Finding users with "edit" and "delete" rights for Exchange Distribution Groups - shell

Is it possible to create a script that will find all the exchange distribution groups with a certain prefix (say "X_"), and find the users that can "edit" and "delete" this group?
I've managed to use the exchange console shell to return all the groups that start with "X_" with this script (look under this paragraph), and return who is listed as "managed by". But I still need to find the users that can "edit" and "delete" the group..
Get-DistributionGroup -Identity "X_*" |
Format-Table Name, ManagedBy -Auto |
Export-Csv -path "C:\Temp\Distribution Groups\New folder\Distribution Groups.csv" -Encoding ascii -NoTypeInformation

Related

Search membership queries in SCCM

More details on what we require:
We have a bunch of AD groups that may not be doing anything at all. What we would ideally like to do is somehow search SCCM for any usage of a particular AD group. Like if the group is used as part of a membership query anywhere.
For example I have tried the following in SCCM Powershell to look for any usage of the AD group sccm.minitablets :
Get-CMUserCollectionQueryMembershipRule | Where -Property RuleName -Like "%mini%"
I don't think the above command is of much use, as it has a required parameter that takes a specific collection name, whereas I need to search for any use of sccm.minitablets in any collection or any membership rule query across the board.
Is this even possible?
Was able to find a solution to this, for anyone else who might be interested:
Get-CMUserCollection | Get-CMUserCollectionQueryMembershipRule | Where -Property QueryExpression -Like "*mini*"
Get-CMDeviceCollection | Get-CMDeviceCollectionQueryMembershipRule | Where -Property QueryExpression -Like "*mini*"

Windows PowerShell Command To List Group Members - Fine-Tuning

I've crafted the command below which listed out the members of a group:
gwmi win32_group -filter 'Name="Administrators"'|%{$_.GetRelated('Win32_UserAccount')} | select Name
The command above works, however, it takes ages to complete, is there a way of fine-tuning the command above so it runs faster?
Please note, I am limited to PowerShell 2.0.
Edit:
Seems like the command above is also querying all DC accounts. How do I only query local users?
Tuning
The slow part in your pipeline is the call of .GetRelated(), because this will evaluate the associations of WMI class instances, which may be huge lists. So you have to be careful and filter as much as possible. You can do it like this:
(Get-WmiObject -Class Win32_Group -Filter "LocalAccount = TRUE and SID = 'S-1-5-32-544'").GetRelated("Win32_Account", "Win32_GroupUser", "", "", "PartComponent", "GroupComponent", $false, $null) | Select-Object -Property Name
Note, that I used the well-known SID of the Administrators group to look for it, because its name may differ in other languages. I also queried for Win32_Account instead of Win32_UserAccount to really return ALL members of the Administrators group which may include other groups and not only user accounts. You may change this according to your needs of course. You can read more about this tuning in this article.
Different approaches
Another approach would be to define everything in one WMI query:
Get-WmiObject -Query "ASSOCIATORS OF {Win32_Group.Domain='$env:COMPUTERNAME',Name='Administrators'} WHERE AssocClass=Win32_GroupUser ResultRole=PartComponent" | Select-Object -Property Name
Further more, you can use the net tool to query the members of the Administrators group:
net localgroup Administrators
Drawback: You have to parse the textual output.

AppActivate does not allow to search by word

I have an application on my Windows that the window name is something like this: a random number followed by space and after that comes the name of it RECFED. For example "3894 RECFED".
I would like to send a key to that window but I can do that with AppActivate cause I can't know the exactly title of the window. I am using something like this
$wshell = New-Object -ComObject WScript.Shell
$wshell.AppActivate("RECFED")
$wshell.SendKeys('a')
The code above works if I place the exact name of the window at AppActivate but I don't have the exact name in hand all the time.
Use Get-Process to identify a process by its window title, then use that process's PID for bringing the window to the foreground:
$id = Get-Process |
Where-Object { $_.MainWindowTitle -like '*RECFED*' } |
Select-Object -First 1 -Expand Id
$wshell.AppActivate($id)
With that said, be warned that SendKeys() is a terrible (flaky, unreliable) automation approach, that should only be used as an absolute last resort when everything else has failed.

Powershell Auditing effective windows share permissions and outputting to CSV

Powershell noob here. I'm trying to create a script that will take a list of users, a list of network shares, enumerate effective permissions for the user/share and output to CSV for audit purposes.
I've had success using GetPACEffectiveAccess from the PowerShellAccessControl Module on Technet gallery to do the enumeration, but am getting completely stuck on how to output this data to CSV how I want it.
The code I have is pretty simple:
$users=gc C:\scripts\users.txt
$shares=gc C:\scripts\shares.txt
foreach ($user in $users) {
foreach ($share in $shares) {
Get-PACEffectiveAccess -Path $share -Principal $user | select-object principal, accessmask, path | Export-Csv C:\scripts\EffectivePermissions\Audit.csv -append -NoTypeInformation}}
Since I have no idea how to do tables on StackOverflow (wow I am bad at this) I have attached a screenshot of the output I am getting from my simple script, and then the output I would like to get.
Any help would be much appreciated!
Thanks
After you gather the data, instead of outputting straight to the csv, you could add it to a two dimensional array, format it the way you'd like, and outfile it to a csv.

How to get a security hash algorithm for a certificate using Powershell

I need to get a list of all the certificates with a particular hash algorithm.
First I tried retrieving SignatureAlgorithm as follows:
Get-ChildItem -Recurse | select thumbprint, subject, SignatureAlgorithm
Which gave me System.Security.Cryptography.Oid as a value of SignatureAlgorithm column
I tried using FriendlyName
Get-ChildItem -Recurse | select thumbprint, subject, SignatureAlgorithm.FriendlyName
But the above returned blank as a value for SignatureAlgorithm
How can I retrieve the readable value of SignatureAlgorithm? And also how do I select all the SHA1 certificates using Powershell?
Select-Object are expecting names for the properties to show (since you didn't specify a parameter, you're using the 1st pos. which is -Property). There are no properties called SignatureAlgorithm.FriendlyName.
If you use a calculated property, you can design your own property where the value is the property FriendlyName inside the object's SignatureAlgorithm-property. Ex:
Get-ChildItem -Recurse | select thumbprint, subject, #{n="SignatureAlgorithm";e={$_.SignatureAlgorithm.FriendlyName}}
(n is short for name (could also use l or label) and e is short for expression)

Resources