technion · August 16, 2020 23:30
diff --git a/Scan-Netlogon-Secure.ps1 b/Scan-Netlogon-Secure.ps1
 # More information: https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
 Set-StrictMode -Version 2

 # Fetch all Domain Controllers. Use this pattern to fetch from all sites.
 $addomain = Get-ADDomain
 $controllers = Get-ADComputer -filter * -SearchBase "OU=Domain Controllers,$($addomain.DistinguishedName)"

 foreach ($dc in $controllers) {
    # Errors are ignored so as not to throw an exception if there are no such logs found
    Get-WinEvent -FilterHashtable @{logname='system'; id=5827,5828,5829,5830,5831} -ComputerName $dc.Name -ErrorAction Ignore 
 }

 # Enable: reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v FullSecureChannelProtection /t REG_DWORD /d 1 /f
	# More information: https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
	Set-StrictMode -Version 2

	# Fetch all Domain Controllers. Use this pattern to fetch from all sites.
	$addomain = Get-ADDomain
	$controllers = Get-ADComputer -filter * -SearchBase "OU=Domain Controllers,$($addomain.DistinguishedName)"

	foreach ($dc in $controllers) {
	# Errors are ignored so as not to throw an exception if there are no such logs found
	Get-WinEvent -FilterHashtable @{logname='system'; id=5827,5828,5829,5830,5831} -ComputerName $dc.Name -ErrorAction Ignore
	}

	# Enable: reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v FullSecureChannelProtection /t REG_DWORD /d 1 /f