Kamal Farmer | HKEY_LOCAL_MACHINE
0 FOLLOWERS
Kamal is a Microsoft and VMware infrastructure specialist, spending his days solving complex problems for Tier 1 companies.
Kamal Farmer | HKEY_LOCAL_MACHINE
4y ago
I’ve recently been looking at extending the standard set of auditing (from the previous scripts mentioned in Part 1, Part 2, and Part 3) to include DHCP scope information, and IIS-based website information. Before getting into DHCP and IIS, I run an audit of all services, like this: [crayon-5e145e96b3b00561211020/] $getservices now contains all of your ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
4y ago
This seems completely unnecessary – surely you already know what attributes you already use for your Active Directory objects, right? Well, not always. And why is it even important to know? When working in large Active Directory environments, architecture and governance are often after-thoughts – and many of the largest Active Directory environments I’ve worked ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
4y ago
Nothing fancy here. For a given set of usernames, show me the common groups that they are *all* in. EG; if I have a list of 20 usernames, I need to check all of their group memberships and find the common thread(s) that run between every user. There are probably a dozen of ways to ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
4y ago
DCSync is a tool within Mimikatz that allows you (assuming you have the rights) to impersonate a Domain Controller and request a sync from a live Domain Controller (effectively taking a full copy of the Active Directory database, including all password hashes). The DCSync exploit is well documented HERE. Normally, DCSync attacks are performed after ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
4y ago
********* UPDATE 05/08/2019 ********* It’s been a while (4 years!) since using this script, and have found a few flaws in its logic and execution, especially when it comes to SQL 2000 instances (yes, they’re still very much out there). The script below has now been updated and tested and should work correctly on servers ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
5y ago
When reviewing permissions on folders, it’s often important to not only know what groups have been assigned access, but to show the members of those groups as well (all in a single report). And what if those groups have nested groups? We should be able to recurse those as well. This script achieves the following ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
5y ago
This is a bit of an oddly-specific one, but the request was “we need to shut down a specific set of services, in a specific order, for a number of servers”. And then the reverse to start them back up again. The scripts takes two files as inputs, one for the list of services (in ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
5y ago
Managing local Administrator passwords has notoriously been a headache, though the Microsoft Local Administrator Password Solution was designed to make the management of these passwords a lot less painful. One of the quirks of the solution, is that is stores each local Administrator password in the computer’s Active Directory object under the ms-mcs-admpwd attribute in ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
5y ago
One of the easiest things in Active Directory to get right (and one of the most neglected, in my experience) is ensuring that you have all of your subnets mapped to appropriate Active Directory Sites. There’s a common error in the Windows Event Log (5807) that alerts you when a Domain Controller is being hit ..read more
Kamal Farmer | HKEY_LOCAL_MACHINE
5y ago
There are some user attributes that are are easily visible through the Active Directory Users and Computers GUI, but when it comes to finding and setting them in a bulk/automated way, it’s a little trickier. Specifically, the userAccountControl attribute. You can see the details of the attribute here, and the types of data this single ..read more