Troubleshoot common login issues and ensure compliance by providing information about failed logins on devices and running campaigns warning about near password expiration.
Script Invoke Proactive Password Reset
- Version 2.0.0.0 – Fixed errors with some domain users and code refactor
- Version 1.0.0.0 – Initial release
Script Description
Checks password expiration date and if it is within the timeframe provided by the input parameter, runs a campaign to warn the user (providing link to reset the password).
Execution context and suggested scheduling
Run the script as interactive user. The script should be executed every 1 week.
Parameters
| ID | Label | Description |
|---|---|---|
| 1 | Campaign Id | UID of the campaign to notify the user that the password is about to expire and to provide the URL to reset it |
| 2 | Days Until Expiration | Number of days left for the password to expire. If expiration date is inside this timeframe, the campaign is run |
| 3 | Maximum Delay In Seconds | Maximum random delay set to avoid domain controller overload. Provide number of seconds less than 600 |
Outputs
None.
Further Information
Please make sure to modify the sample URL included in the campaign with the desired one.
Restrictions
- If Domain Controller and devices are not fully synchronized, information about password expiration date on the devices could not be precise. Please make sure to take this into consideration when running the Remote Action
Script Get Failed Logins
- Version 1.0.0.0 – Initial release
Script Description
Obtains information about all failed login attempts. The script can be successfully executed only on devices with ‘Audit Logon Events’ policy enabled and Windows 10 or Windows 7 installed.
Execution context and suggested scheduling
Run the script as local system. The script should be executed manually.
Parameters
| ID | Label | Description |
|---|---|---|
| 1 | Maximum Delay In Seconds | Maximum random delay set to avoid overloading server hosting virtual machines. Provide number of seconds less than 600 |
Outputs
| ID | Label | Type | Description |
|---|---|---|---|
| 1 | Failed Logins | StringList | Information about failed login attempts (user name, event time, logon failure status code, logon type code) |
| 2 | Failed Logins Count | Int | Number of failed login attempts. It always shows full number of failed logins even when number of displayed events in ‘FailedLogins’ output parameter has been truncated due to limited output capacity |
Further Information
Parameter ‘MaximumDelayInSeconds’ can be used to add random script execution delay. It should be used on servers hosting virtual machines to spread the number of I/O requests over time.
Microsoft website – https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625 – provides information about logon failure status codes and logon type codes.
Restrictions
- The script can be successfully executed only on devices with ‘Audit Logon Events’ policy enabled.
- Due to limited capacity of ‘FailedLogins’ output field, detailed information about failed loggings attempts can be truncated.
Content
Campaigns
Remote Actions
Required Modules
Nexthink Act
Nexthink Engage
Platforms
Windows
Compatibility
V6.14 and later
