├── ADSecurityCheckList.ps1 ├── AddRemoveMembersInGroups.ps1 ├── Check-TLS-1.2.ps1 ├── DFSRCheck.ps1 ├── GET-SearchGroupMembers.ps1 ├── Get-LoggedUser.ps1 ├── Import-Bulk-Users.ps1 ├── Set-TLS-1.2.ps1 ├── Test-NetConnection-PortRange.ps1 └── Test-NetConnection.ps1 /ADSecurityCheckList.ps1: -------------------------------------------------------------------------------- 1 | $path="C:\ADSecurityCheckList" 2 | Write-Host "Checking C:\ADSecurityCheckList Folder Exist" -ForegroundColor Blue 3 | 4 | if(Test-Path -Path $path){ 5 | Write-Host "Path exist" -ForegroundColor Green 6 | 7 | 8 | } 9 | else{ 10 | 11 | write-host "Path not exist" -ForegroundColor Red 12 | write-host "Path is creating" -ForegroundColoR Blue 13 | md $path 14 | } 15 | 16 | $date = Get-Date -UFormat %d%m%Y 17 | if(Test-Path -Path $path\$date){ 18 | Write-Host "Path exist" -ForegroundColor Green 19 | 20 | 21 | } 22 | else{ 23 | 24 | write-host "Path not exist" -ForegroundColor Red 25 | write-host "Path is creating" -ForegroundColoR Blue 26 | md $path\$date 27 | } 28 | 29 | $finalpath="$path\$date" 30 | Write-Host "$finalpath created" -ForegroundColor Blue 31 | 32 | "---All Object In Active Directory---" > $finalpath\1-AllObject.csv 33 | (Get-ADObject -filter * -Properties *).count >> $finalpath\1-AllObject.csv 34 | 35 | "---All User In Active Directory---" >$finalpath\2-AllUser.csv 36 | (Get-Aduser -Filter * -Properties *).count >>$finalpath\2-AllUser.csv 37 | 38 | "---Disable Users In Active Directory---" >$finalpath\3-DisableUser.csv 39 | $disableuser=Get-ADUser -Filter {enabled -eq $false} | select Name,SamaccountName,SID >>$finalpath\3-DisableUser.csv 40 | 41 | 42 | "---Inactive Users In Active Directory---" >$finalpath\4-InactiveUser.csv 43 | $inactiveuser=Get-ADUser -Filter {-not ( lastlogontimestamp -like "*") -and (enabled -eq $true)} | select Name,SamaccountName,SID >>$finalpath\4-InactiveUser.csv 44 | 45 | "---Admin Count 1 Users In Active Directory---" >$finalpath\5-admincount.csv 46 | $admincount=Get-ADUser -Filter {admincount -eq 1} | select Name,SamaccountName,SID >>$finalpath\5-admincount.csv 47 | 48 | "---Password Never Expire Users In Active Directory---" >$finalpath\6-PasswordNeverExpireUser.csv 49 | $passwordneverexpire=Get-ADUser -Filter {PasswordNeverExpires -eq $true} | select Name,SamaccountName,SID >>$finalpath\6-PasswordNeverExpireUser.csv 50 | 51 | "---Password Not Require Users In Active Directory---" >$finalpath\7-PasswordNotRequiredUser.csv 52 | $passwordnotrequired= Get-ADUser -Filter {passwordnotrequired -eq $true} | select Name,SamaccountName,SID >>$finalpath\7-PasswordNotRequiredUser.csv 53 | 54 | "---Kerberos DES Encryption Enabled Users In Active Directory---" >$finalpath\8-DesEnabledUser.csv 55 | $desenabled=Get-ADUser -Filter {UserAccountControl -band 0x200000} >>$finalpath\8-DesEnabledUser.csv 56 | 57 | 58 | "---Admin Count 1(Privilige Users) and AccountNotDelegated Users In Active Directory---" >$finalpath\9-SensitiveNotDelegatedUser.csv 59 | $sensitiveandnotdelegated=Get-ADUser -Filter {(AdminCount -eq 1) -and (AccountNotDelegated -eq $false)} | Select-Object Samaccountname >>$finalpath\9-SensitiveNotDelegatedUser.csv 60 | 61 | "---Users Dont Require Kerberos Pre Auth In Active Directory---" >$finalpath\10-DontPreKreAuthUser.csv 62 | $notkrepreauthent=Get-ADUser -Filter {UserAccountControl -band 4194304}| Select-Object SamaccountName >>$finalpath\10-DontPreKreAuthUser.csv 63 | 64 | 65 | $sid = (Get-ADDomain).domainsid 66 | $sid500 = $sid.ToString() + "-500" 67 | 68 | "---RID 500 Account (Administrator) In Active Directory---" >$finalpath\11-AdministratorAccount.csv 69 | $administrator=Get-ADUser -Identity $sid500 -Properties * |select name,samaccountname,PasswordLastSet >>$finalpath\11-AdministratorAccount.csv 70 | 71 | 72 | $sid501=$sid.ToString() + "-501" 73 | "---RID 501 Account (Guest) In Active Directory---" >$finalpath\12-GuestAccount.csv 74 | $guest= Get-ADUser -Identity $sid501 |select name,samaccountname,PasswordLastSet >>$finalpath\12-GuestAccount.csv 75 | 76 | 77 | 78 | "---All Computers In Active Directory---" >$finalpath\13-Allcomputer.csv 79 | (Get-Adcomputer -Filter * -Properties *).count >>$finalpath\13-Allcomputer.csv 80 | 81 | "---Disable Computers In Active Directory---" >$finalpath\14-DisableComputers.csv 82 | $disablecomputer=Get-ADcomputer -Filter {enabled -eq $false} | select Name,SamaccountName,SID >>$finalpath\14-DisableComputers.csv 83 | 84 | "---Password Not Required Computers In Active Directory---" >$finalpath\15-PasswordNotrequiredComputers.csv 85 | $passwordnotrequired= Get-ADcomputer -Filter {passwordnotrequired -eq $true} | select Name,SamaccountName,SID >>$finalpath\15-PasswordNotrequiredComputers.csv 86 | 87 | 88 | 89 | "---Domain Admins Group Members ---" >$finalpath\16-domainadmins.csv 90 | $domainadmins=Get-ADGroupMember -Identity "Domain Admins" -Recursive |select name,samaccountname,objectClass >>$finalpath\16-domainadmins.csv 91 | 92 | "---Enterprise Admins Group Members ---" > $finalpath\17-enterpriseadmins.csv 93 | $enterpriseadmins=Get-ADGroupMember -Identity "Enterprise Admins" -Recursive |select name,samaccountname,objectClass >> $finalpath\17-enterpriseadmins.csv 94 | 95 | "---Schema Admins Group Members ---" >$finalpath\18-schemaadmins.csv 96 | $schemaadmins=Get-ADGroupMember -Identity "Schema Admins" -Recursive |select name,samaccountname,objectClass >> $finalpath\18-schemaadmins.csv 97 | 98 | "---Administrators Group Members ---" >$finalpath\19-administrators.csv 99 | $administrators=Get-ADGroupMember -Identity "Administrators" -Recursive |select name,samaccountname,objectClass >> $finalpath\19-administrators.csv 100 | 101 | "---Backup Operators Group Members ---" >$finalpath\20-backupoperators.csv 102 | $backupoperators=Get-ADGroupMember -Identity "Backup Operators" -Recursive |select name,samaccountname,objectClass >> $finalpath\20-backupoperators.csv 103 | 104 | "---Print Operators Group Members ---" >$finalpath\21-printoperators.csv 105 | $printoperators=Get-ADGroupMember -Identity "Print Operators" -Recursive |select name,samaccountname,objectClass >> $finalpath\21-printoperators.csv 106 | 107 | "---Server Operators Group Members ---" >$finalpath\22-serveroperators.csv 108 | $serveroperators=Get-ADGroupMember -Identity "Server Operators" -Recursive |select name,samaccountname,objectClass >> $finalpath\22-serveroperators.csv 109 | 110 | "---Group Policy Creator Owners Group Members ---" >$finalpath\23-gpocreator.csv 111 | $gpocreator=Get-ADGroupMember -Identity "Group Policy Creator Owners" -Recursive |select name,samaccountname,objectClass >> $finalpath\23-gpocreator.csv 112 | 113 | "---Protected Users Group Members ---" >$finalpath\24-protectedusers.csv 114 | $protectedusers=Get-ADGroupMember -Identity "Protected Users" -Recursive |select name,samaccountname,objectClass >> $finalpath\24-protectedusers.csv 115 | "No NTLM , DES or RC4 not Using , TGT 4 hours" >>$finalpath\24-protectedusers.csv 116 | 117 | "---Empty Group ---" >$finalpath\25-emptygroup.csv 118 | $emptygroup=Get-ADGroup -LDAPFilter "(!(member=*))" | select Name >> $finalpath\25-emptygroup.csv 119 | 120 | 121 | 122 | "---KRBTGT Account Details ---" >$finalpath\26-krbtgt.csv 123 | $krbtgt=Get-ADUser -Identity "krbtgt" -Properties * | select name,samaccountname,passwordlastset >> $finalpath\26-krbtgt.csv 124 | 125 | "---SMB V1 ---" > $finalpath\27-smbv1.csv 126 | $smb1control=Get-SmbServerConfiguration |select EnableSMB1Protocol >> $finalpath\27-smbv1.csv 127 | "False Meaning: SMBV1 Not Installed" >> $finalpath\27-smbv1.csv 128 | 129 | 130 | "---Latest Update Date ---" >$finalpath\28-update.csv 131 | $updatedate=Get-HotFix | Sort-Object InstalledOn -Descending | select Description,HotFixID,InstalledOn -First 1 >> $finalpath\28-update.csv 132 | 133 | 134 | "---Last Boot Time ---" >$finalpath\29-lastboottime.csv 135 | $lastboottime=Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime >> $finalpath\29-lastboottime.csv 136 | 137 | 138 | 139 | 140 | 141 | $protectedusersdisting=(Get-ADGroup "Protected Users").distinguishedname 142 | 143 | "---Admin Count 1 User in Protected Users Groups ---" >$finalpath\30-AdminUserinProtectedUser.csv 144 | $adminusersforprotected=Get-ADUser -LDAPFilter '(adminCount=1)' -Properties samaccountname,memberof |Where-Object {($_.MemberOf -contains $protectedusersdisting)} | Select-Object Samaccountname >>$finalpath\30-AdminUserinProtectedUser.csv 145 | "No NTLM , DES or RC4 not Using , TGT 4 hours" >>$finalpath\30-AdminUserinProtectedUser.csv 146 | 147 | $admincount1user=(Get-ADUser -LDAPFilter '(adminCount=1)').count 148 | 149 | "---Admin Count 1 User Not in Protected Users Groups ---" >$finalpath\31-AdminUsernotinProtectedUser.csv 150 | $adminusersfornotprotected=Get-ADUser -LDAPFilter '(adminCount=1)' -Properties samaccountname,memberof |Where-Object {($_.MemberOf -notcontains $protectedusersdisting)} | Select-Object Samaccountname >>$finalpath\31-AdminUsernotinProtectedUser.csv 151 | "No NTLM , DES or RC4 not Using , TGT 4 hours" >>$finalpath\31-AdminUsernotinProtectedUser.csv 152 | 153 | "---Public Firewall Status---" >$finalpath\32-firewallpublic.csv 154 | $publicfirewall=Get-NetFirewallProfile |where {$_.Name -like "Public" }|select name,Enabled,DefaultInboundAction,DefaultOutboundAction >> $finalpath\32-firewallpublic.csv 155 | "Enabled, Inbound Block , Outbound Allow MS Baseline suggesstion">> $finalpath\32-firewallpublic.csv 156 | 157 | "---Private Firewall Status---" >$finalpath\33-firewallprivate.csv 158 | $privatefirewall=Get-NetFirewallProfile |where {$_.Name -like "Private" }|select name,Enabled,DefaultInboundAction,DefaultOutboundAction >> $finalpath\33-firewallprivate.csv 159 | "Enabled, Inbound Block , Outbound Allow MS Baseline suggesstion" >> $finalpath\33-firewallprivate.csv 160 | 161 | "---Domain Firewall Status---" >$finalpath\34-firewalldomain.csv 162 | $Domainfirewall=Get-NetFirewallProfile |where {$_.Name -like "Domain" }|select name,Enabled,DefaultInboundAction,DefaultOutboundAction >> $finalpath\34-firewalldomain.csv 163 | "Enabled, Inbound Block , Outbound Allow MS Baseline suggesstion" >> $finalpath\34-firewalldomain.csv 164 | 165 | 166 | $domains = (Get-ADForest).Domains 167 | 168 | "---All Domain Controllers Count ---" >$finalpath\35-domaincontrollers.csv 169 | $domainControllers = (($domains | foreach { Get-ADDomainController -Server $_ -Filter * }).HostName).count >> $finalpath\35-domaincontrollers.csv 170 | 171 | "---Recyle Bin Status ---" >$finalpath\36-recylebin.csv 172 | $recyclebin=(Get-ADOptionalFeature -Filter 'name -like "Recycle Bin Feature"' -Properties *).EnabledScopes >> $finalpath\36-recylebin.csv 173 | 174 | "---Domain Mode ---" >$finalpath\37-DomainMode.csv 175 | $domainmode=Get-ADDomain | Select-Object DomainMode >> $finalpath\37-DomainMode.csv 176 | 177 | "---Forest Mode ---" >$finalpath\38-ForestMode.csv 178 | $forestmode=get-adforest | Select-Object ForestMode >> $finalpath\38-ForestMode.csv 179 | 180 | "---Spooler Service Status ---" >$finalpath\39-SpoolerService.csv 181 | $spoolerservice=Get-Service -Name Spooler | select Status >> $finalpath\39-SpoolerService.csv 182 | 183 | "---All Gpo Count ---" >$finalpath\40-AllGpo.csv 184 | $allgpo=(Get-GPO -All).count >> $finalpath\40-AllGpo.csv 185 | 186 | "---UnLinked Gpo's ---" >$finalpath\41-UnlinkedGpo.csv 187 | $unlinkedgpo=Get-GPO -All |Where-Object { $_ | Get-GPOReport -ReportType XML| Select-String -NotMatch ">"} | select DisplayName >> $finalpath\41-UnlinkedGpo.csv 188 | 189 | 190 | "---Fine Grained Password Policy ---" >$finalpath\42-FineGrainedPolicy.csv 191 | $finegrainedpolicy=Get-ADFineGrainedPasswordPolicy -Filter * | select Name >> $finalpath\42-FineGrainedPolicy.csv 192 | 193 | 194 | "---Audit Policy Config ---" > $finalpath\43-AuditPolicyConfig.csv 195 | $auditpolicyconfig=auditpol /get /category:* >> $finalpath\43-AuditPolicyConfig.csv 196 | 197 | 198 | "MS Baseline Suggestion Audit Policy"> $finalpath\43-BaselineAuditPolicyConfigSuggestion.csv 199 | "Account Logon Audit Credential Validation Success and Failure 200 | Account Management Audit Computer Account Management Success 201 | Account Management Audit Other Account Management Events Success 202 | Account Management Audit Security Group Management Success 203 | Account Management Audit User Account Management Success and Failure 204 | Detailed Tracking Audit PNP Activity Success 205 | Detailed Tracking Audit Process Creation Success 206 | DS Access Audit Directory Service Access Success and Failure 207 | DS Access Audit Directory Service Changes Success and Failure 208 | Logon/Logoff Audit Account Lockout Failure 209 | Logon/Logoff Audit Group Membership Success 210 | Logon/Logoff Audit Logon Success and Failure 211 | Logon/Logoff Audit Other Logon/Logoff Events Success and Failure 212 | Logon/Logoff Audit Special Logon Success 213 | Object Access Audit Detailed File Share Failure 214 | Object Access Audit File Share Success and Failure 215 | Object Access Audit Other Object Access Events Success and Failure 216 | Object Access Audit Removable Storage Success and Failure 217 | Policy Change Audit Audit Policy Change Success 218 | Policy Change Audit Authentication Policy Change Success 219 | Policy Change Audit MPSSVC Rule-Level Policy Change Success and Failure 220 | Policy Change Audit Other Policy Change Events Failure 221 | Privilege Use Audit Sensitive Privilege Use Success and Failure 222 | System Audit Other System Events Success and Failure 223 | System Audit Security State Change Success 224 | System Audit Security System Extension Success 225 | System Audit System Integrity Success and Failure" >> $finalpath\43-BaselineAuditPolicyConfigSuggestion.csv 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | "Duplicate SPN Checking"> $finalpath\44-DuplicateSPN.csv 237 | $dublicatespn=Setspn -x -f >> $finalpath\44-DuplicateSPN.csv 238 | 239 | 240 | 241 | "SMB Share on Domain Controller">$finalpath\45-SMBShare.csv 242 | $smbshare=get-smbshare | select name,path >> $finalpath\45-SMBShare.csv 243 | 244 | "Default Domain Password Policy"> $finalpath\46-DefaultDomainPasswordPolicy.csv 245 | $defaultpwdpolicy=Get-ADDefaultDomainPasswordPolicy | Select-Object ComplexityEnabled,MaxPasswordAge,MinPasswordAge,MinPasswordLength,PasswordHistoryCount,ReversibleEncryptionEnabled >> $finalpath\46-DefaultDomainPasswordPolicy.csv 246 | 247 | 248 | 249 | "MS Baseline Default Domain Password Policy "> $finalpath\46-BaselineDefaultDomainPasswordPolicy.csv 250 | "Enforce password history 24 251 | Maximum password age 60 252 | Minimum password age 1 253 | Minimum password length 14 254 | Password must meet complexity requirements Enabled 255 | Store passwords using reversible encryption Disabled" >>$finalpath\46-BaselineDefaultDomainPasswordPolicy.csv 256 | 257 | 258 | 259 | 260 | 261 | "Default Domain Locked Policy">$finalpath\47-LockedPolicy.csv 262 | $defaultlockedpolicy=Get-ADDefaultDomainPasswordPolicy | Select-Object LockoutDuration,LockoutThreshold,LockoutObservationWindow >> $finalpath\47-LockedPolicy.csv 263 | 264 | "MS BaselineDefault Domain Locked Policy">$finalpath\47-BaselineLockedPolicy.csv 265 | "Account lockout duration 15 266 | Account lockout threshold 10 267 | Reset account lockout counter after 15" >>$finalpath\47-BaselineLockedPolicy.csv 268 | 269 | 270 | 271 | "Site Assigned Servers">$finalpath\48-ServerSignSite.csv 272 | $serverassignsite=(Get-ADForest).Domains | ForEach { Get-ADDomainController -Discover -DomainName $_ } | ForEach { Get-ADDomainController -Server $_.Name -filter * } | Select Site, Name, Domain >> $finalpath\48-ServerSignSite.csv 273 | 274 | "All Subnet">$finalpath\49-AllSubnet.csv 275 | $allsubnet=Get-ADReplicationSubnet -filter * -Properties * | Select Name, Site >> $finalpath\49-AllSubnet.csv 276 | 277 | "All Site"> $finalpath\50-AllSite.csv 278 | $allsite=Get-ADReplicationSite -Filter * | select name >> $finalpath\50-AllSite.csv 279 | 280 | "FSMO Roles">$finalpath\51-FsmoRoles.csv 281 | $fsmoroles=netdom query fsmo >> $finalpath\51-FsmoRoles.csv 282 | 283 | "AD Backup Status">$finalpath\52-ADbackups.csv 284 | $backups=repadmin /showbackup * >> $finalpath\52-ADbackups.csv 285 | 286 | 287 | "All Operating System">$finalpath\53-OperatingSystemAll.csv 288 | $operatingsystem=Get-ADComputer -Filter * -Properties * | Select-Object Name,OperatingSystem,OperatingSystemVersion >> $finalpath\53-OperatingSystemAll.csv 289 | 290 | "OS Summary">$finalpath\54-OSSummary.csv 291 | $os2=Get-ADComputer -Filter "name -like '*'" -Properties operatingSystem | group -Property operatingSystem | Select Name,Count >> $finalpath\54-OSSummary.csv 292 | 293 | $7days= (Get-Date).AddDays(-7) 294 | 295 | "Last 7 Days Created Users">$finalpath\55-last7dayscreateduser.csv 296 | $last7dayscreateduser=Get-ADUser -Filter {whencreated -ge $7days} | select Name,SamaccountName,SID >> $finalpath\55-last7dayscreateduser.csv 297 | 298 | "Last 7 Days Changed Users">$finalpath\56-last7dayschangeduser.csv 299 | $last7dayschangeduser=Get-ADUser -Filter {whenchanged -ge $7days} | select Name,SamaccountName,SID >> $finalpath\56-last7dayschangeduser.csv 300 | 301 | "Top 5 Logon Count For User">$finalpath\57-Top5logoncount.csv 302 | $logoncount=get-aduser -Filter * -Properties Logoncount,Name,SamaccountName | Select-Object Name,SamaccountName,LogonCount | Sort-Object logoncount -Descending |select -First 5 >> $finalpath\57-Top5logoncount.csv 303 | 304 | 305 | "Last 7 Days Created Computers">$finalpath\58-last7dayscreatedcomputer.csv 306 | $last7dayscreatedcomputer=Get-ADcomputer -Filter {created -ge $7days} | select Name,SamaccountName,SID >> $finalpath\58-last7dayscreatedcomputer.csv 307 | 308 | "Computer Logon Count Top 5">$finalpath\59-logoncountcomputer.csv 309 | $logoncountcomp=Get-ADComputer -Filter * -Properties Name,LogonCount| Select-Object Name,LogonCount | Sort-Object logoncount -Descending |select -First 5 >> $finalpath\59-logoncountcomputer.csv 310 | 311 | "Different Computer Account(User Account Control not 4096)">$finalpath\60-differentcomputeraccount.csv 312 | $differentcomputeraccount=Get-ADComputer -Filter "useraccountcontrol -ne 4096" -Properties useraccountcontrol |select name,useraccountcontrol >> $finalpath\60-differentcomputeraccount.csv 313 | 314 | 315 | "Domain Controllers Info">$finalpath\61-Alldomaincontrollersinfo.csv 316 | $Alldomaincontrollersinfo=Get-ADDomainController -Filter * | Select Domain,Name,IPv4Address,IsGlobalCatalog,Site,OperatingSystem >> $finalpath\61-Alldomaincontrollersinfo.csv 317 | 318 | "All Ethernet Interfaces">$finalpath\62-allethernetinterfaces.csv 319 | $allethernetinterfaces=netsh interface ipv4 show interfaces >> $finalpath\62-allethernetinterfaces.csv 320 | 321 | "Service Accounts running on Services">$finalpath\63-serviceaccountservices.csv 322 | $serviceaccountservices=Get-WmiObject win32_service | where {($_.startname -ne "LocalSystem") -and ($_.startname -ne "NT AUTHORITY\NetworkService") -and ($_.startname -ne "NT AUTHORITY\NETWORK SERVICE") -and ($_.startname -ne "NT AUTHORITY\LocalService") } | FT name, startname, startmode >> $finalpath\63-serviceaccountservices.csv 323 | 324 | "Installed Roles">$finalpath\64-installedroles.csv 325 | $installedroles=Get-WindowsFeature | Where {$_.installed -eq "True"} >> $finalpath\64-installedroles.csv 326 | 327 | "Installed Applications"> $finalpath\65-installedapplication.csv 328 | $installedapplication=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | select DisplayName,Publisher,InstallDate >> $finalpath\65-installedapplication.csv 329 | 330 | 331 | "--NTP Configuration Registry">$finalpath\66-ntpserver.csv 332 | $ntpserver=Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\ | select Type, NtpServer >> $finalpath\66-ntpserver.csv 333 | 334 | "--NTP Configuration">>$finalpath\66-ntpserver.csv 335 | $ntpstatus=w32tm /query /configuration >> $finalpath\66-ntpserver.csv 336 | "--NTP Status">>$finalpath\66-ntpserver.csv 337 | $ntpstatus2=w32tm /query /status >> $finalpath\66-ntpserver.csv 338 | 339 | 340 | "Replication Queue">$finalpath\67-replicationqueue.csv 341 | $replicationhealth=repadmin /queue >> $finalpath\67-replicationqueue.csv 342 | 343 | "Replication Summary">$finalpath\68-replicationsummary.csv 344 | $replicationhealth2=repadmin /replsummary >> $finalpath\68-replicationsummary.csv 345 | 346 | "DC Diag Checking">$finalpath\69-dcdiag.csv 347 | $dcdiag=dcdiag /v /c /d /e >> $finalpath\69-dcdiag.csv 348 | 349 | "All AD Service Account">$finalpath\70-serviceaccount.csv 350 | $serviceaccount= Get-ADServiceAccount -Filter * -Properties * |select name,samaccountname,Enabled >> $finalpath\70-serviceaccount.csv 351 | 352 | 353 | 354 | $forest=(Get-ADDomain).forest 355 | $msdcs="_msdcs." + $forest 356 | 357 | "Forest SERVICE LOCATION INFO">$finalpath\71-forestsrv.csv 358 | $forestsrv=Get-DnsServerResourceRecord -RRType SRV -ZoneName $forest >> $finalpath\71-forestsrv.csv 359 | 360 | "MSDCS SERVICE LOCATION INFO">$finalpath\72-msdcsrv.csv 361 | $msdcsrv=Get-DnsServerResourceRecord -RRType SRV -ZoneName $msdcs >> $finalpath\72-msdcsrv.csv 362 | 363 | "FOREST NAME SERVER INFO">$finalpath\73-forestns.csv 364 | $forestns=Get-DnsServerResourceRecord -RRType NS -ZoneName $forest >> $finalpath\73-forestns.csv 365 | 366 | "MSDCS NAME SERVER INFO">$finalpath\74-msdcns.csv 367 | $msdcns=Get-DnsServerResourceRecord -RRType NS -ZoneName $msdcs >> $finalpath\74-msdcns.csv 368 | 369 | 370 | $forest=(Get-ADDomain).forest 371 | 372 | $eD = Get-ADDomain -Identity $forest 373 | $DC = $eD.DNSRoot 374 | 375 | $Root = Get-ADObject -Server $DC -SearchBase (Get-ADDomain -Identity $DC -Server $DC).DistinguishedName -LDAPFilter '(objectClass=domain)' 376 | 377 | 378 | "ROOT Domain ACL Report"> $finalpath\75-rootacl.csv 379 | $rootaccess=(Get-Acl -Path "AD:$root").Access | select ActiveDirectoryRights,AccessControlType,IdentityReference >> $finalpath\75-rootacl.csv 380 | 381 | 382 | "ADMIN SD HOLDER ACL Report">$finalpath\76-adminsdholderacl.csv 383 | $adminsdholderaccess=(Get-Acl -Path "AD:CN=AdminSDHolder,CN=System,$root").Access | select ActiveDirectoryRights,AccessControlType,IdentityReference >> $finalpath\76-adminsdholderacl.csv 384 | 385 | "Under C: Users Info">$finalpath\77-usersfolder.csv 386 | $usersfolder=Get-ChildItem -Path C:\Users | select Name,LastWriteTime >> $finalpath\77-usersfolder.csv 387 | 388 | 389 | "Administrator Account Last LogonDate">$finalpath\78-AdministratorAccountLastLogon.csv 390 | $administratoraccountlastlogon=Get-ADUser -Identity $sid500 -Properties * |select name,samaccountname,LastLogonDate >>$finalpath\78-AdministratorAccountLastLogon.csv 391 | 392 | 393 | 394 | $privilegegroups=Get-ADgroup -Filter * -Properties * | where {$_.Admincount -eq 1} | select samaccountname 395 | 396 | $priviligeincomputers=foreach($groupsname in $privilegegroups){ 397 | $computeraccountfind=Get-ADGroupMember -Identity $groupsname.samaccountname | where {($_.objectclass -eq "computer")} | select Name 398 | [PSCustomObject]@{ 399 | "Group Name"=$groupsname.samaccountname 400 | "Computers Name"=$computeraccountfind.name 401 | } 402 | 403 | } 404 | 405 | "Computers In Privilige Groups (Admin Count 1 Groups)">$finalpath\79-ComputerAccountinPriviligeGroup.csv 406 | $priviligeincomputers | Out-File -FilePath $finalpath\79-ComputerAccountinPriviligeGroup.csv 407 | 408 | "User In Privilige Groups but User is disable (Admin Count 1 Groups)">$finalpath\80-priviligeuserdisable.csv 409 | $priviligeuserdisable=Get-ADUser -Filter * -Properties * | where {($_.Admincount -eq 1)-and ($_.Enabled -eq $false) -and ($_.samaccountname -ne "krbtgt")} | select samaccountname >>$finalpath\80-priviligeuserdisable.csv 410 | 411 | 412 | $InactiveDays = 90 413 | $Days = (Get-Date).Adddays(-($InactiveDays)) 414 | "Admin Accounts Not Login 90 Days">$finalpath\81-enabledadminaccountinactive.csv 415 | $enabledadminaccountinactive=Get-ADUser -Filter {LastLogonTimeStamp -lt $Days -and enabled -eq $true -and admincount -eq 1 } -Properties LastLogonTimeStamp | select Name,SamaccountName >>$finalpath\81-enabledadminaccountinactive.csv 416 | 417 | 418 | $Recentlydays = 7 419 | $Days = (Get-Date).Adddays(-($Recentlydays)) 420 | "Admin Accounts Created in 7 Days">$finalpath\82-recentlycreatedpriviligeaccount.csv 421 | $recentlycreatedpriviligeaccount=Get-ADUser -Filter {WhenCreated -gt $Days -and enabled -eq $true -and admincount -eq 1 } -Properties *| Select-Object Samaccountname,WhenCreated >>$finalpath\82-recentlycreatedpriviligeaccount.csv 422 | 423 | 424 | 425 | $UsersInAdminGroups = (Get-ADGroup -LDAPFilter '(adminCount=1)') | 426 | ForEach-Object { 427 | # Get all users from all admin groups recursively 428 | Get-ADGroupMember $_ -Recursive | Where-Object {$_.ObjectClass -eq 'User'} 429 | } | Sort-Object distinguishedname | Select-Object -Unique 430 | 431 | $admincountuser=Get-ADUser -LDAPFilter '(adminCount=1)' |select Samaccountname 432 | ForEach($admincountuser in $admincountuser.samaccountname){ 433 | 434 | if(($admincountuser -notin $UsersInAdminGroups.samaccountname)-and ($admincountuser -ne "krbtgt")){ 435 | Write-Output $admincountuser | Out-File -FilePath $finalpath\83-nomoreadmin.csv -Append 436 | } 437 | 438 | 439 | 440 | } 441 | 442 | 443 | "User Not In Primary Group Domain Users">$finalpath\84-userprimaryid.csv 444 | $userprimaryid=Get-ADUser -Filter '(primaryGroupID -ne 513)' -Properties * |Where-Object {$_.samaccountname -ne "Guest"} |select Samaccountname >>$finalpath\84-userprimaryid.csv 445 | 446 | "Computers Not In Primary Group Domain Computers">$finalpath\85-computerprimaryid.csv 447 | $computerprimaryid=Get-ADcomputer -Filter '(primaryGroupID -ne 515 -and primaryGroupID -ne 516)' -Properties * |select Samaccountname,primaryGroupID >>$finalpath\85-computerprimaryid.csv 448 | 449 | 450 | 451 | 452 | 453 | $eD = Get-ADDomain -Identity $forest 454 | $DC = $eD.DNSRoot 455 | $Root = Get-ADObject -Server $DC -SearchBase (Get-ADDomain -Identity $DC -Server $DC).DistinguishedName -LDAPFilter '(objectClass=domain)' 456 | 457 | $dcdist=$root.DistinguishedName 458 | 459 | $domaincontrollerlist=Get-ADComputer -Filter * -SearchBase "OU=Domain Controllers,$dcdist" | select DistinguishedName 460 | 461 | $domaincontrollerdistinguished= $domaincontrollerlist.DistinguishedName 462 | 463 | $dcownerlists=foreach($dcownerdist in $domaincontrollerdistinguished){ 464 | $finddcowner=(Get-Acl -Path "AD:$dcownerdist").Owner 465 | [PSCustomObject]@{ 466 | "Distinguished Name"=$dcownerdist 467 | "Owner"=$finddcowner 468 | } 469 | } 470 | 471 | 472 | $dcownerlists| Out-File -FilePath $finalpath\86-dcownerlist.csv 473 | 474 | 475 | 476 | 477 | "MSDS Machine Account Quota Info">$finalpath\87-msdsmachineaccountQuota.csv 478 | $msdsmachineaccountQuota=Get-ADObject -Identity ((Get-ADDomain).distinguishedname) ` 479 | -Properties ms-DS-MachineAccountQuota >>$finalpath\87-msdsmachineaccountQuota.csv 480 | 481 | "GPO settings (User Right: Add workstations to domain configured with only high-privileged group(s)/account(s)) linked to Domain Controllers" >>$finalpath\87-msdsmachineaccountQuota.csv 482 | 483 | 484 | 485 | 486 | 487 | 488 | "Prevent Enabling Lock Screen Camera Checking">$finalpath\88-NolockScreenCamera.csv 489 | $NolockScreenCamera=Get-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Personalization\' | select NoLockScreenCamera >>$finalpath\88-NolockScreenCamera.csv 490 | " 491 | If Result 1 Enabled 492 | How To Enable= Computer Configuration\Administrative Templates\Control Panel\ Prevent enabling lock screen camera" >>$finalpath\88-NolockScreenCamera.csv 493 | 494 | 495 | 496 | "Prevent Enabling Lock Screen Slide Showing">$finalpath\89-NoLockScreenSlideshow.csv 497 | $NolockScreenSlideShow=Get-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Personalization\' | select NoLockScreenSlideshow >>$finalpath\89-NoLockScreenSlideshow.csv 498 | " 499 | 500 | If Result 1 Enabled 501 | How To Enable= Computer Configuration\Administrative Templates\Control Panel\ Prevent enabling lock screen slide show">>$finalpath\89-NoLockScreenSlideshow.csv 502 | 503 | 504 | 505 | "WDigest Authentication">$finalpath\90-wdigest.csv 506 | $wdigest=Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\" | select UseLogonCredential >>$finalpath\90-wdigest.csv 507 | 508 | "If Result 0 Disabled 509 | 510 | Windows XP was the first operating system to introduce the WDigest protocol. 511 | This protocol is enabled by default on Windows systems and helps clients authenticate to Hypertext Transfer Protocol (HTTP) 512 | and Simple Authentication Security Layer (SASL) applications by sending cleartext credentials. Not Store in LSASS 513 | 514 | How To Disable =Computer Configuration\Preferences\Registry 515 | HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\ UseLogonCredential REG_DWORD = 0" >>$finalpath\90-wdigest.csv 516 | 517 | 518 | 519 | "Insecure Logon Checking">$finalpath\91-AllowInsecureGuestAuth.csv 520 | $AllowInsecureGuestAuth=Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation\" | Select AllowInsecureGuestAuth >>$finalpath\91-AllowInsecureGuestAuth.csv 521 | " 522 | If Result 0 Disabled 523 | 524 | This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. Not Enable to guest logon to SMB Share 525 | 526 | This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. 527 | 528 | Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. 529 | 530 | Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. 531 | 532 | How to Disabled =Computer Configuration\Administrative Templates\Network\LanManWorkstation Enable insecure guest logons 533 | 534 | ">>$finalpath\91-AllowInsecureGuestAuth.csv 535 | 536 | 537 | 538 | 539 | "Autorun Checking">$finalpath\92-NoAutorun.csv 540 | $NoAutorun=Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\" | select NoAutorun >>$finalpath\92-NoAutorun.csv 541 | " 542 | 543 | If Result 1 Do not execute any autorun commands 544 | 545 | When media containing an autorun command is inserted, the system will automatically execute the program without user intervention 546 | Maybe It has vulneratibility things thats why do not execute autorun commands. 547 | 548 | How To Disable= Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies 549 | Set the default behavior for AutoRun Do not execute any autorun commands 550 | 551 | 552 | 553 | 554 | ">>$finalpath\92-NoAutorun.csv 555 | 556 | 557 | "Autorun Drive Type Checking">$finalpath\93-NoDriveTypeAutoRun.csv 558 | $NoDriveTypeAutoRun=Get-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ | select NoDriveTypeAutoRun >>$finalpath\93-NoDriveTypeAutoRun.csv 559 | 560 | " 561 | 562 | If Result 255 All Drivers 563 | 564 | Turn Off Autorun policy to All Drivers 565 | 566 | How To Configure = Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies 567 | Turn off Autoplay All Drivers 568 | 569 | 570 | ">>$finalpath\93-NoDriveTypeAutoRun.csv 571 | 572 | 573 | 574 | "Hardened UNC Checking">$finalpath\94-hardenUNC.csv 575 | $hardenUNC=Get-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths >>$finalpath\94-hardenUNC.csv 576 | 577 | 578 | " 579 | If Result has 580 | \\*\NETLOGON : RequireMutualAuthentication=1, RequireIntegrity=1 581 | \\*\SYSVOL : RequireMutualAuthentication=1, RequireIntegrity=1 582 | 583 | SYSVOL and NETLOGON Share has secure UNC path 584 | 585 | This policy setting configures secure access to UNC paths. 586 | 587 | How to Active Policy =Computer Configuration\Administrative Templates\Network\Network Provider 588 | 589 | Hardened UNC Paths 590 | 591 | \\*\NETLOGON : RequireMutualAuthentication=1, RequireIntegrity=1 592 | \\*\SYSVOL : RequireMutualAuthentication=1, RequireIntegrity=1 593 | 594 | 595 | ">>$finalpath\94-hardenUNC.csv 596 | 597 | 598 | 599 | "LDAP Require Signing Checking">$finalpath\95-requiresigning.csv 600 | $requiresigning=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\NTDS\Parameters\" | Select ldapserverintegrity >>$finalpath\95-requiresigning.csv 601 | 602 | " 603 | 604 | If Result is 2 Require Signing 605 | 606 | This policy setting determines whether the Lightweight Directory Access Protocol (LDAP) server requires 607 | LDAP clients to negotiate data signing. 608 | Unsigned network traffic is susceptible to man-in-the-middle attacks, 609 | where an intruder captures packets between the server and the client device and modifies them before forwarding them to the client device. 610 | 611 | 612 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 613 | Domain controller: LDAP server signing requirements Require Signing 614 | 615 | Be careful if you enable this policy 616 | Client devices that don't support LDAP signing can't run LDAP queries against the domain controllers. 617 | 618 | You should Enable Policy Computer Configuration\Windows Settings \Local Policy \ Security Options \ 619 | Network Security: LDAP client signing requirements Require Signing to client 620 | 621 | 622 | " >>$finalpath\95-requiresigning.csv 623 | 624 | 625 | "Lan Manager Authentication Level Checking">$finalpath\96-lanmanagerlevel.csv 626 | 627 | $lanmanagerlevel=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\" |select lmcompatibilitylevel >>$finalpath\96-lanmanagerlevel.csv 628 | " 629 | 630 | If Result 5 response only NTLMV2 631 | 632 | 633 | Send LM & NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication. 634 | Send LM & NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. 635 | Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. 636 | Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication. 637 | Send NTLMv2 response only\\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication). 638 | Send NTLMv2 response only\\refuse LM & NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication). 639 | 640 | 641 | 642 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 643 | 644 | Network security: LAN Manager authentication level Send NTLMv2 response only\\refuse LM & NTLM 645 | 646 | Be careful If you have NTLM,LM traffic , which will be down 647 | 648 | Event Id: 4624 Source Port 49194 649 | 650 | ">>$finalpath\96-lanmanagerlevel.csv 651 | 652 | 653 | 654 | "Admin Approval Mode">$finalpath\97-adminapprovalmode.csv 655 | $adminapprovalmode=Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" | SELECT filteradministratortoken >>$finalpath\97-adminapprovalmode.csv 656 | ##Must 1 Enable Admin Approval Mode 657 | " 658 | If Result 1 Enable 659 | 660 | This policy setting determines the behavior of Admin Approval Mode for the built-in administrator account. 661 | When the Admin Approval Mode is enabled, the local administrator account functions like a standard user account, 662 | but it has the ability to elevate privileges without logging on by using a different account. 663 | In this mode, any operation that requires elevation of privilege displays a prompt that allows the administrator to permit or deny the elevation of privilege 664 | 665 | 666 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 667 | 668 | User Account Control: Admin Approval Mode for the Built-in Administrator account Enabled 669 | 670 | 671 | 672 | 673 | " >>$finalpath\97-adminapprovalmode.csv 674 | 675 | 676 | 677 | "Admin Approval Mode Admin User">$finalpath\98-adminapprovalforadmin.csv 678 | $adminapprovalforadmin=Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" | SELECT ConsentPromptBehaviorAdmin >>$finalpath\98-adminapprovalforadmin.csv 679 | ##Admin Approval Mode for Admin 2 Consenst for secure desktop 680 | " 681 | 682 | If Result 2 Prompt for consent on the secure desktop 683 | 684 | When an operation requires elevation of privilege, 685 | the user is prompted on the secure desktop to select Permit or Deny. 686 | If the user selects Permit, the operation continues with the user's highest available privilege.* 687 | 688 | 689 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 690 | Prompt for consent on the secure desktop 691 | 692 | 693 | ">>$finalpath\98-adminapprovalforadmin.csv 694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | "Admin Approval Mode Normal User">$finalpath\99-adminapprovalforuser.csv 702 | $adminapprovalforuser=Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\" | SELECT ConsentPromptBehaviorUser >>$finalpath\99-adminapprovalforuser.csv 703 | ##Admin Approval Mode for User 0 Automativally DeNY 704 | 705 | " 706 | 707 | If Result 0 Automatically deny elevation requests 708 | 709 | 710 | This option returns an Access denied error message to standard users 711 | when they try to perform an operation that requires elevation of privilege. 712 | 713 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 714 | User Account Control: Behavior of the elevation prompt for standard users -Automatically deny elevation requests 715 | 716 | 717 | ">>$finalpath\99-adminapprovalforuser.csv 718 | 719 | 720 | "Time Inactivity Checking">$finalpath\100-timeinactivitymachine.csv 721 | $timeinactivitymachine=Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\" | select inactivitytimeoutsecs >>$finalpath\100-timeinactivitymachine.csv 722 | ##TimeOutSec 900 723 | " 724 | If Result 900 15 minutes 725 | 726 | When user is inactivite 15 minutes automatically lock computers 727 | 728 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 729 | 730 | Interactive logon: Machine inactivity limit 900 731 | 732 | ">>$finalpath\100-timeinactivitymachine.csv 733 | 734 | 735 | 736 | "LM Hash Next Password">$finalpath\103-Lmhashnextpassword.csv 737 | $Lmhashnextpassword=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\" |select NoLmHash >>$finalpath\103-Lmhashnextpassword.csv 738 | 739 | 740 | "If result 1 Enabled 741 | 742 | 743 | This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. 744 | The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. 745 | Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked. 746 | 747 | 748 | 749 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 750 | 751 | Network security: Do not store LAN Manager hash value on next password change--Enabled 752 | 753 | 754 | ">>$finalpath\103-Lmhashnextpassword.csv 755 | 756 | 757 | 758 | "Plain Text Password for 3 Party SMB Servers">$finalpath\101-unencrtyptedpassword3party.csv 759 | $unencrtyptedpassword3party=Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters |select EnablePlainTextPassword >>$finalpath\101-unencrtyptedpassword3party.csv 760 | ##Default Disable but must 0 dont sent unencrypted password to 3.party SMB Servers 761 | 762 | " 763 | If Result 0 Disable 764 | 765 | If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. 766 | 767 | Sending unencrypted passwords is a security risk. 768 | 769 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 770 | 771 | Microsoft network client: Send unencrypted password to third-party SMB servers --- Disable 772 | 773 | 774 | ">>$finalpath\101-unencrtyptedpassword3party.csv 775 | 776 | 777 | "Digital Sign Client">$finalpath\102-digitalsignclient.csv 778 | $digitalsignclient=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" |select RequireSecuritySignature >>$finalpath\102-digitalsignclient.csv 779 | 780 | " 781 | 782 | 783 | If Result 1 Enabled Always 784 | 785 | 786 | 787 | All Windows operating systems support both a client-side SMB component and a server-side SMB component. 788 | To take advantage of SMB packet signing, both the client-side SMB component and server-side SMB component that are involved in a communication must have SMB packet signing either enabled or required. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: 789 | Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 790 | Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. 791 | Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 792 | Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 793 | If server-side SMB signing is required, a client will not be able to establish a session with that server, unless it has client-side SMB signing enabled. 794 | By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. 795 | Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. 796 | 797 | 798 | First Off all open If client agree after than always 799 | 800 | careful do it with if client agress Client server and Domain control must be 801 | 802 | 803 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 804 | Microsoft network client: Digitally sign communications (always)-Enabled 805 | (if server agrees)-enabled 806 | 807 | 808 | ">>$finalpath\102-digitalsignclient.csv 809 | 810 | "Digital Sign Server">$finalpath\103-digitalsigncserver.csv 811 | $digitalsigncserver=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters" |select requiresecuritysignature >>$finalpath\103-digitalsigncserver.csv 812 | 813 | 814 | " 815 | 816 | If Result 1 Enabled Always 817 | 818 | 819 | 820 | All Windows operating systems support both a client-side SMB component and a server-side SMB component. 821 | To take advantage of SMB packet signing, both the client-side SMB component and server-side SMB component that are involved in a communication must have SMB packet signing either enabled or required. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: 822 | Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 823 | Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. 824 | Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 825 | Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 826 | If server-side SMB signing is required, a client will not be able to establish a session with that server, unless it has client-side SMB signing enabled. 827 | By default, client-side SMB signing is enabled on workstations, servers, and domain controllers. 828 | Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. 829 | 830 | 831 | --First Off all open If client agree after than always!!!!!!!!!!!!!!!! 832 | 833 | 834 | 835 | 836 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 837 | Microsoft network server: Digitally sign communications (always)-Enabled 838 | (if server agrees)-enabled 839 | ">>$finalpath\103-digitalsigncserver.csv 840 | 841 | 842 | 843 | "Anonymous Account and Share">$finalpath\104-restrictanonymoussamaccountsandshares.csv 844 | $restrictanonymoussamaccountsandshares=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\" | select restrictanonymous >>$finalpath\104-restrictanonymoussamaccountsandshares.csv 845 | #Must Be 1 846 | 847 | " 848 | If Result 1 Restricted 849 | 850 | Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. 851 | If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy. 852 | 853 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 854 | Network access: Do not allow anonymous enumeration of SAM accounts and shares-Enabled 855 | 856 | 857 | ">>$finalpath\104-restrictanonymoussamaccountsandshares.csv 858 | 859 | 860 | "Anonymous Sam Accounts">$finalpath\105-restrictanonymoussamaccounts.csv 861 | $restrictanonymoussamaccounts=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\" | select restrictanonymoussam >>$finalpath\105-restrictanonymoussamaccounts.csv 862 | #Must Be 1 863 | " 864 | If Result 1 Restricted 865 | 866 | 867 | Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. 868 | This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. 869 | 870 | 871 | 872 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 873 | Network access: Do not allow anonymous enumeration of SAM accounts -Enabled 874 | 875 | ">>$finalpath\105-restrictanonymoussamaccounts.csv 876 | 877 | 878 | 879 | "Secure RPC Checking">$finalpath\106-securerpc.csv 880 | $securerpc=Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" |select fEncryptRPCTraffic >>$finalpath\106-securerpc.csv 881 | ##MUSTBE 1 Enabled 882 | 883 | " 884 | 885 | If Result 1 Enabled 886 | 887 | Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. 888 | You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. 889 | 890 | How To Enable= Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security 891 | Require secure RPC communication Enabled 892 | 893 | ">>$finalpath\106-securerpc.csv 894 | 895 | 896 | "Secure RPC Encryption Level Checking">$finalpath\107-securerpcencryptionlevel.csv 897 | $securerpcencryptionlevel=Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" |select MinEncryptionLevel >>$finalpath\107-securerpcencryptionlevel.csv 898 | ##MUSTBE 3 High Level 899 | " 900 | If Result 3 High Level 901 | 902 | 903 | Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. 904 | You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. 905 | 906 | How To Enable= Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security 907 | Set client connection encryption level--High Level 908 | 909 | 910 | ">>$finalpath\107-securerpcencryptionlevel.csv 911 | 912 | 913 | 914 | "Always Ask Password Upon Connection">$finalpath\108-PromptForPassword.csv 915 | $PromptForPassword=Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" |select fPromptForPassword >>$finalpath\108-PromptForPassword.csv 916 | 917 | " 918 | 919 | If Result 1 Prompt Password 920 | 921 | This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. 922 | You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. 923 | By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client. 924 | If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on. 925 | 926 | How To Enable= Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security 927 | Always prompt for password upon connection---Enabled 928 | 929 | ">>$finalpath\108-PromptForPassword.csv 930 | 931 | 932 | "Dont Allow Password to be Saved">$finalpath\109-Notallowpasswordsave.csv 933 | $Notallowpasswordsave=Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\" |select DisablePasswordSaving >>$finalpath\109-Notallowpasswordsave.csv 934 | ##Must Be 1 Enabled 935 | 936 | " 937 | If Result 1 Dont Allow Password to be Saved 938 | 939 | 940 | 941 | 942 | Controls whether passwords can be saved on this computer from Remote Desktop Connection. 943 | If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. 944 | 945 | You should apply this also to client which will make RDP connection to Domain Controller 946 | 947 | 948 | How To Enable= Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security 949 | Do not allow passwords to be saved-Enabled 950 | 951 | 952 | 953 | ">>$finalpath\109-Notallowpasswordsave.csv 954 | 955 | 956 | 957 | 958 | 959 | "Windows Smart Screen Checking">$finalpath\110-windowssmartscreen.csv 960 | $windowssmartscreen=Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System\" | select EnableSmartScreen,ShellSmartScreenLevel >>$finalpath\110-windowssmartscreen.csv 961 | 962 | 963 | " 964 | If Result 1 Enabled and Warn must be 965 | 966 | This policy allows you to turn Windows Defender SmartScreen on or off. 967 | SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. 968 | This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. 969 | Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. 970 | 971 | How To Enable= Computer Configuration\Administrative Templates\Windows Components\File Explorer 972 | Configure Windows Defender SmartScreen-Enabled 973 | 974 | ">>$finalpath\110-windowssmartscreen.csv 975 | 976 | 977 | 978 | 979 | "Powershell Logging Checking">$finalpath\111-powershellogging.csv 980 | $powershellogging=Get-ChildItem -Path "HKLM:\Software\Policies\Microsoft\Windows\PowerShell\" >>$finalpath\111-powershellogging.csv 981 | " 982 | 983 | If Result 984 | ModuleLogging EnableModuleLogging : 1 985 | ScriptBlockLogging EnableScriptBlockLogging : 1 986 | Transcription EnableTranscripting : 1 987 | OutputDirectory : c:\pslogs 988 | EnableInvocationHeader : 1 989 | 990 | Logging enable and OutputDirectory C:\Pslogs 991 | 992 | This will give to log powershell commands 993 | 994 | 995 | How To Enable= Computer Configuration\Administrative Templates\Windows Components\Windows Powershell 996 | 997 | 998 | Turn On Module Logging = Module Names * 999 | Turn on Powershell Script Block Logging = Enabled 1000 | Turn on Powershell Transcription= Enabled 1001 | Output Directory = Where log will stay 1002 | 1003 | 1004 | 1005 | ">>$finalpath\111-powershellogging.csv 1006 | 1007 | "Registry Policies Updating">$finalpath\112-registrypolicyprocess.csv 1008 | $registrypolicyprocess=Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\" >>$finalpath\112-registrypolicyprocess.csv 1009 | 1010 | " 1011 | If Result 1012 | NoBackgroundPolicy : 0 1013 | NoGPOListChanges : 0 1014 | 1015 | 1016 | This policy setting determines when registry policies are updated. 1017 | This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. 1018 | It overrides customized settings that the program implementing a registry policy set when it was installed. 1019 | 1020 | 1021 | How To Enable= Computer Configuration\Administrative Templates\System\Group Policy 1022 | Configure registry policy processing 1023 | 1024 | Process even if the Group Policy objects have not changed = True 1025 | Do not apply during periodic background processing = False 1026 | 1027 | 1028 | 1029 | ">>$finalpath\112-registrypolicyprocess.csv 1030 | 1031 | 1032 | 1033 | "WinRM Client Traffic and Authentication">$finalpath\113-winrmclient.csv 1034 | $winrmclient=Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client" |select AllowBasic,AllowUnencryptedTraffic,AllowDigest >>$finalpath\113-winrmclient.csv 1035 | " 1036 | 1037 | If Result 1038 | 1039 | AllowBasic=0 1040 | AllowUnencryptedTraffic=0 1041 | AllowDigest=0 1042 | 1043 | Basic and Digest Authentication is Disable 1044 | UnencryptedTraffic is Disable 1045 | 1046 | How To Enable= Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client 1047 | Allow Basic authentication---Disabled 1048 | Allow unencrypted traffic---Disabled 1049 | Disallow Digest authentication--Enabled 1050 | 1051 | 1052 | 1053 | ">>$finalpath\113-winrmclient.csv 1054 | 1055 | 1056 | 1057 | "WinRM Service Traffic and Authentication">$finalpath\114-winrmservice.csv 1058 | $winrmservice=Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service" |select AllowBasic,AllowUnencryptedTraffic,DisableRunAs >>$finalpath\114-winrmservice.csv 1059 | " 1060 | If Result 1061 | 1062 | AllowBasic : 0 1063 | AllowUnencryptedTraffic : 0 1064 | DisableRunAs : 1 1065 | 1066 | Basic and Digest Authentication is Disable 1067 | RunAs Service Disable = Enable 1068 | 1069 | 1070 | How To Enable= Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service 1071 | 1072 | Allow Basic authentication---Disabled 1073 | Allow unencrypted traffic---Disabled 1074 | Disallow WinRM from storing RunAs credentials---Enabled 1075 | 1076 | 1077 | ">>$finalpath\114-winrmservice.csv 1078 | 1079 | 1080 | "Event Log Size">$finalpath\115-eventlogmaxsize.csv 1081 | $eventlogmaxsize=Get-ChildItem -Path "HKLM:\Software\Policies\Microsoft\Windows\EventLog\" >>$finalpath\115-eventlogmaxsize.csv 1082 | " 1083 | 1084 | How To Configure= Computer Configuration\Administrative Templates\Windows Components\Event Log Service 1085 | Application 1086 | Security 1087 | System 1088 | 1089 | 1090 | ">>$finalpath\115-eventlogmaxsize.csv 1091 | 1092 | "NTLM Session Security">$finalpath\116-ntlmsessionsecurity.csv 1093 | $ntlmsessionsecurity=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0\" |Select NtlmMinClientSec,NtlmMinServerSec >>$finalpath\116-ntlmsessionsecurity.csv 1094 | " 1095 | 1096 | If Result 537395200 Require NTLMv2 session security, Require 128bit encryption 1097 | 1098 | 1099 | It Depends on LAN Manager authentication level NTLMV2, 1100 | Issued on NTLMV2 security 1101 | 1102 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 1103 | 1104 | Network security: Minimum session security for NTLM SSP based (including secure RPC) clients 1105 | Network security: Minimum session security for NTLM SSP based (including secure RPC) servers 1106 | 1107 | 1108 | Require NTLMv2 session security, Require 128bit encryption 1109 | 1110 | 1111 | ">>$finalpath\116-ntlmsessionsecurity.csv 1112 | 1113 | 1114 | "Null Session Fall Back">$finalpath\117-ntlmsessionsecurity.csv 1115 | $nullsessionfallback=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0\" | SELECT allownullsessionfallback >>$finalpath\117-ntlmsessionsecurity.csv 1116 | 1117 | " 1118 | If Result 0 Disabled 1119 | 1120 | 1121 | This policy affects session security during the authentication process between devices running Windows Server 2008 R2 and Windows 7 and later 1122 | and those devices running earlier versions of the Windows operating system. 1123 | For computers running Windows Server 2008 R2 and Windows 7 and later, 1124 | services running as Local System require a service principal name (SPN) to generate the session key. 1125 | However, if Network security: Allow Local System to use computer identity for NTLM is set to disabled, 1126 | services running as Local System will fall back to using NULL session authentication when they transmit data to servers running versions of Windows earlier than Windows Vista or 1127 | Windows Server 2008. NULL session doesn't establish a unique session key for each authentication; 1128 | and thus, it can't provide integrity or confidentiality protection. 1129 | 1130 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 1131 | Network security: Allow LocalSystem NULL session fallback---Disabled 1132 | 1133 | 1134 | ">>$finalpath\117-ntlmsessionsecurity.csv 1135 | 1136 | 1137 | "Advanced Audit Policy">$finalpath\118-auditsubcategory.csv 1138 | $auditsubcategory=Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\" | select scenoapplylegacyauditpolicy >>$finalpath\118-auditsubcategory.csv 1139 | " 1140 | 1141 | If Result 1 Enabled 1142 | 1143 | For Advanced Audit Policy it is required , override audit policy category settings 1144 | 1145 | How To Active Policy = Computer Configuration\Windows Settings \Local Policy \ Security Options \ 1146 | 1147 | 1148 | Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings -- -Enabled 1149 | 1150 | ">>$finalpath\118-auditsubcategory.csv 1151 | 1152 | 1153 | 1154 | $domaincontrollerou=(Get-ADDomain).DomainControllersContainer 1155 | $allgpoenabled=(Get-GPInheritance -Target $domaincontrollerou).InheritedGpoLinks 1156 | 1157 | $allgpoenabled >>$finalpath\119-DomainControllerOUGpos.csv 1158 | 1159 | 1160 | Gpresult /H $finalpath\120-DomainControllerGpresult.html 1161 | 1162 | Write-Host "End--------------------------------%100" -ForegroundColor Green -------------------------------------------------------------------------------- /AddRemoveMembersInGroups.ps1: -------------------------------------------------------------------------------- 1 | # Import AD Module 2 | Import-Module ActiveDirectory 3 | 4 | $InOUNotGroupMemberUsers=Get-ADUser -Filter "-not (memberOf -eq 'CN=IST-IT-USR-ON-LEAVE-GRP,OU=User Groups,OU=IT,OU=Istanbul,OU=Turkey,OU=Europe,DC=firatboyan,DC=local')" -SearchBase "OU=Users On Leave,OU=IT,OU=Istanbul,OU=Turkey,OU=Europe,DC=firatboyan,DC=local" -Properties * | 5 | Select-Object SamAccountName 6 | 7 | $OutOUGroupMemberUsers=Get-ADUser -Filter "(memberOf -eq 'CN=IST-IT-USR-ON-LEAVE-GRP,OU=User Groups,OU=IT,OU=Istanbul,OU=Turkey,OU=Europe,DC=firatboyan,DC=local')" -SearchBase "DC=firatboyan,DC=local" -Properties * | Where-Object {$_.DistinguishedName -notmatch 'Users On Leave'} | 8 | Select-Object SamAccountName 9 | 10 | $Group = "IST-IT-USR-ON-LEAVE-GRP" 11 | foreach ($User in $InOUNotGroupMemberUsers) { 12 | 13 | Add-ADGroupMember -Identity $Group -Members $User -Confirm:$false 14 | Write-Host "Added $User to $Group" -ForeGroundColor Green 15 | } 16 | foreach ($User in $OutOUGroupMemberUsers) { 17 | Remove-ADGroupMember -Identity $Group -Members $User -Confirm:$false 18 | Write-Host "Removed $User to $Group" -ForeGroundColor Cyan 19 | } -------------------------------------------------------------------------------- /Check-TLS-1.2.ps1: -------------------------------------------------------------------------------- 1 | $tlsProtocols = @( 2 | 'SSL 2.0', 3 | 'SSL 3.0', 4 | 'TLS 1.0', 5 | 'TLS 1.1', 6 | 'TLS 1.2', 7 | 'TLS 1.3' 8 | ) 9 | 10 | Write-Host " " 11 | Write-Host "Checking TLS/SSL protocol statuses...`n" -ForegroundColor Cyan 12 | 13 | foreach ($protocol in $tlsProtocols) { 14 | $serverPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server" 15 | $clientPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client" 16 | 17 | $serverEnabled = "Disabled" 18 | $clientEnabled = "Disabled" 19 | $serverColor = "Red" 20 | $clientColor = "Red" 21 | 22 | if (Test-Path $serverPath) { 23 | $serverEnabledKey = Get-ItemProperty -Path $serverPath -ErrorAction SilentlyContinue 24 | if ($serverEnabledKey -and $serverEnabledKey.Enabled -eq 1) { 25 | $serverEnabled = "Enabled" 26 | $serverColor = "Green" 27 | } 28 | } 29 | 30 | if (Test-Path $clientPath) { 31 | $clientEnabledKey = Get-ItemProperty -Path $clientPath -ErrorAction SilentlyContinue 32 | if ($clientEnabledKey -and $clientEnabledKey.Enabled -eq 1) { 33 | $clientEnabled = "Enabled" 34 | $clientColor = "Green" 35 | } 36 | } 37 | 38 | Write-Host "$protocol - Server: $serverEnabled" -ForegroundColor $serverColor 39 | Write-Host "$protocol - Client: $clientEnabled" -ForegroundColor $clientColor 40 | Write-Host "---------------------------" -ForegroundColor Gray 41 | } 42 | 43 | Write-Host " -------------------------------------------------------------------------------- /DFSRCheck.ps1: -------------------------------------------------------------------------------- 1 | $currentDomain =(Get-ADDomainController).hostname 2 | 3 | $defaultNamingContext = (([ADSI]"LDAP://$currentDomain/rootDSE").defaultNamingContext) 4 | $searcher = New-Object DirectoryServices.DirectorySearcher 5 | $searcher.Filter = "(&(objectClass=computer)(dNSHostName=$currentDomain))" 6 | $searcher.SearchRoot = "LDAP://" + $currentDomain + "/OU=Domain Controllers," + $defaultNamingContext 7 | $dcObjectPath = $searcher.FindAll() | %{$_.Path} 8 | 9 | # DFSR 10 | $searchDFSR = New-Object DirectoryServices.DirectorySearcher 11 | $searchDFSR.Filter = "(&(objectClass=msDFSR-Subscription)(name=SYSVOL Subscription))" 12 | $searchDFSR.SearchRoot = $dcObjectPath 13 | $dfsrSubObject = $searchDFSR.FindAll() 14 | 15 | if ($dfsrSubObject -ne $null){ 16 | 17 | [pscustomobject]@{ 18 | "SYSVOL Replication Mechanism"= "DFSR" 19 | "Path:"= $dfsrSubObject|%{$_.Properties."msdfsr-rootpath"} 20 | } 21 | 22 | } 23 | 24 | # FRS 25 | $searchFRS = New-Object DirectoryServices.DirectorySearcher 26 | $searchFRS.Filter = "(&(objectClass=nTFRSSubscriber)(name=Domain System Volume (SYSVOL share)))" 27 | $searchFRS.SearchRoot = $dcObjectPath 28 | $frsSubObject = $searchFRS.FindAll() 29 | 30 | if($frsSubObject -ne $null){ 31 | 32 | [pscustomobject]@{ 33 | "SYSVOL Replication Mechanism" = "FRS" 34 | "Path" = $frsSubObject|%{$_.Properties.frsrootpath} 35 | } 36 | 37 | } -------------------------------------------------------------------------------- /GET-SearchGroupMembers.ps1: -------------------------------------------------------------------------------- 1 | $TelifHaklariMetni = @" 2 | ############################################## 3 | # 4 | # Bu Script'in yazarı, Fırat Boyan'dır ve sadece amacına uygun olarak kullanılabilir. 5 | # Bu Script, Fırat Boyan'ın izni olmadan hiçbir makalede referans gösterilmeden yayınlanamaz. 6 | # 7 | # www.firatboyan.com 8 | # 9 | ############################################## 10 | "@ 11 | 12 | Write-Output $TelifHaklariMetni 13 | 14 | do { 15 | Write-Host "Onaylıyor musunuz? (Evet/Hayır): " -ForegroundColor Cyan -NoNewline 16 | $Onay = Read-Host 17 | if ($Onay -eq "Evet") { 18 | 19 | Write-Output "" 20 | 21 | Write-Host "Script çalıştırılıyor..." -ForegroundColor Yellow 22 | 23 | Start-Sleep -Seconds 3 24 | 25 | } elseif ($Onay -eq "Hayır") { 26 | 27 | Write-Output "" 28 | 29 | Write-Host "Onay verilmedi. Script'ten çıkış yapılıyor..." -ForegroundColor Yellow 30 | 31 | Start-Sleep -Seconds 3 32 | 33 | exit 34 | } else { 35 | Write-Output "Geçersiz giriş. Lütfen 'Evet' veya 'Hayır' yazınız." 36 | } 37 | } until ($Onay -eq "Evet" -or $Onay -eq "Hayır") 38 | 39 | function SearchGroup { 40 | while ($true) { 41 | 42 | Write-Host "" 43 | Write-Host "" 44 | 45 | Write-Host -NoNewline "Lütfen grup anahtar kelimesini girin: " -ForegroundColor Cyan 46 | $keyword = Read-Host 47 | 48 | $groups = @(Get-ADGroup -Filter "Name -like '*$keyword*'") 49 | 50 | if ($groups.Count -eq 0) { 51 | Write-Host "Anahtar kelimeye uygun grup bulunamadı. Lütfen doğru anahtar kelimeyi girdiğinizden emin olun." -ForegroundColor Red 52 | continue 53 | } 54 | 55 | Write-Host "" 56 | Write-Host "Anahtar kelimeye uygun gruplar:" -ForegroundColor Yellow 57 | $index = 1 58 | $groups | ForEach-Object { 59 | Write-Host "$index. $($_.Name)" 60 | $index++ 61 | } 62 | 63 | $validSelection = $false 64 | $groupNumber = 0 65 | while (-not $validSelection) { 66 | 67 | Write-Host -NoNewline "Hangi grubu seçmek istiyorsunuz? (numara girin): " -ForegroundColor Cyan 68 | $input = Read-Host 69 | if ([int]::TryParse($input, [ref]$groupNumber) -and $groupNumber -ge 1 -and $groupNumber -le $groups.Count) { 70 | $validSelection = $true 71 | } else { 72 | Write-Host "Geçersiz numara. Lütfen listeden geçerli bir numara girin." -ForegroundColor Red 73 | } 74 | } 75 | 76 | $selectedGroup = $groups[$groupNumber - 1] 77 | $groupDN = $selectedGroup.DistinguishedName 78 | 79 | $groupMembers = Get-ADGroupMember -Identity $groupDN 80 | $memberCount = @($groupMembers).Count 81 | 82 | Write-Host "" 83 | Write-Host "Members of $($selectedGroup.Name):" -ForegroundColor Yellow 84 | Write-Host "" 85 | Write-Host "Name DistinguishedName" 86 | Write-Host "---- -----------------" 87 | 88 | if ($memberCount -eq 0) { 89 | Write-Host "Bu grubun üyesi yok." -ForegroundColor Yellow 90 | } else { 91 | foreach ($member in $groupMembers) { 92 | $adObject = Get-ADObject -Identity $member.DistinguishedName -Properties DistinguishedName 93 | $name = $adObject.Name 94 | $distinguishedName = $adObject.DistinguishedName 95 | Write-Host ("{0,-20} {1}" -f $name, $distinguishedName) 96 | } 97 | } 98 | 99 | Write-Host "" 100 | Write-Host ("Grup üyeleri listesi tamamlandı. Grup üye sayısı: {0}" -f $memberCount) -ForegroundColor Green 101 | 102 | $responseValid = $false 103 | while (-not $responseValid) { 104 | Write-Host -NoNewline "Başka bir grup için arama yapmak ister misiniz? (Evet/Hayır): " -ForegroundColor Cyan 105 | $response = Read-Host 106 | switch ($response.ToLower()) { 107 | "e" { 108 | $responseValid = $true 109 | break 110 | } 111 | "evet" { 112 | $responseValid = $true 113 | break 114 | } 115 | "h" { 116 | Write-Host "İşlem tamamlandı." -ForegroundColor Green 117 | return 118 | } 119 | "hayır" { 120 | Write-Host "İşlem tamamlandı." -ForegroundColor Green 121 | return 122 | } 123 | default { 124 | Write-Host "Geçersiz seçenek. Lütfen 'Evet' veya 'Hayır' girin." -ForegroundColor Red 125 | } 126 | } 127 | } 128 | } 129 | } 130 | 131 | SearchGroup 132 | -------------------------------------------------------------------------------- /Get-LoggedUser.ps1: -------------------------------------------------------------------------------- 1 | function Get-LoggedUser 2 | { 3 | [CmdletBinding()] 4 | param 5 | ( 6 | [string[]]$ComputerName 7 | ) 8 | foreach ($comp in $ComputerName) 9 | { 10 | if ((Test-NetConnection $comp -WarningAction SilentlyContinue).PingSucceeded -eq $true) 11 | { 12 | $output = @{'Computer' = $comp } 13 | $output.UserName = (Get-WmiObject -Class win32_computersystem -ComputerName $comp).UserName 14 | } 15 | else 16 | { 17 | $output = @{'Computer' = $comp } 18 | $output.UserName = "offline" 19 | } 20 | [PSCustomObject]$output 21 | } 22 | } 23 | $computers = (Get-AdComputer -Filter {enabled -eq "true"} -SearchBase 'OU=WKS Computers,OU=Computers,OU=IT,OU=Istanbul,OU=Turkey,OU=Europe,DC=firatboyan,DC=local').Name 24 | Get-LoggedUser $computers |ft -AutoSize -------------------------------------------------------------------------------- /Import-Bulk-Users.ps1: -------------------------------------------------------------------------------- 1 | # Import the Active Directory module for running AD cmdlets 2 | Import-Module ActiveDirectory 3 | 4 | # Store the data from ADUsers.csv in the $Users variable 5 | $Users = Import-Csv "C:\PS\BULK USERS\Import-Bulk-Users.csv" 6 | 7 | # Loop through each row containing user details in the CSV file 8 | foreach ($User in $Users) { 9 | # Read user data from each field in each row 10 | # The username is used more often, so to prevent typing, save that in a variable 11 | $Username = $User.SamAccountName 12 | 13 | # Check to see if the user already exists in AD 14 | if (Get-ADUser -Filter "SamAccountName -eq '$Username'") { 15 | # If user does exist, give a warning 16 | Write-Warning "A user account with username $Username already exists in Active Directory." 17 | } 18 | else { 19 | # User does not exist then proceed to create the new user account 20 | 21 | # Create a hashtable for splatting the parameters 22 | $userProps = @{ 23 | Name = $User.Name 24 | SamAccountName = $User.SamAccountName 25 | GivenName = $User.GivenName 26 | Surname = $User.Surname 27 | Initials = $User.Initials 28 | DisplayName = $User.DisplayName 29 | UserPrincipalName = $User.UserPrincipalName 30 | Department = $User.Department 31 | Description = $User.Description 32 | Office = $User.Office 33 | OfficePhone = $User.OfficePhone 34 | EmailAddress = $User.EmailAddress 35 | StreetAddress = $User.StreetAddress 36 | POBox = $User.POBox 37 | City = $User.City 38 | State = $User.State 39 | Country = $User.Country 40 | PostalCode = $User.PostalCode 41 | Title = $User.Title 42 | Company = $User.Company 43 | AccountPassword = (ConvertTo-SecureString $User.password -AsPlainText -Force) 44 | Path = $User.path 45 | Enabled = $true 46 | ChangePasswordAtLogon = $true 47 | } # end userProps 48 | 49 | New-ADUser @userProps 50 | Write-Host "The user account $Username is created." -ForegroundColor Cyan 51 | } # end else 52 | } # end foreach 53 | -------------------------------------------------------------------------------- /Set-TLS-1.2.ps1: -------------------------------------------------------------------------------- 1 | If (-Not (Test-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319')) { 2 | New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null 3 | } 4 | New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null 5 | New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null 6 | 7 | If (-Not (Test-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319')) { 8 | New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null 9 | } 10 | New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null 11 | New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null 12 | 13 | If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server')) { 14 | New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null 15 | } 16 | New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null 17 | New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null 18 | 19 | If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client')) { 20 | New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null 21 | } 22 | New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null 23 | New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null 24 | 25 | Write-Host 'TLS 1.2 has been enabled. You must restart the Windows Server for the changes to take effect.' -ForegroundColor Cyan 26 | -------------------------------------------------------------------------------- /Test-NetConnection-PortRange.ps1: -------------------------------------------------------------------------------- 1 | $DomainControllers = @( 2 | "SRVDC01.firatboyan.local", 3 | "SRVDC02.firatboyan.local" 4 | ) 5 | 6 | foreach ($DC in $DomainControllers) { 7 | foreach ($Port in 49152..65535) { 8 | $check = Test-NetConnection -ComputerName $DC -Port $Port -WarningAction SilentlyContinue 9 | if ($check.TcpTestSucceeded) { 10 | Write-Host ($DC + " on port " + $Port + ": Connection Successful") -ForegroundColor Green 11 | } else { 12 | Write-Host ($DC + " on port " + $Port + ": Connection Failed") -ForegroundColor Red 13 | } 14 | } 15 | } 16 | 17 | 18 | -------------------------------------------------------------------------------- /Test-NetConnection.ps1: -------------------------------------------------------------------------------- 1 | $DomainControllers = @{ 2 | "SRVDC01.firatboyan.local" = @(53,88,464,3268,3269,389,636,135,137,138,139,445,123,49443) 3 | "SRVDC02.firatboyan.local" = @(53,88,464,3268,3269,389,636,135,137,138,139,445,123,49443) 4 | } 5 | 6 | foreach ($DC in $DomainControllers.Keys) { 7 | 8 | foreach ($Port in $DomainControllers[$DC]) { 9 | $check = Test-NetConnection -ComputerName $DC -Port $Port -WarningAction SilentlyContinue 10 | if ($check.TcpTestSucceeded) { 11 | Write-Host ($DC + " on port " + $Port + ": Connection Successful") -ForegroundColor Green 12 | } else { 13 | Write-Host ($DC + " on port " + $Port + ": Connection Failed") -ForegroundColor Red 14 | } 15 | } 16 | } 17 | 18 | --------------------------------------------------------------------------------