The common method used to return win32 application information from a Windows device via PowerShell is ‘gwmi win32_product.’ This returns the more pertinent IdentifyingNumber, Name, Vendor, Version, and Caption properties, as shown in the below example output. However, Windows does have more information on these applications. Using the ‘wmic product get’ command, we can get…
PowerShell – Get AD User’s Last Logon Time
Here’s a simple little function I put together that will accept a user’s name in First Last format, and then return their last logon time information from AD. Here is the GitHub link: https://github.com/p8nflnt/SysAdmin-Toolbox/blob/main/Get-AdUserLogonTime.ps1
PowerShell – Send Email Notifications for VPN Connectivity Loss & Restoration
I’ve put together a simple script to perform a ping test against an endpoint across a VPN connection to confirm VPN connectivity. If the endpoint can’t be pinged, it sends an email notification to your desired internal email address. I’ve built in a notification interval so that you are not spammed with notification emails. And,…
PowerShell – Get Windows Host Info with PsExec
Over the past several days, I have been exploring the idea of retrieving information for diagnostic purposes from Windows hosts using PsExec of the Sysinternals suite. This is something that might make sense for a small environment, as it is clientless, and there is really no overhead besides the lightweight PsExec tool, and the ThreadJob…
PowerShell, Reddit, Confetti, and Rick Astley
The other day, I came across this Reddit post on r/sysadmin: https://reddit.com/r/sysadmin/s/FkC30bMxCJ The OP explains that his CEO has requested that he make confetti appear on everyone’s screen simultaneously to celebrate a milestone. I found the absurdity of the request hilarious. And, I took it as a challenge to script something similar- but I took…
PowerShell – Convert PsExec-run Cmdlet Output Strings Back to Objects, Properties, & Values
I have been experimenting with using PsExec of the Sysinternals suite to gather information from remote Windows systems for diagnostic use. I’ve found it to be a powerful tool, especially when integrated with PowerShell scripts. It is able to execute a script or command on a remote machine and return the output back to the…
PowerShell – Programmatically Determine the Primary User of a Device
Configuration Manager includes the device property and concept of UserDeviceAffinity, with which the Primary User of a device can easily be determined and referenced. But, what if your environment does not have MECM in place? MECM is a lot of overhead for a small environment. How might one maintain this capability? Well, user log on…
PowerShell- Launch Applications With Other User Context Within Interactive Session
There are many reasons one might want to establish a workflow in which they can quickly launch PowerShell or the ISE with alternative credentials from their interactive session, such as executing a script with a more privileged user context. To do so, create a script like the one below: Then, create a shortcut to execute…
Azure – Malicious Authentication Emulation and Mitigation
The attack surface of a cloud tenant should get a lot of consideration. It is important to understand that some legacy protocols, like SMTP, are not capable of accommodating multifactor authentication; and, although they are largely being deprecated, we may still see them in use. Attackers are particularly fond of these legacy protocols, as they…
PowerShell – Indulging the Memosphere – Invoke-Tune Function
I let my curiosity get the better of me, and I put together a PowerShell function for the purpose of creating music using PowerShell’s built-in console beep feature. And, in the very essence of internet meme culture, I present to you my triumph—a PowerShell function that unleashes the timeless anthem of Rick Astley’s ‘Never Gonna…