Code Monkey home page Code Monkey logo

wanderingstag / wstools Goto Github PK

View Code? Open in Web Editor NEW
2.0 1.0 0.0 1.15 MB

WSTools PowerShell module allows for performing lots of different administrative tasks across Domain Management (Active Directory Domains), Insider Threat actions, PowerShell automation, remediation, and several other areas. It has been written primarily with secure networks in mind where newer remote capabilities are not always available.

Home Page: https://wanderingstag.github.io

License: MIT License

PowerShell 100.00%
activedirectory open-source powershell powershell-module remediation security-tools windows

wstools's Introduction

WSTools

WSTools Logo

Issues

Please Open an issue if there are any problems or requests.

Introduction

Are we Windows System Tools? Windows Security Tools? Windows Server Tools? Yes and no. WSTools are all those things and more. Whatever you decide you want to call WSTools is up to you! However, officially, we are Wandering Stag Tools (WSTools). WSTools was written for System Administrators, Help Desk Technicians, and other Network Operations personnel to automate tasks and provide valuable tools. As of May 2023 there are over 330 functions in this module. Some functionality includes:

  • Active Directory functions, reports, and shortcuts allowing for easier domain management and awareness
  • Computer/Server Management
    • Install/uninstall software
    • Remediation tasks such as disabling vulnerable SCHANNEL settings
    • Set network and system settings
    • Reports
  • PowerShell snippets in PowerShell ISE and VS Code for easier coding
  • Conversions such as image files to base64, int64 to/from IP, uint16 to string

Download, Install, and Configuration

Prerequisites

  1. PowerShell: version 2 for most functions but some individual functions require version 3 or version 5. Some plans have been made to add some functions that require version 7. Check your version of PowerShell by entering the following command: $host Then look at the Version attribute.
  2. Active Directory PowerShell module: Not needed for everything but is necessary for 30+ functions.
  3. NetIQ DRA PowerShell REST Extensions: Not needed for many functions at the moment but there are plans to add more.
  4. Local Admin Password Solution (LAPS): Actual module name: AdmPwd.PS. There are a handful of functions that require the full install of LAPS to get the module and not just the basic install. However, if you are not using LAPS on your network then there are no worries.
  5. Microsoft.Exchange.Management.PowerShell.Admin PSSnapin: Required for the very few Exchange server related functions.

Download

Intended only for Windows computers at this time. Some functions may work on other OS's though.

From GitHub

  1. Click on the Green Code button with the down arrow.
  2. Select Download ZIP.
  3. Change the name of the file from WSTools-master.zip to WSTools.zip.

Install

  1. Uncompress the WSTools.zip file.
  2. Make available globally or just for single user.

Global

Copy the WSTools folder to C:\Program Files\WindowsPowerShell\Modules

Requires admin rights.

User only

Copy the WSTools folder to C:\Users\<USERNAME>\Documents\WindowsPowerShell\Modules

If the folder already exists or you get a message saying "The destination has # files with the same names." you can either delete the folder that already exists (prefered) or you can Replace the files in the destination

Initial changes to make after copying to computer

General Configuration

  1. Open PowerShell (after WSTools has been added to one of the locations above)
  2. Type Set-WSToolsConfig and then press Enter. In the file that opens you will need to update the values so they work on your network.

    Recommend copying this file (config.ps1) to another location after you modify it so if you download a newer version of WSTools you can just paste the config file back unless there are changes in the config file.

Remote installation of .msu files and a select few other things:

  1. Open WSTools Module Path then edit InstallRemote.ps1

    Typically C:\Program Files\WindowsPowerShell\Modules\WSTools or C:\Users\<USERNAME>\Documents\WindowsPowerShell\Modules\WSTools

  2. On Line 1 of InstallRemote.ps1 change the value of $PatchFolderPath to the directory on remote computers you store windows updates. This is predefined as "C:\Patches".

Visual Studio Code setup

For adding the Visual Studio Code PowerShell Snippets do the following:

  1. Open PowerShell (after WSTools has been added to one of the locations above)
  2. Type the following command: Set-PowerShellJSON

or

  1. Open the WSTools folder

    Typically C:\Program Files\WindowsPowerShell\Modules\WSTools or C:\Users\<USERNAME>\Documents\WindowsPowerShell\Modules\WSTools).

  2. Cut and paste powershell.json to %AppData%\Roaming\Code\User\Snippets directory.

or

  1. Open powershell.json (located in the WSTools module folder) and copy the text then in VSCode Command Palette (Ctrl + Shift + P)
  2. Type Snippet and select Preferences: Configure User Snippets.
  3. Type PowerShell then press Enter.
  4. Select powershell.json.
  5. Paste the copied text between the { } brackets and save the file.

wstools's People

Contributors

skyler-hart avatar

Stargazers

avatar avatar

Watchers

avatar

wstools's Issues

Get-PowerShellVariable throws errors on subsequent runs

If running Get-PowerShellVariable a second time during a session it throws a bunch of errors about adding a member:
PS C:\Users\skyler> Get-PowerShellVariable
Add-Member : Cannot add a member with the name "VariableType" because a member with that name already exists. To
overwrite the member anyway, add the Force parameter to your command.
At C:\Program Files\WindowsPowerShell\Modules\WSTools\WS_PowerShell\WS_PowerShell.psm1:889 char:34

  • ... -Variable | Add-Member -MemberType NoteProperty -Name "VariableType" ...
  •             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (System.Management.Automation.PSVariable:PSObject) [Add-Member], Inval
      idOperationException
    • FullyQualifiedErrorId : MemberAlreadyExists,Microsoft.PowerShell.Commands.AddMemberCommand

Will still provide data but all the errors throw people off.

Add Logout switch to Get-LoggedOnUser

Function Get-LoggedOnUsers {
param(
[Parameter()] [String]$User = $null,
[Parameter()] [Array]$ComputerName = $null,
[Parameter()] [Switch]$Logout,
[Parameter()] [Switch]$Force
)
if (($null -eq $username) -and ($logout)) {
Write-Host "The logout function cannot be used without specifying a username"
break
}
if (!($computerName)) {
$userlist = query user | ForEach-Object -Process { $_ -replace '>','' } | ForEach-Object -Process { $_ -replace '\s{2,}',',' } | ConvertFrom-Csv
$userlist | Add-Member -MemberType NoteProperty -Name ComputerName -Value $env:computername
} else {
$userlist = Invoke-Command -ComputerName $computername -ScriptBlock {
$users = query user | ForEach-Object -Process { $_ -replace '>','' } | ForEach-Object -Process { $_ -replace '\s{2,}',',' } | ConvertFrom-Csv
$users | Add-Member -MemberType NoteProperty -Name ComputerName -Value $env:computername
$users
}
}
if ($user) {
if (!($logout)) {
$userlist | where Username -match $user | Format-Table
} else {
Write-Host "The user $user will be logged out of the following servers:"
($userlist | where Username -match $user).ComputerName
if ($force) {
ForEach ($logon in ($userlist | where Username -match $user)) {
logoff $($logon.id) /server:$($logon.computername)
}
} else {
$confirmation = Read-Host "Is this okay? [y/n]"
while($confirmation -ne "y") {
if ($confirmation -eq 'n') {break}
$confirmation = Read-Host "Ready? [y/n]"
ForEach ($logon in ($userlist | where Username -match $user)) {
logoff $($logon.id) /server:$($logon.computername)
}
}
}
}
} else {
$userlist | Format-Table
}
}

SCHANNEL settings won't set to Enabled

There is a Microsoft bug that prevents setting some SCHANNEL values to 0xFFFFFFFF (enabled). The known items that are used at this time are SHA and PKCS. This causes some functions to throw errors and those values have to be manually set through the user interface or importing a registry file. Bug has existed since at least 2006.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.