Tag Archives: get-adcomputer

PowerShell: Get-ADComputer to retrieve computer last logon date (and disable them) – part 2

PowerShell

In this article we’ll look at using Get-ADComputer and Set-ADComputer to list computer accounts which haven’t logged in for xx days, and then automatically disable them.

In part 1 we looked at how to use Get-ADComputer to list computers by name and sort them by their last logon date with the premise that we can use the information to remove historic computer accounts from the domain.

Now we know the computer accounts we want to work with we will look at modifying the PowerShell command to automatically disable them.

Continue reading

Vendors’ response to Shellshock bug

Bash ShellShock Bug

The Shellshock vulnerability in Bash (a command line shell) hit the news last week and has the potential to be far more serious than the Heartbleed bug discovered earlier in the year. The Shellshock bug appears to mostly effect Macs, Linux, Unix, and websites based on Apache, although some network hardware may be effected.

There is a very good technical article that Troy Hunt has published which explains the vulnerability in some depth. You can view it here, as well as many other websites which are covering the story so I won’t go into detail, just type Shellshock into your favourite search engine.

Instead below is a list of the major vendors which we and customers use and links to any articles they have regarding Shellshock and their products.

Watchguard and Draytek have confirmed they have no effected products. Microsoft is also uneffected.

Keep checking back as I will update this as more detials from vendors become available.

If you know of any other Vendor statements regarding the ShellShock bug please add a comment below, and I will incorporate it into the post.

Dell
http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2014/09/25/shellshock-bash-bug-vulnerability-alert

http://www.dell.com/learn/us/en/04/campaigns/shellshock-remediation

Dell Sonicwall
https://software.sonicwall.com/ServiceBulletin/Dell_SonicWALL_GNU_Bash_Shellshock.pdf

Draytek
http://www.draytek.co.uk/support/guides/shellshock-security-exploit

Watchguard
http://watchguardsecuritycenter.com/2014/09/25/bash-or-shellshock-vulnerability/

Synology
https://www.synology.com/en-global/support/security/bash_shellshock

VMware
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740

Egnyte
https://helpdesk.egnyte.com/hc/en-us/articles/203037714-Egnyte-unaffected-by-bash-vulnerability-Shellshock-

Sophos
http://nakedsecurity.sophos.com/2014/09/25/bash-shellshock-vulnerability-what-you-need-to-know/

http://www.sophos.com/en-us/support/knowledgebase/121444.aspx

Apple
http://support.apple.com/kb/HT6495

http://support.apple.com/kb/DL1769      (for Mavericks)

http://support.apple.com/kb/DL1768      (for Mountain Lion)

http://support.apple.com/kb/DL1767      (for Lion)

http://www.macworld.com/article/2687826/apple-says-most-mac-users-are-safe-from-shellshock-bash-bug-promises-quick-fix.html

Netgear
http://kb.netgear.com/app/answers/detail/a_id/25703

HP
http://h17007.www1.hp.com/docs/networking/alert/GNU-BASH_Security-Advisory.pdf

Avaya
https://support.avaya.com/helpcenter/getGenericDetails?detailId=C2014926131554370002

 

PowerShell: Get-ADComputer to retrieve computer last logon date – part 1

PowerShellI’ve written about Get-ADUser several times already to find out Active Directory user information, but in this post we’ll be using Get-ADComputer to find out the last logon date for the computers in Active Directory.

As computers are retired or fail and are replaced how often do admins remember to remove the computer accounts from Active Directory?

You can use the command we are going to create below to enumerate the last login date for all the computer accounts in your domain, so that you can safely disable and remove them after they have been inactive for a period of time. Continue reading