Integration NPS with "Powershell Code Signing" in ADDS Tiering

Products Privilege Secure Discussions & Questions
,
1

Hi everyone,

I have a question that I hope someone can help me with.

I need to understand how NPS performs the “logoff user” operations and the deletion of local profiles on target machines.

This is because I need to install NPS servers for a client who has implemented, in addition to ADDS tiering, the digital signing of PowerShell scripts.

Currently, the NPS server is unable to log off RDP sessions or delete local profiles.

Thank you very much for your attention and support.

Carlo

2

Hey Carlo, I’ve run into similar issues trying to identify exactly the behavior of some of the built-in Netwrix functions. There is a folder containing a lot of the built in scripts at the following directory. Unfortunately, it’s oddly locked down and the only permission on the folder is for NT System.

%programFiles%\stealthbits\PAM\ActionServiceWorker\Powershell

In that folder there is a script LogoffUser.ps1 that is likely called to logoff a user session. That script is signed, but is just a wrapper for another function imported from another script/module within that folder. Hopefully this gives you a direction to go in! Nothing is documented in this folder so you’ll have to just read and trace your way through their command calls to figure EXACTLY what is happening. Good luck, and I’d be curious to know what you find out!

– edit –
You should take a look at the file SbPAMPlatformManager.psm1 line 1634 for the logic around logging off a user it seems.

3 Likes
3

Thank you so much, David!!!

I’ll now see if I can better understand how to resolve the situation thanks to your suggestions. I’ll definitely update you on the results of the analysis.

Bye.

Carlo

2 Likes
4

Hi David, unfortunately, I still can’t find a solution to my problem because I am currently stuck on another blocking issue for which even support can’t provide a solution.

Once I have resolved the first blocking issue, I will dedicate myself to this one.

I hope to talk to you soon.

Thanks again for your support.

Bye

C.

1 Like
5

Sorry to hear you’re running into other issues, I’m all to familiar with that pain. Best of luck working on it, and happy to help!

1 Like
6

Hi Carlo,

This may be due to replication delays, but without specific errors it’s tough to say for sure. Can you please open a support ticket for this issue?

- Dan