Love the module. Thanks for all the work. I like to open my WindowsTerminal.exe and/or ssms.exe ( e.g. _SQL Server Management Studio ) with Network Credentials. When I have a few windows open it would be nice to run a command to check if the current process has negotiated the network credentials and what credentials did it negotiate with.
I'm essentially using Get-NtlogonSession to get the LogonId where the LogonType is NewCredentials. Then I can pass the LogonSession into Get-KerberosTicket to view the potential negotiated credential name. Now in order to map the LogonId to a process, I was using get-NtProcess -access QueryLimitedInformation to grab all the ProcessIds. Then I was using get-NttokenfromProcess to grab the AuthenticationId to map back to the LogonId from Get-NtLogonSession.
Is this the ideal way to do it or is there a more straightforward approach?
Love the module. Thanks for all the work. I like to open my
WindowsTerminal.exeand/orssms.exe( e.g. _SQL Server Management Studio ) with Network Credentials. When I have a few windows open it would be nice to run a command to check if the current process has negotiated the network credentials and what credentials did it negotiate with.I'm essentially using
Get-NtlogonSessionto get theLogonIdwhere theLogonTypeisNewCredentials. Then I can pass theLogonSessionintoGet-KerberosTicketto view the potential negotiated credential name. Now in order to map theLogonIdto a process, I was usingget-NtProcess -access QueryLimitedInformationto grab all theProcessIds. Then I was usingget-NttokenfromProcessto grab theAuthenticationIdto map back to theLogonIdfromGet-NtLogonSession.Is this the ideal way to do it or is there a more straightforward approach?