0

Powershell members of Local Admin Group on Remote Computer

You can easily check the local admins with the compmgmt.msc or direct via cmd “compmgmt.msc /computer:$ComputerName”

If you want to achive the Task with powershell, you just Need to use this code:

#region Get-LocalAdmins
function get-localadmins{
[cmdletbinding()]
Param(
[string]$computerName
)
$group = get-wmiobject win32_group -ComputerName $computerName -Filter “LocalAccount=True AND SID=’S-1-5-32-544′”
$query = “GroupComponent = `”Win32_Group.Domain=’$($group.domain)’`,Name=’$($group.name)’`””
$list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
$list | %{$_.PartComponent} | % {$_.substring($_.lastindexof(“Domain=”) + 7).replace(“`”,Name=`””,“\”)}
}
#endregion Get-LocalAdmins

Now you can query every Computer with “get-localadmins computername” – You need local admin rights to do this.

 

 

0

Powershell AD User Unlock

With this Script you can unlock locked users from AD without RSAT or RDP to your AD Server. It can be only used with Domain Admins rights, which should be clear. You Need to install the Quest Admin Tools from http://www.quest.com/powershell/activeroles-server.aspx and then follow the script.

function Show-MsgBox
{
[CmdletBinding()]
param(
[Parameter(Position=0, Mandatory=$true)] [string]$Prompt,
[Parameter(Position=1, Mandatory=$false)] [string]$Title =“”,
[Parameter(Position=2, Mandatory=$false)] [ValidateSet(“Information”, “Question”, “Critical”, “Exclamation”)] [string]$Icon =“Information”,
[Parameter(Position=3, Mandatory=$false)] [ValidateSet(“OKOnly”, “OKCancel”, “AbortRetryIgnore”, “YesNoCancel”, “YesNo”, “RetryCancel”)] [string]$BoxType =“OkOnly”,
[Parameter(Position=4, Mandatory=$false)] [ValidateSet(1,2,3)] [int]$DefaultButton = 1
)
[System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.VisualBasic”) | Out-Null
switch ($Icon) {
“Question” {$vb_icon = [microsoft.visualbasic.msgboxstyle]::Question }
“Critical” {$vb_icon = [microsoft.visualbasic.msgboxstyle]::Critical}
“Exclamation” {$vb_icon = [microsoft.visualbasic.msgboxstyle]::Exclamation}
“Information” {$vb_icon = [microsoft.visualbasic.msgboxstyle]::Information}}
switch ($BoxType) {
“OKOnly” {$vb_box = [microsoft.visualbasic.msgboxstyle]::OKOnly}
“OKCancel” {$vb_box = [microsoft.visualbasic.msgboxstyle]::OkCancel}
“AbortRetryIgnore” {$vb_box = [microsoft.visualbasic.msgboxstyle]::AbortRetryIgnore}
“YesNoCancel” {$vb_box = [microsoft.visualbasic.msgboxstyle]::YesNoCancel}
“YesNo” {$vb_box = [microsoft.visualbasic.msgboxstyle]::YesNo}
“RetryCancel” {$vb_box = [microsoft.visualbasic.msgboxstyle]::RetryCancel}}
switch ($Defaultbutton) {
1 {$vb_defaultbutton = [microsoft.visualbasic.msgboxstyle]::DefaultButton1}
2 {$vb_defaultbutton = [microsoft.visualbasic.msgboxstyle]::DefaultButton2}
3 {$vb_defaultbutton = [microsoft.visualbasic.msgboxstyle]::DefaultButton3}}
$popuptype = $vb_icon -bor $vb_box -bor $vb_defaultbutton
$ans = [Microsoft.VisualBasic.Interaction]::MsgBox($prompt,$popuptype,$title)
return $ans
}
# Script
$Locked_User = Get-QADUser -Locked | Select-Object -expand samaccountname
if ($Locked_User -ne $null){
Show-MsgBox -Prompt “The following Users are locked: `n $Locked_user” -Title “Locked Users” -Icon Information -BoxType OKOnly
$Confirmation_User = Show-MsgBox -Prompt “Unlock User?” -Title “Unlock User?” -Icon Information -BoxType YesNo
if ($Confirmation_User -eq “YES”){
$Unlock_User = $Locked_User
Unlock-QADUser $Unlock_User
$Locked_User_2 = Get-QADUser -Locked | Select-Object -expand samaccountname
if ($Locked_User_2 -eq $Locked_User){
$Locked_Error = Show-MsgBox -Prompt “Error unlocking $Unlock_User” -Title “Error unlocking User” -Icon Critical -BoxType OKOnly
}
else{
Show-MsgBox -Prompt “User $Unlock_User unlocked!” -Title “Entsperrt” -Icon Information -BoxType OKOnly
}
}
else{
Show-MsgBox -BoxType “OKOnly” -Title “Unlock User” -Prompt “No user unlocked!” -Icon “Information”}
}
else{
Show-MsgBox -Prompt “No user locked!” -Icon Information -BoxType OKOnly
}

First Comes the Show-Msg function for the Msg Boxes. Second the simple User Unlock function. If multiple Users are locked, you can unlock all at once.

 

0

Powershell CSV Export / Import

If you want do e.g. save Settings of your script, you have multiple ways to do so. For my Powershell Toolkit, i decided to use CSV Export and Import, because it is very easy to implement.

Export:

$folderbrowserdialog1.ShowDialog()
$save = $folderbrowserdialog1.SelectedPath += “/config.csv”
New-Object -TypeName PSCustomObject -Property @{
“global:Language” = $Language
“global:Profilefolder” = $Profilefolder
“global:Homefolder” = $Homefolder
“global:Outfile” = $Outfile
“global:SiteName” = $SiteName
“global:SCCMServer” = $SCCMServer
“global:SCCMNameSpace” = $SCCMNameSpace
} | Export-Csv -Path $save -NoTypeInformation -Force

I Use Powershellstudio for GUI implementing. It is very intiutive to use. If you don’t have it, you can make a Folderbrowser Dialog like this:

$app = new-object -com Shell.Application
$folder = $app.BrowseForFolder(0, “Select Folder”, 0, “C:\”)

Second, I add the filename with:

$save = $folderbrowserdialog1.SelectedPath += "/config.csv"

Now you have to create a custom Powershell Object for your Export. And you have to give your variables names for the CSV. If you want to Import the CSV later, I recommend to use the Variable Names, if you use it for something else, Excel maybe, you can change the names as you wish.

New-Object -TypeName PSCustomObject -Property @{
“global:Language” = $Language
“global:Profilefolder” = $Profilefolder
“global:Homefolder” = $Homefolder
“global:Outfile” = $Outfile
“global:SiteName” = $SiteName
“global:SCCMServer” = $SCCMServer
“global:SCCMNameSpace” = $SCCMNameSpace
}

At last, we export the whole custom object in our CSV-File.

Export-Csv -Path $save -NoTypeInformation -Force

Import

Now for the import, it is pretty much the same but the other way around.

$openfiledialog1.ShowDialog()
$load = $openfiledialog1.FileNames
$Import = Import-Csv -Path $load
foreach ($Line in $Import) {
$global:Language=$($Line.“global:Language”)
$global:Profilefolder=$($Line.“global:Profilefolder”)
$global:Homefolder=$($Line.“global:Homefolder”)
$global:Outfile=$($Line.“global:Outfile”)
$global:SiteName=$($Line.“global:SiteName”)
$global:SCCMServer=$($Line.“global:SCCMServer”)
$global:SCCMNameSpace=$($Line.“global:SCCMNameSpace”)
$global:SCCMEnabled=[bool]$($Line.“global:SCCMEnabled”)
}

 

Openfiledialog opens a File Browser, where you can select your config file. Here is how you can do it without Powershell Studio:

[void] [Reflection.Assembly]::LoadWithPartialName( ‘System.Windows.Forms’ )
$d = New-Object Windows.Forms.OpenFileDialog
$d.ShowHelp = $true
$d.ShowDialog()

Now the Import itself:

$Import = Import-Csv -Path $load
foreach ($Line in $Import) {
$global:Language=$($Line.“global:Language”)
$global:Profilefolder=$($Line.“global:Profilefolder”)
$global:Homefolder=$($Line.“global:Homefolder”)
$global:Outfile=$($Line.“global:Outfile”)
$global:SiteName=$($Line.“global:SiteName”)
$global:SCCMServer=$($Line.“global:SCCMServer”)
$global:SCCMNameSpace=$($Line.“global:SCCMNameSpace”)
$global:SCCMEnabled=[bool]$($Line.“global:SCCMEnabled”)
}

You have to import the CSV into a variable, then check each Item for your given Title, e.g. “global.Language” The $ and Brackets are needed.

That’s all for the Import / Export I am using in Powershell Toolkit

1 2