Skip to content

History

Jump to bottom
Robin Granberg edited this page Sep 12, 2023 · 19 revisions

Version: 7.9

12 September, 2023

SHA256: 66394A80A432C978A64D6A490D5C155AECDAAC53BAE5024B00BC5517F445B537

New Features

  • Show security descriptor in SDDL format

Version: 7.8

13 August, 2023

SHA256: 2A00013ABEBF1800E49E085877B29AD26E015CDD1A03206B5B397853E1F87562

Fixed issues

  • Display script information when running from CLI

Fixed issues

  • DeleteChild was reported as "Delete"
  • Updated RiskyTemplate search to include certificate tempaltes with all type of EKUs that permit authentication to AD.
  • Updated assessment

Version: 7.7

12 January, 2023

SHA256: F8E0A09D99FF46019C0C3F2B725E9887D9AE53CB7FAD0BB233BC8612C2CA51F2

New Features

  • Progress bar is disabled by default in CLI and is optional turned on by using "-ShowProgressBar"

Fixed issues

  • Misspelling of the word "Inherited" in CLI output

Version: 7.1

28 August, 2022

SHA256: 6BF82CF9845C649557FC02D1E3D0B6A9FB4F827CC7815BF477DD0CB51246DA45

New Features

  • Connect using credentials from CLI

Fixed issues

  • Get-Perm function, argument's name "Access" is not correct.

Version: 6.8

17 August, 2021

SHA256: BD95616546745446E4CE14EAFB635D7A53BB88F8CA9DD46EED6A01FEE8EE2D1C

Fixed issues

  • Missing icons in the browsing view from release 6.8

Version: 6.7

08 August, 2021

SHA256: 555662D4CCBB940D87869E6295EC7CC74BB85D8C8FC5916EC34D1226704578C5

Fixed issues

  • Updated the download function for templates

Version: 6.6

08 August, 2021

SHA256: C957D0BAF9072864F8E62924F975CE635B1A6620EBEBBA3BCFBBD3A2B962556E

Fixed issues

  • Issues with empty rows in HTML report

Version: 6.5

07 August, 2021 SHA256: 497D6E35D5BE916D1401B405266B2D931F3E1F364E9136D82F19DB516B74F183

Updates

  • Add option for showing color coded criticality from command line

Fixed issues

  • Issues with Referenced Assemblies System.Drawing
  • Issues with PowerShell version checking
  • Issues with searching for foreign security principals

Version: 5.6.3 16 May, 2019

SHA256: 7DA94C5C41771938FC30D86C1DF2DB5EFCF465B3BD75BE22BADA4949F32108A4

Fixed issues ** Effective rights report did not work. User group membership failed to comapair identity reference.

Version: 5.6.2 27 Mars, 2019

SHA256: 55CB7745DB9B5B5CC0E74E7294A5847A49180D96B0A235EED0B7C6D323800905

Fixed issues ** Wrong state of ACE in CSV when running a compare, "New" was shown as "Match"

New Features ** IF MSHTA.EXE is blocked or missing a browser will show the result in a HTML file.

Version: 5.6.1 9 July, 2018

SHA256: B51FB4F0F794934C98CEBE9E850957D508BCF2AF1FDCC4F06C12929DBC8D8F85

Fixed issues ** Changed CSV file encoding from Unicode to UTF8.

Version: 5.6 8 January, 2018

SHA256: 908819F1E2BAAC1B8BDBDB58C4DA7325606173555E1188CBEE22D54E2A3D612A

New Features ** Run effective rights report from the command line. ** New parameter from command line to get modified date of security descriptor in report.

Version: 5.5.1 8 January, 2018

SHA256: 2206815374C5CDCF4091F177B60CFDADC2B9BFBDBBCE4B208A061AC3B403F115

Fixed issues ** Failed to run compare where objects are missing.

Version: 5.5 22 October, 2017

SHA256: 7BADE8A248F461325535C1240741AC57133D41EBA1557681A16B9EFE60158F11

New Features ** Supported output format for comparison report now includes CSV and EXCEL.

Fixed issues ** Translation of security principals failed when running compare mode.

Version: 5.4.4 18 September, 2017

SHA256: 89E4BC55774CA11A432FD731A0CA163CB4E7FF8383DF7E80EA44E6A28DB03227

Fixed issues ** Unresolved schemaGUID string will be written in report instead of nothing. ** Typo corrected

Version: 5.4.3 20 August, 2017

SHA256: 534D84F4B46F63DAE278938873787BCA63CF8A2E1C9BFE3168C8DD06C6572D76

Fixed issues ** Convert CSV to HTML report was broken, missing parameter added.

Version: 5.4.2 29 August, 2017

SHA256: CC03A16FCDFA94B03DD61B0772B481100098D638A85D92B9023F3A143D61FC0E

Fixed issues ** Effective rights report broken, now comparing using SIDs instead of names.

Version: 5.4.1 26 August, 2017

SHA256: 8CB8785927EE353DEA60C1A0F331795D3AAC08EBF0D8D6D8311CB5A809A7E73D

Fixed issues ** Compare function got broken report.

Version: 5.4 25 August, 2017

SHA256: D6BAC8FD6E4BDA7931329E41F0BAEC4CA4A45232D046C777CC13A74138441C3E

New Features ** New output format. Save to excel file without excel installed. Both from UI and command line. Requires ImportExcel PowerShell Module.

Version: 5.3 25 August, 2017

SHA256: 39193B85E9B9977CF1231D14986D1799216D9AC132461806DC0C0F4F2710B54C

Minor Fixed issues ** Removed Splash Window ** Makes modal pop-up windows visible in the taskbar - exchange12rocks (Kirill Nikolaev) ** Replaced UNIX endings with Windows endings - exchange12rocks (Kirill Nikolaev)

Version: 5.2.1 30 June, 2017

SHA256: 5E80AC4E22EDC19878F1B9504F16EA0CFBA8E0D8DF18972157B0EC86AD6ED0B7

Minor Fixed issues ** New-GUID not recongnized in Windows PowerShell versions lower than 5.0

Version: 5.2 29 June, 2017

SHA256: B378746599D75747F38CD7E8BEEE67F04A62AC0F525E590CB3918C6015E23EC3

Fixed issues ** Unused variable name ** Simultaneously running instances mess up with each other`s data ** Console errors are registered when a machine cannot connect to LDAP

Version: 5.1 26 April, 2017

SHA256: 2EB425DC449B70F2741AEA8E982FADA5D5733D75E259D0B8F86EDD72BB6F10D9

Fixed issues ** Domain node was not included in the results, unless you used a custom filter.

Version: 5.0 9 April, 2017

SHA256: 4DA5B52BECED5829AAE53916CFF1FBF9222D0954F76F683DE90C21CC994C9C5C

New Features ** Command line support. ** Custom search filter for scanning objects. ** Support input form pipeline. You can call ADACLScn.ps1 by sending a distinguishedName via pipeline. ** Added formated synopsis to the script.

Fixed issues ** Effective rights did not consider membership in Pre-Windows 2000 Compatible Access. ** Failed to scan objects with "/" in the name.Removed all instances of replacing distinguishedNames containing "/" with "/". It's a legacy from when AD ACL Scanner was using SDS (System.DirectoryServices) namespace. S.DS.P (System.DirectoryServices.Protocols) take care of special characters.

Version: 4.8 7 February, 2017

SHA256: 8FCC040FA75E0593372C3F4397F26F0A1B7418A8B69491C08F565F5C566BA6E1

New Features ** Templates for Windows Server 2016 ** Removed requirement on localization of names on well-known groups and built-in groups. ** Comparing using SIDs of security principals gives us the true state instead of names that could be modified. ** Better download windows.

Fixed issues ** Users could not view permissions due to the collection of attributes that user possibly didn't have access to. (Credit to Kirill Nikolaev, Kaspersky Lab) ** Removed unnecessary retrieval of ldap attributes. (Credit to Kirill Nikolaev, Kaspersky Lab) ** Removed unused functions (Credit to Kirill Nikolaev, Kaspersky Lab) ** Removed duplicated function name (Credit to Kirill Nikolaev, Kaspersky Lab) ** LoadWithPartialName is deprecated (Credit to Kirill Nikolaev, Kaspersky Lab) ** A mandatory parameter has a default value (Credit to Kirill Nikolaev, Kaspersky Lab) ** Fixed unreachable code (Credit to Kirill Nikolaev, Kaspersky Lab) ** Removed unused variables (Credit to Kirill Nikolaev, Kaspersky Lab) ** Fixed typo (Credit to Kirill Nikolaev, Kaspersky Lab)

Version: 4.7.2 12 January, 2017

SHA256: C1FDC71E46229EA11482D99EBB80CA1A24C0284D3F01FAC618277EA9C91F98F0

New Features **

Fixed issues ** Browsing a container with more than 999 child objects and you will get (Exception calling "SendRequest" with "1" argument(s): "The size limit was exceeded") ** Updated windows size. Increased height to not render a scroll bar under large screen size. ** Reduced the window size when it is adapting to smaller screen size.

Version: 4.7.0 6 December, 2016

SHA256: 82DDB2263C7969AF5608246560A340CAB997F554CBE989A816A03C98F0E7582F

New Features ** Improved performance in preparing the scan. Updated function GetAllChildNodes. (Credit to Kirill Nikolaev, Kaspersky Lab) ** Improved support for connecting via IP-address only. ** Height of windows adapts to screen size. ** Better color coded criticality.

Fixed issues ** Removed unused LDAP attribute in LDAP search

Version: 4.6.0 6 October, 2016

SHA256: 2E80D4CD580B9EBD2AFC18FCE3614B386BA16ECEA7C416C81CD133B7361A003F

New Features ** Display group members in groups in the HTLM report. ** Present the value of the true SDDL in NTsecurityDescriptor, bypassing Object-Specific ACE merge done when a new instance of the ObjectSecurity class is initialized. ** Added Active Directory schema version check for Windows Server 2016. ** Added Exchange Schema Version check for Exchange Server 2016 CU2 and Exchange Server 2016 CU3

Fixed issues ** Get Forest Info search did not handle return of empty or zero response entries in a correct way ** HTML and CSV file output option doesn't display HTA

Version: 4.5.0 19 June, 2016

SHA256: CDDA9E265995E23F8738A2914E4E05593F692B194C634DF0B4D9FBF1B6DC2298

New Features ** Added Exchange Schema Version check for Exchange Server 2016 CU1.(Credit to Kirill Nikolaev, Kaspersky Lab)

Fixed issues ** Heavily improved code for “Skip Default Permissions”. Removed possible memory problem while scanning many objects. ** Improved code for “Skip Protected Permissions”. One ACE was missing. ** Null-valued array error while composing the list of domains. (Credit to Kirill Nikolaev, Kaspersky Lab) ** Null-valued array error when closing domain picker window w/o actually selecting one. (Credit to Kirill Nikolaev, Kaspersky Lab) ** Updated LDAP filters for getting trusted domains.(Credit to Kirill Nikolaev, Kaspersky Lab) ** Fixed issues with use of credentials over trusts. ** Fixed issues with TokenGroups over trust lookup. ** Removed unused variables. ** Replaced aliases like %,?,Select,foreach and Sort. ** Put $null to the left in comparison strings.

Version: 4.4.0 16 June, 2016

SHA256: 2803906C909BB7DE7024FEE981BCE6D927A0826215051AEDD088D61C10F9AB97

Fixed issues ** Errors when scanning objects you don't have read access on. ** Comparing with template containing forest root failed when connected to child domain. ** Templates are updated with a more accurate DN. ** Errors when translating NT Identity fixed.

Version: 4.3.0 2 May, 2016

SHA256: 3473DDB452DE7640FAB03CAD3E8AAF6A527BDD6A7A311909CFEF9DE0B4B78333

New Features ** You can exclude multiple paths, just for each object, select and right click to choose Exclude.

Fixed issues ** Unresolved security principals was shown as empty instead of SID. ** Searching for SID's included built-in groups that did not translate before compare.

Version: 4.2.0 14 April, 2016

SHA256: F340F6B56F11F879ED8A4C0DDA751FFF9538EE5105B2C0F39C79BED218E985E2:*

Fixed issues ** The validated write was express as only "Self" in the report. ** The validated write was never enumerated from the list of ControlAccessRights.

Version: 4.1.0 12 April, 2016

SHA256: BE7ECB91AA0F819A1796739B0491CA4691DCBE718410CA8A7F9358B600754B2A

Fixed issues ** Comparing builtin groups differ from running on DC and domain member. ** Connecting to custom DC did not collected forest info.

Version: 4.0.0 11 April, 2016

SHA256: C72CD69C0E15C1A9A276485FD5073F958B26B1A777928740C67B7E347F38938B

New Features ** Faster compare of Access Control Lists using USN from replication metadata. ** Primary directory service API changed to System.DirectoryServices.Protocols (S.DS.P). ** Connect to custom directory server and port like mounted backup or snapshot of NTDS.dit. ** Support for scanning AD LDS Instances. ** Name translation of AD LDS Identity references in security descriptor. ** Option to connect using credentials. ** Export defaultSecurityDescriptor. ** Compare DefaultSecurityDescriptor. ** Download OS specific csv templates for DefaultSecuritydescriptor. ** Connection Information tab provides information about the current connection. ** Resizable Window

Fixed issues ** Change the column name in the header from "OU" to "Object". ** Display forest information like FFL,DFL,Schema Version, Exchange and Lync Schema version did not work due to wrong formatting of attributes. ** Solved problem with returning schema version information about Exchange and Lync. ** Minor improvements in the GUI.

Version: 3.2.0 7 September, 2015

SHA1: 61CB4D160B4003FDF51FFACDB777FF0DC28D83D1

New Features ** Report single or all classSchema objects default security descriptor. ** Option to select between DACL or SDDL output of default security descriptors. ** Displays forest information like FFL,DFL,Schema Version, Exchange and Lync Schema version.

Version: 3.1.0 2 September, 2015

SHA1: EBBB7083BE00108B14B661016A0D049EFF092971

New Features ** Option to show objectClass of objects reported ** Option skip ACE's for "Protect object from accidental deletion" ** Error control on .Net Framework CLRVersion

Version: 3.0.1 10 July, 2015

Fixed issues ** Reporting on modified default security descriptors in Schema did not work in Windows 10 or Windows Server Technical Preview 2.

Version: 3.0 9 July, 2015

New Features ** You can take a CSV file from one domain and use it for another. With replacing the old DN with the current domains you can resuse reports between domains. You can also replace the (Short domain name)Netbios name security principals. ** Reporting on modified default security descriptors in Schema. ** Verifying the format of the CSV files used in convert and compare functions. ** When comparing with CSV file Nodes missing in AD will be reported as "Node does not exist in AD" ** The progress bar can be disabled to gain speed in creating reports. ** If the fist node in the CSV file used for comparing can't be connected the scan will stop.

Fixed issues ** Only the first node in the CSV file was used in the comparison the rest was skipped. ** If a node in the CSV file did not exist in AD, the comparison failed.

**Version: 2.2.2 7 July, 2015

Fixed issues ** If you run AD ACL Scanner in Windows 10 or Windows Server Technical Preview 2 you would always get mismatch during comparing. Problem fixed with if statement on System.Enum in PowerShell 5.

Version: 2.2.1 6 July, 2015

New Features ** Number of excluded objects reported in Log.

Fixed issues ** Broken scan! Everything are excluded when searching Onelevel or Subtree.

Version: 2.2.0 4 July, 2015

New Features ** Refresh Nodes by right-click container object. ** Exclude of objects from report by matching string to distinguishedName

Version: 2.1.2 2 July, 2015

Fixed issues ** Every scan required SeSecurityPrivilege (Manage auditing and security log) due to modifications of the SecurityMasks. Now this is done only once you explicitly scan SACL's.

Version: 2.1.1 12 June, 2015

Fixed issues ** If you ran AD ACL Scanner in Windows 10 or Windows Server Technical Preview 2 you would get an error. Problem fixed with if statement on System.Enum in PowerShell 5.

Version: 2.1.0 21 May, 2015

New Features ** Changed format on CSV output file. New format according to regular CSV type. ** Removed dependency on Active Directory PowerShell module for reporting on SACL's. ** Rename html report headers, Rights are called Access and if SACL's is used it's called Audit. ** HTLM reports contain headers ** Summary of criticality for all report types ** Support statement included

Fixed issues ** Owner permissions are changed to the more accurate :Read permissions, Modify permissions. ** Error when running PS 2.0 "ProgressBarWindow". ** Correct name of SPN report file. ** Criticality coloring of "Info"-level fixed. ** Added error control for enumerating objects.

Version: 2.0.3 29 October, 2014

Fixed issues ** PS 2.0 "Where-Object : Cannot bind argument to 'FilterScript' because it is null":5369.

Version: 2.0.2 28 October, 2014

New Features ** Scan for SACL's ** Option to skip Splash through new parameter "NoSplash" ** Option to show help text through new parameter "Help" ** Translation of object GUID in CSV file.

Fixed issues ** Require connection to domain before converting CSV to HTML, otherwise object GUID translation will fail.

Version: 2.0.1 15 October, 2014

Fixed issues ** issues related to connecting to ForestDnsZones and DomainDnsZones

Version: 2.0 October, 2014

New Features ** New GUI ** Progress Bar ** Better browsing experience ** Better logging function ** Bug fixes

Clone this wiki locally