下面是使用 Setspn.exe 命令行实用程序的基本语法,其中“accountname”可以是单独的名称,也可以是域\名称。 setspn [parameter] accountname Setspn.exe 可以使用下列参数: 参数 功能 示例 -R 重置HOSTServicePrincipalName 。 setspn -R computername -A 添加任意的 SPN。 setspn -A SPN computername -D 删除任意...
下面是使用 Setspn.exe 命令行实用程序的基本语法,其中“accountname”可以是单独的名称,也可以是域\名称。 setspn [parameter] accountname Setspn.exe 可以使用下列参数: 参数 功能 示例 -R 重置HOSTServicePrincipalName 。 setspn -R computername -A 添加任意的 SPN。 setspn -A SPN computername -D 删除任意...
In Enter the object name to select, type the group or user account name to which you want to delegate permission, and then click OK. Configure the Apply onto box for Computer objects. At the bottom of the Permissions box, select the Allow check box that corresponds to the Validated write...
In Enter the object name to select, type the group or user account name to which you want to delegate permission, and then click OK. Configure the Apply onto box for Computer objects. At the bottom of the Permissions box, select the Allow check box that corresponds to the Validated write...
Lưu ý -C and -U are exclusive. If neither is specified, the tool will interpret accountname as a computer name if such a computer exists, and a user name if it does not. Lưu ý Query Mode ParametersSearch for duplicate SPNs.Usage: setspn -X...
Note -C and -U are exclusive. If neither is specified, the tool will interpret accountname as a computer name if such a computer exists, and a user name if it does not.Note Query Mode ParametersSearch for duplicate SPNs.Usage: setspn -X...
setspn.exe -s ServiceClass/hostname:port service_account:关联一个 SPN 到指定的服务账户。 ServiceClass:服务类别,如 HTTP、MSSQLSvc 等。 hostname:port:服务的主机名和端口号。 service_account:服务账户,可以是计算机账户或者服务账户。 setspn.exe -l service_account:列出指定账户已经注册的 SPN。
如终端、交换机、微软SQL等,并隐藏他们。此外,SPN的识别也是kerberoasting攻击的第一步。
setspn -a host/<server name> <service account> For example, in a scenario in which all federation servers are clustered under the Domain Name System (DNS) host name fs.fabrikam.com and the service account name that is assigned to the AD FS 2.0 AppPool is named adfs2farm, type the comm...
setspn [modifiers switch] [accountname] Where [accountname] can be the name or domain\name of the target computer or user account. Parameters Note -C and -U are exclusive. If neither is specified, the tool will interpret accountname as a computer name if such a computer exists, and a ...