ValidateCredentials.ps1 (zpäť na zoznam)
Zisťovanie, či niektorý iný administrátorský účet má určité heslo, ktoré môže ohroziť bezpečnosť.
$localAdmins = net localgroup administrators | Where-Object {$_ -AND $_ -notmatch "command completed successfully"} | Select-Object -skip 4
$pwd = ""
foreach ($admin in $localAdmins) {
if ($admin -match "^DOM1|^DOM2|^DOM3") {
$domUser = $admin.split("`\")
$domain = $domUser[0]
$acc = $domUser[1]
}
else {
$domain = $false
$acc = $admin
}
if ($acc -like "GroupName*") {
#break current iteration, not user but group
continue
}
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
if($domain) {
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain',$domain)
}
else {
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('machine',$env:computername)
try {
$result = $DS.ValidateCredentials($acc, $pwd)
}
catch {
$check = net user $acc
if ($check -match "locked") {
net user $acc /active:yes
}
}
}
$env:computername+";"+$acc+";"+$DS.ValidateCredentials($acc, $pwd)
}