An Exercise in Discover Whether an Active Directory Account Has RDP Access to Windows Bastion Hosts

Check Computers:

$computernames='RDPSERVER01','RDPSERVER02','RDPSERVER03'
invoke-command -computername $computernames {get-localgroupmember 'remote desktop users'}|select PSComputername,Name
# Sample output
PS C:\Windows\system32> invoke-command -computername @('RDPSERVER01','RDPSERVER02','RDPSERVER03') {get-localgroupmember 'remote desktop users'}|select PSComputername,Name

PSComputerName Name
-------------- ----
RDPSERVER01   KIMCONNECT\Domain Admins
RDPSERVER01   KIMCONNECT\Bastion RDP
RDPSERVER02   KIMCONNECT\Domain Admins
RDPSERVER02   KIMCONNECT\Bastion RDP
RDPSERVER03   KIMCONNECT\Domain Admins
RDPSERVER03   KIMCONNECT\Bastion RDP

Check User Account:

$username='kimconnect'
Get-ADUser $username -Properties *|select SamAccountName,Name,BadLogonCount,LastLogonDate,LockedOut,MemberOf,Modified,PasswordExpired,PasswordLastSet
# Sample output
PS C:\Windows\system32> Get-ADUser $username -Properties *|select SamAccountName,Name,BadLogonCount,LastLogonDate,LockedOut,MemberOf,Modified,PasswordExpired,PasswordLastSet

SamAccountName  : kimconnect
Name            : Kim Connect
BadLogonCount   : 2
LastLogonDate   : 10/13/2010 1:41:45 AM
LockedOut       : False
MemberOf        : {CN=Bastion RDP,DC=kimconnect,DC=com}
Modified        : 10/13/2010 1:41:53 AM
PasswordExpired : False
PasswordLastSet : 10/13/2010 1:41:45 AM

Leave a Reply

Your email address will not be published. Required fields are marked *