Powershell - Naughty One

Melbosa · January 29, 2016, 12:25:02 PM

So today, for my own benefit, I wrote two powershell scripts:

Test-LocalAuthenication
Test-ComputersByOULocalAuthentication

The second calls the first.

Why did I write these? Well as most IT people are aware, when doing any type of imaging/vm templating, you set your local admin password through sysprep/customization at deployment. Now if your security protocols in your organization mandate that servers should either randomize the Local Administrator password or have it disabled, then how do you know people are following that procedure?

So because even I might be negligent in some form here, I wrote some powershell to test just that - supply a UserName, Password and ComputerName and its test for Authentication to the local SAM store on said Computer. And then because I wanted to further my efforts through automation I wrote another that searches AD based on OU(s) to do that for multiple computers.

As you can probably guess, with so many servers created monthly through VM sprawl my list might been a bit more scary that one would like. So I am calling this the Naughty Powershells for my security team.

If anyone is curious I can share this code. I am quite proud of these as I spent a lot of time making them commercial ready Powershell modules using proper error writing, code block help documentation and verbose output.

EDIT
Version 1.2 Uploaded

Lazybones · January 29, 2016, 12:59:25 PM

I should bookmark this for later.

Mr. Analog · January 29, 2016, 01:02:40 PM

Yeah, attach them to your post maybe, I'm interested!

Melbosa · January 29, 2016, 04:16:07 PM

Ok, so I went another step further and wrote it as a full module you can load and no longer need the files separately. I am going to zip it and attach.

To use you have to complete the following in Powershell:

Code Select

Import-Module .\Test-ComputerLocalAuthentication.ps1

Once loaded you can use all the fun Get-Help commands on the different functions:

Code Select

Get-Help CheckforADModule
Get-Help PSVersionCheck3 -Detailed
Get-Help Test-LocalAuthentication -Examples
Get-Help Test-ComputersByOULocalAuthentication -Full

Or any combination of the -XXXX of the above.

NOTE the Requirements on the:

Code Select

Get-Help Test-ComputersByOULocalAuthentication -Full

Feel free to critique... as I have been at this a while now so I might have something in there that needs tweaking that I just can't see anymore.

EDIT:
Uploaded the wrong file lol.
File now in OP

Melbosa · January 29, 2016, 04:20:20 PM

Another testing tool... try it with -Verbose and -Debug as well when executing a function

Melbosa · February 01, 2016, 04:00:21 PM

Anyone check this out?

Thorin · February 01, 2016, 04:07:31 PM

I haven't yet, sorry. And you seem so proud of it, I feel like a bad papa for not looking.

Melbosa · February 01, 2016, 04:49:27 PM

LOL just thought I'd ask as peeps wanted me to post it.

Melbosa · February 02, 2016, 03:36:34 PM

New Release, now with new functionality:

Code Select

Get-Command -Module Test-ComputerLocalAuthentication

Updated OP with new File.

Melbosa · February 03, 2016, 03:44:21 PM

Found a problem today that you have to have admin access with your account that runs the powershell to the computers you are testing against. Going to try and impersonate the test authentication using the user name and password

Melbosa · February 04, 2016, 02:36:28 PM

OK I think I fixed the - Not Local Admin problem. It will be slower if your executing account is not a local admin on the destination servers but should work.