mirror of
https://github.com/NexusOne23/noid-privacy.git
synced 2026-02-07 12:11:53 +01:00
100 lines
3.9 KiB
PowerShell
100 lines
3.9 KiB
PowerShell
function Test-AdminShares {
|
|
<#
|
|
.SYNOPSIS
|
|
Test administrative shares compliance
|
|
|
|
.DESCRIPTION
|
|
Checks if administrative shares (C$, ADMIN$, etc.) are disabled
|
|
|
|
.EXAMPLE
|
|
Test-AdminShares
|
|
#>
|
|
[CmdletBinding()]
|
|
param()
|
|
|
|
try {
|
|
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
|
|
|
|
$result = [PSCustomObject]@{
|
|
Feature = "Admin Shares"
|
|
Status = "Unknown"
|
|
Details = @()
|
|
AutoShareWks = $null
|
|
AutoShareServer = $null
|
|
ActiveShares = @()
|
|
Compliant = $false
|
|
}
|
|
|
|
# Check registry settings
|
|
if (Test-Path $regPath) {
|
|
$result.AutoShareWks = (Get-ItemProperty -Path $regPath -Name "AutoShareWks" -ErrorAction SilentlyContinue).AutoShareWks
|
|
$result.AutoShareServer = (Get-ItemProperty -Path $regPath -Name "AutoShareServer" -ErrorAction SilentlyContinue).AutoShareServer
|
|
|
|
if ($result.AutoShareWks -eq 0 -and $result.AutoShareServer -eq 0) {
|
|
$result.Details += "Registry: AutoShareWks = 0, AutoShareServer = 0 (Disabled)"
|
|
}
|
|
else {
|
|
$result.Details += "Registry: AutoShareWks = $($result.AutoShareWks), AutoShareServer = $($result.AutoShareServer)"
|
|
}
|
|
}
|
|
|
|
# Check for active admin shares (requires LanmanServer service)
|
|
$serverService = Get-Service -Name "LanmanServer" -ErrorAction SilentlyContinue
|
|
if (-not $serverService -or $serverService.Status -ne 'Running') {
|
|
# Server service is stopped/disabled - admin shares are effectively disabled
|
|
$result.Details += "LanmanServer service is not running (admin shares cannot exist)"
|
|
$adminShares = @()
|
|
}
|
|
else {
|
|
try {
|
|
$adminShares = Get-SmbShare | Where-Object { $_.Name -match '^[A-Z]\$$|^ADMIN\$$' }
|
|
}
|
|
catch {
|
|
# Get-SmbShare failed - treat as no shares
|
|
$result.Details += "Could not query SMB shares: $($_.Exception.Message)"
|
|
$adminShares = @()
|
|
}
|
|
}
|
|
$result.ActiveShares = $adminShares | Select-Object -ExpandProperty Name
|
|
|
|
if ($adminShares.Count -eq 0) {
|
|
$result.Details += "No administrative shares found (C$, ADMIN$ removed)"
|
|
|
|
if ($result.AutoShareWks -eq 0 -and $result.AutoShareServer -eq 0) {
|
|
$result.Status = "Secure"
|
|
$result.Compliant = $true
|
|
}
|
|
else {
|
|
$result.Status = "Partially Secure"
|
|
$result.Compliant = $false
|
|
$result.Details += "WARNING: Shares removed but AutoShare registry not set (will recreate on reboot!)"
|
|
}
|
|
}
|
|
else {
|
|
# Shares are present, check if Registry is configured to disable them
|
|
if ($result.AutoShareWks -eq 0 -and $result.AutoShareServer -eq 0) {
|
|
# Config is correct, just needs a reboot
|
|
$result.Status = "Pending Reboot"
|
|
$result.Compliant = $true
|
|
$result.Details += "Active admin shares: $($adminShares.Name -join ', ') (Will be removed after reboot)"
|
|
}
|
|
else {
|
|
# Config is NOT correct
|
|
$result.Status = "Insecure"
|
|
$result.Compliant = $false
|
|
$result.Details += "Active admin shares: $($adminShares.Name -join ', ')"
|
|
}
|
|
}
|
|
|
|
return $result
|
|
}
|
|
catch {
|
|
Write-Log -Level ERROR -Message "Failed to test admin shares: $_" -Module "AdvancedSecurity" -Exception $_.Exception
|
|
return [PSCustomObject]@{
|
|
Feature = "Admin Shares"
|
|
Status = "Error"
|
|
Details = @("Failed to test: $_")
|
|
Compliant = $false
|
|
}
|
|
}
|
|
}
|