Windows 文件夹审计

$Path = “E:\Public”
$AuditChangesRules = New-Object System.Security.AccessControl.FileSystemAuditRule(‘Everyone’, ‘Delete,DeleteSubdirectoriesAndFiles’, ‘none’, ‘none’, ‘Success’)
$Acl = Get-Acl -Path $Path
$Acl.AddAuditRule($AuditChangesRules)
Set-Acl -Path $Path -AclObject $Acl

或者

$path 参数指定需要设置审核策略的文件或文件夹

$computer = gc env:computername
$path = "C:\New Folder"
$user = "everyone"
$path = $path.replace("\", "\\")
$SD = ([WMIClass] "Win32_SecurityDescriptor").CreateInstance()
$ace = ([WMIClass] "Win32_ace").CreateInstance()
$Trustee = ([WMIClass] "Win32_Trustee").CreateInstance()
$SID = (new-object security.principal.ntaccount $user).translate([security.principal.securityidentifier])
[byte[]] $SIDArray = ,0 * $SID.BinaryLength
$SID.GetBinaryForm($SIDArray,0)
$Trustee.Name = $user
$Trustee.SID = $SIDArray
$ace.AccessMask = [System.Security.AccessControl.FileSystemRights]"Modify"
$ace.AceFlags = "0x67"
$ace.AceType = 2
$ace.Trustee = $trustee
$SD.SACL = $ace
$SD.ControlFlags="0x10"
$wPrivilege = gwmi Win32_LogicalFileSecuritySetting -computername $computer -filter "path='$path'"
$wPrivilege.psbase.Scope.Options.EnablePrivileges = $true
$wPrivilege.setsecuritydescriptor($SD)

参考:
https://blogs.technet.microsoft.com/bulentozkir/2009/12/26/sample-powershell-code-to-enable-auditing-on-a-folder/
https://docs.microsoft.com/es-es/dotnet/api/system.security.accesscontrol.aceflags?view=netframework-4.7.2
https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.acetype?view=netframework-4.7.2

https://woshub.com/tracking-files-deletion-using-audit-policy-and-mssql

打开组策略中的文件访问审计

使用secedit 或 auditpol 命令

1. secedit

导出策略
secedit /export /cfg gp.inf /log 1.log

修改审核对象访问为成功和失败:

echo [version] > 1.inf
echo signature="$CHICAGO$" >> 1.inf
echo [Event Audit] >> 1.inf
echo AuditObjectAccess=3 >> 1.inf
secedit /configure /db 1.sdb /cfg 1.inf /log 1.log /quiet
del 1.*
gpupdate /force

Windows 审核及账户锁定

查找锁定的用户并解锁

Search-ADAccount -Locked | Select Name, LockedOut, LastLogonDate

Get-ADUser -Filter * -Properties * | where{$_.lockedout} | ft name

Get-ADUser -Filter * -Properties * | where{$_.lockedout} | Unlock-ADAccount

账户锁定的事件ID为4740

日志审核是否开启

AD服务器通过命令auditpol /get /category:*查看系统审核策略是否开启

$PDC = Get-ADDomainController -Filter * | Where-Object {$_.OperationMasterRoles -contains “PDCEmulator”}

function GetLockedDetails($events)
{
$ret = $events | Select-Object -Property @(
@{Label = ‘用户名’; Expression = {(Get-ADUser -Identity $_.Properties[2].value).Name}}
@{Label = ‘域账号’; Expression = {$_.Properties[0].Value}}
@{Label = ‘锁定源计算机’; Expression = {$_.Properties[1].Value}}
@{Label = ‘锁定时间’; Expression = {$_.TimeCreated}}
@{Label = ‘域控’; Expression = {$_.MachineName}}
@{Label = ‘事件信息’; Expression = {$_.Message -split “`r” | Select -First 1}}
)
return $ret
}


$LockedOutEvents = Get-WinEvent -ComputerName $PDC.HostName -FilterHashtable @{LogName=’Security’; Id=4740}
$ExportPath = “$env:USERPROFILE\Desktop\$(Get-Date -Format “yyyy-MM-dd-HH-mm”)-lockedinfo.csv”
GetLockedDetails -events $LockedOutEvents | Export-Csv -Path $ExportPath -Encoding UTF8 -NoTypeInformation

导出和导入安全策略

  1. 导出安全策略
    • 使用secedit.exe工具导出当前的安全配置。命令示例:secedit /export /cfg C:\security-policy.inf
    • 执行命令后,安全策略将被导出到指定的.inf文件中。
  2. 导入安全策略
    • 使用相同的secedit.exe工具将之前导出的安全策略导入到另一个Windows系统。命令示例:secedit /configure /db secedit.sdb /cfg C:\security-policy.inf /overwrite

查看域默认密码策略

Get-ADDefaultDomainPasswordPolicy

参考链接:

https://4sysops.com/archives/find-the-source-of-account-lockouts-in-ad

Windows 网络序号修改

1、注册表修改:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

2、在本地安全策略中修改网络名称

secpol.msc – 网络列表管理器策略-

3、get-netipconfiguration 查看 或者使用 Get-NetConnectionProfile -InterfaceIndex 19(19为网卡接口索引)

NetProfile.Name 就是网络序号

Set-NetConnectionProfile -InterfaceIndex 19 -Name ‘thtfpc.com’

Windows Exchange New-DistributionGroup

  • #新建一个通讯组
  • New-DistributionGroup -Name “Test DL1” -DisplayName “Test DL1” -PrimarySmtpAddress adb@contoso.com
  • #添加组成员
  • Update-DistributionGroupMember -Identity “Test DL1” -Members user1hr,user2hr
  • #设置所有者
  • Set-DistributionGroup -Identity “Test DL1” -ManagedBy User1HR,User2HR
  • #查看组成员
  • Get-DistributionGroupMember -Identity “Test DL1” | Select-Object Displayname,PrimarySmtpAddress
  • #添加发送权限Add Send As permission on distribution group
  • Add-RecipientPermission -Identity “Test DL1” -Trustee User1HR -AccessRights SendAs
  • #添加通讯组的代表发送权限
  • Set-DistributionGroup -Identity “Test DL1″ -GrantSendOnBehalfTo @{Add=”User1HR”}
  • #允许外部邮件发送给通讯组 Set distribution group to accept emails from outside organization
  • Set-DistributionGroup -Identity “Test DL1” -RequireSenderAuthenticationEnabled $false
  • #允许某个用户或者组中用户发送给通讯组
  • Set-DistributionGroup -Identity “Test DL1” -AcceptMessagesOnlyFrom “User1HR”
  • Set-DistributionGroup -Identity “Test DL1” -AcceptMessagesOnlyFromDLMembers “DL10”
  • #通过csv 文件导入通讯组成员
$Users = Import-Csv "C:\CSV File\GroupMembers.csv"

ForEach ($User in $Users)

{

Add-DistributionGroupMember -Identity "Test DL1" -Member $User.PrimarySmtpAddress

}

#查看某个用户归属的通讯组

$User = “Type UserName Here"
$UserName = (Get-Mailbox $User).name
ForEach ($DistributionGroup in Get-Distributiongroup -resultsize unlimited) 
{
    if ((Get-Distributiongroupmember $DistributionGroup.identity | select -expand name) -contains $UserName)
    { 
    $DistributionGroup.name 
}
}

#复制通讯组成员到安全组

# Specify the name of the distribution group and security group
$DistributionGroupName = "Test DL1"
$SecurityGroupName = "TestSecurityGroup"

# Get members of the distribution group
$DistributionGroupMembers = Get-DistributionGroupMember -Identity $DistributionGroupName

# Add members to the security group
foreach ($member in $DistributionGroupMembers) {
    Add-DistributionGroupMember -Identity $SecurityGroupName -Member $member

    # Retrieve the DisplayName and PrimarySmtpAddress of the user
    $user = Get-Recipient -Identity $member
    Write-Host "Added $($user.DisplayName) ($($user.PrimarySmtpAddress)) to $SecurityGroupName"
}

Write-Host "Members copied from $DistributionGroupName to $SecurityGroupName successfully."

#设置某个用户成为所有通讯组的所有者

# Specify the user to set as the owner
$ownerUser = "Bob Ross"

# Get all distribution groups
$distributionGroups = Get-DistributionGroup -ResultSize Unlimited

foreach ($group in $distributionGroups) {
    # Set the owner for each distribution group
    Set-DistributionGroup -Identity $group.Identity -ManagedBy $ownerUser -BypassSecurityGroupManagerCheck
    Write-Host "Set $ownerUser as the owner of $($group.DisplayName)"
}

##从所有通讯组中删除特定成员

# Specify the member you want to remove from distribution groups
$memberToRemove = "bobs@office365concepts.onmicrosoft.com"
# Get all distribution groups
$distributionGroups = Get-DistributionGroup -ResultSize Unlimited
foreach ($group in $distributionGroups) {
    # Check if the member is a member of the group
    if (Get-DistributionGroupMember -Identity $group.Identity | Where-Object {$_.PrimarySmtpAddress -eq $memberToRemove}) {
        # Remove the member from the distribution group
        Remove-DistributionGroupMember -Identity $group.Identity -Member $memberToRemove -Confirm:$false
        Write-Host "Removed $memberToRemove from $($group.DisplayName)"
    }
}

#使用csv 从所有通讯组中删除用户

# Read the CSV file
$groups = Import-Csv -Path "C:\CSV Files\RemoveMembers.csv"

foreach ($group in $groups) {
    # Get members of the distribution group
    $members = Get-DistributionGroupMember -Identity $group.Identity

    # Remove each member from the distribution group
    foreach ($member in $members) {
        Remove-DistributionGroupMember -Identity $group.Identity -Member $member.PrimarySmtpAddress -Confirm:$false
        Write-Host "Removed $($member.PrimarySmtpAddress) from $($group.DisplayName)"
    }
}

#替换通讯组owner 

# Specify the current owner and the new owner
$currentOwner = "currentowner@example.com"
$newOwner = "newowner@example.com"

# Get all distribution groups owned by the current owner
$groupsOwnedByCurrentOwner = Get-DistributionGroup -ResultSize Unlimited | Where-Object {$_.ManagedBy -eq $currentOwner}

foreach ($group in $groupsOwnedByCurrentOwner) {
    # Set the new owner for the distribution group
    Set-DistributionGroup -Identity $group.Identity -ManagedBy $newOwner -BypassSecurityGroupManagerCheck
    Write-Host "Changed owner of $($group.DisplayName) from $currentOwner to $newOwner"
}

or 

# Specify the current owner and the new owner
$currentOwner = "Bob Ross"
$newOwner = "User1HR"

# Get all distribution groups owned by the current owner
$groupsOwnedByCurrentOwner = Get-DistributionGroup -ResultSize Unlimited | Where-Object {$_.ManagedBy -eq $currentOwner}

foreach ($group in $groupsOwnedByCurrentOwner) {
    # Set the new owner for the distribution group
    Set-DistributionGroup -Identity $group.Identity -ManagedBy $newOwner -BypassSecurityGroupManagerCheck
    Write-Host "Changed owner of $($group.DisplayName) from $currentOwner to $newOwner"
}

#查看过去某个时刻创建的通讯组

# Calculate the date 3 days ago
$startDate = (Get-Date).AddDays(-3)

# Get distribution groups created in the last 3 days
$groups = Get-DistributionGroup -ResultSize Unlimited | Where-Object {$_.WhenCreated -ge $startDate}

# Output the distribution groups created in the last 3 days
if ($groups -ne $null) {
    Write-Host "Distribution groups created in the last 3 days:"
    $groups | Select-Object DisplayName, PrimarySmtpAddress, WhenCreated
} else {
    Write-Host "No distribution groups created in the last 3 days."
}

# Calculate the date 100 hours ago
$startDate = (Get-Date).AddHours(-100)

# Get distribution groups created in the last 100 hours
$groups = Get-DistributionGroup -ResultSize Unlimited | Where-Object {$_.WhenCreated -ge $startDate}

# Output the distribution groups created in the last 100 hours
if ($groups -ne $null) {
    Write-Host "Distribution groups created in the last 100 hours:"
    $groups | Select-Object DisplayName, PrimarySmtpAddress, WhenCreated
} else {
    Write-Host "No distribution groups created in the last 100 hours."
}

# Calculate the date 4 weeks ago
$startDate = (Get-Date).AddDays(-28)

# Get distribution groups created in the last 4 weeks
$groups = Get-DistributionGroup -ResultSize Unlimited | Where-Object {$_.WhenCreated -ge $startDate}

# Output the distribution groups created in the last 4 weeks
if ($groups -ne $null) {
    Write-Host "Distribution groups created in the last 4 weeks:"
    $groups | Select-Object DisplayName, PrimarySmtpAddress, WhenCreated
} else {
    Write-Host "No distribution groups created in the last 4 weeks."
}

参考链接:

https://office365concepts.com/manage-distribution-groups-with-powershell

oracle rac集群搭建

https://www.cnblogs.com/baiboy/p/orc7.html

https://www.cnblogs.com/leihongnu/p/12698593.html

https://www.cnblogs.com/skyan/p/12584340.html

https://www.cnblogs.com/jyzhao/p/11273271.html

https://www.modb.pro/db/154424

https://www.xbdba.com/2018/09/06/11g-auto-install

https://segmentfault.com/a/1190000020525376

https://www.xmmup.com

https://www.yiibai.com/oracle/what-is-oracle.html

https://www.cnblogs.com/polestar/p/10115263.html

https://geek-docs.com/oracle/oracle-questions/206_oracle_how_do_i_import_a_dmp_file_into_oracle.html

Oracle Tutorial

https://blog.51cto.com/lqding/1695748