Semana 8: inteligencia lógico-matemática Taller English Rocks
1. Temporalización Una sesión de 60 minutos.
This command will unassign a Defender token from a user in Active Directory.
For batch unassignment of many users or tokens, the Remove-TokenFromUserBatch command will provide better performance than repeated running of this cmdlet.
Syntax
Remove-TokenFromUser [-UserCommonName] <string> [-TokenCommonName] <string> [-
DeleteSoftwareToken [<SwitchParameter>]] [-UserSearchBase <string>] [-TokenSearchBase
<string>] [<CommonParameters>]
Parameters
UserCommonName
Common name of the user from whom the token will be unassigned. TokenCommonName
Common name of the token to be unassigned. DeleteSoftwareToken
Optional, if specified for a Defender Software token, the token will be removed from Active Directory as well as being unassigned from the user account.
UserSearchBase
Optional parameter to specify base container from which to search for users. TokenSearchBase
Optional parameter to specify base container from which to search for tokens.
Remarks
To see the examples, type:
"get-help Remove-TokenFromUser -examples"
For more information, type:
"get-help Remove-TokenFromUser -detailed"
For technical information, type:
"get-help Remove-TokenFromUser -full"
Example 1
Unassign a token with Common Name (CN) GO0030050050277 from a user with CN BSmith:
Remove-TokenFromUser BSmith GO0030050050277
Example 2
Unassign a token with CN GO0030050050277 from a user with CN 'Bob Smith' specifying a specific User Search Base:
Remove-TokenFromUser "Bob Smith" GO0030050050277 -UserSearchBase
"CN=Users,DC=MyDomain,DC=Local"
Remove-TokenFromUserBatch
This command will unassign the tokens in the token file from the users on the corresponding line in the users file. If the users file contains just one user, all tokens listed in the tokens file are unassigned from that user.
If the tokens file contains just one token, all users listed in the users file are unassigned that token. The word all may be specified on a line in the tokens file, in which case all tokens are unassigned from the corresponding user in the users file.
These files use the same format as described for Add-TokenToUserBatch. Syntax
Remove-TokenFromUserBatch [-UsersFile] <string> [-TokensFile] <string>
[-DeleteSoftwareToken [<SwitchParameter>]] [-UserSearchBase <string>]
[-TokenSearchBase <string>] [<CommonParameters>]
Parameters UsersFile
Name of file containing common names of the users from whom tokens will be unassigned. TokensFile
Name of file containing common names of the tokens to be unassigned. DeleteSoftwareToken
Optional, if specified then Defender Software tokens are removed from Active Directory as well as being removed from the user.
UserSearchBase
Optional parameter to specify base container from which to search for users. TokenSearchBase
Optional parameter to specify base container from which to search for tokens.
Remarks
To see the examples, type:
"get-help Remove-TokenFromUserBatch -examples"
For more information, type:
"get-help Remove-TokenFromUserBatch -detailed"
For technical information, type:
Example 1
Unassign tokens from a file named 'Tokens.txt' located in C:\Defender from users listed in the file 'Users.txt' located in C:\Defender:
Remove-TokenFromUserBatch C:\Defender\Users.txt C:\Defender\Tokens.txt
In this example the file format for the UsersFile is a list of users as shown below: Bob Smith
Bill Owen Gill Summers
and the file format for the TokensFile is a list of token CN's that exist in Active Directory, as shown below: GO0030050050277
GO0030050050253 GO0030050050260 In this example:
Bob Smith will have token GO0030050050277 unassigned from his account Bill Owen will have token GO0030050050253 unassigned from his account Gill Summer will have token GO0030050050260 unassigned from her account.
Example 2
Unssign tokens from a file named 'Tokens.txt' located in C:\Defender from users listed in the file 'Users.txt' located in C:\Defender, where only a single user common name is specified:
Remove-TokenFromUserBatch C:\Defender\Users.txt C:\Defender\Tokens.txt
In this example the file format for the UsersFile is a list of users as shown below: Bob Smith
and the file format for the TokensFile is a list of token CN's that exist in Active Directory, as shown below: GO0030050050277
PDAND3316900004 PDIPN3317169661 In this example:
Bob Smith will have token GO0030050050277, PDAND3316900004 and PDIPN3317169661 unassigned from his account.
Example 3
Unssign tokens from a file named 'Tokens.txt' located in C:\Defender from users listed in the file 'Users.txt' located in C:\Defender, where only a single token common name is specified:
Remove-TokenFromUserBatch C:\Defender\Users.txt C:\Defender\Tokens.txt
In this example the file format for the UsersFile is a list of users as shown below: Bob Smith
Bill Owen Gill Summers
and the file format for the TokensFile is a single token CN that exists in Active Directory, as shown below: GO0030050050277
In this example:
Bob Smith, Bill Owen and Gill Summers will have token GO0030050050277 unassigned from their accounts.
Example 4
Unssign tokens from a file named 'Tokens.txt' located in C:\Defender from users listed in the file 'Users.txt' located in C:\Defender, using the \all\ parameter in the Tokens.txt file:
Remove-TokenFromUserBatch C:\Defender\Users.txt C:\Defender\Tokens.txt
In this example the file format for the UsersFile is a list of users as shown below: Bob Smith
Bill Owen Gill Summers
and the file format for the TokensFile is as shown below: GO0030050050277
all all In this example:
Bob Smith will have token GO0030050050277 unassigned from his account Bill Owen will have all Defender tokens unassigned from his account
Gill Summer will have all Defender tokens unassigned from her account.
Example 5
Unassign tokens from a file named 'Tokens.txt' located in C:\Defender from users listed in the file 'Users.txt' located in C:\Defender using a specified User and Token Search Base:
Remove-TokenFromUserBatch C:\Defender\Users.txt C:\Defender\Tokens.txt -
UserSearchBase "CN=Users,DC=mydomain,DC=Local" -TokenSearchBase
Example 6
Unassign tokens from a file named 'Tokens.txt' located in C:\Defender from users listed in the file 'Users.txt' located in C:\Defender, where only a single user common name is specified:
Remove-TokenFromUserBatch C:\Defender\Users.txt C:\Defender\Tokens.txt -
DeleteSoftwareToken
In this example the file format for the UsersFile is a list of users as shown below: Bob Smith
and the file format for the TokensFile is a list of token CN's that exist in Active Directory, as shown below: GO0030050050277
PDAND3316900004 PDIPN3317169661 In this example:
Bob Smith will have token GO0030050050277, PDAND3316900004 and PDIPN3317169661 unassigned from his account. Tokens PDAND3316900004 and PDIPN3317169661 will also be removed from Active Directory.
Reset-DefenderToken
This cmdlet will reset a Defender token to aid authentication should the token become out of synchronization with the Defender Security Server.
Syntax
Reset-DefenderToken [-TokenCommonName] <string> [-TokenSearchBase <string>]
[<CommonParameters>]
Parameters
TokenCommonName
Common name of the token to reset. TokenSearchBase
Optional parameter to specify base container from which to search for tokens.
Remarks
To see the examples, type:
"get-help Reset-DefenderToken -examples"
For more information, type:
"get-help Reset-DefenderToken -detailed"
For technical information, type:
"get-help Reset-DefenderToken -full"
Example 1
To reset the token with common name GO0061454569921:
Reset-DefenderToken GO0061454569921
Example 2
To reset the token with common name GO0061454569921 using a specified Token Search Base:
Reset-DefenderToken GO0061454569921 -TokenSearchBase
"OU=Tokens,OU=Defender,DC=MyDomain,DC=Local"
Reset-DefenderViolationCount
This cmdlet will reset a user's Defender violation count.
Also allows the violation and reset counts to be viewed without resetting them. Syntax
Reset-DefenderViolationCount [-UserCommonName] <string>
[-ViewOnly [<SwitchParameter>]] [-UserSearchBase <string>] [<CommonParameters>]
Parameters
UserCommonName
Common name of the user whose violation count is to be reset. ViewOnly
Optional parameter, if specified then the violation count and reset count are returned but not adjusted. UserSearchBase
Optional parameter to specify base container from which to search for users.
Remarks
To see the examples, type:
"get-help Reset-DefenderViolationCount -examples"
For more information, type:
"get-help Reset-DefenderViolationCount -detailed"
For technical information, type:
"get-help Reset-DefenderViolationCount -full"
Example 1
To reset the Defender Violation Count for a user with CN BSmith:
Reset-DefenderViolationCount BSmith
Example 2
To reset the Defender violation count for a user with CN "Bob Smith" specifying a specific User Search Base:
Reset-DefenderViolationCount "Bob Smith" -UserSearchBase
"CN=Users,DC=MyDomain,DC=Local"
Example 3
To view the violation count and reset count information for a user with CN "Bob Smith":
Set-DefenderPassword
This cmdlet sets the Defender password for a user or all users in a group. Specify the user account name to set the Defender password for that user. Specify the group name to assign the Defender password to all users in the group. Syntax
Set-DefenderPassword [-UserGroupCommonName] <string> [-Password] <string>
[-Expire [<SwitchParameter>]] [-Overwrite [<SwitchParameter>]]
[-UserSearchBase <string>] [<CommonParameters>]
Parameters
UserGroupCommonName
Common name of the user or group of users to which the Defender Password will be added. Password
The Defender Password to set. -Expire
Sets the Defender Password to be expired. -Overwrite
Overwrites an existing Defender Password, by default existing Defender Password are not overwritten. UserSearchBase
Optional parameter to specify base container from which to search for users and groups.
Remarks
To see the examples, type:
"get-help Set-DefenderPassword -examples"
For more information, type:
"get-help Set-DefenderPassword -detailed"
For technical information, type:
"get-help Set-DefenderPassword -full"
Example 1
Assign a Defender Password 'MyPassword' to a user account with Common Name (CN) "Bob Smith":
Set-DefenderPassword "Bob Smith" MyPassword
Example 2
Assign a Defender Password 'MyPassword' to a user account with Common Name (CN) "Bob Smith" and configure the password to expire so that the user is prompted to change the Defender Password on first use:
Set-DefenderPassword "Bob Smith" MyPassword -expire
Example 3
Assign a Defender Password 'MyNewPassword' to a user account with Common Name (CN) "Bob Smith" and configure the password to expire so that the user is prompted to change the Defender Password on first use and
Set-PINOnUserToken
This cmdlet sets a PIN on a token that has been assigned to a user. Syntax
Set-PINOnUserToken [-UserCommonName] <string> [-TokenCommonName] <string> [-TokenPIN]
<string> [-UserSearchBase <string>] [-TokenSearchBase <string>] [<CommonParameters>]
Parameters
UserCommonName
Common name of the user to whom the PIN will be assigned. TokenCommonName
Common name of the token to which the PIN will be assigned. TokenPIN
The PIN to assign. UserSearchBase
Optional parameter to specify base container from which to search for users. TokenSearchBase
Optional parameter to specify base container from which to search for tokens.
Remarks
To see the examples, type:
"get-help Set-PINOnUserToken -examples"
For more information, type:
"get-help Set-PINOnUserToken -detailed"
For technical information, type:
"get-help Set-PINOnUserToken -full"
Example 1
To set a PIN of '1234' on a token with common name (CN) GO0030050050277, which has been assigned to a user with CN "Bob Smith":
Set-PINOnUserToken "Bob Smith" GO0030050050277 1234
Example 2
To set a PIN of '1234' on a token with common name (CN) GO0030050050277, which has been assigned to a user with CN "Bob Smith" using a specified User and Token Search Base:
Set-PINOnUserToken "Bob Smith" GO0030050050277 1234 -UserSearchBase
"CN=Users,DC=mydomain,DC=Local" -TokenSearchBase
Set-TemporaryResponse
To set a temporary token response on a token that has been assigned to a user account and specify the expiry date and whether the temporary token response can be used once only or multiple times.
If the token assigned to the user has a PIN assigned then the PIN must be used with the temporary token response.
Syntax
Set-TemporaryResponse [-UserCommonName] <string> [-TokenCommonName] <string>
[-ExpiryTimeMinutes] <string> [-MultipleUse] [-UserSearchBase <string>]
[-TokenSearchBase <string>] [<CommonParameters>]
Parameters
UserCommonName
Common name of the user to whom the temporary response will be assigned. TokenCommonName
Common name of the token to which the temporary response wil be assigned. ExpiryTimeMinutes
The time, in minutes, for which the temporary response is valid. MultipleUse
Optional parameter, if specified then temporary response can be used multiple times. UserSearchBase
Optional parameter to specify base container from which to search for users. TokenSearchBase
Optional parameter to specify base container from which to search for tokens.
Remarks
To see the examples, type:
"get-help Set-TemporaryResponse -examples"
For more information, type:
"get-help Set-TemporaryResponse -detailed" For technical information, type:
Example 1
To set a temporary token response on a token with common name (CN) GO0061454569921, which has been assigned to a user with CN "Bob Smith" that will expire in 1 day and can only be used once:
Set-TemporaryResponse "Bob Smith" GO0061454569921 1440
When the above cmdlet is used the temporary token response and expiry date / time will be listed as in the example below:
User "Bob Smith" can then use a temporary token response of '600202' once within the next 1440 minutes (1 day).
Example 2
To set a temporary token response on a token with common name (CN) GO0061454569921, which has been assigned to a user with CN "Bob Smith" that will expire in 7 days and can be used multiple times:
Set-TemporaryResponse "Bob Smith" GO0061454569921 10080 -MultipleUse
When the above cmdlet is used the temporary token response and expiry date / time will be listed as in the example below:
User "Bob Smith" can then use a temporary token response of '800750' multiple times within the next 10080 minutes (7 days).
Example 3
To set a temporary token response on a token with common name (CN) GO0061454569921, which has been assigned to a user with CN "Bob Smith" that will expire in 7 days and can be used multiple times specifying a User and Token Search Base:
Set-TemporaryResponse "Bob Smith" GO0061454569921 10080 -MultipleUse -UserSearchBase
"CN=Users,DC=mydomain,DC=Local" -TokenSearchBase
Test-DefenderToken
This cmdlet tests a Defender token's response. Syntax
Test-DefenderToken [-TokenCommonName] <string> [-Response] <string>
[[-Challenge] <string>] [-TokenSearchBase <string>] [<CommonParameters>]
Parameters
TokenCommonName
Common name of the token to test. Response
The token response. Challenge
The token challenge, not required for synchronous tokens. TokenSearchBase
Optional parameter to specify base container from which to search for tokens.
Remarks
To see the examples, type:
"get-help Test-DefenderToken -examples"
For more information, type:
"get-help Test-DefenderToken -detailed"
For technical information, type:
"get-help Test-DefenderToken -full"
Example 1
To test the current token response, 980536, for a synchronous token with common name GO0061454569921:
Test-DefenderToken GO0061454569921 980536
If the response is not valid a message 'Token test failed' will be displayed.
Example 2
To test the current token response for a challenge / response token with common name PDWIN3053600081, where 457939 is the challenge and 363954 the response:
Test-DefenderToken PDWIN3053600081 363954 457939
Example 3
To test the current token response, 574102, for a synchronous token with common name GO0061454569921 using a specified Token Search Base: