├── .gitattributes
├── Ansible
├── Monitors
│ └── readme.md
├── Scripts
│ └── readme.md
└── readme.md
├── Bash
├── Monitors
│ ├── backup-check.sh
│ ├── check-for-usb-drive.sh
│ ├── env-var-contains.sh
│ ├── env-var-exists.sh
│ ├── file-contains.sh
│ ├── file-exists.sh
│ ├── hosts-check.sh
│ ├── macOS
│ │ ├── dns-check.sh
│ │ └── readme.md
│ ├── md5-check.sh
│ ├── new-users.sh
│ ├── open-ports.sh
│ ├── ping.sh
│ ├── readme.md
│ ├── reboot-check.sh
│ ├── ssh-keys.sh
│ ├── sudo-users.sh
│ └── uptime.sh
├── Scripts
│ ├── cve-checks
│ │ └── libwebp.sh
│ ├── env-vars-list.sh
│ ├── macOS
│ │ ├── disk-cache-purge.sh
│ │ ├── dns-configure.sh
│ │ ├── dns-flush.sh
│ │ ├── dns-get-current-configuration.sh
│ │ ├── firewall-enable.sh
│ │ ├── gatekeeper-enable.sh
│ │ ├── readme.md
│ │ ├── remote-access-disable.sh
│ │ └── remote-access-enable.sh
│ └── readme.md
└── readme.md
├── Go
├── Monitors
│ └── readme.md
├── Scripts
│ └── readme.md
└── readme.md
├── Level_Logo_Animation.gif
├── PowerShell
├── Monitors
│ ├── admin-users.ps1
│ ├── check-admins-groups-against-trust-list.ps1
│ ├── check-bitlocker.ps1
│ ├── check-disk-for-SMART-errors
│ │ ├── check-disk-for-SMART-errors.ps1
│ │ └── smartctl.exe
│ ├── check-disk-performance.ps1
│ ├── check-for-IPv6-and-disable.ps1
│ ├── check-for-usb-drive.ps1
│ ├── check-shadow-copies.ps1
│ ├── check-temporary-accounts.ps1
│ ├── check-unqouted-service-paths.ps1
│ ├── disk-errors.ps1
│ ├── dns-servers.ps1
│ ├── domain-controller-health-check.ps1
│ ├── event-log-monitor.ps1
│ ├── file-contains.ps1
│ ├── file-exists.ps1
│ ├── find-inactive-AD-user-accounts.ps1
│ ├── hosts-check.ps1
│ ├── lost-stolen-device.ps1
│ ├── md5-check.ps1
│ ├── multiple-logged-in-users.ps1
│ ├── open-ports.ps1
│ ├── ping.ps1
│ ├── readme.md
│ ├── reboot-check.ps1
│ ├── registry-check.ps1
│ ├── smart-disk-health.ps1
│ ├── software-installed.ps1
│ ├── unauthorized-admins.ps1
│ ├── unauthorized-applications.ps1
│ ├── uptime.ps1
│ ├── user-added-to-admin-group.ps1
│ └── windows-firewall.ps1
├── Scripts
│ ├── Active-Directory
│ │ ├── AD Computer Report with last login dates.ps1
│ │ ├── AD User Report with last login dates.ps1
│ │ ├── Create GPO to deploy Level.ps1
│ │ └── Enable AD Recycle Bin.ps1
│ ├── Backup-Apps
│ │ └── Axcient
│ │ │ ├── Install Axcient 360recover Agent (Replibit).ps1
│ │ │ └── agentInstaller.msi
│ ├── Bitlocker
│ │ └── Enable BitLocker and rotate key.ps1
│ ├── Installers-from-other-RMMs
│ │ └── N-Central
│ │ │ └── Install Level Agent.amp
│ ├── Level
│ │ ├── Level - Change UUID.ps1
│ │ ├── delete-user.ps1
│ │ ├── get-local-admins.ps1
│ │ └── unauthorized-admins.ps1
│ ├── Microsoft-Office
│ │ ├── Get Office Product Key (Only last 5 are obtainable).ps1
│ │ ├── Install Office Business Edition 365.ps1
│ │ ├── Install Office Business Edition 365
│ │ │ ├── O365BusinessRetail-x64.xml
│ │ │ └── OfficeSetup.exe
│ │ ├── Install Office Pro Plus 365.ps1
│ │ ├── Install Office Pro Plus 365
│ │ │ ├── O365ProPlusRetail-x64.xml
│ │ │ └── OfficeSetup.exe
│ │ ├── Install Visio Pro 2021 Retail (365) (64-bit).ps1
│ │ ├── Install Visio Pro 2021 Retail (365) (64-bit)
│ │ │ ├── VisioPro2021Retail-x32.xml
│ │ │ ├── VisioPro2021Retail-x64.xml
│ │ │ ├── VisioSetup.exe
│ │ │ └── VisioSetup32.exe
│ │ ├── Install-Teams-(machine-wide).ps1
│ │ ├── Patch Office to protect against Outlook CVE-2023-23397.ps1
│ │ ├── Uninstall All Versions of Office.ps1
│ │ ├── Uninstall All Versions of Office
│ │ │ ├── OffScrub03.vbs
│ │ │ ├── OffScrub07.vbs
│ │ │ ├── OffScrub10.vbs
│ │ │ ├── OffScrub_O15msi.vbs
│ │ │ ├── OffScrub_O16msi.vbs
│ │ │ ├── OffScrubc2r.vbs
│ │ │ ├── Office2013Setup.exe
│ │ │ ├── Office2016Setup.exe
│ │ │ ├── OfficeSetup.exe
│ │ │ ├── README.md
│ │ │ ├── Remove-PreviousOfficeInstalls.ps1
│ │ │ └── UninstallOffice.xml
│ │ ├── Uninstall Office 365.ps1
│ │ └── Uninstall Office 365
│ │ │ ├── OfficeSetup.exe
│ │ │ └── UninstallOffice.xml
│ ├── Remote-Control
│ │ ├── Detect Installed Remote Control Apps.ps1
│ │ └── Teamviewer
│ │ │ └── Get - TeamviewerID.ps1
│ ├── Security-Apps
│ │ └── SentinelOne
│ │ │ ├── Install SentinelOne.ps1
│ │ │ ├── SentinelInstaller_windows_64bit_v22_3_4_612.msi
│ │ │ ├── SentinelInstaller_windows_64bit_v23_2_3_358.msi
│ │ │ └── SentinelInstaller_windows_64bit_v23_4_2_216.msi
│ ├── VPN-Clients
│ │ └── FortiClient
│ │ │ ├── .gitattributes
│ │ │ ├── FortiClientVPNSetup_7.2.0.0690_x64.exe
│ │ │ ├── FortiClientVPNSetup_7.2.1.0779_x64.exe
│ │ │ └── Install-FortiClient.ps1
│ ├── Windows-Settings
│ │ ├── Add local admin account.ps1
│ │ ├── Assign Key and Activate Windows.ps1
│ │ ├── Audit-Workstation-Standards.ps1
│ │ ├── Change Windows Power Settings.ps1
│ │ ├── Change computer name.ps1
│ │ ├── Clear Recycle Bin.ps1
│ │ ├── Create Wireless SSID Profile.ps1
│ │ ├── Detect old Powershell and Upgrade - Server 2012.ps1
│ │ ├── Domain Join.ps1
│ │ ├── Enable User Account Control (UAC).ps1
│ │ ├── Enable Windows Firewall.ps1
│ │ ├── Force-InTune-Sync.ps1
│ │ ├── Get Info About Monitors on the Computer.ps1
│ │ ├── Get Info About Printers.ps1
│ │ ├── Get Installed Applications.ps1
│ │ ├── Get currently connected wireless SSID.ps1
│ │ ├── Get info from lost or stolen device.ps1
│ │ ├── Logoff-all-user-sessions.ps1
│ │ ├── Perform Bandwidth Speed Test.ps1
│ │ ├── Perform Disk Speed Test.ps1
│ │ ├── Perform Network Scan.ps1
│ │ ├── Release and Renew IP Address.ps1
│ │ ├── RemoveBloat.ps1
│ │ ├── Report on Largest Folders and Largest Files.ps1
│ │ ├── Reset local user password.ps1
│ │ ├── Reset the TCP-IP Stack (will reboot).ps1
│ │ ├── Send Notification Message to Logged in User - Basic.ps1
│ │ ├── Send Notification Message to Logged in User.ps1
│ │ ├── Set Timezone.ps1
│ │ ├── USERS-remove-local-admin-except.ps1
│ │ ├── Windows Defender exclusions for Level.ps1
│ │ └── Windows-Update-hide-unhide-a-specific-update.ps1
│ ├── Winget
│ │ ├── Winget - Install App.ps1
│ │ ├── Winget - Install Winget.ps1
│ │ └── Winget - Upgrade all apps.ps1
│ └── readme.md
└── readme.md
├── Python
├── Monitors
│ └── readme.md
├── Scripts
│ └── readme.md
└── readme.md
├── README.md
└── osquery
├── Monitors
├── check-for-usb-drive.sql
├── readme.md
└── uptime.sql
├── Scripts
└── readme.md
└── readme.md
/.gitattributes:
--------------------------------------------------------------------------------
1 | *.exe filter=lfs diff=lfs merge=lfs -text
2 | *.msi filter=lfs diff=lfs merge=lfs -text
3 |
--------------------------------------------------------------------------------
/Ansible/Monitors/readme.md:
--------------------------------------------------------------------------------
1 | # Ansible Monitors
2 |
--------------------------------------------------------------------------------
/Ansible/Scripts/readme.md:
--------------------------------------------------------------------------------
1 | # Ansible Scripts
2 |
--------------------------------------------------------------------------------
/Ansible/readme.md:
--------------------------------------------------------------------------------
1 | # Ansible
2 |
--------------------------------------------------------------------------------
/Bash/Monitors/backup-check.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - Backup Presense Check
13 | # Description: This script checks for multiple daily backups.
14 | # Language: Bash
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Linux Monitor - Backup Presense Check
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Hours
25 | # Duration: 14
26 | # -----------------------------------------------------------------------------
27 |
28 | # -----------------------------------------------------------------------------
29 | # CONFIGURE
30 | # - backup_dir
31 | # - expected_backups
32 |
33 | # Define backup directory
34 | backup_dir="/path/to/backup/directory"
35 |
36 | # Define expected number of backups
37 | expected_backups=2
38 | # -----------------------------------------------------------------------------
39 |
40 | # Define today's date
41 | today=$(date '+%Y_%m_%d')
42 |
43 | # Count number of files modified today
44 | num_backups=$(find $backup_dir -type f -mtime 0 | wc -l)
45 |
46 | # Check if expected_backups count exist for today
47 | if [ $num_backups -eq $expected_backups ]; then
48 | echo "All backups for today are present. Good job!"
49 | else
50 | echo "ALERT: Expected $expected_backups backups for today, but found $num_backups. Please investigate!"
51 | fi
52 |
--------------------------------------------------------------------------------
/Bash/Monitors/check-for-usb-drive.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Linux Monitor - Check USB Drive Presence
12 | # Description: Check if USB Drive is present
13 | # Language: Bash
14 | # Timeout: 100
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Linux Monitor - Check USB Drive Presence
21 | # Script output: Contains
22 | # Output value: ALERT
23 | # Run frequency: Minutes
24 | # Duration: 5
25 | # -----------------------------------------------------------------------------
26 |
27 | # Look for USB Drives
28 | USBDrivePresent=$(lsblk -o NAME,TRAN | grep "usb" | awk '{print $1}')
29 |
30 | if [ -n "$USBDrivePresent" ]; then
31 | # If USB drive is present, send console message for Level to alert on
32 | echo "ALERT"
33 | fi
34 |
--------------------------------------------------------------------------------
/Bash/Monitors/env-var-contains.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Operating Systems: macOS & Linux
4 | #
5 | # Check to see if an environment variables contains a specified value.
6 |
7 | # Name of the environment variable
8 | ENV_VAR="SHELL" # Replace with desired environment variable
9 |
10 | # Text environment variable's value may contain
11 | CONTAINS="zsh" # Replace with text environment variable should contain
12 |
13 | printenv | grep "^$ENV_VAR=*" | grep -q $CONTAINS
14 |
15 | if [ $? -eq 0 ]; then
16 | echo "$ENV_VAR environment variable does contain $CONTAINS"
17 | else
18 | echo "$ENV_VAR environment variable does not contain $CONTAINS"
19 | fi
20 |
21 |
--------------------------------------------------------------------------------
/Bash/Monitors/env-var-exists.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Operating Systems: macOS & Linux
4 | #
5 | # Check to see if an environment variables exists.
6 |
7 | # Name of the environment variable
8 | ENV_VAR="SHELL" # Replace with desired environment variable
9 |
10 | printenv | grep -q "^$ENV_VAR=*"
11 |
12 | if [ $? -eq 0 ]; then
13 | echo "environment variable ${ENV_VAR} exists"
14 | else
15 | echo "environment variable ${ENV_VAR} does not exists"
16 | fi
17 |
18 |
--------------------------------------------------------------------------------
/Bash/Monitors/file-contains.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - File Contains
13 | # Description: This script checks the contents of a file for a specific string.
14 | # Language: Bash
15 | # Timeout: 100
16 | # Version: 1.0
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Linux Monitor - File Contains
21 | # Script output: Contains
22 | # Output value: ALERT
23 | # Run frequency: Minutes
24 | # Duration: 1
25 | # -----------------------------------------------------------------------------
26 |
27 | # -----------------------------------------------------------------------------
28 | # CONFIGURE
29 | # - file_path
30 | # - search_string
31 |
32 | # Specify the file path to check
33 | file_path="/path/to/file.txt"
34 |
35 | # Specify the string to search for in the file
36 | search_string="example"
37 | # -----------------------------------------------------------------------------
38 |
39 | # Check if the file exists
40 | if [ -f "$file_path" ]; then
41 | if grep -q "$search_string" "$file_path"; then
42 | echo "SUCCESS: The string '$search_string' exists in the file."
43 | else
44 | echo "ALERT: The string '$search_string' does not exist in the file."
45 | fi
46 | else
47 | echo "ERROR: File not found: $file_path"
48 | fi
--------------------------------------------------------------------------------
/Bash/Monitors/file-exists.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - File Exists
13 | # Description: This recurring script checks for the existence of a specific file.
14 | # Language: Bash
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Linux Monitor - File Exists
22 | # Script output: Contains
23 | # Output value: "file exists" or "not found"
24 | # Run frequency: Minutes
25 | # Duration: 1
26 | # -----------------------------------------------------------------------------
27 |
28 | # -----------------------------------------------------------------------------
29 | # CONFIGURE
30 | # - file_path
31 |
32 | # Specify the file path to check for existence
33 | file_path="/path/to/file.txt"
34 | # -----------------------------------------------------------------------------
35 |
36 | # Check if the file exists
37 | if [ -f "$file_path" ]; then
38 | echo "file exists: $file_path"
39 | else
40 | echo "file not found: $file_path"
41 | fi
42 |
--------------------------------------------------------------------------------
/Bash/Monitors/hosts-check.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # -----------------------------------------------------------------------------
4 | # This script is provided as a convenience for Level.io customers. We cannot
5 | # guarantee this will work in all environments. Please test before deploying
6 | # to your production environment. We welcome contribution to the scripts in
7 | # our community repo!
8 | # -----------------------------------------------------------------------------
9 | #
10 | # -----------------------------------------------------------------------------
11 | # Script Configuration
12 | # -----------------------------------------------------------------------------
13 | # Name: Linux Monitor - Host File Changes
14 | # Description: This script monitors for non-excluded entries in the host file
15 | # and alerts if any modifications are detected.
16 | #
17 | # Language: Bash
18 | # Timeout: 100
19 | # Version: 1.0
20 | #
21 | # -----------------------------------------------------------------------------
22 | # Monitor Configuration
23 | # -----------------------------------------------------------------------------
24 | # Script: Linux Monitor - Host File Changes
25 | # Script output: Contains
26 | # Output value: ALERT
27 | # Run frequency: Minutes
28 | # Duration: 5
29 | # -----------------------------------------------------------------------------
30 |
31 | # -----------------------------------------------------------------------------
32 | # CONFIGURE
33 | # - host_file_path
34 | # - excluded_entries
35 |
36 | # Path to the host file
37 | hostFilePath="/etc/hosts"
38 |
39 | # Array of excluded entries (default: "127.0.0.1" and "::1")
40 | excludedEntries=("127.0.0.1" "::1")
41 |
42 | # -----------------------------------------------------------------------------
43 |
44 | # Function to check for non-excluded entries in the host file
45 | check_host_file_changes() {
46 | local filePath=$1
47 | local excluded=("${@:2}")
48 |
49 | if [[ -f "$filePath" ]]; then
50 | while IFS= read -r line; do
51 | entry=$(echo "$line" | awk '{$1=$1};1') # Remove leading/trailing whitespaces
52 | if [[ ! -z "$entry" && "$entry" != "#"* ]]; then
53 | ipAddress=$(echo "$entry" | awk '{print $1}')
54 | if ! contains_element "$ipAddress" "${excluded[@]}"; then
55 | echo "ALERT: Non-excluded entry detected in the host file: $entry"
56 | exit 1
57 | fi
58 | fi
59 | done < "$filePath"
60 | fi
61 | }
62 |
63 | # Function to check if an element exists in an array
64 | contains_element() {
65 | local searchElement=$1
66 | shift
67 | local array=("$@")
68 | for element in "${array[@]}"; do
69 | if [[ "$element" == "$searchElement" ]]; then
70 | return 0
71 | fi
72 | done
73 | return 1
74 | }
75 |
76 | # Check for non-excluded entries in the host file
77 | check_host_file_changes "$hostFilePath" "${excludedEntries[@]}"
78 |
--------------------------------------------------------------------------------
/Bash/Monitors/macOS/dns-check.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Operating System: macOS
4 | #
5 | # Monitor DNS configurations to see if they've changed.
6 |
7 | DNS_PRIMARY="1.1.1.1"
8 | DNS_SECONDARY="192.168.0.144"
9 |
10 | # Function to check if an interface is listed in network services
11 | is_interface_listed() {
12 | local interface=$1
13 | # Check if the interface is listed in the output of networksetup command
14 | if networksetup -listallnetworkservices | grep -q "^$interface$"; then
15 | return 0 # Listed
16 | else
17 | return 1 # Not listed
18 | fi
19 | }
20 |
21 | # Function to check DNS for an interface
22 | check_dns_for_interface() {
23 | local interface=$1
24 | if is_interface_listed "$interface"; then
25 | local dns_values
26 | dns_values=$(networksetup -getdnsservers "$interface")
27 | if echo "$dns_values" | grep -q "$DNS_PRIMARY"; then
28 | echo "$interface DNS is configured to $DNS_PRIMARY"
29 | else
30 | echo "$interface DNS is NOT configured to $DNS_PRIMARY"
31 | fi
32 |
33 | if [[ -n "$DNS_SECONDARY" ]]; then
34 | if echo "$dns_values" | grep -q "$DNS_SECONDARY"; then
35 | echo "$interface DNS is configured to $DNS_PRIMARY"
36 | else
37 | echo "$interface DNS is NOT configured to $DNS_PRIMARY"
38 | fi
39 | fi
40 | fi
41 | }
42 |
43 | # Check for Wi-Fi and Ethernet DNS configurations
44 | check_dns_for_interface "Wi-Fi"
45 | check_dns_for_interface "Ethernet"
46 |
47 |
--------------------------------------------------------------------------------
/Bash/Monitors/macOS/readme.md:
--------------------------------------------------------------------------------
1 | # Bash Monitors for macOS
2 |
3 |
--------------------------------------------------------------------------------
/Bash/Monitors/md5-check.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - MD5 Check
13 | # Description: This script compares the MD5 hash of a file with a supplied hash.
14 | # Language: Bash
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Linux Monitor - MD5 Check
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Minutes
25 | # Duration: 5
26 | # -----------------------------------------------------------------------------
27 |
28 | # -----------------------------------------------------------------------------
29 | # CONFIGURE
30 | # - file_path
31 | # - supplied_hash
32 |
33 | # File path of the file to check
34 | file_path="/path/to/file"
35 |
36 | # Expected MD5 hash value
37 | supplied_hash=""
38 |
39 | # -----------------------------------------------------------------------------
40 |
41 | # Check if the file exists
42 | if [ ! -f "$file_path" ]; then
43 | echo "ALERT: File does not exist: $file_path"
44 | exit 1
45 | fi
46 |
47 | # Calculate the MD5 hash of the file
48 | calculated_hash=$(md5sum "$file_path" | awk '{print $1}')
49 |
50 | # Compare the calculated hash with the supplied hash
51 | if [ "$calculated_hash" == "$supplied_hash" ]; then
52 | echo "SUCCESS: The MD5 hash of $file_path matches the supplied hash."
53 | else
54 | echo "ALERT: The MD5 hash of $file_path does not match the supplied hash."
55 | echo "Expected hash: $supplied_hash"
56 | echo "Calculated hash: $calculated_hash"
57 | fi
58 |
--------------------------------------------------------------------------------
/Bash/Monitors/new-users.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - New Users
13 | # Description: This recurring script checks for unexpected users in /etc/passwd
14 | # every 5 minutes, alerts only for non-excluded users, and displays an error
15 | # message with the list of unexpected users if any are found.
16 | # Language: Bash
17 | # Timeout: 100
18 | # Version: 1.0
19 | #
20 | # -----------------------------------------------------------------------------
21 | # Monitor Configuration
22 | # -----------------------------------------------------------------------------
23 | # Script: Linux Monitor - New Users
24 | # Script output: Contains
25 | # Output value: ALERT
26 | # Run frequency: Minutes
27 | # Duration: 5
28 | # -----------------------------------------------------------------------------
29 |
30 | # -----------------------------------------------------------------------------
31 | # CONFIGURE
32 | # - default_users
33 | # - other_users
34 | # - service_users
35 |
36 | # default_users to exclude
37 | default_users=("root" "daemon" "bin" "sys" "sync" "games" "man" "lp" "mail" "news" "uucp" "proxy" "www-data" "backup" "list" "irc" "gnats" "nobody" "_apt" "systemd-network" "systemd-resolve" "messagebus" "systemd-timesync" "pollinate" "sshd" "syslog" "uuidd" "tcpdump" "tss" "landscape" "usbmux")
38 |
39 | # other_users to exclude
40 | other_users=("deploy")
41 |
42 | # service_users to exclude
43 | service_users=("nginx" "redis")
44 | # -----------------------------------------------------------------------------
45 |
46 | # Read the /etc/passwd file and extract the list of usernames
47 | passwd_users=$(cut -d: -f1 /etc/passwd)
48 |
49 | # Combine the default_users, other_users, and service_users arrays
50 | exclude_users=("${default_users[@]}" "${other_users[@]}" "${service_users[@]}")
51 |
52 | # Variables to track the number of unexpected users found
53 | unexpected_count=0
54 | unexpected_users=""
55 |
56 | # Iterate over the passwd_users
57 | for passwd_user in ${passwd_users[@]}; do
58 | if [[ ! " ${exclude_users[@]} " =~ " ${passwd_user} " ]]; then
59 | echo -e "ALERT: Unexpected user ($passwd_user) found in /etc/passwd\n"
60 | unexpected_count=$((unexpected_count + 1))
61 | unexpected_users+=" $passwd_user"
62 | fi
63 | done
64 |
65 | # Check if any unexpected users were found
66 | if [ $unexpected_count -gt 0 ]; then
67 | echo -e "ALERT: $unexpected_count unexpected users found in /etc/passwd\n"
68 | echo "Unexpected users found in /etc/passwd: $unexpected_users"
69 | else
70 | echo "SUCCESS"
71 | fi
72 |
--------------------------------------------------------------------------------
/Bash/Monitors/open-ports.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - Open Ports
13 | # Description: This script lists open/listening ports on a device and checks for
14 | # unauthorized ports. Requires netstat to be installed.
15 | # Language: Bash
16 | # Timeout: 100
17 | # Version: 1.0
18 | #
19 | # -----------------------------------------------------------------------------
20 | # Monitor Configuration
21 | # -----------------------------------------------------------------------------
22 | # Script: Linux Monitor - Open Ports
23 | # Script output: Contains
24 | # Output value: ALERT
25 | # Run frequency: Minutes
26 | # Duration: 5
27 | # -----------------------------------------------------------------------------
28 |
29 | # -----------------------------------------------------------------------------
30 | # CONFIGURE
31 | # - authorized_ports
32 |
33 | # Authorized ports
34 | authorized_ports=("53" "80" "443" "4242" "9100" "9292" "9393" "3000") # Add or remove ports as needed
35 | # -----------------------------------------------------------------------------
36 |
37 | # Get the list of open/listening ports
38 | open_ports=$(netstat -tuln | awk '/^tcp/ {print $4}' | awk -F ":" '{print $NF}')
39 |
40 | # Variables to track the number of unauthorized ports found
41 | unauthorized_count=0
42 | unauthorized_ports=""
43 |
44 | # Iterate over the open ports
45 | for port in ${open_ports[@]}; do
46 | if [[ ! " ${authorized_ports[@]} " =~ " ${port} " ]]; then
47 | echo -e "ALERT: Unauthorized port ($port) is in use\n"
48 | unauthorized_count=$((unauthorized_count + 1))
49 | unauthorized_ports+=" $port"
50 | fi
51 | done
52 |
53 | # Check if any unauthorized ports were found
54 | if [ $unauthorized_count -gt 0 ]; then
55 | echo -e "ALERT: $unauthorized_count unauthorized ports found\n"
56 | echo "Unauthorized ports in use: $unauthorized_ports"
57 | else
58 | echo "SUCCESS"
59 | fi
60 |
--------------------------------------------------------------------------------
/Bash/Monitors/ping.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - Ping
13 | # Description: This script performs a series of 30 pings to a host and displays
14 | # an error message if a series of consecutive pings fail.
15 | # Language: Bash
16 | # Timeout: 30
17 | # Version: 1.0
18 | #
19 | # -----------------------------------------------------------------------------
20 | # Monitor Configuration
21 | # -----------------------------------------------------------------------------
22 | # Script: Linux Monitor - Ping
23 | # Script output: Contains
24 | # Output value: ALERT
25 | # Run frequency: Minutes
26 | # Duration: 5
27 | # -----------------------------------------------------------------------------
28 |
29 | # -----------------------------------------------------------------------------
30 | # CONFIGURE
31 | # - host_to_ping
32 | # - ping_count
33 | # - consecutive_failures_threshold
34 |
35 | host_to_ping="google.com"
36 | ping_count=30
37 | consecutive_failures_threshold=3
38 |
39 | # -----------------------------------------------------------------------------
40 |
41 | failed_pings=0
42 | consecutive_failures=0
43 |
44 | for ((i=1; i<=ping_count; i++)); do
45 | ping_result=$(ping -c 1 "$host_to_ping" 2>&1)
46 |
47 | if [ $? -ne 0 ]; then
48 | echo -e "Ping $i: FAILED\n"
49 | echo "Ping output: $ping_result"
50 | failed_pings=$((failed_pings + 1))
51 | consecutive_failures=$((consecutive_failures + 1))
52 | else
53 | echo "Ping $i: SUCCESS"
54 | consecutive_failures=0
55 | fi
56 |
57 | if [ $consecutive_failures -ge $consecutive_failures_threshold ]; then
58 | break
59 | fi
60 | done
61 |
62 | if [ $consecutive_failures -ge $consecutive_failures_threshold ]; then
63 | echo -e "\nALERT: $consecutive_failures_threshold consecutive pings to $host_to_ping failed\n"
64 | elif [ $failed_pings -gt 0 ]; then
65 | echo -e "\nWARNING: $failed_pings out of $ping_count pings to $host_to_ping failed\n"
66 | else
67 | echo -e "\nSUCCESS: All $ping_count pings to $host_to_ping were successful\n"
68 | fi
69 |
--------------------------------------------------------------------------------
/Bash/Monitors/readme.md:
--------------------------------------------------------------------------------
1 | # Bash Monitors
2 |
--------------------------------------------------------------------------------
/Bash/Monitors/reboot-check.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - Reboot Check
13 | # Description: This script checks to see if reboot is required.
14 | # Language: Bash
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Linux Monitor - Reboot Check
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Hour
25 | # Duration: 1
26 | # -----------------------------------------------------------------------------
27 |
28 | if [ -f /var/run/reboot-required ]; then
29 | echo 'ALERT: Reboot Required'
30 | else
31 | echo "No reboot is required."
32 | fi
33 |
--------------------------------------------------------------------------------
/Bash/Monitors/ssh-keys.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - SSH Keys
13 | # Description: This recurring script checks for unauthorized SSH key entries
14 | # in authorized_keys files for all users and alerts if any are found.
15 | # Language: Bash
16 | # Timeout: 100
17 | # Version: 1.0
18 | #
19 | # -----------------------------------------------------------------------------
20 | # Monitor Configuration
21 | # -----------------------------------------------------------------------------
22 | # Script: Linux Monitor - SSH Keys
23 | # Script output: Contains
24 | # Output value: ALERT
25 | # Run frequency: Minutes
26 | # Duration: 5
27 | # -----------------------------------------------------------------------------
28 |
29 | # -----------------------------------------------------------------------------
30 | # CONFIGURE
31 |
32 | # Define the path to the authorized_keys files
33 | authorized_keys_paths=("/home/*/.ssh/authorized_keys" "/root/.ssh/authorized_keys")
34 |
35 | # Define the authorized users and keys
36 | declare -A authorized_users=(
37 | ["key1"]="user1"
38 | ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5BBBBIN29fjdt1EQ1wJMwLAs9wK7ipmv7HSGT9mIrrUl2OKs2 deploy@level.io"]="deploy" # example
39 | )
40 | # -----------------------------------------------------------------------------
41 |
42 | # Array to store the list of unauthorized keys and their locations
43 | unauthorized_keys=()
44 |
45 | # Iterate over the authorized_keys files for all users
46 | for path in "${authorized_keys_paths[@]}"; do
47 | # Expand the glob pattern to find authorized_keys files
48 | files=( $path )
49 |
50 | for file in "${files[@]}"; do
51 | # Extract the username from the file path
52 | if [[ $file =~ /([^/]+)/\.ssh/authorized_keys$ ]]; then
53 | username=${BASH_REMATCH[1]}
54 |
55 | # Check if the authorized_keys file exists and is not empty
56 | if [[ -e "$file" && -s "$file" ]]; then
57 | # Read the contents of the authorized_keys file
58 | while IFS= read -r line; do
59 |
60 | # Check if the line is not a comment and contains an SSH key
61 | if [[ $line != "#"* && $line != "" ]]; then
62 | # Check if the key is authorized for the user
63 | if [[ -n "${authorized_users[$line]}" ]]; then
64 | continue
65 | fi
66 |
67 | unauthorized_keys+=("$line in $file")
68 | fi
69 | done < "$file"
70 | fi
71 | fi
72 | done
73 | done
74 |
75 | # Check if any unauthorized keys were found
76 | if [[ ${#unauthorized_keys[@]} -gt 0 ]]; then
77 | echo "ALERT: Unauthorized SSH key entries found in authorized_keys files for the following users:"
78 | for key in "${unauthorized_keys[@]}"; do
79 | echo "- $key"
80 | done
81 | else
82 | echo "SUCCESS: No unauthorized SSH key entries found in authorized_keys files for any users."
83 | fi
--------------------------------------------------------------------------------
/Bash/Monitors/sudo-users.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - Sudo Users
13 | # Description: This script identifies unexpected sudo users, excluding those in
14 | # the excluded list. It alerts for any unexpected sudo users found and displays
15 | # an error message with the list of unexpected users if any are detected.
16 | # Language: Bash
17 | # Timeout: 100
18 | # Version: 1.0
19 | #
20 | # -----------------------------------------------------------------------------
21 | # Monitor Configuration
22 | # -----------------------------------------------------------------------------
23 | # Script: Linux Monitor - Sudo Users
24 | # Script output: Contains
25 | # Output value: ALERT
26 | # Run frequency: Minutes
27 | # Duration: 5
28 | # -----------------------------------------------------------------------------
29 |
30 | # -----------------------------------------------------------------------------
31 | # CONFIGURE
32 | # - excluded_sudo_users
33 |
34 | # Array of known sudo users to exclude from output
35 | excluded_sudo_users=("root" "deploy")
36 | # -----------------------------------------------------------------------------
37 |
38 | # Read the sudoers file and extract the list of users with sudo permissions
39 | sudoers_file="/etc/sudoers"
40 | sudoers_users=$(grep -E '^[^#]*\s+\ALL=\(ALL:ALL\)\s+ALL$' "$sudoers_file" | awk '{print $1}')
41 |
42 | # Read the sudo group and extract the list of users in the group
43 | sudo_group_users=$(getent group sudo | cut -d: -f4 | tr ',' ' ')
44 |
45 | # Combine the users from sudoers and sudo group
46 | all_sudo_users=($sudoers_users $sudo_group_users)
47 |
48 | # Deduplicate and sort the list of sudo users
49 | unique_sudo_users=$(echo "${all_sudo_users[@]}" | tr ' ' '\n' | sort -u)
50 |
51 | # Variables to track the number of unexpected sudo users found
52 | unexpected_count=0
53 | unexpected_users=""
54 |
55 | # alert on unexpected sudo users
56 | for user in ${unique_sudo_users[@]}; do
57 | if [[ ! " ${excluded_sudo_users[@]} " =~ " ${user} " ]]; then
58 | echo -e "ALERT: Unexpected sudo user found: $user\n"
59 | unexpected_count=$((unexpected_count + 1))
60 | unexpected_users+=" $user"
61 | fi
62 | done
63 |
64 | # Check if any unexpected users were found
65 | if [ $unexpected_count -gt 0 ]; then
66 | echo -e "ALERT: $unexpected_count unexpected sudo users found\n"
67 | echo "Unexpected sudo users found: $unexpected_users"
68 | else
69 | echo "SUCCESS"
70 | fi
71 |
--------------------------------------------------------------------------------
/Bash/Monitors/uptime.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Monitor - System Uptime
13 | # Description: Check for uptime of the device
14 | # Language: Bash
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Linux Monitor - System Uptime
22 | # Script output: Greater than
23 | # Output value: 30 (days)
24 | # Run frequency: Hours
25 | # Duration: 12
26 | # -----------------------------------------------------------------------------
27 |
28 | # Get uptime of the system in seconds
29 | uptime_seconds=$(awk '{print $1}' /proc/uptime)
30 |
31 | # Calculate uptime in days
32 | uptime_days=$(bc <<< "scale=2; $uptime_seconds / (60 * 60 * 24)")
33 |
34 | # Round uptime to a whole number
35 | uptime=$(printf "%.0f" "$uptime_days")
36 |
37 | # Return uptime
38 | echo $uptime
39 |
--------------------------------------------------------------------------------
/Bash/Scripts/cve-checks/libwebp.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Linux Vulnerability - libwebp CVE-2023-41064
13 | # Description: This script is designed to identify and verify the installation of
14 | # specific versions of the libwebp package on Linux systems.
15 | # Language: Bash
16 | # Timeout: 100
17 | # Version: 1.0
18 | #
19 |
20 | # Detect the OS release name/version
21 | OS_RELEASE=$(lsb_release -cs)
22 | DESIRED_VERSION=""
23 |
24 | # Assign the desired version based on OS release
25 | case $OS_RELEASE in
26 | "jammy") # Ubuntu 22.04
27 | DESIRED_VERSION="1.2.2-2ubuntu0.22.04.2"
28 | ;;
29 | "focal") # Ubuntu 20.04
30 | DESIRED_VERSION="0.6.1-2ubuntu0.20.04.3"
31 | ;;
32 | "bookworm") # Debian 12
33 | DESIRED_VERSION="1.2.4-0.2+deb12u1"
34 | ;;
35 | *)
36 | echo "OS not recognized or not supported."
37 | exit 1
38 | ;;
39 | esac
40 |
41 |
42 | # Search for libwebp installations using apt
43 | LIBWEBP_VERSIONS=$(apt list --installed 2>/dev/null | grep libwebp | awk -F'/' '{print $2}' | awk '{print $2}')
44 |
45 | # Check if the desired version is found and flag if others are found
46 | FOUND_DESIRED=false
47 | FOUND_OTHER=false
48 |
49 | for version in $LIBWEBP_VERSIONS; do
50 | if [[ $version == $DESIRED_VERSION ]]; then
51 | FOUND_DESIRED=true
52 | else
53 | FOUND_OTHER=true
54 | echo "Different version of libwebp found: $version"
55 | exit 1
56 | fi
57 | done
58 |
59 | if [ "$FOUND_DESIRED" = true ]; then
60 | echo "Desired version of libwebp ($DESIRED_VERSION) for $OS_RELEASE is installed."
61 | exit 0
62 | fi
63 |
64 | if [ "$FOUND_OTHER" = false ]; then
65 | echo "No other versions of libwebp found."
66 | exit 0
67 | fi
68 |
--------------------------------------------------------------------------------
/Bash/Scripts/env-vars-list.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Operating Systems: macOS and Linux
3 |
4 | # Print all environment variables
5 | printenv
6 |
7 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/disk-cache-purge.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Operating System: macOS
3 | #
4 | # This script clears inactive and speculative memory in macOS using the 'purge' command.
5 | # WARNING: This might affect system performance temporarily immediately after execution.
6 |
7 | # Ensure the script is being run as root
8 | if [ "$(id -u)" -ne 0 ]; then
9 | echo "This script must be run as root."
10 | exit 1
11 | fi
12 |
13 | # Execute the purge command
14 | purge
15 |
16 | echo "Memory cache cleared."
17 |
18 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/dns-configure.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Operating System: macOS
3 |
4 | # Set the primary and secondary DNS
5 | PRIMARY_DNS="192.168.0.144"
6 | SECONDARY_DNS=""
7 |
8 | # Network service names for Ethernet and Wi-Fi
9 | NETWORK_SERVICES=("Ethernet" "Wi-Fi")
10 |
11 | # Check if the script is run as root
12 | if [ "$EUID" -ne 0 ]
13 | then echo "Please run as root"
14 | exit
15 | fi
16 |
17 | # Iterate over each network service and update the DNS
18 | for service in "${NETWORK_SERVICES[@]}"; do
19 | networksetup -listallnetworkservices | grep -q "$service"; then
20 | if [ $? -eq 0 ]; then
21 | # Check for empty SECONDARY_DNS string
22 | if [ -z $SECONDARY_DNS ]; then
23 | networksetup -setdnsservers "$service" "$PRIMARY_DNS"
24 | else
25 | networksetup -setdnsservers "$service" "$PRIMARY_DNS" "$SECONDARY_DNS"
26 | fi
27 | echo "DNS servers for $service have been set to $PRIMARY_DNS and $SECONDARY_DNS"
28 | fi
29 | done
30 |
31 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/dns-flush.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Operating System: macOS
3 |
4 | # Check if the script is being run as root
5 | if [ "$(id -u)" -ne 0 ]; then
6 | echo "This script must be run as root!"
7 | exit 1
8 | fi
9 |
10 | # Clear the mDNSResponder cache
11 | if ! killall -HUP mDNSResponder; then
12 | echo "Failed to reset mDNSResponder. Are you running this as root or with the necessary permissions?"
13 | exit 1
14 | fi
15 |
16 | # Clear the directory service cache
17 | if ! dscacheutil -flushcache; then
18 | echo "Failed to flush the directory service cache."
19 | exit 1
20 | fi
21 |
22 | echo "DNS cache cleared successfully!"
23 |
24 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/dns-get-current-configuration.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Operating System: macOS
3 |
4 | # Function to check if an interface is listed in network services
5 | is_interface_listed() {
6 | local interface=$1
7 | # Check if the interface is listed in the output of networksetup command
8 | if networksetup -listallnetworkservices | grep -q "^$interface$"; then
9 | return 0 # Listed
10 | else
11 | return 1 # Not listed
12 | fi
13 | }
14 |
15 | # Function to get DNS for an interface
16 | get_dns_for_interface() {
17 | local interface=$1
18 | if is_interface_listed "$interface"; then
19 | echo "DNS for $interface: $(networksetup -getdnsservers "$interface")"
20 | fi
21 | }
22 |
23 | # Check for Wi-Fi and Ethernet DNS configurations
24 | get_dns_for_interface "Wi-Fi"
25 | get_dns_for_interface "Ethernet"
26 |
27 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/firewall-enable.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Operating System: macOS
3 |
4 | # Ensure the script is running with root permissions
5 | if [[ $EUID -ne 0 ]]; then
6 | echo "This script must be run as root."
7 | exit 1
8 | fi
9 |
10 | # Check if the socketfilterfw tool is available
11 | if ! command -v /usr/libexec/ApplicationFirewall/socketfilterfw &> /dev/null; then
12 | echo "Error: socketfilterfw is not available on this system."
13 | exit 1
14 | fi
15 |
16 | # Enable the Application Level Firewall (ALF)
17 | if /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on; then
18 | echo "Application Level Firewall (ALF) is now enabled."
19 | else
20 | echo "Failed to enable Application Level Firewall (ALF)."
21 | exit 1
22 | fi
23 |
24 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/gatekeeper-enable.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Operating System: macOS
3 | # This script enables the macOS Gatekeeper, which helps protect against
4 | # unidentified and potentially malicious applications from being opened.
5 |
6 | # Ensure the script is being run as root
7 | if [ "$(id -u)" -ne 0 ]; then
8 | echo "This script must be run as root."
9 | exit 1
10 | fi
11 |
12 | # Check if Gatekeeper is already enabled
13 | GATEKEEPER_STATUS=$(spctl --status)
14 | if [ "$GATEKEEPER_STATUS" != "assessments enabled" ]; then
15 | # Enable Gatekeeper
16 | spctl --global-enable
17 |
18 | # Error check
19 | if [ $? -eq 0 ]; then
20 | echo "Gatekeeper has been successfully enabled."
21 | else
22 | echo "Failed to enable Gatekeeper. Please check for errors."
23 | exit 1
24 | fi
25 | else
26 | echo "Gatekeeper is already enabled."
27 | fi
28 |
29 |
30 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/readme.md:
--------------------------------------------------------------------------------
1 | # Bash Scripts for macOS
2 |
3 | A variety of helpful Bash scripts for macOS administration.
4 |
5 | - **disk-cache-purge.sh**: Purges the disk cache on macOS.
6 | - **dns-configure.sh**: Configures DNS settings on macOS.
7 | - **dns-flush.sh**: Flushes the DNS cache on macOS.
8 | - **dns-get-current-configuration.sh**: Retrieves the current DNS configuration on macOS.
9 | - **firewall-enable.sh**: Enables the firewall on macOS.
10 | - **gatekeeper-enable.sh**: Activates Gatekeeper on macOS for application security.
11 | - **remote-access-disable.sh**: Disables remote access on macOS.
12 | - **remote-access-enable.sh**: Enables remote access on macOS.
13 |
14 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/remote-access-disable.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Operating System: macOS
3 | # Disable Remote Access (SSH) for a macOS device.
4 |
5 | # Ensure the script is being run as root
6 | if [ "$(id -u)" -ne 0 ]; then
7 | echo "This script must be run as root. Try running with 'sudo'."
8 | exit 1
9 | fi
10 |
11 | # Inform the user
12 | echo "Disabling SSH remote access..."
13 |
14 | # Execute the command to disable remote login
15 | systemsetup -setremotelogin off
16 |
17 | # Provide feedback on the result
18 | if [ $? -eq 0 ]; then
19 | echo "SSH remote access has been successfully disabled."
20 | else
21 | echo "Failed to disable SSH remote access. Please check for errors."
22 | exit 1
23 | fi
24 |
25 |
--------------------------------------------------------------------------------
/Bash/Scripts/macOS/remote-access-enable.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Operating System: macOS
3 | # Enable Remote Access (SSH) for a macOS device.
4 |
5 | # Ensure the script is being run as root
6 | if [ "$(id -u)" -ne 0 ]; then
7 | echo "This script must be run as root. Try running with 'sudo'."
8 | exit 1
9 | fi
10 |
11 | # Inform the user
12 | echo "Enabling SSH remote access..."
13 |
14 | # Execute the command to enable remote login
15 | systemsetup -f -setremotelogin on
16 |
17 | # Provide feedback on the result
18 | if [ $? -eq 0 ]; then
19 | echo "SSH remote access has been successfully enabled."
20 | else
21 | echo "Failed to enable SSH remote access. Please check for errors."
22 | exit 1
23 | fi
24 |
25 |
--------------------------------------------------------------------------------
/Bash/Scripts/readme.md:
--------------------------------------------------------------------------------
1 | # Bash Scripts
2 |
--------------------------------------------------------------------------------
/Bash/readme.md:
--------------------------------------------------------------------------------
1 | # Bash
2 |
--------------------------------------------------------------------------------
/Go/Monitors/readme.md:
--------------------------------------------------------------------------------
1 | # Go Monitors
2 |
--------------------------------------------------------------------------------
/Go/Scripts/readme.md:
--------------------------------------------------------------------------------
1 | # Go Scripts
2 |
--------------------------------------------------------------------------------
/Go/readme.md:
--------------------------------------------------------------------------------
1 | # Go
2 |
--------------------------------------------------------------------------------
/Level_Logo_Animation.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/levelrmm/scripts/48060ba4fa65595aea53b03a3be642c7394ba4af/Level_Logo_Animation.gif
--------------------------------------------------------------------------------
/PowerShell/Monitors/admin-users.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Admin Users
12 | # Description: This script identifies unexpected users with administrative
13 | # privileges, excluding those in the excluded list. It alerts for any unexpected
14 | # users found and displays an error message with the list of unexpected users
15 | # if any are detected.
16 | #
17 | # Language: PowerShell
18 | # Timeout: 100
19 | # Version: 1.0
20 | #
21 | # -----------------------------------------------------------------------------
22 | # Monitor Configuration
23 | # -----------------------------------------------------------------------------
24 | # Script: Windows Monitor - Admin Users
25 | # Script output: Contains
26 | # Output value: ALERT
27 | # Run frequency: Minutes
28 | # Duration: 5
29 | # -----------------------------------------------------------------------------
30 |
31 | # -----------------------------------------------------------------------------
32 | # CONFIGURE
33 | # - excluded_admin_users
34 |
35 | # Array of known admin users to exclude from output
36 | $excluded_admin_users = @("Administrator", "Level")
37 | # -----------------------------------------------------------------------------
38 |
39 | # Get a list of all users with administrative privileges
40 | $admin_users = (Get-WmiObject -Class Win32_UserAccount | Where-Object { $_.LocalAccount -eq $true -and $_.Disabled -eq $false -and $_.PasswordRequired -eq $true -and $_.SID -notlike "*-500" }).Name
41 |
42 | # Variables to track the number of unexpected admin users found
43 | $unexpected_count = 0
44 | $unexpected_users = ""
45 |
46 | # Alert on unexpected admin users
47 | foreach ($user in $admin_users) {
48 | if ($excluded_admin_users -notcontains $user) {
49 | Write-Host "ALERT: Unexpected admin user found: $user"
50 | $unexpected_count++
51 | $unexpected_users += " $user"
52 | }
53 | }
54 |
55 | # Check if any unexpected users were found
56 | if ($unexpected_count -gt 0) {
57 | Write-Host "ALERT: $unexpected_count unexpected admin users found"
58 | Write-Host "Unexpected admin users found: $unexpected_users"
59 | }
60 | else {
61 | Write-Host "SUCCESS"
62 | }
63 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/check-admins-groups-against-trust-list.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Check admin groups against trust list
12 | # Description: This script pulls users from the administrators group, or if
13 | # a domain controller the "domain admins" group. These users are compared
14 | # with a trust list of user accounts and if accounts exist that are not in the
15 | # list, then an alert message it generated.
16 | #
17 | # Language: PowerShell
18 | # Timeout: 100
19 | # Version: 1.0
20 | #
21 | # -----------------------------------------------------------------------------
22 | # Monitor Configuration
23 | # -----------------------------------------------------------------------------
24 | # Script: Windows Monitor - Admin Users
25 | # Script output: Contains
26 | # Output value: ALERT
27 | # Run frequency: Hours
28 | # Duration: 1
29 | # -----------------------------------------------------------------------------
30 |
31 | # -----------------------------------------------------------------------------
32 | # CONFIGURE
33 | # Enter the list of approved admin accounts. Wildcards are acceptable "*"
34 |
35 | # Trusted domain admin accounts
36 | $domainAdminsList = "administrator", "itadmin", "secondaryadmin"
37 |
38 | # Trusted local admin accounts
39 | $localAdminsList = "*Domain Admins", "*administrator"
40 | # -----------------------------------------------------------------------------
41 |
42 | # Check if the device is a domain controller, and if so check Active Directory "Domain Admins"
43 | $domainController = (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem").DomainRole -in 4, 5
44 | if ($domainController) {
45 | # Import the Active Directory module
46 | Import-Module ActiveDirectory
47 |
48 | # Get the members of the "Domain Admins" group
49 | $actualAdmins = Get-ADGroupMember -Identity "Domain Admins" | Select-Object -ExpandProperty SamAccountName
50 | $adminsList = $domainAdminsList
51 | $accountType = "Domain"
52 | }
53 | else {
54 | # This device is not a domain controller. Check local accounts
55 | $actualAdmins = Get-LocalGroupMember -Group "Administrators" | Select-Object -ExpandProperty Name
56 | $adminsList = $localAdminsList
57 | $accountType = "Local"
58 | }
59 |
60 | $badAdmins = @()
61 | $goodAdmins = @()
62 |
63 | #Compare the admin accounts vs the adminsList, and if an account exists then add it to $badAdmins
64 | $actualAdmins | ForEach-Object {
65 | $adminName = $_
66 | $matchFound = $false
67 | foreach ($account in $adminsList) {
68 | if ($adminName -like $account) {
69 | $matchFound = $true
70 | break
71 | }
72 | }
73 | if (-not $matchFound) {
74 | $badAdmins += $adminName
75 | }
76 | else {
77 | $goodAdmins += $adminName
78 | }
79 | }
80 |
81 | if ($badAdmins.count -gt 0) {
82 | Write-Output "ALERT: The $accountType Admins group contains non-standard accounts!"
83 | $badAdmins
84 | exit 1
85 | }
86 | else {
87 | Write-Output "Good news! The $accountType Admins group only contains these approved users:"
88 | $goodAdmins
89 | exit
90 | }
91 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/check-bitlocker.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | #
7 | # -----------------------------------------------------------------------------
8 | # Script Configuration
9 | # -----------------------------------------------------------------------------
10 | # Name: Windows Monitor - Check Bitlocker Status
11 | # Description: Check if Bitlocker is enabled. Only check local disks and ignores
12 | # USB drives
13 | # Language: PowerShell
14 | # Timeout: 100
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Windows Monitor - Check Bitlocker Status
21 | # Script output: Contains
22 | # Output value: ALERT
23 | # Run frequency: Hours
24 | # Duration: 12
25 | # -----------------------------------------------------------------------------
26 |
27 | # Check for Bitlocker status
28 | $BitlockerStatus = Get-Disk | Where-Object { $_.Bustype -ne 'USB' } | Get-Partition | Where-Object { $_.DriveLetter } | Select-Object -ExpandProperty DriveLetter | Get-BitLockerVolume | Where-Object ProtectionStatus -eq 'Off'
29 |
30 | if ($BitlockerStatus) {
31 | Write-Host "ALERT"
32 | }
33 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/check-disk-for-SMART-errors/check-disk-for-SMART-errors.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | #
7 | # -----------------------------------------------------------------------------
8 | # Script Configuration
9 | # -----------------------------------------------------------------------------
10 | # Name: Windows Monitor - Check Disk for SMART errors
11 | # Description: Download smartctl and check all disks for S.M.A.R.T. errors
12 | #
13 | # Language: PowerShell
14 | # Timeout: 100
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Windows Monitor - Disk has SMART errors
21 | # Script output: Contains
22 | # Output value: ALERT
23 | # Run frequency: Hours
24 | # Duration: 24
25 | # -----------------------------------------------------------------------------
26 |
27 | $smartctlPath = "c:\temp\smartctl.exe"
28 | $HasError = 0 # Initialize error counter
29 |
30 | # Download smartctl if not present
31 | if (-not (Test-Path -path $smartctlPath)) {
32 | Write-Host "Downloading smartctl`n"
33 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
34 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
35 |
36 | Try {
37 | iwr -uri https://github.com/levelsoftware/scripts/raw/main/PowerShell/Monitors/check-disk-for-SMART-errors/smartctl.exe -outfile (New-Item -Path $smartctlPath -Force) -ErrorAction Stop
38 | $FileSize = [math]::round((Get-Item -Path $smartctlPath).Length / 1MB, 2)
39 | Write-Host "Downloaded $smartctlPath - $FileSize MB"
40 | }
41 | Catch {
42 | Write-Host "Failed to download smartctl. Error: $_" -ForegroundColor Red
43 | Exit 1
44 | }
45 | }
46 | else {
47 | Write-Host "Smartctl already present at $smartctlPath`n"
48 | }
49 |
50 | # Scanning for all disks
51 | $disks = & $smartctlPath --scan | ForEach-Object {
52 | if ($_ -match '/dev/(\S+)') {
53 | $matches[1]
54 | }
55 | }
56 |
57 | # Function to check for predictive failure
58 | function CheckForFailure {
59 | param ($output)
60 | if ($output -match "SMART overall-health self-assessment test result: FAILED!") {
61 | return $true
62 | }
63 | return $false
64 | }
65 |
66 | # Function to check for errors in smartctl output
67 | function CheckForErrors {
68 | param ($output)
69 | if ($output -match "SMART command failed") {
70 | return $true
71 | }
72 | return $false
73 | }
74 |
75 | # Checking each disk for SMART data and generating alerts
76 | foreach ($disk in $disks) {
77 | Write-Host "Checking SMART data for disk: $disk"
78 | $smartOutput = & $smartctlPath --health /dev/$disk
79 | if (CheckForErrors -output $smartOutput) {
80 | Write-Host "Error encountered while checking disk $disk. Skipping..." -ForegroundColor Yellow
81 | continue
82 | }
83 | if (CheckForFailure -output $smartOutput) {
84 | Write-Host "ALERT: Predictive failure detected on disk $disk" -ForegroundColor Red
85 | $HasError += 1
86 | }
87 | $smartOutput
88 | }
89 |
90 | # Generate alert summary
91 | if ($HasError -gt 0) {
92 | Write-Host "`n$HasError disk(s) found to have error(s)." -ForegroundColor Red
93 | exit 1
94 | }
95 | else {
96 | Write-Host "No errors found."
97 | Exit
98 | }
99 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/check-disk-for-SMART-errors/smartctl.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:04d0d253621938b7949bfacbeed753d5a0c6b1089ef1e29d5f6960d97d0266e9
3 | size 1142784
4 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/check-for-IPv6-and-disable.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Check for IPv6 and disable
12 | # Description: This script checks if IPv6 is enabled on each NIC, and if it is
13 | # then IPv6 is disabled on each.
14 | #
15 | # Language: PowerShell
16 | # Timeout: 100
17 | # Version: 1.0
18 | #
19 | # -----------------------------------------------------------------------------
20 | # Monitor Configuration
21 | # -----------------------------------------------------------------------------
22 | # Script: Windows Monitor - Check for IPv6 and disable
23 | # Script output: Contains
24 | # Output value: ALERT
25 | # Run frequency: Hours
26 | # Duration: 24
27 | # -----------------------------------------------------------------------------
28 |
29 | # Get all network adapters with IPv6 enabled
30 | $adaptersWithIPv6 = Get-NetAdapterBinding -ComponentID ms_tcpip6 | Where-Object { $_.Enabled -eq $true }
31 |
32 | # Loop through each adapter and disable IPv6 if it's enabled
33 | foreach ($adapter in $adaptersWithIPv6) {
34 | try {
35 | Write-Host "Attempting to disable IPv6 on $($adapter.Name)..."
36 | Disable-NetAdapterBinding -Name $adapter.Name -ComponentID ms_tcpip6 -ErrorAction Stop
37 | Write-Host "IPv6 disabled on $($adapter.Name).`n"
38 | } catch {
39 | Write-Host "ALERT: Error disabling IPv6 on $($adapter.Name): $_"
40 | exit 1
41 | }
42 | }
43 |
44 | Write-Host "Script completed successfully."
--------------------------------------------------------------------------------
/PowerShell/Monitors/check-for-usb-drive.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | #
7 | # -----------------------------------------------------------------------------
8 | # Script Configuration
9 | # -----------------------------------------------------------------------------
10 | # Name: Windows Monitor - Check USB Drive Presence
11 | # Description: Check if USB Drive is present
12 | # Language: PowerShell
13 | # Timeout: 100
14 | # Version: 1.0
15 | #
16 | # -----------------------------------------------------------------------------
17 | # Monitor Configuration
18 | # -----------------------------------------------------------------------------
19 | # Script: Windows Monitor - Check USB Drive Presence
20 | # Script output: Contains
21 | # Output value: ALERT
22 | # Run frequency: Minutes
23 | # Duration: 5
24 | # -----------------------------------------------------------------------------
25 |
26 | # Look for USB Drives
27 | $USBDrivePresent = Get-CimInstance -ClassName Win32_DiskDrive | Where-Object { $_.InterfaceType -eq 'USB' }
28 |
29 | if ($USBDrivePresent) {
30 | # If USB drive is present, send console message for Level to alert on
31 | Write-Host "ALERT"
32 | }
33 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/check-temporary-accounts.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | # Script Configuration
8 | # -----------------------------------------------------------------------------
9 | # Name: Windows Monitor - Check Temporary Accounts
10 | # Description: Look for possible temporary (test) user accounts that are not disabled
11 | # Language: PowerShell
12 | # Timeout: 100
13 | # Version: 1.0
14 | #
15 | # -----------------------------------------------------------------------------
16 | # Monitor Configuration
17 | # -----------------------------------------------------------------------------
18 | # Script: Windows Monitor - Check Temporary Accounts
19 | # Script output: Contains
20 | # Output value: ALERT
21 | # Run frequency: Minutes
22 | # Duration: 5
23 | # -----------------------------------------------------------------------------
24 |
25 | # List of strings that might indicate a temporary or test account
26 | $ArrayOfNames = @("temp", "test", "tmp", "skykick", "migrat", "migwiz", "dummy", "trial", "lab")
27 |
28 | # Function to check if any user accounts are enabled
29 | function CheckUsers {
30 | foreach ($user in $Users) {
31 | # Check if the accounts are enabled
32 | if ($user.Enabled) {
33 | Write-Host "ALERT"
34 | Exit
35 | }
36 | }
37 | }
38 |
39 | # Determine if the device is a domain controller or not
40 | $domainController = (Get-WmiObject -Query "SELECT * FROM Win32_ComputerSystem").DomainRole -in 4, 5
41 |
42 | if ($domainController) {
43 | # This device is a domain controller. Check Active Directory
44 | foreach ($name in $ArrayOfNames) {
45 | $filter = "Name -like '*$name*'"
46 | $Users = Get-ADUser -Filter $filter -Property Enabled
47 | CheckUsers
48 | }
49 | }
50 | else {
51 | # This device is not a domain controller. Check local accounts
52 | foreach ($name in $ArrayOfNames) {
53 | $Users = Get-LocalUser | Where-Object Name -like "*$name*"
54 | CheckUsers
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/check-unqouted-service-paths.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Check for Unqouted Service Paths
12 | # Description: Search Windows Services and identify any services that contain
13 | # spaces in the path, but no double quotes. Unqouted Service paths create a
14 | # privilege escalation vulnerability in windows. See CVE-2023-32658.
15 | #
16 | # Language: PowerShell
17 | # Timeout: 100
18 | # Version: 1.0
19 | #
20 | # -----------------------------------------------------------------------------
21 | # Monitor Configuration
22 | # -----------------------------------------------------------------------------
23 | # Script: Windows Monitor - Check for Unqouted Service Paths
24 | # Script output: Contains
25 | # Output value: ALERT
26 | # Run frequency: Hours
27 | # Duration: 24
28 | # -----------------------------------------------------------------------------
29 |
30 | # Get Services with a space in the file path, but no double quotes around it.
31 | $services = Get-WmiObject -Class win32_service -Filter "StartMode='Auto' AND NOT PathName LIKE 'c:\\Windows\\%' AND PathName LIKE '% %' AND NOT PathName LIKE '%`"%'"
32 |
33 | # Alert if services are found.
34 | if($services -ne $null){
35 | Write-Output "ALERT: The following services are vulnerable to CVE-2023-32658."
36 | $services | format-table Name,StartMode,State
37 | Exit 1
38 | }
39 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/disk-errors.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Local Disk Errors
12 | # Description: Checks local disks for errors reported in event viewer within the
13 | # last 24 hours
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Windows Monitor - Local Disk Errors
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Minutes
25 | # Duration: 5
26 | # -----------------------------------------------------------------------------
27 |
28 | $ErrorActionPreference = 'silentlycontinue'
29 | $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1)
30 | if (Get-WinEvent -FilterHashtable @{LogName = 'system'; ID = '11', '9', '15', '52', '129', '7', '98'; Level = 2, 3; ProviderName = '*disk*', '*storsvc*', '*ntfs*'; StartTime = $TimeSpan } -MaxEvents 10 | Where-Object -Property Message -Match Volume*) {
31 | Write-Output "ALERT"
32 | Exit 1
33 | }
34 | else {
35 | Write-Output "Disks are Healthy"
36 | Exit 0
37 | }
--------------------------------------------------------------------------------
/PowerShell/Monitors/dns-servers.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows DNS Server Check
12 | # Description: This script retrieves the DNS servers used on the device, compares
13 | # them to the expected configuration, and alerts if they don't match.
14 | #
15 | # Language: PowerShell
16 | # Timeout: 100
17 | # Version: 1.1
18 | #
19 | # -----------------------------------------------------------------------------
20 | # Monitor Configuration
21 | # -----------------------------------------------------------------------------
22 | # Script: Windows DNS Server Check
23 | # Script output: Contains
24 | # Output value: ALERT
25 | # Run frequency: Minutes
26 | # Duration: 5
27 | # -----------------------------------------------------------------------------
28 |
29 | # -----------------------------------------------------------------------------
30 | # CONFIGURE
31 | # - expected_dns_servers
32 |
33 | # Array of expected DNS servers
34 | $allowedDnsServers = @("1.1.1.1", "1.0.0.1")
35 |
36 | # -----------------------------------------------------------------------------
37 |
38 | # Function to check if the DNS servers match the allowed list
39 | function Check-DnsServers {
40 | $networkInterfaces = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled }
41 |
42 | foreach ($interface in $networkInterfaces) {
43 | $dnsServers = $interface.DNSServerSearchOrder
44 |
45 | Write-Host "Interface: $($interface.Description)"
46 | Write-Host "Allowed DNS servers: $($allowedDnsServers -join ', ')"
47 | Write-Host "Current DNS servers: $($dnsServers -join ', ')"
48 |
49 | if ($dnsServers -ne $null -and $dnsServers.Count -gt 0) {
50 | $matchingServers = @($dnsServers | Where-Object { $allowedDnsServers -contains $_ })
51 |
52 | if ($matchingServers.Count -eq $dnsServers.Count) {
53 | Write-Host "SUCCESS: DNS servers match the allowed list."
54 | } else {
55 | Write-Host "ALERT: Not all DNS servers are in the allowed list."
56 | exit 1
57 | }
58 | } else {
59 | Write-Host "ALERT: No DNS servers configured"
60 | exit 1
61 | }
62 | }
63 | }
64 |
65 | # Check if the DNS servers match the allowed list
66 | Check-DnsServers
67 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/event-log-monitor.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Event Log Monitor
12 | # Description: Scan event log for event IDs and if found trigger an alert
13 | # Language: PowerShell
14 | # Timeout: 100
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Event Log Monitor
21 | # Script output: Contains
22 | # Output value: ALERT
23 | # Run frequency: Minutes
24 | # Duration: 5
25 | # -----------------------------------------------------------------------------
26 |
27 | #Chose which event log to monitor: application, security, or system
28 | $LogName = "application"
29 | #Chose which event ID to monitor.
30 | $ID = 1000
31 | #Chose the severity level of the event. (Critical 1, Error 2, Warning 3,
32 | #Informational 4) Can be comma seperated list (don't use quotes)
33 | $EventSeverity = 2
34 | #Chose the provider name (source) of the event.
35 | $ProviderName = "Application Error"
36 | #Chose the timeframe (in minutes) in which to search. Search the logs filtered
37 | #to the past X minutes. This should be synced up with the monitor run
38 | #frequency. If the frequency will be set to checking every 5 minutes, then the
39 | #timeframe shouldn't exceed that.
40 | $Timeframe = 5
41 |
42 |
43 | $TimeSpan = (Get-Date) - (New-TimeSpan -Minutes $Timeframe)
44 | $ErrorActionPreference = 'silentlycontinue'
45 |
46 | #Pull the events and filter them
47 | $EventTracker = Get-WinEvent -FilterHashtable @{
48 | LogName = $LogName
49 | ID = $ID
50 | Level = $EventSeverity
51 | ProviderName = $ProviderName
52 | StartTime = $TimeSpan
53 | } -MaxEvents 10
54 |
55 | #Display the events
56 | $EventTracker
57 |
58 | #If there are events that match, trigger the ALERT
59 | if ($EventTracker) {
60 | Write-Output "ALERT"
61 | Exit 1
62 | }
63 | else {
64 | Write-Output "Events not found. Check your filter variables if you are expecting a match."
65 | Exit 0
66 | }
67 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/file-contains.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - File Contains
12 | # Description: This script checks the contents of a file for a specific string.
13 | # Language: PowerShell
14 | # Timeout: 100
15 | # Version: 1.0
16 | # -----------------------------------------------------------------------------
17 | # Monitor Configuration
18 | # -----------------------------------------------------------------------------
19 | # Script: Windows Monitor - File Contains
20 | # Script output: Contains
21 | # Output value: ALERT
22 | # Run frequency: Minutes
23 | # Duration: 5
24 | # -----------------------------------------------------------------------------
25 |
26 | # -----------------------------------------------------------------------------
27 | # CONFIGURE
28 | # - file_path
29 | # - search_string
30 |
31 | # Specify the file path to check
32 | $file_path = "C:\file.txt"
33 |
34 | # Specify the string to search for in the file
35 | $search_string = "example"
36 | # -----------------------------------------------------------------------------
37 |
38 | # Check if the file exists
39 | if (Test-Path -Path $file_path) {
40 | $file_content = Get-Content -Path $file_path -Raw
41 | if ($file_content -like "*$search_string*") {
42 | Write-Host "SUCCESS: The string '$search_string' exists in the file."
43 | }
44 | else {
45 | Write-Host "ALERT: The string '$search_string' does not exist in the file."
46 | }
47 | }
48 | else {
49 | Write-Host "ALERT: File not found: $file_path"
50 | }
51 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/file-exists.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - File Exists
12 | # Description: This recurring script checks for the existence of a specific file.
13 | # Language: PowerShell
14 | # Timeout: 100
15 | # Version: 1.0
16 | # -----------------------------------------------------------------------------
17 | # Monitor Configuration
18 | # -----------------------------------------------------------------------------
19 | # Script: Windows Monitor - File Exists
20 | # Script output: Contains
21 | # Output value: "file exists" or "not found"
22 | # Run frequency: Minutes
23 | # Duration: 5
24 | # -----------------------------------------------------------------------------
25 |
26 | # -----------------------------------------------------------------------------
27 | # CONFIGURE
28 | # - file_path
29 |
30 | # Specify the file path to check for existence
31 | $file_path = "C:\file.txt"
32 | # -----------------------------------------------------------------------------
33 |
34 | # Check if the file exists
35 | if (Test-Path -Path $file_path) {
36 | Write-Host "file exists: $file_path"
37 | }
38 | else {
39 | Write-Host "file not found: $file_path"
40 | }
41 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/find-inactive-AD-user-accounts.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Find inactive AD user accounts
12 | # Description: Search Active Directory for users that have not logged in for
13 | # some time. The threshold in days is defined with $InactiveDays. Not
14 | # included are user accounts that begin with HealthMailbox, IUSR, IWAM, AAD,
15 | # MSOL, etc. Also excluding disabled accounts and any with "Audited" in the
16 | # description field.
17 | #
18 | # Language: PowerShell
19 | # Timeout: 100
20 | # Version: 1.0
21 | #
22 | # -----------------------------------------------------------------------------
23 | # Monitor Configuration
24 | # -----------------------------------------------------------------------------
25 | # Script: Windows Monitor - Find inactive AD user accounts
26 | # Script output: Contains
27 | # Output value: ALERT
28 | # Run frequency: Hours
29 | # Duration: 24
30 | # -----------------------------------------------------------------------------
31 |
32 | # Define the days threshold for how long an account can be inactive before alerting.
33 | $InactiveDays = 90
34 | $Days = (Get-Date).Adddays(-$InactiveDays)
35 |
36 | # Check if the device is a domain controller
37 | $productType = (Get-CimInstance -ClassName Win32_OperatingSystem).ProductType
38 | if ($productType -ne 2) {
39 | Write-Host "Please run this script on a domain controller."
40 | Exit 1
41 | }
42 |
43 | # Get users and apply filters. If the word "audited" is in the description then the account will not show.
44 | # This provides a mechanism to remove service accounts from the report. We also filter out system accounts
45 | # and disabled accounts.
46 | $users = Get-ADUser -Filter { Enabled -eq $true } -Properties LastLogonDate, Description |
47 | Where { ($_.LastLogonDate -lt $Days) -or ($_.LastLogonDate -eq $NULL) } |
48 | Where-Object { $_.Description -notlike "*audited*" -and $_.SamAccountName -notmatch '^HealthMailbox|^IUSR_|^IWAM_|^AAD_|^MSOL_' -and $_.Name -notmatch 'HealthMailbox' } |
49 | Sort-Object LastLogonDate
50 |
51 | # If no inactive accounts, then exit
52 | if ($null -eq $users) {
53 | Write-Host "No accounts have been found that have not logged in for $InactiveDays days."
54 | exit
55 | }
56 |
57 | # Print the inactive account report
58 | Write-Host "ALERT: accounts have been found that have not logged in for $InactiveDays days.`n"
59 | $users | Format-Table -AutoSize SamAccountName, Name, @{Name = "LastLogonDate"; Expression = { if ($_.LastLogonDate -eq $null) { "Never logged in" } else { $_.LastLogonDate } } }, DistinguishedName, Description
60 | exit 1
61 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/hosts-check.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Host File Changes
12 | # Description: This script monitors for non-excluded entries in the host file
13 | # and alerts if any modifications are detected.
14 | #
15 | # Language: PowerShell
16 | # Timeout: 100
17 | # Version: 1.0
18 | #
19 | # -----------------------------------------------------------------------------
20 | # Monitor Configuration
21 | # -----------------------------------------------------------------------------
22 | # Script: Windows Monitor - Host File Changes
23 | # Script output: Contains
24 | # Output value: ALERT
25 | # Run frequency: Minutes
26 | # Duration: 5
27 | # -----------------------------------------------------------------------------
28 |
29 | # -----------------------------------------------------------------------------
30 | # CONFIGURE
31 | # - host_file_path
32 | # - excluded_entries
33 |
34 | # Path to the host file
35 | $hostFilePath = "C:\Windows\System32\drivers\etc\hosts"
36 |
37 | # Array of excluded entries (default: "127.0.0.1" and "::1")
38 | $excludedEntries = @("127.0.0.1", "::1")
39 |
40 | # -----------------------------------------------------------------------------
41 |
42 | # Function to check for non-excluded entries in the host file
43 | function Check-HostFileChanges {
44 | param (
45 | [string]$FilePath,
46 | [string[]]$ExcludedEntries
47 | )
48 |
49 | if (Test-Path -Path $FilePath) {
50 | $currentContent = Get-Content -Path $FilePath
51 |
52 | foreach ($line in $currentContent) {
53 | $entry = $line.Trim()
54 |
55 | # Skip empty lines and commented lines
56 | if (-not [string]::IsNullOrWhiteSpace($entry) -and $entry -notlike "#*") {
57 | $ipAddress = ($entry -split '\s+')[0]
58 |
59 | # Check if the entry is excluded
60 | if ($ExcludedEntries -notcontains $ipAddress) {
61 | Write-Host "ALERT: Non-excluded entry detected in the host file: $entry"
62 | exit 1
63 | }
64 | }
65 | }
66 | }
67 | }
68 |
69 | # Check for non-excluded entries in the host file
70 | Check-HostFileChanges -FilePath $hostFilePath -ExcludedEntries $excludedEntries
71 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/lost-stolen-device.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | This script is designed to protect data on a stolen laptop by wiping sensitive information.
9 | It covers system details, networking info, browser data, email clients, authentication credentials,
10 | and other potentially sensitive data stored on the device.
11 |
12 | WARNING: This script will permanently delete data. Use with extreme caution.
13 |
14 | .LANGUAGE
15 | PowerShell
16 | .TIMEOUT
17 | 100
18 | .LINK
19 | #>
20 |
21 | # Get System Details
22 | systeminfo
23 |
24 | # Get Local IP
25 | ipconfig /all
26 |
27 | # Get Remote IP
28 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
29 | (iwr https://ip.level.io/json -UseBasicParsing).Content.Trim()
30 |
31 | #Get list of all visible wireless networks
32 | netsh wlan show networks mode=bssid
33 |
34 | #Get ARP table
35 | arp -a
36 |
37 | # WARNING: Dangerous operation - Recursively delete files and directories for all users
38 | # Uncomment the line below to enable this operation. Make sure you understand the risks!
39 | # Get-ChildItem -Path "C:\Users" -Recurse | Remove-Item -Force -Recurse
40 |
41 | # Clear Browser Data (Example for Chrome, modify for other browsers as needed)
42 | # Remove-Item "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\*" -Recurse -Force
43 |
44 | # Clear Outlook Data (Modify the path if different)
45 | # Remove-Item "$env:APPDATA\Microsoft\Outlook\*" -Recurse -Force
46 |
47 | # Remove VPN Credentials (Example for a specific VPN client, modify as needed)
48 | # Remove-Item "Path\To\VPN\Credentials\Store" -Force
49 |
50 | # Remove Saved Wi-Fi Networks
51 | netsh wlan delete profile name="*"
52 |
53 | # Remove Windows Credentials
54 | cmdkey /list | ForEach-Object {if ($_ -like "*Target:*") {cmdkey /delete:($_ -replace " ","" -replace "Target:","")}}
55 |
56 | # WARNING: Following actions are to be performed with extreme caution
57 | # Uncomment the below sections only if you are sure about the implications
58 |
59 | # Remove SSH Keys (if applicable)
60 | # Remove-Item "$env:USERPROFILE\.ssh\*" -Force -Recurse
61 |
62 | # End of Script
63 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/md5-check.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - MD5 Check
12 | # Description: This script compares the MD5 hash of a file with a supplied hash.
13 | # Language: PowerShell
14 | # Timeout: 100
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Windows Monitor - MD5 Check
21 | # Script output: Contains
22 | # Output value: ALERT
23 | # Run frequency: Minutes
24 | # Duration: 5
25 | # -----------------------------------------------------------------------------
26 |
27 | # -----------------------------------------------------------------------------
28 | # Configuration
29 | # -----------------------------------------------------------------------------
30 | $filePath = "C:\path\to\file"
31 | $suppliedHash = ""
32 |
33 | # -----------------------------------------------------------------------------
34 |
35 | # Check if the file exists
36 | if (-not (Test-Path -Path $filePath -PathType Leaf)) {
37 | Write-Error "ALERT: File does not exist: $filePath"
38 | exit 1
39 | }
40 |
41 | # Calculate the MD5 hash of the file
42 | $hashAlgorithm = [System.Security.Cryptography.MD5]::Create()
43 | $hashStream = [System.IO.File]::OpenRead($filePath)
44 | $calculatedHash = [System.BitConverter]::ToString($hashAlgorithm.ComputeHash($hashStream)).Replace("-", "")
45 | $hashStream.Close()
46 |
47 | # Compare the calculated hash with the supplied hash
48 | if ($calculatedHash -eq $suppliedHash) {
49 | Write-Output "SUCCESS: The MD5 hash of $filePath matches the supplied hash."
50 | }
51 | else {
52 | Write-Output "ALERT: The MD5 hash of $filePath does not match the supplied hash."
53 | Write-Output "Expected hash: $suppliedHash"
54 | Write-Output "Calculated hash: $calculatedHash"
55 | }
56 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/multiple-logged-in-users.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 |
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Check Multiple User Sessions
12 | # Description: This script checks if more than one user is logged into the system and alerts if so.
13 | #
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Check Multiple User Sessions
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Minutes
25 | # Duration: 5
26 | # -----------------------------------------------------------------------------
27 |
28 | # Function to check for multiple user sessions
29 | function Check-MultipleUserSessions {
30 | $userList = @()
31 | $userSessions = query user 2>&1 | Select-Object -Skip 1
32 |
33 | foreach ($session in $userSessions) {
34 | $sessionInfo = $session -split "\s+" | Where-Object { $_ }
35 | if ($sessionInfo) {
36 | $userList += $sessionInfo[1]
37 | }
38 | }
39 |
40 | $activeSessions = $userList.Count
41 |
42 | Write-Host "Number of active user sessions: $activeSessions"
43 |
44 | if ($activeSessions -gt 1) {
45 | Write-Host "ALERT: More than one user session is active."
46 | exit 1
47 | }
48 | }
49 |
50 | # Run the function to check for multiple user sessions
51 | Check-MultipleUserSessions
52 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/open-ports.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Open Ports
12 | # Description: This script lists inbound open/listening ports on a device and checks for
13 | # unauthorized ports. Requires PowerShell 3.0 or later.
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Windows Monitor - Open Ports
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Minutes
25 | # Duration: 5
26 | # -----------------------------------------------------------------------------
27 |
28 | # -----------------------------------------------------------------------------
29 | # CONFIGURE
30 | # - authorized_ports
31 |
32 | # Authorized inbound ports
33 | $authorized_ports = @(135, 139, 3389, 5040) # Add or remove ports as needed
34 | # -----------------------------------------------------------------------------
35 |
36 | # Get the list of inbound open/listening ports
37 | $open_ports = Get-NetTCPConnection -State Listen | Where-Object { $_.OwningProcess -ne $null }
38 |
39 | # Variables to track the number of unauthorized ports found
40 | $unauthorized_count = 0
41 | $unauthorized_ports = @()
42 |
43 | # Iterate over the open ports
44 | foreach ($port in $open_ports) {
45 | if ($authorized_ports -notcontains $port.LocalPort) {
46 | $processName = (Get-Process -Id $port.OwningProcess).Name
47 | $portInfo = "Port: $($port.LocalPort), Process: $processName"
48 | Write-Host "ALERT: Unauthorized inbound port is in use - $portInfo"
49 | $unauthorized_count++
50 | $unauthorized_ports += $portInfo
51 | }
52 | }
53 |
54 | # Check if any unauthorized ports were found
55 | if ($unauthorized_count -gt 0) {
56 | Write-Host "ALERT: $unauthorized_count unauthorized inbound ports found"
57 | Write-Host "Unauthorized inbound ports in use:"
58 | $unauthorized_ports | ForEach-Object { Write-Host $_ }
59 | }
60 | else {
61 | Write-Host "SUCCESS"
62 | }
63 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/ping.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Ping
12 | # Description: This script performs a series of 30 pings to a host and displays
13 | # an error message if a series of consecutive pings fail.
14 | # Language: PowerShell
15 | # Timeout: 30
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Windows Monitor - Ping
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Minutes
25 | # Duration: 5
26 | # -----------------------------------------------------------------------------
27 |
28 | # -----------------------------------------------------------------------------
29 | # CONFIGURE
30 | # - host_to_ping
31 | # - ping_count
32 | # - consecutive_failures_threshold
33 |
34 | $host_to_ping = "google.com"
35 | $ping_count = 30
36 | $consecutive_failures_threshold = 3
37 |
38 | # -----------------------------------------------------------------------------
39 |
40 | $failed_pings = 0
41 | $consecutive_failures = 0
42 |
43 | for ($i = 1; $i -le $ping_count; $i++) {
44 | $ping_result = Test-Connection -ComputerName $host_to_ping -Count 1 -Quiet
45 |
46 | if (-not $ping_result) {
47 | Write-Host ("Ping " + $i + ": FAILED")
48 | $failed_pings++
49 | $consecutive_failures++
50 |
51 | # Additional ping output information can be obtained using the Test-Connection cmdlet if needed
52 | # Write-Host "Ping output: $($ping_result | Out-String)"
53 | }
54 | else {
55 | Write-Host ("Ping " + $i + ": SUCCESS")
56 | $consecutive_failures = 0
57 | }
58 |
59 | if ($consecutive_failures -ge $consecutive_failures_threshold) {
60 | break
61 | }
62 | }
63 |
64 | if ($consecutive_failures -ge $consecutive_failures_threshold) {
65 | Write-Host ("`nALERT: " + $consecutive_failures_threshold + " consecutive pings to " + $host_to_ping + " failed")
66 | }
67 | elseif ($failed_pings -gt 0) {
68 | Write-Host ("`nWARNING: " + $failed_pings + " out of " + $ping_count + " pings to " + $host_to_ping + " failed")
69 | }
70 | else {
71 | Write-Host ("`nSUCCESS: All " + $ping_count + " pings to " + $host_to_ping + " were successful")
72 | }
73 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/readme.md:
--------------------------------------------------------------------------------
1 | # PowerShell Monitors
2 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/reboot-check.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Reboot Check
12 | # Description: This script checks to see if reboot is required.
13 | # Language: PowerShell
14 | # Timeout: 30
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Windows Monitor - Reboot Check
21 | # Script output: Contains
22 | # Output value: ALERT
23 | # Run frequency: Hour
24 | # Duration: 1
25 | # -----------------------------------------------------------------------------
26 |
27 | $UpdateSession = New-Object -ComObject Microsoft.Update.Session
28 | $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
29 | $SearchResult = $UpdateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")
30 |
31 | if ($SearchResult.Updates.Count -gt 0) {
32 | Write-Output "ALERT: Reboot Required"
33 | } else {
34 | Write-Output "No reboot is required."
35 | }
36 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/registry-check.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Registry Setting
12 | # Description: This script monitors the existence of a registry setting and
13 | # alerts if it is not found.
14 | #
15 | # Language: PowerShell
16 | # Timeout: 100
17 | # Version: 1.0
18 | #
19 | # -----------------------------------------------------------------------------
20 | # Monitor Configuration
21 | # -----------------------------------------------------------------------------
22 | # Script: Windows Monitor - Registry Setting
23 | # Script output: Contains
24 | # Output value: ALERT
25 | # Run frequency: Minutes
26 | # Duration: 5
27 | # -----------------------------------------------------------------------------
28 |
29 | # -----------------------------------------------------------------------------
30 | # CONFIGURE
31 | # - registry_key
32 |
33 | # Registry key to monitor
34 | $registryKey = "HKLM:\Software\Example"
35 |
36 | # -----------------------------------------------------------------------------
37 |
38 | # Check if the registry key exists
39 | if (!(Test-Path -Path $registryKey)) {
40 | Write-Host "ALERT: Registry setting not found: $registryKey"
41 | exit 1
42 | }
43 |
44 | Write-Host "SUCCESS"
45 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/smart-disk-health.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Local Disk Health
12 | # Description: Checks local disk health
13 | # Language: PowerShell
14 | # Timeout: 100
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Windows Monitor - Local Disk Health
21 | # Script output: Contains
22 | # Output value: ALERT
23 | # Run frequency: Minutes
24 | # Duration: 5
25 | # -----------------------------------------------------------------------------
26 |
27 | # Checks local disks for health status
28 | $DiskState = Get-PhysicalDisk | Where-Object {$_.HealthStatus -ne 'Healthy'}
29 | if ($DiskState){
30 | $DiskState | out-host
31 | write-host "ALERT: Disk failure predicted!"
32 | exit 1
33 | }
34 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/software-installed.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Software Check
12 | # Description: This script checks if a specific software is installed.
13 | #
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Software Check
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Minutes
25 | # Duration: 5
26 | # -----------------------------------------------------------------------------
27 |
28 | # -----------------------------------------------------------------------------
29 | # CONFIGURE
30 | # - software_name
31 | # - expected_version (optional)
32 |
33 | # Name of the software to check. Partial names will be matched
34 | $software_name = "Chrome"
35 |
36 | # Expected version of the software (optional)
37 | $expected_version = "114.0.5735.134"
38 |
39 | # -----------------------------------------------------------------------------
40 |
41 | # Function to check if the software is installed
42 | function Check-Software {
43 | param (
44 | [string]$SoftwareName,
45 | [string]$ExpectedVersion
46 | )
47 |
48 | $installed_app = get-package | Where-Object -Property Name -Like "*$SoftwareName*" | Select -ExpandProperty Name
49 | $installed_version = get-package | Where-Object -Property Name -Like "*$SoftwareName*" | Select -ExpandProperty Version
50 |
51 | if ($installed_version -eq $null) {
52 | Write-Host "ALERT: $SoftwareName is not found in any installed applications"
53 | exit 1
54 | }
55 | elseif ($ExpectedVersion -and $installed_version -ne $ExpectedVersion) {
56 | Write-Host "ALERT: $installed_app version mismatch"
57 | Write-Host "Installed version: $installed_version"
58 | Write-Host "Expected version: $ExpectedVersion"
59 | exit 1
60 | }
61 | else {
62 | Write-Host "SUCCESS: $installed_app is installed"
63 | }
64 | }
65 |
66 | # Check if the software is installed
67 | Check-Software -SoftwareName $software_name -ExpectedVersion $expected_version
68 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/unauthorized-admins.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | #
7 | # -----------------------------------------------------------------------------
8 | # Script Configuration
9 | # -----------------------------------------------------------------------------
10 | # Name: Windows Monitor - Unauthorized Admins
11 | # Description: Check for Unauthorized Admins using Custom Field.
12 | # Language: PowerShell
13 | # Timeout: 100
14 | # Version: 1.0
15 | #
16 | # -----------------------------------------------------------------------------
17 | # Monitor Configuration
18 | # -----------------------------------------------------------------------------
19 | # Script: Windows Monitor - Check Bitlocker Status
20 | # Script output: Contains
21 | # Output value: ALERT
22 | # Run frequency: Hours
23 | # Duration: 1
24 | # -----------------------------------------------------------------------------
25 |
26 | # Custom Field: Authorized Admins (must update to match your custom field name)
27 | $AuthorizedAdmins = "{{cf_authorized_admins}}"
28 |
29 | # Get all local admins that are enabled
30 | $admins = Get-LocalGroupMember -Group "Administrators" |
31 | Where-Object { $_.ObjectClass -eq 'User' -and (Get-LocalUser $_.SID).Enabled -eq $true } |
32 | Select-Object -ExpandProperty Name
33 |
34 | # Extract just the username by splitting on '\' and taking the last part
35 | $admins = $admins | ForEach-Object { ($_ -split '\\')[-1] }
36 |
37 | # Join the usernames into a single string separated by commas
38 | $adminString = $admins -join ","
39 |
40 | # Store in a custom field (assuming you mean a variable for this context)
41 | $detectedAdmins = $adminString
42 |
43 | # Convert both lists to arrays and trim spaces
44 | $detectedArray = $detectedAdmins -split ',' | ForEach-Object { $_.Trim().ToLower() }
45 | $authorizedArray = $AuthorizedAdmins -split ',' | ForEach-Object { $_.Trim().ToLower() }
46 |
47 | # Find admins in detected list but not in authorized list
48 | # Convert both to lowercase for case-insensitive comparison
49 | $unauthorizedAdmins = $detectedArray | Where-Object { $authorizedArray -notcontains $_ }
50 |
51 | # Output unauthorized admins separated by commas
52 | $unauthorizedString = $unauthorizedAdmins -join ','
53 |
54 | if ($unauthorizedAdmins.Count -gt 0) {
55 | Write-Output "ALERT: Unauthorized Admins Detected -- $unauthorizedString"
56 | exit 1
57 | } else {
58 | Write-Output "No unauthorized admins detected."
59 | exit 0
60 | }
61 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/unauthorized-applications.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Unauthorized Application
12 | # Description: This script identifies applications that aren't authorized.
13 | #
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Windows Monitor - Unauthorized Application
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Minutes
25 | # Duration: 30
26 | # -----------------------------------------------------------------------------
27 |
28 | # -----------------------------------------------------------------------------
29 | # CONFIGURE: Level Custom Field
30 | # - cf_authorized_applications
31 | # -----------------------------------------------------------------------------
32 |
33 | # Convert the custom field to an array, handling null or empty cases
34 | $AuthorizedApps = if ("{{cf_authorized_applications}}" -ne "") {
35 | "{{cf_authorized_applications}}" -split ","
36 | } else {
37 | Write-Output "Warning: No authorized applications specified. All installed apps will be considered unauthorized."
38 | @() # Empty array if no authorized apps are listed
39 | }
40 |
41 | # Get list of installed applications
42 | $InstalledApps = Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" |
43 | ForEach-Object { Get-ItemProperty $_.PsPath } |
44 | Where-Object { $_.DisplayName -and ($_.SystemComponent -ne 1) } |
45 | ForEach-Object {
46 | ($_.DisplayName -replace '[^a-zA-Z0-9]', '').ToLower()
47 | }
48 |
49 | # Compare installed applications with authorized list
50 | $UnauthorizedApps = $InstalledApps | Where-Object { $_ -notin $AuthorizedApps }
51 |
52 | if ($UnauthorizedApps) {
53 | Write-Output "ALERT: Unauthorized Applications:"
54 | $UnauthorizedApps | ForEach-Object { Write-Output $_ }
55 | exit 1
56 | } else {
57 | Write-Output "No unauthorized applications detected."
58 | exit 0
59 | }
60 |
--------------------------------------------------------------------------------
/PowerShell/Monitors/uptime.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - System Uptime
12 | # Description: Check for uptime of the computer
13 | # Language: PowerShell
14 | # Timeout: 100
15 | # Version: 1.0
16 | # -----------------------------------------------------------------------------
17 | # Monitor Configuration
18 | # -----------------------------------------------------------------------------
19 | # Script: Windows Monitor - System Uptime
20 | # Script output: Greater than
21 | # Output value: 30 (days)
22 | # Run frequency: Hours
23 | # Duration: 12
24 | # -----------------------------------------------------------------------------
25 |
26 | # Get uptime of device
27 | $uptime = (Get-Date) - (Get-CimInstance Win32_OperatingSystem).LastBootUpTime | Select-Object -ExpandProperty TotalDays
28 |
29 | # Round it to a whole number
30 | $uptime = [math]::Round($uptime)
31 |
32 | # Return uptime
33 | Write-Host $uptime
--------------------------------------------------------------------------------
/PowerShell/Monitors/user-added-to-admin-group.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - User Added to Admin Group
12 | # Description: Check for events when users have been added to the local
13 | # administrators group
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # Monitor Configuration
20 | # -----------------------------------------------------------------------------
21 | # Script: Windows Monitor - User Added to Admin Group
22 | # Script output: Contains
23 | # Output value: ALERT
24 | # Run frequency: Minutes
25 | # Duration: 5
26 | # -----------------------------------------------------------------------------
27 |
28 | #Check if security audit logging for "Security Group Management" is enabled
29 | #Please note that this is better edited via group policy instead of local policy because group policy could overwrite this!
30 | $AuditLoggingStatus = auditpol.exe /get '/subcategory:{0CCE9237-69AE-11D9-BED3-505054503030}'
31 | if ($AuditLoggingStatus -like "*No Auditing*") {
32 | #Enable security audit logging for "Security Group Management"
33 | auditpol.exe /set '/subcategory:{0CCE9237-69AE-11D9-BED3-505054503030}' /success:enable
34 | }
35 |
36 | #Check the security event log for event 4732 where the group name is "Administrators"
37 | $EventLogResults = Get-WinEvent -LogName Security -FilterXPath @'
38 |
39 |
40 |
46 |
47 |
48 | '@
49 |
50 | #If the event exists, return "ALERT" for the Level script-based monitor to alert
51 | if ($EventLogResults.Id -eq 4732) {
52 | Write-Host "ALERT"
53 | }
--------------------------------------------------------------------------------
/PowerShell/Monitors/windows-firewall.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows Monitor - Windows Firewall
12 | # Description: This script lists the status of the Windows firewall. Create
13 | # a Level monitor that will alert if "False" is contained in the output.
14 | #
15 | # Language: PowerShell
16 | # Timeout: 100
17 | # Version: 1.0
18 | #
19 | # -----------------------------------------------------------------------------
20 | # Monitor Configuration
21 | # -----------------------------------------------------------------------------
22 | # Script: Windows Monitor - Registry Setting
23 | # Script output: Contains
24 | # Output value: False
25 | # Run frequency: Minutes
26 | # Duration: 5
27 | # -----------------------------------------------------------------------------
28 |
29 | # -----------------------------------------------------------------------------
30 | # CONFIGURE
31 | # -----------------------------------------------------------------------------
32 |
33 | # Get the status of the Windows firewall (all three profiles)
34 | get-netfirewallprofile | select Name, Enabled
--------------------------------------------------------------------------------
/PowerShell/Scripts/Active-Directory/AD Computer Report with last login dates.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 | .DESCRIPTION
7 | List all Computers in Active Directory, ordered by last login time.
8 | Useful for finding stale computers that should be removed.
9 |
10 | .LANGUAGE
11 | PowerShell
12 | .TIMEOUT
13 | 100
14 | .LINK
15 | #>
16 |
17 |
18 | Get-ADComputer -Filter {OperatingSystem -Like '*' } -Properties lastlogondate,operatingsystem |select name,lastlogondate,operatingsystem | Sort-Object lastlogondate
--------------------------------------------------------------------------------
/PowerShell/Scripts/Active-Directory/AD User Report with last login dates.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 | .DESCRIPTION
7 | List all enabled users in Active Directory, ordered by last login time.
8 | Useful for finding stale active accounts that should be disabled. If
9 | the last login field is blank it means the account has never logged
10 | in.
11 |
12 | Keep in mind that service accounts are only logged in when the service
13 | starts. If a service is running for 90-days straight, then the last
14 | login will be 90 days ago.
15 |
16 | .LANGUAGE
17 | PowerShell
18 | .TIMEOUT
19 | 100
20 | .LINK
21 | #>
22 |
23 | #Get all AD users and sort by last logon
24 | Get-ADUser -Filter {(Enabled -eq $true)} -Properties LastLogonDate | select samaccountname, Name, LastLogonDate | Sort-Object LastLogonDate
25 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Active-Directory/Enable AD Recycle Bin.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 | .DESCRIPTION
7 | Only run on a domain controller. This script checks whether the
8 | Recycle Bin feature is enabled for the current domain in Active
9 | Directory and enable it if not.
10 |
11 | .LANGUAGE
12 | PowerShell
13 | .TIMEOUT
14 | 100
15 | .LINK
16 | #>
17 |
18 |
19 | # Get the Recycle Bin feature details
20 | $recyclebin = get-adoptionalfeature "recycle bin feature"
21 |
22 | # Get the current Forest Functional Level
23 | $forestmode = (get-adforest).forestmode
24 |
25 | # If the Recycle Bin is not enabled, enable it.
26 | if (($recyclebin.enabledscopes).count -eq 0) {
27 |
28 | $ADDomain = Get-ADDomain | Select -ExpandProperty Forest
29 | $ADInfraMaster = Get-ADDomain | Select-Object InfrastructureMaster
30 | write-host "Recycle Bin is not enabled" -foregroundcolor "red"
31 |
32 | # Display the required and current Forest Functional Levels
33 | write-host "Required Forest Functional Level:" $recyclebin.requiredforestmode "`nCurrent Forest Functional Level:" $forestmode
34 | Write-Host "`nAttempting to enable AD Recycle Bin"
35 |
36 | #Enable the AD recyle bin
37 | Enable-ADOptionalFeature -Identity 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target $ADDomain -Server $ADInfraMaster.InfrastructureMaster -Confirm:$false
38 |
39 | Write-Host "AD Recycle Bin has been enabled for domain $($ADDomain)"
40 | }
41 | else {
42 |
43 | write-host "Recycle Bin is already enabled for these Domain Controllers:" -foregroundcolor "green"
44 |
45 | # Loop through each DC it is enabled on
46 | foreach ($scope in $recyclebin.enabledscopes) {
47 | $DC = ($scope -split ",")[1].substring(3)
48 | # Print the name of the DC to the screen
49 | if ($DC -ne "Configuration") {
50 | write-host ($scope -split ",")[1].substring(3)
51 | }
52 |
53 | }
54 | }
--------------------------------------------------------------------------------
/PowerShell/Scripts/Backup-Apps/Axcient/Install Axcient 360recover Agent (Replibit).ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Install Axcient 360recover agent (Replibit).
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | #Change the Axcient server address (IP) and password
17 | $AxcientApplianceIP = "INSERT_IP_HERE" #Must be reachable from the device where the agent is being installed
18 | $AxcientAppliancePassword = "INSERT_PASSWORD_HERE"
19 |
20 | #Check for temp folder location and create if not present
21 | $TempFolder = 'c:\temp'
22 | if (Test-Path -Path $TempFolder) {
23 | }
24 | else {
25 | mkdir $TempFolder
26 | }
27 |
28 | #Download the Axcient installer
29 | $AxcientInstaller = "agentInstaller.msi"
30 | $Installer = "$TempFolder\$AxcientInstaller"
31 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
32 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
33 | $ProgressPreference = 'SilentlyContinue'
34 | iwr -useb https://github.com/levelsoftware/scripts/raw/main/PowerShell/Backup-Apps/Axcient/$AxcientInstaller -outfile $Installer
35 | $FileSize = [math]::round((Get-Item -Path $Installer).Length / 1MB, 2)
36 | "Downloaded $Installer - $FileSize MB"
37 |
38 | #Install Axcient 360recover agent
39 | & $TempFolder\$Installer /quiet SERVER=$AxcientApplianceIP PASSWORD=$AxcientAppliancePassword
--------------------------------------------------------------------------------
/PowerShell/Scripts/Backup-Apps/Axcient/agentInstaller.msi:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:ca3da2bbc8a3a2d69129a407a17e11559a4329c8cbe14656e9d5b3163e804659
3 | size 22278144
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Bitlocker/Enable BitLocker and rotate key.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | #
7 | # -----------------------------------------------------------------------------
8 | # Script Configuration
9 | # -----------------------------------------------------------------------------
10 | # Name: Enable/Rotate bitlocker
11 | # Description: Enables BitLocker and rotates the key.
12 | # Language: PowerShell
13 | # Timeout: 300
14 | # Version: 1.0
15 | # -----------------------------------------------------------------------------
16 |
17 | # Check if BitLocker is enabled
18 | $bitlockerStatus = (Get-BitLockerVolume -MountPoint "C:").ProtectionStatus
19 |
20 | if ($bitlockerStatus -eq "Off") {
21 | try {
22 | # Enable BitLocker with TPM and generate recovery key
23 | Enable-BitLocker -MountPoint "C:" -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector -TpmProtector
24 |
25 | # Get and verify the new recovery key
26 | $recoveryKey = (Get-BitLockerVolume -MountPoint "C:").KeyProtector |
27 | Where-Object {$_.KeyProtectorType -eq "RecoveryPassword"} |
28 | Select-Object -ExpandProperty RecoveryPassword
29 |
30 | if (-not $recoveryKey) {
31 | Write-Output "ERROR: Failed to get recovery key after enabling BitLocker"
32 | exit 1
33 | }
34 | } catch {
35 | Write-Output "ERROR: Failed to enable BitLocker: $_"
36 | exit 1
37 | }
38 | } else {
39 | try {
40 | # Get current recovery key(s)
41 | $oldKeys = (Get-BitLockerVolume -MountPoint "C:").KeyProtector |
42 | Where-Object {$_.KeyProtectorType -eq "RecoveryPassword"}
43 |
44 | if ($oldKeys.Count -eq 0) {
45 | Write-Output "ERROR: No existing recovery keys found"
46 | exit 1
47 | }
48 |
49 | # Generate new recovery key
50 | $newKey = Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
51 |
52 | # Get and verify new recovery key
53 | $recoveryKey = (Get-BitLockerVolume -MountPoint "C:").KeyProtector |
54 | Where-Object {$_.KeyProtectorType -eq "RecoveryPassword" -and $_.KeyProtectorId -eq $newKey.KeyProtectorId} |
55 | Select-Object -ExpandProperty RecoveryPassword
56 |
57 | if (-not $recoveryKey) {
58 | Write-Output "ERROR: Failed to add new recovery key"
59 | exit 1
60 | }
61 |
62 | # Remove old keys
63 | foreach ($oldKey in $oldKeys) {
64 | Remove-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $oldKey.KeyProtectorId
65 | }
66 | } catch {
67 | Write-Output "ERROR: Failed to rotate BitLocker key: $_"
68 | exit 1
69 | }
70 | }
71 |
72 | # Output the recovery key (either new or rotated)
73 | Write-Output $recoveryKey
74 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Level/Level - Change UUID.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 | .DESCRIPTION
7 | Change the UUID of Level and restart the Level service. This is useful
8 | if devices are fighting over the same agent record in Level due to
9 | having the same UUID. This can sometime occur with disk cloning. After
10 | this is run, the device that receives this command will check-in to
11 | Level and create a new agent record.
12 |
13 | .LANGUAGE
14 | PowerShell
15 | .TIMEOUT
16 | 100
17 | .LINK
18 | #>
19 |
20 | #Get current UUID
21 | $CurrentUUID = & 'C:\Program Files\Level\Level.exe' /get-uuid
22 | #Display the current UUID
23 | $CurrentUUID
24 |
25 | #Create a new UUID with PowerShell's "new-guid"
26 | $UUID = new-guid
27 | & 'C:\Program Files\Level\Level.exe' /set-uuid "$UUID"
28 |
29 | #Restart the Level service
30 | restart-service level
--------------------------------------------------------------------------------
/PowerShell/Scripts/Level/delete-user.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows - Disable/Delete Users
12 | # Description: This script disables or deletes a comma seperated list of users.
13 | #
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 |
20 | # Script Variable: usersToDelete
21 | $userArray = "{{usersToDelete}}" -split ',' | ForEach-Object { $_.Trim() }
22 |
23 | foreach ($user in $userArray) {
24 | # Check if the user exists (assuming we're looking for local users by username)
25 | if (Get-LocalUser -Name $user -ErrorAction SilentlyContinue) {
26 | try {
27 | # Disable the user account
28 | Disable-LocalUser -Name $user
29 | Write-Output "User $user has been disabled."
30 |
31 | # Commented out: To delete instead of disable, uncomment the next line
32 | # Remove-LocalUser -Name $user
33 | # Write-Output "User $user has been deleted."
34 | }
35 | catch {
36 | # Use double quotes with escaping for the colon
37 | Write-Error "Failed to disable user $user`: $_"
38 | }
39 | } else {
40 | Write-Output "User $user does not exist."
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Level/get-local-admins.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows - Get Local Admins
12 | # Description: Get local administrators as a comma seperated list
13 | #
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 |
20 | # Get all local admins that are enabled
21 | $admins = Get-LocalGroupMember -Group "Administrators" |
22 | Where-Object { $_.ObjectClass -eq 'User' -and (Get-LocalUser $_.SID).Enabled -eq $true } |
23 | Select-Object -ExpandProperty Name
24 |
25 | # Extract just the username by splitting on '\' and taking the last part
26 | $admins = $admins | ForEach-Object { ($_ -split '\\')[-1] }
27 |
28 | # Join the usernames into a single string separated by commas
29 | $detectedAdmins = $admins -join ","
30 |
31 | # Output for verification
32 | Write-Output $detectedAdmins
33 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Level/unauthorized-admins.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Windows - Unauthorized Admins
12 | # Description: This script compares the detected admins to the authorized admins list.
13 | #
14 | # Language: PowerShell
15 | # Timeout: 100
16 | # Version: 1.0
17 | #
18 | # -----------------------------------------------------------------------------
19 | # CONFIGURE
20 | # - AuthorizedAdmins
21 | # - DetectedAdmins
22 |
23 | # Custom Field: Authorized Admins
24 | $AuthorizedAdmins = "{{cf_authorized_admins}}"
25 |
26 | # Script Variable: detectedAdmins
27 | $detectedAdmins = "{{detectedAdmins}}"
28 |
29 | # Convert both lists to arrays and trim spaces
30 | $detectedArray = $detectedAdmins -split ',' | ForEach-Object { $_.Trim().ToLower() }
31 | $authorizedArray = $AuthorizedAdmins -split ',' | ForEach-Object { $_.Trim().ToLower() }
32 |
33 | # Find admins in detected list but not in authorized list
34 | # Convert both to lowercase for case-insensitive comparison
35 | $unauthorizedAdmins = $detectedArray | Where-Object { $authorizedArray -notcontains $_ }
36 |
37 | # Output unauthorized admins separated by commas
38 | $unauthorizedString = $unauthorizedAdmins -join ','
39 |
40 | if ($unauthorizedAdmins.Count -gt 0) {
41 | Write-Output "$unauthorizedString"
42 | exit 1
43 | } else {
44 | Write-Output "No unauthorized admins detected."
45 | exit 0
46 | }
47 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Get Office Product Key (Only last 5 are obtainable).ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Only the last 5 characters of an Office key are stored. This will
9 | go through versions of office and detect which are present and
10 | display the license including the last 5 characters of the key.
11 | .LANGUAGE
12 | PowerShell
13 | .TIMEOUT
14 | 600
15 | .LINK
16 | #>
17 |
18 | #Office 2016-2021 (32-bit) on a 32-bit Windows OS "C:\Program Files\Microsoft Office\Office16\OSPP.vbs"
19 | #Office 2016-2021 (32-bit) on a 64-bit Windows OS "C:\Program Files (x86)\Microsoft Office\Office16\OSPP.VBS"
20 | #Office 2016-2021 (64-bit) on a 64-bit Windows OS "C:\Program Files\Microsoft Office\Office16\OSPP.VBS"
21 | #Office 2013 (32-bit) on a 32-bit Windows OS "C:\Program Files\Microsoft Office\Office15\OSPP.VBS"
22 | #Office 2013 (32-bit) on a 64-bit Windows OS "C:\Program Files (x86)\Microsoft Office\Office15\OSPP.vbs"
23 | #Office 2013 (64-bit) on a 64-bit Windows OS "C:\Program Files (x86)\Microsoft Office\Office15\OSPP.VBS"
24 | #Office 2010 (32-bit) on a 32-bit Windows OS "C:\Program Files\Microsoft Office\Office14\OSPP.VBS"
25 | #Office 2010 (32-bit) on a 64-bit Windows OS "C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS"
26 | #Office 2010 (64-bit) on a 64-bit Windows OS "C:\Program Files\Microsoft Office\Office14\OSPP.VBS"
27 | #Office 2007 (32-bit) on a 32-bit Windows OS "C:\Program Files\Microsoft Office\Office12\OSPP.VBS"
28 | #Office 2007 (32-bit) on a 64-bit Windows OS "C:\Program Files (x86)\Microsoft Office\Office12\OSPP.VBS"
29 | #Office 2007 (64-bit) on a 64-bit Windows OS "C:\Program Files\Microsoft Office\Office12\OSPP.VBS"
30 | #Office 2003 (32-bit) on a 32-bit Windows OS "C:\Program Files\Microsoft Office\Office11\OSPP.VBS"
31 | #Office 2003 (32-bit) on a 64-bit Windows OS "C:\Program Files (x86)\Microsoft Office\Office11\OSPP.VBS"
32 | #Office 2003 (64-bit) on a 64-bit Windows OS "C:\Program Files\Microsoft Office\Office11\OSPP.VBS"
33 |
34 | $OfficePaths = @"
35 | C:\Program Files\Microsoft Office\Office16\OSPP.vbs
36 | C:\Program Files (x86)\Microsoft Office\Office16\OSPP.VBS
37 | C:\Program Files\Microsoft Office\Office16\OSPP.VBS
38 | C:\Program Files\Microsoft Office\Office15\OSPP.VBS
39 | C:\Program Files (x86)\Microsoft Office\Office15\OSPP.vbs
40 | C:\Program Files (x86)\Microsoft Office\Office15\OSPP.VBS
41 | C:\Program Files\Microsoft Office\Office14\OSPP.VBS
42 | C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS
43 | C:\Program Files\Microsoft Office\Office14\OSPP.VBS
44 | C:\Program Files\Microsoft Office\Office12\OSPP.VBS
45 | C:\Program Files (x86)\Microsoft Office\Office12\OSPP.VBS
46 | C:\Program Files\Microsoft Office\Office12\OSPP.VBS
47 | C:\Program Files\Microsoft Office\Office11\OSPP.VBS
48 | C:\Program Files (x86)\Microsoft Office\Office11\OSPP.VBS
49 | C:\Program Files\Microsoft Office\Office11\OSPP.VBS
50 | "@ -split "`n" | ForEach-Object { $_.trim() }
51 |
52 | foreach ($OfficePath in $OfficePaths) {
53 | $Present = Get-Item $OfficePath -ErrorAction SilentlyContinue
54 | if ($Present) {
55 | cscript $OfficePath /dstatus
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Office Business Edition 365.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Install Office for the following M365 license types:
9 | Microsoft 365 Apps for business
10 | Microsoft 365 Business Standard
11 | Microsoft 365 Business Premium
12 | .LANGUAGE
13 | PowerShell
14 | .TIMEOUT
15 | 600
16 | .LINK
17 | #>
18 |
19 | #Setup
20 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
21 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
22 |
23 | $TempFolder = 'C:\temp\'
24 | if (Test-Path -Path $TempFolder) {
25 | }
26 | else {
27 | mkdir c:\temp
28 | }
29 |
30 | #Download installers to temp folder
31 | $ProgressPreference = 'SilentlyContinue'
32 | Write-Host "Downloading required files"
33 | $BaseURL = "https://github.com/levelsoftware/scripts/raw/a92fc25f298b6310286657cc8d4885174c21fbd9/PowerShell/Scripts/Microsoft-Office/Install%20Office%20Business%20Edition%20365/"
34 | $O365Setup = "OfficeSetup.exe"
35 | $ConfigFile = "O365BusinessRetail-x64.xml"
36 | $ListOfFiles = $O365Setup, $ConfigFile
37 | foreach ($File in $ListOfFiles) {
38 | iwr -uri $BaseURL$File -outfile $TempFolder$File
39 | $FileSize = [math]::round((Get-Item -Path $TempFolder$File).Length / 1MB, 2)
40 | "Downloaded $File - $FileSize MB"
41 | }
42 |
43 | #Install Office
44 | & $TempFolder$O365Setup /configure $TempFolder$ConfigFile
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Office Business Edition 365/O365BusinessRetail-x64.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Office Business Edition 365/OfficeSetup.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:15f84601c0f020f43052eacab663b0ce357b15247d53f8a7e630e0b0a690bf9b
3 | size 7434448
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Office Pro Plus 365.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Install Office for the following M365 license types:
9 | Office 365 Enterprise E3
10 | Office 365 Enterprise E4
11 | Office 365 Enterprise E5
12 | Microsoft 365 E3
13 | Microsoft 365 E5
14 | Microsoft 365 Apps for enterprise
15 | .LANGUAGE
16 | PowerShell
17 | .TIMEOUT
18 | 600
19 | .LINK
20 | #>
21 |
22 | #Setup
23 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
24 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
25 |
26 | $TempFolder = 'C:\temp\'
27 | if (Test-Path -Path $TempFolder) {
28 | }
29 | else {
30 | mkdir c:\temp
31 | }
32 |
33 | #Download installers to temp folder
34 | Write-Host "Downloading required files"
35 | $ProgressPreference = 'SilentlyContinue'
36 |
37 | $BaseURL = "https://github.com/levelsoftware/scripts/raw/a92fc25f298b6310286657cc8d4885174c21fbd9/PowerShell/Scripts/Microsoft-Office/Install%20Office%20Pro%20Plus%20365/"
38 | $O365Setup = "OfficeSetup.exe"
39 | $ConfigFile = "O365ProPlusRetail-x64.xml"
40 | $ListOfFiles = $O365Setup, $ConfigFile
41 | foreach ($File in $ListOfFiles) {
42 | iwr -uri $BaseURL$File -outfile $TempFolder$File
43 | $FileSize = [math]::round((Get-Item -Path $TempFolder$File).Length / 1MB, 2)
44 | "Downloaded $File - $FileSize MB"
45 | }
46 |
47 | #Install Office
48 | & $TempFolder$O365Setup /configure $TempFolder$ConfigFile
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Office Pro Plus 365/O365ProPlusRetail-x64.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Office Pro Plus 365/OfficeSetup.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:15f84601c0f020f43052eacab663b0ce357b15247d53f8a7e630e0b0a690bf9b
3 | size 7434448
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Visio Pro 2021 Retail (365) (64-bit).ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Install Microsoft Visio Pro 2021 Retail. For M365 Visio Plan 2
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 |
17 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
18 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
19 |
20 | #Check for a temp path and create if not there
21 | $TempFolder = 'C:\temp'
22 | if (Test-Path -Path $TempFolder) {
23 | #Temp path exists
24 | } else {
25 | mkdir $TempFolder
26 | }
27 |
28 | #Download the required files
29 | "Downloading all required files"
30 | $ProgressPreference = 'SilentlyContinue'
31 | $BaseURL = "https://github.com/levelsoftware/scripts/raw/a92fc25f298b6310286657cc8d4885174c21fbd9/PowerShell/Scripts/Microsoft-Office/Install%20Visio%20Pro%202021%20Retail%20(365)%20(64-bit)/"
32 | $O365Setup = "VisioSetup.exe"
33 | $ConfigFile = "VisioPro2021Retail-x64.xml"
34 | $ListOfFiles = $O365Setup,$ConfigFile
35 | foreach($File in $ListOfFiles)
36 | {
37 | iwr -uri $BaseURL$File -outfile $TempFolder\$File
38 | $FileSize = [math]::round((Get-Item -Path $TempFolder\$File).Length/1MB,2)
39 | "Downloaded $File - $FileSize MB"
40 | }
41 |
42 | $Installer = "$TempFolder\$O365Setup"
43 | $ConfigFile = "$TempFolder\$ConfigFile"
44 |
45 | #Install the application
46 | & $Installer /configure $ConfigFile
47 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Visio Pro 2021 Retail (365) (64-bit)/VisioPro2021Retail-x32.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Visio Pro 2021 Retail (365) (64-bit)/VisioPro2021Retail-x64.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Visio Pro 2021 Retail (365) (64-bit)/VisioSetup.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:77c5017fe1285c1fc8aeb7713b0d4a485d1840a79b7a66ebb9e83d03c81d0c2c
3 | size 7384664
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install Visio Pro 2021 Retail (365) (64-bit)/VisioSetup32.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:731541f4b42659cf5f0a1d511671582970faeb2331c0c131cd6891e25ce712db
3 | size 7384664
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Install-Teams-(machine-wide).ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Install Teams Machine-Wide
12 | # Description: Download Teams from Microsoft.com and install it. Using the
13 | # machine-wide MSI installation method
14 | #
15 | # Language: PowerShell
16 | # Timeout: 300
17 | # Version: 1.0
18 | #
19 |
20 | $TempFolder = 'C:\temp\'
21 | if (Test-Path -Path $TempFolder -ErrorAction SilentlyContinue) {
22 | }
23 | else {
24 | mkdir $TempFolder
25 | }
26 |
27 | # Download the Teams installer from Microsoft.com
28 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
29 | $ProgressPreference = 'SilentlyContinue'
30 | $DownloadURL = "https://teams.microsoft.com/downloads/desktopurl?env=production&plat=windows&arch=x64&managedInstaller=true&download=true"
31 | $File = "Teams_windows_x64.msi"
32 | Invoke-WebRequest -uri $DownloadURL -outfile $TempFolder$File -UseBasicParsing
33 | $FileSize = [math]::round((Get-Item -Path $TempFolder$File).Length / 1MB, 2)
34 | "Downloaded $File - $FileSize MB"
35 |
36 | # Install Teams
37 | & msiexec /i $TempFolder$File /qn ALLUSERS=1
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | This may take a few minutes to run completely depending on the speed
9 | of the machine. Reboot after running as well because the icons might
10 | linger otherwise.
11 |
12 | Warning - this will remove all Office products including Visio,
13 | Project, etc!
14 |
15 | This is a combination of the M365 uninstaller and the legacy Office
16 | installer found here: https://github.com/OfficeDev/Office-IT-Pro-Deployment-Scripts/tree/master/Office-ProPlus-Deployment/Remove-PreviousOfficeInstalls
17 | .LANGUAGE
18 | PowerShell
19 | .TIMEOUT
20 | 1200
21 | .LINK
22 | #>
23 |
24 |
25 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
26 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
27 |
28 | $TempFolder = 'C:\temp\UninstallOffice\'
29 | if (Test-Path -Path $TempFolder) {
30 | #Temp path exists
31 | }
32 | else {
33 | mkdir $TempFolder
34 | }
35 |
36 | Write-Host "Downloading all required files"
37 | $BaseURL = "https://github.com/levelsoftware/scripts/raw/a92fc25f298b6310286657cc8d4885174c21fbd9/PowerShell/Scripts/Microsoft-Office/Uninstall%20All%20Versions%20of%20Office/"
38 | $O365Setup = "OfficeSetup.exe"
39 | $ConfigFile = "UninstallOffice.xml"
40 | $ListOfFiles = $O365Setup, $ConfigFile, "OffScrub03.vbs", "OffScrub07.vbs", "OffScrub10.vbs", "OffScrub_O15msi.vbs", "OffScrub_O16msi.vbs", "OffScrubc2r.vbs", "Office2013Setup.exe", "Office2016Setup.exe", "Remove-PreviousOfficeInstalls.ps1"
41 | foreach ($File in $ListOfFiles) {
42 | iwr -uri $BaseURL$File -outfile $TempFolder$File
43 | $FileSize = [math]::round((Get-Item -Path $TempFolder$File).Length / 1MB, 2)
44 | "Downloaded $File - $FileSize MB"
45 | }
46 |
47 | "Attempting to uninstall Office 365 with the primary setup.exe"
48 | #Set-PSDebug -Trace 1
49 | Start-Process -Filepath "$TempFolder$O365Setup" -Wait -ArgumentList "/configure $TempFolder$ConfigFile" -PassThru
50 |
51 | "Attempting to uninstall any legacy Office installs"
52 | Start-Process powershell -argument $TempFolder"Remove-PreviousOfficeInstalls.ps1" -Wait -PassThru
53 |
54 | "Parsing the registry for `"Microsoft 365`" and running the uninstallers"
55 | $OfficeUninstallStrings = ((Get-ItemProperty "HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*") `
56 | + (Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*") |
57 | Where { $_.DisplayName -like "*Microsoft 365*" } |
58 | Select UninstallString).UninstallString
59 |
60 | ForEach ($UninstallString in $OfficeUninstallStrings) {
61 | $UninstallEXE = ($UninstallString -split '"')[1]
62 | $UninstallArg = ($UninstallString -split '"')[2] + " DisplayLevel=False"
63 | Start-Process -FilePath $UninstallEXE -ArgumentList $UninstallArg -Wait -PassThru
64 | }
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub03.vbs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/levelrmm/scripts/48060ba4fa65595aea53b03a3be642c7394ba4af/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub03.vbs
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub07.vbs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/levelrmm/scripts/48060ba4fa65595aea53b03a3be642c7394ba4af/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub07.vbs
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub10.vbs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/levelrmm/scripts/48060ba4fa65595aea53b03a3be642c7394ba4af/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub10.vbs
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub_O15msi.vbs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/levelrmm/scripts/48060ba4fa65595aea53b03a3be642c7394ba4af/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub_O15msi.vbs
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub_O16msi.vbs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/levelrmm/scripts/48060ba4fa65595aea53b03a3be642c7394ba4af/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrub_O16msi.vbs
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrubc2r.vbs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/levelrmm/scripts/48060ba4fa65595aea53b03a3be642c7394ba4af/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OffScrubc2r.vbs
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/Office2013Setup.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:5bfc97c0218f83c3cac5247bc9c3c2d9509dec15e71a9717968640056f7c76d9
3 | size 1055408
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/Office2016Setup.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:3dde708dae81a03d68daeef9297af86cb04bb564245b8683bd4840920550f420
3 | size 4241096
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/OfficeSetup.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:15f84601c0f020f43052eacab663b0ce357b15247d53f8a7e630e0b0a690bf9b
3 | size 7434448
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/README.md:
--------------------------------------------------------------------------------
1 | Use "Uninstall All Versions of Office.ps1" it references Remove-PreviousOfficeInstalls.ps1
2 |
3 | Credit to: https://github.com/OfficeDev/Office-IT-Pro-Deployment-Scripts
4 |
5 | # **Remove previous versions of Office**
6 |
7 | This PowerShell Script will remove the local MSI installations of Office 2013 and older. The Offscrub vbs scripts are used to remove the MSI installations of Office products.
8 |
9 | ### **Using the Offscrub scripts**
10 |
11 | The Offscrub vbs scripts can be used to automate the removal of Office products. The scripts will uninstall the existing Office products regardless of the current health of the installation. The Remove-PreviousOfficeInstalls.ps1 script will determine which version of Office is currently installed and will call the appropriate Offscrub vbs script to remove the Office products installations.
12 |
13 | The Offscrub vbs files included are:
14 |
15 | * **OffScrub03.vbs** - Used to remove Office 2003 products.
16 | * **OffScrub07.vbs** - Used to remove Office 2007 products.
17 | * **OffScrub10.vbs** - Used to remove Office 2010 products.
18 | * **OffScrub_O15msi.vbs** - Used to remove Office 2013 MSI products.
19 | * **OffScrub_O16msi.vbs** - Used to remove Office 2016 MSI products.
20 | * **OffScrubc2r.vbs** - Used to remove Click-To-Run products.
21 |
22 | More information can be found at: https://blogs.technet.microsoft.com/odsupport/2011/04/08/how-to-obtain-and-use-offscrub-to-automate-the-uninstallation-of-office-products/
23 |
24 | ### Example
25 |
26 | 1. Open a PowerShell console.
27 |
28 | From the Run dialog type PowerShell
29 |
30 | 2. Change directory to the location where the PowerShell Script is saved.
31 |
32 | Example: cd C:\PowerShellScripts
33 |
34 | 3. Dot-Source the Remove-PreviousOfficeInstalls function into your current session.
35 |
36 | Type . .\Remove-PreviousOfficeInstalls.ps1
37 |
38 | By including the additional period before the relative script path you are 'Dot-Sourcing'
39 | the PowerShell function in the script into your PowerShell session which will allow you to
40 | run the function from the console.
41 |
42 | 3. Run the function.
43 |
44 | Type Remove-PreviousOfficeInstalls
45 |
46 | The version of Office will be detected automatically and the appropriate Offscrub file will be used to remove any Office products. If Office is not detected on the client the script will notify the admin and stop running.
47 |
48 |
49 |
50 |
51 |
52 |
53 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall All Versions of Office/UninstallOffice.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall Office 365.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Uninstall Office 365 Editions. To uninstall all versions of Office,
9 | see "Uninstall All Versions of Office.ps1".
10 | .LANGUAGE
11 | PowerShell
12 | .TIMEOUT
13 | 900
14 | .LINK
15 | #>
16 |
17 | #Setup
18 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
20 |
21 | $TempFolder = 'C:\temp\'
22 | if (Test-Path -Path $TempFolder) {
23 | }
24 | else {
25 | mkdir c:\temp
26 | }
27 |
28 | #Download installers to temp folder
29 | Write-Host "Downloading required files"
30 | $BaseURL = "https://github.com/levelsoftware/scripts/raw/main/PowerShell/Scripts/Microsoft-Office/Uninstall%20Office%20365/"
31 | $O365Setup = "OfficeSetup.exe"
32 | $ConfigFile = "UninstallOffice.xml"
33 | $ListOfFiles = $O365Setup, $ConfigFile
34 | $ProgressPreference = 'SilentlyContinue'
35 | foreach ($File in $ListOfFiles) {
36 | iwr -uri $BaseURL$File -outfile $TempFolder$File
37 | $FileSize = [math]::round((Get-Item -Path $TempFolder$File).Length / 1MB, 2)
38 | "Downloaded $File - $FileSize MB"
39 | }
40 |
41 | #Install Office
42 | & $TempFolder$O365Setup /configure $TempFolder$ConfigFile
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall Office 365/OfficeSetup.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:15f84601c0f020f43052eacab663b0ce357b15247d53f8a7e630e0b0a690bf9b
3 | size 7434448
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Microsoft-Office/Uninstall Office 365/UninstallOffice.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Remote-Control/Detect Installed Remote Control Apps.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 | .DESCRIPTION
7 | Pull the list of installed apps and filter on a list of known remote
8 | control tools.
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | $RemoteAccessApps = $null
17 |
18 | #List of remote access applications that will be searched for
19 | $RemoteAccessApps = @"
20 | Action1
21 | AeroAdmin
22 | AirDroid
23 | Alpemix
24 | Ammyy
25 | AnyDesk
26 | Anyplace
27 | Atera
28 | AweSun
29 | Bomgar
30 | Chrome Remote Desktop
31 | ConnectWise Automate
32 | ConnectWise Control
33 | Connectwise RMM
34 | Continuum
35 | CrazyRemote
36 | DameWare
37 | Datto RMM
38 | DeskShare
39 | Ericom AccessNow
40 | FastViewer
41 | FixMe.IT
42 | GetScreen
43 | GoToAssist
44 | GoToMyPC
45 | Goverlan
46 | Guacamole
47 | Honeywell TotalConnect
48 | HopToDesk
49 | ISL Light
50 | Impero
51 | Itarian
52 | JSP File Browser
53 | Jump Client
54 | Jump Desktop
55 | Kaseya
56 | Labtech
57 | LiveCare
58 | LogMeIn
59 | MSP360 Remote Assistant
60 | ManageEngine
61 | Millennium Remote Support
62 | MoboRobo
63 | Motorola Timbuktu
64 | N-Able
65 | N-Sight
66 | N-central
67 | NTR Support
68 | Naverisk
69 | NetSupport
70 | Netop
71 | NinjaOne
72 | NinjaRMM
73 | NoMachine
74 | OptiTune
75 | Panorama9
76 | Parsec
77 | pcAnywhere
78 | PhoneMyPc
79 | Pocket Controller
80 | Pulseway
81 | RDM+
82 | RMS Connect
83 | Radmin
84 | Remote Assist
85 | Remote Desktop
86 | Remote GDB
87 | Remote Utilities
88 | RemotePC
89 | Remotely
90 | Remotix
91 | Rexec
92 | Rlogin
93 | Rsupport
94 | RustDesk
95 | SOTI XSight
96 | ScreenConnect
97 | Screenhero
98 | ShowMyPC
99 | Splashtop
100 | SpyAgent
101 | Sunlogin
102 | SuperOps
103 | Supremo
104 | Syncro
105 | Synergy
106 | Take Control
107 | TeamViewer
108 | UltraViewer
109 | VNC
110 | Webex Support
111 | Windows Agent
112 | Yoics
113 | Zoho Assist
114 | "@ -split "`n" | ForEach-Object { $_.trim() }
115 |
116 | #Convert the array into a piped list so we can easily use it for a -match filter
117 | $RemoteAccessApps = (($RemoteAccessApps | ForEach-Object { [regex]::Escape($_) }) -join "|")
118 |
119 | #Get the list of installed apps -- filtering for items in our list.
120 | $ErrorActionPreference = "silentlycontinue"
121 | get-package | Where-Object Name -match "$RemoteAccessApps" | Select -ExpandProperty Name
--------------------------------------------------------------------------------
/PowerShell/Scripts/Remote-Control/Teamviewer/Get - TeamviewerID.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 | .DESCRIPTION
7 | Pull teamviewer ID from the HOST
8 | .LANGUAGE
9 | PowerShell
10 | .TIMEOUT
11 | 100
12 | .LINK
13 | #>
14 |
15 | $TeamViewerVersionsNums = @('6', '7', '8', '9', '')
16 | $RegPaths = @('HKLM:\SOFTWARE\TeamViewer', 'HKLM:\SOFTWARE\Wow6432Node\TeamViewer')
17 | $Paths = @(foreach ($TeamViewerVersionsNum in $TeamViewerVersionsNums) {
18 | foreach ($RegPath in $RegPaths) {
19 | $RegPath + $TeamViewerVersionsNum
20 | }
21 | })
22 |
23 | foreach ($Path in $Paths) {
24 | If (Test-Path $Path) {
25 | $GoodPath = $Path
26 | }
27 | }
28 |
29 | foreach ($FullPath in $GoodPath) {
30 | If ($null -ne (Get-Item -Path $FullPath).GetValue('ClientID')) {
31 | $TeamViewerID = (Get-Item -Path $FullPath).GetValue('ClientID')
32 | $ErrorActionPreference = 'silentlycontinue'
33 |
34 | }
35 | }
36 |
37 | If ($TeamViewerID){
38 | Write-Output "Teamviewer ID: $($TeamViewerID)"
39 | }
40 | else {
41 | Write-Host "Teamviewer was not detected."
42 | Exit 1
43 | }
44 |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Security-Apps/SentinelOne/Install SentinelOne.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Install Sentinel One for Windows 64-bit
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | #Replace this with your SentinelOne Site Token. This can be found in your SentinelOne portal under Settings -> Sites.
17 | $SiteToken = "INSERT_S1_TOKEN_HERE"
18 |
19 | #The Windows 64-Bit installer
20 | $S1_File = "SentinelInstaller_windows_64bit_v23_4_2_216.msi"
21 |
22 | #Setup
23 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
24 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
25 |
26 | #Check if the SetntinelOne Agent service is already present.
27 | $servicename = "SentinelAgent"
28 | if (Get-Service $servicename -ErrorAction SilentlyContinue) {
29 | Write-Host "$servicename exists. Exiting..."
30 | exit 1
31 | }
32 | else {
33 | Write-Host "$servicename not found. Installing Sentinel One."
34 | }
35 |
36 | $TempFolder = 'C:\temp'
37 | if (Test-Path -Path $TempFolder) {
38 | }
39 | else {
40 | mkdir c:\temp
41 | }
42 |
43 | #Installer path
44 | $Installer = "$TempFolder\$S1_File"
45 |
46 | #Set VSS size to 10% prior to installing SentinelOne
47 | vssadmin Resize ShadowStorage /For=C: /On=C: /MaxSize=10%
48 |
49 | #Download the installer
50 | $ProgressPreference = 'SilentlyContinue'
51 | iwr -uri https://github.com/levelrmm/scripts/raw/main/PowerShell/Scripts/Security-Apps/SentinelOne/$S1_File -outfile $Installer
52 | $FileSize = [math]::round((Get-Item -Path $Installer).Length / 1MB, 2)
53 | "Downloaded $Installer - $FileSize MB"
54 |
55 | #Run the installer
56 | & $Installer /q /norestart UI=false SITE_TOKEN="$SiteToken"
57 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Security-Apps/SentinelOne/SentinelInstaller_windows_64bit_v22_3_4_612.msi:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:14045124a0c78ddb9cf5add4f1b4feca6dd5bd0069988bda58ad674ecc9b1322
3 | size 71487488
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Security-Apps/SentinelOne/SentinelInstaller_windows_64bit_v23_2_3_358.msi:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:fd324d65438b457475ba276a99a0f7d2a3cf945d8ce1da87d055957b9e9a1152
3 | size 81563648
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Security-Apps/SentinelOne/SentinelInstaller_windows_64bit_v23_4_2_216.msi:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:1857e97ee69e5c95e43568c295e44a51fe00374d3543d580a479bf0b3de577d5
3 | size 73412608
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/VPN-Clients/FortiClient/.gitattributes:
--------------------------------------------------------------------------------
1 | FortiClientVPNSetup_7.2.0.0690_x64.exe filter=lfs diff=lfs merge=lfs -text
2 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/VPN-Clients/FortiClient/FortiClientVPNSetup_7.2.0.0690_x64.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:bb35414818d071a25e035e294c026d2d35bdf45e676ec45054ac9dc4ad1a1a34
3 | size 134458936
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/VPN-Clients/FortiClient/FortiClientVPNSetup_7.2.1.0779_x64.exe:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:19d322addeda20b0d70af7629b923f38105eff569bff8cf7b0669ed54411d477
3 | size 131897400
4 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/VPN-Clients/FortiClient/Install-FortiClient.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Install Forticlient and add a VPN profile.
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 |
17 | $ClientName = "INSERT_VPN_PROFILE_NAME_HERE"
18 | $VPN_URL = "INSERT_VPN_FQDN_HERE" #FQDN or IP of VPN - if using a unique port append ":"" and the port number (:4443)
19 |
20 | #Function to create FortiClient profile
21 | function SetupForticlientProfile {
22 | if (Test-Path -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$ClientName") {
23 | "$ClientName profile already exists."
24 | }
25 | else {
26 | "$ClientName profile does not exist. Creating now."
27 | New-Item "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$ClientName"
28 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$ClientName" -Name 'Description' -Value "$ClientName VPN" -PropertyType String
29 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$ClientName" -Name 'Server' -Value "$VPN_URL" -PropertyType String
30 | New-ItemProperty -LiteralPath "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$ClientName" -Name 'promptusername' -Value 1 -PropertyType DWord
31 | }
32 | }
33 |
34 | #Check if FortiClient is already installed
35 | $FortiClientExecutable = "C:\Program Files\Fortinet\FortiClient\FortiClient.exe"
36 | if (Test-Path -Path $FortiClientExecutable) {
37 | Write-Host "$FortiClientExecutable exists."
38 | SetupForticlientProfile
39 | exit 1
40 | }
41 | else {
42 | Write-Host "$FortiClientExecutable not found. Installing FortiClient."
43 | }
44 |
45 | #Check for temp folder location and create if not present
46 | $TempFolder = 'c:\temp'
47 | if (Test-Path -Path $TempFolder) {
48 | }
49 | else {
50 | mkdir $TempFolder
51 | }
52 |
53 | #Download Forticlient installer
54 | $Installer = "$TempFolder\FortiClientVPNSetup_7.2.1.0779_x64.exe"
55 | Set-ExecutionPolicy RemoteSigned -Scope Process -Force
56 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
57 | $ProgressPreference = 'SilentlyContinue'
58 | iwr -uri https://github.com/levelsoftware/scripts/raw/main/PowerShell/Scripts/VPN-Clients/FortiClient/FortiClientVPNSetup_7.2.1.0779_x64.exe -outfile $Installer
59 | $FileSize = [math]::round((Get-Item -Path $Installer).Length / 1MB, 2)
60 | "Downloaded $Installer - $FileSize MB"
61 |
62 | #Install FortiClient
63 | Start-Process $Installer -Wait -ArgumentList "/quiet /norestart" -PassThru
64 |
65 | #Check if FortiClient is already installed
66 | $FortiClientExecutable = "C:\Program Files\Fortinet\FortiClient\FortiClient.exe"
67 | if ( Test-Path -Path $FortiClientExecutable) {
68 | Write-Host "Forticlient successfully installed, setting up $ClientName VPN profile"
69 | Start-Sleep -Seconds 5 #The profile setup was failing if run too soon, even though we're using Start-Process with "-wait"
70 | SetupForticlientProfile
71 | exit
72 | }
73 | else {
74 | Write-Host "Forticlient was not installed successfully."
75 | Exit 1
76 | }
77 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Add local admin account.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Add a local user account and add it to the local administrators group
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | #Add the username, password, and user description here
17 | $UserName = "INSERT_USERNAME_HERE"
18 | $Password = "INSERT_PASSWORD_HERE"
19 | $Description = "INSERT_DESCRIPTION_HERE"
20 |
21 | #Print out the list of enabled local accounts
22 | Get-LocalUser | Where-Object {$_.Enabled -eq 'True'}
23 |
24 | #If the account already exists, exit.
25 | $checkUser = Get-LocalUser | Where-Object {$_.Name -eq $UserName}
26 | if($checkUser){
27 | Write-Host "The user account $UserName already exists."
28 | exit 1
29 | }
30 |
31 | #Create the account
32 | $Password = convertto-securestring $Password -asplaintext -force
33 | New-LocalUser "$UserName" -Password $Password -Description $Description
34 | Add-LocalGroupMember -Group "Administrators" -Member "$UserName"
35 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Assign Key and Activate Windows.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Check to see if Windows is activated. If not, assign a key and activate
9 | Windows.
10 |
11 | .LANGUAGE
12 | PowerShell
13 | .TIMEOUT
14 | 100
15 | .LINK
16 | #>
17 |
18 | #Set your product key here
19 | $Key = "INSERT-WINDOWS-PRODUCT-KEY-HERE"
20 |
21 | #Check current activation status. If already activated, do not change the key.
22 | $ActivationStatus = Get-CimInstance SoftwareLicensingProduct -Filter "partialproductkey is not null" | ? name -like windows* | where { $_.PartialProductKey } | select -ExpandProperty LicenseStatus
23 | if ($ActivationStatus) {
24 | Write-Host "Windows is already activated. Exiting without changing the key."
25 | exit
26 | }
27 |
28 | #Change the key
29 | slmgr.vbs -ipk $Key
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Change Windows Power Settings.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Set Power settings
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | #Settings when plugged in to external power
17 | Powercfg /Change standby-timeout-ac 0 #Sleep timer
18 | Powercfg /Change hibernate-timeout-ac 0 #Hibernate timer "0" means never
19 | Powercfg /Change monitor-timeout-ac 20 #Monitor sleep timer
20 |
21 | #Settings when running on battery power
22 | Powercfg /Change standby-timeout-dc 60 #Sleep timer
23 | Powercfg /Change hibernate-timeout-dc 0 #Hibernate timer "0" means never
24 | Powercfg /Change monitor-timeout-dc 10 #Monitor sleep timer
25 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Change computer name.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Change the computer name to a name followed by the serial number
9 | (service tag). For example "Contoso-ABC1234". Please note the
10 | computer will need to be rebooted in order to take effect.
11 | .LANGUAGE
12 | PowerShell
13 | .TIMEOUT
14 | 100
15 | .LINK
16 | #>
17 |
18 | #Change this to the proper name that will be used to prefix
19 | $ClientName = "CHANGE_ME"
20 | $SerialNumber = (Get-WmiObject -class win32_bios).SerialNumber
21 | $computer = "$ClientName-$SerialNumber"
22 |
23 | #Print out the current computer name
24 | "Current hostname is $env:computername"
25 | Rename-Computer -NewName $computer -Force
26 |
27 | #Print out the new computer name.
28 | "Hostname changed to $computer"
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Clear Recycle Bin.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Clear all local recycle bins.
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | clear-recyclebin -Force
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Create Wireless SSID Profile.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Add a wireless SSID to the target devices.
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | #Replace the SSID and Password with the correct settings.
17 | param(
18 | [string]$SSID = "SSID_GOES_HERE",
19 | [string]$PSK = "WIRELESS_PASSWORD_GOES_HERE"
20 | )
21 |
22 | #Check that the Wireless AutoConfig Service (wlansvc) is running
23 | $serviceStatus = Get-Service -Name wlansvc | Select -ExpandProperty Status
24 | if ($serviceStatus -ne "Running") {
25 | Write-Host -ForegroundColor Red "The Wireless AutoConfig Service (wlansvc) is not running. Perhaps this device doesn't have a wireless adapter. Exiting without creating the profile."
26 | Exit 1
27 | }
28 |
29 | #Create a wifi profile file to be imported
30 | $guid = New-Guid
31 | $wirelessProfilePath = "$($ENV:TEMP)\$guid.SSID"
32 | $HexArray = $ssid.ToCharArray() | foreach-object { [System.String]::Format("{0:X}", [System.Convert]::ToUInt32($_)) }
33 | $HexSSID = $HexArray -join ""
34 | @"
35 |
36 |
37 | $($SSID)
38 |
39 |
40 | $($HexSSID)
41 | $($SSID)
42 |
43 |
44 | ESS
45 | auto
46 |
47 |
48 |
49 | WPA2PSK
50 | AES
51 | false
52 |
53 |
54 | passPhrase
55 | false
56 | $($PSK)
57 |
58 |
59 |
60 |
61 | false
62 | 1451755948
63 |
64 |
65 | "@ | out-file "$wirelessProfilePath"
66 |
67 | #Import the file containing the wireless profile
68 | netsh wlan add profile filename="$wirelessProfilePath" user=all
69 |
70 | #Delete the file containing the wireless profile
71 | Start-sleep -Seconds 5
72 | remove-item "$wirelessProfilePath" -Force
73 |
74 | #Check if the file was successfully deleted.
75 | if (Get-Item "$wirelessProfilePath" -ErrorAction SilentlyContinue) {
76 | Write-Host -ForegroundColor Red "The file containing the wireless profile was unable to be deleted. Investigate and remove this file as it contains a password!"
77 | exit 1
78 | }
79 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Detect old Powershell and Upgrade - Server 2012.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | This will install WMF 5.1 on Server 2012 and Server 2012 R2. This will
9 | upgrade Powershell to 5.1 as well.
10 |
11 | .LANGUAGE
12 | PowerShell
13 | .TIMEOUT
14 | 100
15 | .LINK
16 | #>
17 |
18 | $osVersion = (Get-WMIObject win32_operatingsystem) | Select -ExpandProperty Version
19 |
20 | #Server 2012
21 | if ($osVersion -eq "6.2.9200") {
22 | Write-Host "Running Server 2012"
23 | $BaseURL = "https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/"
24 | $Download = "W2K12-KB3191565-x64.msu"
25 | }
26 | #Server 2012 R2
27 | elseif ($osVersion -eq "6.3.9200" -or $osVersion -eq "6.3.9600") {
28 | Write-Host "Running Server 2012 R2"
29 | $BaseURL = "https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/"
30 | $Download = "Win8.1AndW2K12R2-KB3191564-x64.msu"
31 | }
32 | else {
33 | Write-Host "This script is only meant for Windows Server 2012 and 2012 R2"
34 | exit 1
35 | }
36 |
37 | #Check if already running Powershell version 5 or higher.
38 | if ($PSVersionTable.PSVersion.Major -ge 5) {
39 | Write-Output "This device is already running PowerShell version 5 or above."
40 | exit 0
41 | }
42 |
43 | #Check for free disk space
44 | $FreeSpace = get-volume (get-location).Drive.Name | select -ExpandProperty SizeRemaining
45 | if ($FreeSpace -le 250000000) {
46 | Write-Host "Not enough space on the disk"
47 | exit 1
48 | }
49 |
50 | #Check for temp path
51 | $TempFolder = 'C:\temp\'
52 | if (Test-Path -Path $TempFolder -ErrorAction SilentlyContinue) {
53 | }
54 | else {
55 | mkdir $TempFolder
56 | }
57 |
58 | #Setup download
59 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
60 | $ProgressPreference = 'SilentlyContinue'
61 |
62 |
63 | #If multiple files are needed from the same base URL, enter them comma separated.
64 | $ListOfFiles = $Download
65 |
66 | #Download file(s) to temp folder and report on size
67 | foreach ($File in $ListOfFiles) {
68 | Invoke-WebRequest -uri $BaseURL$File -outfile $TempFolder$File
69 | $FileSize = [math]::round((Get-Item -Path $TempFolder$File).Length / 1MB, 2)
70 | "Downloaded $File - $FileSize MB"
71 | }
72 |
73 | & wusa.exe "$TempFolder$File" /quiet /norestart
74 | start-sleep 10
75 | Write-Host "The computer must be rebooted in order for the new version of PowerShell to be installed."
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Domain Join.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Join computer to Active Directory domain and reboot
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | #Setup variables for domain, username, and password. Ensure that the the device is using the DCs for DNS.
17 | $domain = "INSERT_DOMAIN_HERE.COM"
18 | $username = "$domain\INSERT_USERNAME_HERE"
19 | $password = "INSERT_PASSWORD_HERE" | ConvertTo-SecureString -asPlainText -Force
20 |
21 | #Run the domain join command
22 | $credential = New-Object System.Management.Automation.PSCredential($username,$password)
23 | Add-Computer -DomainName $domain -Credential $credential -restart
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Enable User Account Control (UAC).ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | List the current UAC settings and then change them to defaults and list
9 | again.
10 | .LANGUAGE
11 | PowerShell
12 | .TIMEOUT
13 | 100
14 | .LINK
15 | #>
16 |
17 | #Setup
18 | $path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
19 | $filter = "ConsentPromptBehaviorAdmin|ConsentPromptBehaviorUser|EnableInstallerDetection|EnableLUA|EnableVirtualization|PromptOnSecureDesktop|ValidateAdminCodeSignatures|FilterAdministratorToken"
20 |
21 | #List current UAC settings
22 | Write-Host "Old UAC settings:"
23 | (Get-ItemProperty $path).psobject.properties | where { $_.name -match $filter } | select name, value | Sort-Object name
24 |
25 | #Set UAC to the default setting of "Notify me only when apps try to make changes to my computer (default)"
26 | New-ItemProperty -Path $path -Name 'ConsentPromptBehaviorAdmin' -Value 5 -PropertyType DWORD -Force | Out-Null
27 | New-ItemProperty -Path $path -Name 'ConsentPromptBehaviorUser' -Value 3 -PropertyType DWORD -Force | Out-Null
28 | New-ItemProperty -Path $path -Name 'EnableInstallerDetection' -Value 1 -PropertyType DWORD -Force | Out-Null
29 | New-ItemProperty -Path $path -Name 'EnableLUA' -Value 1 -PropertyType DWORD -Force | Out-Null
30 | New-ItemProperty -Path $path -Name 'EnableVirtualization' -Value 1 -PropertyType DWORD -Force | Out-Null
31 | New-ItemProperty -Path $path -Name 'PromptOnSecureDesktop' -Value 1 -PropertyType DWORD -Force | Out-Null
32 | New-ItemProperty -Path $path -Name 'ValidateAdminCodeSignatures' -Value 0 -PropertyType DWORD -Force | Out-Null
33 | New-ItemProperty -Path $path -Name 'FilterAdministratorToken' -Value 0 -PropertyType DWORD -Force | Out-Null
34 |
35 | #List the newly edited UAC values
36 | Write-Host "`n`n`nNew UAC settings:"
37 | (Get-ItemProperty $path).psobject.properties | where { $_.name -match $filter } | select name, value | Sort-Object name
38 |
39 | #Need to reboot before these take effect
40 | Write-Host "`nSettings will not be applied until the computer is rebooted."
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Enable Windows Firewall.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Detect the state of the Windows firewall for all profiles, and if the
9 | firewall is disabled, enable it.
10 | .LANGUAGE
11 | PowerShell
12 | .TIMEOUT
13 | 100
14 | .LINK
15 | #>
16 |
17 | #Initialize
18 | $profileName = $null
19 | $profileStatus = $null
20 | $i = 0
21 |
22 | #Get the current Windows firewall settings for all profiles (Domain, Private, Public)
23 | $profileName += get-netfirewallprofile | Select -ExpandProperty name
24 | $profileStatus += get-netfirewallprofile | Select -ExpandProperty enabled
25 |
26 | #List the status of each profile
27 | foreach ($profileStatusItem in $profileStatus) {
28 | if ($profileStatusItem) {
29 | Write-host -foregroundcolor green $profileName[$i] "Profile: ENABLED"
30 | }
31 | else {
32 | Write-host -foregroundcolor red $profileName[$i] "Profile: DISABLED"
33 | }
34 | $i++
35 | }
36 |
37 | #Enable the Windows firewall for profiles that have it disabled
38 | if ($profileStatus -contains $false) {
39 | $i = 0
40 | foreach ($profileStatusItem in $profileStatus) {
41 | if ($profileStatusItem) {
42 | }
43 | else {
44 | Set-NetFirewallProfile -Profile $profileName[$i] -Enabled True
45 | Write-host -foregroundcolor green $profileName[$i] "profile firewall has been enabled!"
46 | }
47 | $i++
48 | }
49 | }
50 | else {
51 | Write-Host "Firewall is already enabled on all profiles. Exiting."
52 | }
53 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Force-InTune-Sync.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Syncronize device to Intune
12 | # Description: Force the device to sync up with Intune Management Extension (IME)
13 | #
14 | # Timeout: 300
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 |
19 | $Shell = New-Object -ComObject Shell.Application
20 | $Shell.open("intunemanagementextension://syncapp")
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Get Info About Printers.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Get infor about printers
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | Get-Printer | select name, Drivername, portname
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Get Installed Applications.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 | .DESCRIPTION
7 | Pull the list of installed apps
8 | .LANGUAGE
9 | PowerShell
10 | .TIMEOUT
11 | 100
12 | .LINK
13 | #>
14 |
15 | get-package | select name, version | sort Name
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Get currently connected wireless SSID.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Show the currently connected wireless SSID
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | $WifiStatus = netsh wlan show interfaces
17 | $WifiState = netsh wlan show interfaces | Select-String State
18 |
19 | #Filter out the devices that do not have wifi enabled
20 | if ($WifiStatus -eq "The Wireless AutoConfig Service (wlansvc) is not running.") {
21 | write-host "Wifi is not enabled on this device"
22 | exit 1
23 | }
24 | #Filter out devices that have wifi enabled but are not connected via wifi
25 | elseif ($WifiState -like "*disconnected*") {
26 | write-host "Wifi is not connected on this device"
27 | exit 1
28 | }
29 | #Use " SSID " so as to avoid picking up BSSID as well
30 | netsh wlan show interfaces | select-string " SSID "
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Get info from lost or stolen device.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Pull device details and networking information to help identify the
9 | device and its possible location.
10 |
11 | To-do - Consider adding network scanning to provide more evidence
12 | about the network where the device comes online.
13 | .LANGUAGE
14 | PowerShell
15 | .TIMEOUT
16 | 100
17 | .LINK
18 | #>
19 |
20 | # Get System Details
21 | systeminfo
22 |
23 | # Get Local IP
24 | ipconfig /all
25 |
26 | # Get Remote IP
27 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
28 | (iwr https://ip.level.io/json -UseBasicParsing).Content.Trim()
29 |
30 | #Get list of all visible wireless networks
31 | netsh wlan show networks mode=bssid
32 |
33 | #Get ARP table
34 | arp -a
35 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Logoff-all-user-sessions.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | # -----------------------------------------------------------------------------
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Logout all user sessions
12 | # Description: Logs out all users after sending a warning message to the
13 | # desktop
14 | # Timeout: 100
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 |
19 | # Logout warning message that will be displayed to the end-user session(s)
20 | $message = "Warning: You will be logged off in 3 minutes. Please save your work."
21 |
22 | # Display the message on all user sessions
23 | $quserOutput = quser | Select-Object -Skip 1
24 | $quserOutput | ForEach-Object {
25 | $sessionId = $_.Substring(39, 7).Trim()
26 | $username = $_.Substring(0, 18).Trim()
27 | msg.exe /time:180 $sessionId $message
28 | Write-host "Logoff warning message sent to $username" | Out-Host
29 | }
30 |
31 | # Countdown to logoff in 30 second increments.
32 | $timer = 120
33 | do {
34 | Write-Host "$timer seconds left before logging out user(s)." | Out-Host
35 | Sleep 30
36 | $timer = $timer - 30
37 | } while ($timer -gt 0)
38 |
39 | # Logoff all users
40 | $quserOutput | ForEach-Object {
41 | $sessionId = $_.Substring(39, 7).Trim()
42 | logoff $sessionId /V
43 | }
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Perform Bandwidth Speed Test.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Download the Ookla speedtest app and run a speedtest
9 | https://www.speedtest.net/apps/cli
10 | .LANGUAGE
11 | PowerShell
12 | .TIMEOUT
13 | 300
14 | .LINK
15 | #>
16 |
17 | $TempFolder = 'C:\temp\'
18 | if (Test-Path -Path $TempFolder -ErrorAction SilentlyContinue) {
19 | }
20 | else {
21 | mkdir c:\temp
22 | }
23 |
24 | $SpeedTestEXE = $TempFolder + "SpeedTest\speedtest.exe"
25 |
26 | function RunTest() {
27 | & $SpeedTestEXE --accept-license
28 | }
29 |
30 | #check if file exists
31 | if (Test-Path -path $SpeedTestEXE -ErrorAction SilentlyContinue) {
32 | Write-Host "Starting speed test" -ForegroundColor Green
33 | RunTest
34 | }
35 | else {
36 | Write-Host "SpeedTest doesn't exist, starting file download"
37 | #Setup download
38 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
39 | $ProgressPreference = 'SilentlyContinue'
40 | $BaseURL = "https://install.speedtest.net/app/cli/"
41 | $App = "ookla-speedtest-1.2.0-win64.zip"
42 | #If multiple files are needed, enter them comma separated.
43 | $ListOfFiles = $App
44 | #Download file(s) to temp folder
45 | foreach ($File in $ListOfFiles) {
46 | Invoke-WebRequest -uri $BaseURL$File -outfile $TempFolder$File
47 | $FileSize = [math]::round((Get-Item -Path $TempFolder$File).Length / 1MB, 2)
48 | "Downloaded $File - $FileSize MB"
49 | }
50 | #Unzip the file
51 | Expand-Archive -Path $TempFolder$File -DestinationPath $TempFolder"SpeedTest"
52 | RunTest
53 | }
54 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Perform Network Scan.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Detect the primary IP address of the device and perform a network scan
9 | looking for TCP ports 22,23,80,443,3389. Also perform name lookup and
10 | pull the manufacturer from the MAC address.
11 |
12 | .LANGUAGE
13 | PowerShell
14 | .TIMEOUT
15 | 100
16 | .LINK
17 | #>
18 |
19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
20 |
21 | #Check for NuGet on the device and install if not present
22 | if (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue) {
23 | #Write-Host "NuGet Package already exists"
24 | }
25 | else {
26 | Write-host "Installing NuGet"
27 | Install-PackageProvider -Name NuGet -force
28 | }
29 |
30 | #Check for dependent modules and install if not present
31 | Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
32 | $ModuleList = "AdminToolbox.Networking"
33 | foreach ($Module in $ModuleList) {
34 | if (Get-Module -ListAvailable -Name $Module -ErrorAction SilentlyContinue) {
35 | #Write-Host "$Module module already exists"
36 | }
37 | else {
38 | Write-Host "$Module does not exist. Installing"
39 | Install-Module -Name $Module -Force -AllowClobber
40 | }
41 | }
42 |
43 | #Get the primary IP address of the device and put it in CIDR notation
44 | $PrimaryIP = Find-NetRoute -RemoteIPAddress 0.0.0.0 | select *IPAddress*, *PrefixLength*
45 | [string]$IP = $PrimaryIP.IPAddress
46 | [string]$mask = $PrimaryIP.PrefixLength
47 | $IP = $IP.trim()
48 | $mask = $mask.Trim()
49 |
50 | #Check if the subnet mask is too large to scan in a reasonable time
51 | if ($mask -le 21) {
52 | Write-Host "This /$mask network is too large to scan in a timely manner!"
53 | exit 1
54 | }
55 | $IPandMask = $IP + "/" + $mask
56 |
57 | Write-Host "Beginning network scan for $IPandMask. This may take a few minutes depending on the size of the network."
58 |
59 | #Start the network scan and format the table for good readability
60 | Invoke-NetworkScan -CIDR $IPandMask | Format-Table -Property `
61 | @{Name = "IP"; expression = 'IP'; Width = 15 }, `
62 | @{Name = "Hostname"; expression = 'Hostname'; Width = 30 }, `
63 | @{Name = "Ping"; expression = { $_.Ping -replace "False$", "-" }; Width = 4 }, `
64 | @{Name = "SSH"; expression = { $_.'ssh(22)' -replace "False$", "-" }; Width = 4 }, `
65 | @{Name = "Telnet"; expression = { $_.'telnet(23)' -replace "False$", "-" }; Width = 6 }, `
66 | @{Name = "HTTP"; expression = { $_.'http(80)' -replace "False$", "-" }; Width = 4 }, `
67 | @{Name = "HTTPS"; expression = { $_.'https(443)' -replace "False$", "-" }; Width = 5 }, `
68 | @{Name = "RDP"; expression = { $_.'rdp(3389)' -replace "False$", "-" }; Width = 4; Align = "center" }, `
69 | @{Name = "Mac Address"; expression = 'MacAddress'; Width = 17 }, `
70 | @{Name = "Vendor"; expression = { $_.vendor -replace '(.+?)(?:~|,).+', '$1' }; Width = 22 } -wrap
71 |
72 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Release and Renew IP Address.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Release and renew IP address
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | ipconfig /release && ipconfig /renew
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Report on Largest Folders and Largest Files.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Run two reports back to back. First list directories and their sizes.
9 | Next show the top 25 largest files.
10 | .LANGUAGE
11 | PowerShell
12 | .TIMEOUT
13 | 300
14 | .LINK
15 | #>
16 |
17 | #Adjust to reflect the drive letter. Subfolder path may also be added in the entire drive does not need to be examined
18 | $Drive = "c:\"
19 | $folderList = @()
20 |
21 | #Report on folder sizes
22 | $subfolders = Get-ChildItem $Drive -Directory | Sort-Object
23 | foreach ($folder in $subfolders) {
24 |
25 | $size = Get-ChildItem -Path $folder.FullName -Recurse -Force -ErrorAction SilentlyContinue | Measure-Object -Property Length -Sum
26 | [decimal]$sizeInGB = "{0:N2}" -f ($size.Sum / 1GB)
27 |
28 | #Create a custom object to format the list
29 | $ResultItems = [PSCustomObject]@{
30 | FolderName = "$folder"
31 | 'Size(GB)' = $sizeInGB
32 | }
33 | #Add the results to array $folderList
34 | $folderList += $ResultItems
35 | }
36 | $folderList | Sort-Object -Property 'Size(GB)' -Descending | Out-Default
37 |
38 | #Report on top 25 largest files
39 | Write-Host "Largest files on $Drive"
40 | Get-ChildItem $Drive -recurse -ErrorAction SilentlyContinue -Force | sort -descending -property length | select -first 25 name, @{Name = "Gigabytes"; Expression = { [Math]::round($_.length / 1GB, 2) } }, directory
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Reset local user password.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Change a local user account password.
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | #Add the username and password here
17 | $UserName = "USERNAME_GOES_HERE"
18 | $Password = "PASSWORD_GOES_HERE"
19 |
20 | #Check if the account is present and if so, set the password.
21 | $checkUser = Get-LocalUser -Name $UserName
22 | if ($checkUser) {
23 | $Password = convertto-securestring $Password -asplaintext -force
24 | Write-Host "The user account $UserName exists. Setting the new password."
25 | Set-LocalUser -Name $UserName -Password $Password
26 | }
27 | else {
28 | Write-host "The user account is not present. Exiting."
29 | exit 1
30 | }
31 |
32 | #Verify that the password was changed by checking the password set timestamp
33 | $PasswordResetDate = Get-LocalUser -Name $UserName | select -ExpandProperty PasswordLastSet
34 | $CurrentDate = Get-Date
35 | $TimeDiff = New-TimeSpan -start $PasswordResetDate -End $CurrentDate
36 | if ($TimeDiff.Minutes -le 3) {
37 | Write-Host "Password was successfully changed for $UserName"
38 | }
39 | else {
40 | Write-host "Something went wrong. The password was not changed."
41 | Exit 1
42 | }
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Reset the TCP-IP Stack (will reboot).ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Reset the TCP/IP stack. This will reboot the device!
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | netsh winsock reset
17 | netsh int ip reset
18 | Restart-Computer -force
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Send Notification Message to Logged in User - Basic.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Send a message to the logged in user using a legacy style pop-up
9 |
10 | Uses the following PowerShell Modules:
11 | https://github.com/KelvinTegelaar/RunAsUser - To run as logged-in user
12 | .LANGUAGE
13 | PowerShell
14 | .TIMEOUT
15 | 100
16 | .LINK
17 | #>
18 |
19 | #Enter the notification message here.
20 | $Message_file = @"
21 | 'Hello, Windows updates and system maintenance will be performed tonight, starting at 9pm. Please close all applications at the end of day and leave the PC powered on. Thank you!', 'Your IT Dept - Computer Maintenance Tonight', 'Ok', 'Info'
22 | "@
23 |
24 | #Check if a user is logged in. Can't send a toast to no one!
25 | $LoggedInUser = Get-Process -IncludeUserName -Name explorer -ErrorAction SilentlyContinue | Select-Object -ExpandProperty UserName -Unique
26 | if ($LoggedInUser) {
27 | "$LoggedInUser is logged in. Sending toast"
28 | }
29 | else {
30 | "No one is logged in. Exiting..."
31 | Exit 1
32 | }
33 |
34 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
35 | #Check for NuGet on the device and install if not present
36 | if (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue) {
37 | Write-Host "NuGet Package already exists"
38 | }
39 | else {
40 | Write-host "Installing NuGet"
41 | Install-PackageProvider -Name NuGet -force
42 | }
43 |
44 | #Check for dependent modules and install if not present
45 | Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
46 | $ModuleList = "RunAsUser"
47 | foreach ($Module in $ModuleList) {
48 | if (Get-Module -ListAvailable -Name $Module -ErrorAction SilentlyContinue) {
49 | Write-Host "$Module module already exists"
50 | }
51 | else {
52 | Write-Host "$Module does not exist. Installing"
53 | Install-Module -Name $Module -Force
54 | }
55 | }
56 |
57 | $TempFolder = 'C:\temp'
58 | if (Test-Path -Path $TempFolder -ErrorAction SilentlyContinue) {
59 | }
60 | else {
61 | mkdir $TempFolder
62 | }
63 |
64 | #Save the message to a file because can't pass variables to the invoke-ascurrentuser
65 | #Converting the script block to a string and expanding the variable doesn't work either. :eyeroll:
66 | $Message_file | Out-File -FilePath $TempFolder\message.txt -Force
67 |
68 | invoke-ascurrentuser -scriptblock {
69 | $TempFolder = 'C:\temp'
70 | #Read in the message file.
71 | $message = Get-Content -Path $TempFolder\message.txt
72 | Add-Type -AssemblyName PresentationFramework
73 | [System.Windows.MessageBox]::Show($message)
74 | }
75 |
76 | Start-Sleep 3
77 | #Delete the message file
78 | Remove-Item $TempFolder\message.txt -Force
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Send Notification Message to Logged in User.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Send a message to the logged in user using a Windows native
9 | notification
10 |
11 | Uses the following PowerShell Modules:
12 | https://github.com/Windos/BurntToast - Toast Library
13 | https://github.com/KelvinTegelaar/RunAsUser - To run as logged-in user
14 | .LANGUAGE
15 | PowerShell
16 | .TIMEOUT
17 | 100
18 | .LINK
19 | #>
20 |
21 | #Enter the notification message here.
22 | $Message_file = @"
23 | Insert your message here
24 | "@
25 |
26 | #Check if a user is logged in. Can't send a toast to no one!
27 | $LoggedInUser = Get-Process -IncludeUserName -Name explorer -ErrorAction SilentlyContinue | Select-Object -ExpandProperty UserName -Unique
28 | if ($LoggedInUser) {
29 | "$LoggedInUser is logged in. Sending toast"
30 | }
31 | else {
32 | "No one is logged in. Exiting..."
33 | Exit 1
34 | }
35 |
36 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
37 |
38 | #Check for NuGet on the device and install if not present
39 | Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
40 | if (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue) {
41 | Write-Host "NuGet Package already exists"
42 | }
43 | else {
44 | Write-host "Installing NuGet"
45 | Install-PackageProvider -Name NuGet -force
46 | }
47 |
48 | #Check for dependent modules and install if not present
49 | Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
50 | $ModuleList = "BurntToast", "RunAsUser"
51 | foreach ($Module in $ModuleList) {
52 | if (Get-Module -ListAvailable -Name $Module -ErrorAction SilentlyContinue) {
53 | Write-Host "$Module module already exists"
54 | }
55 | else {
56 | Write-Host "$Module does not exist. Installing"
57 | Install-Module -Name $Module -Force
58 | }
59 | }
60 |
61 | $TempFolder = 'C:\temp'
62 | if (Test-Path -Path $TempFolder -ErrorAction SilentlyContinue) {
63 | }
64 | else {
65 | mkdir $TempFolder
66 | }
67 |
68 | #Save the message to a file because can't pass variables to the invoke-ascurrentuser
69 | #Converting the script block to a string and expanding the variable doesn't work either. :eyeroll:
70 | $Message_file | Out-File -FilePath $TempFolder\message.txt -Force
71 |
72 | invoke-ascurrentuser -scriptblock {
73 | $TempFolder = 'C:\temp'
74 | #Read in the message file.
75 | $message = Get-Content -Path $TempFolder\message.txt
76 | $Text1 = New-BTText -Content "Attention:"
77 | #Use the message file as the message
78 | $Text2 = New-BTText -Content "$message"
79 | $Button = New-BTButton -Content "Snooze" -snooze -id 'SnoozeTime'
80 | $Button2 = New-BTButton -Content "Dismiss" -dismiss
81 | $5Min = New-BTSelectionBoxItem -Id 5 -Content '5 minutes'
82 | $10Min = New-BTSelectionBoxItem -Id 10 -Content '10 minutes'
83 | $1Hour = New-BTSelectionBoxItem -Id 60 -Content '1 hour'
84 | $4Hour = New-BTSelectionBoxItem -Id 240 -Content '4 hours'
85 | $1Day = New-BTSelectionBoxItem -Id 1440 -Content '1 day'
86 | $Items = $5Min, $10Min, $1Hour, $4Hour, $1Day
87 | $SelectionBox = New-BTInput -Id 'SnoozeTime' -DefaultSelectionBoxItemId 10 -Items $Items
88 | $action = New-BTAction -Buttons $Button, $Button2 -inputs $SelectionBox
89 | $heroimage = New-BTImage -Source 'https://raw.githubusercontent.com/levelsoftware/scripts/main/Level_Logo_Animation.gif' -HeroImage
90 | $Binding = New-BTBinding -Children $text1, $text2 -HeroImage $heroimage
91 | $Visual = New-BTVisual -BindingGeneric $Binding
92 | $Content = New-BTContent -Visual $Visual -Actions $action
93 | Submit-BTNotification -Content $Content
94 | }
95 |
96 | Start-Sleep 3
97 | #Delete the message file
98 | Remove-Item $TempFolder\message.txt -Force
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/USERS-remove-local-admin-except.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Remove all users from the local admins group except for the accounts
9 | specified in the User variables
10 | .LANGUAGE
11 | PowerShell
12 | .TIMEOUT
13 | 100
14 | .LINK
15 | #>
16 |
17 | $User1 = "Domain Admins"
18 | $User2 = "Administrator"
19 |
20 | Get-LocalGroupMember administrators |
21 | where { $_.name -notmatch "$User1|$User2" } |
22 | Remove-LocalGroupMember administrators -Verbose
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Windows Defender exclusions for Level.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Add Windows Defender exclusions for Level.io
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 100
13 | .LINK
14 | #>
15 |
16 | Add-MpPreference -ExclusionPath “C:\Program Files\Level" -Force
17 | Add-MpPreference -ExclusionProcess "Level.exe" -Force
--------------------------------------------------------------------------------
/PowerShell/Scripts/Windows-Settings/Windows-Update-hide-unhide-a-specific-update.ps1:
--------------------------------------------------------------------------------
1 | # -----------------------------------------------------------------------------
2 | # This script is provided as a convenience for Level.io customers. We cannot
3 | # guarantee this will work in all environments. Please test before deploying
4 | # to your production environment. We welcome contribution to the scripts in
5 | # our community repo!
6 | #
7 | # -----------------------------------------------------------------------------
8 | # Script Configuration
9 | # -----------------------------------------------------------------------------
10 | # Name: Windows Update - Hide/Unhide Specific Update
11 | # Description: Hide or unhide the specific update specified
12 | #
13 | # Language: PowerShell
14 | # Timeout: 180
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 |
19 | # Define variables for KB number or Title and the action (Hide/Unhide)
20 | # Use the complete update title. Or use a KB number with wildcards around it "*KB5029263*"
21 | $kbNumberOrTitleToModify = "*KB5029263*"
22 |
23 | # Set to $true to hide the update, or $false to unhide it
24 | $hideUpdate = $true
25 |
26 | # Create a COM object for Microsoft.Update.Session
27 | $session = New-Object -ComObject "Microsoft.Update.Session"
28 | $searcher = $session.CreateUpdateSearcher()
29 |
30 | # Get a list of installed updates using GetTotalHistoryCount()
31 | $historyCount = $searcher.GetTotalHistoryCount()
32 | Write-Host "Checking $historyCount installed updates for a match ..."
33 | $historyUpdates = $searcher.QueryHistory(0, $historyCount)
34 |
35 | # Find the update in installed updates and exit if found
36 | foreach ($update in $historyUpdates) {
37 | if ($update.Title -like $kbNumberOrTitleToModify) {
38 | Write-Host "ALERT - The matched update ""$($update.Title)"" is already installed. No action required."
39 | exit 1
40 | }
41 | }
42 |
43 | $updateToModify = $null
44 |
45 | # Get the list of pending updates
46 | $pendingUpdates = $searcher.Search('IsInstalled=0').Updates
47 | Write-Host "Checking $($pendingUpdates.count) pending updates for a match ..."
48 |
49 | # Find the update by KB number or Title and perform the action
50 | foreach ($update in $pendingUpdates) {
51 | if ($update.Title -like $kbNumberOrTitleToModify) {
52 | $updateToModify = $update
53 | break # Stop searching once we find a match
54 | }
55 | }
56 |
57 |
58 | if ($updateToModify -eq $null) {
59 | Write-Host "ALERT - Update with KB number or Title '$kbNumberOrTitleToModify' not found among installed or pending updates."
60 | exit 1
61 | }
62 | else {
63 | if ($hideUpdate) {
64 | # Hide the update
65 | Write-Host "Hiding update ""$($updateToModify.Title)""..."
66 | $updateToModify.IsHidden = $true
67 | $action = "hidden"
68 | }
69 | else {
70 | # Unhide the update (if applicable)
71 | Write-Host "Unhiding update ""$($updateToModify.Title)""..."
72 | $updateToModify.IsHidden = $false
73 | $action = "unhidden"
74 | }
75 |
76 | Write-Host "Success - ""$($updateToModify.Title)"" has been $action."
77 | }
--------------------------------------------------------------------------------
/PowerShell/Scripts/Winget/Winget - Install App.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | This script is provided as a convenience for Level.io customers. We cannot
3 | guarantee this will work in all environments. Please test before deploying
4 | to your production environment. We welcome contribution to the scripts in
5 | our community repo!
6 |
7 | .DESCRIPTION
8 | Install one or more apps via Winget.
9 | .LANGUAGE
10 | PowerShell
11 | .TIMEOUT
12 | 600
13 | .LINK
14 | #>
15 |
16 | #Add your app(s) here. For a single app just "App1"
17 | #For multiple apps use "App1", "App2", "App3"
18 | #To easily find app names check https://winstall.app/ or https://winget.run/
19 | $App = "Notepad++.Notepad++", "Google.Chrome"
20 |
21 | #Setup temp folder
22 | $InstallerFolder = "c:\temp"
23 | if (!(Test-Path $InstallerFolder)) {
24 | New-Item -Path $InstallerFolder -ItemType Directory -Force -Confirm:$false
25 | }
26 |
27 | #If Visual C++ Redistributable 2022 not present, download and install. (Winget Dependency)
28 | if (Get-WmiObject -Class Win32_Product -Filter "Name LIKE '%Visual C++ 2022%'") {
29 | Write-Host "VC++ Redistributable 2022 already installed"
30 | }
31 | else {
32 | Write-Host "Installing Visual C++ Redistributable"
33 | #Permalink for latest supported x64 version
34 | Invoke-Webrequest -uri https://aka.ms/vs/17/release/vc_redist.x64.exe -Outfile $InstallerFolder\vc_redist.x64.exe
35 | Start-Process "$InstallerFolder\vc_redist.x64.exe" -Wait -ArgumentList "/q /norestart"
36 | }
37 |
38 | $TestWinget = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq "Microsoft.DesktopAppInstaller" }
39 |
40 | #Check if Winget is installed
41 | If ([Version]$TestWinGet. Version -gt "2022.506.16.0") {
42 | Write-Host "WinGet is Installed, checking environment path." -ForegroundColor Green
43 |
44 | #Find the Winget path, and peel off winget.exe
45 | $ResolveWingetPath = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe"
46 | if ($null -eq $ResolveWingetPath) {
47 | write-host "ERROR: Winget path was not found."
48 | exit 1
49 | }
50 | $WingetPath = $ResolveWingetPath[-1].Path
51 | $WingetPath = Split-Path -Path $WingetPath -Parent
52 |
53 | #Check if Winget is in the system environment path
54 | If ([Environment]::GetEnvironmentVariable("PATH", "Machine") -like "*$WingetPath*") {
55 | Write-Host "WinGet path is correct, installing as SYSTEM" -ForegroundColor Green
56 | #Install the app
57 | foreach ($AppName in $App) {
58 | Write-Host "Installing $AppName"
59 | try {
60 | & winget.exe install --exact --id $AppName --silent --accept-package-agreements --accept-source-agreements
61 | }
62 | catch {
63 | Write-Host $_.Exception.Message -ForegroundColor Red
64 | Write-Host "Has the computer been rebooted since adding Winget to the System path variable? Attempting to install via the absolute path."
65 | & $WingetPath\winget.exe install --exact --id $AppName --silent --accept-package-agreements --accept-source-agreements
66 | }
67 | }
68 | }
69 | Else {
70 | #Add Winget to the System path environment variable for future use
71 | $SystemPath = [Environment]::GetEnvironmentVariable("PATH", "Machine") + [IO.Path]::PathSeparator + $WingetPath
72 | [Environment]::SetEnvironmentVariable( "Path", $SystemPath, "Machine" )
73 |
74 | ##Install the app by calling winget via the full path
75 | foreach ($AppName in $App) {
76 | Write-Host "Installing $AppName"
77 | & $WingetPath\winget.exe install --exact --id $AppName --silent --accept-package-agreements --accept-source-agreements
78 | }
79 | }
80 | }
81 | Else {
82 | Write-Host "Winget is not installed. Exiting..."
83 | exit 1
84 | }
85 |
--------------------------------------------------------------------------------
/PowerShell/Scripts/readme.md:
--------------------------------------------------------------------------------
1 | # PowerShell Scripts
2 |
--------------------------------------------------------------------------------
/PowerShell/readme.md:
--------------------------------------------------------------------------------
1 | # PowerShell
2 |
--------------------------------------------------------------------------------
/Python/Monitors/readme.md:
--------------------------------------------------------------------------------
1 | # Python Monitors
2 |
--------------------------------------------------------------------------------
/Python/Scripts/readme.md:
--------------------------------------------------------------------------------
1 | # Python Scripts
2 |
--------------------------------------------------------------------------------
/Python/readme.md:
--------------------------------------------------------------------------------
1 | # Python
2 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Scripts for Level
2 | Welcome to the community script repository for [Level.io](https://level.io). These scripts are intended to help IT Admins improve their automation efforts in support IT infrastructre and endpoints. These are provided for Level clients, however these scripts will work with any automation system, or on a single device.
3 |
4 | This repo is provided as a courtesy for Level clients, however scripts should not be run in a production environment without first testing! Some scripts may include 3rd-party binaries for installers. We vet the binaries, however we would recommend you download binaries directly from the source. Trust but verify comes to mind here.
5 |
6 | # Rules
7 | We welcome community input and contributions. If you have scripts that you'd like to share (or work on together), feel free to contribute.
8 |
9 | Do not include passwords, keys, secrets, certs, etc. Nothing sensitive should ever be included in this public repository. Also scrub all scripts of identifying information including client information, IPs, hostnames, FQDNs, etc.
10 |
11 | At this time Level supports PowerShell, Bash, and Zsh, so all scripts should fall into one of those 3 scripting languages.
12 |
13 | # Conventions
14 |
15 |
Naming - This is a work in progress. We're open to discussion here as our library expands.
16 |
Header comment block - Also a work in progress, however as we prepare Level to be able to reference these scripts directly, there will be future guidance here.
17 |
18 |
19 | # Credit
20 | Even though we have created many of the scripts from scratch, some scripts have been copied from other public repos. We will give credit to the creators in the header comments. Please let us know if we've missed giving credit where it's due.
21 |
--------------------------------------------------------------------------------
/osquery/Monitors/check-for-usb-drive.sql:
--------------------------------------------------------------------------------
1 | /*
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | #
8 | # -----------------------------------------------------------------------------
9 | # Script Configuration
10 | # -----------------------------------------------------------------------------
11 | # Name: Osquery Monitor - Check USB Drive Presence
12 | # Description: Check if USB Drive is present
13 | # Language: Osquery
14 | # Timeout: 100
15 | # Version: 1.0
16 | #
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Osquery Monitor - Check USB Drive Presence
21 | # Script output: Equals
22 | # Output value: true
23 | # Run frequency: Minutes
24 | # Duration: 1
25 | # -----------------------------------------------------------------------------
26 | */
27 |
28 | SELECT CASE WHEN COUNT(*) > 0 THEN 'true' ELSE 'false' END AS usb_drive_present
29 | FROM disk_info
30 | WHERE type LIKE '%USB%' OR description LIKE '%USB%';
31 |
--------------------------------------------------------------------------------
/osquery/Monitors/readme.md:
--------------------------------------------------------------------------------
1 | # osquery Monitors
2 |
--------------------------------------------------------------------------------
/osquery/Monitors/uptime.sql:
--------------------------------------------------------------------------------
1 | /*
2 | # -----------------------------------------------------------------------------
3 | # This script is provided as a convenience for Level.io customers. We cannot
4 | # guarantee this will work in all environments. Please test before deploying
5 | # to your production environment. We welcome contribution to the scripts in
6 | # our community repo!
7 | # -----------------------------------------------------------------------------
8 | #
9 | # -----------------------------------------------------------------------------
10 | # Script Configuration
11 | # -----------------------------------------------------------------------------
12 | # Name: Osquery Monitor - Uptime
13 | # Description: Check for uptime of the device
14 | # Language: Osquery
15 | # Timeout: 100
16 | # Version: 1.0
17 | # -----------------------------------------------------------------------------
18 | # Monitor Configuration
19 | # -----------------------------------------------------------------------------
20 | # Script: Osquery Monitor - Uptime
21 | # Script output: Greater than
22 | # Output value: 30 (days)
23 | # Run frequency: Hours
24 | # Duration: 12
25 | # -----------------------------------------------------------------------------
26 | */
27 |
28 | SELECT days FROM uptime;
--------------------------------------------------------------------------------
/osquery/Scripts/readme.md:
--------------------------------------------------------------------------------
1 | # osquery Scripts
2 |
--------------------------------------------------------------------------------
/osquery/readme.md:
--------------------------------------------------------------------------------
1 | # osquery
2 |
--------------------------------------------------------------------------------