Tag Archives: Custom Functions

Powershell

Convert String to Scriptblock Function

You cannot invoke-command a string. You should use a Scriptblock. If you import a value as a string you can convert it only if it is a single value string using the following command:

[scriptblock]::Create("$string")

To convert an multivalue array to scriptblock you can use a module as shown below:

function Convert-StringToScriptBlock {
param(
[parameter(ValueFromPipeline=$true,Position=0)]
[string]
$string
)
$sb = [scriptblock]::Create($string)
return $sb
}

Export-ModuleMember -Function 'Convert-StringToScriptBlock'

ZIP:

Convert-StringtoScripblock

Powershell

Import PFX Certificate Module

Windows Server 2012 R2 and Windows 8.1 contain a nice function for import-PFXCertificate. However if you mange an older operating system you can use a different function:

function Import-PfxCertificate {
 
param([String]$certPath,[String]$certRootStore = “CurrentUser”,[String]$certStore = “My”,$pfxPass = $null)
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
 
if ($pfxPass -eq $null) {$pfxPass = read-host “Enter the pfx password” -assecurestring}
 
$pfx.import($certPath,$pfxPass,“Exportable,PersistKeySet”)

$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
$store.open(“MaxAllowed”)
$store.add($pfx)
$store.close()
}
Export-ModuleMember -Function 'Import-PfxCertificate'
Inrichting, Powershell

Add Printer Script Unique Print Drivers

For an automated installation it was necessary to have an up to date list of the printer drivers. As print manufactorers occassionally add a dozen printer drivers into one setup we wanted to have a script that connects to all on duty print servers. I used the function Add-PrinterDriver for this cause. In the RES Automation Manager script there was some code necessary to first add a feature if it wasn’t present:

Import-Module ServerManager
$RSATADPowerShell = Get-WindowsFeature -Name "RSAT-AD-PowerShell"
If ($RSATADPowerShell.Installed -match "False"){
Add-WindowsFeature RSAT-AD-PowerShell}

Then I added the function in another script:

Import-Module ActiveDirectory
#Functie Add-PrinterDriver
function Add-PrinterDriver { 
 [CmdletBinding()] 
         Param( 
              [Parameter(Mandatory=$true)] 
              [string] $PrintServer, 
              [switch] $Clean 
             ) 

#Collecting all shared printer objects from the specified print server 
$allprinters = @(Get-WmiObject win32_printer -ComputerName $PrintServer -Filter 'shared=true') 
#Defining all unique printer drivers from the specified print server 
$drivers = @($allprinters | Select-Object drivername -Unique) 
#Defining a collection containing the first printer object using a unique printer driver 
$printers = @() 
foreach ($item in $drivers){ 
$printers += @($allprinters | Where-Object {$_.drivername -eq $item.drivername})[0] 
} 

#Collecting locally installed drivers 
$localdrivers = @() 
foreach ($driver in (Get-WmiObject Win32_PrinterDriver)){ 
$localdrivers += @(($driver.name -split ",")[0]) 
} 

#Initializing the CurrentPrinter variable for use with Write-Progress 
$CurrentPrinter = 1 

#Looping through the printer objects collection, installing those who are not already installed on the local computer 
foreach ($printer in $printers) { 

Write-Progress -Activity "Installing printers..." -Status "Current printer: $($printer.name)" -Id 1 -PercentComplete (($CurrentPrinter/$printers.count) * 100) 

#Create hash-table for output object 
$outputobject = @{} 
$outputobject.drivername = $printer.drivername 

$locallyinstalled = $localdrivers | Where-Object {$_ -eq $printer.drivername} 
if (-not $locallyinstalled) { 
Write-Verbose "$($printer.drivername) is not installed locally" 
$AddPrinterConnection = Invoke-WmiMethod -Path Win32_Printer -Name AddPrinterConnection -ArgumentList ([string]::Concat('\', $printer.__SERVER, '', $printer.ShareName)) -EnableAllPrivileges 
$outputobject.returncode = $AddPrinterConnection.ReturnValue 
} 
else 
{ 
Write-Verbose "$($printer.drivername) is already installed locally" 
$outputobject.returncode = "Already installed" 
} 

#Create a new object for each driver, based on the outputobject hash-table 
New-Object -TypeName PSObject -Property $outputobject 

$CurrentPrinter ++ 

} 

#Deletes all printer connections for the current user 
if ($clean) { 
$printers = Get-WmiObject Win32_Printer -EnableAllPrivileges -Filter network=true 
if ($printers) { 
foreach ($printer in $printers) { 
$printer.Delete() 
} 
} 
} 
}

$OS = (Get-WmiObject Win32_OperatingSystem).Caption.replace("Microsoft ","").Replace("Standard ","Standard").Replace("Enterprise ","Enterprise").Replace("Datacenter ","Datacenter")
$ADPrintservers = Get-ADComputer -Filter * -Property * |Where {$_.name -like "PR*"} | select DNSHostName,OperatingSystem
$Pingable =@()
foreach ($computer in $ADPrintservers){
if (Test-Connection $Computer.DNSHostName -quiet) { $Pingable += $Computer}}
foreach ($Computer in $Pingable){
If ($OS -contains $Computer.OperatingSystem){
Add-PrinterDriver -Printserver $Computer.DNSHostName}}

The script above enumerates all servers starting with PR*. Next this script test whether the server is pingable or not. You could enter credentials if you disabled pinging to the Test-Connection command. Next it validates if the server has the same OS as the print server. Some print servers are around for the 32 bit environment. You can also add a filter for that. At the end it deletes the space that is somehow added to the replace part of OS variable.  The bare function is like this:

function Add-PrinterDriver { 
 [CmdletBinding()] 
         Param( 
              [Parameter(Mandatory=$true)] 
              [string] $PrintServer, 
              [switch] $Clean 
             ) 

#Collecting all shared printer objects from the specified print server 
$allprinters = @(Get-WmiObject win32_printer -ComputerName $PrintServer -Filter 'shared=true') 
#Defining all unique printer drivers from the specified print server 
$drivers = @($allprinters | Select-Object drivername -Unique) 
#Defining a collection containing the first printer object using a unique printer driver 
$printers = @() 
foreach ($item in $drivers){ 
$printers += @($allprinters | Where-Object {$_.drivername -eq $item.drivername})[0] 
} 

#Collecting locally installed drivers 
$localdrivers = @() 
foreach ($driver in (Get-WmiObject Win32_PrinterDriver)){ 
$localdrivers += @(($driver.name -split ",")[0]) 
} 

#Initializing the CurrentPrinter variable for use with Write-Progress 
$CurrentPrinter = 1 

#Looping through the printer objects collection, installing those who are not already installed on the local computer 
foreach ($printer in $printers) { 

Write-Progress -Activity "Installing printers..." -Status "Current printer: $($printer.name)" -Id 1 -PercentComplete (($CurrentPrinter/$printers.count) * 100) 

#Create hash-table for output object 
$outputobject = @{} 
$outputobject.drivername = $printer.drivername 

$locallyinstalled = $localdrivers | Where-Object {$_ -eq $printer.drivername} 
if (-not $locallyinstalled) { 
Write-Verbose "$($printer.drivername) is not installed locally" 
$AddPrinterConnection = Invoke-WmiMethod -Path Win32_Printer -Name AddPrinterConnection -ArgumentList ([string]::Concat('\', $printer.__SERVER, '', $printer.ShareName)) -EnableAllPrivileges 
$outputobject.returncode = $AddPrinterConnection.ReturnValue 
} 
else 
{ 
Write-Verbose "$($printer.drivername) is already installed locally" 
$outputobject.returncode = "Already installed" 
} 

#Create a new object for each driver, based on the outputobject hash-table 
New-Object -TypeName PSObject -Property $outputobject 

$CurrentPrinter ++ 

} 

#Deletes all printer connections for the current user 
if ($clean) { 
$printers = Get-WmiObject Win32_Printer -EnableAllPrivileges -Filter network=true 
if ($printers) { 
foreach ($printer in $printers) { 
$printer.Delete() 
} 
} 
} 
}

This function lets powershell connect to the printserver. It does a query on all shared printers. Then it sorts the results to unique values. At last it connects to that printer which causes the driver to be installed. There is a group policy necessary for this to work. The following policy settings are mandatory:

PointAndPrintRestrictions

 

This is a computer policy located at Computer Configuration –> Windows Settings –> Printers –> Point and Print Restrictions

Microsoft, Powershell

Random Password Generator

Generates strong passwords

PS1:

$length = 9
For ($a=48;$a –le 122;$a++) {$ascii+=,[char][byte]$a }
Function GET-Temppassword() {

Param(

[int]$length=10,

[string[]]$sourcedata

)

For ($loop=1; $loop –le $length; $loop++) {

            $TempPassword+=($sourcedata | GET-RANDOM)

            }

return $TempPassword

}

For ($a=48;$a –le 122;$a++) {$ascii+=,[char][byte]$a }

GET-Temppassword –length $Length –sourcedata $ascii

Optional Function:

Function GET-Temppassword() {

Param(

[int]$length=10,

[string[]]$sourcedata

)

For ($loop=1; $loop –le $length; $loop++) {

            $TempPassword+=($sourcedata | GET-RANDOM)

            }

return $TempPassword

}

ZIP:

 

Powershell

IP-address converter

In een Synology kan men IP-adressen blokkeren op basis van een lijst. Deze lijst moet alleen ip-adressen bevatten. Er kunnen geen subnets of iets dergelijk opgegeven worden. Met een Powershell script zijn deze ip-adressen om te zetten. Ga voor een lijst naar deze site. Selecteer een land, bijvoorbeeld China. Selecteer de Netmask variant en gooi deze in een CSV. Importeer vervolgens de Output in de automatisch blokkeren lijst. Dit gaat via het configuratie scherm –> Beveiliging –> Automatisch blokkeren –> Blokkeren –> Importeer lijst

 

PS1:

<#
.SYNOPSIS
Imports function for Get-IPrange. Imports CSV. Export List of IP-addresses. Expect XML file with content. Expects CSV file with Subnets

.NOTES
File Name : IPrangeconverter.ps1
Author    : Steven van den Berg (Bexit)
Date      : 9:00 Vrijdag 14 januari 2014
Requires  : PowerShell v3.0
Tag       : PowerShell, Get-IPrange

#>

#Function
function Get-IPrange 
{ 
<#  
  .SYNOPSIS   
    Get the IP addresses in a range  
  .EXAMPLE  
   Get-IPrange -start 192.168.8.2 -end 192.168.8.20  
  .EXAMPLE  
   Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0  
  .EXAMPLE  
   Get-IPrange -ip 192.168.8.3 -cidr 24  
#>  

param  
(  
  [string]$start,  
  [string]$end,  
  [string]$ip,  
  [string]$mask,  
  [int]$cidr  
)  

function IP-toINT64 () {  
  param ($ip)  

  $octets = $ip.split(".")  
  return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])  
}  

function INT64-toIP() {  
  param ([int64]$int)  

  return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() ) 
}  

if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}  
if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }  
if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}  
if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}  
if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}  

if ($ip) {  
  $startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring  
  $endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring  
} else {  
  $startaddr = IP-toINT64 -ip $start  
  $endaddr = IP-toINT64 -ip $end  
}  

for ($i = $startaddr; $i -le $endaddr; $i++)  
{  
  INT64-toIP -int $i  
} 

}

#XML
Clear
#Import XML Config File
$xmlConfigfile = ".IPAddressConverter.xml"

	While (((Test-Path $xmlConfigfile) -eq $false) -or ($NoXML)){
		[System.Windows.Forms.MessageBox]::Show("ERROR: $xmlConfigfile not found!")
	write-host De XML file kan niet gevonden worden -F Red
	If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}
	exit
	}
If (-not ($CSV -and $Outfile)) {
		$xml = get-content $xmlConfigfile
		If (-not $CSV) {$CSV = $xml.Config.Settings.CSV}
		If (-not $Header) {$Header = $xml.Config.Settings.Header}
		If (-not $Outfile) {$Outfile = $xml.Config.Settings.Outfile}
		}

# The method of reading a .CSV file below ensures that a single line csv is also handled correct
	While (((Test-Path $CSV) -eq $false) -or ($NoCSV)){
		[System.Windows.Forms.MessageBox]::Show("ERROR: $xmlConfigfile not found!")
	write-host De CSV file kan niet gevonden worden -F Red
	If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}
	exit
	}

$list = @(import-csv -Delimiter '/' $CSV)
write-host ".CSV file contains" $list.count " lines." -F Yellow -B DarkCyan
$list[0]

if ($error.count -ne 0)

{
	write-host "An error occurred during the operation. Details follow:"
	$error[0].categoryInfo
	$error[0].invocationinfo
	write-host "=========================================================="
	write-host "Quit due to an error" -Fore Red
	Exit
}
else
{
	#"Successfully opened .CSV file..."
}

#Loop through .CSV file
foreach($entry in $list)

{
	# Reset the variable to make sure that they are clean before processing a user.
	$IP=$entry.IP
	$Mask=$entry.Mask

$list = Get-IPrange -ip $IP -mask $Mask
Add-Content -Value $list -Path $OutFile
}

XML:

<Config> 
  <Settings>
	<CSV>.IPAddressConverter.csv</CSV>
	<Outfile>.Output.csv</Outfile>
  </Settings>
</Config>

CSV:

IP/MASK
1.1.1.1/255.255.255.0

 

Functie (Optioneel):

function Get-IPrange 
{ 
<#  
  .SYNOPSIS   
    Get the IP addresses in a range  
  .EXAMPLE  
   Get-IPrange -start 192.168.8.2 -end 192.168.8.20  
  .EXAMPLE  
   Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0  
  .EXAMPLE  
   Get-IPrange -ip 192.168.8.3 -cidr 24  
#>  

param  
(  
  [string]$start,  
  [string]$end,  
  [string]$ip,  
  [string]$mask,  
  [int]$cidr  
)  

function IP-toINT64 () {  
  param ($ip)  

  $octets = $ip.split(".")  
  return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])  
}  

function INT64-toIP() {  
  param ([int64]$int)  

  return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() ) 
}  

if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}  
if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }  
if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}  
if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}  
if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}  

if ($ip) {  
  $startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring  
  $endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring  
} else {  
  $startaddr = IP-toINT64 -ip $start  
  $endaddr = IP-toINT64 -ip $end  
}  

for ($i = $startaddr; $i -le $endaddr; $i++)  
{  
  INT64-toIP -int $i  
} 

}

ZIP:

IPAddressConverter

 

 

Powershell

NTFS Security Inheritance Export Script

import-module Ntfssecurity
$lokatie = "\Domain.localdfs"
$header = "Fullname;InheritanceEnabled"
$CSV = "C:file.csv"
add-content -value $header -path $CSV
$list = Get-Childitem $lokatie -recurse | where {$_.psiscontainer -eq $true}
foreach ($Item in $list){
$export = get-inheritance -path $item.fullname
foreach ($object in $export){
$outinfo = $item.fullname + ";" + $object.inheritanceEnabled
add-content -value $outinfo -path $CSV}}

 

NTFSSecurity

Powershell

Split Function

function Split-array
 {

<# .SYNOPSIS Split an array .PARAMETER inArray A one dimensional array you want to split .EXAMPLE Split-array -inArray @(1,2,3,4,5,6,7,8,9,10) -parts 3 .EXAMPLE Split-array -inArray @(1,2,3,4,5,6,7,8,9,10) -size 3 #>

param($inArray,[int]$parts,[int]$size)

if ($parts) {
 $PartSize = [Math]::Ceiling($inArray.count / $parts)
 }
 if ($size) {
 $PartSize = $size
 $parts = [Math]::Ceiling($inArray.count / $size)
 }

$outArray = @()
 for ($i=1; $i -le $parts; $i++) {
 $start = (($i-1)*$PartSize)
 $end = (($i)*$PartSize) - 1
 if ($end -ge $inArray.count) {$end = $inArray.count}
 $outArray+=,@($inArray[$start..$end])
 }
 return ,$outArray

}

http://gallery.technet.microsoft.com/scriptcenter/Split-an-array-into-parts-4357dcc1

Powershell

XLSX aanmaken in Powershell

$csvs = Get-ChildItem .* -Include *.csv
 $y=$csvs.Count
 Write-Host “Detected the following CSV files: ($y)”
 foreach ($csv in $csvs)
 {
 Write-Host ” “$csv.Name
 }
 $outputfilename = read-host “Please enter the output file name: “
 Write-Host Creating: $outputfilename
 $excelapp = new-object -comobject Excel.Application
 $excelapp.sheetsInNewWorkbook = $csvs.Count
 $xlsx = $excelapp.Workbooks.Add()
 $sheet=1

foreach ($csv in $csvs)
 {
 $row=1
 $column=1
 $worksheet = $xlsx.Worksheets.Item($sheet)
 $worksheet.Name = $csv.Name
 $file = (Get-Content $csv)
 foreach($line in $file)
 {
 $linecontents=$line -split ‘,(?!s*w+”)’
 foreach($cell in $linecontents)
 {
 $worksheet.Cells.Item($row,$column) = $cell
 $column++
 }
 $column=1
 $row++
 }
 $sheet++
 }

$xlsx.SaveAs($outputfilename)
 $excelapp.quit()
Microsoft, Powershell

Query Inheritance op User Object in AD

De Get-ADuser heeft niet de mogelijkheid om op inheritance een query te doen. Laat staan het vinkje Include inheritable permissions from this object’s parent in het security tabblad.

Quest heeft CMDlet’s gemaakt die gratis zijn en die hier prima gebruikt kunnen worden. Het commando dat uitgevoerd moet worden is het volgende:

 
Get-QADUser -SizeLimit 0 | Where-Object {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected }

 

Om eventueel naar een ander domein te verbinden kan het volgende commando gebruikt worden:

Connect-QADService -service ''

Om de gevonden accounts ook daadwerkelijk aan te passen kan bovenstaande code ook uitgebreid worden:

Get-QADUser -SizeLimit 0 | Where-Object {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected } | Set-QADObjectSecurity -UnlockInheritance