09 May 2023

Download a file using PowerShell

(new-object System.Net.WebClient).DownloadFile('https://dl.dell.com/AwesomeDrivers.EXE','C:\temp\Drivers\AwesomeDrivers.EXE')

And running PowerShell from Command Prompt:

PowerShell -Command "(new-object System.Net.WebClient).DownloadFile('https://dl.dell.com/AwesomeDrivers.EXE','C:\temp\Drivers\AwesomeDrivers.EXE')"

Get list of Office 365 licensed users, mailbox login time and licenses

Using MSOL PowerShell, outputting to CSV:

Get-MsolUser -All | Where-Object {($_.IsLicensed)}| Select UserPrincipalName, DisplayName, @{N="LastLogonDate";E={(Get-MailboxStatistics $_.UserPrincipalName).LastLogonTime}},@{n="Licenses Type";e={$_.Licenses.AccountSKUid}} | Export-Csv c:\temp\output.csv -NoTypeInformation

Manage Windows Firewall rules with PowerShell and Command Prompt

Display firewall rules that contain the word 'zebra' using PowerShell:

Show-NetFirewallRule | where {$_.DisplayName -Like "*zebra*"} | select DisplayName

Remove a firewall rule using PowerShell:

Remove-NetFirewallRule -DisplayName "Zebra Application"

Add a firewall rule using Command Prompt:

netsh advfirewall firewall add rule name="Zebra Application" dir=in action=allow protocol=TCP program="C:\program files (x86)\zebra\application.exe" profile=any enable=yes

12 April 2023

Create an Azure AD app client secret with long expiration date

After creating the app, note the app's ObjectID and use AzureAD PowerShell:

$StartDate = Get-Date
$EndDate = $StartDate.AddYears(40)
$AppSecret = New-AzureADApplicationPasswordCredential -ObjectId abcdefab-1234-abcd-abcd-123456789012 -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier MySecretKey
Write-host $AppSecret.Value

This creates a client secret called "MySecretKey" that's valid for 40 years. The last line outputs the secret itself - take note of it as you won't be able to see it again.

18 February 2023

Redirect a URL to a file using .htaccess

Using Redirect rules:

#Redirect "/thename" "/path/to/file.txt"
#Redirect "/thename" "/path/to/file.txt"

Using a RedirectMatch rule:

RedirectMatch 301 "^/thename/?$" "/path/to/file.txt"

Using Rewrite Rules:

#RewriteEngine on
#RewriteRule "^thename/?$" "/path/to/file.txt" [L]

Import SSL certificate PFX using PowerShell

Import-PFXCertificate -CertStoreLocation Cert:\LocalMachine\My -FilePath 'C:\temp\myfile.pfx' -Password (ConvertTo-SecureString -String '(thepassword)' -AsPlainText -Force)

02 September 2022

Fix cURL error 60 "SSL certificate problem: unable to get local issuer certificate" in PHP

  1. Download the latest PEM file from here.
  2. Put it in PHP's SSL directory e.g. C:\Program Files\PHP\v8.0\extras\ssl\
  3. Edit your PHP configuration file (php.ini) - in the curl section, uncomment line and add the path to the PEM file e.g.:

    curl.cainfo = "C:\Program Files\PHP\v8.0\extras\ssl\cacert-2022-07-19.pem"

  4. Restart PHP.

Grant an MSSQL user permission to read a table

GRANT SELECT ON thedatabase.dbo.thetable TO "theuser"

17 July 2022

Change SharePoint Migration Manager temporary file storage location

If using Migration Manager to migrate on-prem files to SharePoint Online, the tool temporarily caches files on the C drive during the copy process. If there's not enough free space on the C drive, the migration will fail.

To change the storage to a different drive:

  1. In Command Prompt, navigate to the Migration tool folder:

    cd C:\Users\(user)\AppData\Roaming\Microsoft\SPMigration\Logs\Migration

  2. Delete the exiting MigrationToolStorage folder.
  3. Create a directory junction to a folder on a different drive:

    mklink /J MigrationToolStorage E:\MigrationToolStorage

Compare list of SharePoint files with on-prem file share

If you're migrating files from an on-prem file share to SharePoint, you may need to export a list of files on both sides for comparison:

  1. Install PnP PowerShell:

    Install-Module -Name "PnP.PowerShell"

  2. Connect to the SharePoint site URL:

    Connect-PnPOnline -Url https://company-my.sharepoint.com/sites/SharedFiles -Interactive

  3. Export the SharePoint files/folders in specific directory:

    Get-PnPFolderItem -FolderSiteRelativeUrl "Shared Documents/Folder1" -Recursive | Export-Csv -Path C:\temp\Folder1-SharePoint.csv

  4. Export the corresponding on-prem files/folders: In PowerShell on-prem, CD into the directory then:

    dir -Recurse | Export-Csv -Path C:\temp\Folder1-OnPrem.csv

Check a user's Azure AD MFA methods and default

Check which methods a user has registered for MFA and what their default MFA method is:

Connect-MsolService
$User = Get-MsolUser -UserPrincipalName joe.bloggs@microsoft.com
$User.StrongAuthenticationMethods

Get list of AD users that aren't in a specific group

To get a list of AD users with enabled accounts that aren't in either "Group1" or "Group2":

$results = @()
$users = Get-ADUser -Properties memberof -Filter 'enabled -eq $true'
foreach ($user in $users) {
$groups = $user.memberof -join ';'
$results += New-Object psObject -Property @{'User'=$user.name;'Groups'= $groups}
}
$results | Where-Object { ($_.groups -notmatch 'Group1') -and ($_.groups -notmatch 'Group2')} | Select-Object user | Sort-Object -Property User

Recover from failed HyperX SoloCast firmware update

Attempted to update HyperX SoloCast firmware from 4.1.0.4 to 4.1.0.6, in order to disable the flashing light while mic is muted.

Shortly after the update started, 'failed update' message appeared. Then mic no longer working - not recognised by firmware updater and appeared in device manager as "Realtek USB2.0 Audio" instead of "HyperX SoloCast".

Fixed per this Reddit post:

  1. Unzip the firmware installer.

  2. Edit the "HyperXmic.ini" file to change the Vendor ID and Product ID to suit "Realtek USB2.0 Audio", to allow the updater to recognise the device:

    Change:

    [id]
    vid=0951
    pid=170F

    To:

    [id]
    vid=0bda
    pid=4030

  3. Run the "HyperXSolocastFirmwareUpdater.exe" alongside the edited .ini file.

The installer showed the failed message again, but the mic was still updated, started working again, and showed in Device Manager as "HyperX SoloCast" as normal.

07 May 2022

To migrate Azure AD-joined Windows profile

Suggestions for moving an Azure-AD joined PC from one tenancy to another tenancy and minimising Windows profile impact for the user.

The user's web browser will lose its saved passwords during the change. You can export them before the change, and import afterwards, but best to make sure the user also knows all saved passwords to be safe.

You'll need a local administrator account.

You may wish to back up the PC to be safe.

ForensiT's User Profile Wizard will be used to adjust the user's Windows profile to work with the new tenancy.

  1. On your own PC, generate the XML file for User Profile Wizard which contains the Azure AD object IDs. To do this, run the Save-AzureADUser.ps1 PowerShell script against the new tenancy and note the resulting XML file.
  2. On the user's PC, take note of the default applications (as these will often be reset during the process).
  3. Export user's browser passwords to file.
  4. Log in as the local administrator.
  5. Disconnect it from the current tenancy: Settings > Accounts > Access work or school > Disconnect. Enter the local administrator credentials, and restart the PC, when prompted.
  6. Log in as the local administrator.
  7. Join it to the new tenancy: Settings > Accounts > Access work or school > Connect.
  8. Install User Profile Wizard on the PC. Copy the XML file into the same directory as the main application executable.
  9. Run User Profile Wizard. When prompted to enter the domain, enter the name of the company per tenancy e.g. "My Business" and tick Azure AD. When prompted to enter the account name, enter the user's username in the new tenancy e.g. joe@mybusiness.com (it will display an error if it can't find this user in the XML file).
  10. The PC will restart after the wizard has finished.
  11. Log in with the local administrator, log out.
  12. Log in with the user's new-tenancy account e.g. joe@mybusiness.com. May be prompted to set up Windows Hello e.g. PIN to log in.
  13. Verify that it is using the existing profile - the user's documents etc. should be present.
  14. Set the default applications to what they were previously.
  15. Import user's browser passwords from file. If user was syncing their browser data to an online account, they may need to re-sign into the browser or re-set it up.
  16. Check Outlook, Teams, and OneDrive functionality, and Office activation status.
  17. Check Windows Credential Manager, browser saved passwords, and remove any references to the old tenancy account.
  18. Sometimes BitLocker on the C drive will be paused - resume it if necessary.

30 April 2022

Remove OneDrive file previous versions

  1. Install PnP PowerShell:

    Install-Module -Name "PnP.PowerShell"

  2. Connect to the OneDrive URL:

    Connect-PnPOnline -Url https://company-my.sharepoint.com/personal/jsmith_company_com -Interactive

  3. List the file versions:

    Get-PnPFileVersion -Url "Documents/Documents/myfile.txt"

  4. Remove all the file versions (does not remove file itself):

    Remove-PnPFileVersion -Url "Documents/Documents/myfile.txt" -All

Using PnP PowerShell, you can also get the size of a folder (in MB):

$Folder = Get-PnPFolder -Url "Documents/Documents" -Includes ListItemAllFields Write-host "Size of the Folder:" $([Math]::Round(($Folder.ListItemAllFields.FieldValues.SMTotalSize.LookupId/1MB),2))

Search the Security event logs by username

Search the Security event logs for a username - when filtering the log:

  1. On the XML tab, click 'Edit query manually'.
  2. Replace:

    <Select Path="Security">*</Select>

    with

    <Select Path="Security">* [EventData[Data[@Name='TargetUserName']='USERNAME']]</Select>

    where 'USERNAME' is the desired username.

Thanks, Beaming?

Get AD users' email addresses

PowerShell to export email addresses for AD users:

Get-ADUser -Filter * -Properties proxyaddresses,EmailAddress | Select-Object Name,UserPrincipalName,EmailAddress, @{L = "ProxyAddresses"; E = { ($_.ProxyAddresses -like 'smtp:*') -join ";"}} | Export-Csv -Path C:\temp\AdUsersProxyAddresses.csv -NoTypeInformation

15 April 2022

Change Exchange calendar permissions via command line

Get a user's current calendar permissions:

Get-MailboxFolderPermission -Identity abc@example.com:\Calendar

Give another user PublishingEditor permissions:

Add-MailboxFolderPermission -Identity abc@example.com:\Calendar -User xyz@example.com -AccessRights PublishingEditor

Remove a user's permissions from the calendar:

Remove-MailboxFolderPermission -Identity abc@example.com:\Calendar -User xyz@example.com

Get external IP address via command line

nslookup:

nslookup myip.opendns.com resolver1.opendns.com

PowerShell:

(Invoke-WebRequest -uri http://ifconfig.me/ip).Content

Invoke via Command Prompt:

PowerShell -Command "(Invoke-WebRequest -uri http://ifconfig.me/ip).Content"

Get directory size via Windows command line

PowerShell:

ls -r|measure -sum Length

Invoke via Command Prompt:

PowerShell -NoProfile -Command "ls -r|measure -sum Length"