So we have a system that seems to keep producing errors around a specific time each day. We are in the process of working with the vendor to resolve the issue, but for the time being I am looking for a solution that might be a work around. I know that you can logoff a user with Powershell, but I would like to try and login a user. Is there a way to login a user with an encrypted password? Also, I would like to run this script at a specific time each day.
Related
I have a batch job on a (windows 10) machine that runs every night. A part of the job is to do a "tf get /login:[PAT]". This works for a couple of days after which it fails with "you are not authorized to access". Basically what happens is, after some days the PAT alone doesn't work anymore and the "password prompt" window gets displayed. As nobody is monitoring this job, nobody enters anything and the window times out after some time and tf access is denied.
If, after the failure, i run this job manually and enter the correct credentials into the login window (and also authorize the access on my phone, because the underlying account is protected by 2fa), everything starts working again, for a couple of days.
What do i need to do in order to make this run w/o the need for a manual intervention?
I don't think we can make it automate permanently if you have set auth policies, generally it will ask to reauthenticate every few days based on your policy settings.
For the PAT, it also has an expiration, even though we can define the expiration date a bit longer (Can be set to a maximum of one year).
So, for the past week I was trying to do something with this kerberos issue.
Long story short, we have a server and it identifies incoming user do to some work. Recently, we needed to upload some of the results, so user is now delegated so it can authorize in another server. And the problem is that, that on the next day, after the logon, server can't delegate the same user. It fails with krb5_cc_notfound error while forming AP_REQ message.
If I try to iterate over the cache it fails at krb5_cc_start_seq_get with the same error.
If I try to get some other ticket (on day after successful logon) it fail at krb5_get_credentials, and on futher attempts (I guess cache becomes invalid? If it even was valid at this point) it could not resolve the default principal.
Cache type is MSLSA.
Every time after all the fails, in the event log I can see a kerberos warrning followed by an error. First says something like 'TGT was expired, an attempt to renew was made and failed' and the other one is KRB_AP_ERR_TKT_EXPIRED.
We have so few experience with kerberos in our room, so if you could share some of it - it would be cool.
It was a bug in a third party library. It basically stored the windows logon handle for eternity.
I have a very specific question. I'm in the middle of an assignment for school and my team is stuck at a part where we need to recover a password from the Event Logs that was purposely placed in there. He said there should be logs that have the password included in them that were man-made but we have no idea where to look. We've looked through the 4688, 4723, 4724 event logs, as well as the rest of them even though they don't apply much to this situation, to see if maybe there is custom information that's placed that includes a password but we can't find anything. There are logs where we can see that users were made and changes were made to their accounts/passwords and then one user was disabled and deleted but is there a way to actually get more information from an event log using PowerShell? We've been using MyEventViewer for the event logs but are really lost at this point. Our teacher said that he was able to get the password by using PowerShell. Does anyone have any idea as to how we could go about getting the password for a user like that going through PowerShell? It's the Domain Admin accounts password that we're looking for and it's also the same password for a KeePass database file that we need to unlock and then perform a live response after. Even if anyone knew how you can input your password into an event log, that would also really help so we can backtrack to see about exporting it. Any information would be greatly appreciated, thanks!
I am looking for a script that will help me "lock" a computer with a specific username.
To give an example, John works in a company where every employee can use any computer to login, but John is tired to clean up the mess and leftovers from his colleagues at the office, so, he decided to run a powershell script in Gpedit.msc --> User Configuration --> Windows Settings --> Scripts (Logon/Logoff), or a generic script on the computer to, whenever the computer is rebooted, turned off or, logged off, only his username will ask for credentials. Basically, what I need is to "lock" that computer with a specific user ID, even if it's turned off, rebooted or logged off, only that user ID will show and prompt for password. The computer is always within the network, the user ID does not have administrator rights as the only thing is used on the computer is Internet Explorer to login to a webpage, but my point is the script that I need. A script that enables the "lock" with the specific user ID and a script that disables the "lock", as, I leave on long periods and the place at the computer is free for carnage. And no, I cannot just simply hit Win+Del keys because with a simple reboot, the computer will not remain with the user ID.
Also, I just need the computer to show up with the specific user and always ask for password. I do not need to automatically login.
I tried to search on the internet the specific script or some commands that I can play with, but I did not find something. Can someone help me shed some light on this please?
Thank you!
I'm not sure how an actual script would look, but I know you can lock certain users to only be able to log into certain computers (assuming its an AD domain). Does that help at all?
To make a long story short, we have some staff punctuality issues where we'd like to setup some type of report / monitor that would send supervisors login time stamps during morning hours mostly. I don't know if this is possible through event logs or what not by scripting some type of report, however at this point I'm looking for solutions. Any suggestions?
LastlogonTimestamp is not synced in anything near real time. so that will not work for daily reporting.
i would collect the security logon events with the relevant Event ID's and work from there with the reporting.
an alternative is to scavenge the LastLogon property from user objects. But that is non-replicated attribute so you would need to read that for a user from all DC's or where it exists.