Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
adds ntlm exception
# used together with the Windows security policy "Network security: Restricit NTLM.
# if all NTLM is blocked, a computer becomes pretty useless, so this script to create exceptions based on failed connections from the NTLM log
# Adds exception to Network security: Restricit NTLM: Add remote server exceptions for NTLM authentication
function add-ntlmexception
{
$event = Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-NTLM/Operational'; ID = 4001} -maxevents 1
$newexception = ((([xml]$event.toxml()).Event.EventData.Data) | ?{$_.name -eq "targetname"}).'#text'
$regpath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0"
$regname = "clientallowedntlmservers"
$currentvalues = (Get-ItemProperty $regpath).$regname
$futurevalues = $currentvalues
$futurevalues += $newexception
New-ItemProperty -Path $regpath -Name $regname -Value $futurevalues -PropertyType MultiString -Force
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment