volkan demirci Security

Computer Accounts Passwords Expire

Bilgisayar hesabı parolası expire olmayanları tespit etmek için User Account Control değeri “65536” göre sorgulamak gerekmektedir.

Örnek powershell komutu aşağıdaki gibidir.

get-adcomputer -filter “useraccountcontrol -band 65536” -properties * | ft name, ueraccountcontrol

Default UserAccountControl değerleri aşağıdaki gibidir:

Domain controller : 0x82000 (532480)

Workstation/server: 0x1000 (4096)

Örneğin: UAC değeri 69.632 ( Workstataion + Password not expires) olan bir WS için, 4096 (Workstation) + 65536 (Password not expires)

ValueDescription
512Enabled Account
514Disabled Account
544Enabled, Password Not Required
546Disabled, Password Not Required
66048Enabled, Password Doesn’t Expire
66050Disabled, Password Doesn’t Expire
66080Enabled, Password Doesn’t Expire & Not Required
66082Disabled, Password Doesn’t Expire & Not Required
262656Enabled, Smartcard Required
262658Disabled, Smartcard Required
262688Enabled, Smartcard Required, Password Not Required
262690Disabled, Smartcard Required, Password Not Required
328192Enabled, Smartcard Required, Password Doesn’t Expire
328194Disabled, Smartcard Required, Password Doesn’t Expire
328224Enabled, Smartcard Required, Password Doesn’t Expire & Not Required
328226Disabled, Smartcard Required, Password Doesn’t Expire & Not Required
Property flagValue in hexadecimalValue in decimal
SCRIPT0x00011
ACCOUNTDISABLE0x00022
HOMEDIR_REQUIRED0x00088
LOCKOUT0x001016
PASSWD_NOTREQD0x002032
PASSWD_CANT_CHANGE0x004064
ENCRYPTED_TEXT_PWD_ALLOWED0x0080128
TEMP_DUPLICATE_ACCOUNT0x0100256
NORMAL_ACCOUNT0x0200512
INTERDOMAIN_TRUST_ACCOUNT0x08002048
WORKSTATION_TRUST_ACCOUNT0x10004096
    TRUST_ACCOUNT0x20008192
DONT_EXPIRE_PASSWORD0x1000065536
MNS_LOGON_ACCOUNT0x20000131072
SMARTCARD_REQUIRED0x40000262144
TRUSTED_FOR_DELEGATION0x80000524288
NOT_DELEGATED0x1000001048576
USE_DES_KEY_ONLY0x2000002097152
DONT_REQ_PREAUTH0x4000004194304
PASSWORD_EXPIRED0x8000008388608
TRUSTED_TO_AUTH_FOR_DELEGATION0x100000016777216
PARTIAL_SECRETS_ACCOUNT0x04000000 67108864