Skip to content

Commit

Permalink
Add SuppressExtendedProtection Key
Browse files Browse the repository at this point in the history
  • Loading branch information
dpaulson45 committed Apr 19, 2024
1 parent 42e2455 commit 7af122a
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,15 @@ function Invoke-AnalyzerFrequentConfigurationIssues {
}
Add-AnalyzedResultInformation @params

if ($osInformation.RegistryValues.SuppressExtendedProtection -ne 0) {
$params = $baseParams + @{
Name = "SuppressExtendedProtection"
Details = "Value set to $($osInformation.RegistryValues.SuppressExtendedProtection), which disables EP resulting it to not work correctly and causes problems. --- ERROR"
DisplayWriteType = "Red"
}
Add-AnalyzedResultInformation @params
}

# Detect Send Connector sending to EXO
$exoConnector = New-Object System.Collections.Generic.List[object]
$sendConnectors = $exchangeInformation.ExchangeConnectors | Where-Object { $_.ConnectorType -eq "Send" }
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,17 @@ function Invoke-AnalyzerSecurityExtendedProtectionConfigState {
Details = "For more information about Extended Protection and how to configure, please read this article:`n`thttps://aka.ms/HC-ExchangeEPDoc"
}
Add-AnalyzedResultInformation @moreInformationParams
} elseif ($SecurityObject.OsInformation.RegistryValues.SuppressExtendedProtection -ne 0) {
# If this key is set, we need to flag it as the server being vulnerable.
$params = $baseParams + @{
Name = "Security Vulnerability"
Details = $cveList
DisplayWriteType = "Red"
TestingName = "Extended Protection Vulnerable"
CustomName = $cveList
DisplayTestingValue = $true
}
Add-AnalyzedResultInformation @params
} else {
Write-Verbose "System NOT vulnerable to $cveList"
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,11 @@ function Get-OperatingSystemRegistryValues {
GetValue = "LsaCfgFlags"
}

$suppressEpParams = $baseParams + @{
SubKey = "SYSTEM\CurrentControlSet\Control\LSA"
GetValue = "SuppressExtendedProtection"
}

$lmCompParams = $baseParams + @{
SubKey = "SYSTEM\CurrentControlSet\Control\Lsa"
GetValue = "LmCompatibilityLevel"
Expand All @@ -74,6 +79,7 @@ function Get-OperatingSystemRegistryValues {
if ($null -eq $lmValue) { $lmValue = 3 }

return [PSCustomObject]@{
SuppressExtendedProtection = [int](Get-RemoteRegistryValue @suppressEpParams)
LmCompatibilityLevel = $lmValue
CurrentVersionUbr = [int](Get-RemoteRegistryValue @ubrParams)
LanManServerDisabledCompression = [int](Get-RemoteRegistryValue @lanManParams)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ Describe "Testing Health Checker by Mock Data Imports" {

Assert-MockCalled Get-WmiObjectHandler -Exactly 6
Assert-MockCalled Invoke-ScriptBlockHandler -Exactly 5
Assert-MockCalled Get-RemoteRegistryValue -Exactly 24
Assert-MockCalled Get-RemoteRegistryValue -Exactly 25
Assert-MockCalled Get-NETFrameworkVersion -Exactly 1
Assert-MockCalled Get-DotNetDllFileVersions -Exactly 1
Assert-MockCalled Get-NicPnpCapabilitiesSetting -Exactly 1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ Mock Get-RemoteRegistryValue {
"DisableBaseTypeCheckForDeserialization" { return $null }
"DisablePreservation" { return 0 }
"DatabasePath" { return "$Script:MockDataCollectionRoot\Exchange" }
"SuppressExtendedProtection" { return 0 }
default { throw "Failed to find GetValue: $GetValue" }
}
}
Expand Down

0 comments on commit 7af122a

Please sign in to comment.