Best posts made by Grey

Grey

Try this out. It pops up with a command prompt to ask you a few questions to get started. Once the questions are answered, it takes care of most everything else. When it is done, it should spit out a piece of paper for you to give to the new employee with the information that they need.

I sterilized it so that you could use it in your company.

#Imports the AD & NTFS Modules (Module 1.02)
Import-Module activedirectory
Import-Module MSOnline

#Sets Variables (Module 1.03)
$fn #First Name
$ln #Last Name
$title
$dep #Department
$loc #Location
$man #Manager
$un #Username
$officePhone
$streetAdd
$city
$ZIP
$fi #First Name Initial, will be used to figure out Username

#Getting information (Module 1.04)
Write-Host "I need some information from you first. Answer the following questions to get started."
$fn = read-host "First Name?"
$ln = Read-Host "Last Name?"
$title = Read-Host "Title?"
$dep = Read-Host "Department?"
$man = Read-Host "Manager (Username)?"
$loc = Read-Host "<location>?"

#Finding out the Username (Module 1.05)
$fi = $fn.Substring(0,1)
$un = -join ($ln, $fi)

#Sets Location information (Module 1.06)
if ($loc -eq "Loc1") { #If the user is in Loc1 (Module 1.07)
    $officePhone = "(999) 999-9999";
    $streetAdd = "123 Anywhere Drive";
    $city = "YourTown";
    $ZIP = "12345";
}
Else { #If the user is in Loc2 (Module 1.08)
    $officePhone = "(987) 654-3210";
    $streetAdd = "987 Nothere Blvd";
    $city = "Somewhere Else";
    $ZIP = "98765";
}

#Sets Password (Module 1.09)
$passwd = (Read-Host -AsSecureString "Account Password")
$password = ConvertFrom-SecureString -SecureString $passwd

$userParams = @{ #(Module 1.10)
	'Name' = $un;
	'Enabled' = $true;
	'AccountPassword' = $passwd; 
	'UserPrincipalName' = -join ($un, "@mycompany.com");
	'SamAccountName' = $un;
	'ChangePasswordAtLogon' = $false;
	'GivenName' = $fn;
	'Surname' = $ln;
	'DisplayName' = -join ($fn, " ", $ln);
	'Description' = $title;
	'OfficePhone' = $officePhone;
	'StreetAddress' =  $streetAdd;
	'City' = $city;
	'State' = "Texas";
	'PostalCode' = $ZIP;
	'Title' = $title;
	'Department' = $dep;
	'Company' = 'MyCompany';
	'Manager' = $man;
}

#Creates the user in AD (Module 1.11)
New-ADUser @userParams

#Wait for the account to be created before doing anything else (Module 1.12)
Start-Sleep -Seconds 10

#Makes the user's network drive, scan folder, and sets the permissions to their folders and files (Module 1.13)
if ($loc -eq "Loc1") { #If the user is in Loc1 (Module 1.14)
New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive
New-Item -Name scans -ItemType directory -Path "\\server\folder\$un\" #Creates users scan folder
}
Else { #If the user is in Loc2 (Module 1.15)
New-Item -Name $un -ItemType directory -Path "\\server\folder\" #Creates users network drive
New-Item -Name scans -ItemType directory -Path "\\server\folder\$un" #Creates users scan folder
}

#Adds the user to the correct Security Group for permissions and other network drives
if ($dep -eq "Accounting"){ #(Module 1.16)
Add-ADGroupMember -Identity 'Accounting' -Members $un #(Module 1.17)
} #Adds the user to the Accounting Group
Elseif ($dep -eq "Customer Service") { #(Module 1.18)
Add-ADGroupMember -Identity 'Customer Service' -Members $un #(Module 1.19)
} #Adds the user to the Customer Service Group
Elseif ($dep -eq "Executives") { #(Module 1.20)
Add-ADGroupMember -Identity 'Executives' -Members $un #(Module 1.21)
} #Adds the user to the Executives Group
Elseif ($dep -eq "HR") { #(Module 1.22)
Add-ADGroupMember -Identity 'Human Resources' -Members $un #(Module 1.23)
} #Adds the user to the Human Resources Group
Elseif ($dep -eq "Human Resources") { #(Module 1.24)
Add-ADGroupMember -Identity 'Human Resources' -Members $un #(Module 1.25)
} #Adds the user to the Human Resources Group
Elseif ($dep -eq "IT") { #(Module 1.26)
Add-ADGroupMember -Identity 'Domain Admins' -Members $un #(Module 1.27)
} #Adds the user to the Domain Admins Group for IT
Elseif ($dep -eq "Maintenance") { #(Module 1.28)
Add-ADGroupMember -Identity 'MaintGroup' -Members $un #(Module 1.29)
} #Adds the user to the Maintenance Group
Elseif ($dep -eq "Production") { #(Module 1.30)
Add-ADGroupMember -Identity 'Production' -Members $un #(Module 1.31)
} #Adds the user to the Production GroupHR
Elseif ($dep -eq "QA") {  #(Module 1.32)
Add-ADGroupMember -Identity 'QA Group' -Members $un #(Module 1.33)
} #Adds the user to the QA Group
Elseif ($dep -eq "Quality Assurance") {  #(Module 1.34)
Add-ADGroupMember -Identity 'QA Group' -Members $un #(Module 1.35)
} #Adds the user to the QA Group
Elseif ($dep -eq "Shipping") {  #(Module 1.36)
Add-ADGroupMember -Identity 'SHIP' -Members $un #(Module 1.37)
} #Adds the user to the Shipping Group
Else { #(Module 1.38)
Add-ADGroupMember -Identity 'Domain Users' -Members $un #(Module 1.39)
} #Dumps the user to the Domain Users Group

$manfn = Get-ADUser $man -Properties Name | select Name #Gets the manager's name (Module 1.40)

#Creates a report of the User's information
$report = "Hello $fn $ln,

From the IT Department, welcome to <MyCompany>.   We 
are here to help you connect to the resources that you need for 
your job.   If you need assistance with technology, please feel 
free to contact us at either the help page, which is set as your 
home page in Internet Explorer, email us at 
helpdesk@<MyCompany>.com, or call us at extension 4357.

Below you will find your information so that you can login to 
the network and get started:

Your username is domain\$un
Your password is 
Your email address is $fn$ln@<MyCompany>.com
Your phone number is $officePhone Ext. 

It is suggested that you change your password to something that 
you can remember but difficult enough that somebody else cannot 
figure out.   The requirement is only 6 characters, but we do 
advise on making it longer, throw some numbers and special 
characters in there as well to make it stronger.   Best advice 
would be to use a pass-PHRASE instead of a pass-WORD.

Your computer should already be setup with your email loaded and 
your network drives.   At <MyCompany>, we use Microsoft 
Outlook as the email client.   Depending on what department you 
are in will depend on what drives you have available.   
Generally, everybody will have an F: drive and a G: drive.   The 
F: drive is your network folder.   Place in there the documents 
that you feel you cannot do your job without.   In the F: drive 
will be a scan folder.   When you go to the Xerox to scan in 
documents, then you will find them in your scan folder.   The G: 
drive is a company-wide shared folder.  As for your department 
drives, it would be best to talk with $($manfn.name), 
your supervisor/manager, about the nature and uses of these drives.

The use of the equipment and resources provided are a privilege 
to you for use and should not be taken advantage of.   There are 
measures set in place that allows us to manage the network.   Do 
not assume that there is any personal privacy on this network.   
The only privacy that you can assume is for the nature of your 
work.   All information (including emails, documents, 
spreadsheets, pictures, etc.) contained on the equipment 
provided and on the network is the sole property of Standard 
Meat Company.

If you have problems with your equipment or network resources, 
please feel free to ask.   We do not mind helping, but we cannot 
help if we do not know, so please ask! 

Sincerely,


Your IT Department"

if ($loc -eq "Loc1") { #(Module 1.43)
Write-Output $report | Out-Printer
}
Else { #(Module 1.44)
Write-Output $report | Out-Printer \\server\'Xerox WorkCentre 4260'
}

#Waiting for AD & Azure to Synchronize, which synchronizes every 30 minutes (Module 1.45)
Write-host "Waiting..."
Start-Sleep -Seconds 1800

#Connect to O365 and licenses the user
Connect-MsolService #(Module 1.46)
Set-MsolUserLicense -UserPrincipalName (-join($un,'@<MyCompany>.com')) -AddLicenses #(Module 1.47)

#Connects to the Exchange box, creates the users email account, then disconnects from the Exchange box
$mail = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -AllowRedirection -Authentication Basic -Credential $cred #(Module 1.48-Part 1)
Import-PSSession $mail -WarningAction SilentlyContinue | Out-Null #(Module 1.48-Part 2)
enable-Mailbox -Identity $un -Alias $un -DisplayName (-join($fn,$ln)) #Creates the users mailbox (Module 1.49)
IF ($dep -eq "Executives") { #(Module 1.50)
Set-Mailbox (-join($un,'@<MyCompany>.com')) -ProhibitSendQuota 19.5GB -ProhibitSendReceiveQuota 20GB -IssueWarningQuota 19GB #Sets the mailbox size in Exchange Online so that the user isn't using all 50 GB of storage (Module 1.51)
} #If they are an executive, then they get 20 GB of mailbox space
elseif ($dep -eq "IT") { #(Module 1.52)
Set-Mailbox (-join($un,'@<MyCompany>.com')) #(Module 1.53)
} #IT gets the full mailbox, of course 
else { #(Module 1.54)
Set-Mailbox (-join($un,'@<MyCompany>.com')) -ProhibitSendQuota 9.5GB -ProhibitSendReceiveQuota 10GB -IssueWarningQuota 9GB #Sets the mailbox size in Exchange Online so that the user isn't using all 50 GB of storage (Module 1.55)
} #Otherwise, everybody else gets 10 GB of mailbox space
Remove-PSSession -Session $mail #Disconnects from the Exchange box (Module 1.56)

This looks amazing and I can't wait to get it edited and try it out.

Grey

@Grey said in What Are You Doing Right Now:

I'm using the CodeTwo tool to import user pictures to AD. So far, it's killed my laptop once and complained about memory 3 times.

AAaaand CodeTwo crashed.

They have the worst developers. $5 says that some of them were fired from Ubisoft.

Grey

I've been searching all over for an exemplar default domain policy that's current with 2008 and 2012 domain controllers and found that one guy published a blog years ago with detailed info on the defaults, and it's been removed since. Does anyone have an unmodified default GPO that you're willing to paste up for the world to see? I don't want to set up a whole new server and roles, then delete it just to get the defaults out.

Incidentally, I'm doing this so I can compare the changes made to the existing one that I've inherited.

Grey

You guys are useless. I had bbq.

Grey

Has anyone set up an SFTP or FTPS server using Nethserver with AD integration for those FTP users?

Grey

Salad bar from Jason's Deli. My blood sugar was very high this morning so I need to work on dropping it over the next forever.

Grey

Apparently, the whole internet hates mobsync. There are threads all over about disabling it and I need to do exactly the opposite.

In a nutshell, has anyone out there turned on offline files through a command line, gpo or other automated method? I don't want to do that one button press on 200+ stations.

note: image not from problem station and only shown for reference.

Grey

@RojoLoco said in Random Thread - Anything Goes:

@art_of_shred said in Random Thread - Anything Goes:

@Texkonc said in Random Thread - Anything Goes:

I used to drive a mustang when I was younger.

I'm sorry. I had Firebirds.

Here is a rare pic of @art_of_shred and one of his old Firebirds.... even more rare is the fact that he has hair in this pic!

Get the modern one: http://transamdepot.com/bandit/

Grey

@NerdyDad said in Home Anti-virus:

@Grey said in Home Anti-virus:

If you want a 30 day webroot code, let me know (via PM/Chat). I'm happy to make a couple for people to test, and if you want to purchase, we can move from there.

@Grey with the side hustle over here.

Meh. I'm happier that people aren't spreading infectious diseases.

Grey

@nadnerB said in Random Thread - Anything Goes:

So eastern Australia is baking in 40C + weather and has been for a week and a bit... meanwhile on the west side, I'm in long pants and a jumper, we've had our years worth of rain in a week and I haven't seen the sun for several days due to cloud cover.

Bit different.

Also, Ali G was right. "West side is the best"

It was 80f yesterday, and snow is expected tonight.

Grey

Please send me a GrubHub! https://www.grubhub.com/restaurant/great-northern-8101-e-belleview-ave-ste-e-denver/334612 pastrami & egg... nom!

Grey

@thanksajdotcom said in What Are You Doing Right Now:

I might need to get one of these in the near future:
https://www.amazon.com/ThinkGeek-Phantom-Keystroker-V2/dp/B002YJW7C4

Grey

@dbeato said in Windows 2016 Server free file server ?:

@emad-r Why would you want to have a FIle Server in a Hyperv 2016 Server? Will this be for sharing files?

In a real, business oriented, production environment, one would never use their hypervisor for anything except as a hypervisor. The only reason the role for file services is available at all is to allow DAS to be available to other Hypervisors, as with a vSAN or cluster.

Grey

Deployed a WSUS GPO to a portion of the enterprise and now I'm watching machines check in. It's a little exciting because it's actually working as intended! Shit never works on the first try and this actually is.

Grey

https://www.pcper.com/hwlb
The legwork has already been done.

Grey

@RojoLoco said in What Are You Doing Right Now:

@thwr said in What Are You Doing Right Now:

@gjacobse said in What Are You Doing Right Now:

@RojoLoco said in What Are You Doing Right Now:

@Texkonc said in What Are You Doing Right Now:

busy morning, but things have slowed down.

Same here for a while, was scrambling to get data off this laptop so the dev could work from home (sick). But now that he's got his data to go (most of the 5gb was personal pictures, which I should have scolded him about), the hurry is over.

Personal Photos huh... Yep... he could have waited... tough lesson to learn...but sometimes you have to teach it.

Roughly 10 years ago:
User: "Could you please copy my files to my new notebook?"
Me: "Sure. Anything you don't want me to see?"
User: "Nope, just a few family pics"

I've noticed a very large file in the copy dialogue... 4GB ISO file, something about nurses. And it wasn't exactly what I would call a medical training video.

Maybe setting a screenshot of the "nurses" as his desktop background would curtail such behavior...

http://www.nbcnews.com/tech/security/customer-sues-best-buy-alleges-geek-squad-worker-stole-published-f6C10929636

Yet another reason to never use Geek Squad.

Grey

@scottalanmiller said in What Industry Apps Are Awful and You Are Stuck With?:

@grey said in What Industry Apps Are Awful and You Are Stuck With?:

The VMWare 'thick' client, and the VMWare flash anything. Also, IE9 is still being used.

Argh, LOB apps, not IT tool sets! I know all the IT stuff that is problematic.

I relish any chance I get to vent about these items.

Grey

@RojoLoco said in What did you have for lunch or dinner today?:

My lady just bought a whole goose to cook this weekend. Never had goose, can't wait.

I hope it's been defeathered. That's the worst part of cooking birds.

Grey

Users are sly creatures. They'll figure out another hole as soon as you plug this one. You may want to try a different solution, like using an ACL at the network level that closes off access to the various social media sites that you want to block. You can also do this at a DNS level (there's a lot of existing threads on this, and just as many how-to articles). While some users may be savvy enough to get around the DNS block, it wouldn't be easy for them to look up and apply all the IPs for a whole page in facebook since they use so many servers/balancers for various functions. If you go with a 2-prong approach, you could lock it all down pretty effectively by doing the network ACLs and the DNS. I believe there are also some FAQs on what IPs to block for all of the different social media sites so you could make a new network config fairly quickly. As for the DNS solution, check out https://pi-hole.net/.

Grey

find /path/to/files -mtime +5 -exec rm {} ;*
That line would delete files older than the specified number of days.

Posts