• List GPOs applied with summary data: gpresult /r
• Just user settings: gpresult /r /scope:user
• Just computer settings: gpresult /r /scope:computer
• Export result to text file: gpresult /r > gpresult.txt
• Export result to the clipboard: gpresult /r |clip
• Specified non-admin user: gpresult /r /user:yourdomain\userfirst.userlast
• Generate HTML report: gpresult /h report.html /user:yourdomain\userfirst.userlast /f
• Remote computer: gpresult /s server1 /r

Occasionally there may be a need to force logoff a user from a remote workstation. Here’s how to do that:

• Open a remote shell with PSexec
• Find out who is logged into the system: query session
• Logoff the user on session #2: logoff 2

This can be useful in larger office networks as it saves you a trip to the computer in question if you’re on a different floor, and this works for both workgroup and domain environments.

If your company’s drive mapping GPOs are not functioning correctly, manual drive mapping may be a last resort, which often ends up in high inconsistency between what shares each user is using. One way you can start gaining control of the situation is to do a mass query to find out what drives each user has. While is would be quite nice to use PSExec and query each machine as its local system account, this will query mapped drives of the local system user, not the user you want. Thus, it must be done under the HKEY_CURRENT_USER security context, and the following script is one easy way to accomplish this.

## Title:           discovery.ps1
## Description:     Query for local mapped drives, logon server, and GPOs applied, and report to a uniquely named file using format MACHINE.DOMAIN.USER.txt. Also clears a problematic entry from the Credential Manager. Designed to be used as a logon script.
## Author:          Steven J. Borrelli
## Email:           sborrelli@rdata.us
## Serial:          2018082900
## Version:         1.03

## Example usage:
## Place script in the NETLOGON folder of the domain controller and include the following command in your logon batch file.
## PowerShell.exe -noprofile -executionpolicy bypass -file %logonserver%\netlogon\discovery.ps1

# Location of export file
$folderpath = "\\fileserver\discovery\"

# File name structure
#$filename = [string]::Join(".",$env:COMPUTERNAME,$env:userdomain,$env:username,"txt") # use with Powershell 5.0
$filename = -join ($env:COMPUTERNAME,".",$env:userdomain,".",$env:username,".txt") # use with Powershell 2.0

# Full file path
$filepath = join-path -path $folderpath -childpath $filename

# See if file exists first
$checkfile = Test-Path $filepath

# If file doesn't already exist, get mapped drives and write to specified file
#if ($checkfile) {Write-Host "$filename exists!"} else {Get-WmiObject -Query "SELECT Caption, ProviderName FROM Win32_MappedLogicalDisk" | Select-Object @{ Name = 'DriveLetter'; Expression = { $_.Caption } }, @{ Name = 'NetworkPath'; Expression = { $_.ProviderName } } | Out-File $filepath}
Get-WmiObject -Query "SELECT Caption, ProviderName FROM Win32_MappedLogicalDisk" | Select-Object @{ Name = 'DriveLetter'; Expression = { $_.Caption } }, @{ Name = 'NetworkPath'; Expression = { $_.ProviderName } } | Out-File $filepath

# Identify the logon server and append to the file
echo "Logon Server: "$Env:LOGONSERVER | Out-File $filepath -Append

# Do a silent gpupdate of computer and user policies
echo n | gpupdate /force /wait:0 /target:computer
echo n | gpupdate /force /wait:0 /target:user

# List the GPOs and groups applied, and append it to the file
gpresult /r | Out-File $filepath -Append

# Clear problematic credentials if exist, but list it first
cmdkey /list | findstr server2 | Out-File $filepath -Append
cmdkey /list | ForEach-Object{if($_ -like "*Target:*" -and $_ -like "*server2*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}


			

This script is designed to search for a given username’s logon session within the entire pool of domain computers. This is very handy if you need to find out where a user is logged in at.

# ********************************************************************************
#
# Script Name: QueryUsersForLastLogon.ps1
# Version: 1.0
# Author: CRA
# Date: 13.01.15
# Location: 
# Applies to: Computers
#
# Description: This script searches for a specific, logged on user on all or 
# specific Computers by checking the process "explorer.exe" and its owner.
#
# ********************************************************************************

#Set variables
$progress = 0

#Get Admin Credentials
Function Get-Login {
Clear-Host
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential
}
Get-Login

#Get Username to search for
Function Get-Username {
	Clear-Host
	$Global:Username = Read-Host "Enter username you want to search for"
	if ($Username -eq $null){
		Write-Host "Username cannot be blank, please re-enter username!"
		Get-Username
	}
	$UserCheck = Get-ADUser $Username
	if ($UserCheck -eq $null){
		Write-Host "Invalid username, please verify this is the logon id for the account!"
		Get-Username
	}
}
Get-Username

#Get Computername Prefix for large environments
Function Get-Prefix {
	Clear-Host
	$Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"
	Clear-Host
}
Get-Prefix

#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"

#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
	$Computer = $comp.Name
	$Reply = $null
  	$Reply = test-connection $Computer -count 1 -quiet
  	if($Reply -eq 'True'){
		if($Computer -eq $env:COMPUTERNAME){
			#Get explorer.exe processes without credentials parameter if the query is executed on the localhost
			$proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
		}
		else{
			#Get explorer.exe processes with credentials for remote hosts
			$proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
		}			
			#If $proc is empty return msg else search collection of processes for username
		if([string]::IsNullOrEmpty($proc)){
			write-host "Failed to check $Computer!"
		}
		else{	
			$progress++			
			ForEach ($p in $proc) {				
				$temp = ($p.GetOwner()).User
				Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
				if ($temp -eq $Username){
				write-host "$Username is logged on $Computer"
				}
			}
		}	
	}
}
write-host "Search done!"

Let’s say you want to sit at your desk and run commands on someone else’s machine. If you’re on a domain, you can do this quite easily with the third-party utility PSExec.

psexec -s \\server. cmd
That’s correct. There should be a dot at the end of the hostname. This is so it will be interactive with your local machine. If the dot is not present, it will just open a CMD window on the remote machine.

## Title:			setlogonhours.ps1
## Description:		Deploy logon time restrictions individually based on group membership.
## Author:			Steven J. Borrelli
## Email:			sborrelli@rdata.us
## Date:			20180629
## Version:			1.01

# First things first
  Import-Module ActiveDirectory
if (-not (Get-Module ActiveDirectory)){
}

# Specify the AD Security Groups to use
$group1 = "LogonHrs1"
$group2 = "LogonHrs2"
$group3 = "LogonHrs3"
$groups = $group1,$group2,$group3

## Group 1 logon hours // 7:00 a.m. – 7:00 p.m. Monday – Friday, and 7:00 a.m. to 6:00 p.m. Saturday
[byte[]]$hours1 = @(0,0,0,0,224,255,1,224,255,1,224,255,1,224,255,1,224,255,1,224,255)

## Group 2 logon hours // 6:00 a.m. – 9:00 p.m. Monday – Sunday
[byte[]]$hours2 = @(7,240,255,7,240,255,7,240,255,7,240,255,7,240,255,7,240,255,7,240,255)

## Group 3 logon hours // 24 hours a day, 7 days per week
[byte[]]$hours3 = @(255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255)

<#
Each day of the week has 3 blocks. Each block is 8 hours.
Segment 1: 6pm-2am; Segment 2: 2am-10am; Segment 3: 10am-6pm
Note: I am in CST. These segements may be mapped to different timeframes if you are in a different time zone.
Each 1 hour block in the GUI represents 1 bit in a binary octet, but reversed order. Thus, a decimal value of 7 (binary value of 00000111) would equate to the first three hours of a segment. If the 7 were in segment 3 it would equate to 10am-1pm.

Example:

[byte[]]$hours = @(
	255,255,255, #Sun, 6pm previous day to 6pm present day
	255,255,255, #Mon
	255,255,255, #Tue
	255,255,255, #Wed
	255,255,255, #Thu
	255,255,255, #Fri
	255,255,255  #Sat
)
#>

# Iterate through group array
ForEach ($group in $groups) {

	# Retrieve a list of members for the current group
	#$membernames = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty Name
	$members = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty samAccountName
	
	# Iterate through each member of the current group
	ForEach ($member in $members) {
		
		switch ($group) {
			$group1 {
				Get-ADUser -Identity $member |
				Set-ADUser -Replace @{logonhours = $hours1}
				Write-Host "Setting GROUP 1 logon times for $member, a member of group $group."
			}
			$group2 {
				Get-ADUser -Identity $member |
				Set-ADUser -Replace @{logonhours = $hours2}
				Write-Host "Setting GROUP 2 logon times for $member, a member of group $group."
			}
			$group3 {
				Get-ADUser -Identity $member |
				Set-ADUser -Replace @{logonhours = $hours3}
				Write-Host "Setting GROUP 3 logon times for $member, a member of group $group."
			}
		}
	}
}

Import-module activedirectory

get-aduser -filter * | Export-Csv c:\myusers.csv

There may come a time when you need to re-license an O365 desktop installation, e.g. if it was licensed to a user who is no longer at the company and needs to be updated. You can uninstall and then reinstall under the correct user (by downloading from that user’s Office portal, or you can actually change how the installed software is licensed by doing the following.

• Remove the Identities folder from the Registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Identities and delete the “Identities” folder
• Run as Administrator: cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /dstatus
• Run as Administrator: cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /unpkey:XXXXX

Additionally, do this to remove the “Belongs to: jimbob@domain.com” (example) from the Account properties in the Office programs.

• Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration and remove the contents of the O365ProPlusRetail.EmailAddress string.

The following PowerShell code will ping all IPs in a given range:

• 1..255 | foreach { ping 10.4.19.$_ -n 1 -w 100 }

Launch the Windows Settings app

• 03/20/2018
• 5 minutes to read

Important APIs

• LaunchUriAsync
• PreferredApplicationPackageFamilyName
• DesiredRemainingView

Learn how to launch the Windows Settings app. This topic describes the ms-settings: URI scheme. Use this URI scheme to launch the Windows Settings app to specific settings pages.

Launching to the Settings app is an important part of writing a privacy-aware app. If your app can’t access a sensitive resource, we recommend providing the user a convenient link to the privacy settings for that resource. For more info, see Guidelines for privacy-aware apps.

How to launch the Settings app

To launch the Settings app, use the ms-settings: URI scheme as shown in the following examples.

In this example, a Hyperlink XAML control is used to launch the privacy settings page for the microphone using the ms-settings:privacy-microphoneURI.

<!--Set Visibility to Visible when access to the microphone is denied -->
<TextBlock x:Name="LocationDisabledMessage" FontStyle="Italic"
                 Visibility="Collapsed" Margin="0,15,0,0" TextWrapping="Wrap" >
          <Run Text="This app is not able to access the microphone. Go to " />
              <Hyperlink NavigateUri="ms-settings:privacy-microphone">
                  <Run Text="Settings" />
              </Hyperlink>
          <Run Text=" to check the microphone privacy settings."/>
</TextBlock>

Alternatively, your app can call the LaunchUriAsync method to launch the Settings app. This example shows how to launch to the privacy settings page for the camera using the ms-settings:privacy-webcam URI.

bool result = await Windows.System.Launcher.LaunchUriAsync(new Uri("ms-settings:privacy-webcam"));

The code above launches the privacy settings page for the camera:

For more info about launching URIs, see Launch the default app for a URI.

ms-settings: URI scheme reference

Use the following URIs to open various pages of the Settings app.

Note that whether a settings page is available varies by Windows SKU. Not all settings page available on Windows 10 for desktop are available on Windows 10 Mobile, and vice-versa. The notes column also captures additional requirements that must be met for a page to be available.

Accounts

Apps

Cortana

Devices

Ease of Access

Extras

Gaming

Home page

Network, wireless & internet

Personalization

Privacy

Surface Hub

System

Time and language

Update & security

Developers

User Accounts