Unable to run script
rebelinux opened this issue · 5 comments
rebelinux commented
ScriptSentry/Invoke-ScriptSentry.ps1
Line 26 in 3c34ed4
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry> .\Invoke-ScriptSentry.ps1
_______ _______ _______ _________ _______ _________ _______ _______ _ _________ _______
( ____ \( ____ \( ____ )\__ __/( ____ )\__ __/( ____ \( ____ \( ( /|\__ __/( ____ )|\ /|
| ( \/| ( \/| ( )| ) ( | ( )| ) ( | ( \/| ( \/| \ ( | ) ( | ( )|( \ / )
| (_____ | | | (____)| | | | (____)| | | | (_____ | (__ | \ | | | | | (____)| \ (_) /
(_____ )| | | __) | | | _____) | | (_____ )| __) | (\ \) | | | | __) \ /
) || | | (\ ( | | | ( | | ) || ( | | \ | | | | (\ ( ) (
/\____) || (____/\| ) \ \_____) (___| ) | | /\____) || (____/\| ) \ | | | | ) \ \__ | |
\_______)(_______/|/ \__/\_______/|/ )_( \_______)(_______/|/ )_) )_( |/ \__/ \_/
by: Spencer Alessi @techspence
v0.4
__,_______
/ __.==---/ * * * * * *
/ (-'
-'
Setting phasers to stun, please wait..
Get-Domain : The term 'Get-Domain' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:118 char:29
+ $DomainObject = Get-Domain
+ ~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-Domain:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
WARNING: [Get-DomainGroupMember] Error searching for group with identity 'Account Operators': Exception calling "FindOne" with "0" argument(s): "Unknown error (0x80005000)"
Get-Domain : The term 'Get-Domain' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:118 char:29
+ $DomainObject = Get-Domain
+ ~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-Domain:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
I believe there are typos in the call of function get-domains.
techspence commented
Are you running ScriptSentry from a non-domain-joined host? v0.4 uses a couple of PowerView functions for easier group enumeration and it checks to see if it's able to pull the domain name from environment variables and if not it tries to use Get-Domain, which is actually not included in v0.4 of ScriptSentry.
rebelinux commented
Domain joined machine. Forest with 2 child domains
techspence commented
Hm. Same here. My lab is multi-forest, multi-domain. I added Get-Domain from PowerView to the dev branch (https://github.com/techspence/ScriptSentry/tree/dev) to see if that resolves this for you.
rebelinux commented
It seems to be working now because the "Admins with logonscripts" did not appear before.
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry> .\Invoke-ScriptSentry.ps1
_______ _______ _______ _________ _______ _________ _______ _______ _ _________ _______
( ____ \( ____ \( ____ )\__ __/( ____ )\__ __/( ____ \( ____ \( ( /|\__ __/( ____ )|\ /|
| ( \/| ( \/| ( )| ) ( | ( )| ) ( | ( \/| ( \/| \ ( | ) ( | ( )|( \ / )
| (_____ | | | (____)| | | | (____)| | | | (_____ | (__ | \ | | | | | (____)| \ (_) /
(_____ )| | | __) | | | _____) | | (_____ )| __) | (\ \) | | | | __) \ /
) || | | (\ ( | | | ( | | ) || ( | | \ | | | | (\ ( ) (
/\____) || (____/\| ) \ \_____) (___| ) | | /\____) || (____/\| ) \ | | | | ) \ \__ | |
\_______)(_______/|/ \__/\_______/|/ )_( \_______)(_______/|/ )_) )_( |/ \__/ \_/
by: Spencer Alessi @techspence
v0.4
__,_______
/ __.==---/ * * * * * *
/ (-'
-'
Setting phasers to stun, please wait..
Get-Item : Cannot find path '\\acad.pharmax.local\NETLOGON\enroll.exe' because it does not exist.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1042 char:17
+ Get-Item -Path $GPOLogonScripts | Sort-Object -Unique
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (\\acad.pharmax.local\NETLOGON\enroll.exe:String) [Get-Item], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemCommand
parsing "\\pharmax.local\sysvol\pharmax.local\scripts\mappeddrives.cmd " - Malformed \p{X} character escape.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1336 char:21
+ ... if ((Get-Item $ServerWithoutDNS.Script).Name -match $AdminScr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException
parsing "\\pharmax.local\NETLOGON\FindOrphanedGPOs.ps1" - Unrecognized escape sequence \N.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1336 char:21
+ ... if ((Get-Item $ServerWithoutDNS.Script).Name -match $AdminScr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException
parsing "\\pharmax.local\sysvol\pharmax.local\scripts\mappeddrives.cmd " - Malformed \p{X} character escape.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1336 char:21
+ ... if ((Get-Item $ServerWithoutDNS.Script).Name -match $AdminScr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException
parsing "\\pharmax.local\NETLOGON\FindOrphanedGPOs.ps1" - Unrecognized escape sequence \N.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1336 char:21
+ ... if ((Get-Item $ServerWithoutDNS.Script).Name -match $AdminScr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException
Find-UnsafeUNCPermissions : Cannot bind argument to parameter 'UNCScripts' because it is null.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1566 char:61
+ ... dDrives = Find-UnsafeUNCPermissions -UNCScripts $MappedDrives -SafeUs ...
+ ~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Find-UnsafeUNCPermissions], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Find-UnsafeUNCPermissions
Find-UnsafeGPOLogonScriptPermissions : Cannot bind argument to parameter 'GPOLogonScripts' because it is null.
At C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry\Invoke-ScriptSentry.ps1:1576 char:80
+ ... feGPOLogonScriptPermissions -GPOLogonScripts $GPOLogonScripts -SafeUs ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Find-UnsafeGPOLogonScriptPermissions], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Find-UnsafeGPOLogonScriptPermissions
########## Unsafe logon script permissions ##########
Type File User Rights
---- ---- ---- ------
UnsafeLogonScriptPermission \\pharmax.local\sysvol\pharmax.local\scripts\FindOrphanedGPOs.ps1 NT AUTHORITY\Authenticated Users FullControl
########## Plaintext credentials ##########
Type File Credential
---- ---- ----------
Credentials \\acad.pharmax.local\sysvol\acad.pharmax.local\scripts\AD-Find_missing_subnets_in_ActiveDirectory.ps1 $password = ConvertTo-SecureString -String
"p@ssw0rd" -AsPlainText -Force
Credentials \\acad.pharmax.local\sysvol\acad.pharmax.local\scripts\AD-Find_missing_subnets_in_ActiveDirectory.ps1 $password = ConvertTo-SecureString
"p@ssw0rd" -AsPlainText -Force
Credentials \\acad.pharmax.local\sysvol\acad.pharmax.local\scripts\mappeddrives.cmd Net use h: \\VBoxSvr\Win11\Documents
/user:VboxSrv\user1 Passwrd123 /p:yes
Credentials \\pharmax.local\sysvol\pharmax.local\scripts\AD-Find_missing_subnets_in_ActiveDirectory.ps1 $password = ConvertTo-SecureString -String
"p@ssw0rd" -AsPlainText -Force
Credentials \\pharmax.local\sysvol\pharmax.local\scripts\AD-Find_missing_subnets_in_ActiveDirectory.ps1 $password = ConvertTo-SecureString
"p@ssw0rd" -AsPlainText -Force
Credentials \\pharmax.local\sysvol\pharmax.local\scripts\mappeddrives.cmd Net use h: \\VBoxSvr\Win11\Documents
/user:VboxSrv\user1 Passwrd123 /p:yes
########## Admins with logonscripts ##########
Type User LogonScript
---- ---- -----------
AdminLogonScript CN=Administrator,CN=Users,DC=pharmax,DC=local \\pharmax.local\sysvol\pharmax.local\scripts\mappeddrives.cmd
AdminLogonScript CN=veeam admin,CN=Users,DC=pharmax,DC=local \\pharmax.local\NETLOGON\FindOrphanedGPOs.ps1
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\ScriptSentry>
techspence commented
Nice, thank you for sharing. Looks like I’ve got a little more error handling work to do. If you run into any other issue, let me know. ✌️