Ondrej Sevecek's Blog

Engineering and troubleshooting by Directory Master!

Follow @OndrejSevecek

RSS

Manage Subscriptions

/_layouts/images/ReportServer/Manage_Subscription.gif

/_layouts/ReportServer/ManageSubscriptions.aspx?list={ListId}&ID={ItemId}

0x80

0x0

FileType

rdl

350

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rdl

351

Manage Shared Datasets

/_layouts/ReportServer/DatasetList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rdl

352

Manage Parameters

/_layouts/ReportServer/ParameterList.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

353

Manage Processing Options

/_layouts/ReportServer/ReportExecution.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

354

Manage Cache Refresh Plans

/_layouts/ReportServer/CacheRefreshPlanList.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

355

View Report History

/_layouts/ReportServer/ReportHistory.aspx?list={ListId}&ID={ItemId}

0x0

0x40

FileType

rdl

356

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsds

350

Edit Data Source Definition

/_layouts/ReportServer/SharedDataSource.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsds

351

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

350

Manage Clickthrough Reports

/_layouts/ReportServer/ModelClickThrough.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

352

Manage Model Item Security

/_layouts/ReportServer/ModelItemSecurity.aspx?list={ListId}&ID={ItemId}

0x0

0x2000000

FileType

smdl

353

Regenerate Model

/_layouts/ReportServer/GenerateModel.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

354

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

smdl

351

Load in Report Builder

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderModelContext&list={ListId}&ID={ItemId}

0x0

0x2

FileType

smdl

250

Edit in Report Builder

/_layouts/images/ReportServer/EditReport.gif

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderReportContext&list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

250

Edit in Report Builder

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderDatasetContext&list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

250

Manage Caching Options

/_layouts/ReportServer/DatasetCachingOptions.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

350

Manage Cache Refresh Plans

/_layouts/ReportServer/CacheRefreshPlanList.aspx?list={ListId}&ID={ItemId}&IsDataset=true

0x0

0x4

FileType

rsd

351

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rsd

352

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

353

All Site Content

Ondrej Sevecek's Blog > Posts > Vyhledání všech účtů s povolenou Kerberos delegací

červen 21

Vyhledání všech účtů s povolenou Kerberos delegací

by Ondřej Ševeček

on 21.6.2012 8:11

Category: Kerberos; Skripty a PowerShell

Tuhle jsem psal o Kerberos Delegation a zmiňoval jsem, že je to bezpečnostně citlivá záležitost. Jak najdete všechny účty, které mají delegaci povolenu? Použijeme PowerShell:

$rootDSE = [ADSI] 'LDAP://RootDSE'
$searcher = [ADSISearcher] ('LDAP:// + $rootDSE.defaultNamingContext) 
$searcher.PageSize = 1
$searcher.SearchScope = 'subTree'

$fltDelegation = '(|(msDS-AllowedToDelegateTo=*)(userAccountControl:1.2.840.113556.1.4.803:=524288))'
$fltDC = '(userAccountControl:1.2.840.113556.1.4.803:=8192)'
$fltRODC = '(userAccountControl:1.2.840.113556.1.4.803:=67108864)'

$searcher.Filter = "(&($fltDelegation)(!$fltDC)(!$fltRODC))"
$searcher.Asynchronous = $true
$searchRes = $searcher.FindAll()

$searchRes | % { 

  $oneObj = [ADSI] ($_.Path)
 
  [PSObject] $out = New-Object PSObject 

  $out | Add-Member -MemberType NoteProperty -Name Path -Value $_.Path
  $out | Add-Member -MemberType NoteProperty -Name UPN -Value $oneObj.userPrincipalName
  $out | Add-Member -MemberType NotePropetty -Name Name -Value $oneObj.cn
  $out | Add-Member -MemberType NoteProperty -Name DisplayName -Value $oneObj.displayName

  $out

} | ft -AutoSize

$searchRes.Dispose()
$searcher.Dispose()

Poznámka - vyhledávací filtr nerozlišuje (tedy je vyhledá všechny) mezi constrained delegation (trust to the specified services only) a unconstrained delegation (trust to any service). Vyhledávací filtr taky vynechává DC a RODC, protože tyto objekty mají delegaci zapnutou automaticky.

1 Comment(s)

Manage Subscriptions

/_layouts/images/ReportServer/Manage_Subscription.gif

/_layouts/ReportServer/ManageSubscriptions.aspx?list={ListId}&ID={ItemId}

0x80

0x0

FileType

rdl

350

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rdl

351

Manage Shared Datasets

/_layouts/ReportServer/DatasetList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rdl

352

Manage Parameters

/_layouts/ReportServer/ParameterList.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

353

Manage Processing Options

/_layouts/ReportServer/ReportExecution.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

354

Manage Cache Refresh Plans

/_layouts/ReportServer/CacheRefreshPlanList.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

355

View Report History

/_layouts/ReportServer/ReportHistory.aspx?list={ListId}&ID={ItemId}

0x0

0x40

FileType

rdl

356

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsds

350

Edit Data Source Definition

/_layouts/ReportServer/SharedDataSource.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsds

351

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

350

Manage Clickthrough Reports

/_layouts/ReportServer/ModelClickThrough.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

352

Manage Model Item Security

/_layouts/ReportServer/ModelItemSecurity.aspx?list={ListId}&ID={ItemId}

0x0

0x2000000

FileType

smdl

353

Regenerate Model

/_layouts/ReportServer/GenerateModel.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

354

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

smdl

351

Load in Report Builder

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderModelContext&list={ListId}&ID={ItemId}

0x0

0x2

FileType

smdl

250

Edit in Report Builder

/_layouts/images/ReportServer/EditReport.gif

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderReportContext&list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

250

Edit in Report Builder

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderDatasetContext&list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

250

Manage Caching Options

/_layouts/ReportServer/DatasetCachingOptions.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

350

Manage Cache Refresh Plans

/_layouts/ReportServer/CacheRefreshPlanList.aspx?list={ListId}&ID={ItemId}&IsDataset=true

0x0

0x4

FileType

rsd

351

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rsd

352

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

353

Comments

preklepy

v kodu je 2x preklep, jinak diky za kod.

$searcher = [ADSISearcher] ('LDAP:// + $rootDSE.defaultNamingContext)
=
$searcher = [ADSISearcher] ('LDAP://' + $rootDSE.defaultNamingContext)

$out | Add-Member -MemberType NotePropetty -Name Name -Value $oneObj.cn
=
$out | Add-Member -MemberType NoteProperty -Name Name -Value $oneObj.cn

VasekB on 9.4.2013 18:28

Manage Subscriptions

/_layouts/images/ReportServer/Manage_Subscription.gif

/_layouts/ReportServer/ManageSubscriptions.aspx?list={ListId}&ID={ItemId}

0x80

0x0

FileType

rdl

350

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rdl

351

Manage Shared Datasets

/_layouts/ReportServer/DatasetList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rdl

352

Manage Parameters

/_layouts/ReportServer/ParameterList.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

353

Manage Processing Options

/_layouts/ReportServer/ReportExecution.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

354

Manage Cache Refresh Plans

/_layouts/ReportServer/CacheRefreshPlanList.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

355

View Report History

/_layouts/ReportServer/ReportHistory.aspx?list={ListId}&ID={ItemId}

0x0

0x40

FileType

rdl

356

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsds

350

Edit Data Source Definition

/_layouts/ReportServer/SharedDataSource.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsds

351

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

350

Manage Clickthrough Reports

/_layouts/ReportServer/ModelClickThrough.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

352

Manage Model Item Security

/_layouts/ReportServer/ModelItemSecurity.aspx?list={ListId}&ID={ItemId}

0x0

0x2000000

FileType

smdl

353

Regenerate Model

/_layouts/ReportServer/GenerateModel.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

smdl

354

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

smdl

351

Load in Report Builder

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderModelContext&list={ListId}&ID={ItemId}

0x0

0x2

FileType

smdl

250

Edit in Report Builder

/_layouts/images/ReportServer/EditReport.gif

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderReportContext&list={ListId}&ID={ItemId}

0x0

0x4

FileType

rdl

250

Edit in Report Builder

/_layouts/ReportServer/RSAction.aspx?RSAction=ReportBuilderDatasetContext&list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

250

Manage Caching Options

/_layouts/ReportServer/DatasetCachingOptions.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

350

Manage Cache Refresh Plans

/_layouts/ReportServer/CacheRefreshPlanList.aspx?list={ListId}&ID={ItemId}&IsDataset=true

0x0

0x4

FileType

rsd

351

Manage Data Sources

/_layouts/ReportServer/DataSourceList.aspx?list={ListId}&ID={ItemId}

0x0

0x20

FileType

rsd

352

View Dependent Items

/_layouts/ReportServer/DependentItems.aspx?list={ListId}&ID={ItemId}

0x0

0x4

FileType

rsd

353

Add Comment

Sorry comments are disable due to the constant load of spam *

Omlouvám se, ale příval spamu nelze kontrolovat, takže mi prosím pošlete email, pokud máte nějaký dotaz, nebo připomínku.

Title

Pole Title nemusíte vyplňovat, doplní se to samo na stejnou hodnotu jako je nadpis článku.

Author *

Pole Author nesmí být stejné jako pole Title! Mám to tu jako ochranu proti spamu. Roboti to nevyplní dobře :-)

Body *

Email

Emailová adresa, pokud na ni chcete ode mě dostat odpověď. Nikdo jiný než já vaši emailovou adresu neuvidí.

Ondrej Sevecek's Blog