@@ -2900,11 +2900,11 @@ function Set-AdditionalCAProperty {
29002900 $CAHostDistinguishedName = (Get-ADObject - Filter { (Name -eq $CAHostName ) -and (objectclass -eq ' computer' - Server $ForestGC ).DistinguishedName
29012901 $CAHostFQDN = (Get-ADObject - Filter { (Name -eq $CAHostName ) -and (objectclass -eq ' computer' - Properties DnsHostname - Server $ForestGC ).DnsHostname
29022902 }
2903- $ping = Test-Connection - ComputerName $CAHostFQDN - Quiet - Count 1
2903+ $ping = if ( $CAHostFQDN ) { Test-Connection - ComputerName $CAHostFQDN - Count 1 - Quiet } else { Write-Warning " Unable to resolve $ ( $_ .Name ) Fully Qualified Domain Name (FQDN) " }
29042904 if ($ping ) {
29052905 try {
29062906 if ($Credential ) {
2907- $CertutilAudit = Invoke-Command - ComputerName $CAHostname - Credential $Credential - ScriptBlock { param ( $CAFullName ); certutil - config $CAFullName - getreg CA\AuditFilter } - ArgumentList $CAFullName
2907+ $CertutilAudit = Invoke-Command - ComputerName $CAHostFQDN - Credential $Credential - ScriptBlock { certutil - config $using : CAFullName - getreg CA\AuditFilter }
29082908 }
29092909 else {
29102910 $CertutilAudit = certutil - config $CAFullName - getreg CA\AuditFilter
@@ -2915,7 +2915,7 @@ function Set-AdditionalCAProperty {
29152915 }
29162916 try {
29172917 if ($Credential ) {
2918- $CertutilFlag = Invoke-Command - ComputerName $CAHostname - Credential $Credential - ScriptBlock { param ( $CAFullName ); certutil - config $CAFullName - getreg policy\EditFlags } - ArgumentList $CAFullName
2918+ $CertutilFlag = Invoke-Command - ComputerName $CAHostFQDN - Credential $Credential - ScriptBlock { certutil - config $using : CAFullName - getreg policy\EditFlags }
29192919 }
29202920 else {
29212921 $CertutilFlag = certutil - config $CAFullName - getreg policy\EditFlags
@@ -2926,7 +2926,7 @@ function Set-AdditionalCAProperty {
29262926 }
29272927 try {
29282928 if ($Credential ) {
2929- $CertutilInterfaceFlag = Invoke-Command - ComputerName $CAHostname - Credential $Credential - ScriptBlock { param ( $CAFullName ); certutil - config $CAFullName - getreg CA\InterfaceFlags } - ArgumentList $CAFullName
2929+ $CertutilInterfaceFlag = Invoke-Command - ComputerName $CAHostFQDN - Credential $Credential - ScriptBlock { certutil - config $using : CAFullName - getreg CA\InterfaceFlags }
29302930 }
29312931 else {
29322932 $CertutilInterfaceFlag = certutil - config $CAFullName - getreg CA\InterfaceFlags
@@ -3395,23 +3395,23 @@ function Set-RiskRating {
33953395 switch ($Issue.objectClass ) {
33963396 # Being able to modify Root CA Objects is very bad.
33973397 ' certificationAuthority'
3398- $RiskValue += 2 ; $RiskScoring += ' Root Certification Authority bject: +2'
3398+ $RiskValue += 2 ; $RiskScoring += ' Root Certification Authority bject: +2'
33993399 }
34003400 # Being able to modify Issuing CA Objects is also very bad.
34013401 ' pKIEnrollmentService'
3402- $RiskValue += 2 ; $RiskScoring += ' Issuing Certification Authority Object: +2'
3402+ $RiskValue += 2 ; $RiskScoring += ' Issuing Certification Authority Object: +2'
34033403 }
34043404 # Being able to modify CA Hosts? Yeah... very bad.
34053405 ' computer'
3406- $RiskValue += 2 ; $RiskScoring += ' Certification Authority Host Computer: +2'
3406+ $RiskValue += 2 ; $RiskScoring += ' Certification Authority Host Computer: +2'
34073407 }
34083408 # Being able to modify OIDs could result in ESC13 vulns.
34093409 ' msPKI-Enterprise-Oid'
3410- $RiskValue += 1 ; $RiskScoring += ' OID: +1'
3410+ $RiskValue += 1 ; $RiskScoring += ' OID: +1'
34113411 }
34123412 # Being able to modify PKS containers is bad.
34133413 ' container'
3414- $RiskValue += 1 ; $RiskScoring += ' Container: +1'
3414+ $RiskValue += 1 ; $RiskScoring += ' Container: +1'
34153415 }
34163416 }
34173417 }
@@ -3420,19 +3420,19 @@ function Set-RiskRating {
34203420 # Convert Value to Name
34213421 $RiskName = switch ($RiskValue ) {
34223422 { $_ -le 1 } {
3423- ' Informational'
3423+ ' Informational'
34243424 }
34253425 2 {
3426- ' Low'
3426+ ' Low'
34273427 }
34283428 3 {
3429- ' Medium'
3429+ ' Medium'
34303430 }
34313431 4 {
3432- ' High'
3432+ ' High'
34333433 }
34343434 { $_ -ge 5 } {
3435- ' Critical'
3435+ ' Critical'
34363436 }
34373437 }
34383438
@@ -3981,7 +3981,7 @@ Set-Acl -Path `$Path -AclObject `$ACL
39813981"@
39823982 }
39833983 4 {
3984- break
3984+ break
39853985 }
39863986 5 {
39873987 $Issue.Fix = @"
@@ -4144,10 +4144,10 @@ Function Write-HostColorized {
41444144 # We precompile them for better performance with many input objects.
41454145 [System.Text.RegularExpressions.RegexOptions ] $reOpts =
41464146 if ($CaseSensitive ) {
4147- ' Compiled, ExplicitCapture'
4147+ ' Compiled, ExplicitCapture'
41484148 }
41494149 else {
4150- ' Compiled, ExplicitCapture, IgnoreCase'
4150+ ' Compiled, ExplicitCapture, IgnoreCase'
41514151 }
41524152
41534153 # Transform the dictionary:
@@ -4169,10 +4169,10 @@ Function Write-HostColorized {
41694169 }
41704170 $colorArgs = @ { }
41714171 if ($fg ) {
4172- $colorArgs [' ForegroundColor' = [ConsoleColor ] $fg
4172+ $colorArgs [' ForegroundColor' = [ConsoleColor ] $fg
41734173 }
41744174 if ($bg ) {
4175- $colorArgs [' BackgroundColor' = [ConsoleColor ] $bg
4175+ $colorArgs [' BackgroundColor' = [ConsoleColor ] $bg
41764176 }
41774177
41784178 # Consolidate the patterns into a single pattern with alternation ('|'),
@@ -4191,7 +4191,7 @@ Function Write-HostColorized {
41914191 }
41924192 }
41934193 catch {
4194- throw
4194+ throw
41954195 }
41964196
41974197 # Construct the arguments to pass to Out-String.
@@ -4214,7 +4214,7 @@ Function Write-HostColorized {
42144214 foreach ($m in $entry.Key.Matches ($_ )) {
42154215 @ { Index = $m.Index ; Text = $m.Value ; ColorArgs = $entry.Value }
42164216 if ($WholeLine ) {
4217- break patternLoop
4217+ break patternLoop
42184218 }
42194219 }
42204220 }
0 commit comments