If you’ve deployed multifactor authentication (MFA) at an enterprise scale, you’ll know it can be fraught with challenges. You may need to deploy to individual departments, or perhaps take a phased approach and deploy in traches. However you end up deciding to do your MFA rollout, you will likely need to specify a target group,…
Category: Systems Administration
Cloud – Enterprise Gmail Mass-Mailer
If you’ve ever needed to perform mass-mailing operations within an enterprise, you’ll know there are a lot of considerations. Being able to bypass filters and rate limits for different platforms may be necessary to send messages in a timely manner, or to avoid bigger problems. So, if you are using Google Workspace for email, why…
PowerShell – Execute Scriptblock as Current User
Here’s a script I’ve put together that will retrieve the current user sessions from a remote host using psexec.exe. Then, it executes a scriptblock using the current user session context. Simple, but very powerful. I would suggest not running this in an enterprise environment if you would like to stay in your security team’s good…
Cloud – Retrieve Google Drive Contents by User or Drive ID
Recently, a challenge presented itself in migrating a large archive of data from a Google Drive location (frankly, a rather costly storage option) to a local NAS storage device. I have been using PSGSuite to interface with the G Suite products, so I turned to it to see what my options were. I found them…
Cloud – Search and Destroy Malicious Emails From End Users’ G-Suite Mailboxes
If you are using managing an enterprise, you will undoubtedly encounter malicious emails targeting your end users. Ideally, you could delete these messages from within your end users’ mailboxes. Normally, this is a premium feature, but if you have configured your G-Suite environment to use PSGSuite, it can be accomplished with some pretty basic scripting….
IAM – PowerShell – Manual Entra Connect Sync via Script
Recently, the need for others to be able to force a manual sync from on-prem Active Directory (AD) to Entra became apparent. I knew this could be done with PowerShell, so I got to work writing a script. Users that may run this script will need to be in the local ‘ADSyncOperators’ group on your…
Cloud- Synchronize Profile Photos Between Federated Domains (Google, Azure)
Synchronization of profile photos between Google’s G Suite and Azure is not supported by the built-in Azure Provisioning engine. This must be accomplished by some other means. In my case, of course, I look to employ PowerShell for such automation tasks. As a prerequisite, you should have already followed PSGSuite’s intial setup procedure documented on…
Cloud – Synchronizing Disablements Between Federated Domains (Azure, Google)
When configuring provisioning between Azure and Google federated domains, you will likely reference Microsoft’s documentation on configuring their canned provisioning Enterprise Application at https://learn.microsoft.com/en-us/entra/identity/saas-apps/g-suite-provisioning-tutorial. There is more information here as well: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/configure-automatic-user-provisioning-portal. The procedure outlined here will get you started- however, you will quickly realize that disablements are not synchronizing between the two platforms. I…
Linux – Configure Debian to Authenticate w/ Active Directory
A unique problem recently presented itself- how to allowing multiple users to access a Linux VM in a secure fashion. Generic user accounts seemed like a poor idea to me, as they would likely end up being mismanaged. And shared accounts are, of course, a terrible idea. So, what to do? Well, I am, of…
PowerShell – Identify VMs w/ Particular OS in vSphere
With CentOS 7 reaching its end-of-life on June 30th of this year, it would be a good idea to identify any VMs with that particular OS. Doing so manually could prove tedious. Personally, I subscribe to the philosophy shared in Google’s SRE manual, and seek to eliminate such toilsome tasks. And PowerShell is a great…