Convert Manager Approval check to use bitwise math.

TrimarcJake / Locksmith

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

https://github.com/TrimarcJake/Locksmith

Other

768 stars 72 forks source link

Convert Manager Approval check to use bitwise math. #88

Closed TrimarcJake closed 6 months ago

TrimarcJake commented 6 months ago

Current Manager Approval checks in Find-ESC1/2 use explicit math ('msPKI-Enrollment-Flag' -ne 2) but this presents false positives when multiple flags are set. Need to convert to 'msPKI-Enrollment-Flag' -band 2)