SharePoint
125 TopicsThreat Hunting with PowerShell - Security even with a small budget - there is no excuse!
Dear Threat Hunter, Lack of IT security is often excused by little or no available money. In my view, this is a very poor excuse. In this article I will try to give you a jump start on how to investigate threats with PowerShell. Is this a comprehensive and conclusive list of how you can find or detect threats/threats? NO, absolutely not. But it is meant to provide you with the support that you need to move forward on your own. Let's talk about the "general conditions": 1. If you use the PowerShell scripts I show/explain in this article, this is entirely your responsibility. I use the scripts in different situations, they are not dangerous, but you should already know what you are doing. 2. Written permission! If you are not sure if you are allowed to do an investigation, organize a written permission from your supervisor. 3. In the different scripts I sometimes (for this article deliberately) use standard search words like "malware", "malicious", "hacker" etc. Such search patterns/search words need to be customized, of course. These simply serve as an example. 4. The last part of the article examines some Microsoft cloud services. I am absolutely aware that there are a huge number of tools for hunting in the Microsoft cloud services. It starts with Azure Sentinel and continues with Cloud App Security. Since the focus is on a small budget, I'll leave those tools on the side. Introduction: So first, why should you use PowerShell for threat hunting? PowerShell is a useful threat hunting tool because it is a powerful scripting language and a platform for automating tools and accessing data across any Windows environment. It allows you to quickly gather information from various sources such as event logs, registries, files, and processes. Additionally, it can also be easily integrated with other tools and technologies making it a flexible and efficient tool for threat hunting. Some common use cases for PowerShell in the threat hunting environment include automated collection of log data, identification of unusual behavior anomalies in the system, the discovery of malware or malicious activity by known signatures or patterns or behaviors. These are just a few examples of how PowerShell can be used in a threat hunting capacity. Its versatility and ability to access and manipulate data from across the Windows environment make it a very valuable tool for any security professional. Threat Hunting in PowerShell - Use Cases: All right. So now that we understand where PowerShell can benefit an organization from a threat hunting perspective. Let's take a deeper look at some of the actual use cases you might encounter on a day to day basis, first being identify malicious processor files. So specifically, you can conduct raw file analysis to sift through different data shares to look for particular files in question whether that be a signature or even an extension of a certain file being able to quickly search and triage through files is an extreme benefit of using PowerShell for threat hunting. But how exactly do we start, what can we use as a guide? For example, the MITRE ATT&CK Framework. Here are a few examples: Indicator Removal: Clear Windows Event Logs https://attack.mitre.org/techniques/T1070/001/ Event Triggered Execution: Installer Packages https://attack.mitre.org/techniques/T1546/016/ Hide Artifacts: NTFS File Attributes https://attack.mitre.org/techniques/T1564/004/ Command and Scripting Interpreter: PowerShell https://attack.mitre.org/techniques/T1059/001/ Command and Scripting Interpreter: Windows Command Shell https://attack.mitre.org/techniques/T1059/003/ Event Triggered Execution: Windows Management Instrumentation Event Subscription https://attack.mitre.org/techniques/T1546/003/ Credentials from Password Stores: Windows Credential Manager https://attack.mitre.org/techniques/T1555/004/ Abuse Elevation Control Mechanism: Bypass User Account Control https://attack.mitre.org/techniques/T1548/002/ The MITRE ATT@CK framework provides a comprehensive and regularly updated overview of tactics, techniques, and procedures (TTPs) used by various threat actors. We can locate these TTPs using PowerShell, here are a few examples: Indicator Removal: Clear Windows Event Logs https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/06_Account_Events.ps1 Event Triggered Execution: Installer Packages https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/08_Get-ItemProperty_Software.ps1 Hide Artifacts: NTFS File Attributes https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/08_Get-ItemProperty_Software.ps1 Windows Installer Service is running https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/01_WIS_is_running.ps1 Search Alternate Data Streams on NTFS File Systems https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/02_Search_ADS_on_NTFS%20_(specific%20file).ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/03_Search_ADS_on_NTFS_file_systems.ps1 Read the Contents of a File https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/06_Read_the_contents_file.ps1 Locating Data Patterns within a File https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/05_locating_data_patterns_within_file.ps1 Search for Encoding with Regex https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/07_Search_encoding_with_regex.ps1 Search for Command and Scripting Interpreter: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/04_Searching_for_PIDs.ps1 Threat hunting in different environments with PowerShell: Coming examples are about collecting information in very different environments. Also here a few examples as a kind => as first starting points: Hunt for Threats in Active Directory: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/01_Resetting_Password_Unlocking_Accounts.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/02_Search_stale_accounts.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/03_Users_without_Manager.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/04_Password_Expiration.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/05_Group_Membership_Report.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/06_Account_Events.ps1 https://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting/blob/main/PowerShell/Tracking_the_Source_of_Account_Lock_Outs_and_Bad_Passwords.ps1 https://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting/blob/main/PowerShell/Finding_Unused_Group_Policy_Objects.ps1 Some of the scripts are structured in such a way that they must be executed block by block/line by line. So do not execute the whole script at once. Pay attention to the different information that is collected. With some investigations in the Active Directory accounts can be indicated like "guest" or "krbtgt", there must be clear of course how this information is to be estimated. Depending on how and what information is searched. Hunt for Threats in Exchange Online: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Exchange_Online/Exchange_Mailbox_LastLogin.ps1 Find mailboxes with the last login. Hunt for Threats in Azure: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Azure/Collect_vms_subscription.ps1 We search Azure for all virtual machines in a subscription. https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Azure/02_Graph_Create_Time_Last_Password.ps1 When was the last password change and when were the accounts created? Hunt for Threats in SharePoint: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_SharePoint_Online/SharePoint_Online_specific_files.ps1 With this script we search for files with the extension .ps1 in a SharePoint Online page. Summary: Is this the best tactic to hunt for threats? No! There are many different tactics/techniques to search for threats. First of all, there are a huge number of different tools that can be used, for example SIEM/SOAR (Security Information and Event Management/Security Orchestration, Automation and Response). These tools are really great, sometimes cost a lot and often it takes a lot of knowledge to use such tools. But what is the use of such tools if the information generated by these tools cannot be understood properly, not very much. For this reason, I have tried in this article with simple tools to generate information that hopefully can be interpreted. Is finished here at this point. NO, the journey continues. The examples in this article are neither exhaustive nor complete, but they should give you a starting point. I hope you can build on this foundation. I hope that this information is helpful to you and that you have received a good "little" foundation. But I still hope that this information is helpful for you. Thank you for taking the time to read the article. Happy Hunting, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler62KViews5likes0CommentsHow to remove shared link from subfolder in sharepoint online?
I tried out remove shared link from subfolder by powershell in sharepoint online: Remove-PnPFolderSharingLink -Folder "/sites/site/subfolder/" -Identity 52 But I get error: Remove-PnPFolderSharingLink: Exception of type 'System.Management.Automation.PSInvalidOperationException' was thrown. And "Get-PnPException" shows: Message : Exception of type 'System.Management.Automation.PSInvalidOperationException' was thrown. Stacktrace : at PnP.PowerShell.Commands.Base.PnPConnectedCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPConnectedCmdlet.cs:line 101 at PnP.PowerShell.Commands.PnPSharePointCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPSharePointCmdlet.cs:line 121 at System.Management.Automation.CommandProcessor.ProcessRecord() ScriptLineNumber : 1 Is there a way to remove shared link from subfolder with powershell in sharepoint online?15Views0likes0CommentsI can add myself to any Site Owners group via the web but getting Access Denied using PowerShell
Add-SPOUser -Site "https://mysite" -Group "mySite Owners" -LoginName myemail Add-SPOUser : Attempted to perform an unauthorized operation. I can successfully add other users to sites I'm already Owner using the above CMD. Thank you!1.2KViews0likes5CommentsHow to do deployment of WSP Solution using PNP Powershell in SharePoint
Looking for sample code details for below mentioned using PNP PowerShell. -Uploading WSP file to Solution gallery of Classic SharePoint site -Installing Solution -Activating the solution -Apply the custom template to SharePoint site. #Below is CSOM based Code - looking for code in PNP Based $fileBytes =[System.IO.File]::ReadAllBytes("D:\CustomTemplate.wsp") $fileCreateInfo = New-Object Microsoft.SharePoint.Client.FileCreationInformation $fileCreateInfo.Content = $fileBytes $fileCreateInfo.Url = $list.RootFolder.ServerRelativeUrl + "/CustomTemplate.wsp" $fileCreateInfo.Overwrite = $true $file = $list.RootFolder.Files.Add($fileCreateInfo) $Ctx.Load($file) $Ctx.ExecuteQuery() $designPackageInfo = New-Object Microsoft.SharePoint.Client.Publishing.DesignPackageInfo $designPackageInfo.PackageName = "CustomTemplate.wsp" $WSP = New-Object Microsoft.SharePoint.Client.Publishing.DesignPackageInfo $WSP.PackageGuid = [System.Guid]::Empty $WSP.PackageName = "CustomTemplate.wsp" $WSP.MajorVersion = 1 $WSP.MinorVersion = 0 $WSPFileURL = $list.RootFolder.ServerRelativeUrl + "/" + "CustomTemplate.wsp"; [Microsoft.SharePoint.Client.Publishing.DesignPackage]::Install($Ctx, $Ctx.Site, $WSP, $WSPFileURL) $Ctx.ExecuteQuery() Write-Host -f Green "`tInstalled the Solution Successfully!" #-------------------------------------------------------------------------------- [Microsoft.SharePoint.Client.Publishing.DesignPackage]::Install($Ctx, $site, $designPackageInfo, $fileCreateInfo.Url) $Ctx.ExecuteQuery() # Below is the main code to activate template and assign home page in site. [Microsoft.SharePoint.Client.Publishing.DesignPackage]::Apply($Ctx, $Ctx.Site, $WSP) $Ctx.ExecuteQuery() $web = $Ctx.Site.RootWeb $templateName = “{E7ED6200-07BF-42F8-94CB-F6560D080DFA}#SZ" $web.ApplyWebTemplate($templateName) $web.update() $Ctx.ExecuteQuery()155Views0likes4CommentsPowerShell data explanation and advice
Hi everyone. Not even sure how to ask and maybe it seems dramatic but I am reaching out for a little help here. Can someone help me understand this data I copied from PowerShell? I typed the same commands for user "smell" and user "Public". I have a node in network probably and I really hope for the worse to be honest. Reading about it got me pumped. Of course I have no idea if this could be the small window sun shines through or just another big nothing. Anyway, thanks to anyone who sets me straight about it. Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows PS C:\Users\smell> whoami / user ERROR: Invalid argument/option - '/'. Type "WHOAMI /?" for usage. PS C:\Users\smell> whoami /user USER INFORMATION ---------------- User Name SID =================== ============================================ thinkpadt16g2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\smell> wmic useraccount where name='%username%' get domain,name,sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\smell> wmic useraccount where name='%username%' get domain,name,sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\smell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User') Name User ---- ---- THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\smell> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\smell> wmic useraccount where name='smell' get sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\smell> wmic useraccount where sid='<sid>' get domain,name Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\smell> wmic useraccount where sid='S-1-5-21-2399413288-642862217-314349489-1001' get domain,name Unexpected switch at this level. PS C:\Users\smell> wmic useraccount get domain,name,sid Domain Name SID ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500 ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501 ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001 ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\smell> Get-WmiObject win32_useraccount | Select domain,name,sid domain name sid ------ ---- --- ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500 ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501 ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001 ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\smell> PS C:\Users\smell> Get-LocalUser | Select-Object -Property @('Name', 'SID') Name SID ---- --- Administrator S-1-5-21-2399413288-642862217-314349489-500 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 Guest S-1-5-21-2399413288-642862217-314349489-501 smell S-1-5-21-2399413288-642862217-314349489-1001 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\smell> Get-CimInstance -query 'Select * from win32_useraccount' | ft name, SID name SID ---- --- Administrator S-1-5-21-2399413288-642862217-314349489-500 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 Guest S-1-5-21-2399413288-642862217-314349489-501 smell S-1-5-21-2399413288-642862217-314349489-1001 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\smell> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User') Name User ---- ---- THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\smell> C:\Users\Public C:\Users\Public : The term 'C:\Users\Public' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + C:\Users\Public + ~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Users\Public:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\smell> C:\Users\Public> C:\Users\Public> : The term 'C:\Users\Public>' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:2 + C:\Users\Public> + ~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Users\Public>:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\smell> C:\Users\ C:\Users\ : The term 'C:\Users\' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:2 + C:\Users\ + ~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Users\:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\smell> C:\Users C:\Users : The term 'C:\Users' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:2 + C:\Users + ~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Users:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS C:\Users\smell> PS C:\> Set-Location -PathC:\Users\Public Get-Process : A positional parameter cannot be found that accepts argument 'Set-Location'. At line:1 char:1 + PS C:\> Set-Location -PathC:\Users\Public + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Get-Process], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetProcessCommand PS C:\Users\smell> Set-Location -Path C:\Users\Public PS C:\Users\Public> whoami /user USER INFORMATION ---------------- User Name SID =================== ============================================ thinkpadt16g2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\Public> wmic useraccount where name='%username%' get domain,name,sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\Public> [Security.Principal.WindowsIdentity]::GetCurrent() | Select-Object -Property @('Name', 'User') Name User ---- ---- THINKPADT16G2\smell S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\Public> [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value S-1-5-21-2399413288-642862217-314349489-1001 PS C:\Users\Public> wmic useraccount where name='username' get sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\Public> wmic useraccount where name='smell' get sid Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\Public> wmic useraccount where sid='<sid>' get domain,name Node - THINKPADT16G2 ERROR: Description = Invalid query PS C:\Users\Public> wmic useraccount where sid='S-1-5-21-2399413288-642862217-314349489-1001' get domain,name Unexpected switch at this level. PS C:\Users\Public> wmic useraccount get domain,name,sid Domain Name SID ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500 ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501 ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001 ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\Public> Get-WmiObject win32_useraccount | Select domain,name,sid domain name sid ------ ---- --- ThinkPadT16G2 Administrator S-1-5-21-2399413288-642862217-314349489-500 ThinkPadT16G2 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 ThinkPadT16G2 Guest S-1-5-21-2399413288-642862217-314349489-501 ThinkPadT16G2 smell S-1-5-21-2399413288-642862217-314349489-1001 ThinkPadT16G2 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\Public> Get-LocalUser | Select-Object -Property @('Name', 'SID') Name SID ---- --- Administrator S-1-5-21-2399413288-642862217-314349489-500 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 Guest S-1-5-21-2399413288-642862217-314349489-501 smell S-1-5-21-2399413288-642862217-314349489-1001 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\Public> Get-CimInstance -query 'Select * from win32_useraccount' | ft name, SID name SID ---- --- Administrator S-1-5-21-2399413288-642862217-314349489-500 DefaultAccount S-1-5-21-2399413288-642862217-314349489-503 Guest S-1-5-21-2399413288-642862217-314349489-501 smell S-1-5-21-2399413288-642862217-314349489-1001 WDAGUtilityAccount S-1-5-21-2399413288-642862217-314349489-504 PS C:\Users\Public>217Views0likes1CommentThe Script Fails to Obtain Modified Date of the files in SPO library
Hello, I used a script (see attachment) but failed to obtain the correct modified date of the files in the SPO library. For example; The "Modified" column displays the date of the last file version, while the "$File.TimeLastModified" script retrieves the date of file activities, including non-version-changing actions like moving the file or discarding checkouts. How can I retrieve the exact dates of the files shown in the SP library "Modified" column? Regards,152Views0likes0CommentsSPFx Application Customizer not registering when using PowerShell JSON to register
I've been tasked to create a site script which will run when an SPO global admin creates an SPO Site collection: $themeName = "ASCv12" $site_script = @' { "$schema": "schema.json", "actions": [ { "verb": "setSiteExternalSharingCapability", "capability": "Disabled" }, { "verb": "applyTheme", "themeName": "Blue Yonder" }, { "verb": "associateExtension", "title": "site-script-hide-client-side-solution", "location": "ClientSideExtension.ApplicationCustomizer", "clientSideComponentId": "34e874b4-48ed-4fa6-97b9-04a6054f2902", "scope": "Site" } ], "bindata": { }, "version": 1 } '@@ I've read this documentation: Site template JSON schema | Microsoft Learnwhich shows the exact syntax I'm using. I've tried using the clientSideComponentId from the: package-solution.json manifest.json Root App catalog Product Id number (I've uploaded it to this app catalog.) But when the site is created, the extension does not work. I've checked logging and nothing is triggering. The SPFx extension is an Application Customizer which is vanilla. I've not customized it because I wanted to test it out first of all. But as mentioned, it's not triggering. Can anyone advise? Has anyone encountered this before and did you resolve it?90Views0likes0CommentsHow to report SharePoint URL for all Entra Groups
I am looking to report all Entra Groups, the Group Site URL, Count of Owners, Members and Guests to the groups, then to also check each SharePoint online site, to see if any additional permissions have been added in SharePoint directly. Anyone know how you can pick up the actual Group SPO URL at all, Co-Pilot just want to use: https://your-tenant.sharepoint.com/sites/GroupName,but this doesn't always work depending on the name of the group etc?118Views0likes0CommentsUsing powershell to create folders within users onedrive
Hi all, I'm experiencing several issues with different PowerShell versions when trying to create folders in OneDrive for users in bulk. PowerShell 5.1 does not recognize Connect-PnPOnline. PowerShell 7 does not recognize Connect-SPOService. I have been following the instructions from this guide, which worked on my previous device. However, I’m unable to get it to work on my new device. My goal is to create folders within specific users' OneDrive accounts. Could you please assist me in resolving this? Thank you!2.5KViews0likes26CommentsConnect-SPOService not working in PowerShell 7
Hi all, I'm having some issues getting Connect-SPOService working in PowerShell 7 (7.2.4). It works fine in Windows PowerShell (5.1.22), however it will always generate errors when trying to us it in PS 7 which I've listed below. Firstly if I open Windows PS, I can use it straight away, however if I open PS 7, I have to import the module in order to use it. I guess I can fix this with a profile adjustment, but is there a reason why this would be the case? Secondly even when it's been imported, if I try to connect with the following, I get an error: Connect-SPOService -Url https://***-admin.sharepoint.com Connect-SPOService: No valid OAuth 2.0 authentication session exists Never seen this before in Windows PS and I'm not sure how to resolve it so I tried connecting with this instead. Still got an error but a different one this time: Connect-SPOService -Url https://***-admin.sharepoint.com -Credential ***@***.com Connect-SPOService: The sign-in name or password does not match one in the Microsoft account system. I know these are the right credientials as again they work fine in Windows PS. This lead me to think that something still wasn't being imported correctly into PS 7, so I had a look at the modes, and I noticed that the ExportedCommands don't appear when Get-Module is run in PS 7, but again they do in Windows PS. I'm guessing this could be part of the issue but I'm not sure how to resolve it. From what I can see everything appears fine, but I'm sure I'm missing something here. I've tried setting my ExecutionPolicy to unrestricted in case that was the problem, however it didn't appear to change anything. If anyone has seen this before or could provide any help it would be greatly appreciated. I realise that I could just use Windows PS, but it feels like PS 7 is the way forward and it would be nice to better understand why this is happening. Many thanks in advance.Solved36KViews0likes9Comments