Skip to content

Commit

Permalink
Adjust Name to SID, to newest version of PSSharedGoods fixing #190
Browse files Browse the repository at this point in the history
  • Loading branch information
@PrzemyslawKlys
PrzemyslawKlys committed Sep 28, 2024
1 parent a358a77 commit 997e4c0
Showing 1 changed file with 23 additions and 22 deletions.
45 changes: 23 additions & 22 deletions Private/SourcesDomainControllers/SMBSharesPermissions.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
Get-ComputerSMBSharePermissions -ComputerName $DomainController -ShareName 'Netlogon', 'Sysvol' -Translated
}
Details = [ordered] @{
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for Sysvol and Netlogon should be at their defaults. That means 2 permissions for Netlogon and 3 for SysVol."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 3
Expand All @@ -29,7 +29,7 @@
ExpectedCount = 5
}
Details = [ordered] @{
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for Sysvol and Netlogon should be at their defaults. That means 2 permissions for Netlogon and 3 for SysVol."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -42,10 +42,11 @@
Enable = $true
Name = 'Netlogon Share Permissions - Everyone'
Parameters = @{
WhereObject = { $_.Name -eq 'NETLOGON' -and $_.AccountName -eq 'Everyone' }
# NETLOGON share should have Everyone with Read access rights
WhereObject = { $_.Name -eq 'NETLOGON' -and $_.AccountSID -eq 'S-1-1-0' }
ExpectedCount = 1
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for NETLOGON should contain Everyone with Read access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -57,10 +58,10 @@
Enable = $true
Name = 'Netlogon Share Permissions - BUILTIN\Administrators'
Parameters = @{
WhereObject = { $_.Name -eq 'NETLOGON' -and $_.AccountName -eq 'BUILTIN\Administrators' }
WhereObject = { $_.Name -eq 'NETLOGON' -and $_.AccountSID -eq 'S-1-5-32-544' }
ExpectedCount = 1
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for NETLOGON should contain BUILTIN\Administrators with Full access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -72,10 +73,10 @@
Enable = $true
Name = 'SysVol Share Permissions - Everyone'
Parameters = @{
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountName -eq 'Everyone' }
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountSID -eq 'S-1-1-0' }
ExpectedCount = 1
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for SYSVOL should contain Everyone with Read access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -87,10 +88,10 @@
Enable = $true
Name = 'SysVol Share Permissions - BUILTIN\Administrators'
Parameters = @{
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountName -eq 'BUILTIN\Administrators' }
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountSID -eq 'S-1-5-32-544' }
ExpectedCount = 1
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for SYSVOL should contain BUILTIN\Administrators with Full access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -102,10 +103,10 @@
Enable = $true
Name = 'SysVol Share Permissions - NT AUTHORITY\Authenticated Users'
Parameters = @{
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountName -eq 'NT AUTHORITY\Authenticated Users' }
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountSID -eq 'S-1-5-11' }
ExpectedCount = 1
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for SYSVOL should contain NT AUTHORITY\Authenticated Users with Full access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -118,12 +119,12 @@
Enable = $true
Name = 'Netlogon Share Permissions Value - Everyone'
Parameters = @{
WhereObject = { $_.Name -eq 'NETLOGON' -and $_.AccountName -eq 'Everyone' }
WhereObject = { $_.Name -eq 'NETLOGON' -and $_.AccountSID -eq 'S-1-1-0' }
Property = 'AccessRight'
ExpectedValue = 'Read'
OperationType = 'eq'
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for NETLOGON should contain Everyone with Read access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -135,12 +136,12 @@
Enable = $true
Name = 'Netlogon Share Permissions Value - BUILTIN\Administrators'
Parameters = @{
WhereObject = { $_.Name -eq 'NETLOGON' -and $_.AccountName -eq 'BUILTIN\Administrators' }
WhereObject = { $_.Name -eq 'NETLOGON' -and $_.AccountSID -eq 'S-1-5-32-544' }
Property = 'AccessRight'
ExpectedValue = 'Full'
OperationType = 'eq'
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for NETLOGON should contain BUILTIN\Administrators with Full access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -152,12 +153,12 @@
Enable = $true
Name = 'SysVol Share Permissions Value - Everyone'
Parameters = @{
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountName -eq 'Everyone' }
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountSID -eq 'S-1-1-0' }
Property = 'AccessRight'
ExpectedValue = 'Read'
OperationType = 'eq'
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for SYSVOL should contain Everyone with Read access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -169,12 +170,12 @@
Enable = $true
Name = 'SysVol Share Permissions Value - BUILTIN\Administrators'
Parameters = @{
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountName -eq 'BUILTIN\Administrators' }
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountSID -eq 'S-1-5-32-544' }
Property = 'AccessRight'
ExpectedValue = 'Full'
OperationType = 'eq'
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for SYSVOL should contain BUILTIN\Administrators with Full access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand All @@ -186,12 +187,12 @@
Enable = $true
Name = 'SysVol Share Permissions Value - NT AUTHORITY\Authenticated Users'
Parameters = @{
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountName -eq 'NT AUTHORITY\Authenticated Users' }
WhereObject = { $_.Name -eq 'SYSVOL' -and $_.AccountSID -eq 'S-1-5-11' }
Property = 'AccessRight'
ExpectedValue = 'Full'
OperationType = 'eq'
}
Category = 'Security'
Category = 'Security'
Description = "SMB Shares for SYSVOL should contain NT AUTHORITY\Authenticated Users with Full access rights."
Resolution = 'Add/Remove unnecessary permissions.'
Importance = 5
Expand Down

0 comments on commit 997e4c0

Please sign in to comment.