mendel129/add-ntlmexception.ps1

## add-ntlmexception.ps1
# used together with the Windows security policy "Network security: Restricit NTLM.
# if all NTLM is blocked, a computer becomes pretty useless, so this script to create exceptions based on failed connections from the NTLM log
# Adds exception to Network security: Restricit NTLM: Add remote server exceptions for NTLM authentication
function add-ntlmexception
{
	$event = Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-NTLM/Operational';  ID = 4001} -maxevents 1
	$newexception = ((([xml]$event.toxml()).Event.EventData.Data) | ?{$_.name -eq "targetname"}).'#text'
	$regpath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0"
	$regname = "clientallowedntlmservers"
	$currentvalues = (Get-ItemProperty $regpath).$regname
	$futurevalues = $currentvalues
	$futurevalues += $newexception
	New-ItemProperty -Path $regpath -Name $regname -Value $futurevalues -PropertyType MultiString -Force
}
	# used together with the Windows security policy "Network security: Restricit NTLM.
	# if all NTLM is blocked, a computer becomes pretty useless, so this script to create exceptions based on failed connections from the NTLM log
	# Adds exception to Network security: Restricit NTLM: Add remote server exceptions for NTLM authentication
	function add-ntlmexception
	{
	$event = Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-NTLM/Operational'; ID = 4001} -maxevents 1
	$newexception = ((([xml]$event.toxml()).Event.EventData.Data) \| ?{$_.name -eq "targetname"}).'#text'
	$regpath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0"
	$regname = "clientallowedntlmservers"
	$currentvalues = (Get-ItemProperty $regpath).$regname
	$futurevalues = $currentvalues
	$futurevalues += $newexception
	New-ItemProperty -Path $regpath -Name $regname -Value $futurevalues -PropertyType MultiString -Force
	}