PowerShell Repositories

Over the years, I had the opportunity to lead engagements on many types of scenarios. Quite a few of those scenarios required automation of some kind to make complex tasks doable. From those scenarios I learned that I really enjoyed solving complex problems or creating automation with code. PowerShell was my language of choice for most of these scenarios due to the extensibility the language allows and the ease of use, and to make the code accessible I would post it online at the TechNet Script Gallery.

The TechNet Script Gallery hosted an amazing collection of intellectual property in the form of scripts from all languages. It was a truly community-driven repository and a unique one in that it was centered specifically to the Microsoft product areas. Unfortunately, the TechNet gallery was retired in 2020 and nearly all the intellectual property was lost.

Which explains why I have had so many people reaching out to me to get copies of PowerShell code! Thankfully, I make it a point to save copies of content I write in case people ask, or I need to adapt it for some future situation.

I recently moved much of the code I originally posted on the TechNet Script Center to GitHub. I’ll be posting more over time, but for now here are 14 repositories which I hope will help you as much as they have helped others.

The scripts below are divided into four categories:

• Environment discovery: Code which enumerates environmental configuration, looks for performance conditions, or retrieves data.
• Security checks: Code which reports on for security specific conditions or configurations.
• Data queries, auditing, and analysis: Code which enables logging or auditing, retrieves data, or distills information.
• Tools: Code to retrieve data.

Environment discovery

SensibleTim/GetTrustTopology: What Active Directory trusts are present in an environment and how they are configured is one of those things which isn’t important until everything depends on it. This script will query Active Directory for all configured trusts details and put those details into a text file. (github.com)

SensibleTim/GetADObjectData: A PowerShell script which willl do Active Directory searches for a specified objects attribute values and AD replication metadata without needing PowerShell modules or other dependencies. (github.com)

SensibleTim/CheckMaxConcurrentApi: This PowerShell script checks local servers (member and DCs) for NTLM performance bottlenecks (aka MaxConcurrentAPI issues) and provides a report. (github.com)

Security checks

SensibleTim/CheckCertChaining: A PowerShell scripted solution for doing validity checks (aka chaining) of certificates on Windows hosts. (github.com)

SensibleTim/GoldenTicketCheck: This script queries the local computer’s Kerberos ticket caches for TGTs and service tickets which have do not match the default domain duration for renewal. This script is not certain to point out golden tickets if present, it simply points out tickets to be examined. Details of the ticket are presented at the PS prompt. (github.com)

SensibleTim/DetectCiphersConfig: This PowerShell script checks the local Windows computers registry to see what is configured for cipher and Schannel (TLS)use. (github.com)

SensibleTim/SHA1SigCertCheck: Microsoft and others have deprecated the use of certificates which have SHA1 signatures (http://aka.ms/sha1). This PowerShell script makes it easy determine if a certificate was signed with SHA1 and whether the deprecation applies. (github.com)

Data queries, auditing and analysis

SensibleTim/AADAuditReport: This script will search an Azure AD tenant which has Azure AD Premium licensing and AAD Auditing enabled using GraphApi for audit results for a specified period till current time. At least one user must be assigned an AAD Premium license for this to work. Results are placed into a CSV file for review. (github.com)

SensibleTim/ADFSReproAuditing: This PowerShell script can be used to easily and in an automated way turn on ADFS tracing and collect only the data which was taken during the problem reproduction-therefore saving hours of time for the engineer in review of the data. (github.com)

SensibleTim/ADFSSecAuditParse: This script will parse an ADFS Security event log file (EVTX) and search for audit events related to a specific user or other criteria. The script will work for the each ADFS login instance for a given criteria during a stated time frame. (github.com)

SensibleTim/SetCertStoreAudit: There are scenarios where it’s helpful to turn on file object auditing of the certificate store on a computer for a user. This script can be used to set the file objects for certificates for auditing which is an otherwise difficult thing to enable due to the complexity of the permissions on certificates. (github.com)

Tools

SensibleTim/StartScriptAsProcess: This PowerShell script can be used to run another PowerShell script using a specific identity in Windows. (github.com)

SensibleTim/FindSPNs-inForest: This script accepts a parameter of a Kerberos ServicePrincipalName string and searches the local forest for that string using the DirectorySearcher .Net namespace. (github.com)

SensibleTim/GetUserGroups: This script finds all groups a specific principal is a member of. It includes all groups scopes and SIDHistory memberships as well. (github.com)