Find who reset my password: The Powershell Script to Audit User Accounts Changes

Getting the account management activity is an essential process for auditing purpose. We can check it at the windows event log if the auditing for account management is enabled. To automate this tiresome job, I wrote this powershell script to make life easier.
This script will show you all the changes that admin made to the user/system account, such as the time when the password was reset and who reset the password; who added user to specified group; which attributes of user account was changed. Before running this script, you’ll have to enable auditing of account management to ‘Success’ in local security policy, for the enough of the time so that required events are collected. Don’t worry I have included the user’s option to enable from within this script. Continue reading “Find who reset my password: The Powershell Script to Audit User Accounts Changes”

Assign SQL service start,stop permission to Non-Administrator Account and SDDL explained

For full syntax of SDDL(Security Descriptor Definition Language) and ACEs (Access Control Lists), you can refer this TechNet article.
Here we will assign the start/stop permission of MSSQLSERVER to ‘MyUser’ domain user. Assume that computer has been SQL 2012 installed in domain environment. We can easily assign the necessary permission the by Powershell Access Control Module and will check which permissions are changed.Before doing this, we will run sc sdshow mssqlserver and check the initial service permission. See Fig-1.

Continue reading “Assign SQL service start,stop permission to Non-Administrator Account and SDDL explained”

Check If your running Processes and Files are Digitally Signed

Digital Signatures of running process is needed when your want to validate that the softwares actually comes from trusted source and is unmodified by viruses or trojans. You can also check the the executable files (.exe, .dll etc,.) on your system that they are digitally signed. Continue reading “Check If your running Processes and Files are Digitally Signed”

How to add missing windows services in WMI monitoring with Non-Administrator account


Update: The purpose in this blogpost is about giving permission of specific windows service to specific monitoring user. So, you can replace step-6 (setting DNS service permission to specific account that will monitor service) with easier methods in my new blog post.

There are three methods for monitoring windows servers:
  1. By installing Agents (such as Zabbix,SCOM Agents).
  2. SNMP v1,v2, v3 regardless of platforms.
  3. WMI Monitor for windows servers.
And today, I’m going to make the WMI monitoring in a couple of steps, plus how to monitor the missing windows services that is unavailable in the default monitor method. Here, I’ll use the Microsoft DNS Server as a monitoring client for DNS Service + basic resource monitoring.

Continue reading “How to add missing windows services in WMI monitoring with Non-Administrator account”