@jim-jones
Sign in to post a link or comment!
Killian commented on
Perform Active Directory security assessment using PowerShell 1 week, 4 days agoAh, of course, forgot I'd need to expand the list of properties. Used that and have now resolved them all and documented them just incase.
Thanks again.
-
Killian commented on
Perform Active Directory security assessment using PowerShell 1 week, 4 days agoThank you for this, it's really helpful and puts my mind at ease to see a lot of green. I do have a query with regards to the 'Users with Password Not Required' line though. My report found;
10,000 odd Total Users
3000 enabled
7000 disabled
1100 inactive (how many days does it use for inactivity out of interest?)
6000 users with password not requiredIt's that last line that concerns me but looking into the script it's looking at all users where 'passwordnotrequired -eq $true'. I've ran that myself with get-aduser -filter * | where {$_.PasswordNotRequired -eq $true} and I get 0 results (which I'd expect). Any thoughts on why it's pulling 6000 as part of the wider script?
-
Hello Krishnamoorthi,
I took your config.ini files and put it to the same location:
PS C:ADcheck> dirDirectory: C:ADcheck
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/8/2022 11:31 AM 33181 AD_SecurityCheck.ps1
-a---- 1/11/2022 7:54 AM 241 Config.ini.txt
-a---- 1/11/2022 7:54 AM 866 Log11_01_2022-07_54_25.log
-a---- 1/11/2022 7:54 AM 15543 Reports11_01_2022-07_54_25.htmPS C:ADcheck>
Result:
PS C:ADcheck> .AD_SecurityCheck.ps1
Cannot find path 'C:ADcheckConfig.ini' because it does not exist.
At C:ADcheckAD_SecurityCheck.ps1:43 char:25
+ switch -regex -file $FilePath
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:ADcheckConfig.ini:String) [], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFoundYou cannot call a method on a null-valued expression.
At C:ADcheckAD_SecurityCheck.ps1:82 char:1I have even tried to copy config.ini to C: root, but no success. And thats why I am wondering, why that issue is.
Thank youTomas
-
Hello Michael,
-the script uses hard variables which limits it to DCs in English
-the try catch method is not efficient to return error
-an AD module can be injected in order to be able to launch the script without prerequisite and from client
-I even thought to make a simple GUI interface which displays the result and allows advance configuration .ini
but like I said? is there more interest than pingCastel -
Jonathan Droesch commented on
Perform Active Directory security assessment using PowerShell 1 week, 4 days agoHello guys,what a nice script, I just noticed a little error in the variable of RID master.
Can you please edit the line 551 with $domaininfo.RIDMaster instead of $domaininfo.DomainMode ?Thanks
-
Too young, we've to wait the SP1 or something like that.
-
Hello,
I am no as good as I expected in PowerShell, I was try to run script but cannot go trough this:
Cannot find path 'C:ADcheckConfig.ini' because it does not exist.Even that file is on expected path, no success. And I think this is, what stopped me from running it.
I will appreciate any advices.
Thank you
Tomas -
sorry, I'm not using -ComputerName, but -HostName 😉
-
Hi! Thanks for this post, very useful.
When I try to connect (Windows 10 -> Linux (synology nas)), using this command:
$s = New-PSSession -ComputerName myComputer -UserName userName -Port sshPortIt ask me the password and then I have the following error message:
OpenError: [192.168.0.10] The background process reported an error with the following message: The SSH client session has ended with error message: subsystem request failed on channel 0.Any idea why? (I didn't install anything on my Synology NAS, but activated ssh in the settings and I'm able to ssh using the standard command 'ssh username@ipaddress -p sshPort')
-
Hi,
First thanks you for your script and for sharing, it is a aood idea, i tested it and every things work fine,
i made also same adjustement, but i hesitate to contribute if it's worth it, because i wonder if pingcastle doesn't do the same with more details. -
Tom Hundt commented on
Change PowerShell console syntax highlighting colors of PSReadLine 2 weeks agoIn the upcoming world of 2022, I had to do this nonsense to set colors that work with a black Fluent Terminal background:
Get-PSReadlineOption # list all. (alias: just 'psreadlineoption') Set-PSReadLineOption -Colors @{ "Command"="White" } Set-PSReadLineOption -Colors @{ "Operator"="DarkBlue" } Set-PSReadLineOption -Colors @{ "String"="Yellow" } Set-PSReadLineOption -Colors @{ "Parameter"="Blue" } Set-PSReadLineOption -Colors @{ "Comment"="Gray" } # which syntax I found here: get-help Set-PSReadLineOption -examples -
David Ekstrom commented on
Perform Active Directory security assessment using PowerShell 2 weeks agoFound the answer by Googling it. Apparently in Github, you have to choose the "Raw" button. If you try to download the file, a bunch of Github junk comes down with the file.
-
David Ekstrom commented on
Perform Active Directory security assessment using PowerShell 2 weeks agoGetting a ton of these types of errors
t C:UsersDesktopAD_SecurityCheck.ps1:261 char:138
+ ... -primary text-bold py-2" data-hydro-click="{"event_type":&q ...
+ ~
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an
ampersand in double quotation marks ("&") to pass it as part of a string.
At C:UsersMFAdminDesktopAD_SecurityCheck.ps1:261 char:145
+ ... y text-bold py-2" data-hydro-click="{"event_type":"ana ...
+ ~
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an
ampersand in double quotation marks ("&") to pass it as part of a string. -
I have tried clicking on a few of the links and either I get a 404 error or they just don't work at all.
Thanks for at least posting it seems like it would help out.
-
You know I am not trying to sound like a jerk, but I didn't see your previous post.
Is there something wrong with posting it again? Not everyone posts or replies
at the same time. Plus we do miss posts. But that's ok I will just ask some of your other colleague's who probably wouldn't mind assisting me. -
Brandon commented on
Perform Active Directory security assessment using PowerShell 2 weeks, 1 day agops1:45 char:15
“^[(.+)]†-
Trubar commented on
Perform Active Directory security assessment using PowerShell 2 weeks, 1 day agoLooks nice.. but yeah got errors also.. And got no idea what it should be...
At C:InstallAD_Securitycheck.ps1:46 char:15 + �^[(.+)]� # Section + ~ Missing statement block in switch statement clause. At C:InstallAD_Securitycheck.ps1:46 char:19 + �^[(.+)]� # Section + ~ Missing statement block in switch statement clause. At C:InstallAD_Securitycheck.ps1:52 char:13 + �^(;.*)$� # Comment + ~ Missing statement block in switch statement clause. At C:InstallAD_Securitycheck.ps1:52 char:14 + �^(;.*)$� # Comment + ~ An expression was expected after '('. At C:InstallAD_Securitycheck.ps1:52 char:14 + �^(;.*)$� # Comment + ~ Missing closing ')' in expression. At C:InstallAD_Securitycheck.ps1:52 char:14 + �^(;.*)$� # Comment + ~ Missing statement block in switch statement clause. At C:InstallAD_Securitycheck.ps1:52 char:17 + �^(;.*)$� # Comment + ~ Missing statement block in switch statement clause. At C:InstallAD_Securitycheck.ps1:52 char:17 + �^(;.*)$� # Comment + ~ Missing condition in switch statement clause. At C:InstallAD_Securitycheck.ps1:42 char:1 + { + ~ Missing closing '}' in statement block or type definition. At C:InstallAD_Securitycheck.ps1:52 char:17 + �^(;.*)$� # Comment + ~ Unexpected token ')' in expression or statement. Not all parse errors were reported. Correct the reported errors and try again. + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : MissingSwitchStatementClause -
PS C:userswrdownloads> .AD_SecurityCheck.ps1 At C:userswrdownloadsAD_SecurityCheck.ps1:46 char:15 + �^[(.+)]� # Section + ~ Missing statement block in switch statement clause. At C:userswrdownloadsAD_SecurityCheck.ps1:46 char:19 + �^[(.+)]� # Section + ~ Missing statement block in switch statement clause. At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:13 + �^(;.*)$� # Comment + ~ Missing statement block in switch statement clause. At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:14 + �^(;.*)$� # Comment + ~ An expression was expected after '('. At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:14 + �^(;.*)$� # Comment + ~ Missing closing ')' in expression. At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:14 + �^(;.*)$� # Comment + ~ Missing statement block in switch statement clause. At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:17 + �^(;.*)$� # Comment + ~ Missing statement block in switch statement clause. At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:17 + �^(;.*)$� # Comment + ~ Missing condition in switch statement clause. At C:userswrdownloadsAD_SecurityCheck.ps1:42 char:1 + { + ~ Missing closing '}' in statement block or type definition. At C:userswridownloadsAD_SecurityCheck.ps1:52 char:17 + �^(;.*)$� # Comment -
JustMe commented on
Perform Active Directory security assessment using PowerShell 2 weeks, 1 day agoYou need to replace � with "
and ofcourse create a config.ini -
I posted the errors in a previous post.
- Load More
