2XXE-SRA/netrelease.ps1

## netrelease.ps1
# based on NetCease: https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b

# can be deployed on a per-host basis using this script - e.g. via something like SCCM
#   or, once deployed to one host, can be deployed via GPO Registry preferences by copying the set registry value
#   (lanmanserver still needs to be restarted when done this way)
#     see: https://adsecurity.org/?p=3299 -> Disable Windows Legacy & Typically Unused Features -> Disable Net Session Enumeration (NetCease)

# constants
$key = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
$name = "SrvsvcSessionInfo"
$SRVSVC_SESSION_USER_INFO_GET = 0x00000001

# get DACL binary data from registry
$regKey = Get-Item -Path $key
$srvSvcSessionInfo = $regKey.GetValue($name, $null)

# convert binary to object
$csd = New-Object -TypeName System.Security.AccessControl.CommonSecurityDescriptor -ArgumentList $true,$false, $srvSvcSessionInfo,0

# get SID info for user and add an allow in DACL
$user = New-Object System.Security.Principal.NTAccount('domain\user')
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier])
$csd.DiscretionaryAcl.AddAccess([System.Security.AccessControl.AccessControlType]::Allow, $sid, $SRVSVC_SESSION_USER_INFO_GET,0,0)

# convert object back to binary and save in registry
$data = New-Object -TypeName System.Byte[] -ArgumentList $csd.BinaryLength
$csd.GetBinaryForm($data,0)
Set-ItemProperty -Path $key -Name $name -Value $data

# restart lanmanserver service to take effect
Restart-Service lanmanserver
	# based on NetCease: https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b

	# can be deployed on a per-host basis using this script - e.g. via something like SCCM
	# or, once deployed to one host, can be deployed via GPO Registry preferences by copying the set registry value
	# (lanmanserver still needs to be restarted when done this way)
	# see: https://adsecurity.org/?p=3299 -> Disable Windows Legacy & Typically Unused Features -> Disable Net Session Enumeration (NetCease)

	# constants
	$key = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
	$name = "SrvsvcSessionInfo"
	$SRVSVC_SESSION_USER_INFO_GET = 0x00000001

	# get DACL binary data from registry
	$regKey = Get-Item -Path $key
	$srvSvcSessionInfo = $regKey.GetValue($name, $null)

	# convert binary to object
	$csd = New-Object -TypeName System.Security.AccessControl.CommonSecurityDescriptor -ArgumentList $true,$false, $srvSvcSessionInfo,0

	# get SID info for user and add an allow in DACL
	$user = New-Object System.Security.Principal.NTAccount('domain\user')
	$sid = $user.Translate([System.Security.Principal.SecurityIdentifier])
	$csd.DiscretionaryAcl.AddAccess([System.Security.AccessControl.AccessControlType]::Allow, $sid, $SRVSVC_SESSION_USER_INFO_GET,0,0)

	# convert object back to binary and save in registry
	$data = New-Object -TypeName System.Byte[] -ArgumentList $csd.BinaryLength
	$csd.GetBinaryForm($data,0)
	Set-ItemProperty -Path $key -Name $name -Value $data

	# restart lanmanserver service to take effect
	Restart-Service lanmanserver