WINDOWS. PS. SECURITY. Users do not require pre-authentication

Purpose

Here's a PowerShell script that will allow you to get the list of users who do not require pre-authentication in your environment.

Steps

# Importar el módulo de Active Directory

Import-Module ActiveDirectory

# Obtener todos los usuarios que no requieren autenticación previa

$usuariosSinAutenticacionPrevia = Get-ADUser -Filter {UserAccountControl -band 0x20000} -Properties DisplayName, UserPrincipalName

# Mostrar la lista de usuarios

$usuariosSinAutenticacionPrevia | Select-Object DisplayName, UserPrincipalName | Format-Table -AutoSize

by GoN | Published: Jun 2025 | Last Updated:

WINDOWS. PS. SECURITY. SPN. Service Principal Name

Purpose

PowerShell script that will allow you to verify if a SPN (Service Principal  name) exists in the domain that allows you to generate a TGS (Ticket Granting Service) ticket. This script searches Active Directory for registered SPNs and displays those that meet the criteria.

There are different search queries to use, I recommend these

Steps

Query 1:

# Asegúrate de tener el módulo ActiveDirectory importado

Import-Module ActiveDirectory

# Obtiene todos los usuarios que tengan algún SPN configurado

Get-ADUser -Filter * -Properties servicePrincipalName |

    Where-Object { $_.servicePrincipalName -ne $null } |

    Select-Object SamAccountName, servicePrincipalName

* This means that this account has a registered Service Principal Name (SPN) for SQL Server.

* MSSQLSvc indicates the service (SQL Server).

* NETVXX.domain.com is the hostname where the service runs.

:* 1433 is the standard TCP port for SQL Server. ➝ In other words: the Administrator account is associated as a service identity for a SQL Server on that server/port. This allows clients to use Kerberos authentication to connect to that SQL instance.

Query 2:

# Importar el módulo de Active Directory
Import-Module ActiveDirectory
# Definir el SPN que deseas buscar
$spn = "HTTP/*"
# Buscar cuentas de servicio con el SPN especificado
$cuentasConSPN = Get-ADObject -Filter {ServicePrincipalName -like $spn} -Properties ServicePrincipalName, Name
# Verificar si se encontraron cuentas con el SPN
if ($cuentasConSPN) {
    Write-Output "Se encontraron las siguientes cuentas con el SPN '$spn':"
    $cuentasConSPN | Select-Object Name, ServicePrincipalName | Format-Table -AutoSize
} else {
    Write-Output "No se encontraron cuentas con el SPN '$spn'."
}

ADVICE1: If you can not remove the SPN feature, it is recommended to put one password 25 long or more

ADVICE2: You can create a script that checks if there are any changes in the output of these queries.

By GoN | Published: Jun 2025 | Last Updated.Dec 2025:

AD. Windows. Files

 Purpose

Search my shared resources for the words "contraseña|password|contrasenya" and report it to me in a file.

I'm looking for words to ask the user to save their passwords in a secure place like Keepass.

Steps

# Función para obtener el propietario de un archivo o carpeta
function Get-Owner {
    param (
        [string]$Path
    )
    $acl = Get-Acl -Path $Path
    $owner = $acl.Owner
    return $owner
}
# Función para obtener los permisos de escritura de un archivo o carpeta
function Get-WritePermissions {
    param (
        [string]$Path
    )
    $acl = Get-Acl -Path $Path
    $permissions = @()
    foreach ($access in $acl.Access) {
        if ($access.FileSystemRights -match "Write") {
            $permissions += $access.IdentityReference
        }
    }
    return $permissions -join ", "
}
# Crear el archivo CSV y añadir encabezados
$csvPath = "resultado.csv"
"Nombre,RutaCompleta,RutaRelativa,Propietario,PermisosDeEscritura" | Out-File -FilePath $csvPath -Encoding UTF8
# Función para recorrer la estructura de directorios de una ruta de red
function Search-Path {
    param (
        [string]$NetworkPath
    )
    Get-ChildItem -Path $NetworkPath -Recurse | ForEach-Object {
        if ($_ -match "contraseña|password|contrasenya") {
            $owner = Get-Owner -Path $_.FullName
            $writePermissions = Get-WritePermissions -Path $_.FullName
            $relativePath = $_.FullName.Substring($NetworkPath.Length)  # Obtener la ruta relativa
            $result = "$($_.Name),$($_.FullName),$relativePath,$owner,$writePermissions"
            $result | Out-File -FilePath $csvPath -Append -Encoding UTF8
        }
    }
}
# Recorrer las rutas de red
Search-Path -NetworkPath "\\server1\d$"
Search-Path -NetworkPath "\\server2\r$"
Search-Path -NetworkPath "\\server4\r$"
Write-Host "El archivo resultado.csv ha sido creado con éxito."

 By GoN | Published: Jun 2025 | Last Updated:

ISC2 International Information System Security Certification. Cetified in Cybersecurity

    Adding a new certification to my CV 

by GoN | Published: Jun 2025 | Last Updated: