I created DLP-Lookup script in powershell that will take in sender-ip=some_IP_address, and will return userId
Two issues
1. This script will work if I perform Run-As, another-account
2. The server that the DLP engine is located will not run using another-account
This means that when DLP invokes the script, the script must automatically run as our another-account otherwise it will not be able to find userId based on some_IP_address
Here is the script I have so far
$username = 'another-account'
$password = get-content D:\script\do_not_delete.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $username,$password$line_array = @()
$multi_array = @()
[hashtable]$my_hash = @{}foreach ($i in $args){
$line_array+= $i.split(" ")
}foreach ($j in $line_array){
$multi_array += ,@($j.split("="))
}foreach ($k in $multi_array){
$my_hash.add($k[0],$k[1])
}$Sender_IP = $my_hash.Get_Item("sender-ip")
$eventList = @()
Get-EventLog "Security" -computername $Sender_IP `
| Where -FilterScript {$_.EventID -eq 4624 -and $_.ReplacementStrings[4].Length -gt 10 -and $_.ReplacementStrings[5] -notlike "*$"} `
| Select-Object -First 2 `
| foreach-Object {
$row = "" | Select UserName, LoginTime
$row.UserName = $_.ReplacementStrings[5]
$row.LoginTime = $_.TimeGenerated
$eventList += $row
}
$userId = $eventList[0].UserName
$userId
I followed directions on how to create a file with the encrypted password and store it in D:\script\do_not_delete.txt from this website, http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx
I just do not know how to make this script run in the context of the service account based on
$username = 'another-account'
$password = get-content D:\script\do_not_delete.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $username,$password
Any guidance is greatly appreciated!!!!!