Block 64 Administrator Credential Validation Script
Overview
This PowerShell script helps verify whether a credential (local or domain) has the required permissions and remote access to support Block 64 Discovery tools. It performs a series of live connectivity tests against a target Windows machine using the provided username and password.
# === Block 64 Credential Validation Script ===
# This script tests remote access for C$, RPC, WMI, and validates key service states
Clear-Host
Write-Host "=== Block 64 Credential Validation Script ===" -ForegroundColor Cyan
Write-Host "This script will test if the entered credential has remote access to:" -ForegroundColor White
Write-Host "- Admin share (C$)" -ForegroundColor White
Write-Host "- Remote Registry (RPC)" -ForegroundColor White
Write-Host "- WMI service (connection test)" -ForegroundColor White
Write-Host "- Essential service state check (WMI, RPC, SMB, WinRM)" -ForegroundColor White
Write-Host "===================================================" -ForegroundColor Cyan
# Prompt for input
$target = Read-Host "Enter the target hostname or IP"
$username = Read-Host "Enter the username (e.g., DOMAIN\\admin or hostname\\admin)"
$password = Read-Host "Enter the password" -AsSecureString
$creds = New-Object System.Management.Automation.PSCredential($username, $password)
$plainPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
)
$logPath = "C:\Temp"
if (!(Test-Path $logPath)) { New-Item -Path $logPath -ItemType Directory -Force | Out-Null }
$logFile = "$logPath\Block64_CredentialValidation_$(Get-Date -Format yyyyMMdd_HHmmss).txt"
function Log {
param (
$message,
$color = "White"
)
Write-Host $message -ForegroundColor $color
Add-Content -Path $logFile -Value $message
}
try {
# 1. Test C$ Share
Log "`n[1/4] Testing access to C$ share..." "Cyan"
cmd.exe /c "net use \\$target\C$ /user:$username $plainPassword" | Out-Null
if ($LASTEXITCODE -eq 0) {
Log "Access to C$ share is working." "Green"
cmd.exe /c "net use \\$target\C$ /delete" | Out-Null
} else {
Log "Access to C$ share failed. Check credentials or firewall." "Red"
}
# 2. Remote Registry Access
Log "`n[2/4] Testing Remote Registry access..." "Cyan"
try {
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $target)
$subKey = $reg.OpenSubKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion")
$osName = $subKey.GetValue("ProductName")
if ($osName) {
Log "Remote Registry access is working (Detected OS: $osName)." "Green"
} else {
Log "Unable to read registry key." "Yellow"
}
} catch {
Log "Remote Registry access failed: $($_.Exception.Message)" "Red"
Log "Hint: Check 'RemoteRegistry' service and firewall (RPC)." "Yellow"
}
# 3. WMI Access Test (connection only)
Log "`n[3/4] Testing WMI access (connection only)..." "Cyan"
try {
$options = New-Object System.Management.ConnectionOptions
$options.Username = $username
$options.Password = $plainPassword
$options.EnablePrivileges = $true
$scope = New-Object System.Management.ManagementScope("\\$target\root\cimv2", $options)
$scope.Connect()
if ($scope.IsConnected) {
Log "WMI connection successful." "Green"
} else {
Log "WMI connection failed." "Red"
}
} catch {
Log "WMI connection failed: $($_.Exception.Message)" "Red"
Log "Hint: This simulates WBEMTest. WMI may be blocked by firewall, DCOM, or permissions." "Yellow"
}
# 4. Check Required Services
Log "`n[4/4] Checking required service states..." "Cyan"
$requiredServices = @("Winmgmt", "RemoteRegistry", "LanmanServer", "WinRM", "RpcSs")
$friendlyNames = @{
"LanmanServer" = "C$ (SMB File Sharing / LanmanServer)"
"RemoteRegistry" = "RPC (Remote Registry)"
"Winmgmt" = "WMI (Windows Management Instrumentation / Winmgmt)"
"WinRM" = "WinRM (Windows Remote Management / WinRM)"
"RpcSs" = "RPC Core (RPC Endpoint Mapper / RpcSs)"
}
try {
$services = Get-WmiObject -Class Win32_Service -ComputerName $target -Credential $creds |
Where-Object { $_.Name -in $requiredServices }
foreach ($svc in $services) {
$svcLabel = $friendlyNames[$svc.Name]
$svcStatus = "${svcLabel}: $($svc.State)"
if ($svc.State -eq "Running") {
Log $svcStatus "Green"
} else {
Log $svcStatus "Yellow"
}
}
} catch {
Log "Could not retrieve service status: $($_.Exception.Message)" "Red"
}
Log "`n=== Validation Completed ===" "Cyan"
Log "Results saved to: $logFile" "Yellow"
Read-Host "`nPress Enter to exit..."
} catch {
Write-Host "Unexpected error: $($_.Exception.Message)" -ForegroundColor Red
Read-Host "`nPress Enter to exit..."
}
How to Use It
1. Save and Run it as Admin
-
Save the script file as:
Block64_CredentialValidation.ps1 -
Right-click the file → Run with PowerShell
2. Enter the Details
You'll be prompted for:
-
The target IP or hostname
-
A username with remote access (domain or local)
-
Its password
3. Review the Results
The results will be shown in the console, and also saved to:
C:\Temp\Block64_CredentialValidation_YYYYMMDD_HHMMSS.txt
Example output:
[1/4] Testing access to C$ share...
Access to C$ share is working.
[2/4] Testing Remote Registry access...
Remote Registry access is working (Detected OS: Windows Server 2022).
[3/4] Testing WMI access (connection only)...
WMI connection successful.
[4/4] Checking required service states...
C$ (SMB File Sharing / LanmanServer): Running
RPC (Remote Registry): Running
RPC Core (RpcSs): Running
WMI (Winmgmt): Running
WinRM: Running
What It Validates
The script checks whether the credential can:
| Check | Description |
|---|---|
| C$ Share (SMB) | Access to the administrative share (\hostname\C$), used for agentless inventory |
| Remote Registry (RPC) | Read registry information remotely |
| WMI Connection | Establish a remote connection to root\cimv2 namespace (used for CPU, RAM, disk, OS info) |
| Service Status | Confirms that essential services required for scanning are running on the target system |
Services Checked
| Friendly Name | Actual Service Name | Purpose |
|---|---|---|
| C$ (SMB File Sharing) | LanmanServer | Enables Admin$ and file share access via SMB (used for credential validation and inventory) |
| RPC (Remote Registry) | RemoteRegistry | Allows remote registry access, used for software/hardware data collection |
| RPC Core | RpcSs | Core Windows service for Remote Procedure Call operations |
| WMI | Winmgmt | Enables WMI-based polling (CPU, RAM, Disk IOPS) |
| WinRM | WinRM | Leveraged by some tools as an alternative inventory method when WMI, SMB, or RPC are blocked. |
If Your Credential Fails
If your credential fails one or more validation steps, we recommend the following options to proceed:
Option 1: Create a Clean Local Admin Account
Use our guided script to create a secure local administrator account (block_svc) with proper remote capabilities:
Creating a Local Administrator with Remote Capabilities
This script sets up:
-
A local account with administrator privileges
-
Remote access support for SMB, WMI, and RPC
-
Proper firewall and policy settings (especially critical in non-domain or cloud-hosted environments)
Once created, re-run this validation script to confirm full access.
Option 2: Use a Domain-Limited Service Account
If your environment restricts the use of full local admin accounts, you can configure a domain-limited service account with only the required remote permissions.
Creating and Using a Limited Service Account
This method is suitable for:
-
Domain-joined environments
-
Scenarios where principle of least privilege must be enforced
-
Compliance-sensitive environments requiring tighter account control
Once created, re-run this validation script to confirm full access.
Requirements
-
PowerShell 5.1 or later
-
Must be run as Administrator
-
Remote services (WMI, RPC, SMB) must not be blocked by firewall or security tools
-
For local accounts on non-domain machines:
LocalAccountTokenFilterPolicy = 1is recommended
Support Notes
-
If WMI or Remote Registry tests fail, check firewall, DCOM, or that the services are running.
-
The script does not make any changes to the remote system—only reads and reports.
-
If issues persist, please share the saved output log when contacting support.