RepoMirrors/DSInternals
1
0
Fork 0
mirror of https://github.com/MichaelGrafnetter/DSInternals synced 2025-02-17 19:36:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
187ede3f4f
DSInternals/Documentation/PowerShell/Get-LsaBackupKey.md

91 lines
3.3 KiB
Markdown
Raw Normal View History

LSARPC DPAPI backup key retrieval, refactoring, doc update
2018-12-30 17:23:49 +00:00
---
external help file: DSInternals.PowerShell.dll-Help.xml
Module Name: DSInternals
online version: https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaBackupKey.md
schema: 2.0.0
---
# Get-LsaBackupKey
## SYNOPSIS
Reads the DPAPI backup keys from a domain controller through the LSARPC protocol.
## SYNTAX
```
Get-LsaBackupKey [[-ComputerName] <String>] [<CommonParameters>]
```
## DESCRIPTION
The Data Protection API (DPAPI) is used by several components of Windows to securely store passwords, encryption keys and other sensitive data. When DPAPI is used in an Active Directory domain environment, a copy of user's master key is encrypted with a so-called DPAPI Domain Backup Key that is known to all domain controllers. Windows Server 2000 DCs use a symmetric key and newer systems use a public/private key pair. If the user password is reset and the original master key is rendered inaccessible to the user, the user's access to the master key is automatically restored using the backup key.
## EXAMPLES
### Example 1
```powershell
PS C:\> Get-LsaBackupKey -ComputerName LON-DC1
FilePath : ntds_capi_b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d.pvk
KiwiCommand : REM Add this parameter to at least the first dpapi::masterkey command:
/pvk:"ntds_capi_b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d.pvk"
Type : RSAKey
DistinguishedName :
KeyId : b1c56a3e-ddf7-41dd-a5f3-44a2ed27a96d
Data : {2, 0, 0, 0...}
FilePath : ntds_legacy_7882b20e-96ef-4ce5-a2b9-3efdccbbce28.key
KiwiCommand :
Type : LegacyKey
DistinguishedName :
KeyId : 7882b20e-96ef-4ce5-a2b9-3efdccbbce28
Data : {1, 0, 0, 0...}
```
Displays the DPAPI domain backup keys.
### Example 2
```powershell
PS C:\> Get-LsaBackupKey -ComputerName LON-DC1 | Save-DPAPIBlob -DirectoryPath .\
```
Saves the DPAPI domain backup keys to the working directory.
## PARAMETERS
### -ComputerName
Specifies the target computer for the operation. Enter a fully qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote computer is in a different domain than the local computer, the fully qualified domain name is required.
The default is the local computer. To specify the local computer, such as in a list of computer names, use "localhost", the local computer name, or a dot (.).
```yaml
Type: String
Parameter Sets: (All)
Aliases: Server, ServerName, Computer, Machine, MachineName, System, SystemName
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
### None
## OUTPUTS
### DSInternals.Common.Data.DPAPIBackupKey
## NOTES
Administrative permissions on the target domain controller (DC) are required in order to retrieve DPAPI backup keys.
## RELATED LINKS
[Save-DPAPIBlob](Save-DPAPIBlob.md)
[Get-ADDBBackupKey](Get-ADDBBackupKey.md)
[Get-ADReplBackupKey](Get-ADReplBackupKey.md)
Reference in New Issue Copy Permalink