--> does not give you an elevated admin powershell console
start-Process powershell -Verb runAs
--> UAC promt --> Elevated.
Set-ExecutionPolicy RemoteSigned
--> Allow executation of home-made powershell script (off by default)
Example powershell script to find find who log on to what in domain (similar to psloggedon) by querying HKEY_USERS:
Import-Module ActiveDirectory
#$output = "PSLoggedOn_Results.csv"
$domainname = 'dc=test,dc=com,dc=au'
$allComputers=@(Get-ADComputer -SearchBase $domainname -Filter '*' | Select-Object -ExpandProperty Name)
foreach ($computername in $allComputers) {
write-warning "Connecting to $computername"
Trap {
write-warning "Something went wrong with $computername"
write-warning $_.Exception.Message
Continue
}
$regKey=[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::Users, $computername)
$allSid = $regKey.GetSubKeyNames() | where {$_ -match "Classes"}
foreach ($sidC in $allSid) {
$sid = $sidC.Substring(0,46)
$objSID = New-Object System.Security.Principal.SecurityIdentifier($sid)
$objUser = $objSID.Translate([System.Security.Principal.NTAccount])
$username=$objUser.Value
$computername+","+$username
}
}
No comments:
Post a Comment