PowerShell – Set VM permissions

Here is my PS way of granting user access to a VM in vSphere

$vmname = read-host "Enter Virtual Machine name"
$username = read-host "Enter User name (i.e. DOMAIN\username)"
$roles = Get-VIRole | select name | % {$counter = -1} {$counter++; $_ | Add-Member -Name Role_ID -Value $counter -MemberType NoteProperty -PassThru}
$roles | ft -auto
$myRole = read-host "select Role ID"
$role_selection = $roles[$myRole]
get-vm $vmname | New-VIPermission -Role (Get-VIRole -Name $role_selection.name) -Principal $username

PowerShell – Run script in new console window

Have you ever had to run powershell script in a new console window with your for example admin account?

param (
[Parameter(Mandatory=$true)]
[string]$command
)
runas /user:domain\user_name "powershell.exe -noExit -command $command"

I have that saved as “run-powershel_command.ps1

usage:
run-powershell_command.ps1 "get-aduser bob"

this will ask you for the password for the hardcodded username once that is provided it will open new window and execute the command.

Microsoft Exchange – Removing an Auto-Mapped Mailbox from Outlook

1. Use Get-MailboxPermission to verify the permission level

Get-MailboxPermission -Identity "Mailbox Name" -User username | fl

2. Next, use Remove-MailboxPermission to remove the mailbox permission for the user.

Remove-MailboxPermission -Identity "Mailbox Name" -User username -AccessRights FullAccess

3. Re-add the mailbox permission with the -AutoMapping switch

Add-MailboxPermission -Identity "Mailbox Name" -User username -AccessRights FullAccess -AutoMapping:$false

4. Allow some time for user to pickup that via Outlook Autodicovery

5. To view the list of auto-mapped users for a mailbox run:

Get-ADUser -Filter {Name -eq "Mailbox Name"} -Properties msExchDelegateListLink | Select -ExpandProperty msExchDelegateListLink

 

Source: here

WannaCry prevention notes

Few useful PowerShell commands:

Set-SmbServerConfiguration -EnableSMB1Protocol $false - disables smb1

Win7 and earlier: PS v2

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

or to do it via the registry:
To enable or disable SMBv1 on the SMB server, configure the following registry key:
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled

To check SMB version:

PS C:\> Get-SmbConnection

ServerName ShareName UserName Credential Dialect NumOpens
---------- --------- -------- ---------- ------- --------
smb media domain\administrator domain\Administrator 3.00 2

Microsoft source: here


Linux Samba
To disable samba 1 add the following line to the [global] section of the /etc/samba/smb.conf

min protocol = SMB2

then restart the samba service

Exchange – Removing an Auto-Mapped Mailbox from Outlook

The reason that the shared mailbox appears in Outlook, but does not appear in the Outlook account settings, is that auto-mapping is enabled by default when a user is granted access to a shared mailbox or to another user’s mailbox. When auto-mapping is enabled, Outlook receives extra information in the Autodiscover response that tells it to open the additional mailbox.

1. Use Get-MailboxPermission to verify the permission level

Get-MailboxPermission -Identity "Mailbox Name" -User username | fl

2. Next, use Remove-MailboxPermission to remove the mailbox permission for the user.

Remove-MailboxPermission -Identity "Mailbox Name" -User username -AccessRights FullAccess

3. Re-add the mailbox permission with the -AutoMapping switch

Add-MailboxPermission -Identity "Mailbox Name" -User username -AccessRights FullAccess -AutoMapping:$false

4. Allow some time for user to pickup that via Outlook Autodicovery

5. To view the list of auto-mapped users for a mailbox run:

Get-ADUser -Filter {Name -eq "Mailbox Name"} -Properties msExchDelegateListLink | Select -ExpandProperty msExchDelegateListLink