There are many different ways to deploy an RMM agent to monitor end-user machines and servers. A popular option is Group Policy, also some RMM tools have the ability to do a subnet scan, but I wanted to try and do it with PowerShell while also ensuring I do not have any false positives. I wanted PowerShell to do the following tasks:
- Check if a machine is online
- Check if WinRM is available and configured correctly
- Check if LabTech was already installed
- Copy install file locally
- Install program
- Check if program installed
- Keep note of the installed machine
Below is a basic tree overview of the runtime flow.
The script would also log the data so I can let it run without monitoring it. It would also run in a loop, therefore if a machine was not on at a specific time, the script would end up coming back and … Continue...
I usually do not post articles on updates to software that I write but there are so many great updates in Master User Creator V2 that I had to make another write up. Master User Creator (MUC) is a piece of software that makes creating Active Directory and/or Office 365 users easier and more efficient. One of the drawbacks of creating a user in Active Directory Users and Computers (ADUC) is that you have to first create the user, and then find the user and edit their attributes, modify group membership, and so on. Master User Creator give you one single interface that allows you to modify membership, permissions, licenses, attributes, and so on. You can create an AD and Office 365 user at a single time as well, even copying your AD User attributes with a single click of a button.
Since publicizing the software, I have gotten many … Continue...
I usually have to connect to Office 365 via PowerShell at least once per day. I had the following function stored in my PowerShell Profile:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $UserCredential -Authentication Basic -AllowRedirection
Connect-MsolService -Credential $UserCredential
This allowed me to just open PowerShell and type Connect-O365 to connect to Office 365 instead of looking up the Session information and all of the cmdlets needed. One of the issues I faced was the lack of multi-factor authentication support. To connect to Exchange Online or Security and Compliance Center using multi-factor authentication you must use another module that is found in your tenant. Also, … Continue...
I have been recently using Teams as a central location for my organizations technical notifications instead of email as it provides a way for an entire Help Desk team to openly collaborate on the message and its contents. I recently got a request to get a Teams notification when a user gets locked out of their Active Directory account. By setting up a Webhook connector we can make it happen. The script will be triggered from Task Scheduler on Event ID 4740 which is created when a user gets locked out. By using “Search-ADAccount -LockedOut” we can return an array of locked out accounts, but by ordering it by lockout time we can ensure that we grab the most recent locked out user that corresponds to the security event.
I set the script and scheduled task up on my PDC because as far as I know, the actual lockout event … Continue...
In my previous post
I went through setting up a Team’s webhook to send a daily message / notification of all your Active Directory users that have their password expiring in a week or less. This is valuable for an IT team as they can review users and work together on the within the same work space (team).
In this post I will be setting up another scheduled task to send a daily message on Active Directory accounts that have not logged on in 90 days or more. I am also returning attributes like LockedOut, LastLogon, Enabled and more.
The array of users is sorted, showing the users that have not logged on in the longest to the shortest. You can change the sort order to fit the needs of your environment. By using the cmdlet, “New-Timespan” I can get the amount of days since the user last logged on.… Continue...
Microsoft Teams has many connectors available including Incoming Webhook. “This provides an easy solution to post notifications / messages from any scripting language through JSON formatted web service call.”1
In this post I will show you how you can gather all of your users who have passwords expiring within a specified time range, and send a notification including all relevant information to a Teams Channel. In my example I will get all users who have passwords expiring in 7 days and less and have it notify my “Help Desk” Teams Channel.
The current script will parse only enabled users because we don’t need to report on users, ‘passwordlastset’ attribute if the account isn’t even allowed to log in. It will also sort all of our data, so the users with passwords expiring the earliest will always be at the top of the message. The top description under, “Users … Continue...
I have covered the PowerShell module, “ReportHTML” in a previous article (Create an Interactive HTML Report for Office 365 with PowerShell) where I used it to generate Office 365 tenant reports. The module takes a little bit to learn the syntax and formatting but it’s great if you are not familiar with CSS/HTML as it does most of the heavy lifting for you. I like to generate reports using HTML because the data can be interacted with. You can filter your tables, search for items, change the ordering of the table, and also gather your data in bar and pie graphs.
My end goal was to create an Active Directory overview report using PowerShell. I looked into PSWinDocumentation but ultimately I wanted the report be interactive. I was looking for basic Active Directory items like Groups, Users, Group Types, Group Policy, etc, but I also wanted items like … Continue...
I recently found myself needing to build out an on premise Active Directory environment and populate it from objects found in Office 365 (AzureAD). The local Active Directory would then be configured as the identity source and would sync up to AzureAD using Azure AD Connect. Unfortunately, Azure AD Connect is currently a one way sync from your on premise Active Directory Domain Services environment to AzureAD and wont sync objects down. AADConnect does have the ability to match our AzureAD objects to their corresponding Active Directory objects but, if an attribute like City, Phone Number, Department, Title, etc. is present in your existing AzureAD and not in ADDS, the attribute may remain in AzureAD but not replicate down to ADDS. So we will want to copy over as many attributes from AzureAD to our local Active Directory as possible in preparation for the Azure AD Connect sync. We will … Continue...
As an Office 365 administrator, you can apply your company branding to customize the look of your organization’s Office 365 Message Encryption email messages as well as the contents of the encryption portal. You can customize the following aspects of the viewing experience for recipients of encrypted email messages:
- Introductory text of the email that contains the encrypted message
- Disclaimer text of the email that contains the encrypted message
- Text that appears in the OME portal
- Logo that appears in the email message and OME portal
- Background color in the email message and OME portal
You can also revert back to the default look and feel at any time.
Below is the default message your recipient will see when they receive an encrypted email message.
Customize the Message
To customize the OME message you will first need to connect to Exchange Online using Remote PowerShell. You then want to get … Continue...