Question: Part 4 Write a Powershell script Situation: You are on the server team at the Acme company. Acme has hundreds of Windows servers located in

Part 4 Write a Powershell script

Situation: You are on the server team at the Acme company. Acme has hundreds of Windows servers located in many facilities around the world. A piece of malware infiltrates the Windows environment that you support. This incident has alarmed the infrastructure team and the IT Security group decides it will use a new tool to identify any servers with the malware. The tool looks for events in the server log files. Your boss comes to you and asks if you can develop a solution for identifying the malware that compliments the IT Security tool.

Description of the malware:

The malware runs a process named Microsoft.ActiveDirectory.Webservices in the hopes that it goes unnoticed. This is the name of a process that an Active Directory domain controller runs. Consequently a server that contains the malware is a normal application server, (not an active directory server), that has the following process running Microsoft.ActiveDirectory.Webservices.

Each site has one Active Directory server. The naming standard for Active Directory servers at Acme is

sss-ADC001 where sss is a three letter site code.

These Powershell commands and CmdLets may also help you with this lab exercise:

Select-String including the quiet parameter

Write-output

Using the = sign to assign values to environment variables.

1. (35 points) Write a Powershell script that runs on a Windows server that will do the following:

a. Detects if a server is a legitimate Active Directory server

b. If it is not a legitimate Active Directory server, write an event type Error into the application log indicating the following message, MalwareAD imposter detected

c. If it is a legitimate Active Directory server, write an event type Information into the application log indicating the following message, MalwareAD imposter checked

2. (5 points) Describe the mechanism you used to differentiate an AD server from all other servers?

3. (10 points) Think and describe a possible way that the mechanism described in the previous question could break as new releases of software are installed on the server.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

In this write up, the following should be covered: What is the primary issue facing the firm? What are the secondary issues facing the firm? What is the most appropriate action for the firm? What...

Up until the time of the COVID-19 crisis, what has been the basis of Lenovo's competitive advantage? How has it managed to leverage its global operations to increase both market share and efficiency?...

Hi there! One more question for you. Similar to my last one. I have to have it done by tonight. Let me know if you cannot do it. Here it is: Scenario 3 May I Propose To... You are a partner in a...

Hi guys, I am trying to properly answer an accounting question concerning shares, bonds, and stock. I was given two annual reports, and am asked to make a decision on one of the companies depending...

Hi there! One more question for you. Similar to my last one. I have to have it done by tonight. Let me know if you cannot do it. Here it is: Scenario 3 May I Propose To... You are a partner in a...

You are a partner in a prestigious accounting firm, and you just received requests for proposal from two companies; Advanced Micro Devices, and Facebook. The deadline for the proposals is, as is...

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

1. Make a PESTLE Analysis of Opportunities and Threats 2. Make a Porter's 5 Forces of Competitive Advantage 3. Make an EFE Matrix Analysis 4. Make an internal analysis sing the VRIO framework. 5....

Can you continue making the VRIO framework and describe its resources and capabilities in the 4 functional areas of management? Resources Valuable Rare Inimitable Well-Organized 7-3 "By selling...

Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which...

Allstar Exposure designs and sells advertising services to small, relatively unknown companies. Last month, Allstar had sales commissions costs of $50,000, technology costs of $75,000, and research...

A gas turbine plant is supplied with air at a pressure 2 bar and 300 K. The air is then compressed to a pressure of 6 bar and then heated to 800C in the combustion chamber. Calculate the thermal...

Assignment 9 : Chapter 1 1 End - of - Chapter Problems A firm with a \ ( 1 3 \ % \ ) WACC is evaluating two projects for this year's capital budget. After - tax cash flows, including depreciation,...

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

After Column and Data Types have been set in the Mining Structure, what is the next step?

What needs to occur after any Structural or Variable setting change in SSAS Mining Structures?

For the highest GS Pay Grade Group (1115) in the Federal Government, what are the chances of Females being included? Do Females have longer service statistics in that Group?