Demo Windows Sandbox Customization with Powershell DSC

In this Demo I’m going to show you how you can use the Windows Sandbox and do some customization with Powershell DSC.

Enable Windows Sandbox

First you need to enable the Windows Sandbox. You can do that by enabling the windows feature using the GUI or enable it with Powershell:

Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -Online

Customization Files

You can create a XML Config file like the following example and save it anywhere as .wsb -> which will link automatically to Windows Sandbox :

Useful Chocolatey commands

Useful Chocolatey commands

search a package: choco search appname

Install a package choco install appname

list all installed packages choco list -localonly

list specific package choco list appname

upgrade specific package: choco upgrade appname

upgrade all packages choco upgrade all

ExchangeOnline Mailadressen anzeigen, hinzufügen, entfernen'

Exchange Online: Mailadressen anzeigen, hinzufügen, entfernen

Voraussetzungen

Das ExchangeOnlineManagment Module muss installiert, importiert sein und man muss sich mit der entsprechenden Exchange Online Umgebung verbinden:

ExchangeOnlineManagement Module in Powershell installieren: Install-Module -Name ExchangeOnlineManagement

Das Module importieren: Import-Module ExchangeOnlineManagement

Mit der Exchange Online Environment verbinden (run this command as admin, then login) Connect-ExchangeOnline -UserPrincipalName admin@customerdomain.onmicrosoft.com

Für die Befehle im lokalen AD, muss das ActiveDirectory Powershell Modul geladen sein: https://theitbros.com/install-and-import-powershell-active-directory-module/

Use Get-CimInstance with the ClassName win32_operatingsystem

You can query the ClassName win32_operatingsystem and select from there the computername csname and the last bootup time lastbootuptime

Get-CimInstance -ComputerName 'DC01' -ClassName win32_operatingsystem | select csname, lastbootuptime

Show last bootuptime for multiple computers

If you want to do that for multiple computers you can for example do it wit a foreach loop:

# First query the computer from which you want to have this information:
$computer = Get-ADComputer -Filter * | where Name -Match dc
# Now get the lastbootuptime for every computer in the computer array:
foreach($c in $computer){
    $computername = $c.DNSHostname
    Get-CimInstance -ComputerName $computername -ClassName win32_operatingsystem | select csname, lastbootuptime
}

Which other information can you get from this class?

If you’re curious what other information you can get from this class you can simply run a Get-Member which will list you all properties and methods:

A way to search a specific setting over all GPOs

Generate a GPO Report over your Domain

You can generate a GPO Report over your Domain either in a XML or HTML file and then search through that file.

To generate a XML use this command:

Get-GPOReport -All -Domain "domain.com" -Server "DC01" -ReportType XML -Path "C:\GPOReports\GPOReportsAll.xml"

To generate a HTML file you can use this command:

Get-GPOReport -All -Domain "domain.com" -Server "DC01" -ReportType HTML -Path "C:\GPOReports\GPOReportsAll.html"

All GPO settings will be included in this Report file. So you can search through that file and find your settings.

How to run a gpresult on a remote computer

Use the Invoke-Command

You can simply use the Invoke Command to run the gpresult command on a remote computer:

• Define the ComputerName after the Invoke-Command
• In the ScriptBlock you can simply run your command

here comes the new highlight:

199
200

Invoke-Command -ComputerName 'ComputerName' -ScriptBlock{
    gpresult /r /USER 'username'

Run gpresult for a specific User in a RDS environment

In the following script you just have to define the username + the RDS ConnectionBroker. It will automatically find the Remote Desktop Server where the user is logged in an run the gpresult there: