agressive with the power settings. 2 | 3 | powercfg.exe /hibernate off 4 | powercfg /CHANGE hibernate-timeout-ac 0 5 | powercfg /CHANGE hibernate-timeout-dc 0 6 | Powercfg /CHANGE standby-timeout-ac 0 7 | powercfg /CHANGE standby-timeout-dc 0 8 | reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 9 | reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fDenyTSConnections /f 10 | netsh advfirewall firewall set rule group="remote desktop" new enable=Yes 11 | net start TermService 12 | 13 | REM net localgroup "Remote Desktop Users" "%UserName%" /add 14 | -------------------------------------------------------------------------------- /scripts_wip/Win_Event Log_Settings_Adjust.ps1: -------------------------------------------------------------------------------- 1 | Limit-Eventlog -Logname Application -MaximumSize 4MB -OverflowAction OverwriteAsNeeded 2 | Limit-Eventlog -Logname HardwareEvents -MaximumSize 4MB -OverflowAction OverwriteAsNeeded 3 | Limit-Eventlog -Logname "Internet Explorer" -MaximumSize 4MB -OverflowAction OverwriteAsNeeded 4 | Limit-Eventlog -Logname "Key Management Service" -MaximumSize 4MB -OverflowAction OverwriteAsNeeded 5 | Limit-Eventlog -Logname Security -MaximumSize 20MB -OverflowAction OverwriteAsNeeded 6 | Limit-Eventlog -Logname System -MaximumSize 4MB -OverflowAction OverwriteAsNeeded 7 | Limit-Eventlog -Logname "Windows Powershell" -MaximumSize 4MB -OverflowAction OverwriteAsNeeded 8 | Get-Eventlog -List -------------------------------------------------------------------------------- /scripts_wip/Win_Misc_Autoplay_Disable.ps1: -------------------------------------------------------------------------------- 1 | # Need to parameterize with enable and disable 2 | 3 | Write-Output "Disabling Autoplay ..." 4 | 5 | $registryPath = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" 6 | 7 | $Name = "NoDriveTypeAutoRun" 8 | 9 | $value = "255" 10 | 11 | $Type = "DWORD" 12 | 13 | IF (!(Test-Path $registryPath)) 14 | { 15 | 16 | New-Item -Path $registryPath -Force | Out-Null 17 | 18 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null 19 | } 20 | 21 | ELSE { 22 | 23 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null 24 | } 25 | 26 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_staging/linux_service_check_for_failed.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Alerts on Tactical if there are failed services, and lists failed services 4 | 5 | HAS_SYSTEMD=$(ps --no-headers -o comm 1) 6 | if [ "${HAS_SYSTEMD}" != 'systemd' ]; then 7 | echo "This install script only supports systemd" 8 | echo "Please install systemd or manually create the service using your systems's service manager" 9 | exit 0 10 | fi 11 | 12 | failsvc=$(systemctl --failed | grep -v 'fwupd-refresh.service') 13 | 14 | if [[ "$failsvc" == *"failed"* ]]; then 15 | echo -e 'You have failed services' 16 | systemctl --failed 17 | exit 1 18 | else 19 | echo 'All services are running' 20 | exit 0 21 | fi 22 | -------------------------------------------------------------------------------- /scripts_wip/Win_Certificate address mismatch warning_Enable.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Enabling certificate address mismatch warning ..." 2 | 3 | $registryPath = "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" 4 | 5 | $Name = "WarnOnBadCertRecving" 6 | 7 | $value = "00000001" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_wip/Win_Oracle-Defense_EnableEncryption.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Setting Forced Updated Clients Oracle-Defense ..." 2 | 3 | $registryPath = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" 4 | 5 | $Name = "AllowEncryptionOracle" 6 | 7 | $value = "00000000" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_wip/linux_docker_run_commands.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script pulls the names of all containers on the server and recreates their run commands 4 | # https://github.com/lavie/runlike 5 | 6 | # Check if Docker is installed 7 | if ! command -v docker &> /dev/null 8 | then 9 | echo "Docker is not installed." 10 | exit 0 11 | fi 12 | 13 | # Get a list of all container names 14 | containers=$(docker ps --format "{{.Names}}") 15 | 16 | # Iterate through the list of container names 17 | for container in $containers 18 | do 19 | # Run the docker run command for the current container 20 | docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ 21 | assaflavie/runlike $container 22 | done 23 | -------------------------------------------------------------------------------- /scripts_wip/Win_ ATMFD_ Disable_Security Bulletin MS15-077.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657) ..." 2 | 3 | $registryPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" 4 | 5 | $Name = "DisableATMFD" 6 | 7 | $value = "00000001" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Fixed... bye" -------------------------------------------------------------------------------- /scripts_wip/Win_Intune_Hello_removal.bat: -------------------------------------------------------------------------------- 1 | Set-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\System -Name "AllowDomainPINLogon" -Value 0 2 | Set-ItemProperty HKLM:\SOFTWARE\Microsoft\PolicyManager\default\Settings\AllowSignInOptions -Name "value" -Value 0 3 | Start-Process cmd -ArgumentList '/s,/c,takeown /f C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /r /d y & icacls C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /grant administrators:F /t & RD /S /Q C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc & MD C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc & icacls C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc /T /Q /C /RESET' -Verb runAs 4 | -------------------------------------------------------------------------------- /scripts_wip/Win_Location_Get.ps1: -------------------------------------------------------------------------------- 1 | Add-Type -AssemblyName System.Device #Required to access System.Device.Location namespace 2 | $GeoWatcher = New-Object System.Device.Location.GeoCoordinateWatcher #Create the required object 3 | $GeoWatcher.Start() #Begin resolving current locaton 4 | 5 | while (($GeoWatcher.Status -ne 'Ready') -and ($GeoWatcher.Permission -ne 'Denied')) { 6 | Start-Sleep -Milliseconds 100 #Wait for discovery. 7 | } 8 | 9 | if ($GeoWatcher.Permission -eq 'Denied') { 10 | Write-Error 'Access Denied for Location Information' 11 | } 12 | else { 13 | # $GeoWatcher.Position.Location | Select Latitude,Longitude #Select the relevent results. 14 | $a = $GeoWatcher.Position.Location 15 | write-host "$a" 16 | } -------------------------------------------------------------------------------- /scripts/Win_TRMM_Rename_Installed_App.ps1: -------------------------------------------------------------------------------- 1 | $NewAgentName = $args[0] 2 | 3 | $AgentName = (Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0D34D278-5FAF-4159-A4A0-4E2D2C08139D}_is1").DisplayName 4 | if ($AgentName -ne "$NewAgentName") { 5 | Set-ItemProperty -Name DisplayName -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0D34D278-5FAF-4159-A4A0-4E2D2C08139D}_is1" -Value $NewAgentName 6 | $AgentName = (Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0D34D278-5FAF-4159-A4A0-4E2D2C08139D}_is1").DisplayName 7 | if ($AgentName -ne $NewAgentName) { 8 | exit 1 9 | } else { 10 | exit 0 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /scripts_wip/Win_Remote_host_allows_delegation_of_non-exportable_credentials.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Remote host allows delegation of non-exportable credentials ..." 2 | 3 | $registryPath = "HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation" 4 | 5 | $Name = "AllowProtectedCreds" 6 | 7 | $value = "00000001" 8 | 9 | $Type = "DWORD" 10 | 11 | IF(!(Test-Path $registryPath)) 12 | 13 | { 14 | 15 | New-Item -Path $registryPath -Force | Out-Null 16 | 17 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 18 | 19 | ELSE { 20 | 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | 23 | Write-Output "Done... bye" -------------------------------------------------------------------------------- /scripts_wip/Win_Shortcut_Creator.ps1: -------------------------------------------------------------------------------- 1 | 2 | 3 | mkdir -Path 'C:\agent' -Force 4 | Invoke-WebRequest "http://www.yourwebsite.com/logos/yourico.ico" -outfile "c:\agent\yourico.ico" 5 | $WshShell = New-Object -comObject WScript.Shell 6 | $path = "C:\Users\All Users\desktop\Shortcut.url" 7 | $targetpath = "https://yourwebsite.com" 8 | $iconlocation = "c:\agent\yourico.ico" 9 | $iconfile = "IconFile=" + $iconlocation 10 | $Shortcut = $WshShell.CreateShortcut($path) 11 | $Shortcut.TargetPath = $targetpath 12 | $Shortcut.Save() 13 | Add-Content $path "HotKey=0" 14 | Add-Content $path "$iconfile" 15 | Add-Content $path "IconIndex=0" 16 | 17 | # This will create and agent directory then download the ico file 18 | # change ico file and location to download 19 | -------------------------------------------------------------------------------- /scripts_wip/Win_Software_McAfee_check.ps1: -------------------------------------------------------------------------------- 1 | # Check if OnlineBackup (MSP360) is installed. 2 | $software = "McAfee LiveSafe" 3 | $installed = Get-ChildItem -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | 4 | Get-ItemProperty | 5 | Select-Object -Property DisplayName, DisplayVersion | 6 | Where { $_.DisplayName -Match $software } 7 | 8 | if ($installed) { 9 | # Exit success 10 | Write-Output "$software is installed" 11 | Write-Output $installed 12 | $host.SetShouldExit(1) 13 | Exit 14 | } else { 15 | # Exit failure to trigger the action 16 | Write-Output "$software is not installed" 17 | $host.SetShouldExit(0) 18 | Exit 19 | } 20 | -------------------------------------------------------------------------------- /scripts/Win_Services_AutomaticStartup_Running.ps1: -------------------------------------------------------------------------------- 1 | ### 2 | # Author: Dave Long 3 | # Date: 2021-05-12 4 | # 5 | # Gets a list of all services that have Startup Type set to Automatic 6 | # and are currently not running. Then attempts to start them. 7 | # 8 | # Note: A service that is set to Automatic and is not running is in 9 | # some cases the correct behavior. 10 | ### 11 | 12 | # To not automatically try to start all non-running automatic services 13 | # change the following variable value to $false 14 | $Start = $true 15 | 16 | $Services = Get-Service | ` 17 | Where-Object { $_.StartType -eq "Automatic" -and $_.Status -ne "Running" } 18 | 19 | $Services | Format-Table 20 | 21 | if ($Start) { $Services | Start-Service } 22 | -------------------------------------------------------------------------------- /scripts_wip/Win_User_Admin_LAPS_CheckForPolicy.ps1: -------------------------------------------------------------------------------- 1 | # Test Windows LAPS has been rotating passwords in line with your group policy setting 2 | # from Yasd in Discord 3 | 4 | $e = Get-WinEvent -LogName 'Microsoft-Windows-LAPS/Operational' -FilterXPath '*[System[(EventID=10021)]]' -MaxEvents 1 5 | 6 | if ($e) { $days = ($e.Message | Select-String -Pattern "Password age in days: (\d+)").Matches.Groups[1].Value } 7 | else { Write-Output "No LAPS policy detected"; exit 0 } 8 | 9 | $e = Get-WinEvent -LogName 'Microsoft-Windows-LAPS/Operational' -FilterXPath '*[System[(EventID=10020)]]' -MaxEvents 1 10 | 11 | if ($e -and ($e.TimeCreated.AddDays($days) -lt $(Get-Date))) { Write-Output "Last successful LAPS password rotation was more than $days days ago"; exit 1 } -------------------------------------------------------------------------------- /scripts_wip/Win_Location_Task_Trigger_On_WLAN_event.ps1: -------------------------------------------------------------------------------- 1 | # From gretsky 2 | # https://discord.com/channels/736478043522072608/744282073870630912/891008070434558042 3 | 4 | $CIMTriggerClass = Get-CimClass -ClassName MSFT_TaskEventTrigger -Namespace Root/Microsoft/Windows/TaskScheduler:MSFT_TaskEventTrigger 5 | $Trigger = New-CimInstance -CimClass $CIMTriggerClass -ClientOnly 6 | $Trigger.Subscription = "" 7 | $Trigger.Enabled = $True 8 | $Taskname = 'TacticalRMM_TASKID' 9 | Set-ScheduledTask -TaskName $Taskname -Trigger $Trigger -------------------------------------------------------------------------------- /scripts/Win_Supremo_GetID.ps1: -------------------------------------------------------------------------------- 1 | # Retrieve Supremo ID from TRMM agent. 2 | 3 | $SupremoVersionsNums = @('4', '') 4 | $RegPaths = @('HKLM:\SOFTWARE\Wow6432Node\Supremo') 5 | $Paths = @(foreach ($SupremoVersionsNum in $SupremoVersionsNums) { 6 | foreach ($RegPath in $RegPaths) { 7 | $RegPath + $SupremoVersionsNum 8 | } 9 | }) 10 | 11 | foreach ($Path in $Paths) { 12 | If (Test-Path $Path) { 13 | $GoodPath = $Path 14 | } 15 | } 16 | 17 | foreach ($FullPath in $GoodPath) { 18 | If ($null -ne (Get-Item -Path $FullPath).GetValue('ClientID')) { 19 | $SupremoID = (Get-Item -Path $FullPath).GetValue('ClientID') 20 | $ErrorActionPreference = 'silentlycontinue' 21 | } 22 | } 23 | 24 | Write-Output $SupremoID -------------------------------------------------------------------------------- /scripts_staging/Win_Disk_Cleanup.ps1: -------------------------------------------------------------------------------- 1 | # Runs disk cleanup for all volumes using default options 2 | 3 | ## Create reg keys 4 | $volumeCaches = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches" 5 | foreach($key in $volumeCaches) 6 | { 7 | New-ItemProperty -Path "$($key.PSPath)" -Name StateFlags0099 -Value 2 -Type DWORD -Force | Out-Null 8 | } 9 | 10 | # Run Disk Cleanup 11 | Start-Process -Wait "$env:SystemRoot\System32\cleanmgr.exe" -ArgumentList "/sagerun:99" 12 | 13 | # Delete the keys 14 | $volumeCaches = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches" 15 | foreach($key in $volumeCaches) 16 | { 17 | Remove-ItemProperty -Path "$($key.PSPath)" -Name StateFlags0099 -Force | Out-Null 18 | } 19 | -------------------------------------------------------------------------------- /scripts_wip/Win_Hardware_Disk_SMART_PassFail.ps1: -------------------------------------------------------------------------------- 1 | # Checks Hardware for Smart Errors 2 | # silversword notes: I've left this in wip because I've been working on a single answer to SMART. This is the dumbest of SMART errors that also constantly does windows gui errors to users constantly (and almost never show because this is the 8% of the time SMART is doing what it was intended to do. Warn on failure) 3 | 4 | $ErrorActionPreference = 'silentlycontinue' 5 | $smartst = (Get-WmiObject -namespace root\wmi -class MSStorageDriver_FailurePredictStatus).PredictFailure 6 | 7 | if ($smartst = 'False') { 8 | Write-Output "Theres no SMART Failures predicted" 9 | exit 0 10 | } 11 | 12 | 13 | else { 14 | Write-Output "There are SMART Failures detected" 15 | exit 1 16 | } 17 | -------------------------------------------------------------------------------- /scripts_staging/WIN_reliablity_score.p1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | This will gather the average Windows Reliabilty Score 4 | .DESCRIPTION 5 | Gather and then check average Windows Reliabilty Score 6 | .PARAMETER Unreliable 7 | .EXAMPLE 8 | -Unreliable 5 9 | #> 10 | 11 | param ( 12 | [string] $Unreliable = "5" 13 | ) 14 | 15 | 16 | $wrs = (Get-Ciminstance Win32_ReliabilityStabilityMetrics | Measure-Object -Average -Maximum -Minimum -Property systemStabilityIndex).Average 17 | $compname = $env:computername 18 | 19 | 20 | if ($wrs -lt $Unreliable) { 21 | write-output "$compname is unreliable and at $wrs below $Unreliable." 22 | Exit 1 23 | } 24 | else { 25 | write-output "Windows Reliability is fine $wrs." 26 | Exit 0 27 | } 28 | -------------------------------------------------------------------------------- /scripts_wip/Win_Print_Spooler_Reset.bat: -------------------------------------------------------------------------------- 1 | REM Print Spooler reset script. Will stop spooler, fix permissions on print folders, clear all files in print queues, and restart spooler service. 2 | 3 | REM Stop Print Spooler 4 | net stop "Spooler" 5 | 6 | REM Kill service if its not stopping 7 | tasklist | find /i "spoolsv.exe" && taskkill /im spoolsv.exe /F && net stop "Spooler" 8 | 9 | REM Set Permissions on spool folders 10 | icacls %systemroot%\System32\spool\PRINTERS /grant system:f /inheritance:e 11 | icacls %systemroot%\System32\spool\SERVERS /grant system:f /inheritance:e 12 | 13 | REM Clear files in print queue 14 | del /F /Q %systemroot%\System32\spool\PRINTERS\*.* 15 | del /F /Q %systemroot%\System32\spool\SERVERS\*.* 16 | 17 | REM Start Print Spooler again 18 | net start "Spooler" -------------------------------------------------------------------------------- /scripts/Linux_CPU_check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Checks CPU usage and errors if it is above the configured value 4 | # Default is for 80% usage, can be changed by passing a value to the script. EX: max=95 will set the maximum CPU usage to 95% 5 | 6 | for ARGUMENT in "$@" 7 | do 8 | KEY=$(echo $ARGUMENT | cut -f1 -d=) 9 | 10 | KEY_LENGTH=${#KEY} 11 | VALUE="${ARGUMENT:$KEY_LENGTH+1}" 12 | 13 | export "$KEY"="$VALUE" 14 | done 15 | 16 | if [ -z "$max" ]; 17 | then 18 | max="80" 19 | fi 20 | 21 | CPU_USAGE=$(echo "$[100-$(vmstat 1 2|tail -1|awk '{print $15}')]") 22 | 23 | if [ $CPU_USAGE -le $max ]; 24 | then 25 | echo "CPU usage less than $max%. ($CPU_USAGE%)" 26 | exit 0 27 | else 28 | echo "CPU usage greater than $max%. ($CPU_USAGE%)" 29 | exit 1 30 | fi 31 | -------------------------------------------------------------------------------- /scripts/Win_User_EnableDisable.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | User - Enable or disable a user 4 | .DESCRIPTION 5 | Used to enable or disable local user 6 | .PARAMETER Name 7 | Required: Username 8 | .PARAMETER Enabled 9 | Required: yes/no 10 | .EXAMPLE 11 | -Name user -Enabled no 12 | .NOTES 13 | 11/15/2021 v1 Initial release by @silversword411 14 | #> 15 | 16 | param ( 17 | [string] $Name, 18 | [string] $Enabled 19 | ) 20 | 21 | if (!$Enabled -or !$Name) { 22 | write-output "Missing required parameters. Please include Example: `"-Name username - -Enabled yes/no`" `n" 23 | Exit 1 24 | } 25 | else { 26 | net user $Name /active:$Enabled 27 | Write-Output "$Name set as active:$Enabled" 28 | Exit 0 29 | } 30 | -------------------------------------------------------------------------------- /scripts_wip/Win_Celldata.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Gets Cellular info 4 | 5 | .NOTES 6 | v1.0 11/23/2024 silversword411 initial release 7 | #> 8 | 9 | # Ensure the script is running with appropriate permissions to access WMI 10 | try { 11 | # Query the WMI class for cellular information 12 | $WWAN_Data = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_DeviceStatus_CellularIdentities01_01" | 13 | Select-Object -Property ICCID, IMSI, InstanceID, PhoneNumber 14 | 15 | if ($WWAN_Data) { 16 | # Output the retrieved cellular data 17 | Write-Output $WWAN_Data 18 | } 19 | else { 20 | Write-Output "No cellular data found." 21 | } 22 | } 23 | catch { 24 | Write-Error "An error occurred while retrieving cellular data: $_" 25 | } -------------------------------------------------------------------------------- /scripts_wip/linux_zfspool_check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Check if zpool is installed 4 | if ! zpool_loc="$(type -p "zpool")" || [[ -z $zpool_loc ]]; then 5 | echo "zpool not installed" 6 | exit 0 7 | else 8 | #check for pools available 9 | zpool_list="$(zpool list)" 10 | if [[ "$zpool_list" == "no pools available" ]]; then 11 | # Check status of zpools 12 | echo "No pools available" 13 | exit 0 14 | else 15 | zpool_status="$(zpool status | grep -e DEGRADED -e OFFLINE)" 16 | if [[ -z "$zpool_status" ]];then 17 | echo "No Degraded or Offline status found." 18 | exit 0 19 | else 20 | echo "There were Degraded or offline status found please review the folowing output" 21 | zpool status 22 | exit 1 23 | fi 24 | fi 25 | fi 26 | -------------------------------------------------------------------------------- /scripts/Win_Google_Chrome_Clear_Cache.ps1: -------------------------------------------------------------------------------- 1 | Write-Host "Clearing Google caches" 2 | Remove-Item -path "C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache\*" -Recurse -Force -EA SilentlyContinue -Verbose 3 | Remove-Item -path "C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cache2\entries\*" -Recurse -Force -EA SilentlyContinue -Verbose 4 | Remove-Item -path "C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies" -Recurse -Force -EA SilentlyContinue -Verbose 5 | Remove-Item -path "C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Media Cache" -Recurse -Force -EA SilentlyContinue -Verbose 6 | Remove-Item -path "C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies-Journal" -Recurse -Force -EA SilentlyContinue -Verbose 7 | Write-Host "Google Chrome cache is cleared" 8 | -------------------------------------------------------------------------------- /scripts_wip/Win_OneDrive_Reset_Cache.ps1: -------------------------------------------------------------------------------- 1 | # Path for the workdir 2 | if ( Test-Path -Path "$env:LOCALAPPDATA\Microsoft\OneDrive\OneDrive.exe" -PathType Leaf ) { 3 | $workdir = "$env:LOCALAPPDATA\Microsoft\OneDrive" 4 | } elseif ( Test-Path -Path "C:\Program Files (x86)\Microsoft\OneDrive\OneDrive.exe" -PathType Leaf ) { 5 | $workdir = "C:\Program Files (x86)\Microsoft\OneDrive" 6 | } else { 7 | Write-Host "OneDrive is not installed" 8 | } 9 | 10 | # Start-Process of clearing OneDrive cache 11 | $p = Start-Process -FilePath $workdir'\OneDrive.exe' -ArgumentList '/reset' -NoNewWindow -Wait -PassThru 12 | $p.ExitCode 13 | Write-Host "OneDrive Cache has been cleared." 14 | 15 | # Restart OneDrive 16 | $p = Start-Process -FilePath $workdir'\OneDrive.exe' -NoNewWindow -Wait -PassThru 17 | $p.ExitCode -------------------------------------------------------------------------------- /scripts_wip/Win_Boot_UEFI_or_LegacyBIOS.ps1: -------------------------------------------------------------------------------- 1 | # Check if the system is using UEFI or legacy BIOS 2 | if ($env:firmware_type -match "UEFI") { 3 | # If the system is using UEFI, check if secure boot is enabled 4 | $secureBootSetting = (Get-WmiObject -Class "Win32_BIOS" -Namespace "root\CIMV2").SecureBootEnabled 5 | if ($secureBootSetting -eq "True") { 6 | # If secure boot is enabled, output a message 7 | Write-Output "The system is using UEFI with secure boot enabled." 8 | } 9 | else { 10 | # If secure boot is not enabled, output a message 11 | Write-Output "The system is using UEFI but secure boot is not enabled." 12 | } 13 | } 14 | else { 15 | # If the system is not using UEFI, output a message 16 | Write-Output "The system is using legacy BIOS." 17 | } -------------------------------------------------------------------------------- /scripts/Win_Activation_Check.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check Windows activation status 4 | .DESCRIPTION 5 | This script checks the Windows activation status by running the "slmgr.vbs" script and returning the results. If the Windows version is activated, the script returns success (exit code 0), otherwise it returns failure (exit code 1). 6 | .OUTPUTS 7 | This cmdlet outputs a message indicating whether Windows is activated or not. 8 | .NOTES 9 | Version: 1.0 7/17/2021 silversword 10 | #> 11 | 12 | $WinVerAct = (cscript /Nologo "C:\Windows\System32\slmgr.vbs" /xpr) -join '' 13 | 14 | if ($WinVerAct -like '*Activated*') { 15 | Write-Output "All looks fine $WinVerAct" 16 | exit 0 17 | } 18 | 19 | else { 20 | Write-Output "Theres an issue $WinVerAct" 21 | exit 1 22 | } 23 | -------------------------------------------------------------------------------- /scripts/Win_Bitlocker_Get_Recovery_Keys.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Retrieves BitLocker recovery information for a specified drive. 4 | 5 | .DESCRIPTION 6 | The Get-BitLockerRecoveryInfo function retrieves BitLocker recovery information for a specified drive. If the -KeyOnly parameter is provided, it outputs only the recovery password. 7 | 8 | .PARAMETER KeyOnly 9 | If specified, outputs only the recovery password. 10 | 11 | .NOTES 12 | Version: 1.0 4/14/2021 Silversword 13 | Version: 1.1 3/27/2023 styx-tdo and silversword. Adding comments and -KeyOnly for collector capabilities 14 | #> 15 | 16 | param( 17 | [switch]$KeyOnly = $false 18 | ) 19 | 20 | if ($KeyOnly) { 21 | (Get-BitLockerVolume -MountPoint C).KeyProtector.RecoveryPassword 22 | } 23 | else { 24 | manage-bde -protectors C: -get 25 | } 26 | -------------------------------------------------------------------------------- /scripts/Win_Disk_Volume_Status.ps1: -------------------------------------------------------------------------------- 1 | # Checks local disks for errors reported in event viewer within the last 24 hours 2 | 3 | $ErrorActionPreference = 'silentlycontinue' 4 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) 5 | if (Get-WinEvent -FilterHashtable @{LogName = 'system'; ID = '11', '9', '15', '52', '129', '7', '98'; Level = 2, 3; ProviderName = '*disk*', '*storsvc*', '*ntfs*'; StartTime = $TimeSpan } -MaxEvents 10 | Where-Object -Property Message -Match Volume*) { 6 | Write-Output "Disk errors detected please investigate" 7 | Get-WinEvent -FilterHashtable @{LogName = 'system'; ID = '11', '9', '15', '52', '129', '7', '98'; Level = 2, 3; ProviderName = '*disk*', '*storsvc*', '*ntfs*'; StartTime = $TimeSpan } 8 | exit 1 9 | } 10 | 11 | 12 | else { 13 | Write-Output "Disks are Healthy" 14 | exit 0 15 | } 16 | -------------------------------------------------------------------------------- /scripts_staging/Win_Drive_Files_List_Biggest_Files_On_Drive.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | This will list the 10 largest files on your chosen drive 4 | .PARAMETER Drive 5 | The assumed drive letter is C:\ to scan another drive use -Drive D:\ 6 | .EXAMPLE 7 | -Drive D:\ 8 | .NOTE 9 | TODO Needs parameters for number of files 10 | #> 11 | 12 | param ( 13 | [string] $Drive 14 | ) 15 | 16 | if ($Drive -Match ":\") { 17 | Write-Output "Scanning $Drive for 10 largest files" 18 | get-ChildItem $Drive -recurse -erroraction silentlycontinue | sort length -descending | select -first 10 19 | } 20 | 21 | else { 22 | Write-Output "Scanning C:\ for 10 largest files" 23 | get-ChildItem C:\ -recurse -erroraction silentlycontinue | sort length -descending | select -first 10 24 | } 25 | -------------------------------------------------------------------------------- /scripts_staging/Win_TRMM_ScheduledTasks_List.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | 3 | .NOTES 4 | v1.2 8/2/2024 silversword411 adding is running column, fixed last run column 5 | #> 6 | 7 | # Get the count of tasks starting with "Tac" 8 | $taskCount = (Get-ScheduledTask | Where-Object { $_.TaskName -like "Tac*" }).Count 9 | 10 | # Output the total count 11 | Write-Output "Total: $taskCount" 12 | 13 | # Get detailed information for tasks starting with "Tac" 14 | Get-ScheduledTask | Where-Object { $_.TaskName -like "Tac*" } | ForEach-Object { 15 | $taskInfo = Get-ScheduledTaskInfo -TaskName $_.TaskName 16 | [PSCustomObject]@{ 17 | TaskName = $_.TaskName 18 | CreationDate = $_.Date 19 | LastRunTime = $taskInfo.LastRunTime 20 | IsRunning = if ($_.State -eq 'Running') { 'Yes' } else { 'No' } 21 | } 22 | } | Format-Table -AutoSize -------------------------------------------------------------------------------- /scripts_wip/Win_Outlook_New_Profile.ps1: -------------------------------------------------------------------------------- 1 | # Script to create a new empty Outlook profile 2 | # http://powershell-tools.com/exchange-outlook/create-new-outlook-profile-using-powershell/ 3 | 4 | $ofc = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" 5 | $OfficeInstall = Get-ChildItem -Path $ofc -Recurse | Where-Object { 6 | $_.GetValue('DisplayName') -like "Microsoft Office*" -or $_.GetValue('DisplayName') -like "Microsoft 365 Apps*" 7 | } 8 | 9 | # We only care about the major and minor version for the next part 10 | $Version = $OfficeInstall.GetValue('DisplayVersion')[0..3] -join "" 11 | $RegPath = "HKCU:\SOFTWARE\Microsoft\Office\$Version\Outlook" 12 | 13 | New-Item -Path "$RegPath\Profiles" -Name "NewProfile" 14 | Set-ItemProperty -Path $RegPath -Name "DefaultProfile" -Value "NewProfile" 15 | Write-Host "Restart Outlook to setup new profile" -------------------------------------------------------------------------------- /scripts/Win_Powershell_TestPATH.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | REM The last line gets the registry value of the PATH environmental variable. 4 | REM https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types 5 | REM ExpandString (REG_EXPAND_SZ) means %SystemRoot% will expand to C:\Windows. 6 | REM String (REG_SZ) means %SystemRoot% will not be expanded. 7 | 8 | cd %TEMP% 9 | > "%TEMP%\get-info.ps1" ( 10 | @echo.$ENV:PATH 11 | @echo.$PSVersionTable 12 | @echo.$Host.version 13 | @echo.Get-Command powershell.exe 14 | @echo.(Get-Item -Path 'Registry^:^:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment'^).GetValueKind('PATH'^) 15 | ) 16 | 17 | 18 | C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -NonInteractive -ExecutionPolicy Bypass "%TEMP%\get-info.ps1" 19 | del "%TEMP%\get-info.ps1" 20 | -------------------------------------------------------------------------------- /scripts_staging/Checks/Boot mode.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Checks if the system is booted in Safe Mode. 4 | 5 | .DESCRIPTION 6 | This script confirms the system is booted in Safe Mode and exits with a code 1. Otherwise, it indicates 7 | that the system is not in Safe Mode and exits with a code 0. 8 | 9 | .NOTES 10 | Author: SAN 11 | Date: 01.01.24 12 | #public 13 | 14 | .CHANGELOG 15 | 12.12.24 SAN Changed outputs 16 | 17 | #> 18 | 19 | # Check if the system is booted in Safe Mode 20 | $regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" 21 | $safeModeKeyExists = Test-Path $regPath 22 | 23 | if ($safeModeKeyExists) { 24 | Write-Host "KO: System is booted in Safe Mode." 25 | exit 1 26 | } else { 27 | Write-Host "OK: System is not booted in Safe Mode." 28 | exit 0 29 | } -------------------------------------------------------------------------------- /scripts_staging/Collectors/get Domains or Workgroup name.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Retrieves and displays the domain or workgroup name of the computer. 4 | 5 | .DESCRIPTION 6 | This script checks if the computer is part of a domain or a workgroup. 7 | If the computer is part of a domain, it outputs the domain name. 8 | Otherwise, it outputs the workgroup name. 9 | 10 | .NOTES 11 | Author: SAN 12 | Date: 01.01.24 13 | #public 14 | 15 | .CHANGELOG 16 | 17 | 18 | #> 19 | 20 | # Check if the computer is a member of a domain or workgroup 21 | $computerInfo = Get-WmiObject Win32_ComputerSystem 22 | 23 | if ($computerInfo.PartOfDomain -eq $true) { 24 | Write-Host "D: $($computerInfo.Domain)" 25 | } else { 26 | $workgroupName = $computerInfo.Workgroup 27 | Write-Host "W: $workgroupName" 28 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Boot_UEFIvsLegacy.ps1: -------------------------------------------------------------------------------- 1 | https://discord.com/channels/736478043522072608/744281869499105290/1049901850431860817 2 | 3 | function Get-BootInformation { 4 | $BootMode = $env:firmware_type 5 | $SBStatus = Confirm-SecureBootUEFI 6 | Set-ExecutionPolicy unrestricted 7 | if (($BootMode -eq "UEFI") -and ($SBStatus -eq $True)) { 8 | Write-Host "This system has UEFI, and Secure Boot is on. This is OK." 9 | exit 0 10 | } 11 | elseif (($BootMode -eq "UEFI") -and ($SBStatus -eq $False)) { 12 | Write-Host "This system has UEFI, but Secure Boot is off. This is not OK." 13 | exit 1 14 | } 15 | elseif (($BootMode -eq "Legacy")) { 16 | Write-Host "This system is Legacy, therefore it does not support Secure Boot. This is OK." 17 | exit 0 18 | } 19 | } 20 | 21 | Get-BootInformation 22 | -------------------------------------------------------------------------------- /scripts_wip/Win_Folder_Delete_Securely.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Securely deletes a folder using the cipher command. 4 | 5 | .DESCRIPTION 6 | This PowerShell script securely deletes a folder using the cipher command in Windows. 7 | 8 | .PARAMETER FolderPath 9 | The path to the folder that you want to securely delete. 10 | 11 | .NOTES 12 | This operation cannot be undone, and the data will be permanently deleted. Ensure that you have administrator privileges before running this script. 13 | Version 1.0 3/27/2023 silversword 14 | #> 15 | 16 | param( 17 | [string]$FolderPath 18 | ) 19 | 20 | if (-not (Test-Path $FolderPath)) { 21 | Write-Output "Folder path not found: $FolderPath" 22 | exit 1 23 | } 24 | 25 | # Securely delete the folder 26 | cipher /w:$FolderPath 27 | 28 | Write-Output "Securely deleted folder: $FolderPath" -------------------------------------------------------------------------------- /scripts_wip/Mac_Battery_CycleCount.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PlistBuddy="/usr/libexec/PlistBuddy" 4 | IOReg="/usr/sbin/ioreg" 5 | BatteryInfo=$("$IOReg" -ar -c AppleSmartBattery) 6 | BatterySerialNumber=$("$PlistBuddy" -c "print 0:BatterySerialNumber" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 7 | Serial=$("$PlistBuddy" -c "print 0:Serial" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 8 | FirmwareSerialNumber=$("$PlistBuddy" -c "print 0:FirmwareSerialNumber" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 9 | 10 | if [ "$BatterySerialNumber" == "" ] && [ "$Serial" == "" ] && [ "$FirmwareSerialNumber" == "" ]; then 11 | hasBatteries=0 12 | echo No Battery in this system 13 | exit 0 14 | else 15 | hasBatteries=1 16 | CycleCount=$("$PlistBuddy" -c "print 0:CycleCount" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 17 | echo Cycle Count: $CycleCount 18 | exit 0 19 | fi 20 | -------------------------------------------------------------------------------- /scripts_staging/Win_Drive_Info_Get.ps1: -------------------------------------------------------------------------------- 1 | ### 2 | # Author: Dave Long 3 | # Gets a list of all mount points and what type of drive the 4 | # mount point is stored on 5 | ### 6 | 7 | # Get all of the physical disks attached to system 8 | $Partitions = Get-Partition | Where-Object { [string]($_.DriveLetter) -ne "" } 9 | 10 | $Output = @() 11 | 12 | $Partitions | ForEach-Object { 13 | $Disk = Get-PhysicalDisk -DeviceNumber $_.DiskNumber 14 | $Output += [PSCustomObject]@{ 15 | MountPoint = $_.DriveLetter 16 | DiskType = $Disk.MediaType 17 | DriveName = $Disk.FriendlyName 18 | DriveSerialNumber = $Disk.SerialNumber 19 | SizeInGigabytes = $Disk.Size / 1GB 20 | Health = $Disk.HealthStatus 21 | SystemDrive = ($env:SystemDrive[0] -eq $_.DriveLetter) 22 | } 23 | } 24 | 25 | $Output | Format-Table 26 | -------------------------------------------------------------------------------- /Dockerfile-python: -------------------------------------------------------------------------------- 1 | # https://hub.docker.com/_/python 2 | # https://stackoverflow.com/questions/48561981/activate-python-virtualenv-in-dockerfile 3 | 4 | # First stage is the builder or compiler 5 | FROM python:3.8-slim as compiler 6 | ENV PYTHONUNBUFFERED 1 7 | 8 | WORKDIR /app 9 | 10 | RUN python -m venv /opt/venv 11 | # Enable venv 12 | ENV PATH="/opt/venv/bin:$PATH" 13 | 14 | COPY ./requirements.txt /app/requirements.txt 15 | RUN pip install --no-cache-dir --upgrade --requirement requirements.txt 16 | 17 | # First stage is the runner 18 | FROM python:3.8-slim as runner 19 | WORKDIR /app 20 | COPY --from=compiler /opt/venv /opt/venv 21 | 22 | # Enable venv 23 | ENV PATH="/opt/venv/bin:$PATH" 24 | COPY . /app/ 25 | # This is used instead of 'entrypoint' in docker-compose.yml. 26 | # Note: The stackoverflow answers state virtualenv is not needed most of the time. 27 | CMD ["/bin/bash" ] 28 | -------------------------------------------------------------------------------- /scripts/Win_TRMM_GetLogs.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Pull Tactical RMM and Mesh Log File contents 4 | .DESCRIPTION 5 | Will pull last 50 lines of log. Can pull more/less lines if desired 6 | .PARAMETER Lines 7 | Provide number of lines desired 8 | .EXAMPLE 9 | -Lines 100 10 | .NOTES 11 | 2/2022 v1 Initial release by @silversword411 12 | #> 13 | 14 | param ( 15 | [Int] $Lines 16 | ) 17 | 18 | if (!$Lines) { 19 | # Write-output "Lines = $Lines" 20 | $Lines = "50" 21 | } 22 | 23 | $logcontents = Get-Content -LiteralPath "C:\Program Files\TacticalAgent\agent.log" -Tail $Lines 24 | Write-Output "TRMM Agent Logs" 25 | Write-Output $logcontents 26 | 27 | $mlogcontents = Get-Content -LiteralPath "C:\Program Files\Mesh Agent\MeshAgent.log" -Tail $Lines 28 | Write-Output "Mesh Agent Logs" 29 | Write-Output $mlogcontents -------------------------------------------------------------------------------- /scripts_wip/Win_File_TakeOwnership.ps1: -------------------------------------------------------------------------------- 1 | ########################################################################################### 2 | #Take Ownership / Set Folder Permissions v1.0 3 | #By Alan O'Brien 4 | #Line 8,11,13 + 14: Change the path to the folder that you want to take full control of 5 | #Line 9: Change to whatever account you want applied to the folder to take ownership of it 6 | #Final line will show if the permission applied correctly 7 | ########################################################################################### 8 | $ACL = Get-Acl -Path "C:\Users\XXX\XXX\Desktop" 9 | $User = New-Object System.Security.Principal.Ntaccount("BUILTIN\Administrators") 10 | $ACL.SetOwner($User) 11 | $ACL | Set-Acl -Path "C:\Users\XXX\XXX\Desktop" 12 | $ACL.SetAccessRuleProtection($true, $true) 13 | $ACL = Get-Acl -Path "C:\Users\XXX\XXX\Desktop" 14 | Get-ACL -Path "C:\Users\XXX\XXX\Desktop" -------------------------------------------------------------------------------- /scripts_staging/Win_Battery_Create_Detailed_Report.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Creates a full report of the battery installed in the client machine. 4 | 5 | .DESCRIPTION 6 | This script generates a battery report for the client machine and outputs it as an HTML file in the 7 | 8 | .OUTPUTS 9 | htm file located in the scripts folder of the TacticalRMM programdata folder. 10 | 11 | .NOTES 12 | Author: Version: 1.0 created April 2022 by dinger1986 13 | V1.1 - 2023-06-06 - silversword411 - Added comments and adjusted extension 14 | #> 15 | 16 | If(!(test-path $env:programdata\TacticalRMM\scripts\)) 17 | { 18 | New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\scripts\ 19 | } 20 | 21 | powercfg /batteryreport /output "$env:programdata\TacticalRMM\scripts\battery-report.htm" 22 | 23 | get-content "$env:programdata\TacticalRMM\scripts\battery-report.htm" 24 | -------------------------------------------------------------------------------- /scripts_wip/Win_TRMM_Agent_Install.bat: -------------------------------------------------------------------------------- 1 | rem If you want to deploy TRMM agent using AD, intune, mesh, teamviewer, Group Policy GPO etc this is a sample CMD script for deploying tactical 2 | 3 | if not exist C:\TEMP\TRMM md C:\TEMP\TRMM 4 | powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted 5 | powershell Add-MpPreference -ExclusionPath C:\TEMP\TRMM 6 | powershell Add-MpPreference -ExclusionPath "C:\Program Files\TacticalAgent\*" 7 | powershell Add-MpPreference -ExclusionPath C:\Windows\Temp\winagent-v*.exe 8 | powershell Add-MpPreference -ExclusionPath "C:\Program Files\Mesh Agent\*" 9 | powershell Add-MpPreference -ExclusionPath C:\Windows\Temp\TRMM\* 10 | cd c:\temp\trmm 11 | powershell Invoke-WebRequest "deployment url" -Outfile tactical.exe 12 | "C:\Program Files\TacticalAgent\unins000.exe" /VERYSILENT 13 | start tactical.exe 14 | powershell Remove-MpPreference -ExclusionPath C:\TEMP\TRMM -------------------------------------------------------------------------------- /scripts/Win_Teamviewer_Get_ID.ps1: -------------------------------------------------------------------------------- 1 | # Retrieve Teamviewer ID from TRMM agent. This tests versions 6+ known Registry Paths. 2 | 3 | $TeamViewerVersionsNums = @('6', '7', '8', '9', '') 4 | $RegPaths = @('HKLM:\SOFTWARE\TeamViewer', 'HKLM:\SOFTWARE\Wow6432Node\TeamViewer') 5 | $Paths = @(foreach ($TeamViewerVersionsNum in $TeamViewerVersionsNums) { 6 | foreach ($RegPath in $RegPaths) { 7 | $RegPath + $TeamViewerVersionsNum 8 | } 9 | }) 10 | 11 | foreach ($Path in $Paths) { 12 | If (Test-Path $Path) { 13 | $GoodPath += $Path 14 | } 15 | } 16 | 17 | foreach ($FullPath in $GoodPath) { 18 | If ($null -ne (Get-Item -Path $FullPath).GetValue('ClientID')) { 19 | $TeamViewerID = (Get-Item -Path $FullPath).GetValue('ClientID') 20 | $ErrorActionPreference = 'silentlycontinue' 21 | 22 | } 23 | 24 | 25 | 26 | } 27 | Write-Output $TeamViewerID 28 | -------------------------------------------------------------------------------- /scripts_wip/linux_website_keywordmonitor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # With love from Stefan Lousberg 10/29/2023 4 | # Env Var: URL=https://www.google.nl 5 | # Args: words 6 | # 7 | 8 | # URL to monitor (specified as an environment variable) 9 | URL="$URL" 10 | 11 | # Keywords to monitor for (passed as script arguments) 12 | KEYWORDS=("$@") 13 | 14 | # Perform the cURL request and store the page content in a variable 15 | PAGE_CONTENT=$(curl -s "$URL") 16 | 17 | found_all_keywords=1 18 | 19 | # Loop through each keyword and check if it exists in the page content 20 | for keyword in "${KEYWORDS[@]}"; do 21 | if [[ $PAGE_CONTENT != *"$keyword"* ]]; then 22 | echo "Keyword '$keyword' not found on $URL" 23 | found_all_keywords=0 24 | fi 25 | done 26 | 27 | if [ "$found_all_keywords" -eq 1 ]; then 28 | echo "All keywords found on $URL" 29 | exit 0 30 | else 31 | exit 1 32 | fi 33 | -------------------------------------------------------------------------------- /scripts/Win_TRMM_Mesh_Debug.ps1: -------------------------------------------------------------------------------- 1 | # Checks for Mesh service, folder, and .exe. Returns 1 if there's a problem 2 | # Useful to run as a monitoring script to check for AV deleting mesh 3 | 4 | $serviceName = "Mesh Agent" 5 | $ErrorCount = 0 6 | 7 | if (!(Get-Service $serviceName)) { 8 | Write-Output "Mesh Agent Service Missing" 9 | $ErrorCount += 1 10 | } 11 | 12 | else { 13 | Write-Output "Mesh Agent Service Found" 14 | } 15 | 16 | if (!(Test-Path "c:\Program Files\Mesh Agent")) { 17 | Write-Output "Mesh Agent Folder missing" 18 | $ErrorCount += 1 19 | } 20 | 21 | else { 22 | Write-Output "Mesh Agent Folder exists" 23 | } 24 | 25 | if (!(Test-Path "c:\Program Files\Mesh Agent\MeshAgent.exe")) { 26 | Write-Output "Mesh Agent exe missing" 27 | $ErrorCount += 1 28 | } 29 | 30 | else { 31 | Write-Output "Mesh Agent exe exists" 32 | } 33 | 34 | if (!$ErrorCount -eq 0) { 35 | exit 1 36 | } 37 | -------------------------------------------------------------------------------- /scripts_wip/Win_Disk_Space_Usage_Reports_WiztreeAlt2.ps1: -------------------------------------------------------------------------------- 1 | # extract WizTree 2 | Expand-Archive C:\temp\wiztree_3_26_portable.zip -DestinationPath C:\temp\wiztree 3 | 4 | # run wiztree.exe against provided drive/path 5 | # generates diskusage.csv file and uploads to asset, deletes local file after upload 6 | 7 | # If 32-bit 8 | if ([System.IntPtr]::Size -eq 4) { 9 | C:\temp\wiztree\wiztree.exe "$scanpath" /export="c:\temp\wiztree\diskusage.csv" /admin=1 /exportfolders=1 /exportfiles=0 /sortby=2 | Out-Null 10 | } 11 | else { 12 | C:\temp\wiztree\wiztree64.exe "$scanpath" /export="c:\temp\wiztree\diskusage.csv" /admin=1 /exportfolders=1 /exportfiles=0 /sortby=2 | Out-Null 13 | } 14 | # This will upload the file to Syncro and attach it to the Asset. 15 | Upload-File -Subdomain "$subdomain" -FilePath "C:\temp\wiztree\diskusage.csv" 16 | # Delete local file after upload 17 | Remove-Item -Path "C:\temp\wiztree\diskusage.csv" -Force -------------------------------------------------------------------------------- /scripts/Win_MSI_Install.ps1: -------------------------------------------------------------------------------- 1 | Function Install-MSI { 2 | Param ( 3 | [Parameter(Mandatory, ValueFromPipeline = $true)] 4 | [ValidateNotNullOrEmpty()] 5 | [System.IO.FileInfo]$File, 6 | [String[]]$AdditionalParams, 7 | [Switch]$OutputLog 8 | ) 9 | $DataStamp = get-date -Format yyyyMMddTHHmmss 10 | $logFile = "$($env:programdata)\CentraStage\MilesRMM\{0}-{1}.log" -f $file.fullname, $DataStamp 11 | $MSIArguments = @( 12 | "/i", 13 | ('"{0}"' -f $file.fullname), 14 | "/qn", 15 | "/norestart", 16 | "/L*v", 17 | $logFile 18 | ) 19 | if ($additionalParams) { 20 | $MSIArguments += $additionalParams 21 | } 22 | Start-Process "msiexec.exe" -ArgumentList $MSIArguments -Wait -NoNewWindow 23 | if ($OutputLog.IsPresent) { 24 | $logContents = get-content $logFile 25 | Write-Output $logContents 26 | } 27 | } -------------------------------------------------------------------------------- /scripts/Win_Printer_Restart_Jobs.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Restarts stuck printer jobs. 4 | 5 | .DESCRIPTION 6 | Cycles through each printer and restarts any jobs that are stuck with error status. 7 | 8 | .NOTES 9 | Change Log 10 | ---------------------------------------------------------------------------------- 11 | V1.0 Initial Release by https://github.com/bc24fl/tacticalrmm-scripts/ 12 | 13 | #> 14 | 15 | $allPrinters = Get-Printer 16 | foreach ($printer in $allPrinters) { 17 | $printJobs = Get-PrintJob -PrinterName $($printer.Name) 18 | if ($printJobs) { 19 | foreach ($job in $printJobs) { 20 | if ($job.JobStatus -match 'Error') { 21 | $stuckPrinterName = $job.PrinterName 22 | $stuckPrinterJob = $job.Id 23 | Write-Host "Restarting Job Id $stuckPrinterJob on printer $stuckPrinterName" 24 | Restart-PrintJob -InputObject $job 25 | } 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /scripts_wip/Win_3rdparty_Urbackup_Install.ps1: -------------------------------------------------------------------------------- 1 | #load parameters 2 | param ( 3 | [string] $urbackupserver, 4 | [string] $urbackupport, 5 | [string] $urbackupkey, 6 | [string] $urbackupcomputername 7 | ) 8 | 9 | #install urbackup client with chocolaty 10 | 11 | choco install urbackup-client -y 12 | 13 | 14 | 15 | 16 | #check client install & set urbackup client settings 17 | $urbackupcommand = 'c:\Program Files\Urbackup\UrbackupClient_cmd.exe' 18 | $urbackupcommandargs = @('set-settings', 19 | '-k internet_mode_enabled -v true', 20 | '-k internet_server -v $urbackupserver', 21 | '-k internet_server_port -v $urbackupport', 22 | ' -k computername -v $urbackupcomputername', 23 | '-k internet_authkey -v $urbackupkey' 24 | ) 25 | if (Test-Path $urbackupcommand) { 26 | & $urbackupcommand $urbackupcommandargs 27 | exit 0 28 | } 29 | else { 30 | Write-Output "UrBackup doesn't seem to be installed" 31 | exit 1 32 | } -------------------------------------------------------------------------------- /scripts_wip/Win_SMB1_CheckIfEnabled.ps1: -------------------------------------------------------------------------------- 1 | #Check if enabled 2 | 3 | try { 4 | # Check SMB1 Server status 5 | $smbServerConfig = Get-SmbServerConfiguration -ErrorAction Stop 6 | if ($smbServerConfig.EnableSMB1Protocol -eq $true) { 7 | Write-Host "SMB1 Server is enabled." 8 | exit 1 9 | } else { 10 | Write-Host "SMB1 Server is not enabled." 11 | } 12 | } 13 | catch { 14 | Write-Host "Error checking SMB1 Server status. It may not be applicable on this system." 15 | } 16 | 17 | try { 18 | # Check SMB1 Client status 19 | $smbClientConfig = Get-SmbClientConfiguration -ErrorAction Stop 20 | if ($smbClientConfig.EnableSMB1Protocol -eq $true) { 21 | Write-Host "SMB1 Client is enabled." 22 | exit 1 23 | } else { 24 | Write-Host "SMB1 Client is not enabled." 25 | } 26 | } 27 | catch { 28 | Write-Host "Error checking SMB1 Client status. It may not be applicable on this system." 29 | } -------------------------------------------------------------------------------- /scripts/Win_Lenovo_Driver_Updates.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Install a third party tool to check for device drivers. It only installs drivers that can be run non-interactively and silent 4 | .REQUIREMENTS 5 | Lenovo device is needed 6 | .INSTRUCTIONS 7 | - 8 | .NOTES 9 | V1.0 Initial Release by https://github.com/maltekiefer 10 | v1.1 Consistency checking Modules requirements silversword411 11 | #> 12 | 13 | if (-not (Get-PackageProvider -Name NuGet)) { 14 | Install-PackageProvider -Name NuGet -Force 15 | Write-Output "Installed NuGet" 16 | } 17 | 18 | if (-not (Get-Module -ListAvailable -Name LSUClient)) { 19 | Install-Module -Name 'LSUClient' -Force 20 | Write-Output "Installed LSUClient" 21 | } 22 | 23 | # Install only packages that can be installed silently and non-interactively 24 | 25 | $updates = Get-LSUpdate | Where-Object { $_.Installer.Unattended } 26 | $updates | Save-LSUpdate -Verbose 27 | $updates | Install-LSUpdate -Verbose -------------------------------------------------------------------------------- /scripts/Win_AnyDesk_Get_Anynet_ID.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | This script extracts the AnyDesk ID from the system.conf file in the AnyDesk application directory. 4 | 5 | .DESCRIPTION 6 | This script searches for the system.conf file in the AnyDesk application directory and extracts the AnyDesk ID from it. 7 | 8 | .OUTPUTS 9 | Returns the AnyDesk ID as a string. 10 | 11 | .NOTES 12 | Version: 1.0 6/30/2021 Samuel Meuchel 13 | #> 14 | 15 | $Paths = @($Env:APPDATA, $Env:ProgramData, $Env:ALLUSERSPROFILE) 16 | 17 | foreach ($Path in $Paths) { 18 | If (Test-Path $Path\AnyDesk) { 19 | $GoodPath = $Path 20 | } 21 | } 22 | 23 | $SystemFile = get-childitem -Path $GoodPath -Filter "system.conf" -Recurse -ErrorAction SilentlyContinue 24 | 25 | $ConfigPath = $SystemFile.FullName 26 | 27 | $ResultsIdSearch = Select-String -Path $ConfigPath -Pattern ad.anynet.id 28 | 29 | $Result = @($ResultsIdSearch -split '=') 30 | 31 | $Result[1] 32 | -------------------------------------------------------------------------------- /scripts/Linux_memory_check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Checks for the percentage of memory free and errors if it is below the configured value 4 | # Default is for 20% available, can be changed by passing a value to the script. EX: min=35 will set the minimum available memory to 35% 5 | # Note: Check is only for physical memory usage and does not include swap usage 6 | 7 | for ARGUMENT in "$@" 8 | do 9 | KEY=$(echo $ARGUMENT | cut -f1 -d=) 10 | 11 | KEY_LENGTH=${#KEY} 12 | VALUE="${ARGUMENT:$KEY_LENGTH+1}" 13 | 14 | export "$KEY"="$VALUE" 15 | done 16 | 17 | if [ -z "$min" ]; 18 | then 19 | min="20" 20 | fi 21 | 22 | MEM_FREE=$(free | grep Mem | awk '{print $7/$2 * 100.0}') 23 | MEM_FREE=$(printf "%.*f\n" "0" "$MEM_FREE") 24 | 25 | if [ $MEM_FREE -ge $min ]; 26 | then 27 | echo "$MEM_FREE% memory available. More than configured $min%" 28 | exit 0 29 | else 30 | echo "$MEM_FREE% memory available. Less than configured $min%" 31 | exit 1 32 | fi 33 | -------------------------------------------------------------------------------- /scripts_staging/Win_ResetviaMDM.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Trigger a remote wipe via MDM. 4 | 5 | .DESCRIPTION 6 | Invokes the 'doWipeMethod' in Windows equivalent to the Reset function in the Settings app. 7 | 8 | .NOTES 9 | v1.0 7/2024 bbrendon Initial version 10 | #> 11 | 12 | $namespaceName = "root\cimv2\mdm\dmmap" 13 | $className = "MDM_RemoteWipe" 14 | $methodName = "doWipeMethod" 15 | 16 | $session = New-CimSession 17 | 18 | $params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection 19 | $param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In") 20 | $params.Add($param) 21 | 22 | try { 23 | $instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'" 24 | $session.InvokeMethod($namespaceName, $instance, $methodName, $params) 25 | } 26 | catch [Exception] { 27 | write-host $_ | out-string 28 | } 29 | -------------------------------------------------------------------------------- /scripts_wip/Win_Software_Foxitreader_Updater_Kill.ps1: -------------------------------------------------------------------------------- 1 | # Kill Foxit Updater so it stops prompting users to install 15 day trial of writer by default 2 | 3 | Invoke-AsCurrentUser -scriptblock { 4 | 5 | Rename-Item -Path "$env:APPDATA\Foxit Software\Addon\Foxit PDF Reader\FoxitPDFReaderUpdater.exe" -NewName "badFoxitPDFReaderUpdater.exe" 6 | # Write-Output Write-Output "Runasuser started" | Out-File -append -FilePath c:\temp\raulog.txt 7 | # Write-Output Get-Content -Path "$env:APPDATA\Foxit Software\Addon\Foxit PDF Reader" | Out-File -append -FilePath c:\temp\raulog.txt 8 | $Enable = Get-ChildItem "$env:APPDATA\Foxit Software\Addon\Foxit PDF Reader\*.exe" 9 | Write-Output $Enable | Out-File -append -FilePath c:\temp\raulog.txt 10 | # Write-Output "Debug output finished" | Out-File -append -FilePath c:\temp\raulog.txt 11 | } 12 | 13 | $exitcode = Get-Content -Path "c:\temp\raulog.txt" 14 | Write-Output $exitcode 15 | Remove-Item -path "c:\temp\raulog.txt" 16 | -------------------------------------------------------------------------------- /scripts/Win_Bitlocker_Drive_Check_Status.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Checks drive to see if bitlocker is enabled 4 | .DESCRIPTION 5 | Assumes c, but you can specify a drive if you want. 6 | .PARAMETER Drive 7 | Optional: Specify drive letter if you want to check a drive other than c 8 | .EXAMPLE 9 | Drive d 10 | .NOTES 11 | 9/20/2021 v1 Initial release by @silversword411 with the help of @Ruben 12 | #> 13 | 14 | param ( 15 | [string] $Drive = "c" 16 | ) 17 | 18 | 19 | if ((Get-BitLockerVolume -MountPoint $Drive).ProtectionStatus -eq 'On') { 20 | do { 21 | $EncryptionPercentage = (Get-BitLockerVolume -MountPoint $Drive).EncryptionPercentage 22 | Write-Output "BitLocker Encryption Percentage: $EncryptionPercentage" 23 | Start-Sleep -Seconds 5 24 | } until ($EncryptionPercentage -match 100) 25 | Write-Output "Bitlocker is enabled and Encryption completed" 26 | Exit 0 27 | } 28 | else { 29 | Write-Output "BitLocker is not turned on for this volume!" 30 | Exit 1 31 | } 32 | -------------------------------------------------------------------------------- /scripts/Win_User_Local_Created_Monitor.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Event Viewer - New User Notification 4 | .DESCRIPTION 5 | Event Viewer Monitor - Notify when new Local user is created 6 | .EXAMPLE 7 | 365 8 | .NOTES 9 | v1 dinger initial release 10 | v1.1 silversword adding parameter options 11/2021 11 | #> 12 | 13 | $ErrorActionPreference = 'silentlycontinue' 14 | if ($Args.Count -eq 0) { 15 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) 16 | } 17 | else { 18 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day $param1) 19 | } 20 | 21 | if (Get-WinEvent -FilterHashtable @{LogName = 'security'; ID = '4720', '4720', '4728', '4732', '4756', '4767'; StartTime = $TimeSpan }) { 22 | Write-Output "A change has been made to local users" 23 | Get-WinEvent -FilterHashtable @{LogName = 'security'; ID = '4720', '4720', '4728', '4732', '4756', '4767'; StartTime = $TimeSpan } 24 | exit 1 25 | } 26 | 27 | else { 28 | Write-Output "No changes all looks fine" 29 | exit 0 30 | } 31 | 32 | -------------------------------------------------------------------------------- /scripts_wip/Win_Disk_Space_Usage_Check.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Disk Space Checker by superdry 3 | 4 | import sys 5 | import shutil 6 | import os 7 | import string 8 | 9 | exit_code = 0 10 | available_drives = ['%s:' % d for d in string.ascii_uppercase if os.path.exists('%s:' % d)] 11 | for path in available_drives: 12 | print(path) 13 | stat = shutil.disk_usage(path) 14 | #print(f"Disk usage statistics: {stat}") 15 | gbTotal = stat.total/float(1<<30) 16 | gbFree = stat.free/float(1<<30) 17 | gbPctFree = stat.free/stat.total 18 | print(f"Total: {gbTotal:.1f}GB, Free: {gbFree:.1f}GB ({gbPctFree:.0%})") 19 | if os.path.exists(f"{path}/DATALOSS_WARNING_README.txt"): 20 | print("Skipping temporary storage device") 21 | elif gbFree < 5 and gbPctFree < 0.1: 22 | print("Error: <5GB and <10% free") 23 | exit_code = 2 24 | elif gbFree < 10 and gbPctFree < 0.1: 25 | print("Warning: <10GB and <10% free") 26 | exit_code = max(exit_code,1) 27 | sys.exit(exit_code) 28 | -------------------------------------------------------------------------------- /scripts_wip/Win_Print_Spooler_Restart_Service.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Restart Print Spooler Service 4 | .DESCRIPTION 5 | Will force-restart the spooler service. With additional command parameter will also delete any pending print jobs 6 | .EXAMPLE 7 | Another example of how to use this cmdlet 8 | .OUTPUTS 9 | Any print jobs that are deleted 10 | .NOTES 11 | v1.0 5/2021 12 | https://github.com/silversword411 13 | .FUNCTIONALITY 14 | Print Spooler Troubleshooting, restarts spooler service. Can also delete all print jobs that are pending 15 | #> 16 | 17 | #Restart Spooler service 18 | Restart-Service -Name spooler -Force 19 | 20 | #Deletes All print jobs within the last 15 years 21 | $PrintJobs = get-wmiobject -class "Win32_PrintJob" -namespace "root\CIMV2" -computername . | Where-Object { [System.Management.ManagementDateTimeConverter]::ToDateTime($_.TimeSubmitted) -lt (Get-Date).AddDays(-5500) } 22 | foreach ($job in $PrintJobs) { 23 | # Write-Host "Canceling job $($job.JobId)" 24 | $job.Delete() 25 | } -------------------------------------------------------------------------------- /scripts_wip/linux_check_services.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Checks if one or more specified Linux services are running. 4 | # The env variable ARRAY must be passed in the script in the format ARRAY=service1 service2 service3 5 | # eg: ARRAY=meshagent httpd mariadb php-fpm nginx postgresql crond docker containerd 6 | 7 | # Define an array of services to check 8 | SERVICES=($ARRAY) 9 | 10 | if [ -z "$SERVICES" ]; 11 | then 12 | echo "Please specify services in the Env Vars using the format ARRAY=service1 service2 service3" 13 | exit 1 14 | fi 15 | 16 | # Loop through the array and check the status of each service 17 | for service in "${SERVICES[@]}" 18 | do 19 | systemctl list-unit-files | grep $service.service > /dev/null 2>&1 20 | if [ $? -eq 1 ] 21 | then 22 | echo "$service does not exist" 23 | elif systemctl status $service | grep -q "Active: active" 24 | then 25 | echo "$service is running" 26 | else 27 | echo 28 | echo ERROR! "$service is stopped" 29 | exit 1 30 | fi 31 | done 32 | -------------------------------------------------------------------------------- /scripts_wip/Win_Discord_Send_Messagev1.ps1: -------------------------------------------------------------------------------- 1 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 2 | 3 | function dischat { 4 | 5 | [CmdletBinding()] 6 | param ( 7 | [Parameter (Position=0,Mandatory = $True)] 8 | [string]$msgContent 9 | ) 10 | 11 | $hookUrl = 'https://discord.com/api/webhooks/yourwebhookurlhere' 12 | 13 | $Body = @{ 14 | #This is who the message is from 15 | 'username' = "Title" 16 | 'content' = $msgContent 17 | } 18 | 19 | Invoke-RestMethod -Uri $hookUrl -Method 'post' -Body $Body 20 | 21 | } 22 | 23 | function script { 24 | $machinename = "Title?" 25 | $publicip = (Invoke-WebRequest -uri "https://api.ipify.org?format=json" -UseBasicParsing).content | ConvertFrom-Json | Select-Object -ExpandProperty ip 26 | $trmminstalled = Test-Path -Path "C:\Program Files\TacticalAgent" -PathType Container 27 | 28 | return "$machinename Pub IP: $publicip TRMM Installed: $trmminstalled" 29 | } 30 | 31 | dischat (script) 32 | 33 | Write-Output "Sent to Discord" -------------------------------------------------------------------------------- /scripts/Win_Power_Profile_Reset_High_Performance_to_Defaults.ps1: -------------------------------------------------------------------------------- 1 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-x -monitor-timeout-ac 15' 2 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-x -disk-timeout-ac 0' 3 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-x -standby-timeout-ac 0' 4 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-x -hibernate-timeout-ac 0' 5 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-setacvalueindex SCHEME_CURRENT 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0' 6 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-x -monitor-timeout-dc 10' 7 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-x -disk-timeout-dc 0' 8 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-x -standby-timeout-dc 20' 9 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-x -hibernate-timeout-dc 0' 10 | Start-Process -FilePath 'powercfg.exe' -ArgumentList '-setdcvalueindex SCHEME_CURRENT 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 1' 11 | -------------------------------------------------------------------------------- /scripts_wip/Win_OEM_Information_Set.ps1: -------------------------------------------------------------------------------- 1 | Invoke-WebRequest -Uri 'http:///Downloads/Assets/CompanyLogo.bmp' -OutFile 'C:\windows\system32\CompanyLogo.bmp' 2 | 3 | # New-Item ?Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\" ?Name "OEMInformation" 4 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name "Logo" -Value "C:\windows\system32\CompanyLogo.bmp" 5 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name "Manufacturer" -Value "Company name" 6 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name "SupportAppURL" -Value "http://" 7 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name "SupportURL" -Value "http://" 8 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name "SupportHours" -Value "ma - vr | 08:00 - 17:00" 9 | Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" -Name "SupportPhone" -Value "" -------------------------------------------------------------------------------- /scripts_wip/Win_TRMM_Remove_and_unjoin_from_AzureAD.ps1: -------------------------------------------------------------------------------- 1 | # gretsky https://discord.com/channels/736478043522072608/744281869499105290/890996626716508180 2 | # remove non domain joined device from trmm and unjoin them from Azure Ad 3 | 4 | $domain = (Get-WmiObject -Class win32_computersystem -ComputerName localhost).domain 5 | if ($domain.toupper().contains('DOMAIN')) { 6 | Write-Output 'DOMAIN OK' 7 | } 8 | else { 9 | $ChkReg = Test-Path 'HKLM:\SOFTWARE\TacticalRMM\' 10 | If ($ChkReg -eq $True) { 11 | $regrmm = Get-ItemProperty -Path HKLM:\SOFTWARE\TacticalRMM\ 12 | & 'C:\Program Files\TacticalAgent\unins000.exe' /VERYSILENT 13 | start-sleep -s 20 14 | } 15 | dsregcmd.exe /debug /leave 16 | $Location = 'hklm:\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin' 17 | 18 | if ( !(Test-Path $Location) ) { 19 | New-item -path $Location 20 | New-ItemProperty -Path $Location -Name "BlockAADWorkplaceJoin" -PropertyType Dword -Value "1" 21 | } 22 | 23 | Start-Sleep -s 20 24 | exit 0 25 | } -------------------------------------------------------------------------------- /scripts_staging/Lab/Fake CheckRandom Alert 2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | #public 3 | import random 4 | import sys 5 | 6 | def main(): 7 | # Randomly choose an exit code with 50% probability for 0 8 | exit_code = random.choices([0, 1, 2, 3], weights=[0.5, 0.1667, 0.1667, 0.1667])[0] 9 | 10 | # Print the exit code and status message 11 | if exit_code == 0: 12 | print(f"Exit Code: {exit_code} - Resolved") 13 | else: 14 | print(f"Exit Code: {exit_code} - Failed") 15 | 16 | # Print some Lorem Ipsum text 17 | print("Lorem ipsum dolor sit amet, consectetur adipiscing elit.") 18 | print("Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.") 19 | print("Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.") 20 | print("Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.") 21 | 22 | # Exit with the chosen code 23 | sys.exit(exit_code) 24 | 25 | if __name__ == "__main__": 26 | main() -------------------------------------------------------------------------------- /scripts_wip/Win_Network_access_Do not allow anonymous enumeration of SAM accounts and shares.ps1: -------------------------------------------------------------------------------- 1 | Write-Output "Network access: Do not allow anonymous enumeration of SAM accounts and shares ..." 2 | 3 | $registryPath = "HKLM:\System\CurrentControlSet\Control\Lsa" 4 | 5 | $Name = "RestrictAnonymousSAM" 6 | $value = "00000001" 7 | $Type = "DWORD" 8 | 9 | IF(!(Test-Path $registryPath)) 10 | { 11 | New-Item -Path $registryPath -Force | Out-Null 12 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 13 | ELSE { 14 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 15 | 16 | $Name = "RestrictAnonymous" 17 | 18 | IF(!(Test-Path $registryPath)) 19 | { 20 | New-Item -Path $registryPath -Force | Out-Null 21 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 22 | ELSE { 23 | New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType $Type -Force | Out-Null} 24 | 25 | 26 | 27 | Write-Output "Fixed... bye" -------------------------------------------------------------------------------- /scripts/Win_Bios_Check.ps1: -------------------------------------------------------------------------------- 1 | ## Copied from https://github.com/ThatsNASt/tacticalrmm to add to new pull request for https://github.com/wh1te909/tacticalrmm 2 | #Returns basic information about BIOS 3 | #Test Passed on Windows 7 8 Workstations and Server 2008 4 | 5 | Try { 6 | $colBios = Get-WmiObject -Class "Win32_BIOS" 7 | Foreach ($objBios in $colBios) { 8 | $rDate = [System.Management.ManagementDateTimeconverter]::ToDateTime($objBios.ReleaseDate) 9 | Write-Host "Status is" $objBios.Status 10 | Write-Host "Primary BIOS is" $objBios.PrimaryBIOS 11 | Write-Host "SMBIOS BIOS Version is" $objBios.SMBIOSBIOSVersion 12 | Write-Host "SMBIOS Major Version is" $objBios.SMBIOSMajorVersion 13 | Write-Host "SMBIOS Minor Version is" $objBios.SMBIOSMinorVersion 14 | Write-Host "Manufacturer is" $objBios.Manufacturer 15 | Write-Host "Release Date is" $rDate 16 | } 17 | Write-Host "Script Check passed" 18 | Exit 0 19 | } 20 | Catch { 21 | Write-Host "Script Check Failed" 22 | Exit 1001 23 | } 24 | -------------------------------------------------------------------------------- /scripts/Win_Firefox_Clear_Cache.ps1: -------------------------------------------------------------------------------- 1 | Write-Host "Clearing FireFox caches" 2 | Remove-Item -path "C:\Users\*\AppData\Local\Mozilla\Firefox\Profiles\*.default\cache\*" -Recurse -Force -EA SilentlyContinue -Verbose 3 | Remove-Item -path "C:\Users\*\AppData\Local\Mozilla\Firefox\Profiles\*.default\cache\*.*" -Recurse -Force -EA SilentlyContinue -Verbose 4 | Remove-Item -path "C:\Users\*\AppData\Local\Mozilla\Firefox\Profiles\*.default\cache2\entries\*.*" -Recurse -Force -EA SilentlyContinue -Verbose 5 | Remove-Item -path "C:\Users\*\AppData\Local\Mozilla\Firefox\Profiles\*.default\thumbnails\*" -Recurse -Force -EA SilentlyContinue -Verbose 6 | Remove-Item -path "C:\Users\*\AppData\Local\Mozilla\Firefox\Profiles\*.default\cookies.sqlite" -Recurse -Force -EA SilentlyContinue -Verbose 7 | Remove-Item -path "C:\Users\*\AppData\Local\Mozilla\Firefox\Profiles\*.default\webappsstore.sqlite" -Recurse -Force -EA SilentlyContinue -Verbose 8 | Remove-Item -path "C:\Users\*\AppData\Local\Mozilla\Firefox\Profiles\*.default\chromeappsstore.sqlite" -Recurse -Force -EA SilentlyContinue -Verbose 9 | Write-Host "FireFox cache is cleared" 10 | -------------------------------------------------------------------------------- /scripts_staging/Lab/RustDesk password set.ps1: -------------------------------------------------------------------------------- 1 | #public 2 | #experimental password changer for rustdesk will use the content of a var for the source of the PW 3 | #RDPWD={{agent.Local password}} 4 | 5 | $ErrorActionPreference = 'SilentlyContinue' 6 | 7 | $confirmation_file = "C:\program files\RustDesk\rdrunonce.txt" 8 | 9 | # Stop the RustDesk service if it is running 10 | net stop rustdesk > $null 11 | $ProcessActive = Get-Process rustdesk -ErrorAction SilentlyContinue 12 | if ($ProcessActive -ne $null) { 13 | Stop-Process -ProcessName rustdesk -Force 14 | } 15 | 16 | # Use the password from the RDPWD environment variable 17 | $rustdesk_pw = $env:RDPWD 18 | if (-not $rustdesk_pw) { 19 | Write-Error "The RDPWD environment variable is not set." 20 | exit 1 21 | } 22 | 23 | # Start RustDesk with the provided password 24 | Start-Process "$env:ProgramFiles\RustDesk\RustDesk.exe" "--password $rustdesk_pw" -Wait 25 | Write-Output $rustdesk_pw 26 | 27 | # Restart the RustDesk service 28 | net start rustdesk > $null 29 | 30 | # Create the confirmation file 31 | New-Item $confirmation_file > $null -------------------------------------------------------------------------------- /scripts_wip/Win_10_Productkey_get.ps1: -------------------------------------------------------------------------------- 1 | 2 | 3 | function ConvertTo-ProductKey { 4 | param ( 5 | [parameter(Mandatory = $True, Position = 0)] 6 | $Registry, 7 | [parameter()] 8 | [Switch]$x64 9 | ) 10 | begin { 11 | $map = "BCDFGHJKMPQRTVWXY2346789" 12 | } 13 | process { 14 | $ProductKey = "" 15 | 16 | $prodkey = $Registry[0x34 .. 0x42] 17 | 18 | for ($i = 24; $i -ge 0; $i--) { 19 | $r = 0 20 | for ($j = 14; $j -ge 0; $j--) { 21 | $r = ($r * 256) -bxor $prodkey[$j] 22 | $prodkey[$j] = [math]::Floor([double]($r / 24)) 23 | $r = $r % 24 24 | } 25 | $ProductKey = $map[$r] + $ProductKey 26 | if (($i % 5) -eq 0 -and $i -ne 0) { 27 | $ProductKey = "-" + $ProductKey 28 | } 29 | } 30 | $ProductKey 31 | } 32 | } 33 | 34 | $x = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -name DigitalProductId 35 | $key = ConvertTo-ProductKey $x.DigitalProductId 36 | Write-output($Key) -------------------------------------------------------------------------------- /scripts_wip/Win_SecCheck_Print_kb5005010.ps1: -------------------------------------------------------------------------------- 1 | # Checking for insecure by design print features being enabled 2 | # See https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7 3 | 4 | $PointAndPrintNoElevation = (Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrintNoElevation").NoWarningNoElevationOnInstall 5 | $PointAndPrintUpdatePrompt = (Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrintNoElevation").UpdatePromptSettings 6 | 7 | if ($PointAndPrintNoElevation -Eq 1) { 8 | Write-Output "Point and Print WarningNoElevationOnInstall set to true. WARNING: You are insecure-by-design." 9 | exit 1 10 | } 11 | 12 | elseif ($PointAndPrintUpdatePrompt -Eq 1) { 13 | Write-Output "Point and Print PointAndPrintUpdatePrompt set to true. WARNING: You are insecure-by-design." 14 | exit 1 15 | } 16 | 17 | else { 18 | Write-Output "WarningNoElevationOnInstall UpdatePromptSettings set to false. No vulnerabilities" 19 | exit 0 20 | } 21 | -------------------------------------------------------------------------------- /scripts_wip/Win_Dell_Command_Install.ps1: -------------------------------------------------------------------------------- 1 | 2 | 3 | $Source = "$downloadurl" 4 | $SourceDownloadLocation = "C:\temp\Dell_Command_Update_4.3" 5 | $SourceInstallFile = "$SourceDownloadLocation\DCU_Setup_4_3_0.exe" 6 | $ProgressPreference = 'SilentlyContinue' 7 | 8 | If (Test-Path -Path $SourceInstallFile -PathType Leaf) { 9 | 10 | $proc = Start-Process "$SourceInstallFile" -ArgumentList "/s" -PassThru 11 | Wait-Process -InputObject $proc 12 | if ($proc.ExitCode -ne 0) { 13 | Write-Warning "Exited with error code: $($proc.ExitCode)" 14 | } 15 | else { 16 | Write-Output "Successful install with exit code: $($proc.ExitCode)" 17 | } 18 | 19 | 20 | } 21 | else { 22 | 23 | New-Item -Path $SourceDownloadLocation -ItemType directory 24 | Invoke-WebRequest $Source -OutFile $SourceInstallFile 25 | 26 | $proc = Start-Process "$SourceInstallFile" -ArgumentList "/s" -PassThru 27 | Wait-Process -InputObject $proc 28 | if ($proc.ExitCode -ne 0) { 29 | Write-Warning "Exited with error code: $($proc.ExitCode)" 30 | } 31 | else { 32 | Write-Output "Successful install with exit code: $($proc.ExitCode)" 33 | } 34 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Retrieve_Backup_Windows_Logs.bat: -------------------------------------------------------------------------------- 1 | rem Script starts here 2 | rem Timestamp Generator 3 | rem Needs parameter support 4 | 5 | set BACKUP_PATH=D:\logs 6 | 7 | rem Parse the date (e.g., Thu 02/28/2013) 8 | set cur_yyyy=%date:~10,4% 9 | set cur_mm=%date:~4,2% 10 | set cur_dd=%date:~7,2% 11 | 12 | rem Parse the time (e.g., 11:20:56.39) 13 | set cur_hh=%time:~0,2% 14 | if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%) 15 | set cur_nn=%time:~3,2% 16 | set cur_ss=%time:~6,2% 17 | set cur_ms=%time:~9,2% 18 | 19 | rem Set the timestamp format 20 | set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%%cur_ss%%cur_ms% 21 | 22 | wevtutil epl System %BACKUP_PATH%\system_%timestamp%.evtx 23 | wevtutil epl Application %BACKUP_PATH%\application_%timestamp%.evtx 24 | wevtutil epl Security %BACKUP_PATH%\security_%timestamp%.evtx 25 | wevtutil epl Setup %BACKUP_PATH%\system_%timestamp%.evtx 26 | wevtutil epl Forwarded Events %BACKUP_PATH%\system_%timestamp%.evtx 27 | wevtutil epl Active Directory Web Services %BACKUP_PATH%\system_%timestamp%.evtx 28 | wevtutil epl Hardware Events %BACKUP_PATH%\system_%timestamp%.evtx 29 | 30 | rem End of Script -------------------------------------------------------------------------------- /scripts/Win_Software_Install_Report.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Software Install - Reports new installs 4 | .DESCRIPTION 5 | This will check for software install events in the application Event Viewer log 6 | If a number is provided as a command parameter it will search that number of days back. 7 | .EXAMPLE 8 | 365 9 | .NOTES 10 | v1 silversword initial release 11/2021 11 | TODO: Track installed services trmm and mesh under eventid 7045 in system 12 | #> 13 | 14 | $param1 = $args[0] 15 | 16 | $ErrorActionPreference = 'silentlycontinue' 17 | if ($Args.Count -eq 0) { 18 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) 19 | } 20 | else { 21 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day $param1) 22 | } 23 | 24 | if (Get-WinEvent -FilterHashtable @{LogName = 'application'; ID = '11707'; StartTime = $TimeSpan }) { 25 | Write-Output "Software installed" 26 | Get-WinEvent -FilterHashtable @{LogName = 'application'; ID = '11707'; StartTime = $TimeSpan } 27 | exit 1 28 | } 29 | 30 | { 31 | else 32 | Write-Output "No Software install events detected in the past 24 hours." 33 | exit 0 34 | } 35 | -------------------------------------------------------------------------------- /scripts_wip/Win_CPU_Uptime_Check.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Checks Uptime of the computer 4 | .DESCRIPTION 5 | This was written specifically for use as a "Script Check" in mind, where it the output is deliberaly light unless a warning or error condition is found that needs more investigation. 6 | 7 | If the totalhours of uptime of the computer is greater than or equal to the warning limit, an error is returned. 8 | #> 9 | 10 | [cmdletbinding()] 11 | Param( 12 | [Parameter(Mandatory = $false)] 13 | [int]#Warn if the uptime total hours is over this limit. Defaults to 2.5 days. 14 | $maximumUptimeHoursWarningLimit = 60 15 | ) 16 | 17 | $uptime = (get-Date) - (Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object -ExpandProperty LastBootUpTime) 18 | #v7 introduces Get-Uptime, but using WMI is backwards compatiable with v5 19 | 20 | If($uptime.TotalHours -ge $maximumUptimeHoursWarningLimit){ 21 | "Uptime is over threshold ($($uptime.TotalHours)/$maximumUptimeHoursWarningLimit)" 22 | Exit 1 23 | } 24 | 25 | "Uptime is below threshold ($($uptime.TotalHours)/$maximumUptimeHoursWarningLimit)" 26 | Exit 0 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Amidaware LLC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /scripts_staging/Win_Chrome_Clear_All.ps1: -------------------------------------------------------------------------------- 1 | #This Script will clear all chrome history, cookies and cache for the currently logged in user. 2 | # 3 | # 4 | 5 | Write-Output -------------------------------------- 6 | Write-Output **** Clearing Chrome cache 7 | $liu = ((Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object UserName).Username).Split("\")[1] 8 | taskkill /F /IM "chrome.exe" 9 | 10 | $ChromeDataDir = "C:\Users\$liu\AppData\Local\Google\Chrome\User Data\Default" 11 | $ChromeCache = %ChromeDataDir%\Cache 12 | Get-ChildItem $ChromeCache -Recurse | Remove-Item -Force 13 | Get-ChildItem $ChromeDataDir\*Cookies -Recurse | Remove-Item -Force 14 | Get-ChildItem $ChromeDataDir\*History -Recurse | Remove-Item -Force 15 | 16 | $ChromeDataDir = "C:\Users\$liu\Local Settings\Application Data\Google\Chrome\User Data\Default" 17 | $ChromeCache = %ChromeDataDir%\Cache 18 | Get-ChildItem $ChromeCache -Recurse | Remove-Item -Force 19 | Get-ChildItem $ChromeDataDir\*Cookies -Recurse | Remove-Item -Force 20 | Get-ChildItem $ChromeDataDir\*History -Recurse | Remove-Item -Force 21 | Write-Output **** Clearing Chrome cache DONE 22 | -------------------------------------------------------------------------------- /scripts_wip/Win_Clear_Office_Cache.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Sets the registry setting to force office to clear the local cache of files. 4 | .DESCRIPTION 5 | The reason this script exists is to force applications to pull the cloud version 6 | of a file instead of using the local cache version for files in OneDrive. 7 | .NOTES 8 | Version: 1.0 9 | Author: redanthrax 10 | Creation Date: 2024-01-18 11 | #> 12 | 13 | $sids = Get-ChildItem -Path Registry::HKEY_USERS | ` 14 | Where-Object { $_.Name -match 'S-\d-\d+-(\d+-){1,14}\d+$' } | ` 15 | ForEach-Object { $_.Name } 16 | $count = 0 17 | foreach ($sid in $sids) { 18 | if (Test-Path "Registry::$sid\Software\Microsoft\Office\16.0\Common") { 19 | $options = @{ 20 | Path = "Registry::$sid\Software\Microsoft\Office\16.0\Common\FileIO" 21 | Name = 'AgeOutPolicy' 22 | Value = '1' 23 | } 24 | 25 | Set-ItemProperty @options 26 | $options["Name"] = 'DisableLongTermCaching' 27 | Set-ItemProperty @options 28 | $count += 1 29 | } 30 | } 31 | 32 | Write-Output "Execution complete. Set for $count user(s)." -------------------------------------------------------------------------------- /scripts_wip/DUPE_Win_Chocolatey_Update_Bulk.bat: -------------------------------------------------------------------------------- 1 | 2 | ECHO Enter number of clients you're running against as a parameter if you are running against multiple clients. 3 | ECHO A random sleep time will be introduced to minimize the chance of being temporarily blacklisted 4 | ECHO See https://docs.chocolatey.org/en-us/community-repository/community-packages-disclaimer#rate-limiting 5 | 6 | 7 | IF %1.==. GOTO No1 8 | IF %2.==. GOTO No2 9 | 10 | 11 | GOTO End1 12 | 13 | :No1 14 | rem No parameters 15 | ECHO Running No1: No parameters provided 16 | cup -y all 17 | GOTO End1 18 | 19 | :No2 20 | rem One parameter provided 21 | ECHO Running No2: One Parameter provided 22 | 23 | @echo off & setlocal EnableDelayedExpansion 24 | 25 | for /L %%a in (1) do ( 26 | call:rand 1 %2 27 | echo !RAND_NUM! 28 | ) 29 | :rand 30 | SET /A RAND_NUM=%RANDOM% * (%2 - %1 + 1) / 32768 + %1 31 | echo RAND_NUM is !RAND_NUM! 32 | Set /A SleepTime=!RAND_NUM! * 60 33 | echo SleepTime is %SleepTime% 34 | 35 | timeout /t %SleepTime% /nobreak 36 | ECHO finished waiting 37 | cup -y all 38 | 39 | GOTO End1 40 | 41 | :End1 42 | 43 | rem We've reached the end -------------------------------------------------------------------------------- /scripts_wip/Win_Windows_Update_Settings2.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] 4 | "SetComplianceDeadline"=dword:00000001 5 | "ConfigureDeadlineForQualityUpdates"=dword:00000007 6 | "ConfigureDeadlineGracePeriod"=dword:00000002 7 | "ConfigureDeadlineForFeatureUpdates"=dword:0000001e 8 | "ConfigureDeadlineGracePeriodForFeatureUpdates"=dword:00000002 9 | "DeferFeatureUpdates"=dword:00000001 10 | "BranchReadinessLevel"=dword:00000010 11 | "DeferFeatureUpdatesPeriodInDays"=dword:000000b4 12 | "PauseFeatureUpdatesStartTime"="" 13 | "ManagePreviewBuilds"=dword:00000001 14 | "ManagePreviewBuildsPolicyValue"=dword:00000000 15 | 16 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] 17 | "AUOptions"=dword:00000004 18 | "NoAutoUpdate"=dword:00000000 19 | "AlwaysAutoRebootAtScheduledTime"=dword:00000001 20 | "NoAutoRebootWithLoggedOnUsers"=dword:00000001 21 | "ScheduledInstallDay"=dword:00000000 22 | "ScheduledInstallTime"=dword:00000003 23 | "AutomaticMaintenanceEnabled"=dword:00000001 24 | "ScheduledInstallEveryWeek"=dword:00000001 25 | "AllowMUUpdateService"=dword:00000001 -------------------------------------------------------------------------------- /scripts_wip/Win_Printers_Security_Check_KB5005010.ps1: -------------------------------------------------------------------------------- 1 | # Checking for insecure by design print features being enabled 2 | # See https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7 3 | 4 | $PointAndPrintNoElevation = (Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrintNoElevation").NoWarningNoElevationOnInstall 5 | $PointAndPrintUpdatePrompt = (Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrintNoElevation").UpdatePromptSettings 6 | 7 | if ($PointAndPrintNoElevation -Eq 1) { 8 | Write-Output "Point and Print WarningNoElevationOnInstall set to true. WARNING: You are insecure-by-design." 9 | exit 1 10 | } 11 | 12 | elseif ($PointAndPrintUpdatePrompt -Eq 1) { 13 | Write-Output "Point and Print PointAndPrintUpdatePrompt set to true. WARNING: You are insecure-by-design." 14 | exit 1 15 | } 16 | 17 | else { 18 | Write-Output "WarningNoElevationOnInstall UpdatePromptSettings set to false. No vulnerabilities" 19 | exit 0 20 | } 21 | 22 | Exit $LASTEXITCODE -------------------------------------------------------------------------------- /scripts_staging/Win_Bitlocker_Enable.ps1: -------------------------------------------------------------------------------- 1 | #TODO merge enable, and current live bitlocker script together for a single commit 2 | 3 | <# 4 | .SYNOPSIS 5 | Enables Bitlocker 6 | 7 | .DESCRIPTION 8 | Enables bitlocker, and shows recovery keys. Assumes c, but you can specify a drive if you want. 9 | 10 | .PARAMETER Drive 11 | Optional: Specify drive letter if you want to check a drive other than c 12 | 13 | .OUTPUTS 14 | Results are printed to the console. 15 | 16 | .NOTES 17 | Change Log 18 | V1.0 Initial release from dinger1986 https://discord.com/channels/736478043522072608/744281869499105290/836871708790882384 19 | #> 20 | 21 | param ( 22 | [string] $Drive = "c" 23 | ) 24 | 25 | If (!(test-path $env:programdata\TacticalRMM\scripts\)) { 26 | New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\scripts\ 27 | } 28 | 29 | Enable-Bitlocker -MountPoint $Drive -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector 30 | manage-bde -protectors $Drive -get 31 | 32 | $bitlockerkey = manage-bde -protectors $Drive -get 33 | ( 34 | Write-Output $bitlockerkey 35 | )>"$env:programdata\TacticalRMM\scripts\bitlockerkey.txt" 36 | -------------------------------------------------------------------------------- /scripts_staging/Tools/Cleanup temp files.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Automate cleaning up the C:\ drive with low disk space warning. 4 | 5 | .DESCRIPTION 6 | Cleans the C: drive's Windows Temporary files, Windows SoftwareDistribution folder, 7 | the local users Temporary folder, IIS logs(if applicable) and empties the recycle bin. 8 | By default this script leaves files that are newer than 30 days old however this variable can be edited. 9 | This script will typically clean up anywhere from 1GB up to 15GB of space from a C: drive. 10 | 11 | 12 | .NOTES 13 | Author: SAN 14 | Date: 01.01.24 15 | #public 16 | Dependencies: 17 | Cleaner Snippet 18 | 19 | .EXEMPLE 20 | DaysToDelete=25 21 | 22 | .CHANGELOG 23 | 25.10.24 SAN Changed to 25 day of IIS logs 24 | 19.11.24 SAN Added adobe updates folder to cleanup 25 | 19.11.24 SAN removed colors 26 | 19.11.24 SAN added cleanup of search index 27 | 17.12.24 SAN Full code refactoring, set a single value for file expiration 28 | 29 | .TODO 30 | Integrate bleachbit this would help avoid having to update this script too often. 31 | 32 | #> 33 | 34 | 35 | {{Cleaner}} -------------------------------------------------------------------------------- /scripts/Win_Hardware_RAM_Status.ps1: -------------------------------------------------------------------------------- 1 | #Identifies Computer RAM capacity and status 2 | 3 | [Cmdletbinding()] 4 | Param( 5 | [string]$Computername = "localhost" 6 | ) 7 | cls 8 | $PysicalMemory = Get-WmiObject -class "win32_physicalmemory" -namespace "root\CIMV2" -ComputerName $Computername 9 | 10 | Write-Host "RAM Modules:" -ForegroundColor Green 11 | $PysicalMemory | Format-Table Tag, BankLabel, @{n = "Capacity(GB)"; e = { $_.Capacity / 1GB } }, Manufacturer, PartNumber, Speed -AutoSize 12 | 13 | Write-Host "Total Memory:" -ForegroundColor Green 14 | Write-Host "$((($PysicalMemory).Capacity | Measure-Object -Sum).Sum/1GB)GB" 15 | 16 | $TotalSlots = ((Get-WmiObject -Class "win32_PhysicalMemoryArray" -namespace "root\CIMV2" -ComputerName $Computername).MemoryDevices | Measure-Object -Sum).Sum 17 | Write-Host "`nTotal Memory Slots:" -ForegroundColor Green 18 | Write-Host $TotalSlots 19 | 20 | $UsedSlots = (($PysicalMemory) | Measure-Object).Count 21 | Write-Host "`nUsed Memory Slots:" -ForegroundColor Green 22 | Write-Host $UsedSlots 23 | 24 | If ($UsedSlots -eq $TotalSlots) { 25 | Write-Host "All memory slots are filled up, none is empty!" -ForegroundColor Yellow 26 | } -------------------------------------------------------------------------------- /scripts_staging/Tools/Force Azureo365 AD sync.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Initiates an Azure AD synchronization cycle. 4 | 5 | .DESCRIPTION 6 | This script checks if the ADSync module is loaded, and if not, imports it. 7 | It then triggers a delta synchronization cycle using the `Start-ADSyncSyncCycle` command. 8 | 9 | .NOTES 10 | Author: SAN 11 | Date: 01.01.24 12 | #public 13 | 14 | .CHANGELOG 15 | 12.12.24 Simple polish 16 | 17 | #> 18 | 19 | # Check if the ADSync module is already imported, if not, import it 20 | if (-not (Get-Module -Name 'ADSync' -ErrorAction SilentlyContinue)) { 21 | Write-Host "Importing the Azure AD Sync module..." 22 | Import-Module ADSync 23 | } 24 | 25 | try { 26 | Write-Host "Starting Azure AD Delta Synchronization..." 27 | Start-ADSyncSyncCycle -PolicyType Delta 28 | Write-Host "Azure AD sync initiated successfully!" 29 | Write-Host "Please check the Azure AD Connect Health for status." 30 | 31 | } 32 | catch { 33 | Write-Host "An error occurred while initiating the Azure AD sync: $_" 34 | Write-Host "Please check the Azure AD Connect logs for more details." 35 | } 36 | -------------------------------------------------------------------------------- /scripts_staging/linux_3cx_backupchecker.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Checks for 3cx backups in the past 24 hours on Linux 4 | 5 | # Use for production 6 | #last_run=$(grep 'ManagementConsoleJS.Services.BackupService.*created' /var/lib/3cxpbx/Instance1/Data/Logs/3cxManagementConsole.log | 7 | # tail -n 1 | 8 | # cut --delimiter '|' --fields 1) 9 | 10 | # Use static text for testing 11 | last_run=$(echo '2022/03/30 12:13:49.028|4029|0040|Inf|[ManagementConsoleJS.Services.BackupService] Backup TestBackup3 created' | 12 | grep 'ManagementConsoleJS.Services.BackupService.*created' | 13 | tail -n 1 | 14 | cut --delimiter '|' --fields 1) 15 | 16 | last_run_sec=$(date --date "${last_run}" "+%s") 17 | now_sec=$(date --date "now" "+%s") 18 | day_sec=$(( 60 * 60 * 24)) 19 | 20 | # Debug statements. Comment out in production. 21 | echo "last_run_sec=${last_run_sec}" 22 | echo "now_sec=${now_sec}" 23 | echo "day_sec=${day_sec}" 24 | echo "day_sec=${day_sec}" 25 | 26 | if [[ "${day_sec}" -le "$(( now_sec - last_run_sec ))" ]] 27 | then 28 | echo "last run was more than 24 hours ago" 29 | exit 1 30 | else 31 | echo "last run was less than 24 hours ago" 32 | exit 0 33 | fi 34 | -------------------------------------------------------------------------------- /scripts/Win_Task_Scheduler_New_Items_Monitor.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Event Viewer - Task Scheduler New Item Notification 4 | .DESCRIPTION 5 | Event Viewer Monitor - Notify when new Task Scheduler item is created 6 | .EXAMPLE 7 | 365 8 | .NOTES 9 | v1 dinger initial release 10 | v1.1 silversword adding command parameters 11/2021 11 | #> 12 | 13 | 14 | $ErrorActionPreference = 'silentlycontinue' 15 | if ($Args.Count -eq 0) { 16 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) 17 | } 18 | else { 19 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day $param1) 20 | } 21 | 22 | if (Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-TaskScheduler/Operational'; ID = '106'; StartTime = $TimeSpan } | Where-Object -Property Message -notlike *$env:COMPUTERNAME*) { 23 | Write-Output "New Task Has Been Added" 24 | Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-TaskScheduler/Operational'; ID = '106'; StartTime = $TimeSpan } 25 | Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-TaskScheduler/Operational'; ID = '141'; StartTime = $TimeSpan } 26 | exit 1 27 | } 28 | 29 | else { 30 | Write-Output "No changes with Task Scheduler" 31 | exit 0 32 | } 33 | -------------------------------------------------------------------------------- /scripts_staging/Checks/Activation status.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Checks the Windows activation status and exits with the appropriate code. 4 | 5 | .DESCRIPTION 6 | This script checks the activation status of the Windows operating system. 7 | It uses the WMI query to determine if Windows is activated and exits with 8 | status code 0 if activated, or 1 if not activated. 9 | 10 | .NOTES 11 | Author: SAN 12 | Date : 13.11.24 13 | #public 14 | 15 | .CHANGELOG 16 | 09.04.25 SAN move to Get-CimInstance and other improvements 17 | 18 | #> 19 | 20 | 21 | try { 22 | $activationStatus = Get-CimInstance -Query "SELECT * FROM SoftwareLicensingProduct WHERE LicenseStatus = 1 AND PartialProductKey IS NOT NULL" -ErrorAction Stop 23 | 24 | if ($activationStatus) { 25 | foreach ($product in $activationStatus) { 26 | Write-Host "OK: Activated - $($product.Name) [$($product.Description)]" 27 | } 28 | exit 0 29 | } else { 30 | Write-Host "KO: Windows is not activated." 31 | exit 1 32 | } 33 | } catch { 34 | Write-Host "ERROR: Failed to check activation status. $_" 35 | exit 1 36 | } 37 | 38 | -------------------------------------------------------------------------------- /scripts_staging/snippets/CallPowerShell7Lite.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Ensures the script is executed using PowerShell 7 or higher. 4 | 5 | .DESCRIPTION 6 | This script verifies whether it is running in a PowerShell 7+ environment. 7 | If not, and if PowerShell 7 (pwsh) is available on the system, it re-invokes itself using pwsh, passing along any parameters. 8 | If pwsh is not found, the script outputs a message and exits with an error code. 9 | Once running in PowerShell 7 or higher, it sets the output rendering mode to plaintext for consistent formatting. 10 | 11 | .NOTES 12 | Author: SAN 13 | Date: 29/04/2025 14 | #public 15 | 16 | .CHANGELOG 17 | 22.05.25 SAN Added UTF8 to fix encoding issue with russian & french chars 18 | #> 19 | 20 | 21 | if (!($PSVersionTable.PSVersion.Major -ge 7)) { 22 | if (Get-Command pwsh -ErrorAction SilentlyContinue) { 23 | pwsh -File "`"$PSCommandPath`"" @PSBoundParameters 24 | exit $LASTEXITCODE 25 | } else { 26 | Write-Output "ERROR: PowerShell 7 is not available. Exiting." 27 | exit 1 28 | } 29 | } 30 | [Console]::OutputEncoding = [Text.Encoding]::UTF8 31 | $PSStyle.OutputRendering = "plaintext" 32 | -------------------------------------------------------------------------------- /scripts/Win_Wifi_SSID_and_Password_Retrieval.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .NOTES 3 | v1.1 8/23/2024 silversword411 complete refactor to add Connection mode column 4 | #> 5 | 6 | # Get the list of saved SSIDs 7 | $wifiProfiles = (netsh wlan show profiles) | Select-String "\:(.+)$" | % { $_.Matches.Groups[1].Value.Trim() } 8 | 9 | $results = @() 10 | 11 | foreach ($name in $wifiProfiles) { 12 | $profileDetails = netsh wlan show profile name="$name" key=clear 13 | 14 | # Look for the "Connection mode" setting 15 | $connectionModeMatch = $profileDetails | Select-String "Connection mode\W+\:(.+)$" 16 | $connectionMode = if ($connectionModeMatch) { $connectionModeMatch.Matches.Groups[1].Value.Trim() } else { "Not found" } 17 | 18 | # Look for the password 19 | $passwordMatch = $profileDetails | Select-String "Key Content\W+\:(.+)$" 20 | $password = if ($passwordMatch) { $passwordMatch.Matches.Groups[1].Value.Trim() } else { "No password" } 21 | 22 | $results += [PSCustomObject]@{ 23 | SSID = $name 24 | PASSWORD = $password 25 | CONNECTION_MODE = $connectionMode 26 | } 27 | } 28 | 29 | # Output the results in a table 30 | $results | Format-Table -AutoSize 31 | -------------------------------------------------------------------------------- /scripts_staging/Win_WindowsOptionalFeature_EnableDisable.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Script to Install Windows Optional Features. 4 | .PARAMETER Mode 5 | The Enable is assumed, to disable feature use -mode disable 6 | .PARAMETER FeatureName 7 | Set Feature to install by using -FeatureName NameofFeature 8 | .EXAMPLE 9 | -FeatureName NameofFeature -mode disable 10 | .EXAMPLE 11 | -FeatureName NameofFeature 12 | #> 13 | 14 | param ( 15 | [string] $FeatureName, 16 | [string] $Mode 17 | ) 18 | 19 | # If Feature Installed already then skips otherwise installs. 20 | if ((Get-WindowsOptionalFeature -FeatureName $FeatureName -Online).State -eq "Enabled") { 21 | 22 | write-host "Installed" 23 | 24 | } 25 | else { 26 | 27 | write-host "not Installed" 28 | 29 | Enable-WindowsOptionalFeature -online -FeatureName $FeatureName -NoRestart 30 | 31 | } 32 | if ($Mode -eq "disable") { 33 | Write-Output "Disabling $FeatureName" 34 | Disable-WindowsOptionalFeature -online -FeatureName $FeatureName -NoRestart 35 | } 36 | 37 | else { 38 | Write-Output "Enabling $FeatureName" 39 | Enable-WindowsOptionalFeature -online -FeatureName $FeatureName -NoRestart 40 | } 41 | -------------------------------------------------------------------------------- /scripts_wip/Win_3rdparty_Urbackup_restorepermfixer.bat: -------------------------------------------------------------------------------- 1 | rem Use environment variables 2 | rem eg pcname=pcname username=username 3 | 4 | rem Display the values of environment variables 5 | echo pcname: %pcname% 6 | echo Username: %username% 7 | 8 | takeown /s %pcname% /u %pcname%\%username% /f "c:\users\%username%\Desktop" /r /d Y 9 | icacls "c:\users\%username%\Desktop" /reset /T 10 | 11 | takeown /s %pcname% /u %pcname%\%username% /f "c:\users\%username%\Documents" /r /d Y 12 | icacls "c:\users\%username%\Documents" /reset /T 13 | 14 | takeown /s %pcname% /u %pcname%\%username% /f "c:\users\%username%\Downloads" /r /d Y 15 | icacls "c:\users\%username%\Downloads" /reset /T 16 | 17 | takeown /s %pcname% /u %pcname%\%username% /f "c:\users\%username%\Favorites" /r /d Y 18 | icacls "c:\users\%username%\Favorites" /reset /T 19 | 20 | takeown /s %pcname% /u %pcname%\%username% /f "c:\users\%username%\Music" /r /d Y 21 | icacls "c:\users\%username%\Music" /reset /T 22 | 23 | takeown /s %pcname% /u %pcname%\%username% /f "c:\users\%username%\Pictures" /r /d Y 24 | icacls "c:\users\%username%\Pictures" /reset /T 25 | 26 | takeown /s %pcname% /u %pcname%\%username% /f "c:\users\%username%\Videos" /r /d Y 27 | icacls "c:\users\%username%\Videos" /reset /T -------------------------------------------------------------------------------- /scripts_wip/Win_LLDPInfo.ps1: -------------------------------------------------------------------------------- 1 | .<# 2 | .SYNOPSIS 3 | Gets switch name and port that the computer is plugged into 4 | .DESCRIPTION 5 | Uses PSDiscoveryProtocol module to query the switch port 6 | https://github.com/lahell/PSDiscoveryProtocol 7 | #> 8 | 9 | if ('NuGet' -notin (Get-PackageProvider).Name) { 10 | Install-PackageProvider -Name NuGet -Force | Out-Null 11 | } 12 | 13 | if ('PSDiscoveryProtocol' -notin (Get-InstalledModule).Name) { 14 | Install-Module -Name PSDiscoveryProtocol -Repository PSGallery -Confirm:$false -Force | Out-Null 15 | } 16 | Set-ExecutionPolicy Bypass -Scope Process 17 | #if your computer is hooked up through an IP phone, it will show the phone as the switch upon occasion. This do..until runs until the switch is not the Polycom phone. 18 | #change Polycom to whatever it displays for your phone, or remove lines 19 and 22 if you don't daisychain through an ip phone 19 | do { 20 | $Packet = Invoke-DiscoveryProtocolCapture -Type LLDP -ErrorAction SilentlyContinue 21 | $lldp = Get-DiscoveryProtocolData -Packet $Packet 22 | } until ($lldp.Device -notlike "Polycom*") 23 | $lldpinfo = "Switch: $($lldp.Device) - Port: $($lldp.port) - Port Description: $($lldp.portdescription)" 24 | return $lldpinfo 25 | -------------------------------------------------------------------------------- /scripts/Win_Azure_Mars_Cloud_Backup_Status.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Check for errors in Cloud Backup Mars and returns results. 4 | 5 | .DESCRIPTION 6 | This script checks for errors in the CloudBackup/Operational log on all local network adapters for the past 24 hours, and returns the results. If errors are found, the script outputs "Cloud Backup Mars Ended with Errors" and displays the relevant log events. If no errors are found, the script outputs "Cloud Backup Mars Backup Is Working Correctly" and displays the relevant log events. 7 | 8 | .NOTES 9 | Version: 1.0 10 | #> 11 | 12 | $ErrorActionPreference = 'silentlycontinue' 13 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1) 14 | 15 | ##Check for Errors in Backup 16 | if (Get-WinEvent -FilterHashtable @{LogName = 'CloudBackup/Operational'; ID = '11', '18'; StartTime = $TimeSpan }) { 17 | Write-Host "Cloud Backup Mars Ended with Errors" 18 | Get-WinEvent -FilterHashtable @{LogName = 'CloudBackup/Operational'; ID = '1', '14', '11', '18', '16'; StartTime = $TimeSpan } 19 | exit 1 20 | } 21 | else { 22 | Write-Host "Cloud Backup Mars Backup Is Working Correctly" 23 | Get-WinEvent -FilterHashtable @{LogName = 'CloudBackup/Operational'; ID = '1', '14', '16' } 24 | exit 0 25 | } 26 | -------------------------------------------------------------------------------- /scripts_staging/Tools/Deploy diagnostic toolkit.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Installs or uninstalls Sysinternals and nirlauncher using Chocolatey. 4 | 5 | .DESCRIPTION 6 | This script installs or uninstalls the Sysinternals and nirlauncher packages via Chocolatey. . 7 | If the environment variable "uninstall" is set to "1", it will uninstall both packages instead of installing. 8 | 9 | .EXAMPLE 10 | uninstall=1 11 | 12 | .NOTES 13 | Author: SAN 14 | Date: 26.06.25 15 | #public 16 | 17 | .CHANGELOG 18 | 19 | #> 20 | 21 | 22 | if (-not (Get-Command choco -ErrorAction SilentlyContinue)) { 23 | Write-Error "Chocolatey is not installed or not in PATH." 24 | exit 1 25 | } 26 | 27 | $uninstall = $env:uninstall 28 | 29 | if ($uninstall -eq "1") { 30 | Write-Host "Start uninstall" 31 | choco uninstall sysinternals -y 32 | choco uninstall nirlauncher -y 33 | choco uninstall powertoys -y 34 | } else { 35 | Write-Host "Start install" 36 | choco install sysinternals -y --ignore-checksums --no-progress --force 37 | choco install nirlauncher -y --package-parameters="/Sysinternals" --no-progress --force 38 | choco install powertoys -y --no-progress --force 39 | 40 | Write-Host "Launcher available at C:\tools\NirLauncher" 41 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Teams_Uninstall.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | From https://www.reddit.com/r/sysadmin/comments/aq72e4/microsoft_teams_wont_stay_uninstalled/ 3 | .SYNOPSIS 4 | This script allows you to uninstall the Microsoft Teams app and remove Teams directory for a user. 5 | .DESCRIPTION 6 | Use this script to clear the installed Microsoft Teams application. Run this PowerShell script for each user profile for which the Teams App was installed on a machine. After the PowerShell has executed on all user profiles, Teams can be redeployed. 7 | #> 8 | 9 | $TeamsPath = [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Microsoft', 'Teams') 10 | $TeamsUpdateExePath = [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Microsoft', 'Teams', 'Update.exe') 11 | 12 | try 13 | { 14 | if (Test-Path -Path $TeamsUpdateExePath) { 15 | Write-Host "Uninstalling Teams process" 16 | 17 | # Uninstall app 18 | $proc = Start-Process -FilePath $TeamsUpdateExePath -ArgumentList "-uninstall -s" -PassThru 19 | $proc.WaitForExit() 20 | } 21 | if (Test-Path -Path $TeamsPath) { 22 | Write-Host "Deleting Teams directory" 23 | Remove-Item -Path $TeamsPath -Recurse 24 | 25 | } 26 | } 27 | catch 28 | { 29 | Write-Error -ErrorRecord $_ 30 | exit /b 1 31 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Manufacturer_Specific_Snippet.ps1: -------------------------------------------------------------------------------- 1 | # Basic Script to run manufacturer specific commands on devices 2 | 3 | 4 | $oem = ((Get-WMIObject -class Win32_ComputerSystem).Manufacturer) 5 | 6 | if ($oem -match 'Dell') 7 | { 8 | Write-Output "Its $oem Lets Run the Code" 9 | 10 | # Add in Update commands here 11 | 12 | } 13 | 14 | elseif ($oem -match 'HP') 15 | { 16 | Write-Output "Its $oem Lets Run the Code" 17 | 18 | # Add in Update commands here 19 | 20 | } 21 | 22 | elseif ($oem -match 'Lenovo') 23 | { 24 | Write-Output "Its $oem Lets Run the Code" 25 | 26 | # Add in Update commands here 27 | 28 | } 29 | 30 | elseif ($oem -match 'Intel') 31 | { 32 | Write-Output "Its $oem Lets Run the Code" 33 | 34 | # Add in Update commands here 35 | 36 | } 37 | 38 | elseif ($oem -match 'Dynabook') 39 | { 40 | Write-Output "Its $oem Lets Run the Code" 41 | 42 | # Add in Update commands here 43 | 44 | } 45 | 46 | elseif ($oem -match 'Acer') 47 | { 48 | Write-Output "Its $oem Lets Run the Code" 49 | 50 | # Add in Update commands here 51 | 52 | } 53 | 54 | elseif ($oem -match 'Asus') 55 | { 56 | Write-Output "Its $oem Lets Run the Code" 57 | 58 | # Add in Update commands here 59 | 60 | } 61 | 62 | else 63 | { 64 | Write-Output "This machine is made by $oem which isnt supported" 65 | } 66 | -------------------------------------------------------------------------------- /scripts_wip/Win_Speedtest_Ookla.ps1: -------------------------------------------------------------------------------- 1 | $runpath = "C:\TechTools\Speedtest\Speedtest.exe" 2 | $zippath = "C:\TechTools\Zip\" 3 | $toolpath = "C:\TechTools\Speedtest\" 4 | $Url = "https://install.speedtest.net/app/cli/ookla-speedtest-1.0.0-win64.zip" 5 | $DownloadZipFile = "C:\TechTools\Zip\" + $(Split-Path -Path $Url -Leaf) 6 | $ExtractPath = "C:\TechTools\Speedtest\" 7 | 8 | 9 | #Check for speedtest cli executable, if missing it will check for and create folders required, 10 | #download speedtest cli zip file from $URL and extract into correct folder 11 | IF(!(test-path $runpath)) 12 | { 13 | #Check for SpeedTest folder, if missing, create 14 | If(!(test-path $toolpath)) 15 | { 16 | New-Item -ItemType Directory -Force -Path $toolpath 17 | } 18 | 19 | #Check for zip folder, if missing, create 20 | If(!(test-path $zippath)) 21 | { 22 | New-Item -ItemType Directory -Force -Path $zippath 23 | } 24 | 25 | #Download and extract zip from the URL in $URL 26 | Invoke-WebRequest -Uri $Url -OutFile $DownloadZipFile 27 | $ExtractShell = New-Object -ComObject Shell.Application 28 | $ExtractFiles = $ExtractShell.Namespace($DownloadZipFile).Items() 29 | $ExtractShell.NameSpace($ExtractPath).CopyHere($ExtractFiles) 30 | 31 | } 32 | 33 | & $runpath -------------------------------------------------------------------------------- /scripts_wip/DUPE_Win_Blue_Screen_View.ps1: -------------------------------------------------------------------------------- 1 | # bbrendon alternative 2 | 3 | try { 4 | Invoke-WebRequest -Uri "https://www.nirsoft.net/utils/bluescreenview.zip" -OutFile "$($ENV:Temp)\bluescreeview.zip" 5 | Expand-Archive "$($ENV:Temp)\bluescreeview.zip" -DestinationPath "$($ENV:Temp)" -Force 6 | Start-Process -FilePath "$($ENV:Temp)\Bluescreenview.exe" -ArgumentList "/scomma `"$($ENV:Temp)\Export.csv`"" -Wait 7 | 8 | } 9 | catch { 10 | Write-Host "BSODView Command has Failed: $($_.Exception.Message)" 11 | exit 1 12 | } 13 | 14 | $BSODs = get-content "$($ENV:Temp)\Export.csv" | ConvertFrom-Csv -Delimiter ',' ` 15 | -Header Dumpfile, Timestamp, Reason, Errorcode, Parameter1, Parameter2, Parameter3, Parameter4, CausedByDriver | foreach-object { $_.Timestamp = [datetime]::Parse($_.timestamp, [System.Globalization.CultureInfo]::CurrentCulture); $_ } 16 | Remove-item "$($ENV:Temp)\Export.csv" -Force 17 | 18 | #$BSODFilter = $BSODs | where-object { $_.Timestamp -gt ((get-date).addhours(-24)) } 19 | $BSODFilter = $BSODs 20 | 21 | if (!$BSODFilter) { 22 | #write-host "Healthy - No BSODs found in the last 24 hours" 23 | write-host "Healthy - No BSODs found" 24 | } 25 | else { 26 | write-host "Unhealthy - BSOD found. Check Diagnostics" 27 | $BSODFilter 28 | exit 1 29 | } 30 | -------------------------------------------------------------------------------- /scripts_wip/Win_File_Delete.ps1: -------------------------------------------------------------------------------- 1 | param ( 2 | [switch]$debug 3 | ) 4 | 5 | # For setting debug output level. -debug switch will set $debug to true 6 | if ($debug) { 7 | $DebugPreference = "Continue" 8 | } 9 | else { 10 | $DebugPreference = "SilentlyContinue" 11 | $ErrorActionPreference = 'silentlycontinue' 12 | } 13 | 14 | $currentuser = ((Get-WMIObject -ClassName Win32_ComputerSystem).Username).Split('\')[1] 15 | 16 | If (!$currentuser) { 17 | Write-Debug "Noone currently logged in" 18 | Exit 0 19 | } 20 | else { 21 | Write-Debug "Currently logged in user is: $currentuser" 22 | } 23 | 24 | $targetDir = "c:\Users\$($currentuser)\Downloads\" 25 | Write-Debug "targetDir is $targetDir" 26 | $pattern = "PC_Support.Client*.exe" 27 | $filesToDelete = Get-ChildItem $targetDir | Where-Object { ($_.name -like $pattern) -and ($_.CreationTime -gt (Get-Date).AddDays(-5000)) } 28 | 29 | If (!$filesToDelete) { 30 | Write-Output "No $pattern files in the last 5000 days" 31 | } 32 | else { 33 | Write-Output $filesToDelete 34 | 35 | # Delete the detected files 36 | $filesToDelete | ForEach-Object { 37 | Write-Output ("Deleting file: " + $_.FullName) 38 | Remove-Item $_.FullName -Force 39 | Exit 1 40 | } 41 | } 42 | Write-Output "Finished Run" 43 | -------------------------------------------------------------------------------- /scripts_staging/Win_Blue_Screen_View.ps1: -------------------------------------------------------------------------------- 1 | # This script will download bluescreenview, extract, move to tactical install folder, run and save output to console TRMM. 2 | 3 | If (!(test-path "c:\temp")) { 4 | New-Item -ItemType Directory -Force -Path "c:\temp" 5 | } 6 | 7 | If (!(test-path $env:programdata\RMMScripts\)) { 8 | New-Item -ItemType Directory -Force -Path $env:programdata\TacticalRMM\scripts\ 9 | } 10 | 11 | If (!(test-path 'C:\Program Files\TacticalAgent\bluescreenview.exe')) { 12 | Set-Location c:\temp 13 | Invoke-WebRequest https://www.nirsoft.net/utils/bluescreenview.zip -Outfile bluescreenview.zip 14 | expand-archive bluescreenview.zip 15 | Set-Location C:\TEMP\bluescreenview\ 16 | Move-Item .\bluescreenview.exe 'C:\Program Files\TacticalAgent\' 17 | 18 | Start-sleep -Seconds 5 19 | 20 | 21 | Remove-Item -LiteralPath "c:\temp\bluescreenview.zip" -Force -Recurse 22 | & 'C:\Program Files\TacticalAgent\bluescreenview.exe' /stext "$env:programdata\TacticalRMM\scripts\crashes.txt" 23 | get-content "$env:programdata\TacticalRMM\scripts\crashes.txt" 24 | } 25 | 26 | else { 27 | & 'C:\Program Files\TacticalAgent\bluescreenview.exe' /stext "$env:programdata\TacticalRMM\scripts\crashes.txt" 28 | get-content "$env:programdata\TacticalRMM\scripts\crashes.txt" 29 | } 30 | 31 | -------------------------------------------------------------------------------- /scripts/Win_Network_DNS_Set_to_1.1.1.2.ps1: -------------------------------------------------------------------------------- 1 | # Cloudflare Family DNS see https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ 2 | 3 | $ErrorActionPreference = 'SilentlyContinue' 4 | 5 | if ((Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain){ 6 | write-host "Domain member, we better not update the DNS!!" 7 | exit 8 | } 9 | 10 | $PrimaryDNS = '1.1.1.2' 11 | $SecondaryDNS = '1.0.0.2' 12 | 13 | $DNSServers = $PrimaryDNS,$SecondaryDNS 14 | 15 | $NICs = Get-WMIObject Win32_NetworkAdapterConfiguration | where{$_.IPEnabled -eq "TRUE"} 16 | 17 | function get-return-status { 18 | Param ($code) 19 | If ($code -eq 0) { 20 | return "Success." 21 | } elseif ($code -eq 1) { 22 | return "Success, but Restart Required." 23 | } else { 24 | return "Error with Code $($code)!" 25 | } 26 | } 27 | 28 | Foreach($NIC in $NICs) { 29 | "" 30 | "-------" 31 | "Attempting to modify DNS Servers for the following NIC:" 32 | $NIC 33 | $returnValue = $NIC.SetDNSServerSearchOrder($DNSServers).ReturnValue 34 | $response = get-return-status($returnValue) 35 | Write-Host "Setting DNS Servers to ${$NICs}...$($response)" 36 | $returnValue = $NIC.SetDynamicDNSRegistration("True").ReturnValue 37 | $response = get-return-status($returnValue) 38 | Write-Host "Setting Dynamic DNS Registration to True...$($response)" 39 | } -------------------------------------------------------------------------------- /scripts_wip/Win_PatchPercentage.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Gets the patch percentage of the Windows computer. 4 | .EXAMPLE 5 | Win_PatchPercentage 6 | .NOTES 7 | Version: 1 8 | Author: redanthrax 9 | Creation Date: 2022-06-06 10 | #> 11 | 12 | function Win_PatchPercentage { 13 | Begin { 14 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 15 | } 16 | 17 | Process { 18 | Try { 19 | $updates = (New-Object -c Microsoft.Update.Session).CreateUpdateSearcher() 20 | $installed = $updates.Search("IsInstalled=1").Updates.Count 21 | $missing = $updates.Search("IsInstalled=0").Updates.Count 22 | $complete = ($installed / ($installed + $missing)).ToString("P") 23 | Write-Output $complete 24 | } 25 | Catch { 26 | $exception = $_.Exception 27 | Write-Output "Error: $exception" 28 | } 29 | } 30 | 31 | End { 32 | #Script cleanup and final checks here 33 | #Check for last errors and exit 34 | if ($error) { 35 | Exit 1 36 | } 37 | 38 | Exit 0 39 | } 40 | } 41 | 42 | if (-not(Get-Command 'Win_PatchPercentage' -errorAction SilentlyContinue)) { 43 | . $MyInvocation.MyCommand.Path 44 | } 45 | 46 | Win_PatchPercentage -------------------------------------------------------------------------------- /scripts_wip/Win_Security_Install_Heimdal_Silent.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Installs the security program Heimdal (heimdalsecurity.com) silently using key set a client level 4 | .DESCRIPTION 5 | Create custom field at client level and fill with key (call it Heimdal Key), run "-HeimdalKey {{client.Heimdal Key}}" as script argument. Heimdal will install silently with no interaction. 6 | #> 7 | 8 | param ( 9 | [string] $HeimdalKey 10 | ) 11 | 12 | #Set custom field at client level with your install key - set "-HeimdalKey {{client.Heimdal Key}} as script arguement"# 13 | ###Download and Install Heimdal Client### 14 | 15 | ##CHANGE THIS## 16 | $downloadURL = "https://prodcdn.heimdalsecurity.com/setup/HeimdalLatestVersion.msi" 17 | 18 | 19 | #---------------------------------------------------------------# 20 | 21 | #Look for Heimdal Folder, if not exist then create 22 | $folderName = "Heimdal Installer" 23 | $Path="C:\"+$folderName 24 | 25 | if (!(Test-Path $Path)) 26 | { 27 | New-Item -itemType Directory -Path C:\ -Name $FolderName 28 | } 29 | else 30 | { 31 | write-host "Folder already exists" 32 | } 33 | 34 | #Download MSI for Heimdal 35 | Invoke-WebRequest -Uri "$downloadURL" -OutFile "C:\Heimdal Installer\Heimdal.msi" 36 | 37 | #Install Heimdal Silent 38 | msiexec /qn /i "C:\Heimdal Installer\Heimdal.msi" heimdalkey="$HeimdalKey" 39 | -------------------------------------------------------------------------------- /scripts/Win_Create_All_User_Logon_Script.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Creates a powershell script that runs at logon of any user on the machine in the security context of the user. 3 | Useful to set HKCU registry items 4 | Log is written to C:\Users\Public\UserLogonLog.txt 5 | #> 6 | 7 | New-Item -ItemType Directory -Force -Path "$ENV:WINDIR\TRMM" 8 | $logonfile = "$ENV:WINDIR\TRMM\logonscript.ps1" 9 | $logfile = "C:\Users\Public\UserLogonLog.txt" 10 | 11 | # === LogonScript === 12 | $logonscript=@' 13 | Start-Transcript -Path $logfile 14 | 15 | # Example: Disable Automatically Hide Scrollbars 16 | # $registryPath = "HKCU:\Control Panel\Accessibility" 17 | # $Name = "DynamicScrollbars" 18 | # $value = "0" 19 | # New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null 20 | 21 | Stop-Transcript 22 | '@ 23 | 24 | $logonscript | Out-File $logonfile 25 | 26 | # === Create a link in all users startup folder === 27 | 28 | $Shell = New-Object -ComObject ("WScript.Shell") 29 | $ShortCut = $Shell.CreateShortcut($env:PROGRAMDATA + "\Microsoft\Windows\Start Menu\Programs\StartUp\UserLogon.lnk") 30 | $ShortCut.TargetPath="%systemroot%\System32\WindowsPowerShell\v1.0\powershell.exe" 31 | $ShortCut.Arguments="-executionpolicy bypass -WindowStyle Hidden -file $logonfile" 32 | $ShortCut.WorkingDirectory = "$ENV:WINDIR\TRMM"; 33 | $ShortCut.Save() 34 | -------------------------------------------------------------------------------- /scripts_wip/Win_Disk_Space_Usage_Folder.ps1: -------------------------------------------------------------------------------- 1 | # Use to get the size of a folder, and it's sub-folders 2 | 3 | # Parameter usage -Path 'c:\Program Files' 4 | 5 | param ($Path = ".") 6 | 7 | $ErrorActionPreference = 'silentlycontinue' 8 | 9 | $PrettySizeColumn = @{name = "Size"; expression = { 10 | $size = $_.Size 11 | if ( $size -lt 1KB ) { $sizeOutput = "$("{0:N2}" -f $size) B" } 12 | ElseIf ( $size -lt 1MB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1KB)) KB" } 13 | ElseIf ( $size -lt 1GB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1MB)) MB" } 14 | ElseIf ( $size -lt 1TB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1GB)) GB" } 15 | ElseIf ( $size -lt 1PB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1TB)) TB" } 16 | ElseIf ( $size -ge 1PB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1PB)) PB" } 17 | $sizeOutput 18 | } 19 | } 20 | 21 | Get-ChildItem -Path $Path | Where-Object { $_.PSIsContainer } | ForEach-Object { 22 | $size = ( Get-ChildItem -Path $_.FullName -Recurse -Force | where { !$_.PSIsContainer } | Measure-Object -Sum Length).Sum 23 | $obj = new-object -TypeName psobject -Property @{ 24 | Path = $_.Name 25 | Time = $_.LastWriteTime 26 | Size = $size 27 | } 28 | $obj 29 | } | Sort-Object -Property Size -Descending | Select-Object Path, $PrettySizeColumn 30 | 31 | -------------------------------------------------------------------------------- /scripts_wip/Win_File_Detect_and_Alert2.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Detect if object exists and gives error 4 | .DESCRIPTION 5 | Long description 6 | .EXAMPLE 7 | Example of how to use this cmdlet 8 | .EXAMPLE 9 | Another example of how to use this cmdlet 10 | #> 11 | 12 | 13 | $test = 'Get-ChildItem c:\temp | Where-Object {($_.PSIsContainer -ne $true) -and ($_.name -like ' * .exe')}' 14 | 15 | 16 | 17 | 18 | 19 | $vDIR = 'C:\temp' 20 | $vFILE = '*.exe' 21 | 22 | $proc = @(Get-ChildItem $vDIR -Recurse -Include $vFile) 23 | If ($proc.count -gt 0) { 24 | ForEach ($item in $proc) { 25 | Write-Output 'no .exe in download folder' 26 | } 27 | Else { 28 | Write-Output ".exe exists in download folder" 29 | } 30 | } 31 | 32 | $targetDir = "$($env:USERPROFILE)\Downloads\" 33 | Write-Output "targetDir is $targetDir" 34 | # $targetDir = "c:\temp" 35 | $test = get-Item $targetDir | Where-Object { ($_.name -like $pattern) -and ($_.CreationTime -gt (Get-Date).AddDays(-100)) } 36 | Write-Output $test 37 | $pattern = "*.exe" 38 | If ((get-ChildItem $targetDir | Where-Object { ($_.name -like $pattern) -and ($_.CreationTime -gt (Get-Date).AddDays(-100)) }) -eq $true ) { 39 | 40 | Write-Output ".exe exists in download folder" 41 | exit 0 42 | 43 | } 44 | Else { 45 | 46 | Write-Output 'no .exe in download folder' 47 | exit 1 48 | } 49 | -------------------------------------------------------------------------------- /scripts_wip/3rdparty_spike_alerts.py: -------------------------------------------------------------------------------- 1 | # from superdry 2 | 3 | import requests 4 | import json 5 | import sys 6 | 7 | agent_hostname = sys.argv[1] 8 | agent_description = sys.argv[2] 9 | agent_local_ips = sys.argv[3] 10 | client_name = sys.argv[4] 11 | site_name = sys.argv[5] 12 | alert_message = sys.argv[6] 13 | alert_severity = sys.argv[7] 14 | spike_alerts = sys.argv[8].replace("'", "") 15 | status = sys.argv[9] 16 | 17 | webhook_url = f'https://hooks.spike.sh/{spike_alerts}/push-events' 18 | sev_lookup = {'warning': 'sev3', 'error':'sev2'} 19 | print(webhook_url) 20 | # title should be VM Name/IP/Issue (e.g. PVM430 - 10.11.205.12 - Memory Usage) 21 | 22 | if status == 'alert': 23 | data = { 24 | 'title': f'{agent_hostname} - {agent_local_ips} - {alert_message}', 25 | 'body': f'Name: {agent_hostname} Description: {agent_description}, Alert Message: {alert_message}', 26 | 'severity': sev_lookup.get(alert_severity, 'sev3'), 27 | 'priority': 'p3' 28 | } 29 | elif status == 'resolve': 30 | data = { 31 | 'title': f'{agent_hostname} - {agent_local_ips} - {alert_message}', 32 | 'body': f'Name: {agent_hostname} Description: {agent_description}, Alert Message: {alert_message}', 33 | 'status': 'resolve', 34 | } 35 | 36 | r = requests.post(webhook_url, data=json.dumps(data), headers={'Content-Type': 'application/json'}) 37 | -------------------------------------------------------------------------------- /scripts/Win_Win10_Change_Key_and_Activate.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | License Windows 10 4 | 5 | .DESCRIPTION 6 | Insert License key into Windows 10 and activate 7 | 8 | .NOTES 9 | For Windows installations in different languages, you will need to edit the following: 10 | Select-String -Pattern "^License Status:" 11 | and 12 | $LicenseStatus -match "Licensed" 13 | to match your specific language translation. 14 | 15 | .FUNCTIONALITY 16 | PowerShell v3+ 17 | #> 18 | 19 | if ($Args.Count -eq 0) { 20 | Write-Output "New Product Key is Required" 21 | exit 1 22 | } 23 | 24 | $param1 = $args[0] 25 | 26 | $OSKey = "$param1" 27 | $SLMgr = "C:\Windows\System32\slmgr.vbs" 28 | 29 | Write-Output "Inserting license key: $OSKey" 30 | $InsertKey = & cscript $SLMgr /ipk $OSKey 31 | $RetryCount = 3 32 | 33 | while ($RetryCount -gt 0) { 34 | Write-Output "Activating license key..." 35 | & cscript $SLMgr /ato 36 | 37 | Write-Output "Verifying activation status" 38 | $SLMgrResult = & cscript $SLMgr /dli 39 | $LicenseStatus = ([string]($SLMgrResult | Select-String -Pattern "^License Status:")).Remove(0, 16) 40 | if ($LicenseStatus -match "Licensed") { 41 | Write-Host "Activation Successful" -ForegroundColor Green 42 | $retryCount = 0 43 | } 44 | else { 45 | Write-Error "Activation failed." 46 | $RetryCount -= 1 47 | } 48 | } -------------------------------------------------------------------------------- /scripts/Win_Screenconnect_GetGUID.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | Requires global variables for serviceName "ScreenConnectService" 3 | serviceName is the name of the ScreenConnect Service once it is installed EG: "ScreenConnect Client (1327465grctq84yrtocq)" 4 | Variable value must start and end with " (Prior to TRMM Version 0.6.5), remove / don't use " on TRMM Version 0.6.5 or later. 5 | Requires Custom Fields Agent entry Name: ScreenConnectGUID Type: text 6 | URL Action entry (check your screenconnect to see what folder name is your "All Machines" folder): https://YOURNAME.screenconnect.com/Host#Access/All%20Machines//{{agent.ScreenConnectGUID}}/Join 7 | or https://YOURNAME.screenconnect.com/Host#Access/All%20Machines%20by%20Company//{{agent.ScreenConnectGUID}}/Join 8 | #> 9 | 10 | param ( 11 | [string] $serviceName 12 | ) 13 | 14 | if (!$serviceName) { 15 | write-output "Variable not specified ScreenConnectService, please create a global custom field under Client called ScreenConnectService, Example Value: `"ScreenConnect Client (1327465grctq84yrtocq)`" `n" 16 | $ErrorCount += 1 17 | } 18 | 19 | if (!$ErrorCount -eq 0) { 20 | exit 1 21 | } 22 | 23 | 24 | $imagePath = (Get-Item -Path HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName).GetValue('ImagePath') 25 | $imagePath2 = ($imagePath -split "&s=")[1] 26 | $machineGUID = ($imagePath2 -split "&k=")[0] 27 | Write-Output $machineGUID 28 | -------------------------------------------------------------------------------- /scripts_wip/Win_Windows_Tools_Optimize.bat: -------------------------------------------------------------------------------- 1 | rem https://github.com/jebofponderworthy/windows-tools 2 | @echo off 3 | 4 | echo -------------------------------------------- 5 | echo Download and Run All Optimize Script Applets 6 | echo -------------------------------------------- 7 | 8 | echo: 9 | echo Verifying appropriate Powershell is present ... 10 | echo --- 11 | @"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "[string]$PSVersionTable.PSVersion.Major + '.' + [string]$PSVersionTable.PSVersion.Minor" > psversion.txt 12 | 23 | 24 | Get-WinEvent -FilterHashtable @{ 25 | LogName = 'Security' 26 | Id = 4624 27 | StartTime = (Get-Date).AddHours(-24) 28 | } | 29 | ForEach-Object { 30 | $Event = [xml]$_.ToXml() 31 | [pscustomobject]@{ 32 | TimeCreated = $_.TimeCreated 33 | Username = $Event.Event.EventData.Data[5].'#text' 34 | LogonType = $Event.Event.EventData.Data[8].'#text' 35 | IPAddress = $Event.Event.EventData.Data[18].'#text' 36 | } 37 | } | 38 | Where-Object { 39 | $_.Username -ne "NT AUTHORITY\SYSTEM" -and $_.LogonType -eq "2" 40 | } -------------------------------------------------------------------------------- /scripts_staging/Fixes/Resync time NTP.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Restarts the Windows Time Service, resyncs system time, and queries the current time source. 4 | 5 | .DESCRIPTION 6 | This script ensures that the Windows Time Service (w32time) is restarted, the system clock is resynced with its configured time source, 7 | and the current time source is queried. Useful for troubleshooting time synchronization issues on a Windows system. 8 | 9 | .NOTES 10 | Author: SAN 11 | Date: 15.11.24 12 | #public 13 | 14 | .CHANGELOG 15 | 15.11.24 v2.0 SAN Cleanup of the code & added header 16 | 17 | #> 18 | 19 | Write-Host "Restarting time service..." 20 | try { 21 | Restart-Service w32time -ErrorAction Stop 22 | Write-Host "Time service restarted successfully." 23 | } catch { 24 | Write-Host "Failed to restart time service: $_" -ForegroundColor Red 25 | exit 1 26 | } 27 | 28 | Write-Host "Waiting for 10 seconds..." 29 | Start-Sleep -Seconds 10 30 | 31 | Write-Host "Resyncing system time..." 32 | try { 33 | w32tm /resync 34 | Write-Host "System time resynced successfully." 35 | } catch { 36 | Write-Host "Failed to resync system time." -ForegroundColor Red 37 | } 38 | 39 | Write-Host "Querying time source..." 40 | try { 41 | w32tm /query /source 42 | } catch { 43 | Write-Host "Failed to query time source." -ForegroundColor Red 44 | } 45 | -------------------------------------------------------------------------------- /scripts_wip/Win_Rustdesk_Installv2.ps1: -------------------------------------------------------------------------------- 1 | # This is an untested and probably non-functional script. Going to rebuild in python once rustdesk gets its flutter rewrite 2 | 3 | $Source = "https://github.com/rustdesk/rustdesk/releases/download/1.1.9/rustdesk-1.1.9-windows_x64.zip" 4 | $SourceDownloadLocation = "C:\ProgramData\TacticalRMM\temp" 5 | $SourcezipFile = "$SourceDownloadLocation\rustdesk.zip" 6 | $SourceInstallFile = "$SourceDownloadLocation\rustdesk\rustdesk-1.1.9-putes.exe" 7 | $ProgressPreference = 'SilentlyContinue' 8 | 9 | # Download File 10 | If (Test-Path -Path $SourcezipFile -PathType Leaf) { 11 | Write-Output "File already downloaded" 12 | } 13 | else { 14 | If (!(test-path $SourceDownloadLocation)) { 15 | New-Item -Path $SourceDownloadLocation -ItemType directory 16 | } 17 | Invoke-WebRequest $Source -OutFile $SourcezipFile 18 | 19 | Write-Output "File download complete" 20 | } 21 | 22 | # Extract files 23 | expand-archive $SourcezipFile 24 | 25 | # Install Rustdesk 26 | $proc = Start-Process "$SourceInstallFile" -ArgumentList "--silent-install" -PassThru 27 | Wait-Process -InputObject $proc 28 | if ($proc.ExitCode -ne "0") { 29 | Write-Warning "Exited with error code: $($proc.ExitCode)" 30 | Exit 1 31 | } 32 | else { 33 | Write-Output "Successful install with exit code: $($proc.ExitCode)" 34 | # Cleanup archive 35 | Remove-Item "$SourcezipFile" 36 | Remove-Item -Path "$SourceInstallFile" 37 | Exit 0 38 | } 39 | -------------------------------------------------------------------------------- /scripts/Win_User_Admins_Local_Disable.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Disables all local admins if joined to domain or AzureAD 4 | 5 | .DESCRIPTION 6 | Checks to see if computer is either joined to a AD domain or Azure AD. If it is, it disables all local admin accounts. If not joined to domain/AzureAD, leaves local admin accounts in place 7 | 8 | .OUTPUTS 9 | Results are printed to the console. 10 | 11 | .NOTES 12 | Change Log 13 | 5/12/2021 V1.0 Initial release 14 | 15 | Contributed by: https://github.com/dinger1986 16 | #> 17 | 18 | $ErrorActionPreference = 'silentlycontinue' 19 | 20 | if (get-localuser | Where-Object Enabled) { 21 | if (dsregcmd /status | Where-Object { $_ -match 'DomainJoined : YES' } | ForEach-Object { $_.Trim() }) { 22 | Write-Output "Removing Local Admins" 23 | get-localuser | Where-Object Enabled | Disable-LocalUser 24 | get-localuser | Select name, Enabled 25 | } 26 | 27 | elseif (dsregcmd /status | Where-Object { $_ -match 'AzureAdJoined : YES' } | ForEach-Object { $_.Trim() }) { 28 | Write-Output "Removing Local Admins" 29 | get-localuser | Where-Object Enabled | Disable-LocalUser 30 | get-localuser | Select name, Enabled 31 | } 32 | 33 | else { 34 | Write-Output "Machine not on Domain so leaving local admins" 35 | get-localuser | Select name, Enabled 36 | } 37 | 38 | } 39 | 40 | else { 41 | Write-Output "No local Users" 42 | } -------------------------------------------------------------------------------- /scripts_staging/Win_Defender_Enable_ApplicationGuard.ps1: -------------------------------------------------------------------------------- 1 | # Should be part of the full Defender Enable script as a parameter, once fully tested. 2 | # Script to Install Windows Defender Application Guard. 3 | # Created by TechCentre with the help and assistance of the internet. 4 | # Restart Required to complete install. 5 | # 6 | # Sets Variable for feature to be installed. 7 | 8 | <# 9 | .SYNOPSIS 10 | Script to Install Windows Defender Application Guard Feature. 11 | .PARAMETER Mode 12 | The Enable is assumed, to disable feature use -mode disable 13 | .EXAMPLE 14 | -FeatureName NameofFeature -mode disable 15 | .EXAMPLE 16 | -FeatureName NameofFeature 17 | #> 18 | 19 | param ( 20 | [string] $Mode 21 | ) 22 | $FeatureName = "Windows-Defender-ApplicationGuard" 23 | 24 | if ($Mode -eq "disable") { 25 | Write-Output "Disabling $FeatureName" 26 | Disable-WindowsOptionalFeature -online -FeatureName $FeatureName -NoRestart 27 | } 28 | 29 | else { 30 | # If Feature Installed already then skips otherwise installs. 31 | if ((Get-WindowsOptionalFeature -FeatureName $FeatureName -Online).State -eq "Enabled") { 32 | 33 | write-output "Windows Defender Application Guard Installed" 34 | 35 | } 36 | else { 37 | 38 | write-output "Windows Defender Application Guard Not Installed" 39 | 40 | Enable-WindowsOptionalFeature -online -FeatureName $FeatureName -NoRestart 41 | 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /scripts_wip/Mac_Battery_Health.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PlistBuddy="/usr/libexec/PlistBuddy" 4 | IOReg="/usr/sbin/ioreg" 5 | BatteryInfo=$("$IOReg" -ar -c AppleSmartBattery) 6 | BatterySerialNumber=$("$PlistBuddy" -c "print 0:BatterySerialNumber" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 7 | Serial=$("$PlistBuddy" -c "print 0:Serial" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 8 | FirmwareSerialNumber=$("$PlistBuddy" -c "print 0:FirmwareSerialNumber" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 9 | DesignCapacity=$("$PlistBuddy" -c "print 0:DesignCapacity" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 10 | MaxCapacity=$("$PlistBuddy" -c "print 0:MaxCapacity" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 11 | PermanentFailureStatus=$("$PlistBuddy" -c "print 0:PermanentFailureStatus" /dev/stdin 2>/dev/null <<< "$BatteryInfo") 12 | if [ "$BatterySerialNumber" == "" ] && [ "$Serial" == "" ] && [ "$FirmwareSerialNumber" == "" ]; then 13 | hasBatteries=0 14 | else 15 | hasBatteries=1 16 | if [ "$PermanentFailureStatus" == "1" ]; then 17 | echo "Battery Failed" 18 | exit 0 19 | elif [ "$PermanentFailureStatus" == "0" ] && [ "$DesignCapacity" != "" ] && [ "$MaxCapacity" != "" ]; then 20 | BatteryHealthFloat=$(bc <<< "scale=2;($MaxCapacity / $DesignCapacity)*100") 21 | BatteryHealthStatus=$(printf "%.0f" "$BatteryHealthFloat") 22 | batteryHealthPercent=$((BatteryHealthStatus)) 23 | echo Battery Health Percentage: $((BatteryHealthStatus)) 24 | fi 25 | fi -------------------------------------------------------------------------------- /scripts_wip/Win_3rdparty_bginfo.ps1: -------------------------------------------------------------------------------- 1 | # From xrsxj 2 | 3 | if (!(Test-Path -Path "C:\BGInfo")) { 4 | New-Item -Path "C:\" -Name "BGInfo" -ItemType "directory" | Out-Null 5 | } 6 | $files = "bg.bgi", "Bginfo.exe", "Bginfo64.exe" 7 | Write-Output "Downloading BGInfo Files" 8 | foreach ($file in $files) { 9 | $url = "https://domain.com/1p92unbr987nbcv08zw67sbv086b1/$file" 10 | $path = "C:\BGInfo\$file" 11 | try { 12 | (New-Object Net.WebClient).DownloadFile($url, $path) 13 | } 14 | catch { 15 | throw "Unable to download $file" 16 | } 17 | } 18 | Write-Output "Creating BGInfo Shortcut in All Users startup" 19 | if ([Environment]::Is64BitOperatingSystem) { 20 | $objShell = New-Object -ComObject ("WScript.Shell") 21 | $objShortCut = $objShell.CreateShortcut("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\BGInfo.lnk") 22 | $objShortCut.TargetPath = "C:\BGInfo\BGInfo64.exe" 23 | $objShortCut.Arguments = "c:\BGInfo\bg.bgi /silent /timer0 /nolicprompt" 24 | $objShortCut.WorkingDirectory = "C:\BGInfo\" 25 | $objShortCut.Save() 26 | } 27 | else { 28 | $objShell = New-Object -ComObject ("WScript.Shell") 29 | $objShortCut = $objShell.CreateShortcut("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\BGInfo.lnk") 30 | $objShortCut.TargetPath = "C:\BGInfo\BGInfo.exe" 31 | $objShortCut.Arguments = "c:\BGInfo\bg.bgi /silent /timer0 /nolicprompt" 32 | $objShortCut.WorkingDirectory = "C:\BGInfo\" 33 | $objShortCut.Save() 34 | } -------------------------------------------------------------------------------- /scripts_staging/Collectors/Collect Licensing 4 RDS.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Checks if the Remote Desktop Services role is installed and retrieves RDS license key pack details. 4 | 5 | .DESCRIPTION 6 | This script verifies whether the Remote Desktop Services role is installed on the local machine. 7 | If installed, it retrieves information about RDS license key packs, including details such as product version, 8 | license type, total licenses, available licenses, and issued licenses. 9 | 10 | .NOTES 11 | Author: SAN 12 | Date: 01.01.24 13 | #public 14 | 15 | .TODO 16 | Extend reporting to include CAL types and expiration details. 17 | #> 18 | 19 | 20 | try { 21 | # Check if the Remote Desktop Services role is installed 22 | $rdsRoleInstalled = Get-Service -Name TermServLicensing -ErrorAction Stop 23 | # If the service is not installed, display a message and return 24 | if ($rdsRoleInstalled -eq $null -or $rdsRoleInstalled.Installed -eq $false) { 25 | #"TermServLicensing service is not installed." 26 | return 27 | } 28 | # Get information about RDS license key packs 29 | Get-WmiObject Win32_TSLicenseKeyPack | 30 | Where-Object { $_.ProductVersion -like "*Windows Server*" } | 31 | Select-Object PSComputerName, KeyPackId, ProductVersion, TypeAndModel, TotalLicenses, AvailableLicenses, IssuedLicenses 32 | } catch { 33 | # If an error occurs, display the error message 34 | #"Error: $_" 35 | } -------------------------------------------------------------------------------- /scripts_wip/Win_RAM_Available_Check.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Checks the available amount of RAM on a computer 4 | .DESCRIPTION 5 | This was written specifically for use as a "Script Check" in mind, where it the output is deliberaly light unless a warning or error condition is found that needs more investigation. 6 | 7 | If the total available (free) amount of RAM is less than the warning limit, an error is returned. 8 | 9 | #> 10 | 11 | [cmdletbinding()] 12 | Param( 13 | [Parameter(Mandatory = $false)] 14 | [double]#Warn if the amount of available RAM (defaults to GB) is below this limit. Defaults to 1 GB. 15 | $minimumAvailableRAM = 1, 16 | 17 | [Parameter(Mandatory = $false)] 18 | [switch]#Use percentage instead of absolute GB values 19 | $percent 20 | ) 21 | 22 | $os = Get-CimInstance -ClassName Win32_OperatingSystem 23 | 24 | $available = [math]::Round(($os.FreePhysicalMemory * 1KB) / 1GB, 2) 25 | $label = "GB" 26 | if ($Percent) { 27 | #Percent flag is set 28 | #Calculate percent of free available RAM 29 | $available = [math]::Round(($os.FreePhysicalMemory / $os.TotalVisibleMemorySize) * 100, 1) 30 | $label = "%" 31 | } 32 | 33 | If($minimumAvailableRAM -gt $available){ 34 | Write-Output "Avalable RAM is below the threshold of $minimumAvailableRAM $label ($available $label available)." 35 | Exit 1 36 | } else { 37 | Write-Output "Avalable RAM is above the threshold of $minimumAvailableRAM $label ($available $label available)." 38 | Exit 0 39 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Store_Uninstall_Builtin_Apps.ps1: -------------------------------------------------------------------------------- 1 | # Uninstall 3D Builder: 2 | Get-AppxPackage *3dbuilder* | Remove-AppxPackage 3 | # Uninstall Alarms and Clock: 4 | Get-AppxPackage *windowsalarms* | Remove-AppxPackage 5 | # Uninstall Camera: 6 | Get-AppxPackage *windowscamera* | Remove-AppxPackage 7 | # Uninstall Get Office: 8 | Get-AppxPackage *officehub* | Remove-AppxPackage 9 | # Uninstall Get Skype: 10 | Get-AppxPackage *skypeapp* | Remove-AppxPackage 11 | # Uninstall Get Started: 12 | Get-AppxPackage *getstarted* | Remove-AppxPackage 13 | # Uninstall Groove Music: 14 | Get-AppxPackage *zunemusic* | Remove-AppxPackage 15 | # Uninstall Maps: 16 | Get-AppxPackage *windowsmaps* | Remove-AppxPackage 17 | #Uninstall Microsoft Solitaire Collection: 18 | Get-AppxPackage *solitairecollection* | Remove-AppxPackage 19 | # Uninstall Money: 20 | Get-AppxPackage *bingfinance* | Remove-AppxPackage 21 | # Uninstall Movies & TV: 22 | Get-AppxPackage *zunevideo* | Remove-AppxPackage 23 | # Uninstall News: 24 | Get-AppxPackage *bingnews* | Remove-AppxPackage 25 | # Uninstall People: 26 | Get-AppxPackage *people* | Remove-AppxPackage 27 | # Uninstall Phone Companion: 28 | Get-AppxPackage *windowsphone* | Remove-AppxPackage 29 | # Uninstall Store: 30 | Get-AppxPackage *windowsstore* | Remove-AppxPackage 31 | # Uninstall Sports: 32 | Get-AppxPackage *bingsports* | Remove-AppxPackage 33 | # Uninstall Voice Recorder: 34 | Get-AppxPackage *soundrecorder* | Remove-AppxPackage 35 | # Uninstall Weather: 36 | Get-AppxPackage *bingweather* | Remove-AppxPackage -------------------------------------------------------------------------------- /scripts_staging/linux_os_update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Synopsis: This script automates the process of updating software packages across multiple Linux distributions. 4 | # It checks for the available package manager (dnf, yum, apt, pacman, or zypper) and executes the appropriate commands to update the system. 5 | # Users can optionally allow the script to automatically reboot the system after updates by passing the --autoreboot flag. 6 | # 7 | # Usage: 8 | # Update with automatic reboot --autoreboot 9 | # 10 | # Note: The script is designed to be flexible, catering both to interactive use cases and automated workflows. 11 | 12 | AUTO_REBOOT=0 13 | 14 | # Check for --autoreboot flag 15 | for arg in "$@"; do 16 | if [[ $arg == "--autoreboot" ]]; then 17 | AUTO_REBOOT=1 18 | fi 19 | done 20 | 21 | # Update system based on package manager availability 22 | if command -v dnf &> /dev/null; then 23 | dnf -y update 24 | elif command -v yum &> /dev/null; then 25 | yum -y update 26 | elif command -v apt &> /dev/null; then 27 | apt-get -y update && apt-get -y upgrade 28 | elif command -v pacman &> /dev/null; then 29 | pacman -Syu 30 | elif command -v zypper &> /dev/null; then 31 | zypper update 32 | else 33 | echo "Package manager not detected. Please update your system manually." 34 | exit 1 35 | fi 36 | 37 | # Handle auto-reboot 38 | if [ $AUTO_REBOOT -eq 1 ]; then 39 | echo "Rebooting in 10 seconds..." 40 | sleep 10 && reboot & 41 | else 42 | echo "Updates done, please reboot" 43 | fi 44 | -------------------------------------------------------------------------------- /scripts/Win_Bluescreen_Report.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Bluescreen - Reports bluescreens 4 | .DESCRIPTION 5 | This script checks for Bluescreen events on your system. If a parameter is provided, it goes back that number of days to check. 6 | .EXAMPLE 7 | 365 8 | .NOTES 9 | v1 bbrendon 2/2021 10 | v1.1 silversword updating with parameters 11/2021 11 | v1.2 dinger1986 Updated for improved filtering and structure 11/2024 12 | #> 13 | 14 | # Get the parameter (number of days to go back) 15 | $DaysBack = $args[0] 16 | 17 | # Set error handling preference 18 | $ErrorActionPreference = 'SilentlyContinue' 19 | 20 | # Determine the time range based on the parameter 21 | if ($Args.Count -eq 0) { 22 | $StartTime = (Get-Date).AddDays(-1) 23 | } else { 24 | $StartTime = (Get-Date).AddDays(-[int]$DaysBack) 25 | } 26 | 27 | # Retrieve Bluescreen events 28 | $BlueScreenEvents = Get-WinEvent -FilterHashtable @{ 29 | LogName = 'Application'; 30 | ID = 1001; 31 | ProviderName = 'Windows Error Reporting'; 32 | Level = 4; 33 | StartTime = $StartTime 34 | } | Where-Object { $_.Message -like "*BlueScreen*" } 35 | 36 | # Check and output results 37 | if ($BlueScreenEvents) { 38 | Write-Output "There have been Bluescreen events detected on your system:" 39 | $BlueScreenEvents | Format-List TimeCreated, Id, LevelDisplayName, Message 40 | exit 1 41 | } else { 42 | Write-Output "No Bluescreen events detected in the past $((Get-Date) - $StartTime).Days days." 43 | exit 0 44 | } 45 | -------------------------------------------------------------------------------- /scripts_wip/Win_ASUS_debloater.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Stop and disable specified ASUS services 4 | 5 | .DESCRIPTION 6 | This script stops and disables a list of specified ASUS services on the local machine. 7 | It loops through each service name provided, attempts to stop the service, and then disables it. 8 | The script outputs the status of each operation. 9 | 10 | .EXAMPLE 11 | "asusappservice", "asusoptimization", "ASUSSoftwareManager", "ASUSSwitch", "ASUSSystemAnalysis", "ASUSSystemDiagnosis" 12 | 13 | .NOTES 14 | v1.0 7/17/2024 silversword411 Initial release Get rid of that ASUS crap that installs because of Armoury-crate autoinstaller that's enabled in BIOS 15 | #> 16 | 17 | # Define the variable containing the service names 18 | $serviceNames = "asusappservice", "asusoptimization", "ASUSSoftwareManager", "ASUSSwitch", "ASUSSystemAnalysis", "ASUSSystemDiagnosis" 19 | 20 | # Loop through each service name in the variable 21 | foreach ($serviceName in $serviceNames) { 22 | # Stop the service 23 | Stop-Service -Name $serviceName -Force -ErrorAction SilentlyContinue 24 | 25 | # Disable the service 26 | Set-Service -Name $serviceName -StartupType Disabled -ErrorAction SilentlyContinue 27 | 28 | # Output the status of the operation 29 | if ((Get-Service -Name $serviceName).Status -eq 'Stopped') { 30 | Write-Output "$serviceName has been stopped and disabled successfully." 31 | } 32 | else { 33 | Write-Output "Failed to stop and disable $serviceName." 34 | } 35 | } -------------------------------------------------------------------------------- /scripts_wip/Win_Powershell_Upgrade.ps1: -------------------------------------------------------------------------------- 1 | # save the file and self-host: https://www.microsoft.com/en-us/download/confirmation.aspx?id=54616 2 | # Win 2012 x64 https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/W2K12-KB3191565-x64.msu 3 | # Win7 x64 and Svr 2008 R2 x64 https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7AndW2K8R2-KB3191566-x64.zip 4 | # Win7 x32 https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7-KB3191566-x86.zip 5 | # Win 8.1 x64 and Svr 2012 R2 x64 https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win8.1AndW2K12R2-KB3191564-x64.msu 6 | # Win 81 x32 https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win8.1-KB3191564-x86.msu 7 | 8 | # See https://github.com/wh1te909/tacticalrmm/blob/develop/scripts_wip/Win_Powershell_Version_Check.ps1 for alert script to warn when this is needed 9 | 10 | if ($PSVersionTable.PSVersion.Major -lt 5) { 11 | Write-Output "Old Version - Need to Upgrade" 12 | # Download MSU file - EDIT THIS URL 13 | # $url = "http://your site.com/Win7AndW2K8R2-KB3191566-x64.msu" 14 | (new-object System.Net.WebClient).DownloadFile($url, 'C:\temp\filename.msu') 15 | 16 | ## Run upgrade process 17 | start-process -FilePath "c:\windows\system32\wusa.exe" -ArgumentList "c:\temp\filename.msu /quiet /norestart /log:c:\temp\log.evt" 18 | Write-Output "Run upgrade process" 19 | } 20 | else { 21 | Write-Output "Already at 5.0 or Higher" 22 | } -------------------------------------------------------------------------------- /scripts_staging/Collectors/Collect Licensing 3 Exchange.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Retrieves the number of Exchange mailboxes for licensing compliance reporting. 4 | 5 | .DESCRIPTION 6 | This script uses the Exchange Management Shell to determine the number of mailboxes 7 | associated with a specific Exchange Server CAL (Client Access License), 8 | such as the "Exchange Server 2016 Standard CAL." It ensures the Exchange snap-in is loaded and 9 | captures the mailbox count for licensing purposes. 10 | 11 | .NOTES 12 | Author: SAN 13 | Date: 01.01.24 14 | #public 15 | 16 | .TODO 17 | Extend support to handle multiple CAL types dynamically. 18 | 19 | #> 20 | 21 | function Get-ExchangeMailboxCount { 22 | # Launch the Exchange Management Shell 23 | Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn -ErrorAction SilentlyContinue 24 | 25 | # Check if the Exchange snap-in is available 26 | if (Get-PSSnapin -Registered | Where-Object { $_.Name -eq 'Microsoft.Exchange.Management.PowerShell.SnapIn' }) { 27 | try { 28 | # Run the command directly in the Exchange Management Shell and capture the count 29 | $mailboxCount = (Get-ExchangeServerAccessLicenseUser -LicenseName "Exchange Server 2016 Standard CAL" | Measure-Object).Count 30 | "Number of Exchange Mailboxes: $mailboxCount" 31 | } catch { 32 | "Error running command: $_" 33 | } 34 | } else { 35 | "" 36 | } 37 | } 38 | Get-ExchangeMailboxCount -------------------------------------------------------------------------------- /scripts_staging/Win_Network_DisableEnable.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Toggle Network Interface Card (NIC) Status 4 | This script alternates between enabling and disabling the specified NIC. 5 | 6 | .DESCRIPTION 7 | This PowerShell script will toggle the status of the specified Network Interface Card (NIC). If you disable the active NIC you may have a script timeout because you can't get the return data back 8 | 9 | .PARAMETER NICName 10 | The name of the Network Interface Card (NIC) to toggle. 11 | 12 | .EXEMPLE 13 | -NICName 'Embedded LOM 1 Port 2' 14 | 15 | .NOTES 16 | v1.0 2/11/2024 Orbitturner 17 | 18 | #> 19 | 20 | param ( 21 | [string]$NICName 22 | ) 23 | 24 | # Function to get a list of available NICs with information 25 | function Get-NICList { 26 | Get-NetAdapter | Select-Object Name, Status, InterfaceDescription 27 | } 28 | 29 | # Check if NICName is provided 30 | if (-not $NICName) { 31 | Write-Output "NICName parameter is required. Available NICs:" 32 | Get-NICList 33 | Exit 1 34 | } 35 | 36 | $up = "Up" 37 | $disabled = "Disabled" 38 | 39 | # Check the current status of the specified NIC 40 | $lanStatus = Get-NetAdapter | Select-Object Name, Status | Where-Object { $_.Status -match $up -and $_.Name -match $NICName } 41 | 42 | # Toggle the NIC status based on the current state 43 | if ($lanStatus) { 44 | Write-Output ("Disabling $NICName") 45 | Disable-NetAdapter -Name $NICName -Confirm:$false 46 | } 47 | else { 48 | Write-Output ("Enabling $NICName") 49 | Enable-NetAdapter -Name $NICName -Confirm:$false 50 | } 51 | --------------------------------------------------------------------------------