Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/michaelknap/powershell-admin-scripts

Powershell utils.
https://github.com/michaelknap/powershell-admin-scripts

Last synced: 18 days ago
JSON representation

Powershell utils.

Host: GitHub
URL: https://github.com/michaelknap/powershell-admin-scripts
Owner: michaelknap
License: mit
Created: 2023-10-09T11:55:43.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2023-12-15T15:36:02.000Z (about 1 year ago)
Last Synced: 2023-12-15T16:43:45.203Z (about 1 year ago)
Language: PowerShell
Size: 8.79 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# PowerShell Scripts

This repository contains a collection of PowerShell scripts designed to make admin and audit tasks easier.

## Table of Contents

1. [Remove Emails From All Mailboxes](#remove-emails-from-all-mailboxes)
2. [List Privileged Users In Azure AD](#list-privileged-users-in-azure-ad)
3. [List External Users And Permissions](#list-external-users-and-permissions)
4. [Export Azure AD Device Info List](#export-azure-ad-device-info-list)
5. [Audit Teams App Policies](#audit-teams-app-policies)
6. [Audit Teams External Users](#audit-teams-external-users)
7. [Remove User Mailbox Permission](#remove-user-mailbox-permissions)
8. [Audit User Login Logs](#audit-user-login-events)

## Remove Emails From All Mailboxes

### Description

This script connects to Office 365 and removes emails from all mailboxes based on the sender's email address. It's useful for bulk-deleting phishing or spam emails.

### Usage

Soft delete example:
```
.\RemoveEmailsFromAllMailboxes.ps1 -AdminEmail "[email protected]" -PhishingEmail "[email protected]"
```

Hard delete example:
```
.\RemoveEmailsFromAllMailboxes.ps1 -AdminEmail "[email protected]" -PhishingEmail "[email protected]" -PurgeType "HardDelete"
```

### Requirements

- Exchange Online Management module
- Admin account with necessary permissions

## List Privileged Users in Azure AD

### Description

This script connects to Azure AD and lists all users with predefined privileged roles. Useful for auditing purposes or ensuring that only the correct accounts have elevated permissions.

### Usage

```powershell
.\ListPrivilegedUsers.ps1 -AdminEmail "[email protected]"
```

### Requirements

- AzureAD module
- Admin account with necessary permissions to query Azure AD

## List External Users And Permissions

### Description

This script connects to Azure AD and lists all external or guest users along with the groups they belong to. This can be useful for auditing external access to your resources.

### Usage

```powershell
.\ListExternalUsersAndPermissions.ps1 -AdminEmail "[email protected]"
```

### Requirements

- AzureAD module
- Admin account with necessary permissions to query Azure AD

## Export Azure AD Device Info List

### Description

This script connects to Azure AD and exports device information for all users into a CSV file. It's useful for inventory management, security audits, or general administrative tasks.

### Usage

```powershell
.\ExportAzureADDeviceInfo.ps1 -AdminEmail "[email protected]" -OutputFile "C:\path\to\output.csv"
```

### Requirements

- AzureAD module
- Admin account with necessary permissions to query Azure AD and access device information

## Audit Teams App Policies

### Description

This script connects to Microsoft Teams and audits which apps are allowed or installed, along with details on who installed them. Useful for ensuring compliance and security.

### Usage

```powershell
.\AuditTeamsAppPolicies.ps1 -AdminEmail "[email protected]"
```

### Requirements

- MicrosoftTeams module
- Admin account with necessary permissions to query Teams

## Audit Teams External Users

### Description

This script connects to Microsoft Teams to list all external or guest users, the teams they belong to, and their permissions. Great for auditing external user access.

```powershell
.\AuditTeamsExternalUsers.ps1 -AdminEmail "[email protected]"
```
### Requirements

- MicrosoftTeams module
- Admin account with necessary permissions to query Teams

## Remove User Mailbox Permission

### Description

This script connects to Exchange Online to find and remove specific permissions (like 'Read' or 'Manage') that a user may have on all mailboxes. Useful for revoking access quickly when a user leaves the organization or changes roles.

### Usage

```powershell
.\RemoveUserMailboxPermission.ps1 -AdminEmail "[email protected]" -TargetUser "[email protected]"
```
### Requirements

- Exchange Online Management module
- Admin account with necessary permissions to modify mailbox permissions

## Audit User Login Events

### Description

This script, named `AuditUserLogin.ps1`, will fetch logon, logon failure, and account lockout events (Event IDs 4624, 4625, 4740) for a specified user from the Security log of a domain controller. It allows for filtering events based on a specific time frame and can optionally export the results to a CSV file. This is particularly useful for auditing user activities and identifying potential security incidents.

### Usage

To fetch logon events for a user and display them in the console:

```powershell
.\AuditUserLogin.ps1 -user "user1" -days 5
```
To fetch logon events for a user and save them to a CSV file:
```
.\AuditUserLogin.ps1 -user "user1" -days 5 -csv
```
### Requirements
- Appropriate permissions to access Security logs on a domain controller.
- Group Policy settings for audit of logon, lockout events need to be enabled on the domain controller.