Postpwned Ramblings

I created a PowerShell script to vaccinate systems from Bad Rabbit based on the findings of Amit Serper. I will be turning this into a Compliance Item in SCCM in order to get this to the systems in the company. Using Compliance Items will help us keep track of this and will attempt to rerun this script in the event that permissions ever get changed. It'll also allow for nice reporting for management. Edit: There's a much better way to do this: Using this method, it's much easier just to add a filename and it's relative path to the $files variable. This change makes the script much more scalable and dynamic. Edit 2: It looks like someone much better than me already beat me to this. Anders Rodland has created a Configuration Item and Remediation script nearly identical to mine and a few days before me. Jay Rosenberg from Intezer Labs has written more about Bad Rabbit and its relationship with NotPetya - the article can be read here.

In preparation for migrating our workstations over to Microsoft BitLocker Administration Management (MBAM), I wanted to backup the recovery keys for my team's systems since we're testing and implementing it. In order to do this, I needed to write something that would pull in every computer in an OU in AD, then grab the msFVE-RecoveryInformation class for each object. I know, I know... there's better ways to create the PSObject. I've been mired in writing in PowerShell 2.0 to support the Windows XP systems here at the company. I know, I know... yes, we still have Windows XP. Yes, there are plans on moving to a supported OS. No, I don't know when that will be.