Windows-SysAdmin-ProSuite is an enterprise-grade, research-aligned automation platform for Windows Server and workstation environments — authored by Luiz Hamilton Silva (@brazilianscriptguy), Senior IAM Analyst, Windows Server Architect, and published researcher in digital forensics and cybersecurity.
Built around production-tested PowerShell and VBScript toolchains, the suite addresses five core operational pillars:
| Pillar | Scope |
|---|---|
| 🔐 Identity & Access Management | AD lifecycle, LDAP/SSO, credential hygiene |
| 🖥️ ITSM-Aligned Provisioning | Standardized workstation and server onboarding |
| 🛡️ Cybersecurity & Hardening | GPO enforcement, baseline templates, drift remediation |
| 🔬 Digital Forensics & DFIR | EVTX parsing, event correlation, incident response |
| 📋 Operational Auditability | Structured .log outputs, .csv exports, traceable execution |
All tooling enforces runtime safety, deterministic logging, and PowerShell 5.1 compatibility as non-negotiable requirements.
This is not a collection of demos or one-off scripts. It is a cohesive automation suite built for production use across:
| Environment | Primary Use Case |
|---|---|
| 🏛️ Public sector & judicial institutions | Compliance-driven provisioning and audit trails |
| 🏢 Enterprise & hybrid infrastructures | AD, WSUS, DNS, DHCP, PKI, RDS at scale |
| 🛡️ Blue Team / DFIR operations | Threat hunting, event log analysis, forensic collection |
| 📋 Governance, risk & compliance teams | GPO enforcement, ITSM-aligned change management |
| 🎓 Academic & research environments | Citeable tooling grounded in peer-reviewed methodology |
Eight specialized modules — each independently usable, collectively cohesive.
| Module | Purpose | Key Capabilities |
|---|---|---|
 |
PowerShell toolset for Windows Server, AD, network services & WSUS. | AD & OU lifecycle · GPO enforcement · WSUS & SUSDB · DNS, DHCP, CA, RDS |
 |
Defensive security & digital forensics utilities for investigation and IR. | DFIR collection · EVTX parsers · Credential audits · Threat hunting |
 |
Modular PowerShell framework shared by all modules. | Reusable helpers · Centralized logging · NuGet & SHA256 automation |
 |
Windows 10/11 workstation lifecycle automation aligned with ITSM. | Pre/post-join · Profile & printer standardization · Compliance hardening |
 |
Windows Server provisioning, hardening & ITSM compliance. | Server baselines · Role configuration · GPO drift remediation |
 |
Ready-to-import Group Policy Objects for domain and forest environments. | Security & UX GPOs · Forest-wide templates · Export/import automation |
 |
AD LDAP / SSO integration patterns for cross-platform apps. | PHP · .NET · Flask · Node.js · Spring Boot · Secure env-var binding |
 |
Unified GUI launcher and module orchestrator for the entire suite. | Centralized tool discovery · Menu-driven interface · Single entry point |
Every script in this suite is built against the same safety contract:
- ✅ PowerShell 5.1 first — PowerShell 7.x compatible where applicable
- ✅ No destructive action without explicit intent —
ShouldProcessenforced in all core logic - ✅ GUI-driven execution for operator safety in interactive scenarios
- ✅ Structured logging (
.log) and exportable audit reports (.csv) on every significant operation - ✅ No hidden state, no silent failures — every error path is surfaced and logged
- ✅ Credential hygiene by design — secrets bound via environment variables, never hardcoded
- ✅ ITSM-aligned change management — provisioning workflows follow standardized lifecycle patterns
Continuously evaluated via PSScriptAnalyzer, SARIF reporting, and GitHub Actions CI in report-only mode — visibility without blocking delivery.
| Tool | Role |
|---|---|
 |
PowerShell linting — runtime safety and best-practice enforcement |
 |
Secret scanning — prevents credential leaks at commit time |
 |
Markdown and web-asset formatting consistency |
 |
Cross-editor formatting standardization |
 |
Integrity-verified package releases |
 |
Deep static security analysis |
CI findings inform controlled remediation cycles — non-blocking by design, signal-rich by intent.
| Language | Share | Primary Use |
|---|---|---|
| PowerShell | 96.7% | Automation, IAM, DFIR, ITSM provisioning |
| VBScript | 1.3% | Legacy workstation automation |
| HTML | 0.6% | GUI components and report templates |
| T-SQL | 0.4% | WSUS SUSDB maintenance queries |
| Java / PHP / Other | 0.6% | AD LDAP / SSO integration examples |
Suitable for academic, technical, and policy-oriented citation across cybersecurity engineering, DFIR, IAM, IT governance, and ITSM-aligned infrastructure management.
Citation (APA):
Roberto da Silva, L. H. (2026). Windows-SysAdmin-ProSuite (Version 1.8.8) [Computer software]. Zenodo. https://doi.org/10.5281/zenodo.18487320
Selected publications:
- Roberto da Silva, L. H. (2025). SQL Syntax Models for Building Parsers to Query Event Logs in EVTX Format. Revista FT — Computer Science, Vol. 29, Issue 142. DOI: 10.69849/revistaft/th102502121360
- Roberto da Silva, L. H. (2024). Event Logs: Applying a Log Analysis Model for Auditing Event Record Registration. Sorian Editora. ISBN: 978-65-5453-366-9
- Roberto da Silva, L. H. (2009). Computer Networking Technology: Using GPOs to Secure Corporate Domains. Ciência Moderna.
Luiz Hamilton Silva — @brazilianscriptguy
Senior IAM Analyst · Identity & Access Management · AD & Azure AD · Windows Server Architect · PowerShell Automation · Digital Forensics Researcher
This project reflects years of operational use, continuous refinement in production environments, and a commitment to principled, auditable systems engineering.
Contributions are welcome. Please review CONTRIBUTING.md before submitting a pull request.
- Pull requests — bug fixes, documentation improvements, and new tools aligned with the suite's principles
- Attribution — required under the MIT License for any reuse or derivative work
- Academic / institutional reuse — please cite the repository DOI or the
CITATION.cfffile - Security disclosures — follow the
SECURITY.mdresponsible disclosure process
"Engineering secure, auditable, and scalable Windows automation for enterprise and public-sector environments — grounded in operational practice and peer-reviewed research."
© 2026 Luiz Hamilton Silva · MIT License · CHANGELOG · CITATION
PowerShell automation · Windows Server administration · Active Directory · Azure AD · DNS · DHCP · WSUS · Group Policy (GPO) · PKI · certificate management · Identity & Access Management (IAM) · ITSM provisioning · security hardening · credential hygiene · digital forensics · DFIR · EVTX log analysis · event correlation · incident response · CI/CD · GitHub Actions · PSScriptAnalyzer · NuGet · SHA256 · SARIF · CodeQL · secure DevOps · modular architecture · enterprise scripting · Windows infrastructure automation
