Security

One-Liner Wednesday November 2, 2022

November 2, 2022 by admin Leave a Comment

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | sort-object ExpiryDate

Here is a one liner that find very useful and hope you do to.

You can customize it even more, but for now this one grabs all the AD User accounts that are expiring and the ones expiring first at the top. I love using this to stay in front of users passwords expiring then they can’t connect or if they are off network and is a rush to get it done.

You could even sent this up as a scheduled task and have it pull the next 2 weeks of users. Then either you reach out to them, it emails them, or it notifies your help desk to reach out to them to help change their password.

Or you could have it in your dashboard so you’d always see the next 2 weeks of users passwords expiring.

One-Liner Wednesday October 26, 2022

October 26, 2022 by ClaytonT Leave a Comment

One Liner Wednesday Cyber Security Edition

Want to see the top Malware that hits your 365 Exchange? Try this one liner out

Get-MailTrafficSummaryReport -Category TopMalware -StartDate 08-01-2022 -EndDate 10-25-2022 | Select-Object C1,C2 | out-gridview

This will give you the different types of malware Microsoft has found and how many times it found in since August 1. Then it will display it in a grid view that you can filter. I normally export to Excel/CSV to keep the data as it goes away after 90 days. Bigger organizations I’d recommend pushing it into a database for longer term analytics.

Check out Microsoft Docs and my 365 GitHub Repository for more ideas!

Microsoft Documentation:
Get-MailtrafficSummaryReport

365 Exchange Security Dasboard(Very early stages)
365 Exchange Security Dashboard

My Microsoft 365 GitHub Repository:
Powershell365

One-Liner Wednesday October 19, 2022

October 19, 2022 by ClaytonT Leave a Comment

New-TenantAllowBlockListItems -ListType Sender -Block -Entries emailaddress

Here is a super useful one liner that has come in handy more recently.

What this does is adds a user or domain to the tenant block list as it’s written below. If you need to add someone to the allow list, you can change -Block to -Allow. You can even change set a duration for both Blocking and Allowing.

Command:
New-TenantAllowBlockListItems

Example with Parameters:

Add-365Blocklist

Module Monday October 10, 2022

October 10, 2022 by ClaytonT Leave a Comment

It’s time for Module Monday….

Share Code not Secrets, I think says it best. I guess you probably want the name of the module now…It’s called PSSecretScanner which will search files/folders that you point it too and check if there are any passwords visible! Maybe you have some old code that you haven’t used in awhile, you might want to run this on it just to make sure younger you who may have been more naïve didn’t leave any plain text passwords! We’ve all been there!

PowerShell Gallery:
PSSecretScanner/1.0.9