-
Notifications
You must be signed in to change notification settings - Fork 0
/
Get-EncrpytionSettings.ps1
71 lines (68 loc) · 2.98 KB
/
Get-EncrpytionSettings.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<#
.Synopsis
Checks what Kerberos Encryption ciphers are enabled on the server (Server 2016)
#>
param(
[Array]$Servers
)
If ($Servers) {
$Servers
Invoke-Command -ComputerName $Servers -ScriptBlock {
$Folders = Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\
$Data = @()
foreach ($Folder in $Folders) {
$Path = ($Folder.Name).Replace("HKEY_LOCAL_MACHINE", "HKLM:")
$Values = Get-ItemProperty -Path $Path -Name Enabled | Select-Object PSChildName, Enabled | Where-Object PSChildName -Like "*RC4*"
$Name = $Values.PSChildName
$Setting = $Values.Enabled
if ($Name) {
$ArrayAdd = New-Object PSObject
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Encryption" -Value $Name
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Setting" -Value $Setting
$Data += $ArrayAdd
}
}
$Value = Get-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ -Name SupportedEncryptionTypes
$Setting = $Value.SupportedEncryptionTypes
Clear-Variable -Name ArrayAdd
$ArrayAdd = New-Object PSObject
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Encryption" -Value "RC4/AES GPO"
If ($Setting -eq "2147483644") {
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Setting" -Value "1"
}
else {
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Setting" -Value "Unknown"
}
$Data += $ArrayAdd
$Data
}
}
else {
$Folders = Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\
$Data = @()
foreach ($Folder in $Folders) {
$Path = ($Folder.Name).Replace("HKEY_LOCAL_MACHINE", "HKLM:")
$Values = Get-ItemProperty -Path $Path -Name Enabled | Select-Object PSChildName, Enabled | Where-Object PSChildName -Like "*RC4*"
$Name = $Values.PSChildName
$Setting = $Values.Enabled
if ($Name) {
$ArrayAdd = New-Object PSObject
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Encryption" -Value $Name
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Setting" -Value $Setting
$Data += $ArrayAdd
}
}
$Value = Get-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\ -Name SupportedEncryptionTypes
$Setting = $Value.SupportedEncryptionTypes
Clear-Variable -Name ArrayAdd
$ArrayAdd = New-Object PSObject
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Encryption" -Value "RC4/AES GPO"
If ($Setting -eq "2147483644") {
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Setting" -Value "1"
}
else {
$ArrayAdd | Add-Member -MemberType NoteProperty -Name "Setting" -Value "Unknown"
}
$Data += $ArrayAdd
$Data
}