Continuing the discussion from Detecting Workstation Trust Relationship failures:
Do you have the command and relevance that you used for this? I would like to implement this in my environment as well.
Thanks!
Action:
action uses wow64 redirection false
waithidden cmd.exe /C "{system folder}\nltest.exe /SC_Verify:YourDomain > {(folder "temp" of the windows folder) as string & "\NLTEST.LOG"} 2>&1"
And my Analysis looked like:
Property 1:
exists (lines of file ((folder "temp" of the windows folder) as string & "\NLTEST.LOG")) whose (it contains "ERROR")
Property 2:
exists (lines of file ((folder "temp" of the windows folder) as string & "\NLTEST.LOG")) whose (it contains "ERROR_NO_LOGON_SERVERS")
You may be better off running, “test-computersecurechannel” with powershell but the above is what I ended up doing!
1 Like
Thanks much appreciated!