Powershell Legacy Protocol Check

Powershell Legacy Protocol Check yazımda sizlere Microsoft Best Practices de yer alan kontrol edilmesi gereken tüm legacy protocollerin powershell ile csv dosyasına aktarımını sağlayacağız.

Ben örneğimde domain Controllerin hepsinin kontrolünü sağlamaktadır.

• SMBV1
• NTLMV1
• Digest
• TLS1.0 ,1.1 Client ve Server tarafı kontrolünü sağlamaktadır.

Script düzenleyerek istenilen tüm makineleri kontrol edebilirsiniz. $dclist yerine csv dosyası gösterebilirsiniz yada get-adcomputer kullanılarak tüm AD Computerları kontrol edebilirsiniz.

$reportpath="C:\legacyprotocol.csv"
Write-Host "Getting Domain Controller list" -ForegroundColor Green
$dclist=Get-ADDomainController -Filter * | select hostname
Write-Host "Legacy Protocol Check is starting" -ForegroundColor Green

$result=foreach($dchost in $dclist.hostname) {
Write-Host "SMBV1 checking is starting" -ForegroundColor Green

$smbv1check=Invoke-Command -ComputerName $dchost -ScriptBlock {Get-SmbServerConfiguration |select EnableSMB1Protocol}
if($smbv1check.EnableSMB1Protocol -eq $False){
$smbv1status= "Not Installed"
}
else{
$smbv1status= "Enabled"
}
Write-Host "NTLMV1 checking is starting" -ForegroundColor Green

$lmcheck=Invoke-command -ComputerName $dchost -ScriptBlock {Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\" |select lmcompatibilitylevel} 
if($lmcheck.lmcompatibilitylevel -eq 5){
$lmstatus= "NTLMV1 Disable"
}
else {
$lmstatus="NTLMV1 Enabled"
}
Write-Host "Digest checking is starting" -ForegroundColor Green

$digestcheck = Invoke-command -ComputerName $dchost -ScriptBlock {Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client" | select AllowDigest}
if($digestcheck.AllowDigest -eq 1) {
$digeststatus="Disabled"

}
else {
$digeststatus="Enabled"


}


Write-Host "TLS 1.0 and TLS 1.1 checking is starting" -ForegroundColor Green

$scripttlsclient={

$client1path="HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client"
$client11path="HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"



$tls1clientenabled=Get-ItemProperty -Path $client1path -Name Enabled -ErrorAction SilentlyContinue | Select-Object  Enabled 
$tls1clientdefaultdisabled=Get-ItemProperty -Path $client1path -Name DisabledByDefault -ErrorAction SilentlyContinue |Select-Object  DisabledByDefault 


$tls11clientenabled=Get-ItemProperty -Path $client11path -Name Enabled -ErrorAction SilentlyContinue | Select-Object  Enabled 
$tls11clientdefaultdisabled=Get-ItemProperty -Path $client11path -Name DisabledByDefault -ErrorAction SilentlyContinue |Select-Object  DisabledByDefault 


if($tls1clientenabled.Enabled -eq 0) {$tls1clientenablevalue="Disabled"}
elseif($tls1clientenabled.Enabled -eq 1) {$tls1clientenablevalue="Enable"}
else{$tls1clientenablevalue="Null"}

if($tls1clientdefaultdisabled.DisabledByDefault -eq 1) {$tls1clientDisabledByDefault="DefaultDisable"}
elseif($tls1clientdefaultdisabled.DisabledByDefault -eq 0) {$tls1clientDisabledByDefault="Enabled"}
else {$tls1clientDisabledByDefault="Null"}

if($tls11clientenabled.Enabled -eq 0) {$tls11clientenablevalue="Disabled"}
elseif($tls11clientenabled.Enabled -eq 1) {$tls11clientenablevalue="Enabled"}
else{$tls11clientenablevalue="Null"}

if($tls11clientdefaultdisabled.DisabledByDefault -eq 1) {$tlsclient11DisabledByDefault="DefaultDisable"}
elseif($tls11clientdefaultdisabled.DisabledByDefault -eq 1) {$tlsclient11DisabledByDefault="Enabled"}
else{$tlsclient11DisabledByDefault="Null"}



      [PSCustomObject]@{
            TLS1ClientEnabled = $tls1clientenablevalue
            TLS1ClientDefaultDisabled = $tls1clientDisabledByDefault
			TLS11ClientEnabled = $tls11clientenablevalue
            TLS11ClientDefaultDisabled = $tlsclient11DisabledByDefault
			
        }
        
        


}



$scripttlsserver={

$server1path="HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\server"
$server11path="HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\server"



$tls1serverenabled=Get-ItemProperty -Path $server1path -Name Enabled -ErrorAction SilentlyContinue | Select-Object  Enabled 
$tls1serverdefaultdisabled=Get-ItemProperty -Path $server1path -Name DisabledByDefault -ErrorAction SilentlyContinue |Select-Object  DisabledByDefault 


$tls11serverenabled=Get-ItemProperty -Path $server11path -Name Enabled -ErrorAction SilentlyContinue | Select-Object  Enabled 
$tls11serverdefaultdisabled=Get-ItemProperty -Path $server11path -Name DisabledByDefault -ErrorAction SilentlyContinue |Select-Object  DisabledByDefault 


if($tls1serverenabled.Enabled -eq 0) {$tls1serverenablevalue="Disabled"}
elseif($tls1serverenabled.Enabled -eq 1) {$tls1serverenablevalue="Enable"}
else{$tls1serverenablevalue="Null"}

if($tls1serverdefaultdisabled.DisabledByDefault -eq 1) {$tls1serverDisabledByDefault="DefaultDisable"}
elseif($tls1serverdefaultdisabled.DisabledByDefault -eq 0) {$tls1serverDisabledByDefault="Enabled"}
else {$tls1serverDisabledByDefault="Null"}

if($tls11serverenabled.Enabled -eq 0) {$tls11serverenablevalue="Disabled"}
elseif($tls11serverenabled.Enabled -eq 1) {$tls11serverenablevalue="Enabled"}
else{$tls11serverenablevalue="Null"}

if($tls11serverdefaultdisabled.DisabledByDefault -eq 1) {$tlsserver11DisabledByDefault="DefaultDisable"}
elseif($tls11serverdefaultdisabled.DisabledByDefault -eq 1) {$tlsserver11DisabledByDefault="Enabled"}
else{$tlsserver11DisabledByDefault="Null"}



      [PSCustomObject]@{
            TLS1serverEnabled = $tls1serverenablevalue
            TLS1serverDefaultDisabled = $tls1serverDisabledByDefault
			TLS11serverEnabled = $tls11serverenablevalue
            TLS11serverDefaultDisabled = $tlsserver11DisabledByDefault
			
        }
        
        


}



 $tlsservercheck=Invoke-command -ComputerName $dchost -ScriptBlock $scripttlsserver | select TLS1serverEnabled,TLS1serverDefaultDisabled,TLS11serverEnabled,TLS11serverDefaultDisabled
 $tlsclientcheck=Invoke-command -ComputerName $dchost -ScriptBlock $scripttlsclient | select TLS1clientEnabled,TLS1clientDefaultDisabled,TLS11clientEnabled,TLS11clientDefaultDisabled



[PsCustomObject]@{
        Hostname=$dchost
        Smbv1=$smbv1status
        NTLMV1=$lmstatus
        Digest=$digeststatus
        TLS1clientEnabled=$tlsclientcheck.TLS1clientEnabled
        TLS1clientDefaultDisabled=$tlsclientcheck.TLS1clientDefaultDisabled
        TLS11clientEnabled=$tlsclientcheck.TLS11clientEnabled
        TLS11clientDefaultDisabled=$tlsclientcheck.TLS11clientDefaultDisabled
        TLS1serverEnabled=$tlsservercheck.TLS1serverEnabled
        TLS1serverDefaultDisabled=$tlsservercheck.TLS1serverDefaultDisabled
        TLS11serverEnabled=$tlsservercheck.TLS11serverEnabled
        TLS11serverDefaultDisabled=$tlsservercheck.TLS11serverDefaultDisabled
        

}
}


Write-Host "Legacy Protocol Check completed" -ForegroundColor Green
Write-Host "Legacy Protocol Check exporting to $reportpath" -ForegroundColor Green
$result | Export-Csv -Path $reportpath -NoTypeInformation
Write-Host "Legacy Protocol exported" -ForegroundColor Green

Write-Host ' ------------------------------------------------------------' -ForegroundColor red -BackgroundColor white
Write-Host ' ------------------------------------------------------------' -ForegroundColor red -BackgroundColor white
Write-Host ' ---Created By Koray Can Karaduman--- ' -ForegroundColor red -BackgroundColor white
Write-Host ' ------------------------------------------------------------' -ForegroundColor red -BackgroundColor white
Write-Host ' ------------------------------------------------------------' -ForegroundColor red -BackgroundColor white

Powershell Legacy Protocol Check nasıl kontrol edilir sizlere paylaşmış oldum. Diğer yazılarımı kategorilerden kontrol edebilirsiniz.

• Active Directory
• ADFS
• AZURE
• Cyber Security
• Exchange
• Group Policy
• MIM/FIM
• Orchestrator
• Power BI
• Powershell
• SCCM
• SCOM
• SQL
• Uncategorized
• Windows