Pile Of Garbage posted:lmao you're right I'm dumb as poo poo! I've no idea why I thought that was allowed. Short names?
|
|
# ? May 26, 2023 00:41 |
|
|
# ? May 15, 2024 03:43 |
|
Looking at everything, I think I might stick w/ a switch because we have 10 offices. I'll pull $office as a substring of $username. The switch will pull the office path using $office. Test the path and then create if false. I'll have to poke at it tonight when I'm back home, but this doesn't sound crazy right? Ultimately, the path will be something along the lines of \\$office\STATIC FOLDER\$username Once I can get this handled, then it's just a matter of then populating a subfolder w/ a static name, and then the part that I'm really dreading: automated permissions changes!!! Starting with the $username folder, so that the subfolder inherits the permissions, then turning off and converting permissions, then removing a standard SG we have in our ourg.
|
# ? May 31, 2023 15:10 |
|
OK, we're making folders how we want them to be named, and where we want them to be! Hurrah. Now to get into permissions. At this time, I'm hoping to have the $username folder inherit permissions, add PCNAME\$username (when introduced into work, it'll be DOMAIN\$username), and provide Modify writes. Afterwards, it will generate a subfolder called PERSONAL. Turn off inheritance while keeping permissions, and removing a specific SG that we have at work. I've got it adding the $username to the folder permissions (i setup a dummy user on my PC), but it doesn't successfully add the Modify "Allow" mark. I've tried it as this: $ACL = Get-Acl $path $perm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\$username", "Modify", "Allow") $ACL.SetAccessRule($perm) $ACL | Set-ACL $path Which is a copy&paste from pretty much everything you see on this. I've also tried it where it calls out inheritance/propagation w/ no difference. No fails when testing the script... just doesn't lock in the permissions.
|
# ? Jun 5, 2023 01:48 |
|
Have you tried putting it into try/catch blocks you see what error it's getting?
|
# ? Jun 5, 2023 05:53 |
|
Boywhiz88 posted:OK, we're making folders how we want them to be named, and where we want them to be! Looks like you've got the right constructor for the $perm variable, but you're using the SetAccessRule method for $ACL. That will remove all access rules and just have the one you specify in it (https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.directorysecurity?view=net-7.0). If you want to add an additional permission on top of the parent permissions, use the AddAccessRule method. Try this: $ACL = Get-Acl $path $perm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\$username", "Modify", "Allow") $ACL.AddAccessRule($perm) $ACL | Set-ACL $path $Subfolder = new-item -ItemType Directory -Name "PERSONAL" -path $Path #Creates a new subfolder and keeps it as a variable $SubACL = $ACL.psobject.copy () #Creates a copy of the $acl variable while keeping the original $SubACL.SetAccessRuleProtection($True, $True) #The first part says is this folder protected or not (opposite of inherited). The second is should the current acl be copied. $BadPerm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\GroupName", "Modify", "Allow") #Change this to be whatever the group you don't want inherited, and make sure the Permission level matches. There's a way to get this through scripting but if it's all the same this is faster $SubACL.RemoveAccessRule($BadPerm) #Removes the group permission above $SubACL | Set-ACL $Subfolder.FullName #And set it on the subfolder
|
# ? Jun 5, 2023 06:22 |
|
I'm getting twitchy seeing a Switch construct used instead of a dictionary. Set the dictionary up with values of $office as keys, and folder names as values. This is both cleaner code, but when they open a new office you only have to add a key/value pair instead of adding a line to the switch.
|
# ? Jun 5, 2023 06:48 |
|
Even with the AddAccessRule, it's still not doing it. That being said, I'll try the inheritance and propagation flags, just in case. Also tried ISE as admin to see if that made a difference but alas...sloshmonger posted:Looks like you've got the right constructor for the $perm variable, but you're using the SetAccessRule method for $ACL. That will remove all access rules and just have the one you specify in it (https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.directorysecurity?view=net-7.0). If you want to add an additional permission on top of the parent permissions, use the AddAccessRule method. Thank you for this! I'll probably end up replicating or copying this after i overcome whatever is going on w/ the original permissions. Reading the AccessRuleProtection, you're saying that first $True value is saying no to inheritance (protected = true) but the 2nd $true is saying but bring these values along tho... we need them. Is that a correct understanding of that function? mllaneza posted:I'm getting twitchy seeing a Switch construct used instead of a dictionary. Set the dictionary up with values of $office as keys, and folder names as values. This is both cleaner code, but when they open a new office you only have to add a key/value pair instead of adding a line to the switch. Would that be looking at the hash tables example in this article? https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_hash_tables?view=powershell-7.3 Dictionaries seems a bit much for my needs from skimming through that article. I really appreciate everyone's input here. It's a lot of fun for me to have an idea of how this might work, and be able to put one foot in front of the other and get that much further after stumbling. EDIT: INHERITANCE FLAGS DID IT FOLKS. LET'S loving GOOOOOOOOOOOOOOOO EDIT 2: Personal is turning off inheritance, preserving the rights, but won't remove the user that I have setup. Blergh! It even says "yeah I did it!" when running the script Boywhiz88 fucked around with this message at 21:59 on Jun 5, 2023 |
# ? Jun 5, 2023 20:47 |
|
Stupid question that might be in the wrong place, please feel free to mock me and tell me where to take it if so. I use Dokan to mount seven network locations as drives on my PC. Because I don't know how to do Powershell, this means that every time I start my computer, I swap over to Desktop 2, run Windows Terminal as admin, open seven tabs in the window, and then chdir to my scripts directory and run a separate batch file in each tab. I have to do it this way because if I close the window, the drives unmount, and I don't want a bunch of terminal windows open on my primary desktop all the time. I'm certain there's a way to automate all of this to run on startup in the background in Powershell, but I don't know what it is. Is there an easy obvious way, or at least a good place to start looking?
|
# ? Jun 12, 2023 21:15 |
|
Sure. Use task scheduler to run a powershell script that does those 7 commands. But why can't you just mount those network locations natively?
|
# ? Jun 13, 2023 03:58 |
|
Happiness Commando posted:Sure. Use task scheduler to run a powershell script that does those 7 commands. But why can't you just mount those network locations natively? Dokan makes them look like actual local drives. I have an application that fails if it sees them as "mounted network locations" instead of local drives. I'll look into that script. Thanks!
|
# ? Jun 13, 2023 11:53 |
|
I'm still struggling w/ removing the one user w/ my script. If anyone has any insight, I'd appreciate it. I'm hoping to avoid the NTFSAccess as I'd like to keep it as pure Powershell as possible. I've played around with method for removing, the syntax of what occurs when and no difference. It'll turn off inheritance and keep the permissions, but it won't actually remove PCNAME\Username from the PERSONAL folder that gets created. It's quite annoying! Thoughts?
|
# ? Jun 13, 2023 16:37 |
|
Boywhiz88 posted:I'm still struggling w/ removing the one user w/ my script. If anyone has any insight, I'd appreciate it. I'm hoping to avoid the NTFSAccess as I'd like to keep it as pure Powershell as possible. Is the user the owner? You can't remove access rights from the owner.
|
# ? Jun 15, 2023 00:01 |
|
disaster pastor posted:Dokan makes them look like actual local drives. I have an application that fails if it sees them as "mounted network locations" instead of local drives. Have you tried to fool the application with subst?
|
# ? Jun 17, 2023 04:41 |
|
EoRaptor posted:Is the user the owner? You can't remove access rights from the owner. No, but we're good! So, I had begun to think that maybe that removal wasn't happening so I tried other ways but was getting security exceptions. I wasn't sure so I backed away. Brought it to a coworker who gave me the same code I had tried, but I checked against the error. So here's the back-half of the script! #PERSONAL $Subfolder = new-item -ItemType Directory -Name "PERSONAL" -path $Path $SubACL = $ACL.psobject.copy() $SubACL.SetAccessRuleProtection($True, $True) $SubACL | Set-ACL $Subfolder.FullName #Thank you CoC, sloshmonger $SubACL = Get-Acl $Subfolder $rules = $SubAcl.Access | Where { $_.IdentityReference -eq "MULE\Test" } foreach($rule in $rules) { $SubAcl.RemoveAccessRule($rule) } # Perform the modification (Get-Item $Subfolder).SetAccessControl($subacl) #We've got a winner! JUICE BY TAPPY JUICE BY TAPPY Thank you all! This is going to help make my life sooooooooo much easier. It's also showing me how this stuff works, and what I might be able to do! So grateful for everyone's contributions. I knew there'd be one little thing to make the difference.
|
# ? Jun 19, 2023 23:32 |
|
Glad to see you got it working!
|
# ? Jun 25, 2023 17:55 |
|
Boywhiz88 posted:Would that be looking at the hash tables example in this article? https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_hash_tables?view=powershell-7.3 Yeah, that's the stuff. Stuff all your office-specific stuff into hash tables, use a variable as an index, operate on the value returned. I once found a use for a dictionary of dictionaries in Python and I'm still smug about it.
|
# ? Jun 27, 2023 03:11 |
|
I'm pulling data from a REST API into objects so I have a bunch of Property: Value pairs. For example: code:
|
# ? Jul 5, 2023 21:01 |
I'm not sure I understand, do you mean like an array of arrays?code:
Since I assume you've already tried ConvertTo-Json directly on your data and decided that it will not work.
|
|
# ? Jul 5, 2023 21:15 |
|
nielsm posted:I'm not sure I understand, do you mean like an array of arrays? Also, *I* didn't decide ConvertTo-Json will not work, Google took care of that for me vibur fucked around with this message at 21:36 on Jul 5, 2023 |
# ? Jul 5, 2023 21:30 |
|
FWIW, I appear to have solved my own problem (sort of). Falling down a search hole, I saw a post from someone using ChatGPT to solve a different problem so I gave it a shot. It came up with some unfamiliar cmdlets that led me to PSGSuite. My testing so far has been good - appends object values to a sheet with no need to convert to an arraylist or JSON or whatever.
|
# ? Jul 7, 2023 21:21 |
|
Lol, ask any psgsuite questions you have. I'm, uh, one of the maintainers. In particular I've done a bunch around spreadsheets specifically.
|
# ? Jul 8, 2023 00:41 |
|
vibur posted:I'm pulling data from a REST API into objects so I have a bunch of Property: Value pairs. You can use PSObject property (https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.psobject.properties?view=powershellsdk-7.2.0to) get all properties on your object and then you could loop through them So if you assigned your response to variable $response, you can do something like code:
Edit: if your response is an array of objects, you just wrap the above in another foreach loop, to parse every object separately. The Claptain fucked around with this message at 01:02 on Jul 8, 2023 |
# ? Jul 8, 2023 01:00 |
|
FISHMANPET posted:Lol, ask any psgsuite questions you have. I'm, uh, one of the maintainers. In particular I've done a bunch around spreadsheets specifically. God, this rules. I don't need Gsuite integration anymore since I'm in an O365 place now, but I remember back when I was learning how to use Powershell I was having to write my own wrappers for GAM that was scraping the text output for error codes and poo poo.
|
# ? Jul 8, 2023 22:04 |
|
I've got a user who is getting emails sent to dynamic distribution groups of which she is not a member - I exported the memberships of the three groups to CSV files and she isn't on any of them. My hunch is that a former employee is still on one of these lists and their mailbox is forwarding to her. What PS command can I run to see what mailboxes have forwarding enabled to her? EDIT: This is in Exchange Online TITTIEKISSER69 fucked around with this message at 23:28 on Jul 10, 2023 |
# ? Jul 10, 2023 23:26 |
|
Wouldn't the email headers say what mailbox it got forwarded from? Knowing what mailboxes have forwarding enabled to your colleague would be useful if you couldn't get the headers though.
|
# ? Jul 11, 2023 07:06 |
|
Afraid not, as the sender put the dynamic distro groups' addresses in BCC.
|
# ? Jul 11, 2023 13:44 |
|
TITTIEKISSER69 posted:I've got a user who is getting emails sent to dynamic distribution groups of which she is not a member - I exported the memberships of the three groups to CSV files and she isn't on any of them. Any ideas?
|
# ? Jul 17, 2023 17:57 |
|
Not powershell, but the report described here might tell you what you want: https://learn.microsoft.com/en-us/exchange/monitoring/mail-flow-reports/mfr-auto-forwarded-messages-report
|
# ? Jul 17, 2023 18:03 |
|
Messing around with this year's Advent of Code in PS and on Day 2 (Part 2)... I have successfully solved it but I can't help but feel the way I wrote it was "some poo poo". Any thoughts on how I could cut some of this down? https://gist.github.com/Toshimo-Kamiya/c4c64fa4cea477bded97a14524e75ff6
|
# ? Dec 2, 2023 18:17 |
|
No idea, but when you see it like that, you can't help but think... there's gotta be a way. I have what I think is an impossible ask: I'm trying my damndest to find a process where I can import a CSV (preferably) with appointments filled out to an M365 Room Mailbox. The idea here is that we have our standard holidays, and we want to book out our conference rooms. I'm hoping to automate in some way, vs my boss sending out manual invites/manually logging into each mailbox. Thoughts or leads? Right now, I'm coming up short but I feel crazy because you think it would be possible. EDIT: Realizing the EWS API isn't as depreciated as I might have thought... will consider that avenue because there's some stuff available. But I'm just surprised there's no way via EXO Powershell.
|
# ? Dec 11, 2023 20:30 |
Microsoft really does not want email admins to effect or read mailboxes, that's getting all swept to the compliance side of MS admin. I still mourn my inability to use search-mailbox. You still need to know your dates and all, you could setup an ICAL invite that books all holidays.
|
|
# ? Dec 12, 2023 20:15 |
|
A bit of a broad rookie question because I don't know what I don't know. I'm following some tutorials on Microsoft Entra ID. Instead of clicking through the portal, I want to complete the steps in PowerShell. With PowerShell, should I be using the Microsoft Graph module? Is the AzureAD module being deprecated for Graph, or am I misunderstanding the random rear end blog articles I've found.
|
# ? Dec 13, 2023 20:47 |
|
I think you're overthinking this? If you want to make a new user, you cast New-AzureADUser. It....does that. edit: I see what you're asking. Yes, install the graph module and get it connected with your tenant I scrolled through these directions; they look like they should get you installed and connected https://www.alitajran.com/install-microsoft-graph-powershell/ Potato Salad fucked around with this message at 22:16 on Dec 13, 2023 |
# ? Dec 13, 2023 22:13 |
|
Potato Salad posted:I think you're overthinking this? If you want to make a new user, you cast New-AzureADUser. It....does that. Thanks!
|
# ? Dec 14, 2023 04:32 |
|
Boywhiz88 posted:No idea, but when you see it like that, you can't help but think... there's gotta be a way. You're going to have to do some work in the Graph API if you want to do that. https://learn.microsoft.com/en-us/graph/api/calendar-post-events?view=graph-rest-1.0&tabs=http
|
# ? Dec 15, 2023 05:18 |
|
Does anyone happen to have an AWS sigv4 signing script to share, or can point out what's wrong here? I need to calculate some credential from some other credential, which involves hashing a bunch of concatenated strings and storing them in byte arrays (I think?). The python code example from documentation works perfectly. The powershell copypasta from the internet ends up with a different final value (is broken) , but it looks like it's accomplishing the same thing. Printing diagnostics mid calculation doesn't help because the HMAC function operates on byte arrays and they are displayed very differently. They're both using utf-8, so I don't think it has to do with string encoding. Python from https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html works perfectly Python code:
Powershell copypasta from https://gist.github.com/jacqueskang/96c444ee01e6a4b37300aa49e8097513 provides a credential, the code doesn't error out, but it doesn't work and is different from the python code:
Edit: Wait, using "foo" as my key and us-east-1 as my region results in both outputs being the same. OK I guess I'm going to rubber duck phone post in the edits BPtBXSjHoMVKYLkS05QmpTxdAWirYy2yB4VgpkK4IhqP Happiness Commando fucked around with this message at 16:00 on Feb 13, 2024 |
# ? Feb 13, 2024 15:31 |
|
sloshmonger posted:You're going to have to do some work in the Graph API if you want to do that. Thank you for this! I can't believe I'm just seeing this! Between the holidays and just feeling defeated I never followed up. I saw this because last night I was going to come in here with an inquiry... but then I had a moment of clarity and I figured it all out. I've upgraded my one script to now use CSVs to setup the path and permissions. I also have created one for some Entra/Identity/Azure AD functionality w/ some Exchange stuff. I'm so happy. We have an annual influx where these are going to come in so handy. I feel so accomplished!!!
|
# ? Apr 11, 2024 13:45 |
|
Rookie PowerShell question: If I'm running PS commands from the CLI, how would I selectively log certain executed commands to a CSV? Not the output, just the command/script executed and the time. In plain English, I think I need a My-Logger function so if I call: My-Logger Get-Process , it would append to my.csv the datetime and Get-Process. I'm new to PS and not sure how to approach this.
|
# ? Apr 15, 2024 17:25 |
|
Does Get-History not provide enough info? If you're wanting to get a log of commands run in a script, you can run Get-History | Export-CSV at the end of it and it should contain all of the info for commands run in that session.
|
# ? Apr 15, 2024 17:35 |
|
|
# ? May 15, 2024 03:43 |
|
Depending on what you're trying to accomplish, you could make a variable for your csv, then at the end do the get-history | export-csv $variable -append, which may meet your objective. There's also Start-transcript which may also do what you want. I haven't used it in many years, so I don't know exactly how it's changed. Maybe auditing could be set up to log specific commands, but I've never done that. I think you can flag specific things to be audited? I think it's in GPOs, maybe?
|
# ? Apr 15, 2024 17:46 |