Hey all! a bit shorter one today as I am swamped at the office. Last week one of my friends was working on deploying DHCP options to automatically adopt devices inside networks managed by a Windows DHCP server. The process is pretty straight forward – Add a vendor class, add the option, and set it…
Category
Series: PowerShell Monitoring
Monitoring with PowerShell: Monitoring MFA Usage
So I’ve blogged about this before too, but times change and monitoring MFA usage is becoming a little more difficult . Microsoft allows per-user MFA, Security Defaults, and Conditional Access all to be used concurrently. I’ve created this monitoring script that returns which users seem to fall out of any Multi-factor authentication scope, and also…
Monitoring with PowerShell: External port scanning part 2
So recurring readers will be reading this title and go “Wait a minute, he already blogged about this” and you’d be right. With the recent Github Sponsorship taking off, I’ve decided to release some more public tools so life can be made easier for other MSPs. In the previous blog I’ve told you to create…
Monitoring with PowerShell: Conditional Disk Space monitoring
A couple of weeks ago I was talking to someone in one of the many MSP discords, and he was struggling with disk space monitoring. His RMM system is designed in such a way that whenever he added a disk space monitor to a machine it adds an entirely new component to the monitoring list….
Monitoring with PowerShell: Greynoise community IP reputation
Today Greynoise released a community edition of their API, I saw this flying by on Twitter and immediately decided to blog about it. I love it when vendors make major data points available for everyone, especially when the data could be super useful in security investigations. I’ve decided to make a blog on how you…
Automating with PowerShell: Warranty lookups
A while back I’ve made a PowerShell module called PsWarranty that allows you to look up the warranty for all major vendors. I’ve integrated this module with many different RMM systems, documentation platforms, and PSAs. Lately, I’ve been getting some more questions about this module in regards to automatically updating the warranty information. Most people…
Automating with PowerShell: Deploying spoofing warnings
In one of the communities I’m active in someone recently asked if Microsoft has a default method of protecting against stuff like BEC fraud via email spoofing, we’ve all seen stuff like nearly matching domain names, display names that are copied, or just the plain “I am the CEO, plz transfer 1 million dollars now”….
Automating with PowerShell: Connecting to Microsoft Teams with the Secure Application Model
Since the creation of the Secure Application Model more and more modules are supporting it, which is great to see, although at times the documentation is slightly lacking. One of those applications is the MicrosoftTeams module. It’s great to be able to connect to specific teams from your own partner tenant to perform automated tasks…
Automating with PowerShell: Secure App Model Refresh tokens
So this is a quick one because I’ve had a talk today and noticed I never gave a fully automated way to get refresh tokens, endlessly. 🙂 When using the Secure Application Model, you only really need to go through the procedures once, after that you can get a new refresh token infinitely, without interaction….
Monitoring with PowerShell: Monitoring Windows Server Backup
This past week I’ve been suffering from a terrible cold, so I haven’t been blogging very actively because my brain is running at 5% of it’s normal capacity. This blog has been requested a couple of times by readers. I whipped this up real quick…:) Some MSPs are using Windows Server Backup as a ‘last…
Monitoring with PowerShell: Monitoring Bitdefender status
We’re considering moving RMM systems, and that means reevaluating parts of our stack. One of the pain points in our current stack is the monitoring of anti-virus, we often felt like there is not enough transparency and data returned via our RMM system. Either the system does not return the current state of alerts or…
Monitoring with PowerShell: Monitoring listening applications
In one of the online communities I follow someone encountered an issue with application listeners and ports being in use. The use case is that users have a Autocad type application installed that launches a server on a specific port; the users also run a remote control application that at times steals the port. We’ve…
Monitoring with PowerShell: Monitoring Storage Spaces and Windows RAID
So this blog was requested a lot lately – I’m not a big fan of using Windows RAID anywhere but Storage Spaces is becoming more relevant each day, with S2D and larger deployments. Storage Spaces is Microsoft’s successor to the classical Windows Software RAID options. I’ve made some scripts for both options, but I sure…
Monitoring with PowerShell: Monitoring BSODs without event viewer
I’ve written about monitoring BSODs some years ago. Back then I simply used a event log lookup as an example how to monitor BSODs. I never really liked that method because it did not give me all the verbosity I would’ve liked. Moments after I published that blog I’ve actually made a better monitoring set…
Monitoring with PowerShell: Monitoring Powershell Protect
So let’s start with the great news first; PowerShell protect is now open-source and free to use! PowerShell Protect is a AMSI Provider for PowerShell, now technically this sounds rather complex but it pretty much means that PowerShell Protect is able to secure the PowerShell host in the same way your antivirus does. The great…