RepoMirrors/DSInternals
1
0
Fork 0
mirror of https://github.com/MichaelGrafnetter/DSInternals synced 2025-02-19 20:46:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resolved #85: Chocolatey package has wrong PowerShell dependency

Browse Source
This commit is contained in:
Michael Grafnetter 2019-05-23 11:05:47 +02:00
parent 1eb0c67f05
commit ccb5938adb
3 changed files with 29 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Documentation/CHANGELOG.md
View File

@ -1,6 +1,13 @@
# Changelog
All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## 3.5.1 - 2019-05-23
This is a [Chocolatey](https://chocolatey.org/packages/dsinternals-psmodule)-only release.
### Fixed
- Temporarily removed the package dependency on PowerShell 3, which caused some [issues](https://github.com/MichaelGrafnetter/DSInternals/issues/85). Will be resolved in a future release.
## [3.5] - 2019-05-10
### Added

23
Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
View File

@ -3,7 +3,7 @@
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
<metadata>
<id>DSInternals-PSModule</id>
<version>3.5</version>
<version>3.5.1</version>
<packageSourceUrl>https://github.com/MichaelGrafnetter/DSInternals/tree/master/Src/DSInternals.PowerShell/Chocolatey</packageSourceUrl>
<owners>MichaelGrafnetter</owners>
<title>DSInternals PowerShell Module</title>
@ -19,17 +19,20 @@
<tags>admin dsinternals powershell activedirectory ad security ntds passwords dpapi lsa sam audit</tags>
<summary>The DSInternals PowerShell Module exposes several internal features of Active Directory. These include offline ntds.dit file manipulation, password auditing, DC recovery from IFM backups and password hash calculation.</summary>
<description>The DSInternals PowerShell Module has these main features:
* [Active Directory password auditing](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Test-PasswordQuality.md#test-passwordquality) that discovers accounts sharing the same passwords or having passwords in a public database like [HaveIBeenPwned](https://haveibeenpwned.com) or in a custom dictionary.
* [Bare-metal recovery of domain controllers](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) from just IFM backups (ntds.dit + SYSVOL).
* Offline ntds.dit file manipulation, including [hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBAccount.md#get-addbaccount), [password resets](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPassword.md#set-addbaccountpassword), [group membership changes](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBPrimaryGroup.md#set-addbprimarygroup), [SID History injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) and [enabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Enable-ADDBAccount.md#enable-addbaccount)/[disabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Disable-ADDBAccount.md#disable-addbaccount) accounts.
* [Online password hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplAccount.md#get-adreplaccount) through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR). This feature is commonly called DCSync.
* [Domain or local account password hash injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-SamAccountPasswordHash.md#set-samaccountpasswordhash) through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or [directly into the database](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPasswordHash.md#set-addbaccountpasswordhash).
* [LSA Policy modification](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-LsaPolicyInformation.md#set-lsapolicyinformation) through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC).
* [Extracting credential roaming data](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Save-DPAPIBlob.md#save-dpapiblob) and DPAPI domain backup keys, either online through [directory replication](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplBackupKey.md#get-adreplbackupkey), [LSARPC](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaBackupKey.md#get-lsabackupkey) and [offline from ntds.dit](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBBackupKey.md#get-addbbackupkey).
* [Active Directory password auditing](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Test-PasswordQuality.md) that discovers accounts sharing the same passwords or having passwords in a public database like [HaveIBeenPwned](https://haveibeenpwned.com) or in a custom dictionary.
* [Bare-metal recovery of domain controllers](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md) from just IFM backups (ntds.dit + SYSVOL).
* Offline ntds.dit file manipulation, including [hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBAccount.md), [password resets](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPassword.md), [group membership changes](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBPrimaryGroup.md), [SID History injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADDBSidHistory.md) and [enabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Enable-ADDBAccount.md)/[disabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Disable-ADDBAccount.md) accounts.
* [Online password hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplAccount.md) through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR). This feature is commonly called DCSync.
* [Domain or local account password hash injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-SamAccountPasswordHash.md) through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or [directly into the database](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPasswordHash.md).
* [LSA Policy modification](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-LsaPolicyInformation.md) through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC).
* [Extracting credential roaming data](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Save-DPAPIBlob.md) and DPAPI domain backup keys, either online through [directory replication](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplBackupKey.md), [LSARPC](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaBackupKey.md) and [offline from ntds.dit](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBBackupKey.md).
* Password hash calculation, including [NT hash](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-NTHash.md), [LM hash](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-LMHash.md) and [kerberos keys](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-KerberosKey.md).
## Installation Notes
The module will be installed to the *$PSHome\Modules* directory. This is to avoid conflicts with the *PowerShell Gallery* and still support module autoloading.
* The module will be installed to the *$PSHome\Modules* directory. This is to avoid conflicts with the *PowerShell Gallery* and still support module autoloading.
* On Windows 7 and Windows Server 2008 R2, PowerShell has to be [upgraded](https://chocolatey.org/packages/PowerShell) first.
## Disclaimer
Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.</description>
@ -39,7 +42,7 @@ Features exposed through these tools are not supported by Microsoft. Improper us
</releaseNotes>
<dependencies>
<!-- Windows Management Framework 3+. For OS prior to Windows 8 or Windows Server 2012. -->
<dependency id="powershell" version="[3.0.20121027]" />
<!--<dependency id="powershell" version="[3.0.20121027]" />-->
<!-- Universal C Runtime. For RTM OS prior to Windows 10 and Windows Server 2016. -->
<dependency id="kb2999226" version="1.0.20181019" />
<!-- .NET Framework 4.5.1+. For RTM OS prior to Windows 8.1 and Windows Server 2012 R2. -->

10
Src/DSInternals.PowerShell/Chocolatey/tools/chocolateyinstall.ps1
View File

@ -1,4 +1,12 @@
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 'Latest'
$ErrorActionPreference = 'Stop'
# Check PowerShell Version
# Note: The #requires statement is not used in order to provide a custom message.
if ($PSVersionTable.PSVersion -lt [Version]'3.0')
{
throw 'The minimum required version of PowerShell is 3. Please upgrade by running the "choco install powershell" command first.'
}
# Copy Files
$toolsDir = Split-Path -Parent ($MyInvocation.MyCommand.Definition)