Author Archives: irobx

Enumerate GPO GUIDs

dsquery * -limit 9999 -filter “(&(objectClass=groupPolicyContainer)(name={*}))” -attr name displayName

Posted in Uncategorized | Leave a comment

Powershell computer enum

Here is a short powershell snippet that will dump out all the computers in a domain into a csv file with operating system versions they are running: Get-ADcomputer -SearchBase “DC=servers,DC=domain,DC=com” -filter ‘samaccountname -like “*”‘ -properties OperatingSystem,OperatingSystemHotfix,OperatingSystemServicePack,OperatingSystemVersion,PasswordLastSet | export-csv out.csv

Posted in Powershell | Leave a comment

Batch file to send Splunk Alerts

The free version of Splunk lacks the capability to do scheduled reports and alerting. However, it has a very capable API that can be simply accessed using curl. I wrote some batch files to access these APIs and scheduled them … Continue reading

Posted in Uncategorized | Leave a comment

Script to list all members of Office 365 Admin Roles

Here is a short script to enumerate the Office 365 Admin Roles and list out each of their memberships. Please note, for this to work you need to install the Azure AD Powershell module. Connect-MsolService $roles = Get-MsolRole foreach ($role … Continue reading

Posted in Powershell | Leave a comment

Free Space percentage wmic script

Command Line script using wmic and built-in NT Shell scripting commands to retrieve free space, total disk size and calculate percent free for local hard disks. @echo off for /f “skip=1 usebackq delims==” %%i in (`wmic logicaldisk where “mediatype=’12′” get … Continue reading

Posted in NT Shell Script | Leave a comment

Powershell top processes script v2

I made some modifications to my top processes script that make it both better performing and more useful by providing more information. There is a noticeable delay when get-counter is called so rather than staring at a black screen waiting … Continue reading

Posted in Uncategorized | Leave a comment

Regular Expression to select mulicast and broadcast ip addresses

This is a powershell code snippet I used to find security log event entries that had a multicast or broadcast source ip address: Get-EventLog -LogName Security -instanceid 5156 | where {$_.message -match ‘Source Add.*\.255\s|Source Add.*\s22[4-9]|Source Add.*\s23[0-9]’}

Posted in Uncategorized | Leave a comment