Locksmith
Locksmith copied to clipboard
TrimarcJake
A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
The flowchart for ESC3 (https://github.com/TrimarcJake/Locksmith/blob/main/Docs/Flowcharts/ESC3.md) categorizes a group with a large "group size" as Medium but a lists a User as High. This is the only flowchart that does this....
Exchange-related and Entra Connect permissions are inherited by CA Hosts. These are expected and should not display.
Running Locksmith against a PKI, that is vulnerable to ESC8 (Web Enrollment installed, Extended Protection not enabled, NTLM enabled), does not raise an ESC8 issue. Running PSPKIAudit against the same...
Get-PublishedTemplates pulls a list of published templates with their name, OID, flags, enrollment flag, whenModified, revision, and minor revision. This should help us check if vulnerable templates are published and...
The current remediation code for ESC1-3 is pretty heavy-handed and could result in a serious impact on operations. Locksmith should ask the user questions to generate the best remediation code....
Locksmith will never auto-remediate an issue without giving the user a way to back out of it. This will likely require some sort of data storage to accompany the revert...
Environment: Windows 10 22H2 PowerShell 7.4.4 and PowerShell 5.1 Issue: Display of the ending thank you message needs an additional space to format in the way intended.  Fix: Add...
Environment: Windows 10 22H2, July security updates, No RSAT PowerShell 5.1 and PowerShell 7.4.4 Locksmith installed from PS Gallery Invoke-Locksmith script downloaded Issue: The prompt to install Active Directory PowerShell...
I have the following Ca servers in my environment:  When i try to scan the forest "pharmax.local" the script can't find the "acade-dc-01v.acad.pharmax.local" server ### Displayed error ```powershell PS...
**Describe the Bug** If Locksmith cannot get data from `certutil.exe` (either from network issues or limited privileges), Locksmith reports Auditing/ESC6/ESC11 Issue as "CA Unavailable" and Fix as "N/A". This is...
Metadata
Owner
Metadata
A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.