Netwrix Newsletter, August 2007: Custom Built Products and PowerShell-Based ID Management

Welcome to the August issue of our monthly newsletter. This month, we are introducing a new service from Netwrix: custom-built products tailored to your needs. We will also cover today's popular Windows PowerShell technology and its possible applications for performing your daily tasks.

Table of Contents

Can't Find Your Solution? Let Netwrix Build It for You!

Many vendors... many products... but nothing matches your real needs to the desired extent? Show us the product you'd like to have tailored to your needs (done previously either by Netwrix or any other vendor), and we'll give you a proposal to create and implement it, whether this entails a slight modification or a completely new product.

Our proposal will be much more affordable than building the same in-house or requesting other vendor to extend it. Why? Our goal is obvious: if you need this, then other organizations most likely need this as well, and it is possible to sell it to others once we have it created it for you. This is why we produce what you need very cheaply for you (we don't receive a profit; in fact, we invest a part of our own money), while remaining beneficial to both parties.

Contact us today and receive a proposal tomorrow.
URL: https://www.netwrix.com/contact.html
Phone: 888-638-9749

Real Men Don't Click: Windows PowerShell in ID Management

Windows PowerShell has gained big popularity in the Windows IT world. PowerShell was introduced more than a year ago and has already been downloaded by millions of Windows administrators. It's already become a part of Windows Server 2008 coming later this year, and many Microsoft and third-party products are being built on top of this exciting technology.

The idea behind PowerShell is automation. Windows always had a very nice UI, but if you want to automate something, you're most likely in trouble. This is where PowerShell comes in: it lets you control your Windows environment entirely from the command line, in unattended mode. The real "Power" of PowerShell is in its simplicity-you can script a great deal of work using one line of code. Basic building blocks of such scripts are called "cmdlets", and these are provided by Microsoft and many other vendors. For example, one cmdlet can read an event log and another cmdlet can send e-mail. Combine them to receive notifications about specific entries in an event log, such as service failures and security-related events.

For example, the following example extracts all account lockout events and sends e-mails about all of them to a specified recipient:

Get-EventLog -logName "Security" | Where { $_.EventID -eq 644 } | ForEach ($_) { (new-object Net.Mail.SmtpClient -arg "example.com").Send("events@example.com", "me@example.com", "Account Locked Out", "Account SID: " + $_.ReplacementStrings[2])}

The script might seem a bit complicated, but a closer look reveals all the details: the script reads a security log, filters it for EventID 644 (account lockout), and sends an e-mail to "me@example.com" for every matching event, even placing the user SID (string #2 from event) in the message body. Bingo!

Two weeks ago, we released a new product based on Windows PowerShell - Account Lockout Examiner for PowerShell. This product adds three new cmdlets to ease your task of account lockout management:

  • 1) Examine possible causes of account lockouts;
  • 2) Reset forgotten passwords;
  • 3) Unlock locked accounts.

The first cmdlet does a great deal of work: it tells you how specified accounts can cause account lockouts. For example, Windows services or scheduled tasks set up under stale credentials or old network drive mapping can cause account lockout every time a user logs on. The purposes of the second and third cmdlets are obvious: once the reason for account lockout is examined and fixed, you can unlock the account or reset its password to prevent further account lockouts.

Let's see how new cmdlets can be used. The following script detects new account lockouts, examines their reasons, and e-mails the results to you:

Get-EventLog -logName "Security" | Where { $_.EventID -eq 644 } | ForEach { Examine-NClockout $_.ReplacementStrings[2] "mycomputer" } | ForEach {(new-object Net.Mail.SmtpClient -arg " example.com").Send("ex@ example.com", "me@example.com", "Account Locked Out", $_) }

You can try it yourself - a free evaluation of the new product is available here:https://www.netwrix.com/account_lockout_examiner.html