From 2d9ab43ba1f4343f5daa983a840a7de08bf28378 Mon Sep 17 00:00:00 2001 From: vletoux Date: Wed, 25 Sep 2024 21:14:17 +0200 Subject: [PATCH] PingCastle 3.3.0.1 (#262) --- Healthcheck/HealthcheckAnalyzer.cs | 3 +++ Healthcheck/Rules/HeatlcheckRuleAnomalyAdminSDHolder.cs | 2 +- Healthcheck/Rules/HeatlcheckRuleStaledDesEnabled.cs | 4 +++- Healthcheck/Rules/HeatlcheckRuleStaledPrimaryGroup.cs | 2 +- Healthcheck/Rules/HeatlcheckRuleStaledPwdNeverExpires.cs | 2 +- Healthcheck/Rules/HeatlcheckRuleStaledPwdNotRequired.cs | 2 +- Healthcheck/Rules/RuleDescription.resx | 2 +- Program.cs | 2 +- Properties/AssemblyInfo.cs | 4 ++-- changelog.txt | 3 +++ 10 files changed, 17 insertions(+), 9 deletions(-) diff --git a/Healthcheck/HealthcheckAnalyzer.cs b/Healthcheck/HealthcheckAnalyzer.cs index 4ef455e..aa86e2c 100644 --- a/Healthcheck/HealthcheckAnalyzer.cs +++ b/Healthcheck/HealthcheckAnalyzer.cs @@ -900,6 +900,9 @@ private void GenerateComputerData(ADDomainInfo domainInfo, ADWebService adws) if (!string.IsNullOrEmpty(x.OperatingSystemVersion) && x.OperatingSystem != null && x.OperatingSystem.Contains("Windows")) { string key = (x.OperatingSystem.Contains("Server") ? "s" : "w") + "|" + x.OperatingSystemVersion; + var isLTSC = x.OperatingSystem.Contains("LTSC") || x.OperatingSystem.Contains("LTSB"); + if (isLTSC) + key += "|LTSC"; if (!operatingSystemVersion.ContainsKey(key)) { operatingSystemVersion[key] = new HealthcheckOSVersionData(x); diff --git a/Healthcheck/Rules/HeatlcheckRuleAnomalyAdminSDHolder.cs b/Healthcheck/Rules/HeatlcheckRuleAnomalyAdminSDHolder.cs index 405becd..77c9b6d 100644 --- a/Healthcheck/Rules/HeatlcheckRuleAnomalyAdminSDHolder.cs +++ b/Healthcheck/Rules/HeatlcheckRuleAnomalyAdminSDHolder.cs @@ -32,8 +32,8 @@ public class HeatlcheckRuleAnomalyAdminSDHolder : RuleBase { AddRawDetail(healthcheckData.AdminSDHolderNotOK[i].DistinguishedName); } + return null; } - return null; } return healthcheckData.AdminSDHolderNotOKCount; } diff --git a/Healthcheck/Rules/HeatlcheckRuleStaledDesEnabled.cs b/Healthcheck/Rules/HeatlcheckRuleStaledDesEnabled.cs index 2043473..9fd38c5 100644 --- a/Healthcheck/Rules/HeatlcheckRuleStaledDesEnabled.cs +++ b/Healthcheck/Rules/HeatlcheckRuleStaledDesEnabled.cs @@ -38,8 +38,10 @@ public class HeatlcheckRuleStaledDesEnabled : RuleBase } } } - return null; } + + if (healthcheckData.UserAccountData.NumberDesEnabled + healthcheckData.ComputerAccountData.NumberDesEnabled < maxNumDisplayAccount) + return null; return healthcheckData.UserAccountData.NumberDesEnabled + healthcheckData.ComputerAccountData.NumberDesEnabled; } } diff --git a/Healthcheck/Rules/HeatlcheckRuleStaledPrimaryGroup.cs b/Healthcheck/Rules/HeatlcheckRuleStaledPrimaryGroup.cs index 03fa04d..965eb22 100644 --- a/Healthcheck/Rules/HeatlcheckRuleStaledPrimaryGroup.cs +++ b/Healthcheck/Rules/HeatlcheckRuleStaledPrimaryGroup.cs @@ -24,8 +24,8 @@ public class HeatlcheckRuleStaledPrimaryGroup : RuleBase { AddRawDetail(healthcheckData.UserAccountData.ListBadPrimaryGroup[i].DistinguishedName); } + return null; } - return null; } return healthcheckData.UserAccountData.NumberBadPrimaryGroup; } diff --git a/Healthcheck/Rules/HeatlcheckRuleStaledPwdNeverExpires.cs b/Healthcheck/Rules/HeatlcheckRuleStaledPwdNeverExpires.cs index 315a051..2b1c06e 100644 --- a/Healthcheck/Rules/HeatlcheckRuleStaledPwdNeverExpires.cs +++ b/Healthcheck/Rules/HeatlcheckRuleStaledPwdNeverExpires.cs @@ -25,8 +25,8 @@ public class HeatlcheckRuleStaledPwdNeverExpires : RuleBase { AddRawDetail(healthcheckData.UserAccountData.ListPwdNeverExpires[i].DistinguishedName); } + return null; } - return null; } return healthcheckData.UserAccountData.NumberPwdNeverExpires; } diff --git a/Healthcheck/Rules/HeatlcheckRuleStaledPwdNotRequired.cs b/Healthcheck/Rules/HeatlcheckRuleStaledPwdNotRequired.cs index 98b2ea7..88e8347 100644 --- a/Healthcheck/Rules/HeatlcheckRuleStaledPwdNotRequired.cs +++ b/Healthcheck/Rules/HeatlcheckRuleStaledPwdNotRequired.cs @@ -25,8 +25,8 @@ public class HeatlcheckRuleStaledPwdNotRequired : RuleBase { AddRawDetail(healthcheckData.UserAccountData.ListPwdNotRequired[i].DistinguishedName); } + return null; } - return null; } return healthcheckData.UserAccountData.NumberPwdNotRequired; } diff --git a/Healthcheck/Rules/RuleDescription.resx b/Healthcheck/Rules/RuleDescription.resx index 7627fec..8ddca7a 100644 --- a/Healthcheck/Rules/RuleDescription.resx +++ b/Healthcheck/Rules/RuleDescription.resx @@ -176,7 +176,7 @@ The purpose is to make sure that there is a proper password policy in place for the native local administrator account. - If you don't have any provisioning process or password solution to manage local administrators, you should install the LAPS solution. If you mitigate the risk differently, you should add this rule as an exception, as the risk is covered. + If you don't have any provisioning process or password solution to manage local administrators, you should install the LAPS solution. If you address the risk through alternative measures, you can disregard this finding. Customers using Netwrix PingCastle Pro or Enterprise versions can add this item as an exception. LAPS doesn't seem to be installed diff --git a/Program.cs b/Program.cs index 1ee5c27..0ad972d 100644 --- a/Program.cs +++ b/Program.cs @@ -219,7 +219,7 @@ private void Run(string[] args) ConsoleMenu.Header = @" \==--O___ PingCastle (Version " + version.ToString(4) + @" " + ConsoleMenu.GetBuildDateTime(Assembly.GetExecutingAssembly()) + @") \ / \ ¨¨> Get Active Directory Security at 80% in 20% of the time \/ \ ,’ " + (license.EndTime < DateTime.MaxValue ? "End of support: " + license.EndTime.ToString("yyyy-MM-dd") : "") + @" - O¨---O To find out more about PingCastle, visit https://www.pingcastle.com + O¨---O To find out more about PingCastle, visit https://www.pingcastle.com \ ,' For online documentation, visit https://helpcenter.netwrix.com/category/pingcastle v For support and questions: - Open-source community, visit https://github.com/netwrix/pingcastle/issues diff --git a/Properties/AssemblyInfo.cs b/Properties/AssemblyInfo.cs index ea0eb5a..dfb9a89 100644 --- a/Properties/AssemblyInfo.cs +++ b/Properties/AssemblyInfo.cs @@ -28,5 +28,5 @@ // Numéro de build // Révision // -[assembly: AssemblyVersion("3.3.0.0")] -[assembly: AssemblyFileVersion("3.3.0.0")] +[assembly: AssemblyVersion("3.3.0.1")] +[assembly: AssemblyFileVersion("3.3.0.1")] diff --git a/changelog.txt b/changelog.txt index e388067..2272ad9 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,6 @@ +3.3.0.1 +* fix an issue where rule is not displayed when impacted users/computers count is less than 100. + 3.3.0.0 * adjusted the rules S-DesEnabled, S-PwdNotRequired, S-PwdNeverExpires, P-Delegated, A-PreWin2000Other, S-PrimaryGroup, P-ServiceDomainAdmin, A-AdminSDHolder to display directly the list of impacted users in the rule if the number is limited (hardcoded to 100) so Pro / Enterprise users can set accounts in exceptions