Love the module. Thanks for all the work. I like to open my WindowsTerminal.exe and/or ssms.exe ( e.g. _SQL Server Management Studio ) with Network Credentials. When I have a few windows open it would be nice to run a command to check if the current process has negotiated the network credentials and what credentials did it negotiate with.
I'm essentially using Get-NtlogonSession to get the LogonId where the LogonType is NewCredentials. Then I can pass the LogonSession into Get-KerberosTicket to view the potential negotiated credential name. Now in order to map the LogonId to a process, I was using get-NtProcess -access QueryLimitedInformation to grab all the ProcessIds. Then I was using get-NttokenfromProcess to grab the AuthenticationId to map back to the LogonId from Get-NtLogonSession.
Is this the ideal way to do it or is there a more straightforward approach?
Love the module. Thanks for all the work. I like to open my
WindowsTerminal.exe
and/orssms.exe
( e.g. _SQL Server Management Studio ) with Network Credentials. When I have a few windows open it would be nice to run a command to check if the current process has negotiated the network credentials and what credentials did it negotiate with.I'm essentially using
Get-NtlogonSession
to get theLogonId
where theLogonType
isNewCredentials
. Then I can pass theLogonSession
intoGet-KerberosTicket
to view the potential negotiated credential name. Now in order to map theLogonId
to a process, I was usingget-NtProcess -access QueryLimitedInformation
to grab all theProcessId
s. Then I was usingget-NttokenfromProcess
to grab theAuthenticationId
to map back to theLogonId
fromGet-NtLogonSession
.Is this the ideal way to do it or is there a more straightforward approach?