It’s never too late to start learning PowerShell

It’s 2018 now and you might think who doesn’t know PowerShell yet. Although I’ve seen the number of people using PowerShell increasing over the past years, there’s still plenty of people out there that have the learning curve for PowerShell ahead of them. A few years ago, when the use of PowerShell got traction amongst many IT professionals the web was full of learning resources by means of blog posts, podcasts and online trainings. It Read More …

OMS Security and Audit Baseline Assessment

The Microsoft Operations and Management Suite, Security and Audit Solution includes a Baseline Assessment component. The Baseline configuration definition includes a set of Registry, audit policy and security policy settings rules that are recommended to configure to achieve a secure operating environment. Within the Console we get an overview of “Rules” that have failed, because the servers don’t have the recommended configuration applied. While looking at this, I wondered where I can find the complete Read More …

Collecting NetTcpConnection and Process information with PowerShell

if you need information on active TCP connections, you probably start with the netstat command When using the -b or -o parameter netstat will also list the executable involved in creating the process respectively the owing Process ID. The output then looks as following. In PowerShell we can use Get-NetTCPConnection to retrieve TCP connection information. When suspecting that something malicious is running on a device, I look at the TCP connections and want to know Read More …

Automating CIS-CAT Pro with PowerShell

CIS-CAT stands for Center for internet Security Configuration Assessment Tool. The CIS-CAT tool is used to perform configuration and vulnerability assessments. The Pro version is only available to CIS members, however if you want to try out the software, you can download the CIS-CAT Lite version from here: https://www.cisecurity.org/introducing-cis-cat-lite/ Note that the Lite version does not include the command line interface, so you won’t be able to use the automation described in this blog post. Read More …

Retrieving Windows Defender ATP query API data with PowerShell

I am currently working on some automation around Windows Defender, so started to look at the Windows Defender Advanced Threat Protection query API. Note that this API is still in preview. I wrote two functions for this. Connect-WindowsATP is used to get an access token. Note that you will need to first register the API in Azure Directory so that you get an Application ID that you have to include at the top of the Read More …

Exploring Microsoft Security Update information with PowerShell

Nowadays regular deployment of security updates is a must, whether at home or within the enterprise. If you are responsible to keep systems up to date you deploy the latest updates as soon as possible.  But it is equally important to understand the vulnerabilities being addressed by these updates. The Microsoft Security Update Guide allows you to find detailed information about security updates. Go to https://portal.msrc.microsoft.com/en-us/ and select “Go to the security update Guide” Next Read More …

PowerShell script Update-PoshModule

With nowadays rapid development and release cycles it’s a good practice to regularly check whether you have the latest available module versions installed. Using native PowerShell cmdlets you would first list the module installed locally and then search for the latest module online. When you have several modules installed, this becomes a laborious task. So I wrote a cmdlet that does all this work for me and you if you like. The Update-PoshModule cmdlet can Read More …

Creating and Managing Azure Storage Tables with PowerShell

Today’s mission was to get more familiar with Azure Storage Tables and to manage them with PowerShell. On GitHub I found the AzureTableEntity module from Tao Yang. Below are a number of code snippets I used to get my hands dirty with Azure Storage tables and the module. Install the Module

Next we create an Azure Resource Group and an Azure Storage Account

We will need the Storage Account key later so let’s Read More …

Retrieving Office 365 roadmap information with PowerShell

Here’s a small cmdlet I wrote today to pull the Office 365 roadmap information with PowerShell.

 

ConfigMgr Client Policy Settings – Get-CMclientpolicysettings

Here’s a function i wrote recently to retrieve the ConfigMgr Client Policy settings. To use the function you must have the System Center Configuration Manager Cmdlet library installed.