Change log
* better Samba compatibility (linux DC)
* added smb check functionalities & scanner for workstation
* added support for PSO
* rewrote “scanner” functionalities to be more user friendly
* adding dnsadmins as privilegde group following
* modified the healthcheck report and consolidation to be responsive
* added in PingCastleReporting the risk map (link between BU & entities)
* added in PingCastleReporting the Rules report (matched and explanation) and removed –export-hc-rule in PingCastle
* reworked the report to add a DC view (last startup – for patches, creation date, if presence of null session)
* add an alert for MS14-068 via startuptime
* changed P-AdminNum to be less strict (especially for forest root) and A-Krbtgt to be less agressive
* improve the explanation of some rules
* various bug fixes in PingCastleReporting
* modified some KPI in PingCastleReporting overview
* added the flag –smtptls
* modified the score computation algorithm to take part of migration information in the past (showing evolution of score)
* modify the bad primary group count by excluding members of guests group
* program rebranded to PingCastle
* added PingCastleReporting for management reports (powerpoint, history, …)
* reworked the advanced module
– added the live mode for advanced report
* handle many domains with the same FQDN (but different sid)
* rewrote the “Unknown domain” algorithm in xls which is reusing the graph made at consolidation
* add option to set an exception for all domains (set domain as “*” in the xls file)
* add all –explore options
* rules A-LoginScript, P-Disabled and S-PwdNeverExpires disabled
* added the rule P-DCOwner to check for DC ownership
* lowering the points to 0 for P-ServiceDomainAdmin if the passwords are changed regulary
* add netbios / sid information for forest of domains found indirectly (for matching existing domains)
* modify the simple node graph to add intermediate score and BU/Entity information when available
* added mail notification option if mail is read & smtp credential on command line
* added “details” for rules which are difficult to understand without specifics
* added the domain root for the delegation check
* disabled the check on dangerous permissions for migration sid history and unexpire password (too much false positives)
* added sidhistory information for groups to the sidhistory user information (to not forget to remove sidhistory for groups) (cert-ist forum version)
* add the reachable mode (disabled by default, enabled by default if domain=* and used in interactive mode)
This mode scans for domains outside trusts. Discover new domains when run on trusted domains.
* Reworked the domain maps for visualization and inclusing of the reachable mode data.
* Add Netbios information in the trust information to be able to match some reachable mode data.
* Remove the requirement for ADWS. LDAP is used if ADWS is not available (LDAP is far more slower than ADWS)
fix a problem when a distinguished name of an admin contain LDAP request char
fix a problem in the consolidation
fix a problem if a login script is invalid and cannot be parsed as a url
bug fixing (null session enabled on forest side, PreWin2000 group empty)
Simplify full graph with bidirectional nodes & red color for unprotected trusts
add a simplified graph