/domain_admin_profile_killer

delete privileged users profiles with domain admin rights from user folders on domain client computers.

Primary LanguagePowerShell

delete privileged domain admins profiles

Remove privileged users profiles with domain admin rights from user folders on any domain client computers. This is by far the best method to prevent "pass the hash" attacks. If those high privileged user accounts are always removed from, mimikatz will not work. It's always nessecary to implement a privilege access management (PAM) model within your IT infrastructure. This script can also help doing the clean-up after implementation of PAM.

The script is designed to be deployed as group policy, run as scheduled task or manual by a helpdesk agent on windows 7 and higher client computers.

group policy (GPO) script deployment

image

group policy (GPO) scheduled task deployment

image