Display popup box via Powershell logon script - powershell

I know you can create powershell logon scripts and run them via Group Policy. We have a requirement where we need the user to accept the IT Usage Policy and one way I thought of doing this would be to use a login script. It would halt the login process and display a popup box after successfully logging in asking if they accept the policy (And requiring the OK/YES button to be pushed) before proceeding with login and taking the user to their desktop. Is this possible? If so, can it be set to either only run once or say every month?
If it is important, we exclusively run Windows 7 desktops.

The short answer is Yes. Here is a link to an example Provide a Yes/No Prompt in Windows PowerShell
Along with the link posted by #neolisk you should be able to cover off both sides of your question.
$a = new-object -comobject wscript.shell
$intAnswer = $a.popup("Do you want to choose Yes or No?", 0,"Confirmation",4)

It does not work when you execute the script as "logon one". There should be a costrain that inhibit the appears of messageboxes.

Related

Force Powershell to ask for Creds

Hoping someone can assist me... Is there a way to force powershell to prompt for Credentials before then loading another script?
I have a gui which is a series of buttons which will load various other scripts. However one or two of them require authentication with another account. So i want the button to be hit it asks for creds then runs that PS.1 file as that account.
Most i have just coded like below so it loads the script.
$Script1.Add_Click({
& 'Location of File'
})
Thanks
As Theo said solved this:
Add $cred = Get-Credential as the first command inside the Add_Click event handler scriptblock.

How to determine the Log-In Count and Last Log-on date of users account in Windows XP while using the autopsy tool?

I'm doing some activity in my class in digital forensics I was able to find the last user who login on the computer (found it on WINDOWS/SYSTEM32/CONFIG/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENT VERSION/WINLOGON/DEFAULT USER NAME). There are 5 user accounts on the computer and I need to find the log-in count per user and last log-in date per user, in what folder should I find it? I'm using the Autopsy software.
This explanation should help, but this will be a generic answer, as the problem is not reproducible.
Normally the "C:\Windows\System32\winevt\Logs" folder is containing the event logs on Windows systems, tracing login events. You should look for the Security.evtx file(there will be plenty of logs in there, and you are looking for 4624 logs in it). If your Autopsy version is parsing this, you should try to find interactive logins(~= normal keyboard logons, or logon type 2 see the explanation. This is an assumption).
You can either count them or it's an old Autopsy version which doesn't support parsing, export the Security.evtx file instead, and open it in Event viewer on your forensic analysis host locally, and filter(open up Security.evtx with Event Viewer, Actions/Filter Current Log/Includes Event IDs: 4624, Keywords: Audit Success, User: Xyz(and change it to the next one once examined)

Powershell Question: How to check if password is implemented clarifications

So I tried messing around the basics by creating a bulk user script. I made 3 dummy accounts with different information.
I also set a securestring password for the accounts, but here's the thing, how do I check if I DID actually implement the passwords? Currently in my Active Directory, the users are created with a black arrow marked on the icon.
From what I understand its either I haven't enable the account or I didn't set a password for it. Is there a way for me to login into these dummy account to test if I have actually added the password?
Sorry, I'm a total beginner to this, still learning hence I have certain doubts. Im using a VM Win Server 2019 for practice.
I check passwords are actual this way:
$de = New-Object -TypeName 'System.DirectoryServices.DirectoryEntry' -ArgumentList #($null, 'UserName', 'Pa$$w0Rd')
if ($de.DistinguishedName -eq $null)
{
# Could not login to DC#
}
But user needs to be enabled and allowed to logon.

VS Code or InternetExplorer.Application seems to be caching my script results?

VS Code with Powershell extension
I am trying to parse a web page that I requires logging into, and am using InternetExplorer.Application
Its working up to a point, but now that I have logged in once with the script, its as if the script is caching my page results. However, if I manually go the url, im prompted to login as expected.
Ive even taken out all the code that does the login actions, but I still get the page that is only shown after login.
What can I check regarding caching of results with using "InternetExplorer.Application" via powershell?
I have my IE options set to delete browsing history on exit, so shouldn't it clear things out?
In the excerpt below, I am showing the input elements, and the ones listed are in fact the ones that are only in the document AFTER logging in, but all the code to do the logging in has been removed. Again, if I navigate to the browser manually in IE, I am prompted to login. Something must be getting cached somewhere.
However, it also happens from the command line. Not sure what to check to make sure something isnt getting cached.
$ie = new-object -com "InternetExplorer.Application"
$ie.navigate("www.something.com/client-portal")
$ie.visible=$true
$doc = $ie.Document
#-- see items on page
$doc.IHTMLDocument3_getElementsByTagName("input") | Select-Object Type,Name
... login code here, commented out then removed
[update]
https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/aa752093%28v%3dvs.85%29
How can one pass one or more flags to the navigate method ? Dont read from disk cache and dont add to history.
[ update 2 ]
I think it has something to do with either the app itself or powershell caching something. Strange that navigating to the site manually results in expected behavior (being required to log in) yet its as if I am permantly seen as logged in when using powershell with IE automation.

Powershell and Forms without Administrator Rights

I am working on a script using Powershell to fill out a website form. I am using my work computer which means I don't have Admin rights. Is it possible to fill out a form on a website using Powershell commands? For example, tab 4 times, keystroke "R", "A", etc., and then tab to the "Submit" button and click it?
You could use the Internet Explorer COM Object:
$ie = new-object -ComObject "InternetExplorer.Application"
$ie.navigate("https://yourURL")
while($ie.busy){sleep -mil 200}
You can then fill out the form with something like this (There are methods for getting by name/id/tagname etc)(this code might not actually work but it should be kinda similar):
$ie.Document.GetElementById("ElementID").value = "yourValue"
....
$ie.document.getElementById("buttonID").click()
The thing to watch out for is the security zone your target website is in. If you find that the Document property of the $ie object is null after calling .navigate() then you or your admin need to mark the target site as safe in the IE security settings for it to work without admin privileges.
P.S.: Here is the Documentation for the InternetExplorer.Application Object: MSDN