New scripts

A bunch of scripts I gathered over the years

Add-FileDetails.ps1

@@ -0,0 +1,50 @@
+
+<#
+.SYNOPSIS
+   <A brief description of the script>
+.DESCRIPTION
+   <A detailed description of the script>
+.PARAMETER <paramName>
+   <Description of script parameter>
+.EXAMPLE
+   <An example of using the script>
+#>
+
+function Add-FileDetails {
+ param(
+ [Parameter(ValueFromPipeline=$true)]
+ $fileobject,
+ $hash = @{Artists = 13; Album = 14; Year = 15; Genre = 16; Title = 21; Length = 27; Bitrate = 28}
+ )
+ begin { 
+  $shell = New-Object -COMObject Shell.Application 
+
+
+ }
+ process {
+  if ($_.PSIsContainer -eq $false) {
+   $folder = Split-Path $fileobject.FullName
+   $file = Split-Path $fileobject.FullName -Leaf
+   $shellfolder = $shell.Namespace($folder)
+   $shellfile = $shellfolder.ParseName($file)
+   Write-Progress 'Adding Properties' $fileobject.FullName
+   $hash.Keys | 
+   ForEach-Object {
+    $property = $_
+    $value = $shellfolder.GetDetailsOf($shellfile, $hash.$property)
+    if ($value -as [Double]) { $value = [Double]$value }
+    $fileobject | Add-Member NoteProperty "Extended_$property" $value -force
+   }
+  }
+
+
+
+  $fileobject
+ }
+}
+
+#Sample call:
+#$music = [system.Environment]::GetFolderPath('MyMusic')
+#$list = dir $music -Recurse | Add-FileDetails 
+#$list | Where-Object { $_.Extended_Year } | Sort-Object Extended_Year | Select-Object Name, Extended_Year, Extended_Album, Extended_Artists
+$new2 | where {$_.Extended_Album} | select Name,Extended_Album | sort Extended_Album 

Add-IEZoneSetting.ps1

@@ -0,0 +1,127 @@
+<#
+.SYNOPSIS
+Configure Internet Explorer SecurityZone Settings.
+
+.DESCRIPTION
+Note: Configration is not applied immediately, Need to restart related services to apply zone settings.
+
+.LINK
+http://support.microsoft.com/kb/184456/en-us
+
+.EXAMPLE
+$params = @{
+    SiteUrl = "http://172.16.0.1"
+    Zone = "Intranet"
+}
+Add-InternetExploreZoneSetting @params -Verbose
+
+.EXAMPLE
+$params = @{
+    HostName = "172.16.0.1"
+    Protocol = "file"
+    Zone = "TrustedSite"
+}
+Add-InternetExploreZoneSetting @params -Verbose
+#>
+function Add-InternetExploreZoneSetting
+{
+    [CmdletBinding(DefaultParametersetName = "BySiteUrl")]
+    param (
+        [Parameter(ParameterSetName = "BySiteUrl", Mandatory)]
+        [string] $SiteUrl,
+        [Parameter(ParameterSetName = "ByHostName", Mandatory)]
+        [string] $HostName,
+        [Parameter(ParameterSetName = "ByHostName", Mandatory)]
+        [ValidateSet("file", "http", "https", "*")]
+        [string] $Protocol,
+        [Parameter(Mandatory, ParameterSetName = "BySiteUrl")]
+        [Parameter(Mandatory, ParameterSetName = "ByHostName")]
+        [ValidateSet("Intranet", "TrustedSite", "RestrictedSite")]
+        [string] $Zone
+    )
+
+    $ErrorActionPreference = "Stop"
+    Set-StrictMode -Version Latest
+
+    Write-Verbose "Add Internet Explorer Zone settings..." #ZoneNetwork Share($key) to Intranet Zone"
+
+    #Convert　Zone to ZoneId
+    switch ($Zone)
+    {
+        "Intranet"{ $zoneId = 1 }
+        "TrustedSite"{ $zoneId = 2 }
+        "RestrictedSite"{ $zoneId = 4 }
+        default{ throw "Not expected zone Name!" }
+    }
+
+    switch ($PsCmdlet.ParameterSetName)
+    {
+        "BySiteUrl"{
+            if ($SiteUrl -contains "*")
+            {
+                throw "Don't support wildcard. use ByHostName ParameterSet instead"
+            }
+
+            try
+            {
+                $uri = New-Object Uri $SiteUrl
+            } catch {
+                throw "Can't parse Url:$SiteUrl"
+            }
+            $HostName = $uri.Host
+            $Protocol = $uri.Scheme
+        }
+    }
+
+    if ($HostName -like "*.*.*.*")
+    {
+        Write-Verbose ("`tAdd entry to Zone({0}), IPAddress({1}), Protocol({2})" -f $Zone, $HostName, $protocol)
+        $basePath = "HKCU:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
+
+        $entry = Get-ChildItem $basePath | Get-ItemProperty -Name ":Range" | where ":Range" -eq $HostName
+        if ($entry -eq $null)
+        {
+            #Create Entry (Range1..N , other names is not recognized)
+            $N = 1
+            while (Test-Path (Join-Path $basePath "Range$N"))
+            {
+                ++$N
+            }
+            $entry = New-Item -Path $basePath -Name "Range$N" -Force
+        }
+
+        #Add IP range to Zone
+        New-ItemProperty -Path $entry.PSPath -Name ":Range" -Value $HostName -PropertyType String -Force > $null
+        New-ItemProperty -Path $entry.PSPath -Name $Protocol -Value $ZoneId -PropertyType DWORD -Force > $null
+    }
+    else
+    {
+        #Create Entry for hostname
+        Write-Verbose ("`tAdd entry to Zone({0}), HostName({1}), Protocol({2})" -f $Zone, $HostName, $Protocol)
+
+        #If hostname contain subdomain. need to split two parts, 
+        $parts = $HostName.Split(".")
+        if ($parts.Count -gt 2)
+        {
+            $containerName = [String]::Join(".", ($parts | select -Last 2))
+            $leafName = [String]::Join(".", ($parts | select -First ($parts.Count - 2)))
+        }
+        else
+        {
+            $containerName = $null
+            $leafName = $HostName
+        }
+
+        #TODO:Need to support ESCDomain for server OS?
+        $entry = Get-Item -Path "HKCU:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
+
+        #Create container entry(if subdomain used)
+        if ($containerName -ne $null)
+        {
+            $entry = New-Item -Path $entry.PSPath -Name $containerName -Force
+        }
+
+        $entry = New-Item -Path $entry.PSPath -Name $leafName -Force
+        New-ItemProperty -Path $entry.PSPath -Name $Protocol -Value $ZoneId -PropertyType DWORD -Force > $null
+    }
+}

Add-MDTGPOPacks.ps1

@@ -0,0 +1,11 @@
+<# This script ensures custom GPO packs are copied to linked deployment shares or media which does not happen by default.
+MDT knows how to replicate certain folders to linked deployment shares and media, only the “Templates\GPOPacks” folder isn’t included in that list of folders.
+The following commands assume you only have one “main” deployment share (which becomes DS001: when the Restore-MDTPersistentDrive cmdlet runs), 
+one linked deployment share (which has a logical name of “LINKED001”), and one media definition (which is “MEDIA001”). 
+You might need to adjust the values if you have more deployment shares or different objects. You also need to run this script again if new media is created after its last run.
+(You can see the logical IDs in Workbench.)
+#>
+Import-Module 'C:\Program Files\Microsoft Deployment Toolkit\Bin\MicrosoftDeploymentToolkit.psd1' 
+Restore-MDTPersistentDrive 
+Set-ItemProperty -Path 'DS001:\Linked Deployment Shares\LINKED001' -Name ExtraFolders -Value @("Templates\GPOPacks") 
+Set-ItemProperty -Path 'DS001:\Media\MEDIA001' -Name ExtraFolders -Value @("Templates\GPOPacks")

Add-PoShEndpointAccess.ps1

@@ -0,0 +1,123 @@
+#========================================================================
+# Created By: Anders Wahlqvist
+# Website: DollarUnderscore (http://dollarunderscore.azurewebsites.net)
+#========================================================================
+
+function Add-PoShEndpointAccess
+{
+    <#
+    .Synopsis
+       Adds a group or user to a PowerShell (WinRM) endpoint to allow remote management.
+
+    .DESCRIPTION
+       This function will edit the SDDL of a PowerShell (WinRM) endpoint to 
+       allow remote management for the specified account/group.
+
+       If you run this against a remote computer, CredSSP needs to be enabled and you need
+       to restart the WinRM-service manually afterwards (this function uses WinRM to connect
+       to the remote machine, which is why it will not restart the service itself).
+
+    .PARAMETER SamAccountName
+       The SamAccount name of the user or group that you want to give access to. Could also be in the form
+       domain\SamAccountName, for example contoso\Administrator.
+
+    .PARAMETER ComputerName
+       Specifies the computer on which the command runs. The default is the local computer.
+
+    .PARAMETER EndpointName
+       Specifies then name of the WinRM endpoint you want to configure, the default is Microsoft.PowerShell.
+
+    .EXAMPLE
+       Add-PoShEndpointAccess -SamAccountName "contoso\PoShUsers" -ComputerName MyPoShEndpoint.contoso.com
+
+    #>
+
+    [CmdletBinding()]
+    Param
+    (
+        [Parameter(Mandatory=$true,
+                   ValueFromPipelineByPropertyName=$true)]
+        $SamAccountName,
+
+        [Parameter(Mandatory=$false)]
+        $ComputerName = '.',
+
+        [Parameter(Mandatory=$false)]
+        $EndpointName = 'Microsoft.PowerShell'
+    )
+
+    Begin { }
+
+    Process {
+        if ($ComputerName -eq '.' -OR $ComputerName -eq "$($env:COMPUTERNAME)") {
+                $IdentityObject = New-Object Security.Principal.NTAccount $SamAccountName
+                try {
+                    $sid = $IdentityObject.Translate([Security.Principal.SecurityIdentifier]).Value
+                }
+                catch {
+                    throw "Failed to translate $SamAccountName to a valid SID."
+                }
+
+                try {
+                    $PSSConfig = Get-PSSessionConfiguration -Name $EndpointName -ErrorAction Stop
+                }
+                catch {
+                    if ($_.Tostring() -like '*access is denied*') {
+                        throw 'You need to have Admin-access to run this command!'
+                    }
+                }
+
+                $existingSDDL = $PSSConfig.SecurityDescriptorSDDL
+                $isContainer = $false
+                $isDS = $false
+
+                $SecurityDescriptor = New-Object -TypeName Security.AccessControl.CommonSecurityDescriptor -ArgumentList $isContainer,$isDS, $existingSDDL
+                $accessType = 'Allow'
+                $accessMask = 268435456
+                $inheritanceFlags = 'none'
+                $propagationFlags = 'none'
+                $SecurityDescriptor.DiscretionaryAcl.AddAccess($accessType,$sid,$accessMask,$inheritanceFlags,$propagationFlags)
+
+                $null = Set-PSSessionConfiguration -Name $EndpointName -SecurityDescriptorSddl ($SecurityDescriptor.GetSddlForm('All')) -Confirm:$false -Force
+
+        }
+        else {
+            Invoke-Command -ArgumentList $SamAccountName,$EndpointName -ScriptBlock {
+                $IdentityObject = New-Object Security.Principal.NTAccount $args[0]
+                $EndpointName = $args[1]
+
+                try {
+                    $sid = $IdentityObject.Translate([Security.Principal.SecurityIdentifier]).Value
+                }
+                catch {
+                    throw "Failed to translate $($args[0]) to a valid SID."
+                }
+
+                try {
+                    $PSSConfig = Get-PSSessionConfiguration -Name $EndpointName -ErrorAction Stop
+                }
+                catch {
+                    if ($_.Tostring() -like '*access is denied*') {
+                        throw 'You need to have Admin-access and enable CredSSP to run this command remotely!'
+                    }
+                }
+
+                $existingSDDL = $PSSConfig.SecurityDescriptorSDDL
+                $isContainer = $false
+                $isDS = $false
+
+                $SecurityDescriptor = New-Object -TypeName Security.AccessControl.CommonSecurityDescriptor -ArgumentList $isContainer,$isDS, $existingSDDL
+                $accessType = 'Allow'
+                $accessMask = 268435456
+                $inheritanceFlags = 'none'
+                $propagationFlags = 'none'
+                $SecurityDescriptor.DiscretionaryAcl.AddAccess($accessType,$sid,$accessMask,$inheritanceFlags,$propagationFlags)
+
+                $null = Set-PSSessionConfiguration -Name $EndpointName -SecurityDescriptorSddl ($SecurityDescriptor.GetSddlForm('All')) -Confirm:$false -Force -NoServiceRestart
+
+            } -ComputerName $ComputerName
+        }
+    }
+
+    End { }
+}