It's doable with klist, but that would just make this already complex process more so.
https://technet.microsoft.com/en-us/library/hh134826(v=ws.11).aspx Daniel Ratliff From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Wolf, Daniel Sent: Wednesday, May 04, 2016 12:25 PM To: powersh...@lists.myitforum.com Subject: [powershell] RE: Server 2008 R2 Unfortunately the way authentication works, disabling an account only works once the Kerberos ticket is refreshed, which will likely be hours. The account must be disabled and the computer rebooted/signed off for it to prevent access. From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Lemmiksoo, Todd Sent: Wednesday, May 4, 2016 10:40 AM To: 'powersh...@lists.myitforum.com' <powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com>> Subject: [powershell] RE: Server 2008 R2 What my I am trying to do is lock the users AD account if they have been infected with ransomeware and are encrypting files on our Windows Server 2008R2 file server. I have setup FSRM to monitor a "Honeypot share and file" for changes. The idea being to lock the user account so the ransomeware cannot encrypt files on the file server. Todd Lemmiksoo 225-237-1836 From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, May 4, 2016 10:19 AM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] RE: Server 2008 R2 Down-level operating system environments often don't have the same WMI/CIM plumbing as newer operating system environments. Prior to the SmbShare module, I would use the "net share" command in PowerShell and wrap it so it looked like native PowerShell. You can also use the Wscript.Network object - it works just as well in PowerShell as it does in VBScript. I don't know exactly what you are trying to do, so I can only give this general advice. From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Lemmiksoo, Todd Sent: Wednesday, May 4, 2016 10:20 AM To: 'powersh...@lists.myitforum.com' Subject: [powershell] RE: Server 2008 R2 I copied the modules\smbshare folder to the 2008R2 server and now get "Invalid namespace" error. [cid:image001.png@01D1A601.E818E9E0] Will try the WMI command. Still get the invalid namespace error. Todd Lemmiksoo 225-237-1836 From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Kelley, Matthew Sent: Wednesday, May 4, 2016 8:53 AM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] RE: Server 2008 R2 I would try to copy the folder over and see if it works, or just read through the script and see if you can pull out the part you need. C:\Windows\System32\WindowsPowerShell\v1.0\Modules\SmbShare I opened up the cmdlet definition. It is querying this WMI namespace/class: gwmi -Namespace "ROOT/Microsoft/Windows/SMB" -Class msft_smbshare | select * Maybe you can just use that somehow to get what you need? From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com> [mailto:listsadmin@lists.myitforum.com] On Behalf Of Lemmiksoo, Todd Sent: Wednesday, May 04, 2016 9:38 AM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] Server 2008 R2 I am trying to run a script the has "Get-SmbShare" in it. Is this command not available on Server 2008 R2. I have upgraded the PowerShell version on the server to ver 5. Todd Lemmiksoo System Engineer 225-237-1836 General Health System IS 8490 Picardy Ave Suite 500B Baton Rouge, LA 70809 Confidentiality Notice: This email and its attachments may contain privileged and confidential information and/or protected health information (PHI) intended solely for the use of the recipient(s) named above. If you are not the recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing or copying of this email message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately by phone or notify the Compliance Hotline at 1-866-737-4448 and permanently delete this email and any attachments. ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues Confidentiality Notice: This email and its attachments may contain privileged and confidential information and/or protected health information (PHI) intended solely for the use of the recipient(s) named above. If you are not the recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing or copying of this email message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately by phone or notify the Compliance Hotline at 1-866-737-4448 and permanently delete this email and any attachments. Confidentiality Notice: This email and its attachments may contain privileged and confidential information and/or protected health information (PHI) intended solely for the use of the recipient(s) named above. If you are not the recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing or copying of this email message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately by phone or notify the Compliance Hotline at 1-866-737-4448 and permanently delete this email and any attachments. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
