Last active
May 19, 2016 02:58
-
-
Save ScriptAutomate/8757c58bb5f0d27e8259 to your computer and use it in GitHub Desktop.
DEMO COMMANDS USED IN SECURE360 PRESENTATION (05/18/15)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Links: | |
| https://github.com/ScriptAutomate/AuditTools | |
| https://halfwaytoinfinite.com/ | |
| https://twitter.com/ScriptAutomate | |
| https://secure360.org | |
| #> | |
| break # To prevent accidental example script execution | |
| # Simple local group auditing on Server 2016 TP5 | |
| Get-LocalGroupMember -Group Administrators | |
| # Create spreadsheet of local admins with the local computername in the title | |
| Get-LocalGroupMember -Group Administrators | Export-Csv "$EVN:ComputerName-localadmins.csv" -NoTypeInformation | |
| # AD DEMO | |
| Search-ADAccount -AccountDisabled # Enable-ADAccount | |
| $LockedOut = Search-ADAccount -LockedOut # Unlock-ADAccount | |
| $LockedOut | |
| Get-ATADUserAudit $LockedOut.Name | |
| Search-ADAccount -PasswordNeverExpires # Set-ADAccountExpiration | |
| # Simple Password Change: Set-ADAccountPassword | |
| Get-ADDefaultDomainPasswordPolicy | |
| Get-ADGroupMember "Domain Admins" | |
| Get-ADPrincipalGroupMembership "Bobby" | |
| Get-ADReplicationAttributeMetadata (Get-ADGroup "Domain Admins") -Server DC-2012R2-CORE -ShowAllLinkedValue | | |
| Out-GridView | |
| ### AuditTools Examples ### | |
| Import-Module AuditTools | |
| Get-Command -Module AuditTools | |
| # ActiveDirectory Module Dependent | |
| Get-ATADFSMO | |
| Get-ATADUserAudit Bobby | |
| # Non-AD, commands unable to show in presentation from AuditTools | |
| $Shares = Get-ATShareHunter -AllEnabledComputers | |
| $Shares | |
| $ScriptsACL = $Shares | where {$_.Name -eq "scripts"} | Get-ATShareACL | |
| $ScriptsACL | |
| $ScriptsACL | Out-GridView | |
| $LocalAdmins = Get-ATLocalAdminMember -ComputerName DSCCLIENT1,DSCCLIENT2 | |
| $LocalAdmins | |
| $LocalAdmins | Export-CSV C:\temp\localadmins.csv -NoTypeInformation | |
| #scalc.exe C:\temp\localadmins.csv | |
| # IIS App Pool Issues | |
| $IISServers = @("DSCCLIENT1","DSCCLIENT2") | |
| # View Identity Passwords in Plain Text | |
| Invoke-Command -ComputerName $IISServers -ScriptBlock { | |
| Import-Module WebAdministration | |
| (ls IIS:\AppPools | Get-ItemProperty).ProcessModel | select UserName,Password | |
| } | |
| ### REQUIREMENTS FOR GROUP MANAGED SERVICE ACCOUNTS ### | |
| # At least one Windows Server 2012 Domain Controller (Extended Schema to 2012) | |
| # A Windows Server 2012 or Windows 8 machine with the ActiveDirectory PowerShell module, to create/manage the gMSA. | |
| # A Windows Server 2012 or Windows 8 domain member to run/use the gMSA. | |
| ### LINK FOR TUTORIAL WALKTHROUGH AND OFFICIAL DOCUMENTATION ### | |
| #https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/ | |
| #https://technet.microsoft.com/en-us/library/hh831782%28v=ws.11%29.aspx | |
| ### BENEFITS ### | |
| # Passwords are managed by AD! No need to store password elsewhere. | |
| # Can't have password retrieved in Plain Text from IIS Web Server app pool identities! | |
| # A single gMSA can be used on multiple hosts. | |
| # A gMSA can be used for scheduled tasks. | |
| # A gMSA can be used for IIS Application Pools, and other apps that support it | |
| # If time for GPO examples?? | |
| # Need RSAT installed | |
| Get-GPO -All | |
| Get-GPO -Name "Default Domain Policy" | | |
| Get-GPOReport -ReportType Html -Path C:\temp\gpo.html | |
| .\gpo.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment