Category: windows

@echo off @echo Start: %date% %time% echo This is a scan using Malicious Software Removal Tool echo see %windir%\debug\mrt.log for details of the scan REM use Start /wait Mrt.exe /Q /F for an extended scan -- this takes quite long on bigger systems Start /wait Mrt.exe /Q If errorlevel 0 goto error0 If errorlevel 1...

See https://docs.microsoft.com/en-us/exchange/troubleshoot/user-and-shared-mailboxes/sent-mail-is-not-saved Connect to Exchange-Online (Office 365) and set mailbox-features for single mailbox with option to update all mailboxes

REM we want to know our external IP nslookup -type=txt whoami.Cloudflare.com ns3.Cloudflare.com exit dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short curl -k http://ipinfo.io/json

echo offsetlocal ENABLEDELAYEDEXPANSIONif exist "C:\Program Files\ESET\ESET Security\ekrn.exe" (GOTO IS_INSTALLED) else (GOTO INSTALL)GOTO INSTALL :IS_INSTALLEDecho is installedeventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 208 /D "%~0 -- eset is already installed"GOTO DONE :INSTALLecho installing softwareeventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 404 /D "%~0 -- eset is not installed -- installing now…" if not...

(Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\TeamViewer").ClientID

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)?redirectedfrom=MSDN

PROTECT UNPROTECT

echo off setlocal ENABLEDELAYEDEXPANSION if exist "C:\Program Files\Google\Chrome\Application\chrome.exe" (GOTO IS_INSTALLED) else (GOTO INSTALL_UPGRADE) GOTO INSTALL_UPGRADE :IS_INSTALLED echo is installed eventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 208 /D "%~0 -- Google Chrome is already installed - Upgrading" GOTO INSTALL_UPGRADE :INSTALL_UPGRADE echo installing software eventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 404 /D "%~0...

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

You need to adapt the DC (Domain-Controller) IP-address create the hidden share on the DC (%dc%\bitlocker_keys$) create a GPO with the needed defaults and name it Bitlocker_01_defaults

@echo off@echo Start: %date% %time%echo %computername%manage-bde -status %systemdrive% -pIf errorlevel 0 goto error0If errorlevel -1 goto error-1Goto end:error0echo %systemdrive% is encryptedGoto end:error-1echo %systemdrive% is not encryptedGoto end:end@echo End: %date% %time%exit

Creates a registry entry to allow access to admin share

net user /add adminusernet localgroup Administrators adminuser /add

if not exist c:\temp (mkdir c:\temp) if not exist c:\temp\OpenVPN-2.5.6-I601-amd64.msi ( curl -C - -o c:\temp\OpenVPN-2.5.6-I601-amd64.msi https://swupdate.openvpn.org/community/releases/OpenVPN-2.5.6-I601-amd64.msi) REM if exist "%programfiles%\OpenVPN\Uninstall.exe" (start /wait "%programfiles%\OpenVPN\Uninstall.exe") REM {E5931AF4-2A8F-48A5-AFC8-CE9B79C4B19D} OpenVPN 2.5.1-I601 amd64 msiexec.exe /x {E5931AF4-2A8F-48A5-AFC8-CE9B79C4B19D} /qn REM {E5931AF4-2A8F-48A5-AFC8-0E8A268358A0} OpenVPN 2.5.2-I601 amd64 msiexec.exe /x {E5931AF4-2A8F-48A5-AFC8-0E8A268358A0} /qn REM {919FC393-C79F-4043-ABD6-E80F81D3DD58} OpenVPN Connect start /wait msiexec.exe /x {919FC393-C79F-4043-ABD6-E80F81D3DD58} /qn REM {8B4BC420-3DCB-4018-A345-B24F7DBC30C3} OpenVPN...

$domain = "example.local"$password = "secret" | ConvertTo-SecureString -asPlainText -Force$username = "$domain\ad-add"$credential = New-Object System.Management.Automation.PSCredential($username,$password)Add-Computer -DomainName $domain -OUPath "OU=New_Computers,OU=Computers,DC=example,DC=local" -Credential $credential -Restart

Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online

Import-Module ADSyncStart-ADSyncSyncCycle -PolicyType Initial

Get-ADUser -Identity "SOURCE" -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members "NEW_USER"

New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319' -Force | Out-NullNew-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-NullNew-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-NullNew-Item 'HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319' -Force | Out-NullNew-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-NullNew-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-NullNew-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'...

https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys KMS_2019 KMS_2016

netsh wlan export profile name=”WLANNAME” folder=C:\TEMP\ key=clearnetsh wlan add profile filename=”\\server\CONFIG$\WLANNAME.xml” user=all >> C:\TEMP\WiFi.txtnetsh wlan connect ssid=WLANNAME name=WLANNAME

Get-CimInstance -Class Win32_UserProfile | Where-Object {​​​​​​​​ $_.LocalPath.split('\')[-1] -eq 'UserXYZ' }​​​​​​​​ | Remove-CimInstance

PowerShell script to enable TLS 1.2 TLS 1.2 enforcement for Azure AD Connect see https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/reference-connect-tls-enforcement

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /f /v DOAbsoluteMaxCacheSize /t REG_DWORD /d 16REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /f /v DOAllowVPNPeerCaching /t REG_DWORD /d 0REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /f /v DODelayBackgroundDownloadFromHttp /t REG_DWORD /d 1REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /f /v DODelayCacheServerFallbackBackground /t REG_DWORD /d 1REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /f /v DODelayCacheServerFallbackForeground /t REG_DWORD /d 1REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /f /v DODownloadMode /t REG_DWORD /d 1REG...

# Check if running as Administrator if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Write-Host "This script requires administrative privileges." exit } # Define the path to MpCmdRun.exe $mpCmdRun = Join-Path $env:ProgramFiles "Windows Defender\MpCmdRun.exe" # Validate MAPS Connection & $mpCmdRun -ValidateMapsConnection # List All Dynamic Signatures & $mpCmdRun -ListAllDynamicSignatures # Remove Dynamic Signatures & $mpCmdRun -removedefinitions -dynamicsignatures #...