From 894a0e803e52ac670171b29dce891b7a2f2e79d0 Mon Sep 17 00:00:00 2001 From: Kevin Robertson Date: Thu, 7 Sep 2017 12:54:10 -0400 Subject: Readme update --- README.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6673a3f..9a60bd4 100644 --- a/README.md +++ b/README.md @@ -42,13 +42,33 @@ Note that ms-DS-MachineAccountQuota does not provide the ability for authenticat * Add a new machine account `New-MachineAccount -MachineAccount iamapc` +* Use the added account with runas /netonly +`runas /netonly /user:domain\iamapc$` + ## Disable-MachineAccount This function can disable a machine account that was added through New-MachineAccount. This function should be used with the same user that created the machine account. ## Set-MachineAccountAttribute -This function can populate some attributes for an account that was added through New-MachineAccount, if a user has write access. This function should be used with the same user that created the machine account. +This function can populate some attributes for an account that was added through New-MachineAccount, if a user has write access. This function should be used with the same user that created the machine account. + +Here is a list of some of the usual write access enabled attributes: + +* AccountDisabled +* description +* displayName +* DnsHostName +* ServicePrincipalName +* userParameters +* userAccountControl +* msDS-AdditionalDnsHostName +* msDS-AllowedToActOnBehalfOfOtherIdentity +* SamAccountName + +* Remove the trailing '$' from the SamAccountName attribute and then use the account with runas /netonly +`Set-MachineAccountAttribute -MachineName iamapc -Attribute SamAccountName -Value iamapc` +`runas /netonly /user:domain\iamapc` ## Get-MachineAccountAttribute -- cgit v1.2.3