Active Directory – Securely Set Local Account Passwords

How it works A token is generated for a supplied account with the desired password.  Example of a token: k8vVeIYZeI+6rkvlvw8eLOEnHK2yTcBfHQP4UEZrCgigcagy7+qt969LISkmHH/7CS5KfVWLEZh8cZMzCkVYGw== This token (an AES-256 encrypted version of the username and the password) is passed to the SecurelySetPassword tool which is executed at start-up via an Active Directory Group Policy. The token is decrypted and used… Continue reading Active Directory – Securely Set Local Account Passwords

Active Directory – Securely Set Local Account Passwords

Prerequisites: The following assumptions have been made in this tutorial. Readers should have a basic working knowledge of Microsoft Active Directory, SQL Server and Visual Studio software. Step 1:  Create ACTIVE DIRECTORY SERVICE ACCOUNT Create an Active directory service account with password reset as well as user account unlock permissions. Step 2:  Download Visual Studio… Continue reading Active Directory – Securely Set Local Account Passwords

Using OpenTTD to create a realistic data stream

A while back I was going through a refresher course on Azure Stream Analytics (https://www.pluralsight.com/courses/azure-stream-analytics-understanding by Alan Smith) and found the method used to generate data fascinating. Basically, Alan used an opensource C# racing game to build a whole course on Azure Stream Analytics and the processing of telemetry data generated by it. I took inspiration from… Continue reading Using OpenTTD to create a realistic data stream

UserResourceCleanup

INTRODUCTION A GPO exist that can be configured to automatically delete old user profiles and a process such as CircularLogArchivercan be used to clean up log or old data but what about user data? UserResouceCleanup can take care of this by monitoring the user data folders and Active Directory. CONFIGURING USERRESOURCECLEANUP a) Download and extract UserResourceCleanup.zip (here is VirusTotal scan) to… Continue reading UserResourceCleanup

Automated object placement using AutoAD

IMPLEMENTATION 1) Computer Description Update Process a) Delegation To be able to update computer descriptions you need to delegate rights. Add the following permissions to Active Directory either to the root of the domain or any other Organizational Unit. You would add it to an Organizational Unit if you only want to use this process… Continue reading Automated object placement using AutoAD

Active Directory Password Reset Tool

BENEFITS Sets a unique, secure password on each password reset Helpdesk employee users do not need to use or install RSAT (at least not for those only resetting passwords) End-users do not get passwords such as Password1 or Company1 and continue with this bad practice by continuing with passwords such as Password2 or Company2 IMPLEMENTATION… Continue reading Active Directory Password Reset Tool

Active Directory Cleanup Tool (ADCleanup)

INTRODUCTION ADCleanup is my implementation of a set-and-forget Active Directory cleanup tool. Once this tool is implemented correctly, you never need to worry about dormant accounts ever again. IMPLEMENTATION 1) Download and extract ADCleanup.zip (here is VirusTotal scan) to a folder of your choice, saved on the computer on which it will be scheduled to run. 2) Create a… Continue reading Active Directory Cleanup Tool (ADCleanup)

How to run commands using SYSTEM account

INTRODUCTION This is a process I use whenever I get an “Access Denied” message. One example of this is when I do not have access to SQL Server directly, only administrative rights to the actual server. PROCESS 1) Download PsExec which is part of the PsTools suite 2) Extract PsTools.zip to a convenient location. I usually copy PsExec.exe to the System32 folder. This… Continue reading How to run commands using SYSTEM account