Раньше я уже упоминал волшебную палочку для администратора , пришло время поговорить еще об одном инструменте.
Так уж бывает, иногда возникает необходимость заглянуть туда, куда заглядывать не положено и мы не знаем, что там можем увидеть. Например — какие настройки политик применились.
Тут нам поможет WMI Explorer. Инструмент далеко не новый, но очень приятный. Автор — Marc van Orsouw.
И картинка, как же выглядит сей чудный зверь -
Пользуйтесь на здоровье!
Hello folks, David Steadman Here!!
We have released our latest hotfix for MIM 2016 SP1. This is build 4.4.1642.0.
NOTE: You must be at 4.4.1302.0 prior to installing this fix. If you are at 4.4.1237.0, you will need to uninstall and install 4.4.1302.0. For more information, review: https://blogs.technet.microsoft.com/iamsupport/2016/11/08/microsoft-identity-manager-2016-service-pack-1-update-package/
Оригинал тут.
Notepad is one of Window’s best tools. As I frequently use it with logs, here are a couple of time and date tricks I have learned over the years.
Notepad is simple and full of little tricks. I use it for creating and using log files all the time. Here are a couple of ways to use Notepad to automatically insert the time and date. These techniques work for all versions of Microsoft Windows, including XP, Vista, and Windows 7.
A simple way to record what you are doing at certain times is with a .LOG file in Notepad. Using this method, each time you open and close Notepad, a timestamp is created to time your activities more efficiently. Simply open the document, record what you did, save the file, and then close it.
Пусть тут поживут. Постоянно приходится искать 
- Определение LM\NTLM
https://secpfe.com/wordpress/en/2017/03/01/controlling-and-restricting-ntlm-usage-part-i/
https://github.com/secpfe/NTLMHound/
- ATA и ATA Playbook
https://docs.microsoft.com/en-us/advanced-threat-analytics/what-is-ata
https://gallery.technet.microsoft.com/ATA-Playbook-ef0a8e38
- Identifying Clear Text LDAP binds to your DC’s
- LAPS Audit Reporting via WEF PoSH and PowerBI
https://blogs.technet.microsoft.com/kfalde/2015/11/18/laps-audit-reporting-via-wef-posh-and-powerbi/
-LAPS and permission to join computer to domain
https://blogs.msdn.microsoft.com/laps/2015/07/17/laps-and-permission-to-join-computer-to-domain/
- Pass-the-Hash
https://technet.microsoft.com/en-us/security/dn785092
(Mitigating Pass-the-Hash and Other Credential Theft v1, Mitigating Pass-the-Hash and Other Credential Theft v2, How Pass-the-Hash works PDF)
- Administrative Tools and Logon Types
- Privileged Access Workstations (PAW)
- Privileged Access Workstation (PAW) Content
https://gallery.technet.microsoft.com/Privileged-Access-3d072563
Update 31.07.2017
Microsoft Advanced Threat Analytics Proof of Concept Playbook
https://gallery.technet.microsoft.com/Advanced-Threat-Analytics-591ca681
Update 21.08.2017
Troubleshooting ATA known issues
https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide
Update 26.08.2017
Understanding ATA Suspicious Activity Alerts
И дело не в iSCSI. Диски подключены по Fibre Channel.
