If you need a quick and dirty way to give a user the permission to start a VM without giving them access to the Azure Portal, Azure Automation Webhooks might help. You basically create a PowerShell script that starts the VM and then you configure the Webhook. The Webhook contains an URL which triggers the exceution of that script. Note that everyone with the URI is able to start the VM, which is not optimal.

Once you have created the Automation Account (easy), configure a new Runbook that starts the VM:

Disable-AzContextAutosave -Scope Process

$subscriptionID = Get-AutomationVariable -Name 'SubscriptionID'

Connect-AzAccount -Identity

Select-AzSubscription $SubscriptionId

Start-AzVM -ResourceGroupName "rgname" -name "vmname"

Configure the WebHook. You will get an URI. Save that URI somewhere, since you cannot view it after being created.

Afterwards, a user can run this line to start the VM:

Invoke-WebRequest -URI "https://xxxx.webhook.webhook.azure-automation.net/XXX" -Method POST -UseBasicParsing

Note: the automation account needs to have Virtual Machine Contributor rights on the resource group or subscription to start the VM.

References:

https://learnwithlenny.azurewebsites.net/2022/11/04/starting-an-azure-vm-using-webhook-powershell-exe/

Here are 2 quick lines of code that help you uninstall a Program:

$Prog = Get-WmiObject -Class Win32_Product | Where-Object{$_.Name -match “ProgramName”}
$Prog.Uninstall()

If you need to deploy a MS Store App for example through Intune or GPO, here is my script:

First of all you need the App ID of the store app. Go to https://apps.microsoft.com/ search for the app and select it. In the URL you will see something like this: https://apps.microsoft.com/detail/9nw77489ngj0?hl=en-us&gl=US. 9nw77489ngj0 is the App ID.

Now the script:

Start-Transcript -Path “C:\3cx_msstore.log”

$appid=”9NW77489NGJ0″

winget install -e –id $appid –source msstore –accept-source-agreements –accept-package-agreements

winget upgrade –id $appid

Stop-Transcript

This quick script shows you if and where inheritance is deactivated. You can also set in the parameters how deep or how many levels inheritance is checked.

# Function to check inheritance up to the specified level
function Check-Inheritance {
    param (
        [string]$directoryPath,
        [int]$currentLevel,
        [int]$maxLevel
    )

    # Exit if current level exceeds max level
    if ($currentLevel -gt $maxLevel) {
        return
    }

    # Get the ACL of the directory
    $acl = Get-Acl -Path $directoryPath

    # Check if inheritance is disabled
    if ($acl.AreAccessRulesProtected) {
        Write-Output "$directoryPath - Inheritance is disabled"
    } else {
        #Write-Output "$directoryPath - Inheritance is enabled"
    }

    # Recursively check subdirectories if current level is less than max level
    if ($currentLevel -lt $maxLevel) {
        $subdirectories = Get-ChildItem -Path $directoryPath -Directory
        foreach ($subdir in $subdirectories) {
            Check-Inheritance -directoryPath $subdir.FullName -currentLevel ($currentLevel + 1) -maxLevel $maxLevel
        }
    }
}
# Function to check inheritance up to the specified level
function Check-Inheritance {
    param (
        [string]$directoryPath,
        [int]$currentLevel,
        [int]$maxLevel
    )

    # Exit if current level exceeds max level
    if ($currentLevel -gt $maxLevel) {
        return
    }

    # Get the ACL of the directory
    $acl = Get-Acl -Path $directoryPath

    # Check if inheritance is disabled
    if ($acl.AreAccessRulesProtected) {
        Write-Output "$directoryPath - Inheritance is disabled"
    } else {
        #Write-Output "$directoryPath - Inheritance is enabled"
    }

    # Recursively check subdirectories if current level is less than max level
    if ($currentLevel -lt $maxLevel) {
        $subdirectories = Get-ChildItem -Path $directoryPath -Directory
        foreach ($subdir in $subdirectories) {
            Check-Inheritance -directoryPath $subdir.FullName -currentLevel ($currentLevel + 1) -maxLevel $maxLevel
        }
    }
}

To execute the script:

Check-Inheritance -directoryPath $rootDirectory -currentLevel 1 -maxLevel 3 

A follow-up on the last post here is another way to run msiexec through PowerShell.

For example, here is how you can install OCS inventory agent with some parameters. OCS is an open source inventarization system.

Start-Process -FilePath .\OCS-Windows-Agent-Setup-x64.exe -ArgumentList ‘/S /NOSPLASH /NOW /SERVER=https://inventory.ajni.it//ocsinventory /TAG=”a” /SSL=0’

References:

https://www.ajni.it/2024/04/run-msiexec-transforms-with-powershell/