Comments (5)
Hi there,
This looks useful, I'll look to add it to the script. Feel free to make a pull request if you have time?
What country are you coming from to access my website? (I've blocked a few)
from adaudit.
I'm from Russia. I'll try to make a pull request at some point. In case you've blocked some countries you can tell me one you have not and I will try and check with VPN =)
from adaudit.
Yep Russia is on the list sorry, come from US VPN and you'll reach me.
from adaudit.
Yeah, site is opening with VPN, but there is only twitter =)
Btw cannot make a branch to put in new functions. So here are they
function Get-GPOEnum{#Loops GPOs for groups that have domain join permissions assigned and for NTLM settings
$AllowedJoin = @();
$DenyNTLM = @();
$AuditNTLM = @();
$NTLMAuthExceptions = @();
$AllGPOs = Get-GPO -All | sort DisplayName;
foreach ($GPO in $AllGPOs){
$GPOreport = Get-GPOReport -Guid $GPO.id -ReportType Xml;
#Look for GPO that allows join PC to domain
$permissionindex = $GPOreport.IndexOf('<q1:Name>SeMachineAccountPrivilege</q1:Name>');
if($permissionindex -gt 0){
$xmlreport = [xml]$GPOreport;
foreach ($member in (($xmlreport.GPO.Computer.ExtensionData.Extension.UserRightsAssignment | ? name -eq 'SeMachineAccountPrivilege').member) ){
$obj = New-Object -TypeName psobject;
$obj | Add-Member -MemberType NoteProperty -Name GPO -Value $GPO.DisplayName;
$obj | Add-Member -MemberType NoteProperty -Name SID -Value $member.sid.'#text';
$obj | Add-Member -MemberType NoteProperty -Name Name -Value $member.name.'#text';
$AllowedJoin += $obj;
}
}
#Look for GPO that denies NTLM
$permissionindex = $GPOreport.IndexOf('RestrictNTLMInDomain</q1:KeyName>');
if($permissionindex -gt 0){
$xmlreport = [xml]$GPOreport;
$value = $xmlreport.gpo.Computer.ExtensionData.Extension.SecurityOptions | ? keyname -Match 'RestrictNTLMInDomain';
$obj = New-Object -TypeName psobject;
$obj | Add-Member -MemberType NoteProperty -Name GPO -Value $GPO.DisplayName;
$obj | Add-Member -MemberType NoteProperty -Name Value -Value $value.Display.DisplayString;
$DenyNTLM += $obj;
}
#Look for GPO that audits NTLM
$permissionindex = $GPOreport.IndexOf('AuditNTLMInDomain</q1:KeyName>');
if($permissionindex -gt 0){
$xmlreport = [xml]$GPOreport;
$value = $xmlreport.gpo.Computer.ExtensionData.Extension.SecurityOptions | ? keyname -Match 'AuditNTLMInDomain';
$obj = New-Object -TypeName psobject;
$obj | Add-Member -MemberType NoteProperty -Name GPO -Value $GPO.DisplayName;
$obj | Add-Member -MemberType NoteProperty -Name Value -Value $value.Display.DisplayString;
$AuditNTLM += $obj;
}
#Look for GPO that allows NTLM exclusions
$permissionindex = $GPOreport.IndexOf('DCAllowedNTLMServers</q1:KeyName>');
if($permissionindex -gt 0){
$xmlreport = [xml]$GPOreport;
foreach ($member in (($xmlreport.gpo.Computer.ExtensionData.Extension.SecurityOptions | ? keyname -Match 'DCAllowedNTLMServers').SettingStrings.Value) ){
$NTLMAuthExceptions += $member;
}
}
}
#Output for join PC to domain
foreach($record in $AllowedJoin){
Write-Both " [+] GPO [$($record.GPO)] allows object [$($record.Name)] with SID [$($record.SID)] to join computers to domain"
}
#Output for deny NTLM
if($DenyNTLM.count -eq 0){
Write-Both " [!] NTLM authentication allowed in the domain"
}else{
foreach($record in $DenyNTLM){
Write-Both " [+] NTLM authentication restricted by GPO [$($record.gpo)] with value [$($record.value)]"
}
}
#Output for NTLM exceptions
if($NTLMAuthExceptions.count -ne 0){
Write-Both " [+] List of NTLM auth exceptions"
foreach($record in $NTLMAuthExceptions){
Write-Both " [-] $($record)"
}
}
#Output for NTLM audit
if($AuditNTLM.count -eq 0){
Write-Both " [!] NTLM audit is not enabled in the domain"
}else{
foreach($record in $DenyNTLM){
Write-Both " [+] NTLM audit enabled by GPO [$($record.gpo)] with value [$($record.value)]"
}
}
}
function Get-PrivelegedGroupMembership{#List Domain Admins, Enterprise Admins and Schema Admins members
$SchemaMemebers = Get-ADGroup 'Schema Admins' | Get-ADGroupMember;
$EnterpriseMemebers = Get-ADGroup 'Enterprise Admins' | Get-ADGroupMember;
$DomainAdminsMemebers = Get-ADGroup 'Domain Admins' | Get-ADGroupMember;
if($SchemaMemebers.count -ne 0){
Write-Both " [!] Schema Admins not empty!!!"
foreach($member in $SchemaMemebers){
Write-Both " [-] $($member.objectClass) $($member.name)"
}
}
if($EnterpriseMemebers.count -ne 0){
Write-Both " [!] Enterprise Admins not empty!!!"
foreach($member in $EnterpriseMemebers){
Write-Both " [-] $($member.objectClass) $($member.name)"
}
}
Write-Both " [+] Domain Admins members"
foreach($member in $DomainAdminsMemebers){
Write-Both " [-] $($member.objectClass) $($member.name)"
}
}
from adaudit.
Found out the way to do it correctly. Closing issue. Thanks
from adaudit.
Related Issues (20)
- I get this error below HOT 1
- Add in ntdsaudit
- Password Complexity returns incorrect result. HOT 1
- Get-Acl : The object name has bad syntax HOT 4
- Account created dates HOT 3
- adaudit.nessus HOT 1
- Fix for other languages HOT 2
- New checks HOT 1
- Include DSInternals? HOT 2
- Prepare for other languages
- GenericAll active directory HOT 1
- Result File HOT 1
- Active Directory Groups
- Inaccurate Inactive Account List HOT 2
- Administrators Group
- Azure headless AD cloud review
- Question about KB references HOT 1
- Disabled accounts taken into statistics HOT 2
- Method Not Found - op_Division HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adaudit.