v2024.8

We're back!

Hello, friends! Locksmith is not dead, but the core team has been poking at it a little more slowly and deliberately than usual. This has resulted in a slower release cadence but a more usable and trustworthy product (hopefully.)

Additionally, more people outside of the Locksmith core team are submitting issues and PRs. Sometimes, these issues take a while to replicate and investigate, but we wouldn't have it any other way. 😄 Thanks for your submissions and contributions, folks!

Bug Fixes:

• Fixed typo in Private/Test-IsADAdmin.ps1 (submitted by @jracz18, fixed by @TrimarcJake)
• Eliminated false positives on expected rights in ESC4/5 checks (submitted by @mfgjwaterman, fixed by @TrimarcJake)
• Eliminated false negatives when used in PS7 due to Missing Microsoft.PowerShell.Security Module (submitted by @mrhousz, fixed by @SamErde)
• Eliminated false negatives when safe groups are empty (submitted and fixed by @techBrandon)
• Converted ESC1-3 checks from -eq checks to -band checks to improve identification of those issues. (found and fixed by @TrimarcJake)

Enhancements:

• Improved ESC4 remediation code to recreate Enroll/AutoEnroll ExtendedRight when needed. (suggested by @vegaeny, completed by @TrimarcJake)
• Converted all fixes to here-strings (@TrimarcJake)
• Minor grammar/formatting cleanup (@SamErde, @TrimarcJake)
• Updated criticality flowcharts (@TrimarcJake)
• Improved comments and comment-based help (@SamErde, @TrimarcJake)