Skip to content

Instantly share code, notes, and snippets.

Last active August 16, 2020 23:30
What would you like to do?
Search domain controllers for events relating to Netlogon vulnerability
# More information:
Set-StrictMode -Version 2
# Fetch all Domain Controllers. Use this pattern to fetch from all sites.
$addomain = Get-ADDomain
$controllers = Get-ADComputer -filter * -SearchBase "OU=Domain Controllers,$($addomain.DistinguishedName)"
foreach ($dc in $controllers) {
# Errors are ignored so as not to throw an exception if there are no such logs found
Get-WinEvent -FilterHashtable @{logname='system'; id=5827,5828,5829,5830,5831} -ComputerName $dc.Name -ErrorAction Ignore
# Enable: reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v FullSecureChannelProtection /t REG_DWORD /d 1 /f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment