Jump to content

Brian Trahan

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

My Information

  • Agent Count
    2000 - 3000 Agents
  1. The email this morning said that the issue hasn't been exploited yet. So either this is unrelated or they are lying. I don't see a middle ground as they do know about this incident based on NiceCube's earlier posts.
  2. Were you ever able to confirm point of ingress or exploit used to get in?
  3. /qn is the same as /quiet /norestart I removed those and it works for me.
  4. One of the best lines I've heard when learning about Automate is "If it can be done in shell Automate can do it". I created a script to use windows Net User commands to make the account, set it as local admin, and set the local password to not expire. We also got a little fancier with it and have it use an extra data field set at the client level so each client had their own unique password but it was uniform for the entire client. Extra Data field get value (pulls in the EDF for the client to know what to set the password to) shell enhanced and continue on failure for each of these: net user <username> @<password variable>@ /add net user <username> @<password variable>@ net localgroup administrators <username> /add net user <username> /expires:never" I have it set the password twice since we had issues where if the user already existed it wouldn't update the password. That way we could change the password if it were compromised as well. I schedule this script to run daily so any new machine or password change gets pushed out automatically. I just need to update the password in the passwords tab and the EDF I created
×
×
  • Create New...