diff --git a/Active directory/Setup-GroupPolicy.ps1 b/Active directory/Setup-GroupPolicy.ps1 new file mode 100644 index 0000000..8c0c6ee --- /dev/null +++ b/Active directory/Setup-GroupPolicy.ps1 @@ -0,0 +1,134 @@ +# + +#Install needed Administrative tools +Install-WindowsFeature -Name "GPMC" +Install-WindowsFeature -Name “RSAT-AD-Tools” -IncludeAllSubFeature +Install-WindowsFeature -Name "RSAT-DNS-Server" + +#Creating needed Active Directory Struckture, (OU, Groups). +$ADName = (Get-ADDomain).DistinguishedName +New-ADOrganizationalUnit -Name "Servers" -Path "$ADName" +$ServersOUPath = (Get-ADOrganizationalUnit -Identity "OU=Servers,$ADName").DistinguishedName +New-ADOrganizationalUnit -Name "Avd" -Path "$ServersOUPath" +$AvdOUPath = (Get-ADOrganizationalUnit -Identity "OU=Avd,ServersOUPath").DistinguishedName + +New-ADGroup -Name "AVD-Hosts" -DisplayName "AVD-Hosts" -SamAccountName "AVD-Hosts" -GroupCategory Security -GroupScope Global -Path "$AvdOUPath" + + +# +New-GPO -name "AVD-GPO-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-GPO-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-GPO-C" -Path ./AVD-GPO-C/ + +new-gpo -name "AVD-Customization-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Customization-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Customization-C" -Path ./ + +new-gpo -name "AVD-Customization-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Customization-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Customization-U" -Path ./ + +new-gpo -name "FSlogix-Profiles-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name FSlogix-Profiles-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "FSlogix-Profiles-C" -Path ./ + +new-gpo -name "FSlogix-Conteiners-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name FSlogix-Conteiners-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "FSlogix-Conteiners-C" -Path ./ + +new-gpo -name "AVD-Lockdown-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Lockdown-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Lockdown-C" -Path ./ + +new-gpo -name "AVD-Lockdown-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Lockdown-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Lockdown-U" -Path ./ + +new-gpo -name "AVD-Office-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Office-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Office-C" -Path ./ + +new-gpo -name "AVD-Office-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Office-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Office-U" -Path ./ + +new-gpo -name "AVD-Redirect-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Redirect-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Redirect-U" -Path ./ + +new-gpo -name "AVD-RegionalSettings-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-RegionalSettings-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-RegionalSettings-U" -Path ./ + +new-gpo -name "AVD-Sessions-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Sessions-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Sessions-U" -Path ./ + +new-gpo -name "AVD-Sessions-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Sessions-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Sessions-C" -Path ./ + +new-gpo -name "AVD-Shadow-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name AVD-Shadow-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "AVD-Shadow-C" -Path ./ + +new-gpo -name "Edge-Settings-C" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name Edge-Settings-C -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "Edge-Settings-C" -Path ./ + +new-gpo -name "Edge-Settings-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name Edge-Settings-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "Edge-Settings-U" -Path ./ + +new-gpo -name "TenentShortName-Shares-U" | New-GPLink -Target "$AvdOUPath" -LinkEnabled +Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoApply,GpoRead -TargetName "AVD-Hosts" -TargetType Group +Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoRead -TargetName "Authenticated Users" -TargetType Group +Set-GPPermission -Name TenentShortName-Shares-U -PermissionLevel GpoEditDeleteModifySecurity -TargetName "AAD DC Administrators" -TargetType Group +Import-GPO -TargetName "TenentShortName-Shares-U" -Path ./ + +#Creating folderstructure for drift +mkdir "Drift" +mkdir "Drift\Install" +mkdir "Drift\RDP" + +#Creating folderstructure for Customizations +mkdir "Customizations" +mkdir "Customizations\Backgrounds" +mkdir "Customizations\DefaultApps" +mkdir "Customizations\Layout" +mkdir "Customizations\Start Menu" + + + diff --git a/Azure/Create-AzureADGroups.ps1 b/Azure/Create-AzureADGroups.ps1 index e69de29..289d8b4 100644 --- a/Azure/Create-AzureADGroups.ps1 +++ b/Azure/Create-AzureADGroups.ps1 @@ -0,0 +1,12 @@ + +#Importing requierd modules +#Import-Module Az + +$groups = Import-Csv -Path "c:\Users\-GroupStructure-Full.csv" -Delimiter "," +#Connect-Az + +foreach ($group in $groups) +{ + $group.groupname + New-AzADGroup -DisplayName $group.groupname -Description $group.groupdescription -SecurityEnabled -MailNickName $group.groupname +} diff --git a/Microsoft 365/connect-office-365.ps1 b/Microsoft 365/connect-office-365.ps1 new file mode 100644 index 0000000..09cd12d --- /dev/null +++ b/Microsoft 365/connect-office-365.ps1 @@ -0,0 +1,3 @@ +$UserCredential = Get-Credential +$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection +Import-PSSession $Session \ No newline at end of file diff --git a/PowerShell/Create-Printers.ps1 b/PowerShell/Create-Printers.ps1 new file mode 100644 index 0000000..15c0c13 --- /dev/null +++ b/PowerShell/Create-Printers.ps1 @@ -0,0 +1,9 @@ +$Printers = Import-Csv -Path "C:\temp\PrinterList.csv" -Encoding UTF8 -delimiter "," + +foreach ($Printer in $Printers) +{ + + Add-PrinterPort -Name $Printer.IP -PrinterHostAddress $Printer.IP -Verbose + Add-Printer -Name $Printer.PrinterName -DriverName $Printer.Driver -Location $Printer.Location -PortName $Printer.IP -Verbose + +} diff --git a/PowerShell/List file access.ps1 b/PowerShell/List file access.ps1 new file mode 100644 index 0000000..2bed1ca --- /dev/null +++ b/PowerShell/List file access.ps1 @@ -0,0 +1,11 @@ +get-Acl -Path C:\users\* | out-gridview + +$FolderPath = Get-ChildItem -Directory -Path "C:\users\*" + +ForEach ($Folder in $FolderPath) { + $Acl = Get-Acl -Path $Folder.FullName + ForEach ($Access in $Acl.Access) { +$Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited} +New-Object -TypeName PSObject -Property $Properties + Out-GridView } +} \ No newline at end of file diff --git a/PowerShell/get-eventid.ps1 b/PowerShell/get-eventid.ps1 new file mode 100644 index 0000000..2d5c6cd --- /dev/null +++ b/PowerShell/get-eventid.ps1 @@ -0,0 +1,12 @@ + +$server = 127.0.0.1 +$starttime = get-date -Format yyyy-MM-dd + +Get-EventLog Application -ComputerName $server -After $starttime | + ? { $_.entryType -Match "Error" -and "Critical" } | + Group-Object -Property EventID | + % { $_.Group[0] | Add-Member -PassThru -NotePropertyName Count -NotePropertyValue $_.Count } | + Sort-Object EventID -Unique | + Select-Object Count, TimeGenerated, EventID, Source, Message | + ft -AutoSize -Wrap | + Out-File $file -Append \ No newline at end of file