powershell - Scrape Remote Registry and report on credential providers -


i'm not hot @ powershell i'm looking solution can report on credential providers being used pc , servers in windows domain.

i had found https://gallery.technet.microsoft.com/scriptcenter/detect-authentication-09b0a749 (note: not being used below) works fine on current session, want script run remotely against window os computers , produce report.

i want output username, provider used (based on regkey value corresponds provider) , computer used. if computer can't connected gracefully inform of failure. feel 'simply' scanning registry specific keys , outputting them seemed work script has encountered few issues:

  • it appears $keycheck1/2 isn't working. if sessiondata\1 exists script runs fine, doesn't fails find key , errors...

  • i have few of different providers in use, hence 'if $provider ='. problem doesn't seem picking value returns same result (duo secure)!

  • for reason output dropping value of $remotepc

for using write-host see happening, want email results (i 'should' ok tips may ease things along)

any advise appreciated.

get-adcomputer -filter {operatingsystem -like "windows 7 ent*"} -properties dnshostname | foreach-object {"$($_.dnshostname)"} | out-file -filepath "u:\computers.txt"  $filepath = "u:\computers.txt"  $computerlist = get-content $filepath  foreach($remotepc in $computerlist){      if((test-connection -computername $remotepc -count 1 -erroraction silentlycontinue)) {     $session = new-pssession -computername $remotepc     invoke-command -session $session -scriptblock{          $keycheck1 = 'hklm:\software\microsoft\windows\currentversion\authentication\logonui\sessiondata\1'         $keyexists1 = test-path $keycheck1 -isvalid         if ($keyexists1 -eq $true)              {             $key1 = 'hklm:\software\microsoft\windows\currentversion\authentication\logonui\sessiondata\1'             $provider = (get-itemproperty -path $key1 -name lastloggedonprovider)             $user = (get-itemproperty -path $key1 -name loggedonsamuser).loggedonsamuser              $provider = (get-itemproperty -path $key1 | select lastloggedonprovider)             $user = (get-itemproperty -path $key1 | select loggedonsamuser).loggedonsamuser              if ($provider = '{449b5f65-c836-4eb0-a00a-71c47ef75210}')                 {                 $usedprovider = "duo secure"                 }             elseif ($provider = '{8bf9a910-a8ff-457f-999f-a5ca10b4a885}')                 {                 $usedprovider = "smart card"                 }             elseif ($provider = '{8fd7e19c-3bf7-489b-a72c-846ab3678c96}')                 {                 $usedprovider = "smartcard"                  }             elseif ($provider = '{25cbb996-92ed-457e-b28c-4774084bd562}')                 {                 $usedprovider = "password only!"                 }             write-host $user used $usedprovider on $remotepc             }     else          {         $keycheck2 = 'hklm:\software\microsoft\windows\currentversion\authentication\logonui\sessiondata\2'         $keyexists2 = test-path $keycheck2 -isvalid         if ($keyexists2 -eq $true)             {             $key2 = 'hklm:\software\microsoft\windows\currentversion\authentication\logonui\sessiondata\2'             $provider = (get-itemproperty -path $key2 -name lastloggedonprovider)             $user = (get-itemproperty -path $key2 -name loggedonsamuser).loggedonsamuser              $provider = (get-itemproperty -path $key2 | select lastloggedonprovider)             $user = (get-itemproperty -path $key2 | select loggedonsamuser).loggedonsamuser              if ($provider = '{449b5f65-c836-4eb0-a00a-71c47ef75210}')                 {                 $usedprovider = "duo secure"                 }             elseif ($provider = '{8bf9a910-a8ff-457f-999f-a5ca10b4a885}')                 {                 $usedprovider = "smart card"                 }             elseif ($provider = '{8fd7e19c-3bf7-489b-a72c-846ab3678c96}')                 {                 $usedprovider = "smartcard"                  }             elseif ($provider = '{25cbb996-92ed-457e-b28c-4774084bd562}')                 {                 $usedprovider = "password only!"                 }             write-host $user used $usedprovider on $remotepc             }         }        } remove-pssession $session } else     {          } }


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more

c# - Asp.net web api : redirect unauthorized requst to forbidden page -

im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ? here's startup class : app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, expiretimespan = timespan.fromdays(30), }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); the method im trying reach : [httpget] [authorize(roles = "admin")] public string getcurrentusername() { return userman...
Read more