technion/Scan-Netlogon-Secure.ps1

## Scan-Netlogon-Secure.ps1
# More information: https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Set-StrictMode -Version 2

# Fetch all Domain Controllers. Use this pattern to fetch from all sites.
$addomain = Get-ADDomain
$controllers = Get-ADComputer -filter * -SearchBase "OU=Domain Controllers,$($addomain.DistinguishedName)"

foreach ($dc in $controllers) {
    # Errors are ignored so as not to throw an exception if there are no such logs found
    Get-WinEvent -FilterHashtable @{logname='system'; id=5827,5828,5829,5830,5831} -ComputerName $dc.Name -ErrorAction Ignore
}

# Enable: reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v FullSecureChannelProtection /t REG_DWORD /d 1 /f
	# More information: https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
	Set-StrictMode -Version 2

	# Fetch all Domain Controllers. Use this pattern to fetch from all sites.
	$addomain = Get-ADDomain
	$controllers = Get-ADComputer -filter * -SearchBase "OU=Domain Controllers,$($addomain.DistinguishedName)"

	foreach ($dc in $controllers) {
	# Errors are ignored so as not to throw an exception if there are no such logs found
	Get-WinEvent -FilterHashtable @{logname='system'; id=5827,5828,5829,5830,5831} -ComputerName $dc.Name -ErrorAction Ignore
	}

	# Enable: reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v FullSecureChannelProtection /t REG_DWORD /d 1 /f