This week’s session was packed with even more actionable strategies to help harden your environment.
#Get all users
Import-Module ActiveDirectory
Get-ADUser -Filter * -Properties LastLogonTimeStamp, MemberOf |
Select-Object Name, SamAccountName,
@{Name="LastLogonDate";Expression={[DateTime]::FromFileTime($_.LastLogonTimeStamp)}},
@{Name="Groups";Expression={
($_.MemberOf | ForEach-Object {
($_ -split ',')[0] -replace '^CN='
}) -join '; '
}} |
Sort-Object LastLogonDate
#Get Domain admins
Import-Module ActiveDirectory
# Get members of the Domain Admins group
Get-ADGroupMember -Identity "Domain Admins" -Recursive |
Where-Object { $_.objectClass -eq "user" } |
ForEach-Object {
Get-ADUser $_ -Properties LastLogonTimeStamp, MemberOf
} |
Select-Object Name, SamAccountName,
@{Name="LastLogonDate";Expression={[DateTime]::FromFileTime($_.LastLogonTimeStamp)}},
@{Name="Groups";Expression={
($_.MemberOf | ForEach-Object {
($_ -split ',')[0] -replace '^CN='
}) -join '; '
}} |
Sort-Object LastLogonDate
#See which users do not have a fine-grained password policy
Import-Module ActiveDirectory
# Get all users
$allUsers = Get-ADUser -Filter * -Properties msDS-ResultantPSO
# Filter users with no PSO applied
$excludedUsers = $allUsers | Where-Object { -not $_.'msDS-ResultantPSO' }
$excludedUsers | Select-Object Name, SamAccountName
This webinar series is designed to be as technology-agnostic as possible. You don’t need ThreatLocker to participate, but it certainly helps.
If you want to follow along more easily, we’d be happy to help you get started with a ThreatLocker agent. Just book a demo to chat with a ThreatLocker Solutions Engineer and get a 30-day free trial to the entire ThreatLocker platform.
Download the week 10 checklist on this page to keep up with key tasks and harden your environment step by step.
You can get caught up here.
Access the additional downloadable resource that will help you make the most of this webinar.
Whether you're starting from zero or organizing an inherited environment, this tactical checklist will help you fully secure your environment step by step.
There are 15 webinars, each approximately one hour long including an audience Q&A. If you put one webinar's recommendations per week, you will complete the series in approximately 100 days.
This series is for IT professionals ready to take control of their environment, whether you've just inherited one, are rebuilding from the ground up, or need to scale and secure what’s already in place.
No, you can implement the recommendations in all or only a few of the sessions, but we do recommend watching all of them in order, as we often build on the previous week's efforts.
No, the entire series, including the additional downloadable resources, is completely free.
Unfortunately, the badge was only available for people who attended the sessions live in May-August 2025.
Request your 30-day trial to the entire ThreatLocker platform today.
Try ThreatLocker