![]() ![]() $ErrorMessage = $Computer + " Error: " + $_.Exception. $Object += New-Object -TypeName PSObject -Property $Properties | Select ComputerName, Username, Time, CallerComputer Rundll32.exe exists to run programs held in DLL files. $EventID = Get-WinEvent -ComputerName $Computer -FilterHashtable = 'Security' ID = 4740 StartTime = (Get-Date).AddDays(-$DaysFromToday)} -EA 0ĬallerComputer = $ ![]() ![]() ] $ComputerName = (Get-ADDomainController -Filter * | select -ExpandProperty Name), So let’s assume in this example that you have DA privileges and we’ll move on. Some of them can prove to be rather useful, eg, copy-paste rundll32.exe keymgr. Otherwise, you’re going to an access denied error. I’ll start off by saying that in order to query any domain controller, you’re going to need Domain Admin rights. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |