T O P

Finding Windows Services That Are Stopped That Should Be Started With Powershell

This was a scriptlet that got heavy use on servers and even in our RMM. It can report back services on Windows servers and desktops are are in the Stopped state that are set to Auto or Enabled.

GWMI is short for Get-WmiObject

GWMI win32_service -Filter "startmode = 'auto' AND state != 'running'"  | select DisplayName, Name, StartMode, State, ExitCode | ft -auto

Find All PST Files Via Powershell

This script came in handy for various purposes! I used this in my RMM tool to report on how many and where PST files may be lying. This was helpful for machines that were re-used. You can narrow down the folder list using the path command.

gci -path c:\ -recurse -include *.pst -erroraction 'silentlycontinue'|select-object fullname,lastwritetime | fl fullname 

Audit Error – Office365

Recently, I was trying to perform an audit search on an Office365 organization and found auditing wasn’t enabled. When I tried to do it straight from the audit screen, I encountered this error:

Sorry! We couldn’t update your organization settings. Please try again.

I went straight to PowerShell and ran Get-AdminAuditLogConfig | FL Unified* and it was not enabled.

To resolve this, I ran Enable-OrganizationCustomization 

And then I ran the Powershell command Set-AdminAuditLogConfig – UnifiedAuditLogIngestionEnabled $true

And that did it!

Getting Inbox or Mailbox Rules in Office365 via Powershell

First, login to your tenant via Powershell using Microsoft’s new Exchange V2 Powershell module.

We’re going to be using the Get-InboxRule commandlet. If you run it outright, you’ll see a limited list of Inbox rules across your tenant. To narrow things down, you can use Get-InboxRule -Mailbox [user] to get rules for a specific user. Using the -Identity parameter will not work for this! Identity is for specifying specific Inbox rules. You can use wildcards, so you could do Get-InboxRule -Mailbox jeff*

The results will be:

From here, you can use the -Identity parameter to get information on specific rules such as their date of creation, what they actually do, and more!

Check it out.