Skip to content

Commit

Permalink
Merge pull request #681 from microsoft/main
Browse files Browse the repository at this point in the history 
Release
  • Loading branch information
@bill-long
bill-long authored Aug 6, 2021
2 parents 7ade330 + 57d7dd9 commit adc0ded
Show file tree
Hide file tree
Showing 4 changed files with 147 additions and 18 deletions.
26 changes: 12 additions & 14 deletions Security/src/Test-CVE-2021-34470.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ param (

$ErrorActionPreference = "Stop"

$schemaMaster = (netdom query fsmo | Select-String "Schema master\s+(\S+)").Matches.Groups[1].Value
$schemaMaster = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().SchemaRoleOwner

$schemaDN = ([ADSI]"LDAP://$($schemaMaster)/RootDSE").schemaNamingContext

Expand Down Expand Up @@ -65,20 +65,18 @@ if ($ApplyFix) {
$storageGroupSchemaEntry.Properties["possSuperiors"] | Out-File $OutputFile -Append
}

$isSchemaAdmin = $null -ne (whoami /groups | sls "\\Schema Admins\s+Group")
if (-not $isSchemaAdmin) {
Write-Warning "This user is not in Schema Admins. Cannot apply fix."
return
}

Write-Host "Attempting to apply fix..."
try {
Write-Host "Attempting to apply fix..."

$rootDSE = [ADSI]("LDAP://$($schemaMaster)/RootDSE")
[void]$rootDSE.Properties["schemaUpgradeInProgress"].Add(1)
$rootDSE.CommitChanges()
$rootDSE = [ADSI]("LDAP://$($schemaMaster)/RootDSE")
[void]$rootDSE.Properties["schemaUpgradeInProgress"].Add(1)
$rootDSE.CommitChanges()

$storageGroupSchemaEntry.Properties["possSuperiors"].Clear()
$storageGroupSchemaEntry.CommitChanges()
$storageGroupSchemaEntry.Properties["possSuperiors"].Clear()
$storageGroupSchemaEntry.CommitChanges()

Write-Host "Fix was applied successfully."
Write-Host "Fix was applied successfully."
} catch {
Write-Warning "Failed to apply fix. Please ensure you have Schema Admin rights. Error was: `n$_"
}
}
105 changes: 105 additions & 0 deletions Shared/LoggerFunctions.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

Function Get-NewLoggerInstance {
[CmdletBinding()]
param(
[ValidateScript( { Test-Path $_ })]
[string]$LogDirectory = (Get-Location).Path,

[ValidateNotNullOrEmpty()]
[string]$LogName = "Script_Logging",

[bool]$AppendDateTime = $true,

[bool]$AppendDateTimeToFileName = $true,

[int]$MaxFileSizeMB = 10,

[int]$CheckSizeIntervalMinutes = 10,

[int]$NumberOfLogsToKeep = 10
)

$fileName = if ($AppendDateTime) { "{0}_{1}.txt" -f $LogName, ((Get-Date).ToString('yyyyMMddHHmmss')) } else { "$LogName.txt" }
$fullFilePath = [System.IO.Path]::Combine($LogDirectory, $fileName)

return [PSCustomObject]@{
FullPath = $fullFilePath
AppendDateTime = $AppendDateTime
AppendDateTimeToFileName = $AppendDateTimeToFileName
MaxFileSizeMB = $MaxFileSizeMB
CheckSizeIntervalMinutes = $CheckSizeIntervalMinutes
NumberOfLogsToKeep = $NumberOfLogsToKeep
BaseInstanceFileName = $fileName.Replace(".txt", "")
Instance = 1
NextFileCheckTime = ((Get-Date).AddMinutes($CheckSizeIntervalMinutes))
PreventLogCleanup = $false
LoggerDisabled = $false
} | Write-LoggerInstance -Object "Starting Logger Instance $(Get-Date)"
}

Function Write-LoggerInstance {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[object]$LoggerInstance,

[Parameter(Mandatory = $true, Position = 1)]
[object]$Object
)
process {
if ($LoggerInstance.LoggerDisabled) { return }

if ($LoggerInstance.AppendDateTime -and
$Object.GetType().Name -eq "string") {
$Object = "[$([System.DateTime]::Now)] : $Object"
}

$Object | Out-File $LoggerInstance.FullPath -Append

#Upkeep of the logger information
if ($LoggerInstance.NextFileCheckTime -gt [System.DateTime]::Now) {
return
}

#Set next update time to avoid issues so we can log things
$LoggerInstance.NextFileCheckTime = ([System.DateTime]::Now).AddMinutes($LoggerInstance.CheckSizeIntervalMinutes)
$item = Get-ChildItem $LoggerInstance.FullPath

if (($item.Length / 1MB) -gt $LoggerInstance.MaxFileSizeMB) {
$LoggerInstance | Write-LoggerInstance -Object "Max file size reached rolling over" | Out-Null
$directory = [System.IO.Path]::GetDirectoryName($LoggerInstance.FullPath)
$fileName = "$($LoggerInstance.BaseInstanceFileName)-$($LoggerInstance.Instance).txt"
$LoggerInstance.Instance++
$LoggerInstance.FullPath = [System.IO.Path]::Combine($directory, $fileName)

$items = Get-ChildItem -Path ([System.IO.Path]::GetDirectoryName($LoggerInstance.FullPath)) -Filter "*$($LoggerInstance.BaseInstanceFileName)*"

if ($items.Count -gt $LoggerInstance.NumberOfLogsToKeep) {
$item = $items | Sort-Object LastWriteTime | Select-Object -First 1
$LoggerInstance | Write-LoggerInstance "Removing Log File $($item.FullName)" | Out-Null
$item | Remove-Item -Force
}
}
}
end {
return $LoggerInstance
}
}

Function Invoke-LoggerInstanceCleanup {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[object]$LoggerInstance
)

if ($LoggerInstance.LoggerDisabled -or
$LoggerInstance.PreventLogCleanup) {
return
}

Get-ChildItem -Path ([System.IO.Path]::GetDirectoryName($LoggerInstance.FullPath)) -Filter "*$($LoggerInstance.BaseInstanceFileName)*" |
Remove-Item -Force
}
26 changes: 26 additions & 0 deletions Shared/Test-ScriptVersion.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,27 @@ function Test-ScriptVersion {
$AutoUpdate
)

function Confirm-ProxyServer {
[CmdletBinding()]
[OutputType([bool])]
param (
[Parameter(Mandatory = $true)]
[string]
$TargetUri
)

try {
$proxyObject = ([System.Net.WebRequest]::GetSystemWebproxy()).GetProxy($TargetUri)
if ($TargetUri -ne $proxyObject.OriginalString) {
return $true
} else {
return $false
}
} catch {
return $false
}
}

function Confirm-Signature {
[CmdletBinding()]
[OutputType([bool])]
Expand Down Expand Up @@ -90,6 +111,11 @@ function Test-ScriptVersion {
try {
$versionsUrl = "https://github.com/microsoft/CSS-Exchange/releases/latest/download/ScriptVersions.csv"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
if (Confirm-ProxyServer -TargetUri "https://github.com") {
$webClient = New-Object System.Net.WebClient
$webClient.Headers.Add("User-Agent", "PowerShell")
$webClient.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
}
$versionData = [Text.Encoding]::UTF8.GetString((Invoke-WebRequest $versionsUrl -UseBasicParsing).Content) | ConvertFrom-Csv
$latestVersion = ($versionData | Where-Object { $_.File -eq $scriptName }).Version
if ($null -ne $latestVersion -and $latestVersion -ne $BuildVersion) {
Expand Down
8 changes: 4 additions & 4 deletions docs/Admin/Get-SimpleAdminAuditLogReport.md → docs/Admin/Get-SimpleAuditLogReport.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
---
title: Get-SimpleAdminAuditLogReport.ps1
title: Get-SimpleAuditLogReport.ps1
parent: Admin
---

## Get-SimpleAdminAuditLog
## Get-SimpleAuditLogReport

Download the latest release: [Get-SimpleAdminAuditLogReport.ps1](https://github.com/microsoft/CSS-Exchange/releases/latest/download/Get-SimpleAdminAuditLogReport.ps1)
Download the latest release: [Get-SimpleAuditLogReport.ps1](https://github.com/microsoft/CSS-Exchange/releases/latest/download/Get-SimpleAuditLogReport.ps1)

Exchange admin audit logs are not readily human readable. All of the data needed to understand what Cmdlet has been run is in the data but it is not very easy to read. Get-SimpleAdminAuditLog will take the results of an audit log search and provide a significantly more human readable version of the data.
Exchange admin audit logs are not readily human readable. All of the data needed to understand what Cmdlet has been run is in the data but it is not very easy to read. Get-SimpleAuditLogReport will take the results of an audit log search and provide a significantly more human readable version of the data.

It will parse the audit log and attempt to reconstruct the actual Cmdlet that was run.

Expand Down

0 comments on commit adc0ded

Please sign in to comment.