Auth, and netonly authentication

In order to run an ODBC check remote from outside a domain we can run a netonly auth against AD first:

					runas / /netonly C:\WINDOWS\SysWOW64\odbcad32.exe

To list all stored credentials we can:

					rundll32.exe keymgr.dll, KRShowKeyMgr

And in Powershell we can query all networkconnections ID’s like this:

					gwmi -Query 'Select LocalName, RemoteName, UserName from Win32_NetworkConnection'

A similar result can be achieved using wmic from cmd:

					wmic netuse get remotename,username

More articles

AD retention period

Check AD retention tombstone value: Import-Module ActiveDirectory $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext $DirectoryServicesConfigPartition = Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext” -Partition $ADForestconfigurationNamingContext -Properties *

Read More »