Auth, and netonly authentication

In order to run an ODBC check remote from outside a domain we can run a netonly auth against AD first:

				
					runas /user:user@domain.no /netonly C:\WINDOWS\SysWOW64\odbcad32.exe
				
			

To list all stored credentials we can:

				
					rundll32.exe keymgr.dll, KRShowKeyMgr
				
			

And in Powershell we can query all networkconnections ID’s like this:

				
					gwmi -Query 'Select LocalName, RemoteName, UserName from Win32_NetworkConnection'
				
			

A similar result can be achieved using wmic from cmd:

				
					wmic netuse get remotename,username
				
			

More articles

Optional features

Check available optional features: DISM /Online /Get-Capabilities Install an optional feature: DISM /Online /Add-capability /capabilityname:Media.MediaFeaturePack~~~~0.0.1.0

Read More »

AD retention period

Check AD retention tombstone value: Import-Module ActiveDirectory $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext $DirectoryServicesConfigPartition = Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext” -Partition $ADForestconfigurationNamingContext -Properties *

Read More »