Category Archives: Security

Reset User Account ACLs

The security for user account objects in an OU may drift over time. User accounts moved within the domain will retain delegations previously made, and user accounts created after schema extensions won’t have the same security as user accounts created … Continue reading

Posted in Active Directory, Alan's Favorites, My Best, PowerShell, Scripting, Security, Windows Administration | Tagged , , | Leave a comment

Export and Import Delegated OU Permissions with PowerShell

There are some delegations of permissions within Active Directory which cannot be made without extra effort. Some properties are flagged as hidden in a file called Dssec.dat, in %windir%\System32 on computers with the Active Directory Users and Computers (ADUC) MMC. … Continue reading

Posted in Active Directory, Alan's Favorites, My Best, PowerShell, Scripting, Security, Windows Administration | Tagged , , , | Leave a comment

Get and Read RDP Certificate from a Remote Host with PowerShell

Sometimes, I get some interesting questions from other teams within my organization.  Read-RDPCert.ps1 addresses a request to read the SSL certificates from a list of remote hosts.  This is based on the code and following comments at https://blogs.technet.microsoft.com/parallel_universe_-_ms_tech_blog/2014/06/26/reading-a-certificate-off-a-remote-ssl-server-for-troubleshooting-with-powershell/.

Posted in PowerShell, Scripting, Security | Tagged , | Leave a comment

Remove Active Directory Delegations

Over time, Active Directory delegations tend to accumulate and drift from the standards in the enterprise.  Removing the delegations for a user or group can be slow, especially if you do it manually.  Microsoft has a good article about this process, but … Continue reading

Posted in Active Directory, Alan's Favorites, Functions, My Best, PowerShell, Scripting, Security, Windows Administration | Tagged , , , | Leave a comment

Fix User’s Home Directory Permissions with Take Ownership

Fix-HomeDrivePerms.ps1 is a PowerShell script which attempts to reset folder security when the permissions are really hosed.  It uses a take ownership function, Set-Owner, by Boe Prox, instead of takeown.exe, but does shell out to iCacls.exe.  I wrote this to … Continue reading

Posted in PowerShell, Scripting, Scriptlets, Security, Windows Administration | Tagged , | Leave a comment

Another User Folder Security Reset Script

This simple batch file resets the inheritance on users folders and then grants them “modify” using the builtin icacls.exe.   This script does not address issues which require you to take ownership — I will post one that does that soon. … Continue reading

Posted in Batch, Scripting, Security, Windows Administration | Tagged , , | Leave a comment

Who Added this User to the Domain?

On of the questions that I am frequently asked is “who created that user”.  In a small shop, the answer should be “me”.  But in a really large environment the answer may not be quite so clear. When an object … Continue reading

Posted in Active Directory, PowerShell, Scripting, Security, Windows Administration | Leave a comment

Get Oldest Windows Event

Get-OldestEvent.ps1 is a PowerShell advanced function which returns the oldest event from a Windows computer event log, and will help you determine the rollover time for an event log by also returning the age of the record as a time … Continue reading

Posted in PowerShell, Scripting, Security, Windows Administration | Tagged , , | Leave a comment

Passwords for Password Resets

I discovered that my script to generate passwords, RandomPW.vbs, isn’t popular with users because the passwords are random.  I have an even more complicated but unposted PowerShell version with the same issue. I wanted to create something that was easier … Continue reading

Posted in PowerShell, Scripting, Security, Windows Administration | Tagged , , , | Leave a comment

Auditing Active Directory Permissions with Powershell

Active Directory permissions aren’t easy to audit.  It is a lot easier to delegate permissions to a user or a group than it is to figure out later who has what rights on what containers and organizational units.  I have … Continue reading

Posted in Active Directory, Alan's Favorites, PowerShell, Scripting, Security, Windows Administration | Tagged , | Leave a comment