It is faster to get events from the Security log locally then it is remotely. Get-LogonEvents.ps1 gets event 4624 using an XPath syntax query remotely executed with Invoke-Command: <# This is used to get interactive logon and unlock events from a remote PC Alan Kaplan, www.akaplan.com 4/14/2020 Public version 12/24/21 #> Param ( [Parameter(Mandatory =…
Tag: Security
Get Security Set on Active Directory Objects
Viewing the security set on an Active Directory object is useful for troubleshooting and for security event investigations. Get-ADObjPermissions_ps1 reads your AD schema data, and provides a list of security set with both the setting and the delegate. This does not require admin permissions or any modules to run. It take’s the object’s distinguished name…
Get Security Set on AD Object
It’s been a while, gentle reader, since my last post. It isn’t that I haven’t been writing code, but rather that much of what I write is for internal use only. Recently I was asked to write a PowerShell script to show the advanced security for any AD object, without relying on the ActiveDirectory module….
Fix User’s Home Directory Permissions with Take Ownership
Fix-HomeDrivePerms.ps1 is a PowerShell script which attempts to reset folder security when the permissions are really hosed. It uses a take ownership function, Set-Owner, by Boe Prox, instead of takeown.exe, but does shell out to iCacls.exe. I wrote this to fix home directories where a user might be logged on with files open a the…
Another User Folder Security Reset Script
This simple batch file resets the inheritance on users folders and then grants them “modify” using the builtin icacls.exe. This script does not address issues which require you to take ownership — I will post one that does that soon. @Echo Off Pushd \\path\USERS\ for /d %%u in (*.*) do echo ICACLS %%~fu /reset /t…