Source: GitHub Author: unknown URL: https://github.com/jakehildreth/Locksmith
-
ONE SENTENCE SUMMARY: Locksmith is a PowerShell tool designed to detect and fix common Active Directory Certificate Services (AD CS) misconfigurations.
-
MAIN POINTS:
-
Locksmith must be run on a domain-joined system with ActiveDirectory and ServerManager PowerShell modules installed.
-
Administrative rights may be required for some checks and remediation tasks.
-
Locksmith can be installed via PowerShell Gallery or used as a standalone script.
-
Mode 0 identifies and outputs AD CS issues in a console table format.
-
Mode 1 identifies issues and fixes, outputting them in a console list format.
-
Mode 2 outputs identified issues to a CSV file named ADCSIssues.CSV.
-
Mode 3 outputs issues and example fixes to a CSV file named ADCSRemediation.CSV.
-
Mode 4 identifies and offers to fix all misconfigurations, warning of potential operational impacts.
-
The -Scans parameter allows targeted scans for specific vulnerabilities or interactive selection of scans.
-
Example outputs for all modes and instructions are available on Locksmith’s GitHub repository.
-
TAKEAWAYS:
-
Locksmith simplifies AD CS misconfiguration detection and remediation for administrators.
-
Multiple modes allow tailored outputs, from console summaries to detailed CSV reports.
-
Mode 4 is an all-in-one solution for automatic issue identification and remediation.
-
The -Scans parameter enhances flexibility by allowing specific or interactive vulnerability scans.
-
Comprehensive installation and usage instructions ensure accessibility for various user preferences.