SHOW:
|
|
- or go back to the newest paste.
| 1 | $username = "skan" | |
| 2 | - | $haslo = '$Kan123..' |
| 2 | + | $haslo = '$kan123..' |
| 3 | $nazwa_folderu = "SKAN" | |
| 4 | ||
| 5 | $this_dir = pwd | |
| 6 | $lokalizacja_folderu = [Environment]::GetFolderPath("Desktop")
| |
| 7 | ||
| 8 | If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) | |
| 9 | {
| |
| 10 | # Relaunch as an elevated process: | |
| 11 | Start-Process powershell.exe "-File",('"{0}"' -f $MyInvocation.MyCommand.Path) -Verb RunAs
| |
| 12 | exit | |
| 13 | } | |
| 14 | ||
| 15 | ||
| 16 | ### | |
| 17 | ||
| 18 | $oc_i = "yellow" | |
| 19 | $oc_d = "blue" | |
| 20 | $oc_o = "green" | |
| 21 | ||
| 22 | $computername = "$env:computername" | |
| 23 | $account = $env:computername + "\" + $username | |
| 24 | ## interactive password # $Password = Read-Host -AsSecureString | |
| 25 | $fq_place = "$lokalizacja_folderu\$nazwa_folderu" | |
| 26 | $Password = "$haslo" | ConvertTo-SecureString -AsPlainText -Force | |
| 27 | ||
| 28 | ||
| 29 | function write-text($ForegroundColor) {
| |
| 30 | $fc = $host.UI.RawUI.ForegroundColor;$host.UI.RawUI.ForegroundColor = $ForegroundColor | |
| 31 | if ($args) { Write-Output $args }else { $input | Write-Output }
| |
| 32 | $host.UI.RawUI.ForegroundColor = $fc | |
| 33 | } | |
| 34 | ||
| 35 | function 1_user_create {
| |
| 36 | [CmdletBinding()] | |
| 37 | param ( [string]$username, [SecureString] $Password) | |
| 38 | if ( Get-LocalUser -Name $username -ErrorAction SilentlyContinue ) | |
| 39 | {
| |
| 40 | Remove-LocalUser -Name $username | |
| 41 | write-text $oc_d "User deleted" | |
| 42 | } | |
| 43 | New-LocalUser -Name "$username" -Password $Password -FullName "$username" | |
| 44 | write-text $oc_d "User created" | |
| 45 | } | |
| 46 | ||
| 47 | ||
| 48 | function 1B_user_repair {
| |
| 49 | [CmdletBinding()] | |
| 50 | param ( [string]$username ) | |
| 51 | if ( Get-LocalUser -Name $username -ErrorAction SilentlyContinue ) | |
| 52 | {
| |
| 53 | set-localuser -name "$username" -password $Password | |
| 54 | write-text $oc_d "Change password for user" | |
| 55 | } | |
| 56 | else | |
| 57 | {
| |
| 58 | write-text $oc_d "User don't exist!" | |
| 59 | } | |
| 60 | } | |
| 61 | function 2_user_hide {
| |
| 62 | [CmdletBinding()] | |
| 63 | param ( [string]$username ) | |
| 64 | - | # add check if winlogon exist! |
| 64 | + | |
| 65 | - | $location = 'hklm:\SOFTWARE\Microsoft\windows nt\currentversion\winlogon' |
| 65 | + | |
| 66 | - | Set-Location $location |
| 66 | + | |
| 67 | - | if (Test-Path "$location\SpecialAccount") {
|
| 67 | + | |
| 68 | - | write-text $oc_d 'user was already hidden' |
| 68 | + | |
| 69 | set-localuser -Name $username -PasswordNeverExpires:$TRUE | |
| 70 | - | else |
| 70 | + | |
| 71 | write-text $oc_d "User password never expires" | |
| 72 | - | New-Item -Path "$location\SpecialAccount" -Name 'UserList' |
| 72 | + | |
| 73 | - | New-ItemProperty -Path "$location\SpecialAccount\UserList" -Name "$username" -Value '0' -PropertyType DWORD |
| 73 | + | |
| 74 | - | write-text $oc_d "user hidden" |
| 74 | + | |
| 75 | [CmdletBinding()] | |
| 76 | - | pop-location |
| 76 | + | |
| 77 | New-Item -ItemType Directory -Force -Path "$fq_place" | |
| 78 | write-text $oc_d "Directory created" | |
| 79 | } | |
| 80 | ||
| 81 | function 5_share_create {
| |
| 82 | [CmdletBinding()] | |
| 83 | param ( [string]$nazwa_folderu, | |
| 84 | [string]$fq_place, | |
| 85 | [string]$account | |
| 86 | ) | |
| 87 | ||
| 88 | $ust_udzialu = @{ 'Name' = $nazwa_folderu;
| |
| 89 | 'Path' = "$fq_place"; | |
| 90 | 'FullAccess' = "$account" | |
| 91 | } | |
| 92 | ||
| 93 | if ( Get-SmbShare -Name "$nazwa_folderu" -ErrorAction SilentlyContinue ) | |
| 94 | { Remove-SmbShare -Name "$nazwa_folderu" -force }
| |
| 95 | # New-SmbShare $ust_udzialu | |
| 96 | New-SmbShare -Name "$nazwa_folderu" -Path "$fq_place" -FullAccess "$account" | |
| 97 | write-text $oc_d "Share created" | |
| 98 | } | |
| 99 | ||
| 100 | function 6_win_lower_cypher {
| |
| 101 | $locat2 = 'hklm:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0' | |
| 102 | if (Test-Path $locat2) {
| |
| 103 | $Key = Get-Item -LiteralPath "$locat2" | |
| 104 | if ($Key.GetValue("NtlmMinClientSec", $null) -ne 0) { New-ItemProperty -Path "$locat2" -Name "NtlmMinClientSec" -PropertyType DWORD -Value '0' }
| |
| 105 | if ($Key.GetValue("NtlmMinServerSec", $null) -ne 0) { New-ItemProperty -Path "$locat2" -Name "NtlmMinServerSec" -PropertyType DWORD -Value '0' }
| |
| 106 | } | |
| 107 | else | |
| 108 | { write-text red "there is no $($locat2)" }
| |
| 109 | write-text $oc_d "lowered minimum cypher" | |
| 110 | } | |
| 111 | ||
| 112 | function 7_win_net_private {
| |
| 113 | if ( -not ( "PRIVATE" -like (Get-NetconnectionProfile | select-object NetworkCategory).networkcategory) ) {
| |
| 114 | Get-NetconnectionProfile | Set-NetconnectionProfile -NetworkCategory Private | |
| 115 | write-text $oc_o "network set as private" | |
| 116 | } | |
| 117 | else { write-text $oc_d "network was already as private" }
| |
| 118 | } | |
| 119 | ||
| 120 | function 8_win_smb1_set {
| |
| 121 | if ( "Enabled" -eq (Get-WindowsOptionalFeature -online -FeatureName "SMB1protocol-server" | select-object -property state).state ) ` | |
| 122 | { write-text $oc_d "smb1 is installed" }
| |
| 123 | else {
| |
| 124 | Enable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol" -All; | |
| 125 | write-text $oc_o "enabled smb1" | |
| 126 | } | |
| 127 | } | |
| 128 | ||
| 129 | function A_get_user_info {
| |
| 130 | write-text $oc_d "Username = $username" | |
| 131 | write-text $oc_d "haslo = $haslo" | |
| 132 | write-text $oc_d "nazwa udzialu = $nazwa_folderu" | |
| 133 | } | |
| 134 | ||
| 135 | function B_get_interface_info {
| |
| 136 | get-NetIPInterface ` | |
| 137 | | where-object { ( $_.addressfamily -like "IPv4" ) -and ( $_.ConnectionState -eq "Connected" ) } `
| |
| 138 | | select-object ifindex, ifalias, dhcp, connectionstate ` | |
| 139 | | ForEach-Object ` | |
| 140 | {
| |
| 141 | Get-NetIPAddress -interfaceindex $_.ifindex ` | |
| 142 | | where-object { ( $_.addressfamily -like "ipv4" ) -and ( -not ( $_.IPv4Address -like '127.0.0.1' )) } `
| |
| 143 | | Select-Object prefixorigin, suffixorigin, type, store, addressstate, ipv4address -outvariable lol ` | |
| 144 | | Out-Null ; | |
| 145 | Get-NetAdapter -interfaceindex $_.ifindex -erroraction ignore | select-object interfacedescription, macaddress -outvariable out | out-null; | |
| 146 | $members = @{"Connectionstate" = $_.connectionstate;
| |
| 147 | "DHCP" = $_.dhcp; | |
| 148 | "ifalias" = $_.ifalias; | |
| 149 | "InterfaceDescription" = $out.interfacedescription; | |
| 150 | "macaddress" = $out.macaddress; | |
| 151 | "hostname" = $env:computername | |
| 152 | } | |
| 153 | if ( $lol.ipv4address ) { write-text red "\\$($lol.ipv4address)\$($scan_smbdir)" }
| |
| 154 | if ( $lol -ne $null ) {
| |
| 155 | $lol | add-member -notepropertymembers $members | |
| 156 | $lol | Format-table -wrap hostname, ifalias, dhcp, ipv4address, addressstate, connectionstate, macaddress, interfacedescription #-HideTableHeaders | |
| 157 | } | |
| 158 | } | |
| 159 | ||
| 160 | } | |
| 161 | ||
| 162 | function C_spooler_restart {
| |
| 163 | Restart-Service -Name Spooler -Force | |
| 164 | } | |
| 165 | ||
| 166 | function D_spooler_clear {
| |
| 167 | Stop-Service -Name Spooler -Force | |
| 168 | Move-Item -Path "$env:SystemRoot\System32\spool\PRINTERS\*.*" -Destination 'C:\demo\new' -Force | |
| 169 | } | |
| 170 | ||
| 171 | function E_check_user {
| |
| 172 | param ( [string] $username, [string] $password) | |
| 173 | if ( i_check_user $username $password ) {write-text "GREEN" "Account creditentials OK"
| |
| 174 | ||
| 175 | } | |
| 176 | else {
| |
| 177 | write-text "RED" "BAD creditentials" | |
| 178 | } | |
| 179 | ||
| 180 | } | |
| 181 | ||
| 182 | function i_check_user {
| |
| 183 | param ( [string] $username, [string] $password) | |
| 184 | $computer = $env:COMPUTERNAME | |
| 185 | Add-Type -AssemblyName System.DirectoryServices.AccountManagement | |
| 186 | $obj = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('machine',$computer)
| |
| 187 | $obj.ValidateCredentials($username, $password) | |
| 188 | } | |
| 189 | ||
| 190 | ||
| 191 | # set_user $username | |
| 192 | # set_share $nazwa_folderu $fq_place $account | |
| 193 | # set_directory $fq_place | |
| 194 | ||
| 195 | $menu=@" | |
| 196 | 0 ALL | |
| 197 | ||
| 198 | 1 user: create profile | |
| 199 | 2 user: hide profile from windows logon | |
| 200 | 3 user: set password to never expire & user can't change password themselves | |
| 201 | 4 directory: create on desktop | |
| 202 | 5 share: create share | |
| 203 | 6 windows: lower cypher on sharing | |
| 204 | 7 windows: set network to private | |
| 205 | 8 windows components: enable smb1 server | |
| 206 | ||
| 207 | 9 repair user | |
| 208 | ||
| 209 | A get user info | |
| 210 | B get interface info | |
| 211 | ||
| 212 | Q Quit | |
| 213 | ||
| 214 | Select a task by number or Q to quit | |
| 215 | "@ | |
| 216 | ||
| 217 | Function Invoke-Menu {
| |
| 218 | [cmdletbinding()] | |
| 219 | Param( | |
| 220 | [Parameter(Position=0,Mandatory=$True,HelpMessage="Enter your menu text")] | |
| 221 | [ValidateNotNullOrEmpty()] | |
| 222 | [string]$Menu, | |
| 223 | [Parameter(Position=1)] | |
| 224 | [ValidateNotNullOrEmpty()] | |
| 225 | [string]$Title = "My Menu", | |
| 226 | [Alias("cls")]
| |
| 227 | [switch]$ClearScreen | |
| 228 | ) | |
| 229 | ||
| 230 | #clear the screen if requested | |
| 231 | # if ($ClearScreen) { Clear-Host }
| |
| 232 | ||
| 233 | #build the menu prompt | |
| 234 | $menuPrompt = $title | |
| 235 | #add a return | |
| 236 | $menuprompt+="`n" | |
| 237 | #add an underline | |
| 238 | $menuprompt+="-"*$title.Length | |
| 239 | #add another return | |
| 240 | $menuprompt+="`n" | |
| 241 | #add the menu | |
| 242 | $menuPrompt+=$menu | |
| 243 | ||
| 244 | Read-Host -Prompt $menuprompt | |
| 245 | ||
| 246 | } #end function | |
| 247 | ||
| 248 | Do {
| |
| 249 | #use a Switch construct to take action depending on what menu choice | |
| 250 | #is selected. | |
| 251 | Switch (Invoke-Menu -menu $menu -title "My Help Desk Tasks" -clear) | |
| 252 | {
| |
| 253 | "0" {write-text "yellow" "all"
| |
| 254 | 1_user_create $username $Password | |
| 255 | 2_user_hide $username | |
| 256 | 3_user_neverexp $username | |
| 257 | 4_directory_create $fq_place | |
| 258 | 5_share_create $nazwa_folderu $fq_place $username | |
| 259 | 6_win_lower_cypher | |
| 260 | cd $this_dir | |
| 261 | 7_win_net_private | |
| 262 | 8_win_smb1_set | |
| 263 | A_get_user_info | |
| 264 | B_get_interface_info | |
| 265 | } | |
| 266 | "1" {write-text "yellow" "user: create profile"
| |
| 267 | 1_user_create $username | |
| 268 | } | |
| 269 | "2" {write-text "yellow" "user: hide profile from windows logon"
| |
| 270 | 2_user_hide $username | |
| 271 | } | |
| 272 | "3" {write-text "yellow" "user: set password to never expire & user can't change password themselves"
| |
| 273 | 3_user_neverexp $username | |
| 274 | } | |
| 275 | "4" {write-text "yellow" "directory: create on desktop"
| |
| 276 | 4_directory_create "$fq_place" | |
| 277 | } | |
| 278 | "5" {write-text "yellow" "share: create share"
| |
| 279 | 5_share_create "$nazwa_folderu" "$fq_place" "$username" | |
| 280 | } | |
| 281 | "6" {write-text "yellow" "windows: lower cypher on sharing"
| |
| 282 | 6_win_lower_cypher | |
| 283 | } | |
| 284 | "7" {write-text "yellow" "windows: set network to private"
| |
| 285 | 7_win_net_private | |
| 286 | } | |
| 287 | "8" {write-text "yellow" "windows components: enable smb1 server"
| |
| 288 | 8_win_smb1_set | |
| 289 | } | |
| 290 | "9" {
| |
| 291 | write-text "yellow" "repairing user" | |
| 292 | 3_user_neverexp $username | |
| 293 | 1B_user_repair $username | |
| 294 | 2_user_hide $username | |
| 295 | } | |
| 296 | "A" {
| |
| 297 | write-text "yellow" "User Info" | |
| 298 | A_get_user_info | |
| 299 | } | |
| 300 | "B" {
| |
| 301 | write-text "yellow" "Interface" | |
| 302 | B_get_interface_info | |
| 303 | } | |
| 304 | "C" {
| |
| 305 | ||
| 306 | } | |
| 307 | "D" {
| |
| 308 | ||
| 309 | } | |
| 310 | "E" {
| |
| 311 | E_check_user $username $haslo | |
| 312 | } | |
| 313 | ||
| 314 | "Q" {write-text "yellow" "Goodbye"
| |
| 315 | Return | |
| 316 | } | |
| 317 | Default {
| |
| 318 | Write-Warning "Invalid Choice. Try again." | |
| 319 | sleep -milliseconds 750 | |
| 320 | } | |
| 321 | } | |
| 322 | } While ($True) |
