diff --git a/Build/Build-Module.ps1 b/Build/Build-Module.ps1 index beb54dbe..527ef384 100644 --- a/Build/Build-Module.ps1 +++ b/Build/Build-Module.ps1 @@ -32,7 +32,7 @@ Build-Module -ModuleName 'Locksmith' { ProjectUri = 'https://github.com/jakehildreth/Locksmith' IconUri = 'https://raw.githubusercontent.com/jakehildreth/Locksmith/main/Images/locksmith.ico' PowerShellVersion = '5.1' - Tags = @('Windows', 'Locksmith', 'CA', 'PKI', 'ActiveDirectory', 'CertificateServices', 'ADCS') + Tags = @('Locksmith', 'ActiveDirectory', 'ADCS', 'CA', 'Certificate', 'CertificateAuthority', 'CertificateServices', 'PKI', 'X509', 'Windows') } New-ConfigurationManifest @Manifest @@ -120,10 +120,16 @@ Build-Module -ModuleName 'Locksmith' { New-ConfigurationBuild -Enable:$true -SignModule:$false -DeleteTargetModuleBeforeBuild -MergeModuleOnBuild #-UseWildcardForFunctions $PreScriptMerge = { + [CmdletBinding(HelpUri = 'https://jakehildreth.github.io/Locksmith/Invoke-Locksmith')] param ( - [int]$Mode, + # The mode to run Locksmith in. Defaults to 0. + [Parameter(Mandatory = $false)] + [ValidateSet(0, 1, 2, 3, 4)] + [int]$Mode = 0, + + # The scans to run. Defaults to 'All'. [Parameter()] - [ValidateSet('Auditing','ESC1','ESC2','ESC3','ESC4','ESC5','ESC6','ESC8','ESC11','ESC13','ESC15','EKUwu','All','PromptMe')] + [ValidateSet('Auditing', 'ESC1', 'ESC2', 'ESC3', 'ESC4', 'ESC5', 'ESC6', 'ESC8', 'ESC11', 'ESC13', 'ESC15', 'EKUwu', 'All', 'PromptMe')] [array]$Scans = 'All' ) } diff --git a/Docs/requirements.txt b/Docs/requirements.txt index 10179c9f..a384e051 100644 --- a/Docs/requirements.txt +++ b/Docs/requirements.txt @@ -1,6 +1,6 @@ # https://github.com/readthedocs-examples/example-mkdocs-basic/blob/main/docs/requirements.txt # requirements.txt -jinja2==3.1.4 #https://pypi.org/project/Jinja2/ +jinja2==3.1.5 #https://pypi.org/project/Jinja2/ mkdocs>=1.6.0 #https://github.com/mkdocs/mkdocs mkdocs-material==9.5.25 #https://github.com/squidfunk/mkdocs-material pygments>=2.18.0 #https://pypi.org/project/Pygments/ diff --git a/Invoke-Locksmith.ps1 b/Invoke-Locksmith.ps1 index 783ec8c3..375745de 100644 --- a/Invoke-Locksmith.ps1 +++ b/Invoke-Locksmith.ps1 @@ -1,5 +1,11 @@ -param ( - [int]$Mode, +[CmdletBinding(HelpUri = 'https://jakehildreth.github.io/Locksmith/Invoke-Locksmith')] +param ( + # The mode to run Locksmith in. Defaults to 0. + [Parameter(Mandatory = $false)] + [ValidateSet(0, 1, 2, 3, 4)] + [int]$Mode = 0, + + # The scans to run. Defaults to 'All'. [Parameter()] [ValidateSet('Auditing', 'ESC1', 'ESC2', 'ESC3', 'ESC4', 'ESC5', 'ESC6', 'ESC8', 'ESC11', 'ESC13', 'ESC15', 'EKUwu', 'All', 'PromptMe')] [array]$Scans = 'All' @@ -581,7 +587,7 @@ More info: Step 1: Open an elevated Powershell session as an AD or PKI Admin Step 2: Run Unpublish-SchemaV1Templates.ps1 #> -Invoke-WebRequest -Uri https://bit.ly/Fix-ESC15 | Invoke-Expression +Invoke-WebRequest -Uri https://gist.githubusercontent.com/jakehildreth/13c7d615adc905d317fc4379026ad28e/raw/Unpublish-SchemaV1Templates.ps1 | Invoke-Expression "@ Revert = '[TODO]' @@ -2900,11 +2906,16 @@ function Set-AdditionalCAProperty { $CAHostDistinguishedName = (Get-ADObject -Filter { (Name -eq $CAHostName) -and (objectclass -eq 'computer') } -Server $ForestGC ).DistinguishedName $CAHostFQDN = (Get-ADObject -Filter { (Name -eq $CAHostName) -and (objectclass -eq 'computer') } -Properties DnsHostname -Server $ForestGC).DnsHostname } - $ping = Test-Connection -ComputerName $CAHostFQDN -Quiet -Count 1 + $ping = if ($CAHostFQDN) { + Test-Connection -ComputerName $CAHostFQDN -Count 1 -Quiet + } + else { + Write-Warning "Unable to resolve $($_.Name) Fully Qualified Domain Name (FQDN)" + } if ($ping) { try { if ($Credential) { - $CertutilAudit = Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { param($CAFullName); certutil -config $CAFullName -getreg CA\AuditFilter } -ArgumentList $CAFullName + $CertutilAudit = Invoke-Command -ComputerName $CAHostFQDN -Credential $Credential -ScriptBlock { certutil -config $using:CAFullName -getreg CA\AuditFilter } } else { $CertutilAudit = certutil -config $CAFullName -getreg CA\AuditFilter @@ -2915,7 +2926,7 @@ function Set-AdditionalCAProperty { } try { if ($Credential) { - $CertutilFlag = Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { param($CAFullName); certutil -config $CAFullName -getreg policy\EditFlags } -ArgumentList $CAFullName + $CertutilFlag = Invoke-Command -ComputerName $CAHostFQDN -Credential $Credential -ScriptBlock { certutil -config $using:CAFullName -getreg policy\EditFlags } } else { $CertutilFlag = certutil -config $CAFullName -getreg policy\EditFlags @@ -2926,7 +2937,7 @@ function Set-AdditionalCAProperty { } try { if ($Credential) { - $CertutilInterfaceFlag = Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { param($CAFullName); certutil -config $CAFullName -getreg CA\InterfaceFlags } -ArgumentList $CAFullName + $CertutilInterfaceFlag = Invoke-Command -ComputerName $CAHostFQDN -Credential $Credential -ScriptBlock { certutil -config $using:CAFullName -getreg CA\InterfaceFlags } } else { $CertutilInterfaceFlag = certutil -config $CAFullName -getreg CA\InterfaceFlags @@ -4390,7 +4401,7 @@ function Invoke-Locksmith { [System.Management.Automation.PSCredential]$Credential ) - $Version = '2025.2.22' + $Version = '2025.4.20' $LogoPart1 = @' _ _____ _______ _ _ _______ _______ _____ _______ _ _ | | | | |____/ |______ | | | | | |_____| diff --git a/Locksmith.psd1 b/Locksmith.psd1 index b350ddc7..d6c714dc 100644 --- a/Locksmith.psd1 +++ b/Locksmith.psd1 @@ -8,14 +8,14 @@ FunctionsToExport = 'Invoke-Locksmith' GUID = 'b1325b42-8dc4-4f17-aa1f-dcb5984ca14a' HelpInfoURI = 'https://raw.githubusercontent.com/jakehildreth/Locksmith/main/en-US/' - ModuleVersion = '2025.2.22' + ModuleVersion = '2025.4.20' PowerShellVersion = '5.1' PrivateData = @{ PSData = @{ ExternalModuleDependencies = @('ActiveDirectory', 'ServerManager', 'Microsoft.PowerShell.Utility', 'Microsoft.PowerShell.LocalAccounts', 'Microsoft.PowerShell.Management', 'Microsoft.PowerShell.Security', 'CimCmdlets', 'Dism') IconUri = 'https://raw.githubusercontent.com/jakehildreth/Locksmith/main/Images/locksmith.ico' ProjectUri = 'https://github.com/jakehildreth/Locksmith' - Tags = @('Windows', 'Locksmith', 'CA', 'PKI', 'ActiveDirectory', 'CertificateServices', 'ADCS') + Tags = @('Locksmith', 'ActiveDirectory', 'ADCS', 'CA', 'Certificate', 'CertificateAuthority', 'CertificateServices', 'PKI', 'X509', 'Windows') } } RequiredModules = @('ActiveDirectory', 'ServerManager', 'Microsoft.PowerShell.Utility', 'Microsoft.PowerShell.LocalAccounts', 'Microsoft.PowerShell.Management', 'Microsoft.PowerShell.Security', 'CimCmdlets', 'Dism') diff --git a/Private/Find-ESC15.ps1 b/Private/Find-ESC15.ps1 index 9654cacd..ba99bb7a 100644 --- a/Private/Find-ESC15.ps1 +++ b/Private/Find-ESC15.ps1 @@ -82,7 +82,7 @@ More info: Step 1: Open an elevated Powershell session as an AD or PKI Admin Step 2: Run Unpublish-SchemaV1Templates.ps1 #> -Invoke-WebRequest -Uri https://bit.ly/Fix-ESC15 | Invoke-Expression +Invoke-WebRequest -Uri https://gist.githubusercontent.com/jakehildreth/13c7d615adc905d317fc4379026ad28e/raw/Unpublish-SchemaV1Templates.ps1 | Invoke-Expression "@ Revert = '[TODO]' diff --git a/Private/Set-AdditionalCAProperty.ps1 b/Private/Set-AdditionalCAProperty.ps1 index a4fe817f..ca668740 100644 --- a/Private/Set-AdditionalCAProperty.ps1 +++ b/Private/Set-AdditionalCAProperty.ps1 @@ -127,11 +127,11 @@ $CAHostDistinguishedName = (Get-ADObject -Filter { (Name -eq $CAHostName) -and (objectclass -eq 'computer') } -Server $ForestGC ).DistinguishedName $CAHostFQDN = (Get-ADObject -Filter { (Name -eq $CAHostName) -and (objectclass -eq 'computer') } -Properties DnsHostname -Server $ForestGC).DnsHostname } - $ping = Test-Connection -ComputerName $CAHostFQDN -Quiet -Count 1 + $ping = if ($CAHostFQDN) { Test-Connection -ComputerName $CAHostFQDN -Count 1 -Quiet } else { Write-Warning "Unable to resolve $($_.Name) Fully Qualified Domain Name (FQDN)" } if ($ping) { try { if ($Credential) { - $CertutilAudit = Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { param($CAFullName); certutil -config $CAFullName -getreg CA\AuditFilter } -ArgumentList $CAFullName + $CertutilAudit = Invoke-Command -ComputerName $CAHostFQDN -Credential $Credential -ScriptBlock { certutil -config $using:CAFullName -getreg CA\AuditFilter } } else { $CertutilAudit = certutil -config $CAFullName -getreg CA\AuditFilter } @@ -140,7 +140,7 @@ } try { if ($Credential) { - $CertutilFlag = Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { param($CAFullName); certutil -config $CAFullName -getreg policy\EditFlags } -ArgumentList $CAFullName + $CertutilFlag = Invoke-Command -ComputerName $CAHostFQDN -Credential $Credential -ScriptBlock { certutil -config $using:CAFullName -getreg policy\EditFlags } } else { $CertutilFlag = certutil -config $CAFullName -getreg policy\EditFlags } @@ -149,7 +149,7 @@ } try { if ($Credential) { - $CertutilInterfaceFlag = Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { param($CAFullName); certutil -config $CAFullName -getreg CA\InterfaceFlags } -ArgumentList $CAFullName + $CertutilInterfaceFlag = Invoke-Command -ComputerName $CAHostFQDN -Credential $Credential -ScriptBlock { certutil -config $using:CAFullName -getreg CA\InterfaceFlags } } else { $CertutilInterfaceFlag = certutil -config $CAFullName -getreg CA\InterfaceFlags }