One of the daily system admin task is to check the user login history throughout the domain. It becomes quite a tough task if you have to go through thousands of event logs to find the correct security events of users logon from every domain controllers. Though we filter only the Kerberos Authentication Events for TGT (Ticket-Granting-Ticket) Requests, there are so many information in each event regarding to specific users.
So, I am taking some time to put all these Kerberos events together from every domain controller to look for some useful information and then write this handy script to save my difficult days ! Continue reading “Powershell: Find AD Users’ Logon History with their Logged on Computers”
Month: August 2016
How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 4
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Now, it’s time to test running the script. Let’s say user2 has recently joined to your company and try to run some script downloaded from internet on Node-2 computer which is a newly domain joined computer. Also, don’t forget to “gpupdate” on client computers after your GPO is changed. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 4”
How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 3
3) Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-4: Run the test scripts
In Part-2, we have signed the script with user1’s certificate. There are some manual works such as adding user1 certificate to trusted publisher group. Let us see how can we automate this process by using GPO.
First of all, we need to export user1 certificate from Node1 computer’s personal store to DC1 computer where we can distribute this certificate via Group Policy. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 3”
How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 2
2) Request the certificate the sign the script by user1
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-4: Run the test scripts
In the Part-1, we have configured AD CS role and configure certificate template. Now, it’s time that user1 request his certificate and sign his script. On the Node-1 computer with user1 logged on as domain user: Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 2”
How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 1
Go to >> Part-2: Request the certificate the sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-4: Run the test scripts
This is a lengthy post of how to digitally sign your powershell script, so I divide it up to 4 sections. Digitally signing of powershell script, for the security purpose, is particularly useful to prevent the execution of malicious scripts on servers or workstations in your domain environment. Today, I will show you how to sign your powershell scripts from Microsoft CA and use GPO to control the execution of unsigned scripts in domain environment. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 1”