mendel129 · June 1, 2017 07:07
diff --git a/add-ntlmexception.ps1 b/add-ntlmexception.ps1
 # used together with the Windows security policy "Network security: Restricit NTLM.
 # if all NTLM is blocked, a computer becomes pretty useless, so this script to create exceptions based on failed connections from the NTLM log
 # Adds exception to Network security: Restricit NTLM: Add remote server exceptions for NTLM authentication
 function add-ntlmexception
 {
 	$event = Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-NTLM/Operational';  ID = 4001} -maxevents 1
 	$newexception = ((([xml]$event.toxml()).Event.EventData.Data) | ?{$_.name -eq "targetname"}).'#text'
 	$regpath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0"
 	$regname = "clientallowedntlmservers"
 	$currentvalues = (Get-ItemProperty $regpath).$regname
 	$futurevalues = $currentvalues
 	$futurevalues += $newexception
 	New-ItemProperty -Path $regpath -Name $regname -Value $futurevalues -PropertyType MultiString -Force
 }
	# used together with the Windows security policy "Network security: Restricit NTLM.
	# if all NTLM is blocked, a computer becomes pretty useless, so this script to create exceptions based on failed connections from the NTLM log
	# Adds exception to Network security: Restricit NTLM: Add remote server exceptions for NTLM authentication
	function add-ntlmexception
	{
	$event = Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-NTLM/Operational'; ID = 4001} -maxevents 1
	$newexception = ((([xml]$event.toxml()).Event.EventData.Data) \| ?{$_.name -eq "targetname"}).'#text'
	$regpath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0"
	$regname = "clientallowedntlmservers"
	$currentvalues = (Get-ItemProperty $regpath).$regname
	$futurevalues = $currentvalues
	$futurevalues += $newexception
	New-ItemProperty -Path $regpath -Name $regname -Value $futurevalues -PropertyType MultiString -Force
	}