cqrenet/elysium
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: cqrenet/elysium:v2.2.3
Branches Tags
cqrenet/elysium:main cqrenet/elysium:backup/orig-main-20251020-190110
cqrenet/elysium:v2.4.4 cqrenet/elysium:v2.4.3 cqrenet/elysium:v2.4.2 cqrenet/elysium:v2.4.1 cqrenet/elysium:v2.4.0 cqrenet/elysium:v2.3.0 cqrenet/elysium:v2.2.5 cqrenet/elysium:v2.2.4 cqrenet/elysium:v2.2.3 cqrenet/elysium:v2.2.2 cqrenet/elysium:v2.2.1 cqrenet/elysium:v2.2.0
..
compare: cqrenet/elysium:v2.2.4
Branches Tags
cqrenet/elysium:main cqrenet/elysium:backup/orig-main-20251020-190110
cqrenet/elysium:v2.4.4 cqrenet/elysium:v2.4.3 cqrenet/elysium:v2.4.2 cqrenet/elysium:v2.4.1 cqrenet/elysium:v2.4.0 cqrenet/elysium:v2.3.0 cqrenet/elysium:v2.2.5 cqrenet/elysium:v2.2.4 cqrenet/elysium:v2.2.3 cqrenet/elysium:v2.2.2 cqrenet/elysium:v2.2.1 cqrenet/elysium:v2.2.0

1 Commits
v2.2.3 .. v2.2.4

Author SHA1 Message Date
tomas.kracmar 0175864e72 Release v2.2.4: permission check InheritOnly fix and DSInternals block detection 
Test-ReplicationPermissions:
- Skip InheritOnly ACEs since they do not apply to the domain root
  object itself, only to child objects.

Test-WeakADPasswords:
- Detect Windows Zone.Identifier blocks on DSInternals DLLs and
  emit a clear error with the exact Unblock-File remediation
  command instead of a vague warning.

All versions bumped to unified v2.2.4.
 2026-06-09 13:07:46 +02:00
11 changed files with 25 additions and 11 deletions
Expand all files Collapse all files
Bump-Version.ps1
+1 -1
View File
@@ -8,7 +8,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Bump-Version.ps1 ## ## File: Bump-Version.ps1 ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
CHANGELOG.md
+8
View File
@@ -6,6 +6,14 @@ Starting with **v2.2.0**, Elysium uses a **unified project version**. All script
--- ---
## [2.2.4] — 2026-06-09
### Fixed
- `Test-ReplicationPermissions` (in `Elysium.Common.ps1`) now skips `InheritOnly` ACEs when evaluating replication rights. An ACE marked `InheritOnly` applies only to child objects, not the domain root itself, so it does not grant the required extended rights for DCSync on the domain object.
- `Import-CompatModule` (in `Test-WeakADPasswords.ps1`) now detects DSInternals being blocked by Windows `Zone.Identifier` (alternate data stream from internet download) and throws a clear, actionable error with the exact `Unblock-File` command to run. Previously this surfaced as an opaque non-FIPS warning.
---
## [2.2.3] — 2026-06-09 ## [2.2.3] — 2026-06-09
### Fixed ### Fixed
Elysium.Common.ps1
+3 -1
View File
@@ -1,4 +1,4 @@
$script:ElysiumVersion = '2.2.3' $script:ElysiumVersion = '2.2.4'
function Invoke-RestartWithExecutable { function Invoke-RestartWithExecutable {
param( param(
@@ -379,6 +379,8 @@ function Test-ReplicationPermissions {
$aceExistsForGuid = $false $aceExistsForGuid = $false
foreach ($ace in $acl) { foreach ($ace in $acl) {
if ($ace.AccessControlType -ne [System.Security.AccessControl.AccessControlType]::Allow) { continue } if ($ace.AccessControlType -ne [System.Security.AccessControl.AccessControlType]::Allow) { continue }
# InheritOnly ACEs apply to child objects only — the domain root itself is not covered
if ([bool]($ace.PropagationFlags -band [System.Security.AccessControl.PropagationFlags]::InheritOnly)) { continue }
$rights = $ace.ActiveDirectoryRights $rights = $ace.ActiveDirectoryRights
$hasExtended = [bool]($rights -band [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight) $hasExtended = [bool]($rights -band [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight)
$hasGenericAll = [bool]($rights -band [System.DirectoryServices.ActiveDirectoryRights]::GenericAll) $hasGenericAll = [bool]($rights -band [System.DirectoryServices.ActiveDirectoryRights]::GenericAll)
Elysium.ps1
+1 -1
View File
@@ -7,7 +7,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Elysium.ps1 ## ## File: Elysium.ps1 ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
ElysiumSettings.txt.sample
+1 -1
View File
@@ -8,7 +8,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: ElysiumSettings.txt ## ## File: ElysiumSettings.txt ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
Extract-NTHashes.ps1
+1 -1
View File
@@ -7,7 +7,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Extract-NTHashes.ps1 ## ## File: Extract-NTHashes.ps1 ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
Prepare-KHDBStorage.ps1
+1 -1
View File
@@ -7,7 +7,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Prepare-KHDBStorage.ps1 ## ## File: Prepare-KHDBStorage.ps1 ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
Test-WeakADPasswords.ps1
+6 -2
View File
@@ -8,7 +8,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Test-WeakADPasswords.ps1 ## ## File: Test-WeakADPasswords.ps1 ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
@@ -352,7 +352,11 @@ function Import-CompatModule {
$nonFipsErrors = @($importErrors | Where-Object { $_.Exception.Message -notmatch 'Only FIPS certified cryptographic algorithms are enabled in \.NET' }) $nonFipsErrors = @($importErrors | Where-Object { $_.Exception.Message -notmatch 'Only FIPS certified cryptographic algorithms are enabled in \.NET' })
if ($nonFipsErrors.Count -gt 0) { if ($nonFipsErrors.Count -gt 0) {
Write-Warning ("DSInternals import reported non-fatal warning(s): {0}" -f $nonFipsErrors[0].Exception.Message) $nonFipsMsg = $nonFipsErrors[0].Exception.Message
if ($nonFipsMsg -match 'Zone\.Identifier|alternate data stream') {
throw ("DSInternals native DLL is blocked by Windows (Zone.Identifier). Run the following on the target machine and retry:`n Get-ChildItem -Path '$env:ProgramFiles\WindowsPowerShell\DSInternals' -Recurse | Unblock-File")
}
Write-Warning ("DSInternals import reported non-fatal warning(s): {0}" -f $nonFipsMsg)
} }
Write-Verbose ("Imported module '{0}' (Core={1}, Windows={2})" -f $Name, $runningInPSCore, $onWindows) Write-Verbose ("Imported module '{0}' (Core={1}, Windows={2})" -f $Name, $runningInPSCore, $onWindows)
Uninstall.ps1
+1 -1
View File
@@ -7,7 +7,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Uninstall.ps1 ## ## File: Uninstall.ps1 ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
Update-KHDB.ps1
+1 -1
View File
@@ -7,7 +7,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Update-KHDB.ps1 ## ## File: Update-KHDB.ps1 ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################
Update-LithnetStore.ps1
+1 -1
View File
@@ -7,7 +7,7 @@
################################################## ##################################################
## Project: Elysium ## ## Project: Elysium ##
## File: Update-LithnetStore.ps1 ## ## File: Update-LithnetStore.ps1 ##
## Version: 2.2.3 ## ## Version: 2.2.4 ##
## Support: support@cqre.net ## ## Support: support@cqre.net ##
################################################## ##################################################