Unable to run script
rebelinux opened this issue · 5 comments
ScriptSentry/Invoke-ScriptSentry.ps1
Line 26 in 3c34ed4
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry> .\Invoke-ScriptSentry.ps1
_______ _______ _______ _________ _______ _________ _______ _______ _ _________ _______
( ____ \( ____ \( ____ )\__ __/( ____ )\__ __/( ____ \( ____ \( ( /|\__ __/( ____ )|\ /|
| ( \/| ( \/| ( )| ) ( | ( )| ) ( | ( \/| ( \/| \ ( | ) ( | ( )|( \ / )
| (_____ | | | (____)| | | | (____)| | | | (_____ | (__ | \ | | | | | (____)| \ (_) /
(_____ )| | | __) | | | _____) | | (_____ )| __) | (\ \) | | | | __) \ /
) || | | (\ ( | | | ( | | ) || ( | | \ | | | | (\ ( ) (
/\____) || (____/\| ) \ \_____) (___| ) | | /\____) || (____/\| ) \ | | | | ) \ \__ | |
\_______)(_______/|/ \__/\_______/|/ )_( \_______)(_______/|/ )_) )_( |/ \__/ \_/
by: Spencer Alessi @techspence
v0.4
__,_______
/ __.==---/ * * * * * *
/ (-'
-'
Setting phasers to stun, please wait..
Get-Domain : The term 'Get-Domain' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:118 char:29
+ $DomainObject = Get-Domain
+ ~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-Domain:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
WARNING: [Get-DomainGroupMember] Error searching for group with identity 'Account Operators': Exception calling "FindOne" with "0" argument(s): "Unknown error (0x80005000)"
Get-Domain : The term 'Get-Domain' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:118 char:29
+ $DomainObject = Get-Domain
+ ~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-Domain:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
I believe there are typos in the call of function get-domains.
Are you running ScriptSentry from a non-domain-joined host? v0.4 uses a couple of PowerView functions for easier group enumeration and it checks to see if it's able to pull the domain name from environment variables and if not it tries to use Get-Domain, which is actually not included in v0.4 of ScriptSentry.
Domain joined machine. Forest with 2 child domains
Hm. Same here. My lab is multi-forest, multi-domain. I added Get-Domain
from PowerView to the dev branch (https://github.com/techspence/ScriptSentry/tree/dev) to see if that resolves this for you.
It seems to be working now because the "Admins with logonscripts" did not appear before.
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry> .\Invoke-ScriptSentry.ps1
_______ _______ _______ _________ _______ _________ _______ _______ _ _________ _______
( ____ \( ____ \( ____ )\__ __/( ____ )\__ __/( ____ \( ____ \( ( /|\__ __/( ____ )|\ /|
| ( \/| ( \/| ( )| ) ( | ( )| ) ( | ( \/| ( \/| \ ( | ) ( | ( )|( \ / )
| (_____ | | | (____)| | | | (____)| | | | (_____ | (__ | \ | | | | | (____)| \ (_) /
(_____ )| | | __) | | | _____) | | (_____ )| __) | (\ \) | | | | __) \ /
) || | | (\ ( | | | ( | | ) || ( | | \ | | | | (\ ( ) (
/\____) || (____/\| ) \ \_____) (___| ) | | /\____) || (____/\| ) \ | | | | ) \ \__ | |
\_______)(_______/|/ \__/\_______/|/ )_( \_______)(_______/|/ )_) )_( |/ \__/ \_/
by: Spencer Alessi @techspence
v0.4
__,_______
/ __.==---/ * * * * * *
/ (-'
-'
Setting phasers to stun, please wait..
Get-Item : Cannot find path '\\acad.pharmax.local\NETLOGON\enroll.exe' because it does not exist.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1042 char:17
+ Get-Item -Path $GPOLogonScripts | Sort-Object -Unique
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (\\acad.pharmax.local\NETLOGON\enroll.exe:String) [Get-Item], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemCommand
parsing "\\pharmax.local\sysvol\pharmax.local\scripts\mappeddrives.cmd " - Malformed \p{X} character escape.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1336 char:21
+ ... if ((Get-Item $ServerWithoutDNS.Script).Name -match $AdminScr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException
parsing "\\pharmax.local\NETLOGON\FindOrphanedGPOs.ps1" - Unrecognized escape sequence \N.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1336 char:21
+ ... if ((Get-Item $ServerWithoutDNS.Script).Name -match $AdminScr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException
parsing "\\pharmax.local\sysvol\pharmax.local\scripts\mappeddrives.cmd " - Malformed \p{X} character escape.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1336 char:21
+ ... if ((Get-Item $ServerWithoutDNS.Script).Name -match $AdminScr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException
parsing "\\pharmax.local\NETLOGON\FindOrphanedGPOs.ps1" - Unrecognized escape sequence \N.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1336 char:21
+ ... if ((Get-Item $ServerWithoutDNS.Script).Name -match $AdminScr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException
Find-UnsafeUNCPermissions : Cannot bind argument to parameter 'UNCScripts' because it is null.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1566 char:61
+ ... dDrives = Find-UnsafeUNCPermissions -UNCScripts $MappedDrives -SafeUs ...
+ ~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Find-UnsafeUNCPermissions], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Find-UnsafeUNCPermissions
Find-UnsafeGPOLogonScriptPermissions : Cannot bind argument to parameter 'GPOLogonScripts' because it is null.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1576 char:80
+ ... feGPOLogonScriptPermissions -GPOLogonScripts $GPOLogonScripts -SafeUs ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Find-UnsafeGPOLogonScriptPermissions], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Find-UnsafeGPOLogonScriptPermissions
########## Unsafe logon script permissions ##########
Type File User Rights
---- ---- ---- ------
UnsafeLogonScriptPermission \\pharmax.local\sysvol\pharmax.local\scripts\FindOrphanedGPOs.ps1 NT AUTHORITY\Authenticated Users FullControl
########## Plaintext credentials ##########
Type File Credential
---- ---- ----------
Credentials \\acad.pharmax.local\sysvol\acad.pharmax.local\scripts\AD-Find_missing_subnets_in_ActiveDirectory.ps1 $password = ConvertTo-SecureString -String
"p@ssw0rd" -AsPlainText -Force
Credentials \\acad.pharmax.local\sysvol\acad.pharmax.local\scripts\AD-Find_missing_subnets_in_ActiveDirectory.ps1 $password = ConvertTo-SecureString
"p@ssw0rd" -AsPlainText -Force
Credentials \\acad.pharmax.local\sysvol\acad.pharmax.local\scripts\mappeddrives.cmd Net use h: \\VBoxSvr\Win11\Documents
/user:VboxSrv\user1 Passwrd123 /p:yes
Credentials \\pharmax.local\sysvol\pharmax.local\scripts\AD-Find_missing_subnets_in_ActiveDirectory.ps1 $password = ConvertTo-SecureString -String
"p@ssw0rd" -AsPlainText -Force
Credentials \\pharmax.local\sysvol\pharmax.local\scripts\AD-Find_missing_subnets_in_ActiveDirectory.ps1 $password = ConvertTo-SecureString
"p@ssw0rd" -AsPlainText -Force
Credentials \\pharmax.local\sysvol\pharmax.local\scripts\mappeddrives.cmd Net use h: \\VBoxSvr\Win11\Documents
/user:VboxSrv\user1 Passwrd123 /p:yes
########## Admins with logonscripts ##########
Type User LogonScript
---- ---- -----------
AdminLogonScript CN=Administrator,CN=Users,DC=pharmax,DC=local \\pharmax.local\sysvol\pharmax.local\scripts\mappeddrives.cmd
AdminLogonScript CN=veeam admin,CN=Users,DC=pharmax,DC=local \\pharmax.local\NETLOGON\FindOrphanedGPOs.ps1
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry>
Nice, thank you for sharing. Looks like I’ve got a little more error handling work to do. If you run into any other issue, let me know. ✌️