Get-LocalAdmins.ps1 (zpäť na zoznam)
Zbieranie informácií o všetkých amdministrátorských účtoch a ich prihlasovacích politikách (lokálne alebo vzdialené prihlasovanie) na zisťovanie servisných účtov.
$localhost = hostname
$admins = net localgroup administrators | Where-Object {$_ -AND $_ -notmatch "command completed successfully"} | Select-Object -skip 4
$secpolTmpltPath = "C:\temp\secpolTmplt.inf" #inf file to work with
$output = invoke-expression -command "secedit /export /cfg $secpolTmpltPath"
function translate_SID {
param ($userList)
$list = @()
foreach ($user in $userList) {
if ($user -match "S-1-") {
$objSID = New-Object System.Security.Principal.SecurityIdentifier($user.substring(1))
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$translatedUser = $objUser.Value
$list += ,$translatedUser
}
else {
$list += ,$user
}
}
return $list
}
[string]$denyLogonLocally = Get-Content $secpolTmpltPath | Where-Object {$_ -match "SeDenyInteractiveLogonRight"} #getting line with deny local logon
[string]$denyLogonRDP = Get-Content $secpolTmpltPath | Where-Object {$_ -match "SeDenyRemoteInteractiveLogonRight"} #getting line with deny RDP logon
$denyLogonLocally = $denyLogonLocally.Replace(" ","")
$denyLogonRDP = $denyLogonRDP.Replace(" ","")
if ($denyLogonLocally.Length -gt 0) {
$denyLocally = $denyLogonLocally.split("=")
$denyLocallyUsers = $denyLocally[1].split(",")
}
else {
$denyLocallyUsers = ""
}
if ($denyLogonRDP.Length -gt 0) {
$denyRDP = $denyLogonRDP.split("=")
$denyRDPUsers = $denyRDP[1].split(",")
}
else {
$denyRDPUsers = ""
}
$translatedLocallyUsers = translate_SID $denyLocallyUsers
$translatedRDPUsers = translate_SID $denyRDPUsers
foreach ($admin in $admins) {
if ($admin -match "_ACCOUNT_TO_SKIP_1_|_ACCOUNT_TO_SKIP_2_") {
continue;
}
$result = $localhost+";"+$admin
if ($translatedLocallyUsers -contains $admin) {
$result += ";yes"
$localDeny = $true
}
else {
$result += ";no"
$localDeny = $false
}
if ($translatedRDPUsers -contains $admin) {
$result += ";yes"
$RDPdeny = $true
}
else {
$result += ";no"
$RDPdeny = $false
}
if ($localDeny -and $RDPdeny) {
$result += ";yes"
}
else {
$result += ";no"
}
$result
}