Comments (8)
Good catch, @dzcmr. (No pun intended.) I see where/why that is happening in the mode 4 code. It's part of a try/catch block that needs to be scoped specifically to each fix or changed to a different confirmation method. Thanks for the feedback!
from locksmith.
@dzcmr What Powershell version are you using?
from locksmith.
Just 5, I can go back and get the minor version if you need
from locksmith.
Interesting! No need to get the minor version. I was curious if this was a 7.4.0 related issue, but nope!
from locksmith.
Hi @dzcmr! Would you mind running Invoke-Locksmith -Mode 3
and sending me a redacted version of the generated CSV file?
The reason I ask: Mode 4 doesn't currently auto-run fixes for all identified issues. So, the behavior you've described makes sense if you skipped the last fixable issue.
That being said, Locksmith should inform you if there are remaining issues that it is unable to fix.
from locksmith.
Hey, so this was the first issue it found (from a longish list) - It covered Auditing not being enabled, ESC1, ESC4, ESC5.
some of the ESC5s remain but I've manually fixed up everything else (except for auditing which isn't possible as it's not a real CA but a proxy CA - i.e. it appears like a CA but is not)
I can still send through a redacted output though if it helps.
from locksmith.
Interesting. Well, either way, the Locksmith team all agreed to change it anyway! Look for a different dialog soon. :D
from locksmith.
@dzcmr I started working on improving the Mode 4 confirmation dialog this morning and got a little carried away. If you've got a moment, would you mind testing the testing
branch?
from locksmith.
Related Issues (20)
- When There Are No Auditing, ESC1, ESC2, or ESC6 issues, Locksmith Dies When Creating Revert Script HOT 2
- False Positives in ESC4 from Incomplete Filtering HOT 1
- Objects with both Allow and Deny ACEs reports two issues in output
- AD Connect service account read access listed as ESC5 vulnerability HOT 3
- We're checking for Restricted Admin Mode twice
- Check Published Status for ESC1-5.
- Convert Manager Approval check to use bitwise math. HOT 1
- Duplicates in ESC4/5 Ownership Issues
- Add ESC4/5 Ownership Remediations to Mode 4. HOT 1
- Improve RSAT Installation Process HOT 2
- Remove Add-Member cmdlet from as many places as possible. HOT 2
- Improve Contrast Between Colored Text and Background HOT 3
- Update all functions to include comment-based help. HOT 1
- Establish Methodology for Criticality of Issues HOT 1
- msPKI-Certificate-Name-Flag check in ESC1-3 could result in false negatives
- Improve ESC4/5 checks with Effective Access instead of dumb checks
- ESC8 Identification is Incomplete HOT 7
- Improve ESC4 remediations to re-add Enroll/AutoEnroll ExtendedRight
- Private/Test-IsADAdmin.ps1 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from locksmith.