$lsa=Get-ADDomainController -Filter * | %{Invoke-Command -ComputerName $_.Hostname {ls HKLM:\SYS TEM\CurrentControlSet\Control\Lsa}}Now check the $lsa object for "Notification Packages" For example, you can pipe it to Out-GridView and use the search field. More info on registering password filters registration : https://msdn.microsoft.com/en-us/library/windows/desktop/ms721766(v=vs.85).aspx
Thursday, September 29, 2016
Checking for Active Directory password filters
As Microsoft puts it, "Password filters provide a way for you to implement password policy and change notification."
The other day , I read hackers were registering password filters to catch user passwords, following the revelation of the Project Sauron APT .
Therefore, I had to check if any malicious password filters were installed on my domain controllers.
One line of Powershell is enough :-)
Subscribe to:
Posts (Atom)