
Function Reset-WindowsUpdate {
            The cmdlet resets all of the windows update components and re-registers the dlls.
            Several services are stopped, the log files and directories are renamed, several dlls are re-registered, and then the services are restarted.
        .PARAMETER AutomaticReboot
            Specify whether the computer should automatically reboot after completing the reset.
            Resets windows update and does not automatically reboot.
            Reset-WindowsUpdate -AutomaticReboot
            Resets windows update and automatically reboots the machine.
            The command should be run with administrative credentials.

        [switch]$AutomaticReboot = $false

    Begin {
        if(!(Test-IsLocalAdmin)) {
            throw "This cmdlet must be run with admin credentials."

            Stop-Service -Name BITS -ErrorAction Stop
        catch [Exception]
            Write-Warning "Could not stop the BITS service"
            Exit 1

            Stop-Service -Name wuauserv -ErrorAction Stop
        catch [Exception]
            Write-Warning "Could not stop the wuauserv service"

            Stop-Service -Name AppIDSvc -ErrorAction Stop
        catch [Exception]
            Write-Warning "Could not stop the AppIDSvc service"
            Exit 1

            Stop-Service -Name CryptSvc -ErrorAction Stop
        catch [Exception]
            Write-Warning "Could not stop the CryptSvc service"
            Exit 1

            Clear-DnsClientCache -ErrorAction Stop
        catch [Exception]
            Write-Warning "Could not clear the dns client cache"

        Remove-Item -Path "$env:ALLUSERSPROFILE\Application Data\Microsoft\Network\Downloader\qmgr*.dat"

        if (Test-Path -Path "$env:SYSTEMROOT\winsxs\pending.xml.bak")
            Remove-Item -Path "$env:SYSTEMROOT\winsxs\pending.xml.bak" -Recurse -Force

        if (Test-Path -Path "$env:SYSTEMROOT\winsxs\pending.xml")
            Rename-Item -Path "$env:SYSTEMROOT\winsxs\pending.xml" -NewName "$env:SYSTEMROOT\winsxs\pending.xml.bak"

        if (Test-Path -Path "$env:SYSTEMROOT\SoftwareDistribution.bak")
            Remove-Item -Path "$env:SYSTEMROOT\SoftwareDistribution.bak" -Recurse -Force

        if (Test-Path -Path "$env:SYSTEMROOT\SoftwareDistribution") 
            Rename-Item -Path "$env:SYSTEMROOT\SoftwareDistribution" -NewName "$env:SYSTEMROOT\SoftwareDistribution.bak"

        if (Test-Path -Path "$env:SYSTEMROOT\system32\Catroot2.bak") 
            Remove-Item -Path "$env:SYSTEMROOT\system32\Catroot2.bak" -Recurse -Force

        if (Test-Path -Path "$env:SYSTEMROOT\system32\Catroot2") 
            Rename-Item -Path "$env:SYSTEMROOT\system32\Catroot2" -NewName "$env:SYSTEMROOT\system32\Catroot2.bak"

        if (Test-Path -Path "$env:SYSTEMROOT\WindowsUpdate.log.bak")
            Remove-Item -Path "$env:SYSTEMROOT\WindowsUpdate.log.bak" -Recurse -Force

        if (Test-Path -Path "$env:SYSTEMROOT\WindowsUpdate.log")
            Rename-Item -Path "$env:SYSTEMROOT\WindowsUpdate.log" -NewName "$env:SYSTEMROOT\WindowsUpdate.log.bak"


        regsvr32.exe /s atl.dll 
        regsvr32.exe /s urlmon.dll 
        regsvr32.exe /s mshtml.dll 
        regsvr32.exe /s shdocvw.dll 
        regsvr32.exe /s browseui.dll 
        regsvr32.exe /s jscript.dll 
        regsvr32.exe /s vbscript.dll 
        regsvr32.exe /s scrrun.dll 
        regsvr32.exe /s msxml.dll 
        regsvr32.exe /s msxml3.dll 
        regsvr32.exe /s msxml6.dll 
        regsvr32.exe /s actxprxy.dll 
        regsvr32.exe /s softpub.dll 
        regsvr32.exe /s wintrust.dll 
        regsvr32.exe /s dssenh.dll 
        regsvr32.exe /s rsaenh.dll 
        regsvr32.exe /s gpkcsp.dll 
        regsvr32.exe /s sccbase.dll 
        regsvr32.exe /s slbcsp.dll 
        regsvr32.exe /s cryptdlg.dll 
        regsvr32.exe /s oleaut32.dll 
        regsvr32.exe /s ole32.dll 
        regsvr32.exe /s shell32.dll 
        regsvr32.exe /s initpki.dll 
        regsvr32.exe /s wuapi.dll 
        regsvr32.exe /s wuaueng.dll 
        regsvr32.exe /s wuaueng1.dll 
        regsvr32.exe /s wucltui.dll 
        regsvr32.exe /s wups.dll 
        regsvr32.exe /s wups2.dll 
        regsvr32.exe /s wuweb.dll 
        regsvr32.exe /s qmgr.dll 
        regsvr32.exe /s qmgrprxy.dll 
        regsvr32.exe /s wucltux.dll 
        regsvr32.exe /s muweb.dll 
        regsvr32.exe /s wuwebv.dll
        regsvr32 /s wudriver.dll
        netsh winsock reset | Out-Null
        netsh winsock reset proxy | Out-Null

        Start-Service -Name BITS
        Start-Service -Name wuauserv
        Start-Service -Name AppIDSvc
        Start-Service -Name CryptSvc

        Write-Host "Successfully reset Windows Update" -ForegroundColor Green


        if ($AutomaticReboot) 
            Restart-Computer -Force
            $Title = "Reboot Now"
            $Message = "A reboot is required to complete the reset, reboot now?"

            $Yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", `
            "Reboots the computer immediately."

            $No = New-Object System.Management.Automation.Host.ChoiceDescription "&No", `
            "Does not reboot the computer."

            $Options = [System.Management.Automation.Host.ChoiceDescription[]]($Yes, $No)

            $Result = $host.ui.PromptForChoice($Title, $Message, $Options, 0) 

            if ($Result -eq 0)
                Restart-Computer -Force

Function Get-GroupsFromToken {
            Enumerates the SIDs that are maintained in a user's access token issued at logon and translates the SIDs to group names.
            The function gets the access token for the user that was issued at their logon. It reads the TOKEN_GROUPS from the access token and retrieves their SIDs from unmanaged memory. It then attempts to translate these SIDs to group names. The function includes all group memberships inherited from nested grouping.
            Returns an array of group names and/or SIDs in the access token for the current user.
            AUTHOR: Michael Haken
            LAST UPDATED: 2/27/2016

    Begin {}

        $Job = Start-Job -ScriptBlock {

            Add-Type -Assembly System.ComponentModel
            $Signatures = @"
        [DllImport("advapi32.dll", SetLastError=true)]
        public static extern bool GetTokenInformation(
                                                IntPtr TokenHandle,
                                                int TokenInformationClass,
                                                IntPtr TokenInformation,
                                                uint TokenInformationLength,
                                                out uint ReturnLength
        [DllImport("advapi32", SetLastError=true, CharSet=CharSet.Auto)]
        public static extern bool ConvertSidToStringSid(
                                                IntPtr pSID,
                                                [In,Out,MarshalAs(UnmanagedType.LPTStr)] ref string pStringSid

            $AdvApi32 = Add-Type -MemberDefinition $Signatures -Name "AdvApi32" -Namespace "PsInvoke.NativeMethods" -PassThru -ErrorAction SilentlyContinue

            $TokenClasses = @"
        using System;
        using System.Runtime.InteropServices;
        namespace TokenServices
            public enum TOKEN_INFORMATION_CLASS
                 TokenUser = 1,
            public enum TOKEN_ELEVATION_TYPE
                TokenElevationTypeDefault = 1,
            public struct TOKEN_USER
                public SID_AND_ATTRIBUTES User;
            public struct SID_AND_ATTRIBUTES
                public IntPtr Sid;
                public UInt32 Attributes;
            public struct TOKEN_GROUPS
                public UInt32 GroupCount;
                public SID_AND_ATTRIBUTES[] Groups;

            Add-Type $TokenClasses -ErrorAction SilentlyContinue

            $CloseHandleSignature = @"
        [DllImport( "kernel32.dll", CharSet = CharSet.Auto )]
        public static extern bool CloseHandle( IntPtr handle );

            $Kernel32 = Add-Type -MemberDefinition $CloseHandleSignature -Name "Kernel32" -Namespace "PsInvoke.NativeMethods" -PassThru -ErrorAction SilentlyContinue

            [UInt32]$TokenInformationLength = 0

            $Success = $AdvApi32::GetTokenInformation( [System.Security.Principal.WindowsIdentity]::GetCurrent().Token,

            if ($TokenInformationLength -gt 0)
                [IntPtr]$TokenInformation = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenInformationLength)

                $Success = $AdvApi32::GetTokenInformation(  

                if ($TokenInformationLength -gt 0) 
                    $GroupArray = @()

                        [TokenServices.TOKEN_GROUPS]$Groups = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenInformation, [System.Type][TokenServices.TOKEN_GROUPS])
                        $SidAndAttrs = New-Object -TypeName TokenServices.SID_AND_ATTRIBUTES
                        [int]$SidAndAttrsSize = [System.Runtime.InteropServices.Marshal]::SizeOf($SidAndAttrs)

                        for ($i = 0; $i -lt $Groups.GroupCount; $i++) 
                            [TokenServices.SID_AND_ATTRIBUTES]$SidAndAttrsGroup = [System.Runtime.InteropServices.Marshal]::PtrToStructure([IntPtr]($TokenInformation.ToInt64() + ($i * $SidAndAttrsSize) + [IntPtr]::Size), [System.Type][TokenServices.SID_AND_ATTRIBUTES]);
                            [string]$SidString = ""
                            $Success = $AdvApi32::ConvertSidToStringSid($SidAndAttrsGroup.Sid, [Ref]$SidString)
                                $Group = (New-Object System.Security.Principal.SecurityIdentifier($SidString)).Translate([System.Security.Principal.NTAccount]) | Select-Object -ExpandProperty Value
                                $GroupArray += $Group
                            catch [Exception]
                                $GroupArray += $SidString
                                Write-Warning $_.Exception.Message

                        Write-Output $GroupArray
                    catch [Exception]
                        Write-Warning $_.Exception.Message
                        $Kernel32::CloseHandle($TokenInformation) | Out-Null
                    $Kernel32::CloseHandle($TokenInformation) | Out-Null
                    Write-Host (New-Object System.ComponentModel.Win32Exception([System.Runtime.InteropServices.Marshal]::GetLastWin32Error())).Message
                Write-Host (New-Object System.ComponentModel.Win32Exception([System.Runtime.InteropServices.Marshal]::GetLastWin32Error())).Message

        Wait-Job -Job $Job | Out-Null
        Write-Output (Receive-Job $Job)

Function Update-TokenGroupMembership {
            The command refreshes the user's token and clears their current Kerberos tickets in order to pick up Active Directory group membership changes since their last logon.
            The current group membership of the user is recorded. Then, the user's Kerberos tickets are purged. After that, the explorer.exe process is stopped and restarted, which refreshes the logon token for the user. The user will be required to enter a set of credentials and then required to enter their password to restart the explorer.exe process.
        .PARAMETER Credential
            The credentials of the current user. These are used to launch a new powershell process to get the updated token group membership. Without using credentials, the new process won't be started with the new token and won't reflect the updates in group membership.
        .PARAMETER UseSmartcard
            If the user only has a Smartcard and does not know their windows password, utilize this switch to enable prompting for Smartcard credentials when explorer.exe restarts. However, they will need to specify a credential object to start a new process to check the token changes.
            System.Management.Automation.PSCredential, System.Management.Automation.SwitchParameter
            Update-TokenGroupMembership -Credential (Get-Credential)
            Updates the group membership for the current user.
            Update-TokenGroupMembership -UseSmartcard
            Updates the groups membership for the current user, but prompts for Smartcard credentials to restart explorer.exe. Because the Credential parameter was not specified, the changes in the group membership in the token are not displayed.
            AUTHOR: Michael Haken
            LAST UPDATED: 2/27/2016

        [PSCredential]$Credential = [PSCredential]::Empty,
        [switch]$UseSmartcard = $false

    Begin {
        if ($Credential -eq $null) {
            $Credential = [PSCredential]::Empty

        $CurrentGroups = @()
        [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Translate([System.Security.Principal.NTAccount]) | Select-Object -ExpandProperty Value | ForEach-Object {
            if ($_ -ne $null -and $_ -ne "") {
                $CurrentGroups += $_

        #The ampersand signifies to execute the following scriptblock and treat each value as a parameter
        & "$env:SYSTEMROOT\system32\klist.exe" purge | Out-Null
        & "$env:SYSTEMROOT\system32\klist.exe" tgt | Out-Null

        & "$env:SYSTEMROOT\system32\taskkill.exe" "/F" "/IM" "explorer.exe" | Out-Null

        if (!$UseSmartcard)
            & "$env:SYSTEMROOT\system32\runas.exe" "/user:$env:USERDOMAIN\$env:USERNAME" "explorer.exe" 
            & "$env:SYSTEMROOT\system32\runas.exe" "/user:$env:USERDOMAIN\$env:USERNAME" "/smartcard" "explorer.exe" 

        if ($Credential -ne [PSCredential]::Empty) {

            $Command = @"
        `$Groups = whoami /groups /FO CSV | ConvertFrom-Csv | Select-Object -ExpandProperty "Group Name"
        `$Groups2 = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Translate([System.Security.Principal.NTAccount]) | Select-Object -ExpandProperty Value
        `$Groups += `$Groups2
        `$Groups | Select-Object -Unique

            #Encode the command because it does not like the Open and Close parentheses
            $Bytes = [System.Text.Encoding]::Unicode.GetBytes($Command)
            $EncodedCommand = [Convert]::ToBase64String($Bytes)

            #Because Start-Process does not capture the standard out as part of the object, it can only be redirected to a file
            #Use the .NET object in order to capture the standard out without writing to file

            $ProcessInfo = New-Object -TypeName System.Diagnostics.ProcessStartInfo
            $ProcessInfo.FileName = "$env:SYSTEMROOT\System32\windowspowershell\v1.0\powershell.exe"
            $ProcessInfo.CreateNoWindow = $true
            $ProcessInfo.Verb = "runas"
            $ProcessInfo.RedirectStandardError = $true
            $ProcessInfo.RedirectStandardOutput = $true
            $ProcessInfo.UseShellExecute = $false
            $ProcessInfo.LoadUserProfile = $false
            $ProcessInfo.Domain = $Credential.UserName.Substring(0, $Credential.UserName.IndexOf("\"))
            $ProcessInfo.UserName = $Credential.UserName.Substring($Credential.UserName.IndexOf("\") + 1)
            $ProcessInfo.Password = $Credential.Password
            $ProcessInfo.Arguments = "-EncodedCommand $EncodedCommand"
            $Process = New-Object -TypeName System.Diagnostics.Process
            $Process.StartInfo = $ProcessInfo
            $Process.Start() | Out-Null

            if ($Process.ExitCode -eq 0)
                $NewGroups = @()
                $Process.StandardOutput.ReadToEnd().Split("`r`n") | ForEach-Object {
                    if ($_ -ne $null -and $_ -ne [System.String]::Empty) {
                        $NewGroups += $_

                Write-Host ""

                foreach ($OldGroup in $CurrentGroups) {
                    if (!$NewGroups.Contains($OldGroup) -and $OldGroup -ne "CONSOLE LOGON") {
                        Write-Host "REMOVED : $OldGroup" -ForegroundColor Red

                Write-Host ""

                foreach ($NewGroup in $NewGroups) {
                    if (!($CurrentGroups.Contains($NewGroup)) -and !$NewGroup.StartsWith("Mandatory Label\")) {
                        Write-Host "ADDED : $NewGroup" -ForegroundColor Green
                throw $Process.StandardError.ReadToEnd()

    End {}

Function Start-WithImpersonation {
            Runs a scriptblock while impersonating another user.
            The user enters credentials and a scriptblock to execute. The scriptblock is executed while impersonating the entered credentials.
        .PARAMETER Credential
            The credentials that will be impersonated.
        .PARAMETER Scriptblock
            The scriptblock that will be executed with the impersonated credentials
        .PARAMETER LogonType
            The type of logon that will be used for impersonation. This parameter defaults to "INTERACTIVE"
            System.Management.Automation.Scriptblock, System.String, System.Management.Automation.PSCredential
                The object returned is whatever the scriptblock from the input returns.
            Start-WithImpersonation -Credential (Get-Credential) -Scriptblock {Get-Service} -LogonType INTERACTIVE
            Runs the get-service command using the impersonated credentials received from the Credential parameter.
            AUTHOR: Michael Haken
            LAST UPDATED: 2/27/2016

        [string]$LogonType = "INTERACTIVE"

    Begin {}

        $Job = Start-Job -ArgumentList @($Credential, $Scriptblock) -ScriptBlock {
            Add-Type -AssemblyName System.ComponentModel

            [PSCredential]$Credential = $args[0]
            [Scriptblock]$Scriptblock = [Scriptblock]::Create($args[1])

            $Signatures = @"
        [DllImport( "advapi32.dll" )]
        public static extern bool LogonUser( String lpszUserName,
                                             String lpszDomain,
                                             String lpszPassword,
                                             int dwLogonType,
                                             int dwLogonProvider,
                                             ref IntPtr phToken );

            $AdvApi32 = Add-Type -MemberDefinition $Signatures -Name "AdvApi32" -Namespace "PsInvoke.NativeMethods" -PassThru

            $CloseHandleSignature = @"
        [DllImport( "kernel32.dll", CharSet = CharSet.Auto )]
        public static extern bool CloseHandle( IntPtr handle );

            $Kernel32 = Add-Type -MemberDefinition $CloseHandleSignature -Name "Kernel32" -Namespace "PsInvoke.NativeMethods" -PassThru

                #Logon Types
                [int]$LOGON32_LOGON_INTERACTIVE = 2
                [int]$LOGON32_LOGON_NETWORK = 3
                [int]$LOGON32_LOGON_BATCH = 4
                [int]$LOGON32_LOGON_SERVICE = 5
                [int]$LOGON32_LOGON_UNLOCK = 7
                [int]$LOGON32_LOGON_NETWORK_CLEARTEXT = 8 #Win2K or higher
                [int]$LOGON32_LOGON_NEW_CREDENTIALS = 9 #Win2K or higher

                #Logon Providers
                [int]$LOGON32_PROVIDER_DEFAULT = 0
                [int]$LOGON32_PROVIDER_WINNT35 = 1
                [int]$LOGON32_PROVIDER_WINNT40 = 2
                [int]$LOGON32_PROVIDER_WINNT50 = 3

                [int]$Provider = $LOGON32_PROVIDER_DEFAULT

                switch ($LogonType)
                    "INTERACTIVE" {
                        $Logon = $LOGON32_LOGON_INTERACTIVE
                    "NETWORK" {
                        $Logon = $LOGON32_LOGON_NETWORK
                    "NETWORK_CLEARTEXT" {
                        $Logon = $LOGON32_LOGON_NETWORK_CLEARTEXT
                    "NEW_CREDENTIALS" {
                        $Logon = $LOGON32_LOGON_NEW_CREDENTIALS
                        $Provider = $LOGON32_PROVIDER_WINNT50
                    "SERVICE" {
                        $Logon = $LOGON32_LOGON_SERVICE
                    "BATCH" {
                        $Logon = $LOGON32_LOGON_BATCH
                    "UNLOCK" {
                        $Logon = $LOGON32_LOGON_UNLOCK
                    default {
                        $Logon = $LOGON32_LOGON_INTERACTIVE

                $TokenHandle = [IntPtr]::Zero

                if ($Credential.UserName.Contains("\"))
                    $UserName = $Credential.UserName.Substring($Credential.UserName.IndexOf("\") + 1)
                    $Domain = $Credential.UserName.Substring(0, $Credential.UserName.IndexOf("\"))
                    $UserName = $Credential.UserName
                    $Domain = $env:COMPUTERNAME

                $Success = $AdvApi32::LogonUser($UserName, $Domain, $Credential.Password, $Logon, $Provider, [Ref]$TokenHandle)
                if (!$Success)
                    $ReturnValue = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
                    $Message = (New-Object -TypeName System.ComponentModel.Win32Exception($ReturnValue)).Message
                    Write-Warning "LogonUser was unsuccessful. Error code: $ReturnValue - $Message"

                $NewIdentity = New-Object System.Security.Principal.WindowsIdentity($TokenHandle)

                $IdentityName = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
                Write-Host "Current Identity: $IdentityName"
                $Context = $NewIdentity.Impersonate()

                $IdentityName = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
                Write-Host "Impersonating: $IdentityName"

                Write-Host "Executing custom script"
                $Result = & $Scriptblock
                return $Result
            catch [System.Exception]
                Write-Host $_.Exception.ToString()
                if ($Context -ne $null)

                if ($TokenHandle -ne [System.IntPtr]::Zero)
                    $Kernel32::CloseHandle($TokenHandle) | Out-Null

        Wait-Job -Job $Job | Out-Null
        return (Receive-Job -Job $Job)

Function Enable-WinRM {
            Enables WinRM on a host.
            The function enables PowerShell remoting, sets WinRM to automatically start, adds the provided to trusted hosts (which defaults to all hosts), and creates the firewall rule to allow inbound WinRM.
        .PARAMETER TrustedHosts
            The hosts that are trusted for remote mamangement. This can be an IP range, a subnet, or a wildcard. This defaults to all hosts: "*".
                The value can be piped to Enable-WinRM.
            Enable-WinRM -TrustedHosts ""
            This command should be run with administrative credentials
            AUTHOR: Michael Haken
            LAST UPDATED: 2/27/2016

        [string]$TrustedHosts = "*"

    Begin {
        if (!(Test-IsLocalAdmin)) {
            throw "This cmdlet must be run with admin credentials."

        Set-NetConnectionProfile -NetworkCategory Private
        Enable-PSRemoting -Force 
        Set-Service -Name WinRM -StartupType Automatic
        Start-Service -Name WinRM
        Set-Item WSMan:\localhost\Client\TrustedHosts -Value $TrustedHosts -Force
        Restart-Service -Name WinRM
        New-NetFirewallRule -Name "Allow_WinRM" -DisplayName "Windows Remote Management (WinRM)" -Description "Allows WinRM ports 5985-5986 inbound." -Protocol TCP -LocalPort 5985,5986 -Enabled True -Action Allow -Profile Any
        Write-Host "WinRM Enabled" -ForegroundColor Green
    End {}

Function New-EmptyTestFile {
            Creates an empty file of the specified size.
            Creates a file of the provided size in the provided location to test against.
        .PARAMETER FilePath
            The location the file should be created. This defaults to the user's desktop with a filename of Test.txt.
        .PARAMETER Size
            The size of the file to be created. Can be specified in bytes or with units, such as 64GB or 32MB.
            System.String, System.UInt64
            New-EmptyTestFile -FilePath "c:\" -Size 15MB
            Creates an empty 15MB cab file at c:\
            AUTHOR: Michael Haken
            LAST UPDATED: 2/27/2016
            This cmdlet is used to create empty test files to perform tests on.

        [string]$FilePath = "$env:USERPROFILE\Desktop\Test.txt",

    Begin {}

        $Writer = [System.IO.File]::Create($FilePath)

        $Bytes = New-Object Byte[] ($Size)
        $Writer.Write($Bytes, 0, $Bytes.Length)


        Write-Host "$Size file created at $FilePath"

    End {}

Function Start-PortScan {
            Conducts a port scan on the selected computer.
            Tries to connect to common ports on a targetted system and reports back the port status of each. Each connection is scheduled as a job; the function waits for all jobs to exit the running status before returning scan information.
        .PARAMETER ComputerName
            The name of the computer to scan. The parameter defaults to "localhost"
                The input can be piped to Start-PortScan
                Each custom object has a property of Service, Port, and Status. Status is either Open or Closed.
            Start-PortScan -ComputerName
            Returns an array of open and closed ports on
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to conduct a security scan of ports on a computer.

        [string]$ComputerName = "localhost"
        $Ports = $script:Ports | Sort-Object -Property Port

        $Jobs = @()

        $i = 1

        foreach ($Item in $Ports)    
            Write-Progress -Activity "Running Port Scan" -Status "Scanning Port $($Item.Port) $($Item.Service)" -PercentComplete (($i++ / $Ports.Count) * 100)
            $Jobs += Start-Job -ArgumentList @($ComputerName,$Item) -ScriptBlock {
                $ComputerName = $args[0]
                $Service = $args[1].Service
                $Port = $args[1].Port

                $Socket = New-Object Net.Sockets.TcpClient
                $ErrorActionPreference = 'SilentlyContinue'
                $Socket.Connect($ComputerName, $Port)
                $ErrorActionPreference = 'Continue' 
                if ($Socket.Connected) 
                    return [PSCustomObject]@{"Service"="$Service";"Port"=$Port;"Status"="Open"}
                    return [PSCustomObject]@{"Service"="$Service";"Port"=$Port;"Status"="Closed"}

        Write-Progress -Completed -Activity "Running Port Scan"

        Write-Host "Waiting for jobs to complete..."

        $RunningJobs = @()

        $RunningJobs = Get-Job | Where-Object {$_.Id -in ($Jobs | Select-Object -ExpandProperty Id)}

        while (($RunningJobs | Where {$_.State -eq "Running"}).Length -gt 0) {
            $Completed = ($RunningJobs | Where {$_.State -eq "Completed"}).Length

            Write-Progress -Activity "Completing Jobs" -Status ("Waiting for connections to complete: " + (($Completed / $RunningJobs.Length) * 100) + "% Complete") -PercentComplete (($Completed / $RunningJobs.Length) * 100)
            Start-Sleep -Milliseconds 500

        Wait-Job -Job $Jobs | Out-Null
        $Data = @()
        Receive-Job -Job $Jobs | ForEach-Object {
            $Data += $_

        Remove-Job -Job $Jobs

        Write-Output ($Data | Select-Object -Property * -ExcludeProperty RunspaceId)

Function Set-NetAdapterToDHCP {
            Changes an adapter from a static IP address to DHCP.
            Gets net adapter configurations from WMI and filters the results based on either matching thet interface index or net adaper name/description. Then the function enables DHCP on the matching network adapter. The adapter must be IP Enabled and currently not be configured to use DHCP.
        .PARAMETER InterfaceIndex
            The interface index to enable DHCP on.
        .PARAMETER InterfaceName
            The Network Adapter Description value to match against and enale DHCP on.
        .PARAMETER InputObject
            A MSFT_NetAdapter CIM Instance.
        .PARAMETER PassThru
            Passes the discovered WMI object back.
                All of the parameters can be piped to Set-NetAdapterToDHCP
                The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
                This is only returned if the PassThru parameter is specified.
            Set-NetAdapterToDHCP -InterfaceIndex 3
            Changes the interface with an Index 3 to DHCP.
            Set-NetAdapterToDHCP -InterfaceName "Hyper-V Virtual Ethernet Adapter #1"
            Changes the interface with a description of Hyper-V Virtual Ethernet Adapter #1 to use DHCP
            Get-NetAdapter -InterfaceIndex 3 | Set-NetAdapterToDHCP
            Gets the network adapter with index 3 and pipes it to Set-NetAdapterToDHCP in order to enable DHCP on the interface.
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to set network adapters to DHCP easily.

        [ValidateScript({$_.CimClass.CimClassName -eq "MSFT_NetAdapter"})]

        switch ($PSCmdlet.ParameterSetName) {
            "Index" {
                $Filter = ("IPEnabled = $true AND DHCPEnabled = $false AND Index = $InterfaceIndex")
            "Name" {
                $Filter = ("IPEnabled = $true AND DHCPEnabled = $false AND Description = `"$InterfaceName`"")
            "InputObject" {
                $Filter = ("IPEnabled = $true AND DHCPEnabled = $false AND Index = $($InputObject.ifIndex)")

        $wmi = Get-WmiObject -Class win32_networkadapterconfiguration -Filter $Filter

        Write-Host "DHCP Enabled on $($wmi.Description)"
        if ($PassThru) {
            Write-Output (Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter $Filter)

Function Remove-JavaInstallations {
            Removes old versions of Java JRE or does a complete removal.
            The function identifies well-known directories, registry keys, and registry key entries. Then based on the type of cleanup and architecture targetted, it removes those files, directories, registry keys, and registry key entries. During a cleanup, the current version of Java is specified so that it is not removed.
        .PARAMETER MajorVersion
            The current major version of Java, for example 7 or 8.
        .PARAMETER MinorVersion
            The current minor version of Java, this is almost always 0.
        .PARAMETER ReleaseVersion
            The current release version of Java, this is the update number, for example 15, 45, or 73.
        .PARAMETER PluginVersion
            The major version of the Java web plugin, for example 10 or 11.
        .PARAMETER Architecture
            The architecture to target, either x86, x64, or All. This defaults to All.
        .PARAMETER FullRemoval
            Specifies that a full removal of Java should be conducted.
            System.Int32, System.Int32, System.Int32, System.In32, System.String
                All valid parameters can be piped to Remove-JavaInstallations by property name.
            Remove-JavaInstallations -MajorVersion 8 -ReleaseVersion 15 -PluginVersion 11 -Architecture All
            Removes all versions previous to JRE 8u15.
            Remove-JavaInstallations -MajorVersion 8 -ReleaseVersion 15 -PluginVersion 11 -Architecture x64
            Removes all versions previous to JRE 8u15 that are x64 installations.
            Remove-JavaInstallations -FullRemoval
            Removes all versions of JRE from the system.
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to conduct complete removals of the Java JRE software.

        [int]$MinorVersion = 0,
        [string]$Architecture = "All",

        if ((Get-PSDrive | Where-Object {$_.Root -eq "HKEY_CLASSES_ROOT"}))
            Get-PSDrive | Where-Object {$_.Root -eq "HKEY_CLASSES_ROOT"} | Remove-PSDrive

        New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null

        $64BIT_REGISTRY_KEY = "*26A24AE4-039D-4CA4-87B4-2F8641*FF*" # 26A24AE4-039D-4CA4-87B4-2F46417015FF - Java 7u15 x64
        $32BIT_REGISTRY_KEY = "*26A24AE4-039D-4CA4-87B4-2F8321*FF*"
        $GENERIC_REGISTRY_KEY = "*26A24AE4-039D-4CA4-87B4-2F8*1*FF*"

        #These keys are used to cleanup HKCR:\\Installer\Products
        $64BIT_HKCR_INSTALLER_PRODUCTS_KEY = "*4EA42A62D9304AC4784BF23812*FF*" # 4EA42A62D9304AC4784BF238120683FF - Java 6u38 x86
        $32BIT_HKCR_INSTALLER_PRODUCTS_KEY = "*4EA42A62D9304AC4784BF26814*FF*"

        #Java AutoUpdate
        $HKCR_JAVA_AUTOUPDATER = "F60730A4A66673047777F5728467D401"
        $HKLM_JAVA_AUTOUPDATER = "F60730A4A66673047777F5728467D401"

        #Build the software version
        [string]$LONG_PUNCTUATED_VERSION = ""
        [string]$NON_PUNCTUATED_VERSION = ""
        [string]$SHORT_VERSION = "1." + $MajorVersion # 1.7
        [string]$BASE_VERSION = "1." + $MajorVersion + "." + $MinorVersion + ".0" # 1.7.0
        [string]$FULL_VERSION = ""
        [string]$PLUGIN_VERSION = $PluginVersion.ToString()
        $Temp = $ReleaseVersion.ToString().ToCharArray()
        [string]$REVERSE_RELEASE = $Temp.ToString()

        $Temp = ($MajorVersion.ToString() + $MinorVersion.ToString()).ToCharArray()
        [string]$REVERSE_VERSION = $Temp.ToString()

        #Make the current release string two characters long
        if ($ReleaseVersion.ToString().Length -eq 1) 
            $ReleaseVersion = "0" + $ReleaseVersion.ToString()

        switch ($ReleaseVersion) 
            "00" {
                $FULL_VERSION = "1." + $MajorVersion + (& if($MinorVersion -gt 0) {"." + $MinorVersion } else {""}) # 1.7 or 1.7.1
                $NON_PUNCTUATED_VERSION = "1" + $MajorVersion + $MinorVersion # 170
                $LONG_PUNCTUATED_VERSION = "1." + $MajorVersion + "." + $MinorVersion # 1.7.0

            default {
                $FULL_VERSION = "1." + $MajorVersion + "." + $MinorVersion + "_" + $ReleaseVersion # 1.7.0_15
                $NON_PUNCTUATED_VERSION = "1" + $MajorVersion + $MinorVersion + "_" + $ReleaseVersion # 170_15
                $LONG_PUNCTUATED_VERSION = $FULL_VERSION # 1.7.0_15

        $NON_PUNCTUATED_REGISTRY_KEY = $MajorVersion.ToString() + $MinorVersion.ToString() + $ReleaseVersion.ToString() + "FF*"
        #Create the registry strings to match Java in HKCR and HKLM
        $HKCR_REGISTRY_KEY = ""

        switch ($Architecture)
            # HKLM:\SOFTWARE\Wow6432Node\
            "x86" {
                $UNINSTALL_REGISTRY_KEY = "*26A24AE4-039D-4CA4-87B4-2F8321" + $NON_PUNCTUATED_REGISTRY_KEY # 3217000 or 3217015
                $HKCR_REGISTRY_KEY = "*4EA42A62D9304AC4784BF23812" + $REVERSE_VERSION_REGISTRY_KEY + "*" #38120751
            # HKLM:\SOFTWARE\
            "x64" {
                $UNINSTALL_REGISTRY_KEY = "*26A24AE4-039D-4CA4-87B4-2F8641" + $NON_PUNCTUATED_REGISTRY_KEY # 6417000 or 6417015
                $HKCR_REGISTRY_KEY = "*4EA42A62D9304AC4784BF26814" + $REVERSE_VERSION_REGISTRY_KEY +"*" #68140751
            "All" {
                $UNINSTALL_REGISTRY_KEY = "*26A24AE4-039D-4CA4-87B4-2F8*1" + $NON_PUNCTUATED_REGISTRY_KEY # *17000 or *17015
                $HKCR_REGISTRY_KEY = "*4EA42A62D9304AC4784BF2*81*" + $REVERSE_VERSION_REGISTRY_KEY + "*" #*81*0751

        $FilePaths = @()
        $UserProfiles = Get-ChildItem -Path "$env:SystemDrive\Users"

        Write-Host "[INFO] Getting All User Profiles" -ForegroundColor Green

        foreach ($Profile in $UserProfiles)
            $FilePaths += "$env:SystemDrive\Users\" + $Profile.Name + "\AppData\LocalLow\Sun"
            $FilePaths += "$env:SystemDrive\Users\" + $Profile.Name + "\AppData\Local\Temp\java_install_reg.log"
            $FilePaths += "$env:SystemDrive\Users\" + $Profile.Name + "\AppData\Local\Temp\java_install.log"  

        Write-Host "[INFO] Adding file paths" -ForegroundColor Green

        $FilePaths += "$env:SYSTEMROOT\Temp\java_install.log"
        $FilePaths += "$env:SYSTEMROOT\Temp\java_install_reg.log"

        if ($PSCmdlet.ParameterSetName -eq "Removal")
            $FilePaths += "$env:ALLUSERSPROFILE\Sun"

            if ($Architecture -eq "x86" -or $Architecture -eq "All")
                $FilePaths += "$env:SystemDrive\Program Files (x86)\Java"
                $FilePaths += "$env:SYSTEMROOT\System32\java.exe"
                $FilePaths += "$env:SYSTEMROOT\System32\javaw.exe"
                $FilePaths += "$env:SYSTEMROOT\System32\javaws.exe"
            if ($Architecture -eq "x64" -or $Architecture -eq "All")
                $FilePaths += "$env:SystemDrive\Program Files\Java"
                $FilePaths += "$env:SYSTEMROOT\SysWow64\java.exe"
                $FilePaths += "$env:SYSTEMROOT\SysWow64\javaw.exe"
                $FilePaths += "$env:SYSTEMROOT\SysWow64\javaws.exe"

        if ($PSCmdlet.ParameterSetName -eq "Cleanup")
            if ($Architecture -eq "x86" -or $Architecture -eq "All")
                $FilePaths += @(Get-ChildItem "$env:SystemDrive\program files (x86)\Java" | Where-Object {$ -notlike "jre" + $MajorVersion})
            if ($Architecture -eq "x64" -or $Architecture -eq "All")
                $FilePaths += @(Get-ChildItem "$env:SystemDrive\program files\Java" | Where-Object {$ -notlike "jre" + $MajorVersion})
        Write-Host "[INFO] Getting Registry Keys" -ForegroundColor Green
        $ErrorActionPreference = "SilentlyContinue"
        $RegistryKeys = @()

        $RegistryKeys += 'HKCU:\Software\AppDataLow\Software\Javasoft'
        $RegistryKeys += 'HKCU:\Software\Javasoft\Java Update'
        $RegistryKeys += 'HKCU:\Software\Microsoft\Protected Storage System Provider\S-1-5-21-1292428093-1275210071-839522115-1003\Data'
        $RegistryKeys += 'HKLM:\SOFTWARE\MozillaPlugins\'
        $RegistryKeys += 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3312070F06'
        $RegistryKeys += 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3512070F06'
        $RegistryKeys += 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120652FF'
        $RegistryKeys += 'HKLM:\SOFTWARE\Classes\JavaSoft.JavaBeansBridge'
        $RegistryKeys += 'HKLM:\SOFTWARE\Classes\JavaSoft.JavaBeansBridge.1'
        $RegistryKeys += 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3312070F07'
        $RegistryKeys += 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3312070F08'
        $RegistryKeys += 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3312070F09'
        $RegistryKeys += 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF2381206220F'

        if ($PSCmdlet.ParameterSetName -eq "Cleanup")
            $RegistryKeys += @((Get-ChildItem -Path "HKCR:\" | Where-Object {($_.Name -like "*JavaPlugin*") -and ($_.Name -notlike "*JavaPlugin." + $NON_PUNCTUATED_VERSION + "*")}).PSPath)
            $RegistryKeys += @((Get-ChildItem -Path "HKCR:\" | Where-Object {($ -like "*JavaWebStart.isInstalled.*") -and ($_.Name -notlike "*JavaWebStart.isInstalled." + $BASE_VERSION +"*")}).PSPath)
            $RegistryKeys += @((Get-ChildItem -Path "HKCR:\Installer\Products" | Where-Object {($_.Name -like $GENERIC_HKCR_INSTALLER_PRODUCTS_KEY) -and ($_.Name -notlike $HKCR_REGISTRY_KEY)}).PSPath)
            $RegistryKeys += @((Get-ChildItem -Path "HKCU:\Software\JavaSoft\Java Runtime Environment" | Where-Object {($_.Name -notlike "*" + $FULL_VERSION +"*") -and ($ -notlike "*" + $LONG_PUNCTUATED_VERSION +"*")}).PSPath)
            $RegistryKeys += @((Get-ChildItem -Path "HKCU:\Software\JavaSoft\Java2D" | Where-Object {($_.Name -notlike  "*" + $LONG_PUNCTUATED_VERSION + "*")}).PSPath) 
            $RegistryKeys += @((Get-ChildItem -Path "HKCU:\Software\Classes" | Where-Object {($_.Name -like "*JavaPlugin*") -and ($_.Name -notlike "*JavaPlugin." + $NON_PUNCTUATED_VERSION + "*")}).PSPath)
            $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes\Installer\Products" | Where-Object {($_.Name -like $GENERIC_HKCR_INSTALLER_PRODUCTS_KEY) -and  ($_.Name -notlike $HKCR_REGISTRY_KEY) }).PSPath)

            if ($Architecture -eq "x86" -or $Architecture -eq "All")
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes\Installer\Features\" | Where-Object {$_.Name -like $32BIT_REGISTRY_KEY}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Uninstall\" | Where-Object {($_.Name -like $32BIT_REGISTRY_KEY) -and ($_.Name -notlike $UNINSTALL_REGISTRY_KEY)}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes" | Where-Object {($_.Name -notlike "*JavaPlugin." + $NON_PUNCTUATED_VERSION + "*") -and ($_.Name -like "*JavaPlugin*")}).PSPath) 
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes" | Where-Object {($_.Name -notlike "*JavaWebStart.isInstalled." + $BASE_VERSION + "*") -and ($_.Name -like "*JavaWebStart.isInstalled.*")}).PSPath) 
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environemt" | Where-Object {($_.Name -notlike  "*" + $FULL_VERSION + "*") -and ($_.Name -notlike  "*" + $SHORT_VERSION + "*")}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in" | Where-Object {($_.Name -notlike  "*" + $PLUGIN_VERSION + "*")}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Wow6432Node\JavaSoft\Java Web Start" | Where-Object {($_.Name -notlike "*" + $FULL_VERSION +"*") -and ($ -notlike "*" + $SHORT_VERSION +"*")}).PSPath)            

            if ($Architecture -eq "x64" -or $Architecture -eq "All")
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes\Installer\Features\" | Where-Object {$_.Name -like $64BIT_REGISTRY_KEY}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" | Where-Object {($_.Name -like $64BIT_REGISTRY_KEY) -and ($_.Name -notlike $UNINSTALL_REGISTRY_KEY)}).PSPath) 
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes" | Where-Object {($_.Name -notlike "*JavaWebStart.isInstalled." + $BASE_VERSION + "*") -and ($_.Name -like "*JavaWebStart.isInstalled.*")}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes" | Where-Object {($_.Name -notlike "*JavaPlugin." + $NON_PUNCTUATED_VERSION + "*") -and ($_.Name -like "*JavaPlugin*")}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\JavaSoft\Java Runtime Environemt" | Where-Object {($_.Name -notlike  "*" + $FULL_VERSION + "*") -and ($_.Name -notlike  "*" + $SHORT_VERSION + "*")}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\JavaSoft\Java Plug-in" | Where-Object {($_.Name -notlike  "*" + $PLUGIN_VERSION + "*")}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\JavaSoft\Java Web Start" | Where-Object {($_.Name -notlike "*" + $FULL_VERSION +"*") -and ($ -notlike "*" + $SHORT_VERSION +"*")}).PSPath)    

        if ($PSCmdlet.ParameterSetName -eq "Removal")
            $RegistryKeys += "HKLM:\SOFTWARE\Classes\jarfile"
            $RegistryKeys += @((Get-ChildItem -Path "HKCR:\" | Where-Object {($_.Name -like "*JavaPlugin*")}).PSPath)
            $RegistryKeys += @((Get-ChildItem -Path "HKCR:\" | Where-Object {($_.Name -like "*JavaScript*")}).PSPath)
            $RegistryKeys += @((Get-ChildItem -Path "HKCR:\" | Where-Object {($_.Name -like "*JavaWebStart*")}).PSPath)
            $RegistryKeys += @((Get-ChildItem -Path "HKCR:\Installer\Products" | Where-Object {($_.Name -like $GENERIC_HKCR_INSTALLER_PRODUCTS_KEY)}).PSPath)
            $RegistryKeys += "HKCU:\Software\JavaSoft\Java Runtime Environment"
            $RegistryKeys += "HKCU:\Software\JavaSoft\Java2D"
            $RegistryKeys += "HKCR:\Installer\Products\$HKCR_JAVA_AUTOUPDATER"

            if ($Architecture -eq "x86" -or $Architecture -eq "All")
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes\Installer\Features\" | Where-Object {$_.Name -like $32BIT_REGISTRY_KEY -or $_.Name -like $HKLM_JAVA_AUTOUPDATER}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Uninstall\" | Where-Object {$_.Name -like $32BIT_REGISTRY_KEY}).PSPath) 
                $RegistryKeys += "HKLM:\SOFTWARE\Wow6432Node\JavaSoft"
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes" | Where-Object {$_.Name -like "*JavaWebStart*"}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes" | Where-Object {$_.Name -like "*JavaPlugin*"}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes\Installer\Products" | Where-Object {$_.Name -like $32BIT_HKCR_INSTALLER_PRODUCTS_KEY}).PSPath)
                $RegistryKeys += "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe"

            if ($Architecture -eq "x64" -or $Architecture -eq "All")
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes\Installer\Features\" | Where-Object {$_.Name -like $64BIT_REGISTRY_KEY -or $_.Name -like $HKLM_JAVA_AUTOUPDATER}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" | Where-Object {$_.Name -like $64BIT_REGISTRY_KEY -or $_.Name -like $HKLM_JAVA_AUTOUPDATER}).PSPath) 
                $RegistryKeys += "HKLM:\SOFTWARE\JavaSoft"
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes" | Where-Object {$_.Name -like "*JavaWebStart*"}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\Software\Classes" | Where-Object {$_.Name -like "*JavaPlugin*"}).PSPath)
                $RegistryKeys += @((Get-ChildItem -Path "HKLM:\SOFTWARE\Classes\Installer\Products" | Where-Object {$_.Name -like $64BIT_HKCR_INSTALLER_PRODUCTS_KEY}).PSPath)
                $RegistryKeys += "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe"

        Write-Host "[INFO] Getting Registry Key Properties" -ForegroundColor Green

        $RegistryKeyProperties = @()

        $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders") 
        $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\System\ControlSet001\Control\Session Manager\Environment")
        $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\System\ControlSet002\Control\Session Manager\Environment")
        $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\System\ControlSet003\Control\Session Manager\Environment")
        $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\System\CurrentControlSet\Control\Session Manager\Environment")
        $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Classes\jarfile\shell\open\command")

        $EntriesToKeep = @()

        if ($PSCmdlet.ParameterSetName -eq "Cleanup")
            switch ($Architecture)
                "x86" {
                    $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe")
                    $NOT_LIKE_1 = "$env:SystemDrive\program files (x86)\*\jre" + $majorbuild + "\*"
                    $NOT_LIKE_2 = "$env:SystemDrive\program files (x86)\*\jre" + $shortversion + "\*"
                    $LIKE = "$env:SystemDrive\program files (x86)\*\jre*"
                "x64" {
                    $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe")
                    $NOT_LIKE_1 = "$env:SystemDrive\program files\*\jre" + $majorbuild + "\*"
                    $NOT_LIKE_2 = "$env:SystemDrive\program files\*\jre" + $shortversion + "\*"
                    $LIKE = "$env:SystemDrive\program files\*\jre*"
                "All" {
                    $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe")
                    $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe")
                    $NOT_LIKE_1 = "$env:SystemDrive\program files*\*\jre" + $majorbuild + "\*"
                    $NOT_LIKE_2 = "$env:SystemDrive\program files*\*\jre" + $shortversion + "\*"
                    $LIKE = "$env:SystemDrive\program files*\*\jre*"

            foreach ($Property in $RegistryKeyProperties)
                if ((($Property.Property -like $LIKE) -and ($Property.Property -notlike $NOT_LIKE_1) -and ($Property.Property -notlike $NOT_LIKE_2)) -or
                    (($Property.Value -like $LIKE) -and ($Property.Value -notlike $NOT_LIKE_1) -and ($Property.Value -notlike $NOT_LIKE_2)))
                    $EntriesToKeep += $Property

        if ($PSCmdlet.ParameterSetName -eq "Removal")
            switch ($Architecture)
                "x86" {
                    $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe")
                    $LIKE = "$env:SystemDrive\program files (x86)\*\jre*"
                "x64" {
                    $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe")
                    $LIKE = "$env:SystemDrive\program files\*\jre*"
                "All" {
                    $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe")
                    $RegistryKeyProperties += @(Get-RegistryKeyEntries -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe")
                    $LIKE = "$env:SystemDrive\program files*\*\jre*"

            foreach ($Property in $RegistryKeyProperties)
                if (($Property.Property -like $LIKE) -or ($Property.Value -like $LIKE))
                    $EntriesToKepp += $Property

        $RegistryKeyProperties = $EntriesToKeep

        $ErrorActionPreference = "Continue"

        [int]$DirectoryCount = 0
        [int]$RegistryKeyCount = 0
        [int]$RegistryEntryCount = 0

        Write-Host "[INFO] Removing Directories and Files" -ForegroundColor Yellow

        foreach ($Item in $FilePaths)
            if (Test-Path -Path $Item)
                Remove-Item -Path $Item -Force -Recurse

        Write-Host "[INFO] Removing Registry Keys" -ForegroundColor Yellow

        foreach ($Item in $RegistryKeys)
            if (Test-Path -Path $Item)
                Remove-Item -Path $Item -Force -Recurse

        Write-Host "[INFO] Removing Registry Key Entries" -ForegroundColor Yellow

        foreach ($Item in $RegistryKeyProperties)
            if (Test-Path -Path $Item.Path)
                Remove-ItemProperty -Path $Item.Path -Name $Item.Property -Force

        Write-Host "[INFO] Java cleanup removed $DirectoryCount directories, $RegistryKeyCount registry keys, and $RegistryEntryCount registry key entries." -ForegroundColor Yellow

Function Get-RegistryKeyEntries {
            Gets all of the properties and their values associated with a registry key.
            The Get-RegistryKeyEntries cmdlet gets each entry and its value for a specified registry key.
        .PARAMETER Path
            The registry key path in the format that PowerShell can process, such as HKLM:\Software\Microsoft or Registry::HKEY_LOCAL_MACHINE\Software\Microsoft
                You can pipe a registry path to Get-RegistryKeyEntries.
            Get-RegistryEntries -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall
            Gets all of the entries associated with the registry key. It does not get any information about subkeys.
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to supplement the Get-ItemProperty cmdlet to get the values for every entry in a registry key.

        [ValidateScript({Test-Path -Path $_})]

    Begin {}

        Get-Item -Path $Path | Select-Object -ExpandProperty Property | ForEach-Object {
            Write-Output ([PSCustomObject]@{"Path"=$Path;"Property"="$_";"Value"=(Get-ItemProperty -Path $Path -Name $_ | Select-Object -ExpandProperty $_)})

    End {}

Function Remove-AppxProvisionedPackageSet {
            Removes the default App Store provisioned packages.
            The Remove-AppxProvisionedPackageSet cmdlet removes the default provisioned packages.
        .PARAMETER Ignore
            An array of Provisioned Package names to ignore. The dynamic params will automatically populate accepted values.
                You can pipe an array of Provisioned Package names to ignore removal of to Remove-AppxProvisionedPackageSet.
            PS C:\>Remove-AppxProvisionedPackageSet
            This command removes all of the default provisioned packages.
            PS C:\>Remove-AppxProvisionedPackageSet -Ignore Microsoft.Bing,Microsoft.BingNews
            This command removes all of the default provisioned packages except Bing and BingNews.
            The default packages removed by this command are included in the following array:
            @("Microsoft.Bing" , "Microsoft.BingFinance" , "Microsoft.BingMaps" , "Microsoft.BingNews",`
                "Microsoft.BingSports" , "Microsoft.BingTravel" , "Microsoft.BingWeather" , "Microsoft.Camera",`
                "microsoft.microsoftskydrive" , "Microsoft.Reader" , "microsoft.windowscommunicationsapps",`
                "microsoft.windowsphotos" , "Microsoft.XboxLIVEGames" , "Microsoft.ZuneMusic",`
                "Microsoft.ZuneVideo" , "Microsoft.Media.PlayReadyClient")
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to remove the default Appx Provisioned Packages.

    Param ()
        [System.Management.Automation.ParameterAttribute]$Attributes = New-Object -TypeName System.Management.Automation.ParameterAttribute
        $Attributes.ParameterSetName = "__AllParameterSets"
        $Attributes.Mandatory = $false
        $Attributes.Position = 0
        $Attributes.ValueFromPipeline = $true
        $Attributes.ValueFromPipelineByPropertyName = $true
        $AttributeCollection = New-Object -TypeName System.Collections.ObjectModel.Collection[System.Attribute]
        $Values = @("Microsoft.Bing" , "Microsoft.BingFinance" , "Microsoft.BingMaps" , "Microsoft.BingNews",`
            "Microsoft.BingSports" , "Microsoft.BingTravel" , "Microsoft.BingWeather" , "Microsoft.Camera",`
            "microsoft.microsoftskydrive" , "Microsoft.Reader" , "microsoft.windowscommunicationsapps",`
            "microsoft.windowsphotos" , "Microsoft.XboxLIVEGames" , "Microsoft.ZuneMusic",`
            "Microsoft.ZuneVideo" , "Microsoft.Media.PlayReadyClient")

        [System.Management.Automation.ValidateSetAttribute]$ValidateSet = New-Object -TypeName System.Management.Automation.ValidateSetAttribute($Values)


        [System.Management.Automation.RuntimeDefinedParameter]$DynParam1 = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameter("Ignore", [string[]], $AttributeCollection)

        [System.Management.Automation.RuntimeDefinedParameterDictionary]$ParamDictionary = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameterDictionary

        $ParamDictionary.Add("Ignore", $DynParam1)

        return $ParamDictionary 
    Begin {}

       foreach ($App in $Values) 
            if (!$PSBoundParameters.Ignore.Contains($App))
                $PackageFullName = (Get-AppxPackage $App).PackageFullName 
                if ((Get-AppxPackage $App).PackageFullName) 
                    Write-Host "Removing Package: $App" 
                        Remove-AppxProvisionedPackage -Online -Packagename $PackageFullName 
                        Remove-AppxPackage -Package $PackageFullName 
                    catch [Exception]
                        Write-Warning $_.Exception.Message
                    Write-Warning "Unable to find package: $App" 

    End {}

Function Start-TaskSchedulerHistory {
            Enables the Task Scheduler log history.
            The Start-TaskSchedulerHistory cmdlet enables the windows event logs for the Task Scheduler. The command should be used to correct the issue of Scheduled Tasks' history showing as "Disabled" in Task Scheduler.
            PS C:\>Start-TaskSchedulerHistory
            This command starts the collection of scheduled task events.
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to turn on history for Scheduled Tasks.

    Param ()

    Begin {}

    Process {
        $LogName = 'Microsoft-Windows-TaskScheduler/Operational'
        $EventLog = New-Object System.Diagnostics.Eventing.Reader.EventLogConfiguration $LogName
        $EventLog.IsEnabled = $true


Function Start-KerberosTraceLog {
            Starts a trace to troubleshoot Kerberos authentication issues.
            The Start-KerberosTraceLog cmdlet starts a trace of logs and netsh to capture all Kerberos, NTLM, SSL, and Negotiation traffic.
        .PARAMETER Path
            Specify the directory to store the log files during the trace. This defaults to the module root. The directory is created if it does not already exist.
                You can pipe a directory path string to Start-KerberosTraceLog.
            PS C:\>Start-KerberosTraceLog
            This command starts the trace log and logs to $PSScriptRoot\Logs.
            PS C:\>Start-KerberosTraceLog -Path C:\Logs
            This command starts the trace log and logs to C:\Logs. The directory is created if it doesn't already exist.
            This command must be run with local administrator credentials.
            The output from the individual logman.exe, nltest.exe, and netsh.exe commands are written to $PSScriptRoot\StartOutput\.
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to assist in troubleshooting Kerberos authentication issues.

        [string]$Path = "$PSScriptRoot\Logs"

    Begin {
        if (!(Test-IsLocalAdmin)) {
            throw "This cmdlet must be run with admin credentials."

        $KerberosbDebugFlags = "0x40243"
        $NtlmDebugFlags = "0x15003"
        $NegoExtsDebugFlags = "0xFFFF"
        $Pku2uDebugFlags = "0xFFFF"
        $SslDebugFlags= "0x0000FDFF"

        if (!(Test-Path -Path "$PSScriptRoot\StartOutput")) {
             New-Item -Path "$PSScriptRoot\StartOutput" -ItemType Directory -Force | Out-Null

    Process {
        if (!(Test-Path -Path $Path)) {
             New-Item -Path $Path -ItemType Directory | Out-Null

        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("start","kerb","-p {6B510852-3583-4e2d-AFFE-A67F9F223438}",$KerberosbDebugFlags,"-o `"$Path\kerb.etl`"","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StartOutput\kerb.txt" -RedirectStandardError "$PSScriptRoot\StartOutput\kerb_error.txt"
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("start","ntlm","-p {5BBB6C18-AA45-49b1-A15F-085F7ED0AA90}",$NtlmDebugFlags,"-o `"$Path\ntlm.etl`"","-ets")-NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StartOutput\ntlm.txt" -RedirectStandardError "$PSScriptRoot\StartOutput\ntlm_error.txt"
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("start","negoexts","-p {5AF52B0D-E633-4ead-828A-4B85B8DAAC2B}",$NegoExtsDebugFlags,"-o `"$Path\negoexts.etl`"","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StartOutput\negoexts.txt" -RedirectStandardError "$PSScriptRoot\StartOutput\negoexts_error.txt"

        $NegoExtender = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\NegoExtender\Parameters"
        if (!(Test-Path -Path $NegoExtender )) {
            New-Item -Path $NegoExtender -Force | Out-Null

            $Counter = 0
            while (!(Test-Path -Path $NegoExtender)) {
                Start-Sleep -Seconds 1

                if ($Counter -gt 30) {
                    throw "Timeout waiting for registry key $NegoExtender to be created."

        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\NegoExtender\Parameters" -Name InfoLevel -Value ([System.Convert]::ToInt32($NegoExtsDebugFlags, 16)) -Type ([Microsoft.Win32.RegistryValueKind]::DWord) -Force | Out-Null
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("start","pku2u","-p {2A6FAF47-5449-4805-89A3-A504F3E221A6}",$Pku2uDebugFlags,"-o `"$Path\pku2u.etl`"","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StartOutput\pku2u.txt" -RedirectStandardError "$PSScriptRoot\StartOutput\pku2u_error.txt"
        $Pku2u = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Pku2u\Parameters"

        if (!(Test-Path -Path $Pku2u)) {
            New-Item -Path $Pku2u -Force | Out-Null

            $Counter = 0
            while (!(Test-Path -Path $Pku2u)) {
                Start-Sleep -Seconds 1

                if ($Counter -gt 30) {
                    throw "Timeout waiting for registry key $Pku2u to be created."

        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Pku2u\Parameters" -Name InfoLevel -Value ([System.Convert]::ToInt32($Pku2uDebugFlags, 16)) -Type ([Microsoft.Win32.RegistryValueKind]::DWord) -Force | Out-Null

        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("start","ssl","-p {37D2C3CD-C5D4-4587-8531-4696C44244C8}",$SslDebugFlags,"-o `"$Path\ssl.etl`"","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StartOutput\ssl.txt" -RedirectStandardError "$PSScriptRoot\StartOutput\ssl_error.txt"

        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name SPMInfoLevel -Value ([System.Convert]::ToInt32("0x101F", 16)) -Type ([Microsoft.Win32.RegistryValueKind]::DWord) -Force | Out-Null
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LogToFile -Value 1 -Type ([Microsoft.Win32.RegistryValueKind]::DWord) -Force | Out-Null
        Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name NegEventMask -Value ([System.Convert]::ToInt32("0xF", 16)) -Type ([Microsoft.Win32.RegistryValueKind]::DWord) -Force | Out-Null

        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\nltest.exe" -ArgumentList @("/dbflag:0x2080FFFF") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StartOutput\nltest.txt" -RedirectStandardError "$PSScriptRoot\StartOutput\nltest_error.txt"        
        $PRocess = Start-Process -FilePath "$env:SYSTEMROOT\System32\netsh.exe" -ArgumentList @("trace","stop") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StartOutput\netshstop.txt" -RedirectStandardError "$PSScriptRoot\StartOutput\netshstop_error.txt"
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\netsh.exe" -ArgumentList @("trace","start","scenario=NetConnection","capture=yes","persistent=no","traceFile=`"$Path\Tracefile.ETL`"","overwrite=yes") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StartOutput\netsh.txt" -RedirectStandardError "$PSScriptRoot\StartOutput\netsh_error.txt"

    End {
        Write-Host "Kerberos trace log started." -ForegroundColor Green

Function Stop-KerberosTraceLog {
            Stops a trace that was started to troubleshoot Kerberos authentication issues.
            The Stop-KerberosTraceLog cmdlet stops the trace of logs and netsh to capture all Kerberos, NTLM, SSL, and Negotiation traffic. The required remaining logs are copied to the specified directory and then compressed into a zip file.
        .PARAMETER Path
            Specify the directory that was used during the Start-KerberosTraceLog to collect logs. This defaults to the module root.
                You can pipe a directory path string to Stop-KerberosTraceLog.
            PS C:\>Stop-KerberosTraceLog
            This command stops the trace log.
            PS C:\>Stop-KerberosTraceLog -Path C:\Logs
            This command stops the trace log and and copies additional required information to C:\Logs. Then, a zip file is written to C:\Logs containing the logs files.
            This command must be run with local administrator credentials.
            The output from the individual logman.exe, nltest.exe, and netsh.exe commands are written to $PSScriptRoot\StopOutput\.
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to assist in troubleshooting Kerberos authentication issues.

        [ValidateScript({Test-Path -Path $_})]
        [string]$Path = "$PSScriptRoot\Logs"

    Begin {
        if (!(Test-IsLocalAdmin)) {
            throw "This cmdlet must be run with admin credentials."

        if (!(Test-Path -Path "$PSScriptRoot\StopOutput")) {
            New-Item -Path "$PSScriptRoot\StopOutput" -ItemType Directory | Out-Null

        Add-Type -AssemblyName System.IO.Compression.FileSystem

    Process {
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("stop","kerb","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StopOutput\kerb.txt" -RedirectStandardError "$PSScriptRoot\StopOutput\kerb_error.txt"
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("stop","ntlm","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StopOutput\ntlm.txt" -RedirectStandardError "$PSScriptRoot\StopOutput\ntlm_error.txt"
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("stop","negoexts","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StopOutput\negoexts.txt" -RedirectStandardError "$PSScriptRoot\StopOutput\negoexts_error.txt"

        Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\NegoExtender\Parameters" -Name "InfoLevel" -Force | Out-Null
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("stop","pku2u","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StopOutput\pku2u.txt" -RedirectStandardError "$PSScriptRoot\StopOutput\pku2u_error.txt"

        Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Pku2u\Parameters" -Name "InfoLevel" -Force | Out-Null

        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\logman.exe" -ArgumentList @("stop","ssl","-ets") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StopOutput\ssl.txt" -RedirectStandardError "$PSScriptRoot\StopOutput\ssl_error.txt"

        Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "SPMInfoLevel" -Force | Out-Null
        Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LogToFile" -Force | Out-Null
        Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "NegEventMask" -Force | Out-Null

        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\nltest.exe" -ArgumentList @("/dbflag:0x0") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StopOutput\nltest.txt" -RedirectStandardError "$PSScriptRoot\StopOutput\nltest_error.txt"
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\netsh.exe" -ArgumentList @("wfp","capture","stop") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StopOutput\netsh_wfp.txt" -RedirectStandardError "$PSScriptRoot\StopOutput\netsh_wfp_error.txt"
        $Process = Start-Process -FilePath "$env:SYSTEMROOT\System32\netsh.exe" -ArgumentList @("trace","stop") -NoNewWindow -RedirectStandardOutput "$PSScriptRoot\StopOutput\netsh_tracestop.txt" -RedirectStandardError "$PSScriptRoot\StopOutput\netsh_tracestop_error.txt"

        if (Test-Path -Path "$env:SYSTEMROOT\debug\netlogon.log") {
            try {
                Copy-Item -Path "$env:SYSTEMROOT\debug\netlogon.log" -Destination $Path -Force | Out-Null
            catch [Exception] {
                Write-Warning $_.Exception.Message
        if (Test-Path -Path "$env:SYSTEMROOT\system32\lsass.log") {
            try {
                Copy-Item -Path "$env:SYSTEMROOT\system32\lsass.log" -Destination $Path -Force | Out-Null
            catch [Exception] {
                Write-Warning $_.Exception.Message

        Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name "BuildLabEx" | Select-Object -ExpandProperty BuildLabEx | Out-File -FilePath "$Path\build.txt"

        Add-Type -AssemblyName System.IO.Compression.FileSystem

        $CompressionLevel = [System.IO.Compression.CompressionLevel]::Optimal

        try {
            $FileName = ("$Path\Logs_" + (Get-Date).ToString("yyyy-MM-dd-HH-mm") + ".zip")
            $Path = $FileName
        catch [Exception] {
            Write-Warning "Possible error creating zip file at $FileName : $($_.Exception.Message). The zip file may still have been created."

    End {
        Write-Host "Kerberos trace logs collected at $Path. Please share these for analysis." -ForegroundColor Green

Function Test-IsLocalAdmin {
            Tests is the current user has local administrator privileges.
            The Test-IsLocalAdmin cmdlet tests the user's current Windows Identity for inclusion in the BUILTIN\Administrators role.
            PS C:\>Test-IsLocalAdmin
            This command returns true if the current is running the session with local admin credentials and false if not.
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to test for administrative credentials before running other commands that require them.


    Begin {}

    Process {
        Write-Output ([System.Security.Principal.WindowsPrincipal][System.Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)

    End {}

Function Write-CCMLogFormat {
            Writes a log file formatted to be read by the CMTrace tool.
            The Write-CCMLogFormat cmdlet takes a message and writes it to a file in the format that can be read by CMTrace.
        .PARAMETER Message
            The message to be written to the file.
        .PARAMETER FilePath
            The path of the file to write the log information.
        .PARAMETER LogLevel
            The log level of the message. 1 is Informational, 2 is Warning, and 3 is Error. This defaults to Informational.
        .PARAMETER Component
            The component generating the log file.
        .PARAMETER Thread
            The thread ID of the process running the task. This defaults to the current managed thread ID.
            PS C:\>Write-CCMLogFormat -Message "Test Warning Message" -FilePath "c:\logpath.log" -LogLevel 2 -Component "PowerShell"
            This command writes "Test Warning Message" to c:\logpath.log and sets it as a Warning message in the CMTrace log viewer tool.
            System.String, System.String, System.Int32, System.String, System.Int32
            AUTHOR: Michael Haken
            LAST UPDATE: 2/27/2016
            The intended use of this cmdlet is to write CMTrace formatted log files to be used with the viewer tool.

        [Int32]$LogLevel = 1,
        [string]$Component = [System.String]::Empty,
        [Int32]$Thread = 0

    Begin {
        if ($Thread -eq 0) {
            $Thread = [System.Threading.Thread]::CurrentThread.ManagedThreadId

        $Date = Get-Date
        $Time = ($Date.ToString("HH:mm:ss.fff") + "+" + ([System.TimeZone]::CurrentTimeZone.GetUtcOffset((Get-Date)).TotalMinutes * -1))
        $Day = $Date.ToString("MM-dd-yyyy")

        $File = $FilePath.Substring($FilePath.LastIndexOf("\") + 1)

    Process {
        [string]$Log = "<![LOG[" + $Message + "]LOG]!><time=`"$Time`" date=`"$Day`" component=`"$Component`" context=`"`" type=`"$LogLevel`" thread=`"$Thread`" file=`"$File`">`r`n"

    End {
        Add-Content -Path $FilePath -Value $Log -Force

Function Get-IPv6ConfigurationOptions {
            Writes the HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters DisabledComponents key property possible options.
            The Get-IPv6ConfigurationOptions cmdlet writes the HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters DisabledComponents key property possible options. This registry key entry determines which components of IPv6 are enabled or disabled.
            The cmdlet writes the possible values to enter in this key entry.
            PS C:\>Get-IPv6ConfigurationOptions
            This command returns the possible registry key settings as an array of PSCustomObjects.
            AUTHOR: Michael Haken
            LAST UPDATE: 2/28/2016


    Begin {}

    Process {
        Write-Output $script:IPv6Configs

    End {}

Function Get-ProcessToken {
            Gets the token handle for a specified process.
            The Get-ProcessToken cmdlet gets a token handle pointer for a specified process.
            The CmdLet must be run with elevated permissions.
        .PARAMETER ProcessName
            The name of the process to get a token handle for.
        .PARAMETER ProcessId
            The Id of the process to get a token handle for.
        .PARAMETER CloseHandle
            Specifies if the handle to the token should be closed. Do not close the handle if you want to duplicate the token in another process.
            Get-ProcessToken -ProcessName lsass
            Gets the token handle for the lsass process.
            AUTHOR: Michael Haken
            LAST UPDATE: 3/25/2016


    DynamicParam {
        # Create the dictionary
        $RuntimeParameterDictionary = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameterDictionary

        #region Name
        # Create the collection of attributes
        $AttributeCollection = New-Object -TypeName System.Collections.ObjectModel.Collection[System.Attribute]
        # Create and set the parameters' attributes
        $ParameterAttribute = New-Object -TypeName System.Management.Automation.PARAMETERAttribute
        $ParameterAttribute.Mandatory = $true
        $ParameterAttribute.Position = 0
        $ParameterAttribute.ParameterSetName ="Name"

        # Add the attributes to the attributes collection

        # Generate and set the ValidateSet
        $Set = Get-Process | Select-Object -ExpandProperty Name 
        $ValidateSetAttribute = New-Object -TypeName System.Management.Automation.ValidateSetAttribute($Set)

        #Add Alias
        $AliasAttribute = New-Object -TypeName System.Management.Automation.AliasAttribute("Name")

        # Create and return the dynamic parameter
        $RuntimeParameter = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameter("ProcessName", [string], $AttributeCollection)
        $RuntimeParameterDictionary.Add("ProcessName", $RuntimeParameter)

        #region Id

        # Create the collection of attributes
        $AttributeCollection = New-Object -TypeName System.Collections.ObjectModel.Collection[System.Attribute]
        # Create and set the parameters' attributes
        $ParameterAttribute = New-Object -TypeName System.Management.Automation.PARAMETERAttribute
        $ParameterAttribute.Mandatory = $true
        $ParameterAttribute.Position = 0
        $ParameterAttribute.ParameterSetName ="Id"
        # Add the attributes to the attributes collection

        # Generate and set the ValidateSet
        $Set = Get-Process | Select-Object -ExpandProperty Id 
        $ValidateSetAttribute = New-Object -TypeName System.Management.Automation.ValidateSetAttribute($Set)

        #Add Alias
        $AliasAttribute = New-Object -TypeName System.Management.Automation.AliasAttribute("Id")

        # Create and return the dynamic parameter
        $RuntimeParameter = New-Object -TypeName System.Management.Automation.RuntimeDefinedParameter("ProcessId", [Int32], $AttributeCollection)
        $RuntimeParameterDictionary.Add("ProcessId", $RuntimeParameter)

        return $RuntimeParameterDictionary

    Begin {

        if (!([System.Security.Principal.WindowsPrincipal][System.Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)) {
            throw "Run the cmdlet with elevated credentials."

    Process {

        [IntPtr]$DulicateTokenHandle = [IntPtr]::Zero
        [IntPtr]$ProcessTokenHandle = [IntPtr]::Zero
        if (!([System.Management.Automation.PSTypeName]"AdjPriv").Type) {
            Add-Type -MemberDefinition $script:TokenSignature -Name AdjPriv -Namespace AdjPriv

        $AdjPriv = [AdjPriv.AdjPriv]

        try {
            switch ($PSCmdlet.ParameterSetName) {
                "Name" {
                    $Process = Get-Process -Name $PSBoundParameters.ProcessName
                "Id" {
                    $Process = Get-Process -Id $PSBoundParameters.ProcessId
                default {
                    throw "Cannot determine parameter set."

            $ReturnValue = $AdjPriv::OpenProcessToken($Process.Handle, ([AdjPriv.AdjPriv]::TOKEN_IMPERSONATE -BOR [AdjPriv.AdjPriv]::TOKEN_DUPLICATE), [ref]$ProcessTokenHandle)
            $ReturnValue = $AdjPriv::DuplicateToken($ProcessTokenHandle, [AdjPriv.AdjPriv+SECURITY_IMPERSONATION_LEVEL]::SecurityImpersonation, [ref]$DulicateTokenHandle)
            if($ReturnValue -eq $null -or $ReturnValue -eq $false) {
                throw (New-Object -TypeName System.Exception([System.ComponentModel.Win32Exception][System.Runtime.InteropServices.marshal]::GetLastWin32Error()))
        finally {
            $AdjPriv::CloseHandle($ProcessTokenHandle) | Out-Null

            if ($CloseHandle) {
                $AdjPriv::CloseHandle($DulicateTokenHandle) | Out-Null

    End {
        Write-Output $DulicateTokenHandle

Function Set-ProcessToken {
            Replaces the process token for the current process thread with a token from another process.
            The Set-ProcessToken cmdlet takes a token handle from another process and then sets the process thread to use that token. Then it closes the token handle.
            The passed token handle must not be closed before it is passed.
            The CmdLet must be run with elevated permissions.
        .PARAMETER TokenHandle
            The Token Handle pointer that will replace the current process thread token.
        .PARAMETER ElevatePrivileges
            Adds the SeDebugPrivilege to the current process thread, which may be needed to replace the current process thread token.
            Get-ProcessToken -ProcessName lsass | Set-ProcessToken
            Gets the token handle for the lsass process and replaces the current process thread token.
            AUTHOR: Michael Haken
            LAST UPDATE: 3/25/2016


    Begin {
        if (!([System.Security.Principal.WindowsPrincipal][System.Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)) {
            throw "Run the cmdlet with elevated credentials."

    Process {
        if (!([System.Management.Automation.PSTypeName]"AdjPriv").Type) {
            Add-Type -MemberDefinition $script:TokenSignature -Name AdjPriv -Namespace AdjPriv

        $AdjPriv = [AdjPriv.AdjPriv]

        if ($ElevatePrivileges) {

            $TokenPrivilege1Luid = New-Object AdjPriv.AdjPriv+TokPriv1Luid
            $TokenPrivilege1Luid.Count = 1
            $TokenPrivilege1Luid.Luid = 0
            $TokenPrivilege1Luid.Attr = [AdjPriv.AdjPriv]::SE_PRIVILEGE_ENABLED

            [System.IntPtr]$TempToken = [System.IntPtr]::Zero

            $ReturnValue = $AdjPriv::LookupPrivilegeValue($null, "SeDebugPrivilege", [ref]$TokenPrivilege1Luid.Luid)
            $ReturnValue = $AdjPriv::OpenProcessToken($AdjPriv::GetCurrentProcess(), [AdjPriv.AdjPriv]::TOKEN_ALL_ACCESS, [ref]$TempToken)
            $TokenPrivileges = New-Object -TypeName AdjPriv.AdjPriv+TOKEN_PRIVILEGES
            $DisableAllPrivileges = $false
            $BufferLength = 12
            $ReturnValue = $AdjPriv::AdjustTokenPrivileges($TempToken, $DisableAllPrivileges, [ref]$TokenPrivilege1Luid, $BufferLength, [IntPtr]::Zero, [IntPtr]::Zero)

            if($ReturnValue -eq $null -or $ReturnValue -eq $false) {
                throw (New-Object -TypeName System.Exception([System.ComponentModel.Win32Exception][System.Runtime.InteropServices.Marrshal]::GetLastWin32Error()))

        try {
            $ReturnValue = $AdjPriv::SetThreadToken([IntPtr]::Zero, $TokenHandle)

            if($ReturnValue -eq $null -or $ReturnValue -eq $false) {
                throw (New-Object -TypeName System.Exception([System.ComponentModel.Win32Exception][System.Runtime.InteropServices.Marshal]::GetLastWin32Error()))
        finally {
            $AdjPriv::CloseHandle($TokenHandle) | Out-Null

    End {
        Write-Host "Successfully duplicated token to current process thread."

Function Reset-ProcessToken {
            Reverts to the process thread token to the current user.
            The Reset-ProcessToken cmdlet needs to be called to end any process impersonation called through DdeImpersonateClient, ImpersonateDdeClientWindow, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient, ImpersonateSelf, ImpersonateAnonymousToken or SetThreadToken.
            Underlying the cmdlet is a P/Invoke call to RevertToSelf() in AdvApi32.dll.
            The CmdLet must be run with elevated permissions.
            Reverts the process thread to use the token of the current user.
            AUTHOR: Michael Haken
            LAST UPDATE: 3/25/2016


    Begin {
        if (!([System.Security.Principal.WindowsPrincipal][System.Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)) {
            throw "Run the cmdlet with elevated credentials."

    Process {
        if (!([System.Management.Automation.PSTypeName]"AdjPriv").Type) {
            Add-Type -MemberDefinition $script:TokenSignature -Name AdjPriv -Namespace AdjPriv

        $AdjPriv = [AdjPriv.AdjPriv]

        #RevertToSelf is equivalent to SetThreadToken([System.IntPtr]::Zero, [System.IntPtr]::Zero)
        $ReturnValue = $AdjPriv::RevertToSelf()

        if($ReturnValue -eq $null -or $ReturnValue -eq $false) {
            throw (New-Object -TypeName System.Exception([System.ComponentModel.Win32Exception][System.Runtime.InteropServices.Marshal]::GetLastWin32Error()))

    End {
        Write-Host "Successfully executed RevertToSelf() and reset the process thread token."

Function Get-LsaSecret {
            Enumerates the content of the LSA Secrets registry hive.
            The cmdlet first duplicates the lsass process token and sets it to the current process thread. Then it copies each secret stored in HKLM:\SECURITY\Policy\Secrets to a temporary location.
            After the content is copied over, Lsa functions from AdvApi32.dll are called to decrypt the content. When the cmdlet finishes, it leaves the registry area unchanged and reverts the process thread token.
            The CmdLet must be run with elevated permissions.
            Retrieves all of the stored secrets in the registry using HKLM:\SECURITY\Policy\Secrets\<Generated GUID> to store the temporary information.
            AUTHOR: Michael Haken
            LAST UPDATE: 3/27/2016


    Begin {
        if (!([System.Management.Automation.PSTypeName]"Lsa").Type) {
            Add-Type -MemberDefinition $script:LsaSignature -Name Lsa -Namespace Lsa

        Get-ProcessToken -ProcessName lsass | Set-ProcessToken

        $TempKey = [System.Guid]::NewGuid().ToString()

        $Lsa = [Lsa.Lsa]

        $Destination = "HKLM:\SECURITY\Policy\Secrets\$TempKey"

        if ((Get-Item -Path $Destination -ErrorAction SilentlyContinue) -ne $null) {
            Remove-Item -Path $Destination -Recurse -Force | Out-Null

        New-Item -Path $Destination | Out-Null

    Process {
        $Secrets = @()

        #Get all sub keys in secrets, these are the accounts
        Get-ChildItem -Path "HKLM:\SECURITY\Policy\Secrets" | Where-Object  {$_.Name -notmatch $TempKey -and $_.Property -ne $null} | ForEach-Object {
            $AccountName = $_.PSChildName
            #Get all the sub keys of the accounts, these are keys like CurrVal, OldVal, CupdTime, etc
            Get-ChildItem -Path $_.PSPath | ForEach-Object {
                $ItemName = $_.PSChildName

                if ((Test-Path -Path "$Destination\$ItemName")) {
                    Remove-Item -Path "$Destination\$ItemName" -Recurse -Force | Out-Null

                [System.Byte[]]$Property = Get-ItemProperty -Path $_.PSPath | Select-Object -ExpandProperty "(Default)"
                New-Item -Path "$Destination\$ItemName" | Out-Null
                Set-ItemProperty -Path "$Destination\$ItemName" -Name '(Default)' -Value $Property

            $ObjectAttributes = New-Object -TypeName Lsa.Lsa+LSA_OBJECT_ATTRIBUTES
            $ObjectAttributes.Length = 0;
            $ObjectAttributes.RootDirectory = [System.IntPtr]::Zero
            $ObjectAttributes.Attributes = 0;
            $ObjectAttributes.SecurityDescriptor = [System.IntPtr]::Zero
            $ObjectAttributes.SecurityQualityOfService = [System.IntPtr]::Zero

            $Localsystem = New-Object -TypeName Lsa.Lsa+LSA_UNICODE_STRING
            $Localsystem.Buffer = [System.IntPtr]::Zero
            $Localsystem.Length = 0;
            $Localsystem.MaximumLength = 0;

            $SecretName = New-Object -TypeName Lsa.Lsa+LSA_UNICODE_STRING
            $SecretName.Buffer = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni($TempKey)
            $SecretName.Length = [System.UInt16]($TempKey.Length * [System.Text.UnicodeEncoding]::CharSize)
            $SecretName.MaximumLength = [System.UInt16](($TempKey.Length + 1) *[System.Text.UnicodeEncoding]::CharSize)

            #LSA Policy Handle
            [System.IntPtr]$LsaPolicyHandle = [System.IntPtr]::Zero
            [Lsa.Lsa+LSA_AccessPolicy]$AccessPolicy = [Lsa.Lsa+LSA_AccessPolicy]::POLICY_GET_PRIVATE_INFORMATION
            [System.UInt16]$OpenPolicyResut = [Lsa.Lsa]::LSAOpenPolicy([ref]$LocalSystem, [ref]$ObjectAttributes, $AccessPolicy, [ref]$LsaPolicyHandle)
            [System.UInt16]$OpenPolicyErrorCode = [Lsa.Lsa]::LsaNtStatusToWinError($OpenPolicyResut)

            if ($OpenPolicyErrorCode -ne 0) {
                Write-Warning (New-Object -TypeName System.Exception([System.ComponentModel.Win32Exception][System.Runtime.InteropServices.Marshal]::GetLastWin32Error()))

            # Retrieve Private Data
            [System.IntPtr]$PrivateDataHandle = [System.IntPtr]::Zero
            $RetrievePrivateDataResult = [Lsa.Lsa]::LsaRetrievePrivateData($LsaPolicyHandle, [ref]$SecretName, [ref]$PrivateDataHandle)
            [System.UInt16]$RetrievePrivateDataErroCode = [Lsa.Lsa]::LsaNtStatusToWinError($RetrievePrivateDataResult)

            [System.UInt16]$CloseResult = [Lsa.Lsa]::LsaClose($LsaPolicyHandle)
            [System.UInt16]$CloseErrorCode = [Lsa.Lsa]::LsaNtStatusToWinError($CloseResult)

            if ($CloseErrorCode -ne 0) {
                Write-Warning (New-Object -TypeName System.Exception(New-Object -TypeName System.ComponentModel.Win32Exception($CloseErrorCode)) | Format-List)

            if ($RetrievePrivateDataErroCode -ne 0) {
                Write-Warning (New-Object -TypeName System.Exception(New-Object -TypeName System.ComponentModel.Win32Exception($RetrievePrivateDataErroCode)))

            try {
                [Lsa.Lsa+LSA_UNICODE_STRING]$SecretData = [Lsa.Lsa+LSA_UNICODE_STRING][System.Runtime.InteropServices.Marshal]::PtrToStructure($PrivateDataHandle, [System.Type][Lsa.Lsa+LSA_UNICODE_STRING])
                [System.String]$Value = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($SecretData.Buffer)
            catch [Exception] {
                $Value = [System.String]::Empty

            if ($AccountName -match "^_SC_") {
                # Get Service Account
                $Service = $AccountName -Replace "^_SC_"
                Try {
                    # Get Service Account
                    $Service = Get-WmiObject -Query "SELECT StartName FROM Win32_Service WHERE Name = '$Service'" -ErrorAction Stop
                    $Account = $Service.StartName
                catch [Exception] {
                    $Account = [System.String]::Empty
            } else {
                $Account = [System.String]::Empty

            $Secrets += (New-Object -TypeName PSObject -Property @{Name = $AccountName; Secret = $Value; Account = $Account; EncryptedBinary = [System.Byte[]](Get-ItemProperty -Path "$Destination\CurrVal" -Name "(Default)" | Select-Object -ExpandProperty "(Default)")})
            [System.UInt16]$FreeMemoryResult = [Lsa.Lsa]::LsaFreeMemory($PrivateDataHandle)
            [System.UInt16]$FreeMemoryErrorCode = [Lsa.Lsa]::LsaNtStatusToWinError($FreeMemoryResult)

            if ($FreeMemoryErrorCode -ne 0) {
                Write-Warning (New-Object -TypeName System.Exception(New-Object -TypeName System.ComponentModel.Win32Exception($FreeMemoryErrorCode)) | Format-List)

    End {
        Remove-Item -Path "$Destination" -Force -Recurse
        Write-Output $Secrets

Function ConvertFrom-Xml {
            Converts an Xml object to as PSObject.
            The ConvertFrom-Xml recursively goes through an Xml object and enumerates the properties of each inputted element. Those properties are accessed and added to the returned object.
            An XmlElement that has attribtued and XmlText will end up with the XmlText value represented as a "#name" property in the resulting object.
            ConvertFrom-Xml -InputObject $XmlObj
            Returns an PSObject constructed from the $XmlObj variable
        .PARAMETER InputObject
            The InputObject is an Xml type in the System.Xml namespace. It could be an XmlDocument, XmlElement, or XmlNode for example. It cannot be a collection of Xml objects.
            AUTHOR: Michael Haken
            LAST UPDATE: 3/31/2015

        [ValidateScript({$_.GetType().Namespace -eq "System.Xml"})]

    Begin {
        $private:Hash = @{}

    Process {
        Get-Member -InputObject $InputObject -MemberType Property | Where-Object {$_.Name -ne "xml" -and (![System.String]::IsNullOrEmpty($_.Name))} | ForEach-Object {
            $PropertyName = $_.Name
            $InputItem = $InputObject.($PropertyName)

            #There are multiple items with the same tag name
            if ($InputItem.GetType() -eq [System.Object[]]) {
                #Make the tag name an array
                $private:Hash.($PropertyName) = @()

                #Go through each item in the array
                $InputItem | Where-Object {$_ -ne $null} | ForEach-Object {
                    #Item is an object in the array
                    $Item = $_
                    [System.Type]$Type = $Item.GetType()

                    if ($Type.IsPrimitive -or $Type -eq [System.String]) {                   
                        $private:Hash.($PropertyName) = $Item
                    else {
                        #Create a temp variable to hold the new object that will be added to the array
                        $Temp = @{}  
                        #Make attributes properties of the object
                        $Item.Attributes | ForEach-Object {
                            $Temp.($_.Name) = $_.Value

                        #As an XmlElement, the element will have at least 1 childnode, it's value
                        $Item.ChildNodes | Where-Object {$_ -ne $null -and ![System.String]::IsNullOrEmpty($_.Name)} | ForEach-Object {
                            $ChildNode = $_
                            if ($ChildNode.HasChildNodes) {
                                #If the item has 1 childnode and the childnode is XmlText, then the child is this type of element,
                                #<Name>ValueText</Name>, so its child is just the value
                                if ($ChildNode.ChildNodes.Count -eq 1 -and $ChildNode.ChildNodes[0].GetType() -eq [System.Xml.XmlText] -and !($ChildNode.HasAttributes)) {
                                    $Temp.($ChildNode.ToString()) = $ChildNode.ChildNodes[0].Value
                                else {
                                    $Temp.($ChildNode.ToString()) = ConvertFrom-Xml -InputObject $ChildNode
                            else {
                                $Temp.($ChildNode.ToString()) = $ChildNode.Value
                        $private:Hash.($PropertyName) += $Temp
            else {
                if ($InputItem -ne $null) {
                    $Item = $InputItem
                    [System.Type]$Type = $InputItem.GetType()
                    if ($Type.IsPrimitive -or $Type -eq [System.String]) {                   
                        $private:Hash.($PropertyName) = $Item
                    else {

                        $private:Hash.($PropertyName) = @{}  
                        $Item.Attributes | ForEach-Object {
                            $private:Hash.($PropertyName).($_.Name) = $_.Value

                        $Item.ChildNodes | Where-Object {$_ -ne $null -and ![System.String]::IsNullOrEmpty($_.Name)} | ForEach-Object {
                            $ChildNode = $_
                            if ($ChildNode.HasChildNodes) {
                                if ($ChildNode.ChildNodes.Count -eq 1 -and $ChildNode.ChildNodes[0].GetType() -eq [System.Xml.XmlText] -and !($ChildNode.HasAttributes)) {      
                                    $private:Hash.($PropertyName).($ChildNode.ToString()) = $ChildNode.ChildNodes[0].Value
                                else {
                                    $private:Hash.($PropertyName).($ChildNode.ToString()) = ConvertFrom-Xml -InputObject $ChildNode
                            else {
                                $private:Hash.($PropertyName).($ChildNode.ToString()) = $ChildNode.Value

    End {
        Write-Output (New-Object -TypeName System.Management.Automation.PSObject -Property $private:Hash)

$script:IPv6Configs = @(
    [PSCustomObject]@{Name="IPv6 Disabled On All Interfaces";Value="0xFFFFFFFF"},
    [PSCustomObject]@{Name="IPv6 Enabled only on tunnel interfaces";Value="0xFFFFFFFE"}, 
    [PSCustomObject]@{Name="IPv6 Disabled On Tunnel Interfaces, Enabled On All Others";Value="0xFFFFFFEF"},
    [PSCustomObject]@{Name="IPv6 Disabled On Loopback Interface, Enabled On All Others";Value="0xFFFFFFEE"},
    [PSCustomObject]@{Name="IPv6 Disabled, Prefer IPv6 over IPv4";Value="0xFFFFFFDF"},
    [PSCustomObject]@{Name="IPv6 Enabled Only On Tunnel Interfaces, Prefer IPv6 of IPv4";Value="0xFFFFFFDE"},
    [PSCustomObject]@{Name="IPv6 Enabled On All Non Tunnel Interfaces, Prefer IPv6 over IPv4";Value="0xFFFFFFCF"},
    [PSCustomObject]@{Name="IPv6 Disabled On Loopback Interface, Prefer IPv6 over IPv4";Value="0xFFFFFFCE"},
    [PSCustomObject]@{Name="IPv6 Disabled On All Interfaces";Value="0x000000FF"},
    [PSCustomObject]@{Name="IPv6 Prefer IPv4 over IPv6 by changing entries in prefix policy table";Value="0x00000020"},
    [PSCustomObject]@{Name="IPv6 Disabled on LAN and PPP interfaces ";Value="0x00000010"},
    [PSCustomObject]@{Name="Disable Teredo";Value="0x00000008"},
    [PSCustomObject]@{Name="Disable ISATAP";Value="0x00000004"},
    [PSCustomObject]@{Name="Disable 6to4";Value="0x00000002"},
    [PSCustomObject]@{Name="IPv6 Disabled on Tunnel Interfaces including ISATAP, 6to4 and Teredo";Value="0x00000001"}

 $script:Ports = @(
    [PSCustomObject]@{"Service"="FTP Data";"Port"=20},
    [PSCustomObject]@{"Service"="FTP Command";"Port"=21},
    [PSCustomObject]@{"Service"="DHCP Server";"Port"=67},
    [PSCustomObject]@{"Service"="DHCP Client";"Port"=68},
    [PSCustomObject]@{"Service"="NetBIOS Name Service";"Port"=137},
    [PSCustomObject]@{"Service"="NetBIOS Datagram Service";"Port"=138},
    [PSCustomObject]@{"Service"="NetBIOS Session Service";"Port"=139},
    [PSCustomObject]@{"Service"="SQL Browser";"Port"=1434},
    [PSCustomObject]@{"Service"="Oracle DB";"Port"=1521},
    [PSCustomObject]@{"Service"="HTTP Proxy";"Port"=8080},
    [PSCustomObject]@{"Service"="Global Catalog";"Port"=3268},
    [PSCustomObject]@{"Service"="Global Catalog/SSL";"Port"=3269},

$script:TokenSignature = @"
    SecurityAnonymous = 0,
    SecurityIdentification = 1,
    SecurityImpersonation = 2,
    SecurityDelegation = 3
[StructLayout(LayoutKind.Sequential, Pack = 1)]
public struct TokPriv1Luid
    public int Count;
    public long Luid;
    public int Attr;
public const int SE_PRIVILEGE_ENABLED = 0x00000002;
public const int TOKEN_QUERY = 0x00000008;
public const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
public const UInt32 STANDARD_RIGHTS_REQUIRED = 0x000F0000;
public const UInt32 STANDARD_RIGHTS_READ = 0x00020000;
public const UInt32 TOKEN_ASSIGN_PRIMARY = 0x0001;
public const UInt32 TOKEN_DUPLICATE = 0x0002;
public const UInt32 TOKEN_IMPERSONATE = 0x0004;
public const UInt32 TOKEN_QUERY_SOURCE = 0x0010;
public const UInt32 TOKEN_ADJUST_GROUPS = 0x0040;
public const UInt32 TOKEN_ADJUST_DEFAULT = 0x0080;
public const UInt32 TOKEN_ADJUST_SESSIONID = 0x0100;
public const string SE_TIME_ZONE_NAMETEXT = "SeTimeZonePrivilege";
public const int ANYSIZE_ARRAY = 1;
public struct LUID
    public UInt32 LowPart;
    public UInt32 HighPart;
public struct LUID_AND_ATTRIBUTES {
    public LUID Luid;
    public UInt32 Attributes;
public struct TOKEN_PRIVILEGES {
    public UInt32 PrivilegeCount;
    [MarshalAs(UnmanagedType.ByValArray, SizeConst=ANYSIZE_ARRAY)]
    public LUID_AND_ATTRIBUTES [] Privileges;
[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, out IntPtr DuplicateTokenHandle);
[DllImport("advapi32.dll", SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetThreadToken(
    IntPtr PHThread,
    IntPtr Token
[DllImport("advapi32.dll", SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
[DllImport("kernel32.dll", ExactSpelling = true)]
public static extern IntPtr GetCurrentProcess();
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
public static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
[DllImport( "kernel32.dll", CharSet = CharSet.Auto )]
public static extern bool CloseHandle( IntPtr handle );
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool RevertToSelf();

$script:LsaSignature = @"
public struct LSA_UNICODE_STRING
    public UInt16 Length;
    public UInt16 MaximumLength;
    public IntPtr Buffer;
    public int Length;
    public IntPtr RootDirectory;
    public LSA_UNICODE_STRING ObjectName;
    public uint Attributes;
    public IntPtr SecurityDescriptor;
    public IntPtr SecurityQualityOfService;
public enum LSA_AccessPolicy : long
    POLICY_TRUST_ADMIN = 0x00000008L,
    POLICY_CREATE_ACCOUNT = 0x00000010L,
    POLICY_CREATE_SECRET = 0x00000020L,
    POLICY_AUDIT_LOG_ADMIN = 0x00000200L,
    POLICY_SERVER_ADMIN = 0x00000400L,
    POLICY_LOOKUP_NAMES = 0x00000800L,
[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
public static extern uint LsaRetrievePrivateData(
    IntPtr PolicyHandle,
    out IntPtr PrivateData
[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
public static extern uint LsaStorePrivateData(
     IntPtr policyHandle,
     ref LSA_UNICODE_STRING KeyName,
     ref LSA_UNICODE_STRING PrivateData
[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
public static extern uint LsaOpenPolicy(
    ref LSA_UNICODE_STRING SystemName,
    ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
    uint DesiredAccess,
    out IntPtr PolicyHandle
[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
public static extern uint LsaNtStatusToWinError(
    uint status
[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
public static extern uint LsaClose(
    IntPtr policyHandle
[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
public static extern uint LsaFreeMemory(
    IntPtr buffer