From 0aaa23cd8656f0b92f2fac3cd8e6be68eed7d809 Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Mon, 12 Dec 2016 21:05:08 -0500 Subject: first take at platyPS doc generation --- docs/Recon/Get-WMIRegCachedRDPConnection.md | 99 +++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100755 docs/Recon/Get-WMIRegCachedRDPConnection.md (limited to 'docs/Recon/Get-WMIRegCachedRDPConnection.md') diff --git a/docs/Recon/Get-WMIRegCachedRDPConnection.md b/docs/Recon/Get-WMIRegCachedRDPConnection.md new file mode 100755 index 0000000..fe60228 --- /dev/null +++ b/docs/Recon/Get-WMIRegCachedRDPConnection.md @@ -0,0 +1,99 @@ +# Get-WMIRegCachedRDPConnection + +## SYNOPSIS +Returns information about RDP connections outgoing from the local (or remote) machine. + +Note: This function requires administrative rights on the machine you're enumerating. + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: ConvertFrom-SID + +## SYNTAX + +``` +Get-WMIRegCachedRDPConnection [[-ComputerName] ] [-Credential ] +``` + +## DESCRIPTION +Uses remote registry functionality to query all entries for the +"Windows Remote Desktop Connection Client" on a machine, separated by +user and target server. + +## EXAMPLES + +### -------------------------- EXAMPLE 1 -------------------------- +``` +Get-WMIRegCachedRDPConnection +``` + +Returns the RDP connection client information for the local machine. + +### -------------------------- EXAMPLE 2 -------------------------- +``` +Get-WMIRegCachedRDPConnection -ComputerName WINDOWS2.testlab.local +``` + +Returns the RDP connection client information for the WINDOWS2.testlab.local machine + +### -------------------------- EXAMPLE 3 -------------------------- +``` +Get-DomainComputer | Get-WMIRegCachedRDPConnection +``` + +Returns cached RDP information for all machines in the domain. + +### -------------------------- EXAMPLE 4 -------------------------- +``` +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +``` + +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Get-WMIRegCachedRDPConnection -ComputerName PRIMARY.testlab.local -Credential $Cred + +## PARAMETERS + +### -ComputerName +Specifies the hostname to query for cached RDP connections (also accepts IP addresses). +Defaults to 'localhost'. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: HostName, dnshostname, name + +Required: False +Position: 1 +Default value: Localhost +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Credential +A \[Management.Automation.PSCredential\] object of alternate credentials +for connecting to the remote system. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: [Management.Automation.PSCredential]::Empty +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +## OUTPUTS + +### PowerView.CachedRDPConnection + +A PSCustomObject containing the ComputerName and cached RDP information. + +## NOTES + +## RELATED LINKS + -- cgit v1.2.3