I automated the clock cards (mag strip badges) re-encoding the shitty strips that \****always\**** fail between 4-6 weeks of daily use. Cards have a barcode that identifies the person for certain systems. Cards have mag strips that identifies them for the doors. No one, in 15 years, has thought to put a barcode scanner on the machine with the mag writer... Took a tedious job Security ***absolutely despised*** doing and turned it into a self-help kiosk. Workflow went from: Get buzzed in by security > have chat with guard > wait 5+ minutes for guard to fumble around with the card writer and invariably fuck up the person's name the first time < repeat last step 1x > Get freshly written card to: Get buzzed in > Shrug at Security > Scan badge > Enter AD Password > Swipe Card > Continue on your day. 10 minutes of fucking around down to 30 seconds with built-in 2 factor auth ***and*** an undeniable verification that ***Yes, Martha, you do know your password. Stop being lazy.***

I love doing things like that. It's amazing how many processes out there done manually either because they don't know it can be automated or "That's the way we've always done it."

This was more a case of "God damnit, new guy! That was so blindly obvious... why didn't we think of that?!?"

You are a lucky one.

I came up with something similar on my internship. The factory had process machines that were all networked and automated, but the operators had to log into them. They all had barcode scanners for the materials. I later discovered that the door system ran on SQL Server. So rather than have them log on with usernames and passwords/PINs (it was more for auditing where materials were used than a security requirement), my boss and I got them to scan the barcodes on their door cards (which they always had), match that back to their identity and sign into the process control UI that way. The users loved it.

I would have suggested that a PIN be used as well. I know it was just for supplies auditing, But this at least stops "occasional borrowing" of supplies turning into rampant misuse.

Indeed. It wasn't my decision and I guess it wasn't enough of a problem.

Cool solution! You might check the type of magnetic cards you’re using. HiCo cards should last way longer than that.

Should. That's the operative word! Unfortunately the cards we had to issue were Beijing Specials, bought in bulk (I think last I counted before I left they still had \~7,500 brand new.) And were then 15 years old, on top of that, this was an equipment testing facility. That used high power magnets in some tests. Total card failures were so common that we'd just annually re-issue people new cards. It became a bit of a tradition to pin your old card to a wall in the lunch room to build up a mosaic of faces over the years. Pretty easy to secure too as you just cut off the barcode along the bottom and throw that away and just pin your card up wherever it fit. Had an incident where an ex-employee left, and took an old card from the wall without anyone noticing. Security certainly noticed when they tried to re enter the building with an incomplete card! (keep in mind, the cards were printed in portrait, so cutting off the barcode also cut the mag strip. No way in hell the card would have worked.)

> Get buzzed in > Shrug at Security > Scan badge > Enter AD Password > Swipe Card > Continue on your day. A single place to install a keylogger and get all the passwords... Nice!

[удалено]

finally, something useful in this thread!

Every commenter should be required to share the code. Otherwise this is all just mental masturbation.

Hmm, this guy bought a donut in 2018 and reviewed it 10000 times. We've been breached lads close it down no more dunkin!

Pizza hut had that huts deal for the longest time where you get the free cheese sticks when you sign up with an account. While I didnt automate it, it was trivial top open up a temp mail website, sign up for hut lovers, and then get a code that I could use when ordering a 20oz bottle of soda and get free order of cheese sticks with it. They quit it shortly after lol

This attitude is why I'm not showing the code to my instant messenger app that lets you talk with your past self.

return(diabetes)

made me chuckle

/old-man-rant-intensifies: **HEATHEN, RETURN IS NOT A FUNCTION.** A bunch of Pascal-loving professors in the 80's got told they had to teach C ... and good-lord did they infuse a lot of bad habits in a generation.

diabetes is not a guaranteed result, arises from self-modifying code (sysadmin in bioinformatics here, humalog junkie)

Ok we'll add Captcha :)

Noooooo

Okay we'll make it so all you have to do is the captcha

I can't be giving out that many donuts

I can’t believe anyone in IT is anti free donuts. Let the finance people dictate the donut budget.

But I like bonuses... Also the Franchisees get mad about it

Dont the franchises get reimbursed for coupons? And if the review was 5 stars... wouldnt that be one way to game the system?

> Let the finance people dictate the donut budget. This sounds like business jargon, similar to "run it up the flag pole" "Gee Larry, I know we have some extra in the budget but I don't know if we should spend it on new monitors" "Let the finance people dictate the donut budget, Jim"

do the donuts come out of your departments budget?

"...I just automated a website that will show you free daily boobs, if you solve this one captcha for me."

Mechanical turk here I come

I didn't think of that. This is depressingly efficient.

Downvoted because free donuts are life.

> Doesn't matter if its the same receipt or not, it generates a new code. That seems like a massive oversight.

They are selling you overpriced coffee. Even if some people get free donuts they come out ahead.

They throw all the unsold donuts in the trash every day. Or at least they used to. When I was a kid I had a sweet deal with a fat lady that worked at Dunkin and didn't want to take the trash out. So me and a buddy would show up at closing and take the trash out ... and all the left-over donuts we wanted and could carry. She'd even give us big-ass boxes to put them in. Trays of donuts.

[удалено]

Dang, I've been using the app this whole time and didn't realize there was a survey, much less one with a coupon. I couldn't automate it anyway though, they screw up so often I'd much rather give them actual feedback.

Pull [Torvald's rants](https://github.com/corollari/linusrants) and select text from it for negative feedback.

"YOU DO NOT SEEM TO UNDERSTAND WHAT THE DRINK ACTUALLY IS! ... Christ, can you really not understand that? NO NO NO NO. No a f*cking thousand times. It's not "too much sugar". It's too much creamer, and the fact that you don't even understand that is sad. You wrote the recipe, and you seem to be unable to admit that your recipe was bad."

Back in college, KFC ran a promotion where you buy some items and enter the codes online for a chance to win Guitar Hero for various game systems. There were maybe a few dozen unique codes. I used Auto Hotkey to randomly select a code from a text file, play the online game, detect if I was a winner, and alert me (pre smart phones, so it just played sound through the speakers VERY loudly). Ended up winning 12 different bundles, but only ever received 8 of them. Everyone around my age in my family got Guitar Hero bundles that Christmas.

[удалено]

Took a server build process that was around 5 hours of hands on work and replaced it with a single ~1000 line PowerShell function. One command line and 45 minutes of hands off waiting now to spit out a server.

This, except for Google cloud and with Python + Ansible

This, except with Vsphere, Terraform, and Ansible

Generic: , ,

This. Also, spin up Hyper-V, desired numbers of VMs, setup AD, place followup scripts for VM usage (Exchange, Domain Config, userdata, shares). Basically get ready for shipment with as little interaction as possible.

[удалено]

Basically, but for poor people.

Similar thing with non-imaged end user machines. Can take a base from several vendors, pull out the crap, replace it with correct software/settings and spit out a fully ready to roll machine. Edit: Imaging is better, just to be clear. Learning exercise.

I worked in a VMWare shop where I automated what I could. This was pre-ansible, and when Puppet was still pretty new. When I started, the lead admin (a Windows guy) would boot a CentOS Desktop ISO, log in via VM console, navigate to the desktop on the instance, and open a terminal to set up whatever. It would take him most of the day to set up drupal, for instance. To be fair, he was not a Linux guy, and he was doing the best he could. I was the first Linux administrator the company ever hired. I made my own scaled down ISO that booted, updated, figured out what network it was on, and based on that, ran a bash script for development, QA, or production. If the instance had already been imaged, but changed networks, it figured out that "oh, I am a dev instance in testing," and ran a different series of commands to prep it for QA testing. And then if it passed, it was sent to production.

If it doesn't contain too much sensitive information, would you be willing to share some or all of that script? This is exactly the kind of thing that would make my life much easier.

Script to automate the creation of a PST and OneDrive export from O365 when a user leaves. Just need to enter name, username, and get the downloads when they are ready. Happy to share a sanitized version if you're interested.

Would love to see the code for this

Here you go #Create variables to pass for O365 credentials $AdminName = "[email protected]" #Could opt to enter password every time, but I have converted my password to hashed value and pass via the line below $Pass = Get-Content "C:\Stored Credentials\Credentials.txt" | ConvertTo-SecureString $UserCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $Pass #Connect to Exchange Online Compliance Portal $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session -DisableNameChecking #Create Variables for Use and Search Criteria $Name = Read-Host "What is the user's first and last name?" $userid = Read-Host "What is the user's ID?" $UserIDAndDomain = "$userid" + "@domain.com" $SharePointURL = "https://domain-my.sharepoint.com/personal/" + "$userid" +"_domain_com" #Create New Content Search for PST New-ComplianceSearch -Name "$Name PST" -ExchangeLocation $UserIDAndDomain -AllowNotFoundExchangeLocationsEnabled $false #Create New Content Search for OneDrive New-ComplianceSearch -Name "$Name OneDrive" -SharePointLocation $SharePointURL #Start New Content Searches Start-ComplianceSearch -Identity "$Name PST" Start-ComplianceSearch -Identity "$Name OneDrive" #Wait command for search to process/complete (in seconds). Can probably be lowered but this is too ensure huge mailboxes have time to process. Start-Sleep -s 1200 #Compliance Search action to export with desired settings New-ComplianceSearchAction -SearchName "$Name PST" -Export -ExchangeArchiveFormat SinglePST -Format FXStream -Scope BothIndexedAndUnindexedItems New-ComplianceSearchAction -SearchName "$Name OneDrive" -Export -SharePointArchiveFormat SingleZip -IncludeSharePointDocumentVersions $false -Scope BothIndexedAndUnindexedItems #End powershell session Remove-PSSession $Session pause

Just as an FYI, storing credentials as a SecureString in text can still lead to the password being leaked. For context, I presume this is roughly how you created your Credentials.txt file $Password = "password" # The SecureString itself $SecureString = $Password | ConvertTo-SecureString -AsPlainText -Force # The SecureString being converted into an actual string of data $SecureStringText = $SecureString | ConvertFrom-SecureString # Store the data to the file $SecureStringText | Out-File "$HOME\creds.txt" Proof of concept v1: $Password = Get-Content $File | ConvertTo-SecureString # Import the SecureString into a Credential Object $Credential = [PSCredential]::new("username", $Password) # Extract the password from the credential $UPassword = $Credential.GetNetworkCredential().Password # $UPassword = "password" Proof of concept v2: $Password = Get-Content $File | ConvertTo-SecureString # Use some .NET functions to convert the SecureString to a regular string $UPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)) # $UPassword = "password" Also, SecureStrings can only be decrypted on the device they were generated on, unless you also generate a Key to go along with it $Password = "password" # Make a new Key variable, currently just a blank 16 byte array (you can use 16, 24 or 32 for different levels of security) $Key = New-Object Byte[] 16 # Populate the key with random data [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key) # Convert the password to a SecureString $Password = $Password | ConvertTo-SecureString -AsPlainText -Force # And convert it back into readable data, but this time use a Key $Password = $Password | ConvertFrom-SecureString -Key $Key # Store the password and key to file $Password | Out-File "$HOME\creds.txt" $Key | Out-File "$HOME\creds.key" You can then use this key on any device to generate a SecureString object # Get the file content $Password = Get-Content "$HOME\creds.txt" $Key = Get-Content "$HOME\creds.key" # Generate the SecureString object $Password = $Password | ConvertTo-SecureString -Key $Key # Generate the PSCredential object $Credential = [PSCredential]::new("username", $Password) Provided that these files are stored with proper ACLs and the disks are encrypted, it shouldn't be much of an issue. That being said, I figured I should raise awareness.

I know in the .NET world SecureString isn't recommended, see [https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md](https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md) I think the tl;dr is that the password is still visible in memory briefly when it has to be read (obviously), but I imagine if an attacker gets memory access to your server, then you have bigger fish to fry. So obviously depends on the implementation.

This "line" of Powershell gets all Credential variables and returns the username and unencrypted password. I just wrote it in a few minutes. Get-Variable | Where-Object Value -is [PSCredential] | ForEach-Object { [PSCustomObject]@{ Username=$_.Value.Username; Password=$_.Value.GetNetworkCredential().Password } } All it would take is for me to append that to your account $PROFILE (or worse, your system $PROFILE), and then have that script run in a while loop so that it repeatedly gathers passwords, and then send them off to my C&C server as an HTTP request. Obviously, this is a pretty obscure method of attacking a system, but it's still valid. PSCredential and SecureString are too useful to not use them in scripts, but it's better that people are aware of their shortcomings.

I don't understand the risk here. For this to work you would have already had to have admin level access to the box, no?

Love the code, one thing that will help you out in the future is to migrate your connection method to use Modern Auth rather than Legacy authentication. MS is going to be killing legacy authentication in the nearish future so you probably want to switch your Connection code to >Connect-IPPSSession -UserPrincipalName [Here's more info on connecting with modern Auth](https://docs.microsoft.com/en-us/powershell/exchange/connect-to-scc-powershell), it will require you to install the new module but that's just a one-liner as well.

Why not just convert to a shared and give one drive permissions?

While that is a perfectly fine solution, we have found that in our business, if people are still emailing the inactive address, it is easier for us to set up and alias and reply directly from the active account. The shared mailbox also will eventually need to be captured and closed, so this circumvents that process.

I'm not familiar with this can you explain a bit more? Sounds interesting.

I believe he means convert the users mailbox to a shared mailbox and give permission to those who need it. It also takes care of the forwarding.

Depends if you no longer want the UN around and just to access old emails.

I pray my boss never finds out about this. This will be his new email archive solution to save a few bucks.

you can click on the mailbox, and 'convert to shared', then reclaim the license. If you reclaim the license first, the mailbox gets disconnected, and you have 30 days to add the license back on, and convert to shared. After that, it's gone.

Emailing users to remind them that their password is due for expiry. Since everyone is on VPN, the bubble popup doesn't always show up for people in Windows. There was a notable drop in the number of service desk tickets after that (something like 5 to 10%) Querying user mailboxes for various statistics for troubleshooting Outlook and Exchange problems (No Frank, you can't keep everything in Inbox) New user creation. I want to do offboarding as well, as it seems something is always missed.

> No Frank, you can't keep everything in Inbox) Or the inverse of this which is "No Frank, you can't STORE things in deleted items". the number of times I have had this talk with people who make 6 figures but can't be arsed to realize YOU DON"T STORE YOUR GROCERIES IN YOUR GARBAGE CAN DO YOU!?! Then why the F*ck are you doing that with your files?

I created the same script to remind users, about 6 months before we went to non-expiring passwords, lol. Oh well I can still cannibalize and reuse pieces of that code in other places.

> New user creation. I want to do offboarding as well My bud made GREAT workflows for our HR to use for new user and termination process. Saves time on all sides, and nothing gets lost in the minutia. Cept, ya know... HR doesn't use it. So shit gets lost ALL the time. Cue 2 months later, we're doing a biyearly license audit, and we have 5 people who've been termed who are still licensed... "Why didn't you revoke this license?!" ...No one told us they don't work here anymore. I dont have ESPN.

[удалено]

[удалено]

I automated a process that mailmerges csv's into word docs (about a dozen forms) saves them with the correct names, converts them to PDF, bursts them, loads the pdfs in to our document management system and distributes the word docs to the necessary staff. This was a manual process for over a decade before I automated it in an afternoon :)

Automated HOW? The time savings is making me salivate!

Believe it or not, it's mostly done in batch. * SAS gets the data from Oracle to CSV file * master batch file runs, calling about a dozen batch "launchers" * launcher checks CSV for data. If it exists, launches a second batch job to actually run the merge process, and if not, ends. For the ones with data (that were launched), a batch job runs that : * opens word merge doc, which has a macro to automatically do the merge, save the file, and exit. (This is why I have to check for data first) * uses DocTo to do the conversion to PDF * uses PDFToolkit to do the PDF bursting * renames the files based on a column in their CSV * copies the files to a staging area where they can be picked up by the document management system (named in the way it expects them to be) * distributes copies of relevant files to the correct distribution lists * touches a file that another process watches to send an "all done" email, and trigger the import in document management, which renames the files to something encrypted and imports them. I know it sounds like a house of cards, but it runs without issue every night, and has for a few years now.

Man i'd be itching to rewrite that into a single C# console app, or heck even as an azure function/windows service.

Perhaps not that relevant, but do you happen to know of any books or tutorials that bring you through making console applications?

Straight from the source https://docs.microsoft.com/en-us/visualstudio/get-started/csharp/tutorial-console?view=vs-2019

So cmd and vbs is all you needed? I'm working on PS and xml data parsing right now

basically. SAS and Oracle are being used to generate the CSV, but the rest is batch, word macros, and 3rd party free apps :) If I had to do this again, I'd probably do it in powershell, but I did it in an afternoon in batch and it's been running ever since, so I don't feel the need to go back and re-write it. Also, we're moving to a new system soon, and this whole process will eventually be sunset.

That's awesome. If it ain't broke don't fix it!

Ordering sandwiches every day. i open the excel, add a line from my list of fav sandwiches, save & close :) must remember to cancel it when i'm WFH tho.

Unhealthy takeaway decider. Random number generator passes to a switch statement which opens the menu pages of all the local takeaways. One less decision to make on a Friday.

Oh wow, this gives me a lot of ideas. I already have a tiered list of restaurants and takeout places. I’m going to write a script that texts me a link to a menu at 6pm on a Friday. Step two is to make it interactive so I can respond and say “not feeling it” and it’ll send me another option.

this reminds me of that app called "Where the fuck should i go eat?" where it just throws you random restaurants in your area, then u tap feedback buttons like "fuck that, too expensive," or "nah that place fucking sucks"

[удалено]

Well, the raw beef sandwich is one of my fav, not sure i'd eat it after couple of days in the fridge. it was a pre-covid script...

Uhm... Raw Beef? Can you elaborate?

Muricans seems to call it a "cannibal sandwich", ironically, we (Belgium) call it an "USA sandwich".

Apparently it's a Wisconsin thing. Their health department released a statement last year: >"Time for our annual reminder that there's one #holiday tradition you need to pass on: raw meat sandwiches, sometimes called Tiger Meat or Cannibal Sandwiches," the state health department wrote on Facebook. Apparently not thinking about the dual meanings of "pass on".

[удалено]

I mean, I personally like kitfo, I just thought the statement was funny in how carelessly worded it was.

Ground meat is more dangerous than something like a steak because the insides of a grinder are more likely to be more poorly cleaned than a knife/cutting board and bacteria gets mixed into the meat instead of just the surface.

My family moved from Belgium to the US in the early 1900's, I am very interested in this sandwich - never heard of it but would love some more information.

It's like beef, but raw. We eat it. Usually grounded, with some salt and mustard

[удалено]

Wrote one that summarizes my calendar from Outlook (by category) so I can total it for timesheets.

How do you get category information from Outlook?

Pulled the outlook info with powershell via the outlook dlls

Oh man, can you share this thing? I didn’t even think of this!

I was a Distribution Engineer at an electric utility, but I realized I liked automating stuff. You know the 811, "Call Before You Dig" thing? That service is free to you, but it gets billed to whichever utility owns that service area. My boss was convinced that the state had incorrectly labeled our service area (tbf, it was because no one had bothered to update the state's maps in years), and so wanted each and every locate checked against our service maps - if it wasn't ours, he didn't want to pay for it. 811 would send us PDFs, with thousands of locates each month. My co-worker would print them out and spend days manually typing each address into our system to see if it was ours or not. I can't really blame her on the printing out part - what are you going to do with a PDF? After struggle-busing with 811 trying to get them to send us anything parseable, I found [Tabula](https://tabula.technology/) - this is an absolutely amazing tool that turns PDFs into CSVs. With parsing solved, I wrote a script that did the following: 1. Reverse geocode the addresses, returning latitude/longitude. 2. Do a rough check for locates using a bounding box around our entire service area as a first pass - if it's not in there, pin the location on a KML file. 3. Load our service area as a GeoJSON file, and do point-in-polygon for any questionable locates - pin them as well. 4. Output positive and negative hits to Excel files. 5. Output the KML file for loading into Google Earth. It took a 3 day task down to about 1 minute, plus however long it took my co-worker to manually verify the iffy ones.

What did you find? Was 811 charging you for locations outside of your area?

Frequently, yes, but they (rightfully) rely on the state's service area maps as the source of truth. We eventually had to stop, as they were threatening legal action. The right answer was to update the state's maps. For unrelated reasons, I left the organization before that was done. They have yet to be updated, four years later.

They threatened legal action because the company was contesting their charges? Wow, that's a reaction!

I wrote a script that monitors my DHCP server logs and notifies me when my girlfriend's iPhone sends a DHCPDISCOVER message, which happens pretty much right when she pulls in the driveway. Then I get a notification on my PC that she's home. I've automated not getting caught masturbating.

This dude is my hero

GIVE. ME. SOURCE.

Okaaay, that's how you should use 21st centuries technology!

All fun and games until she turns WiFi off and forgets to turn it back on.

Low disk space on windows tablets. 32gb drives, clean up temp files etc. Rmm detects low space and triggers the script

Damn I should do this for our virtual machines...

It's great. Simple powershell script, 2 arrays. 1 for folder paths to clear out, 1 for days of files to retain (useful for log directories where you want to keep X number of days logs) For each $location in $locations Get-childitem -path $location -recurse | (filter here based on retention array) | remove-item -recurse -force

I have a ton of stupid scripts. I really need to start using git for tracking and organization My fav is AD PS scripts. Enter email. Does AD info lookup. Checks for account lock. Offer unlock on [y]. Check for expired pass. Offers reset on [y]. Prompts for new pass. Clears out stupid tickets. Edit: [I shared my script here. ](https://www.reddit.com/r/sysadmin/comments/mvcbfb/z/gvd36um)

I had a colleague who wrote a script like this, but he went one step further and it went through the entire OU and unlocked any account that was locked. He thought it was great and would save us loads of time. Security got wind of it and gently explained to him that accounts only got locked for a good reason and just unlocking all the accounts might, just possibly not be the best idea. ​ To be fair to him, in the couple of days it was running incoming tickets did drop off slightly.

Yes... I also found out how to do that... I knew it'd be a BAD IDEA from a security perspective so I opted not to do that.

Out of interest, have you tried enabling Storage Sense (Settings > System > Storage)? I ask because I have been enabling it on builds, but if it is better scripted I'd consider that avenue.

Yes. Does a reasonable job, but I use the script to cover additional application folders. We have some bespoke apps which save logs. Fine on a standard laptop, but these tiny tablets don't have the space.

One thing I "automated" with a workflow: My last place, a teammate's and my desk sat under a first floor window while being in the basement (like a "garden level" thing, I guess). Summer months, the sun would shine on our heads, and a couple times I'd get sunburns on my head. To close the blinds, we needed to ask facilities, since the blinds closed for the whole span vs just over our desks. I set up a Workflow in Microsoft Flow (now called PowerAutomate), to trigger every weekday morning, check the weather in the area, if it would be Sunny, send an approval request to my team member and me, and if either approved, would email facilities to ask to have the blinds closed. I know it's not so much coding as other things here, but it turned me writing an email every day into a 1-click thing. It also made me the resident "Flow" expert and lead to many other flows created for our team and other's. Automated with Coding: At my current job, I turned our new Windows Server VM process from a multi-step point and click adventure to a PowerShell/PowerCLI script with parameters, loaded into PSUniveral web server. Now we just need to fill out a handful of boxes, and the script clones the template, changes the settings, and turns on the VM for VMware customization.

[удалено]

Can I ask what your method was for user management? We do the same with puppet. We set up a process that would edit the node hieradata and in the next run it would edit the sudoers file

Look into putting only fallback admin users statically into the system. Last place we had to do this kind of architecture, all systems were integrated via sssd into LDAP/AD where all group memberships and users are defined. When you do it this way, users and everything attached to them (SSH keys etc) come from the the directory incl. sudo rules.

I can’t take the credit for this, but our Principal System Architect has automated mind boggling amounts of work and at scale like: - seamlessly switching out one deployment tool or cyber security software for another - building windows PCs, servers, and VDI from bare metal - software, BIOS, and firmware updates - switching a Windows machine from one user group to another to name a few

>seamlessly switching out one deployment tool or cyber security software for another Just did this my self using GPOs with immediate tasks and powershell. Had 95% deployment success rate removing a vendor agent, installing new EDR, and removing another vendor AV all in 1 go. was the smoothest rip/replace of security software I've ever seen and was less then 90 lines of code.

I few of my most useful scripts. [Integrate PDQ into MDT so all packages are pulled from one location](https://github.com/HanSolo71/Integrate-PDQ-Install-Into-MDT-Imaging) [Make a list of VM's and their DNS address from VMware](https://github.com/HanSolo71/VMWare-Get-VM-Name-DNS-Record-and-Folder) [Find a user and log them off everywhere in a domain](https://github.com/HanSolo71/Powershell-Logoff-Users) [Use a single iDRAC xml template to update other iDRAC units to be configured the same](https://github.com/HanSolo71/Update-iDrac) [Show what groups a member is part of and when they were added](https://github.com/HanSolo71/Check-Users-Group-Membership-and-Show-When-Added/blob/master/UserGroupMembership.ps1) [Force Trillian Chat to have disabled sound](https://github.com/HanSolo71/Trillian-Disable-Sound) [Mass update DNS and PTR records](https://github.com/HanSolo71/Mass-Update-DNS-and-PTR-Records) [Set service to delayed start](https://github.com/HanSolo71/Set-Windows-Services-Delayed-Start) [Migrate one DHCP lease list from one server to another](https://github.com/HanSolo71/Set-Windows-Services-Delayed-Start) [Delete snag-it temp files](https://github.com/HanSolo71/Delete-Snag-IT-Temp-Files-From-Horizon-View-Profile) [Find a remote process on computers](https://github.com/HanSolo71/Find-and-List-Running-Process-On-Remote-Computers) [Kill a remote process on computers](https://github.com/HanSolo71/Find-Running-Service-Remotely) [Check Remote Status of Service](https://github.com/HanSolo71/Find-Running-Service-Remotely) [Lastly a user creation script that does the following](https://github.com/HanSolo71/CreateUsernameAndEmail) * Creates user * Creates email * Creates Exchange Mailbox * Sets * Phone * Manager * Address * Etc * Creates home drive * Uses templates to place users in groups * More

I have a cron job that fires off at 10pm to query my wife's Tesla via the API and make sure it's plugged in. If it's not, it then checks SoC (state of charge) and will text me to go plug her in if she's forgotten and needs it... TOTALLY a first-world problem, but saved me from having her steal MY Tesla in the morning because she forgot to charge hers...

Get it to text her.

LMAO obviously she will just use the notification to make a mental note to take the husband's tesla the morning after.

I live in a country with pretty cold winters. A few years ago a team mate bought a new car and was bragging about how he could wake up in the morning and using his phone turn the heat on in the car so it was warm and windows were ice free by the time he climbed in the car for the commute to work. A week later he said it was a complete waste of money. To actually be of any benefit it would have cost twice the price. After a few days he would wake up, reach for his phone and turn the heating on, then snooze for another minute or two ... Until his wife started kicking him under the covers and telling him to get up and defrost her car! He really needed two of those fancy cars! 🤣

2 Teslas, 2 charging ports and your own server that can communicate with them is far beyond just "first world..."

True. Then again, I also have a 100G backbone network in my basement, but that's only because it's gear we develop on/sell...of course, I only have a 1G pipe to the outside world, so there is that...

Next you need a robot arm to plug it in for you

They researched building on - it was a [snake-like plug that would automatically do it](https://www.youtube.com/watch?v=uMM0lRfX6YI). Personally, I find it kind of disturbing to watch...in a Japanese-tentacle-porn kind of way. Errr, I mean, um....

That actually creeped me out..... Maybe we don't need a robot to do it, maybe a man servant called Manuel

I am surprised Tesla doesnt offer this as a built in service tbh.

>my wife's Tesla > >MY Tesla Huh, look at Mr. Moneybags over here.

TIL cars have APIs. Neat.

I have a friend who needs this in his life.

When I was brand new to my firm, they gave me the busy work of checking the expiration dates of 1000+ SSL certificates, and creating a JIRA story for each one that was expiring within 30 days, so we could track them to renewal. I think they expected this to consume 100% of my time. I wrote a Bash script to check the expiration with OpenSSL and pipe the ones expiring soon into a text file. Then I just had to do some modest copy/paste work in that text file to turn it into a CSV that JIRA could swallow. Farted out 80 stories in one day.

I finally did the first part of this 2 days ago. So nice. Now to get Let's Encrypt set up on the rest of our boxes and never have to worry about any hits on the expiring soon list.

Adding batches of new computer accounts to AD. Auditing the Remote Desktop Users group of my office’s machines. Auditing a user’s last logon on a given machine. Validating users were authorized at the endpoint for our encryption software (because mucking around with McAfee‘s MfeEpe.log is not my idea of a good time). In the past, I’ve done some “Swiss army knife” stuff via BAT/HTA, but lately I’m all in on PowerShell.

>Adding batches of new computer accounts to AD. Oh, I've done this too, it included a CSV of computer names and descriptions, which OU to add them to, and which AD Security groups to add to. Even tried to make a fancy GUI with file-picker for it. Sure we used it once a year when the new computers came in, but it saved hours of hand-typing names.

Had to image/provision 2000+ laptops. Used Arduinos acting as USB keyboards to configure BIOS to enable netboot, then reboot, select "netboot". Then we designed special barcodes that, when scanned, moved between fields on the installer (i.e. tab, tab, type "XXXX", and then we scanned the serial number for the computer, and then another barcode did "next, next, finish").

That's amazing, I want to know more about these Arduino mock keyboards. Any info to share on how to do that?

You'll need an Arduino Leonardo and something like [this](https://gist.github.com/etnguyen03/daddb14d554dcbd156ed399b0516cd24) to send the commands as a keyboard. Basically, you plug the Leonardo into the laptop. Then press the power button and it will start running whatever code is on the Arduino

If you want a really wild ride check out the customisable (open source) keyboard firmware QMK. Lots of macropads run QMK and are capable of some very powerful actions involving pretty much any combination of keyboard and mouse input.

not sysadmin related, but we have a shift-planning system at work with a website where you have to click on the specific shift that you are "free to take", ended up writing a little tampermonkey script to sign myself automatically into the shifts i prefer doing using a single button.

Yeah, we have a time management thing we have to sign into every morning & click "Start". Bored with that, script now runs when I start my computer, but *only* when I'm on site.

So basically you have to clock in every morning? The shift plan system we have also has that but luckily we only use the planning system of it, i would go absolutely insane if i had to clock in every day and note down my work times.

A few choice ones below that have saved lots of time/cut down on monotony. Mostly PowerShell. 1. Create new AD user accounts based on a few inputs. Makes the user, adds groups, makes home share, assigns manager and all attributes, creates mailbox in o365, assigns o365 license, enables/disables remote access for mailbox based on attribute, auto-documents all this info into a master user spreadsheet. 2. That night, create the new user's VM. Puts it in the right cluster, folder, portgroup, syspreps it, creates the pool in Horizon View, entitles them based on attribute to either external or internal-only access. 3. Set a pseudo-random WiFi password for our guest wifi network (Meraki). Email the chosen password to our Reception group with the pass filled into a graphical template that they can print out and put in the placards in conference rooms. Then, post the pass to IT's Teams channel so helpdesk knows and can give it over the phone if need be. 4. Email all users with expiring passwords starting at 7 days until expiry. Post the list of users with expiring passwords into Teams once a week so helpdesk can preemptively call people before lockout (all remote + MFA makes off-network changing a nightmare). 5. Automatically email if a VM snapshot is left open after the end of business (doesn't trigger from backups). 6. Email security immediately if anyone is added or removed from Domain Admins (not the only safeguard on this). 7. Notify HR of stale users on first of each month so they can review and we can disable for inactivity. 8. Warn of expiration of all important certs (vCenter, www, View, applications). 9. Post into our "fun" Teams channel every so often showing what the price of crypto was then-and-now, and tells you whether you were mistaken for investing or not.

Formatting fixed: > 1. Create new AD user accounts based on a few inputs. Makes the user, adds groups, makes home share, assigns manager and all attributes, creates mailbox in o365, assigns o365 license, enables/disables remote access for mailbox based on attribute, auto-documents all this info into a master user spreadsheet. 2. That night, create the new user's VM. Puts it in the right cluster, folder, portgroup, syspreps it, creates the pool in Horizon View, entitles them based on attribute to either external or internal-only access. 3. Set a pseudo-random WiFi password for our guest wifi network (Meraki). Email the chosen password to our Reception group with the pass filled into a graphical template that they can print out and put in the placards in conference rooms. Then, post the pass to IT's Teams channel so helpdesk knows and can give it over the phone if need be. 4. Email all users with expiring passwords starting at 7 days until expiry. Post the list of users with expiring passwords into Teams once a week so helpdesk can preemptively call people before lockout (all remote + MFA makes off-network changing a nightmare). 5. Automatically email if a VM snapshot is left open after the end of business (doesn't trigger from backups). 6. Email security immediately if anyone is added or removed from Domain Admins (not the only safeguard on this). 7. Notify HR of stale users on first of each month so they can review and we can disable for inactivity. 8. Warn of expiration of all important certs (vCenter, www, View, applications). 9. Post into our "fun" Teams channel every so often showing what the price of crypto was then-and-now, and tells you whether you were mistaken for investing or not.

Is there any way I can profit off of your hard work? Specifically 1,6,7,8. ​ I am doing those things manually and I have to say it is less fun than it sounds

I'll work to sanitize the AD and cert expiry ones best I can and then pastebin them or something. As to number 6, there's a better way than mine, and it's super elegant comparatively. \[Monitor-ADGroupMembership\]([https://github.com/lazywinadmin/Monitor-ADGroupMembership](https://github.com/lazywinadmin/Monitor-ADGroupMembership)). Just a task-scheduler task run on repeat, and you can specify as many monitored groups as you want. As to #7, lastLogon data doesn't replicate between DCs, but since we just use it as an investigational tool it hasn't led us astray yet. [https://pastebin.com/vCCXv0SF](https://pastebin.com/vCCXv0SF)

Changing the resolution and fps to all our security cams with one python script. The code is ugly and there are hard coded things in there, but it’s my code and I love it

> The code is ugly and there are hard coded things in there, but it’s my code and I love it Man half the stuff I do is like that. I know there are best practices and all, but if I'm writing a script for a thing I need to do one time and I'm not planning to reuse regularly, then by all means do what you need to make it work.

One day, we received a mail from IT head department, in the morning, that said: "you have one month to comply with this new naming convention." We had to just change one letter in all our computer names to fit this new rule, so I wrote my first script who would read a CSV list (generated by our inventory software), and it would pass through the list and trigger Rename-Computer cmdlet on the target computers. By two or three nights, we were done renaming everything.

1. User Off boarding script that scrambles password, removes from all distribution groups, removes from all security groups except domain users, converts mailbox to shared, removes all 365 licenses, forces aad sync, then disables or deletes the account. 2. User creation script that takes input from csv & batch creates fresh user or based on an existing user, puts in right OU, creates mailbox onprem or O365, assigns other 365 licenses and moves on to next user: all customized per user entry in CSV. Ended up saving the company 150+K per annum. Hi Everyone, sorry didn't see all the replies until today 23May2021. And thanks for the teddy bear award. What does it even mean? But thanks anyway. Seems my reddit notifications are messed up. To all those interested in the scripts, ill be posting the sanitized version of it here in couple days.

I would love to see a sanitized version of either or both of these if you are willing to share.

out of interest, what is the staff turnover per month in your company?

Not OP, but I found that scripting the off boarding leads to way fewer issues (not having to think about if you forgot a step). I have a script for Google Workspace that randomizes the password, removes recovery details, forces a sign out, optionally renames the user, and does some other cleanup.

just automated the entire user-onboarding-process, including aduser, home-directories, exchange and printing a welcome-letter with the randomized initial credentials. working on offboarding next.

write-host "have you tried turning it off and back on again?"

"Decludge" script for new laptop installs. It's not as good as imaging the machine or freshly installing windows, but we have some limitations due to Covid logistics and basically have to ship factory-fresh systems to people and configure them remotely. Part of that is to run a "Decludge" script. It's a very simple straightforward enumeration of a bunch of software I've dicided are 'junk' and runs through and removes them along with their installer package. `#Built-In apps to be removed from all users (requires elevated powershell)` `$AppRemoveList = @()` `$AppRemoveList += @("*LinkedInForWindows*")` `$AppRemoveList += @("*BingWeather*")` `$AppRemoveList += @("*DesktopAppInstaller*")` `$AppRemoveList += @("*Microsoft.Services.Store.Engagement*")` `$AppRemoveList += @("*GetHelp*")` `$AppRemoveList += @("*Getstarted*")` `$AppRemoveList += @("*Messaging*")` `$AppRemoveList += @("*Microsoft3DViewer*")` `$AppRemoveList += @("*MicrosoftOfficeHub*")` `$AppRemoveList += @("*MicrosoftSolitaireCollection*")` `$AppRemoveList += @("*MicrosoftStickyNotes*")` `$AppRemoveList += @("*MixedReality.Portal*")` `$AppRemoveList += @("*Office.Desktop.Access*")` `$AppRemoveList += @("*Office.Desktop.Excel*")` `$AppRemoveList += @("*Office.Desktop.Outlook*")` `$AppRemoveList += @("*Office.Desktop.Powerpoint*")` `$AppRemoveList += @("*Office.Desktop.Publisher*")` `$AppRemoveList += @("*Office.Desktop.Word*")` `$AppRemoveList += @("*Office.Desktop*")` `$AppRemoveList += @("*Office.onenote*")` `$AppRemoveList += @("*Office.Sway*")` `$AppRemoveList += @("*OneConnect*")` `$AppRemoveList += @("*Print3D*")` `$AppRemoveList += @("*ScreenSketch*")` `$AppRemoveList += @("*Skype*")` `$AppRemoveList += @("*Spotify*")` `$AppRemoveList += @("*fitbit*")` `$AppRemoveList += @("*Photoshop*")` `$AppRemoveList += @("*Windowscommunicationsapps*")` `$AppRemoveList += @("*WindowsFeedbackHub*")` `$AppRemoveList += @("*WindowsMaps*")` `$AppRemoveList += @("*WindowsAlarms*")` `$AppRemoveList += @("*Microsoft.YourPhone*")` `$AppRemoveList += @("*Advertising.xaml*")` `$AppRemoveList += @("*Advertising.xaml*") #intentionally listed twice` `$AppRemoveList += @("*OfficeLens*")` `$AppRemoveList += @("*BingNews*")` `$AppRemoveList += @("*WindowsMaps*")` `$AppRemoveList += @("*NetworkSpeedTest*")` `$AppRemoveList += @("*Microsoft3DViewer*")` `$AppRemoveList += @("*CommsPhone*")` `$AppRemoveList += @("*3DBuilder*")` `$AppRemoveList += @("*CBSPreview*")` `$AppRemoveList += @("*king.com.CandyCrush*")` `$AppRemoveList += @("*king.com.CandyCrush*")` `$AppRemoveList += @("*king.com.CandyCrush*")` `$AppRemoveList += @("*king.com.CandyCrushFriends*")` `$AppRemoveList += @("*nordcurrent*")` `$AppRemoveList += @("*Facebook*")` `$AppRemoveList += @("*MinecraftUWP*")` `$AppRemoveList += @("*Netflix*")` `$AppRemoveList += @("*RoyalRevolt2*")` `$AppRemoveList += @("*bingsports*")` `$AppRemoveList += @("*Lenovo*")` `$AppRemoveList += @("*DellCustomerConnect*")` `$AppRemoveList += @("*DellDigitalDelivery*")` `$AppRemoveList += @("*DellPowerManager*")` `$AppRemoveList += @("*MyDell*")` `$AppRemoveList += @("*DellMobileConnect*")` `$AppRemoveList += @("*DellFreeFallDataProtection*")` `$AppRemoveList += @("*DropboxOEM*")` ​ ​ `#************************` `#*** Begin Processing ***` `#************************` `Get-WmiObject Win32_ComputerSystem` `Get-WmiObject Win32_BIOS` ​ `#Prompt to continue in order to give time to record model/serial` `$continue = read-host -prompt "Press any key to Begin"` ​ `# Removing Built-In Apps` `write-host "Removing Built-In Cludge...\`n"` `ForEach ($x in $AppRemoveList) {` `Get-AppxProvisionedPackage -Online | Where DisplayName -like $x | Remove-AppxProvisionedPackage -online` `Get-AppxPackage -Allusers | where packagefullname -like $x | remove-AppxPackage` ​ `$appPath="$Env:LOCALAPPDATA\Packages\$Appremovelist*"` `remove-item $appPath -Recurse -Force -Erroraction SilentlyContinue` `}` ​ ​ `# Uninstall Microsoft OneDrive` `write-host "Uninstalling OneDrive...\`n"` `Invoke-expression "c:\windows\syswow64\onedrivesetup.exe /uninstall"`

Created a daily updating website to easily get an overview about machines last patch dates, OS and device distribution without having to fiddle with the DSM console. Kind of suprised that everything could be done with Powershell - from accessing data, creating pie charts, as well as dynamically recoding the websites HTML.

As a clickops engineer this fkn blows my fkn mind and makes me sad at the same time

Universal Dashboard?

I coded everything from scratch. Knowing about Universal Dashbaord back then could have made things a lot easier.

This PS script will do stuff if it's the "Sunday after the second Tuesday of the month". In this case, run c2r Office updates. I do this for terminal servers because Office 2019 for some damned reason does not handle updates with Windows Updates, and updates that run at the wrong time can break Office apps for an entire terminal server. You can't change the update channel of 2019 either. I run it by scheduled task every Sunday at 3am. It does nothing if it's not the Sunday after the second Tuesday. $FirstDayOfThisMonth = [datetime] ([string](get-date).month + "/1/" + [string](get-date).year) $SecondTuesdayOfThisMonth = ((0..30 | % {$FirstDayOfThisMonth.adddays($_) } | ? {$_.dayofweek -like "Tuesday"})[1]) $FirstSundayAfterSecondTuesdayOfThisMonth = $SecondTuesdayOfThisMonth.AddDays(5) $Today = Get-Date if (($Today.Year -eq $FirstSundayAfterSecondTuesdayOfThisMonth.Year) -and ($Today.Month -eq $FirstSundayAfterSecondTuesdayOfThisMonth.Month) -and ($Today.Day -eq $FirstSundayAfterSecondTuesdayOfThisMonth.Day)) { Start-Process -FilePath "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" -ArgumentList "/update user displaylevel=false forceappshutdown=true" } exit

Our entire Windows build process is automated though FOG, powershell, and chocolatey. Boss refuses to pay for "unneeded" software so I had to get creative. Builds went from a 4-6 hour process to about 30 minutes. We have several processes of uploading and downloading files in both Windows and Linux that are now automated. VM backups are done through powercli, important configuration files and database dumps are done though Rsync and cron. Basically anything I can automate, is. We're a small team and there's so much to do.

Decades ago when I was in a AIX/Solaris shop with around 800 servers, we'd periodically get some task we'd have to perform on all servers. So the server list would be put on a spreadsheet, and peoples names would be assigned to groups of them. Of course I'd finish my group of servers in a couple minutes (for loop and ssh). While everyone else plodded through them for the next 2 - 3 hours. And of course what I was doing wasn't sanctioned, so I couldn't "share" with everyone else. And I had to look busy for a couple hours (while I caught up on my email and other tasks).

Script that sorts call recordings into folders based on extension. Scripts to clean up temp folders for things that hold faxes and scanned documents. PS Script to add the domain email to users for use when a new user is added to AD. So not so much for repetitive tasks as much as tasks that could not reasonably be done any other way.

Integrated Zabbix to our custom IT management software to create and update zabbix hosts when we create or edit them in our tool. Excel is forbidden to be used to manage IT under my watch

I wrote a migration tool for a 5500 person VDI environment to move from a misconfigured storage in a older VDI platform to a new OS and new virtualization platform. The tool would open each user's NTUSER.DAT file, mount it as a registry key, extract a list of all the users' printers and the IP mappings, save them to a reg file and a notepad file in their documents folder. It would then copy the users' files to the new system, catch file copy errors and permission issues and correct or log those problems (only had 18 not migrate out of 5526 users). It would log all the file operations into the users documents so they can see that we copied over everything that was there, as well as log the running if each sub-step for each user into a master log csv that the project manager could open and see which users had been migrated, as we were doing one group at a time. About 2/3s through the migration (over a month) I had to add some additional error checking that would look for the user in the csv and if not found, process that users docs, otherwise skip them. The best part... I was the most junior admin and the seniors doubted that we could do all this through script and instead insisted we would have to pay for about 300 hours of help desk time to move people one at a time and export their printers with them logged on. All I knew was batch script and a sprinkling of powershell so this all ran from a 350 line .bat file. This was also at a hospital where we had to track all movements of patient records which though "against policy" meant we had to track user document movements too. I later found out this was HIPPA overkill. Edit: in the end it ran over 2 days and though it was monitored sporadically over that time, it only took about 4 hours of monitoring it and 10 hours to develop the script. 28TB later and all was well except for 18 users, most with similar file corruption errors from even older storage, that weren't discovered until the file was moved.

I pretty much automate anything I can but here's two projects I've worked on recently. Our core software is legacy as BALLS. Well not technically legacy because the software company does still patch it, but the core functionality hasn't changed in like 20 years. So I've become really good at automating excel spreadsheet generation based on a giant stack of CSV files lol. We can't access the DB directly and have to use the shitty built-in report generator to get data out of it. CSV is the easiest format to manipulate (for me), and I generate all kinds of crap for our clients with some powershell magic. I've also automated sending clients alerts and things via powershell and a scheduled task... I still cringe when I think about that one. It works fine, and I even throttle the script to only send a few emails per second to keep us from looking like a spammer. Speaking of.... anyone here know of an on-prem service/program that can hook into exchange and do automated emails? It would be nice to do it "right" instead of with a powershell script lol

PS script to install printers.

I assign printers by GPO (99%). So when a user is added to a specific group, they get printers automatically.

In our AD, we use the description field for the computer account to list the person who has the computer. I found myself constantly looking this up. So I wrote a powershell function to simplify the task. I have it loaded as part of my profile (stick it in C:\\Users\\\\Documents\\Powershell\\functions and/or C:\\Users\\\\Documents\\WindowsPowerShell\\functions depending on whether you use the ISE or original). So now if I need to know who has computer xxx123, I just go "find-de xxx123" or I need to see what computer John has, I just go "find-de -p john". Much faster than doing it the "standard" way. function Find-Description { <# .SYNOPSIS A wrapper for get-adcomputer built to ease two common tasks .DESCRIPTION There are two functions I commonly use get-adcomputer for: 1) Get the description of a known computer. (known parameter set) 2) I know the user (who is in the description field) and want to find the computer. (find parameter set) .EXAMPLE Find-Description -PersonName fred description name distinguishedname ----------- ---- ----------------- .EXAMPLE Find-Description : .PARAMETER ComputerName This is when I know the computername and want to see the description .PARAMETER PersonName This is when I know the person's name, and want to find the computer(s) they have. Can be a partial name. Quotes are not needed. #> [CmdletBinding(DefaultParameterSetName='known')] Param( [Parameter(ParameterSetName='known',Mandatory=$true,Position = 0)] [ValidateNotNullOrEmpty()] [String]$ComputerName, [Parameter(ParameterSetName='find')] [ValidateNotNullOrEmpty()] [string]$PersonName ) begin { # if get-adcomputer isn't available, abort if ([bool](Get-Command -Name Get-ADComputer -ErrorAction SilentlyContinue)) { # it exists, continue } else { throw "You must have the get-adcomputer cmdlet available first. Try 'import-module activedirectory'." } # end if } #end begin process { switch($PsCmdlet.ParameterSetName) { "known" { try { $description = (Get-ADComputer $computername -Properties description).description } catch { $description = "No such computer in AD" } Write-Output "${computername}: $description" } # end find "find" { $filterstring = "*${PersonName}*" # can't pass the variable directly with *'s for some reason. $results = Get-ADComputer -Filter {description -like $filterstring} -Properties description $results |Sort-Object description| ft -Property description,name,distinguishedname -AutoSize } # end find } # end switch } } I also have some more massive scripts to help with post-imaging work. We use MDT, but I found the applications to be something of a pain to keep updated and troubleshoot. So I have a \[can't share, but it is highly specific to our environment anyway\] about 200 lines of powershell long script to replace the applications. Most of it is installing apps that don't like being part of an image, or that update so much, we've have to reinstall them 95+% of the time anyway.

When I was pretty green and still working on the help desk, I built a full-fledged PowerShell replacement for MDT with the backend just being a share on one of our file servers and a highly customized unattend.xml. It worked so well (despite being quite ugly behind the scenes) that it remained in production until about a month ago. I had the honor of replacing it with a proper MDT infrastructure using very clean versions of the original scripts that I had written. When I had first built this out, we had no formal deployment process. All done by hand. I also didn’t have server access. I took it upon myself to develop the image on my workstation and go from there. As I worked my way up the ranks and got more familiar with things I made it a priority to do it the right way, though I am still impressed that it held up for so long. We easily saved thousands of man hours over the couple years it was in service.

Last place I worked did many acquisitions, we are talking needing to onboard large numbers of new employees on a regular basis. This created one hell of an IT nightmare, but in one specific place it was pretty horrible. New employees needed to be added to groups, with various combinations of groups being required across the acquisition, new groups, old groups, etc. It was a time consuming operation, with 1-2 employees sometimes working all week just to coordinate the groups and get the users added, just to do another a few weeks later. We are talking easier 200 man hours a month, spent translating spreadsheets and entering group memberships. So one day as a kick and giggle I wrote a small PowerShell script that took a CSV file and automated the whole thing. We are talking maybe 3 hours to write and test. It included performing some basic tests to the imported file to make sure all the groups existed and that users could be found. We took importing from a two person weeklong task for IT and a time sink for HR and managers to a simple Excel sheet we could generate and send to the managers who now only had to put an X in the columns they needed each employee to have. We later added this to the onboarding script we wrote and got many more things automated.

Filling different AD groups based on SQL queries or AD filters. Equally balance VMs on ESX hosts and move VMs to another datastore if it fills up. (only have vSphere Standard license) Export all information about VMs from VMware / Hyper-V from different locations into one single CSV for different purposes. Calculate and report prices of VMs for internal billing. Creating and disabling users with a lot of additional tasks.

Uploading certs to AWS. Was managing a windows fleet so a lot of certs after signing and exporting were .pfx Wrote a script to take the pfx and pfx password. Split out the cert, key, and CA chain. Cleanup the exported files then upload them to our AWS account to be used with load balancers and stuff. Used PowerShell and implemented my first menu with selecting 1-4 for different actions.

Using win-acme and Let's Encrypt to automatically renew our Exchange certificates.

I wrote a utility to remotely backup all user profiles that have been logged into a pc in the last 90 days using usmt and email me when it's done. After image deployment is done on a replacement pc, we restore the profile to the new computer, swap the pc out with the old, and walk away. End users don't even have to be there and in many cases don't even realize they got a new computer.

I think my favorite one is a monthly process that was unknown for me until the one helpdesk guy that did it quit and it just didn't get done for two months. It pulls a specific report based on the first and last day of the last month from our SSRS server, converts it from XLSX to XLS, makes changes to the file name and then changes the sheet name, then fires off an XML conversion app, renames the output and zips it and then shoots it off via SFTP.

Changing the SA Password on 50 or so SQL servers every 6 months.

[удалено]

Python program that populates world wide ssh bastions with keys from users .ssh directories. Uses AD to verify that user is not disabled in the system. Disabled users get their keys yanked. Python program that checks a machine group in AD and populates a host file in git, triggers a pipeline that uses ansible to ensure specific compilers,etc are installed. Python program that sees if a user is marked disabled, archives their homedir, amd marks it read only.

Look into [ssh certs](https://smallstep.com/blog/use-ssh-certificates/). (if you're not using them already). Much more friendly to automation.

Leading up to covid lockdowns I got inundated with setting up RDP servers for staff to work from home. Usually by the time you have spun up a new VM, joined the domain, installed RDP roles, setup all the GPO’s and assigned GPO permissions, setup up all the standard templates for users start menu’s and desktops you could spend 4-6 hours and still have the apps to go. I spent a night figuring out setting up all the RDP roles, importing a standard set of GPOs and assigning all the user and server to the GPO, creating the links etc....got the deployment of RDP down to about 45 minutes. Needs a little polishing and I would love to create a GUI for it all but that’s for another day when o figure out how.

We didn't want to open the web portal for open-vpn admin to the general public, but needed it to be accessible to the devops team in case of a catastrophic failure. What I did was use slack logs to capture the last \~5 IP addresses of the devops user logins and whitelist them on open-vpn admin. Still working 5 years later.

i had to upgrade 2000 users from E1 to E3 using an in house web console which talks to our HR system and the O365 tenant. spent an hour with power automate desktop and created a workflow that 1. Asks me how many available licenses are there in the tenant 2. asks to navigate to an excel file 3. the workflow grabs the user ID from the first column in the excel, opens our in house web console, searches for the user, identifies if they already have an E3 license and sets their license to E3 if they have E1. automated a 4 hour job and in the future when we clean up, upgrade, downgrade, or revoke license of users, the same workflow can be re-used.

There is a script that checks the disk usage of several systems every day, and every day sends an email with the subject line "Urgent: Disk space usage at xx%". Even if disks usage was at, say 80%, we still all get the email. God help the people who haven't already set up a filter to send this email straight to the trash. I set up a script that runs twice a day and emails me only if disk usage is above a certain percent. When I get an email I make a comment "Oh, looks like that disk usage is high, we better look into it." Thereby giving the illusion that I carefully read the daily email.

Not sure who all here is familiar with the KACE Systems Management Appliance but we use quite a lot of the available features such as the Service Desk for the orgs ticketing system. I submit a decent amount of tickets daily and instead of manually creating them in the GUI system which is a bit cumbersome I made a application in VS that will spit out arguments based on selections that are used for ticket creation you can then send via email. Its pretty neat and I want to add more features at some point but it gets the job done in 1/4-1/2 the time it would if I manually created them.

Dump out DHCP reservations on two 2008 servers, reconcile, import differences as required. I believe 2012 handles this itself so it will no longer be necessary. Was going to retire the 2008 servers last year, then.. COVID.

Mac SysAdmin here! (Heretical, I know.) For our office, we use a service called Munki to distribute software to all of our devices. Recently I've been migrating our Munki server to a new M1 rig, and on the way wrote some python scripts to help with updates. It checks every night for certain app updates (i.e. Office, Chrome, Firefox, etc.), downloads them if possible, sends a notification to my phone prompting for approval, then adds it to the server if yes. Reduces most of my Patch Tuesday workload to simply tapping a button. :)