Skip to content

Latest commit

 

History

History
523 lines (487 loc) · 26 KB

CHANGELOG.MD

File metadata and controls

523 lines (487 loc) · 26 KB
Raw

Testimo Release History

0.0.88 - 2024.01.23

  • Added WindowsSecureTimeSeeding check in DCTimeSettings check

0.0.87 - 2024.01.15

  • Fixes DomainComputersUnsupported,DomainComputersUnsupportedMainstream
  • Add missing dependency PSSharedGoods

0.0.86 - 2023.12.12

  • Improve DomainDomainControllers by adding checks for PasswordNotRequired/PasswordNeverExpires as those are critical for DCs
  • Tables in Testimo now use ScrollX to make it easier to read on smnaller screen
  • Fixes DCLDAP date comparison
  • Improves DCDiskSpace to show more information
  • Improve ForestOptionalFeatures by adding WindowsLAPS detection
  • Rename DomainSecurityKRBGT to DomainSecurityKrbtgt as it should be
  • Improve DomainSecurityKrbtgt to detect Azure AD Keberbos account and measure it/ignore
  • Added ability to use IncludeTags,ExcludeTags to filter tests (only on Source level, not on tests level)

0.0.85 - 2023.03.08

  • Improve DCSMBShares
  • Improve DCSMBSharesPermissions

0.0.84 - 2022.11.22

  • Improves error handling for DSC
  • Fixes Get-Get-TestimoConfiguration
  • Added SplitReports to Invoke-Testimo to allow splitting the reports into multiple files (1 per category) more easily
  • Added icons in SplitReports tabs to make it easier to identify if there's a problem in given DC/Domain

0.0.83 - 2022.07.29

  • Fixes issue with some tests returning an error You cannot call a method on a null-valued expression.

0.0.82 - 2022.07.20

  • Small fix for DomainMachineQuota displaying unnessecary warnings and too many properties

0.0.81 - 2022.07.20

  • Added new test ForestVulnerableSchemaClass

0.0.80 - 2022.07.07

  • Fixes Results meet expected values, but test listed as failure in 0.0.79 #165

0.0.79 - 2022.06.30

  • Fixes link to MSFT article on LDAP binding/signing in script is 404 #160
  • Fixes DomainWellKnownFolders #162
  • Improves DSC comparison

0.0.78 - 2022.04.02

  • Fix PowerShell 2.0 detection #161 - tnx Sparticuz

0.0.77 - 2022.03.14

0.0.76 - 2022.02.24

  • Added new test DCWindowsFeaturesOptional to check for PowerShell 2.0 on DCs
  • Updated test DomainSecurityUsersAcccountAdministrator
  • Added ability to use Compare-Testimo as a way to compare two JSON files (single object, can have nested properties)

0.0.75 - 2022.01.25

  • Fixes errors that could happen for some tests during HTML creation

0.0.74 - 2022.01.25

  • Improved test ForestDuplicateSPN to check for duplicate SPNs in a forest
  • Added test ForestRootKDS to check for a KDS Root Key
  • Fixes a typo in DomainSecurityComputers #156
  • Improved summary a bit (still requires work)
  • Added support for external tests

0.0.73 - 2021.02.03

  • Added a new test DomainMachineQuota to check for ms-DS-MachineAccountQuota
  • Fixed Windows Server 2022 version flagged as failed #141
  • Fixed Some tests report Fail but no reason why #143
  • Fixed charts to show proper values (the ones from the table) #149
  • Modified charts colors to more eye friendly (at least to me) #149
  • Modified console output to show statuses the same as HTML version instead of Pass/Fail #145
  • Modified console output to remove full stop from some statuses #147
  • Added a new test ForestDuplicateSPN to check for duplicate SPNs in a forest
  • Fixed Skipped section in diagram but everything is True in report #151
  • Improved ForestReplication and ForestReplicationStatus
  • Improved DomainOrganizationalUnitsEmpty

0.0..72 - 2021.07.20

0.0..71 - 2021.07.05

  • Fixes spelling #131 - tnx ghBCollier
  • Improves DomainDNSResolveExternal #133 - tnx rmbolger

0.0..70 - 2021.06.10

  • Tests
    • 🐛 Fixed DomainGroupPolicyPermission - Unknown GPOs were detected incorrectly #129 tnx illumniN8i
    • 🐛 Fixed DomainDHCPAuthorized - properly detects single DHCP #128 tnx illumniN8i

0.0..69 - 2021.05.27

  • General
    • Small fix for reports
  • Tests
    • 📦 Added ForestDHCP

0.0..68 - 2021.04.21

  • General
    • 🐛 Small detection of problems with gathering information about Forest
  • Tests
    • 📦 Added DomainSecurityDelegatedObjects

0.0..67 - 2021.04.07

  • Tests
  • 💡 Improved DomainGroupPolicyAssessment

0.0..66 - 2021.04.07

  • Tests
    • 📦 Added DomainSecurityComputers
    • 🔠 Renamed DomainGroupPolicyAssessment due to typo #124 / tnx JasonCook599
    • 🐛 Fixed DomainGroupPolicyAssessment empty and problematic GPOs detection condition #124 / tnx JasonCook599

0.0..65 - 2021.03.23

  • Tests
    • Improvement DomainSecurityUsers
    • Improvement DomainSecurityKRBGT
  • General
    • Improvement of HTML

0.0..64 - 2021.03.23

  • Tests
    • Improvement DomainSecurityUsers
    • Improvement DomainSecurityKRBGT
  • General
    • Improvement of HTML

0.0..63 - 2021.03.23

  • Tests
    • Improvement ForestSubnets

0.0..62 - 2021.03.20

  • Tests
    • Fixed DCDNSResolveExternal reported in #122
    • Improvement ForestTrusts
  • General
    • Improvement of HTML

0.0..61 - 2021.03.17

  • Tests
    • Improved ForestTrusts
    • Improved ForestRoles
  • General
    • Improvement of HTML

0.0..60 - 2021.03.17

  • Tests
    • Improved ForestSubnets
    • Improved ForestSites
    • Improved ForestOptionalFeatures
    • Improved ForestBackup
    • Improved ForestTombstoneLifetime
    • Improved DomainDomainControllers
    • Improved DomainLDAP
    • Improved DomainOrphanedSecurityPrincipals
  • General
    • Added AlwaysShowSteps
    • Improved support for new PSWriteHTML

0.0..59 - 2021.03.01

  • General
    • Misspelled word in report (Extream -> Extreme) #120 - tnx mojomojoman

0.0..58 - 2021.02.25

  • Tests
    • Added ForestSubnets
    • Improved DomainDomainControllers
    • Improved DomainLDAP
    • Improved ForestBackup
    • Improved ForestOrphanedAdmins
    • Improved ForestConfigurationPartitionOwners
    • Improved DomainDuplicateObjects
    • Improved ForestSites
  • General
    • Improved reporting
    • Improved reporting status (assesment)

0.0..57 - 2021.02.21

  • Tests
    • Added DomainLDAP - takes over DCLDAP
    • Disabled DCLDAP by default. Still there just not used.
    • Improved ForestOrphanedAdmins
    • Improved ForestConfigurationPartitionOwners
    • Improved DomainDuplicateObjects
    • Improved DomainDomainControllers
  • General
    • Renamed Parameter ReturnResults to PassThru (left as an alias)
    • Fixed loading configuration from JSON/File/HashTable - Configuration changed so much rebuild will be required
    • Fixed saving configuration to JSON/File/HashTable - Configuration changed so much rebuild will be required
    • Parameter for Invoke-Testimo ShowReport is deprecated and doesn't do anything
    • Parameter for Invoke-Testimo HideHTML was added and prevents auto-opening of HTML
    • Parameter for Invoke-Testimo HideSteps/HideSolution was added to hide solution/steps in case it's not needed
    • Added additional information about HTML report generating where the file was saved (useful if no FilePath was provided)
    • Parameter ReportPath was renamed to FilePath, ReportPath is still an alias - to get it the same as GPOZaurr
  • Reporting
    • Solution/Steps added to Report when available for display
    • Reporting is still getting more and more changes

0.0..56 - 2021.02.07

  • Tests
    • Improved ForestOrphanedAdmins
    • Added ForestConfigurationPartitionOwners
    • Improved DomainDuplicateObjects
    • Improved DomainDomainControllers
    • Improved DCTimeSynchronizationExternal
  • Reporting
    • HTML report updated with new format, still not final
    • Added Importance/Category visibility in HTML -> if only those were updated in all tests 🤣
    • Added Description visibility in HTML -> if only those were updated in all tests 🤣
    • Added Resources visibility in HTML -> if only those were updated in all tests 🤣

0.0..55 - 2021.02.02

  • Improvement to report (domain section)
  • Improvement to DomainDuplicateObjects
  • Improvement to OrphanedForeignSecurityPrincipals
  • Removed ForestDuplicateObjects - duplicate of DomainDuplicateObjects

0.0..54 - 2021.01.29

  • Fixes report to work with IE 11 (not great, not bad either)

0.0..53 - 2021.01.28

  • Improved DomainDomainControllers

0.0..52 - 2021.01.27

  • Improved DCUNCHardenedPaths to check for multiple values

0.0..51 - 2021.01.26

  • Fix for Invoke-Testimo crashing on dead/non-responding/no-access DC #117

0.0..50 - 2021.01.25

  • Fix for Invoke-Testimo returning more than one line of error which would stop Testimo #116

0.0..49 - 2021.01.25

  • Fix for Invoke-Testimo not working correctly with some tests #116
  • Improved some tests
  • Reporting
    • HTML report improved a bit for Domain based checks

0.0..48 - 2021.01.21

  • Fix for Invoke-Testimo not working when no tests are defined
  • Tests
    • Added DomainDomainControllers - covers DC ACL owner, DC Manager, DC Password Last Set, DC Last Logon, Enabled

0.0..47 - 2021.01.19

  • Improvements
    • Added warning & errors to HTML
    • Removed dependency on PSWinDocumentation.AD temporary (no tests for now)
  • Tests
    • Removed DomainGroupPolicyPermissionUnknown
    • Removed GroupPolicyMissingPermissions
    • Added DomainGroupPolicyPermissions - covers unknown, adminitrative, authenticated users and system (both removed + some)
    • Removed DomainGroupPolicyEmptyUnlinked
    • Added DomainGroupPolicyAssesment - covers empty, unlinked, disabled, with problem, optimized, no apply permission
    • Added DomainNetLogonOwner
    • Improved ForestSiteLinksConnections #92
    • Improved ForestTombstoneLifetime - support for forest

0.0..46 - 2020.10.29

  • Improvement to HTML
    • DataStore is now set to JavaStore which allows handling of more data within single HTML file
    • Should have less errors on tab switching
    • Known issue: with lots of tables/charts switching between tabs can take time, be patient
  • Improvement to DomainSecurityKRBGT
  • Improvement to DCWindowsUpdates
  • Removed DomainKerberosAccountAge as it's identical to DomainSecurityKRBGT
  • Removed DomainTrusts as it wasn't really working great
  • Added ForestTrusts with improvements
  • ForestObjectsWithConflict renamed to ForestDuplicateObjects
  • ForestDuplicateObjects disabled by default (same thing as DomainDuplicateObjects just done forest wide)
  • DomainDuplicateObjects enabled by default (same thing as forest just done per domain)
  • DCTimeSettings updated with proper NTP recommendation #65 - tnx SolidKnight, SUBnet192, itpro-tips

0.0..45 - 2020.10.20

  • Reversed on HTML change due to issues

0.0..44 - 2020.10.19

  • HTML
    • HTML report should now be much faster to work with even with larger datasets
  • Tests
    • DomainWellKnownFolders - removed duplicate code
    • Added some additional descriptions to tests, still long way to go
    • Small name fix for DomainGroupPolicySysvol
    • DomainGroupPolicyEmptyUnlinked - added new test
    • Silent GitHub version check
    • Fixes working with lowercase source names
    • Fixes issue Service Status fails on value "Auto" #106 due to change in PSSharedGoods

0.0..43 - 2020.06.17

  • Tests
    • Small name update to OrganizationalUnitsEmpty and OrganizationalUnitsProtected fixing #103

0.0..42 - 2020.06.08

  • Tests
    • Fix for DCNetSessionEnumeration not run against target #102
  • Engine
    • Better Sources handling during typing

0.0..41 - 2020.06.06

  • Engine
    • Renamed MustExists to ExpectedOutput for Parameters in Tests for unified experience
    • Added ExpectedResult for Parameters in Tests
      • This works in a way where if we use WhereObject filtering on Array you can check if output is given or not and fail/pass right away
      • This brings 3 ways to test ExpectedCount, ExpectedValue or ExpectedResult
      • ExpectedResult ignores all other settings in parameters except for WhereObject
  • Tests
    • Added DomainGroupPolicyPermissionConsistency (requires GPOZaurr PowerShell module)
    • Added DomainGroupPolicyOwner (requires GPOZaurr PowerShell module)
      • Test for: GPO: Owner Consistent
      • Test for: GPO: Owner Administrative
    • Added DomainGroupPolicyPermissionUnknown (requires GPOZaurr PowerShell module)
    • Added DomainGroupPolicySysvol (requires GPOZaurr PowerShell module)
    • Renamed DCGroupPolicySYSVOL to DCGroupPolicySYSVOLDC to prevent conflict with per Domain checks
    • Replaced DomainGroupPolicyADM with GPOZaurr command

0.0..40 - 2020.05.09

  • Engine
    • ExpectedOutput is now required for Source
  • Tests
    • ExpectedOutput (true/false/null) added for all tests
    • Fix regression ForestReplicationStatus if multiple DC
    • Fix regression ForestReplication if multiple DC
    • Added DomainDuplicateObjects test - finds CNF objects

0.0..39 - 2020.04.11

  • Engine
    • Add requirements (IsInternalForest = $true) for tests that do not support external forest (such as repadmin)
    • Fixed ExpectedCount not working correctly for some values (no sure why it worked at all)
  • Reporting
    • Improved output to not include empty tabs
  • Tests
    • Improved ForestReplicationStatus if only 1 DC, disabled if asking for external forest
    • Improved ForestReplication if only 1 DC
    • Renamed DomainEmptyOrganizationalUnits to DomainOrganizationalUnitsEmpty
    • Added DomainOrganizationalUnitsProtected
    • Improved DCServices for non-existing spooler service
    • Changed DomainPasswordComplexity Lockout Treshold changed to 5+
    • Renamed DCNetSessionEnumaration to DCNetSessionEnumeration - tnx subnet192 #99
    • Added DCDNSForwarders - DNS: More than one forwarding server should be configured
    • Added DomainExchangeUsers - Exchange Users: Missing MailNickName monitors for issue described on blog
    • Improved DNSScavengingForPrimaryDNSServer
  • Other
    • Fix typos - tnx subnet192 #99

0.0..38 - 2020.03.14

  • Added GroupPolicy and ActiveDirectory to RequiredModules and ExternalModuleDependencies preventing error reported in #91

0.0..37 - 2020.03.13

  • Engine
    • Update to DomainSecurityUsers to exclude DomainGuests
    • Fix for ExpectedOutput $false
  • Tests
    • Fix for DomainSecurityUsers - tnx itpro-tips #89
    • Added DomainSecurityKRBGT
    • Improved DCNetworkSettings - DNS: DNS servers on Ethernet should include the loopback address, but not as the first entry - #90 - tnx itpro-tips
    • Improved DCNetworkSettings - DNS: Ethernet should have static IPv4 settings (disabled by default) - #90 - tnx itpro-tips
    • Improved DCLanManServer - ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression - Disabled by default, as patch is available

0.0..36 - 2020.03.04

  • Engine
    • Fix for broken tests

0.0..35 - 2020.03.04

  • Engine
    • Added MustExists (True/False) for Parameters
    • Fixes for In/NotIn
    • Fixes for Inclusion/Exclusion DC/Domain
    • Fixes for ExpectedCount 0 not working
  • Tests
    • DCServices Improvement with XBOX Service
    • Added DCSMBSharesPermissions
    • Added DomainSecurityUsers
    • Added DCUNCHardenedPaths - read potential issues of implementing UNC Hardened Paths. If you enable and things go south GPOs won't work.

0.0..34 - 2020.01.29

  • Tests
    • Modify repadmin (ForestReplicationStatus) for non-english OS #86 - tnx Fiyorden

0.0..33 - 2020.01.28

  • Tests
    • Fixing legacy ADM files check - #84 - tnx PMORMR

0.0..32 - 2020.01.27

  • Tests
    • Fix for DCGroupPolicySYSVOL - #83 - tnx PMORMR

0.0..31 - 2020.01.23

  • Engine
    • Fix for loading configuration

0.0..30 - 2020.01.19

  • Engine
    • Fix for version checks

0.0..29 - 2020.01.19

  • Engine
    • Added IncludeDomain, IncludeDomainControllers (when used skips Exclusions)
      • This requires heavy improvements - soon enough
    • Fixes issue when first running single source and then running all tests (it would use the "old source" instead of using defaults)
  • Tests
    • Fix for Windows Roles and Feature for other language (non-english) #79 - tnx Fiyorden
    • Added LDAPInsecureBindings

0.0..28 - 2019.12.29

  • Engine
    • Fix for not running tests for DC if no Forest/Domain tests are present
    • Added -SkipRODC parameter to skip DCs that are RODC

0.0..27 - 2019.12.26

  • Engine
    • Better support for Portable Testimo

0.0..26 - 2019.12.26

  • Engine
    • Improvments to some error handling
    • Added Version/Date Published (#72)
    • Do not run Tests for Domain/DomainControllers if not enabled
  • Updated modules
    • ADEssentials to 0.0.27 (Get-WinADDFSHealth fixed)
    • Other dependencies also updated
  • Tests
    • Fix for DNSForwaders
    • Added DomainComputersUnsupported (older than 2008)
    • Added DomainComputersUnsupportedMainstream (2008 computers with support from Microsoft)

0.0..25 - 2019.11.18

  • Engine
    • Small configuration saving fixes
    • Added version
  • Tests
    • ForestObjectsWithConflict - Added
    • DCRDPSecurity - Added
      • Minimum Encryption Level
    • DCServiceWINRM - Added
      • DisableRunAS
    • DCSMBProtocols - added BPA findings - Added
      • AutoDisconnectTimeout
      • CachedOpenLimit
      • DurableHandleV2TimeoutInSeconds
      • EnableSMB1Protocol
      • EnableSMB2Protocol
      • MaxThreadsPerQueue
      • Smb2CreditsMin
      • Smb2CreditsMax
      • RequireSecuritySignature
    • DCNetSessionEnumeration (Net Cease) - Added
      • Hardening Net Session Enumeration
    • DCLanManServer - Added
      • Microsoft network server: Digitally sign communications (if client agrees)
      • Microsoft network server: Digitally sign communications (always)
      • Users are not forcibly disconnected when logon hours expire.

0.0..23 - 2019.10.08

  • Tests
    • DCDiagnostics - Added
      • Basically wrapper over DcDiag
        • Checks Connectivity
        • Checks Advertising
        • Checks CheckSecurityError
        • Checks CutoffServers
        • Checks FrsEvent
        • Checks DFSREvent
        • Checks SysVolCheck
        • Checks FrsSysVol
        • Checks KccEvent
        • Checks KnowsOfRoleHolders
        • Checks MachineAccount
        • Checks NCSecDesc
        • Checks NetLogons
        • Checks ObjectsReplicated
        • Checks Replications
        • Checks RidManager
        • Checks Services
        • Checks SystemLog
        • Checks Topology
        • Checks VerifyEnterpriseReferences
        • Checks VerifyReferences
        • Checks VerifyReplicas
        • Checks DNS
        • Checks ForestDnsZonesCheckSDRefDom
        • Checks ForestDnsZonesCrossRefValidation
        • Checks DomainDnsZonesCheckSDRefDom
        • Checks DomainDnsZonesCrossRefValidation
        • Checks SchemaCheckSDRefDom
        • Checks SchemaCrossRefValidation
        • Checks ConfigurationCheckSDRefDom
        • Checks ConfigurationCrossRefValidation
        • Checks NetbiosCheckSDRefDom
        • Checks NetbiosCrossRefValidation
        • Checks DNSDomain
        • Checks LocatorCheck
        • Checks FsmoCheck
        • Checks Intersite
    • DCEventLog - Added
      • Check for Application Log - LogMode/LogFull
      • Check for System Log - LogMode/LogFull
      • Check for PowerShell Log - LogMode/LogFull
      • Check for Security Log - Size/SizeMax/LogMode/LogFull
      • Check for Security Log - Default Security Permissions
    • DCTimeSynchronizationExternal
    • DCDFS - Added
      • DFS should be Healthy
      • Central Repository for GPO for Domain should be available
      • Central Repository for GPO for DC should be available
      • GPO Count should match folder count
      • MemberReference should return TRUE
      • DFSErrors should be 0
      • DFSLocalSetting should be TRUE
      • DomainSystemVolume should be TRUE
      • SYSVOLSubscription should be TRUE
      • DFSR AutoRecovery should be enabled (not stopped)
    • DCDFSRAutoRecovery - DELETED
      • Moved to DCDFS
    • DomainDHCPAuthorized - Added but DISABLED
      • Check added, by default disabled.
    • DCTimeSettings
    • DomainGroupPolicyADM - Added
      • Added check for legacy ADM files
    • DCGroupPolicySYSVOL - Added
      • Added check if all GPO's have their folder on SYSVOL
    • DCLanManagerSettings - Added
      • Added checks for Lan Manager Settings
    • DCTimeSynchronizationInternal
      • Added check for LastBootUpTime be less than X (60) days
  • Engine
    • Added checks for potential NULL after Where-Object (fails tests now, while before it would ignore it)
    • Added parameters for SourceParameters for use within Sources #41 - tnx James Rudd
    • Changed export / import configuration to support SourceParameters/ExpectedOutput. #41 - tnx James Rudd
    • Support for Requirements/CommandAvailable

0.0..22 - 2019.09.10

  • Tests
    • DCPorts - typo fix OPEN vs CLOSED

0.0..21 - 2019.09.10

  • Tests
    • DCPorts - Checking for port 139 - Require PORT CLOSED (#29 - tnx SP3269)
    • DCNetworkSettings - Netbios TCPIP settings on network card - Require DISABLED (#29 - tnx SP3269)
    • DCWindowsFirewall - was renamed to DCNetworkSettings
    • DomainEmptyOrganizationalUnits - fix for lacking Contacts (#32 - tnx JasonCook599)
    • DNSScavengingForPrimaryDNSServer - fix LT should be GT (#33 - tnx JasonCook599)
    • DomainDNSZonesForest0ADEL - Added new test
    • DomainDNSZonesDomain0ADEL - Added new test
  • Engine
    • Support for match/notmatch/notcontains

0.0..20 - 2019.09.09

  • Fix for configuration loading from JSON file (#30 - tnx Alex)

0.0..19 - 2019.09.08

  • First public release - More information in blog post!