Welcome to Harden AD 2.9.7!
Please join us to welcome our latest stable release of HardenAD! We have spent a huge amount of time to fix all bugs reported to us and also add some extra features and we are really enjoying to share our final result with us! You wan't to know more about this? Let's dive into details!
HardenAD.ps1
The main script still works the same way but have been adapted to fix new display issues as the checklist has been improved.
Configuration file remastered
The configuration has been updated to reflect this new release.
Tasks Sequence configuration file remastered
We all agree: the previous one was pretty ugly and hard to maintain or adapt, at least for a human being... So the file has been rewritten to use tab, comments were cleared-out and for a better readability data were organized through thematic (get a read, it's worth the case!). Plus, we have added new input to ease the switch between french and english.
Oh.. We were forgetting to tell tou a so little thing... The configuration now allow Operator accounts to join a computer to the domain! Well, at least if you have pre-staged the computer object in the right Organizational Unit :) Thanks to the new SDDL attribute that allow to handle ExtendedRights through a Custom Role (section Delegation).
Group Policies
New group policies have been added and some have been fixed as they do have issue. The most interesting ones will concern the scheduling upon domain controllers:
- HAD-TS-Local-Admins-Groups: this one will create a schedule that will dynamically create a group object to allow users being a local administrator of a system. The schedule monitor computer object change and set the group in the proper organizational unit. Some improvement are being done, so stay tuned as a new release will come soon...
- HAD-TS-Reset-Computer-SDDL: this one will monitor for computer object creation, then reset the owner to domain admins and enforce the security access control list to there default value. This way, you can now delegate the domain join to operators without security risk upon the computer object.
KeePass
The repository now include an empty kdbx file which was missing in the previous release.
Tools
We are very happy to share with you some our useful tools we daily use through our journey in deploying HardenAD. The tools include a script to massively reset the computer SDDL and Owner in a domain (use it with caution!), a script to reformat an XML by using tab as separator, a tool to ease the generation of the admin accounts to add to the xml file and a last script to reset the SDDL and Owner of a single computer objects. Those tools are self documented.
Well, that's all for the moment - we really hope you will enjoy this new release ; please use the discussion and/or the issues section to get back to us, or join us through https://hardenad.net !
Securly your,
The Harden AD Team