Tag : sécurité

Checks for services and scheduled tasks that are configured to run using domain accounts. For such accounts, the script reports the password expiry date.
Use cases:
1) detecting expiry of accounts used for services, so that the account password may be renewed
2) detecting the use of domain accounts, as opposed to managed service accounts

Searches one or more Azure Tenants for Certificates and Client Secrets. The script reports on all credentials discovered, with their expiry date and a 'hint' that identifies the secret.
If expired or soon-to-expire credentials are discovered, an event log is written - this can be used as a trigger to generate an alert
The Application specified in the credential set must have the following permissions:
Application.Read.All (mandatory) - to read the secret metadata attached to the application
User.Read.All (mandatory) - to report the owner name and contact details
Directory.Read.All (optional) - to report the tenant name

This script is intended to be used to sync the Solve users, based on the membership of the specified AD Security group.

Sets a new password for an AD User and requires the user to change the password at next logon.

Show all Active Directory Accounts which have not been logged into for specified days or more.
System account and accounts without any login activity are ignored by this script.
Reporting on inactive accounts will return the command to disable those accounts.
Disabling accounts will return the command to re-enable those accounts to counter mistakes.

Gets the Active Directory expiration date of specified users or all users within specified search bases.

Query all services, both system and per-user, get the binary responsible for the service, which will be a dll when the service executable is svchost,exe and check its digital signature.
By default, only services whose binary is not validly signed will be shown but parameters are available to show any signing state and to show all services or just non-Microsoft ones

Enables Firewall Auditing Events and then tails the event log remotely. The tailing of events for this script is closer to realtime then the text log.

This script will scan the Security log for evidence of recent changes to the local Administrators group and report whether the required audit policy is configured on the machine.

This script will check if the user is part of BUILTINAdministrators, directly named This script will check if the user is a member of BUILTINAdministrators, directly named
or inherited from other local or domain groups

Utilise les api REST d'Horizon pour extraire tous les événements liés à l'administration de la base de données Horizon Event pour tous les pods. S'il n'y a pas de configuration de pod en nuage, il ne traitera que le pod local. Après avoir récupéré les événements, il traduit les identifiants des différents objets en noms afin d'afficher les noms appropriés lorsque cela est nécessaire.

La sortie est affichée dans la console, mais elle est également enregistrée dans un emplacement par défaut, à savoir c:windowstempCU_Horizon_audit_log.csv.

Ce script récupère les utilisateurs et les groupes administratifs dans un environnement Horizon View.
Vous pouvez utiliser ce script pour vous assurer que les administrateurs ont les bonnes autorisations dans Horizon View ?
Cette action doit être exécutée sur une machine d'extrémité Horizon (dont la colonne Serveur de connexion primaire HZ est remplie dans la console ControlUp). Le script utilise la machine cible pour déterminer l'adresse du serveur de connexion et est exécuté sur la machine qui exécute la console ControlUp.

Creates a report of the packets dropped by Windows firewall during the specified interval.

Add or remove domain or local accounts to/from local groups on selected computers. Can either be done immediately or at a given date/time in the future via a scheduled task, e.g. remove specific users from the local admininstrators group in 1 day's time.
Arguments:
Users - a comma separated list of AD user accounts to add/remove to/from the specified group
Local group - the name of the local group which will have the users added or removed
Remove from group - if true then the specified users will be removed from the group, if false then the users will be added to the group (default is false)
When - If nothing is specified, the action is taken immediately otherwise a scheduled task is created to perform the action at the data/time specified which can also be a number followed by a time unit, e.g. 8h for 8 hours or 1d for 1 day. If specifying a date/time, it must be enclosed in double quotes.

This SBA confirms whether protection against these vulnerabilities have been enabled on the target computer.
For more infomation: https://support.microsoft.com/en-us/help/4072698/

Adds the required registry keys to enable the mitigations on the target computer.
Requires the relevant Microsoft patch installed on the target computer.
For more inforrmation: https://support.microsoft.com/en-us/help/4072698

This script gets the user SID for the current username. If the same name exists in both the local computer and the domain, both SIDs will be returned.